public static int CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert, DateTime date)
{
List<BasicOcspResp> ocsps = new List<BasicOcspResp>();
if (pkcs7.Ocsp != null)
ocsps.Add(pkcs7.Ocsp);
OcspVerifier ocspVerifier = new OcspVerifier(null, ocsps);
List<VerificationOK> verification =
ocspVerifier.Verify(signCert, issuerCert, date);
if (verification.Count == 0)
{
List<X509Crl> crls = new List<X509Crl>();
if (pkcs7.CRLs != null)
foreach (X509Crl crl in pkcs7.CRLs)
crls.Add(crl);
CrlVerifier crlVerifier = new CrlVerifier(null, crls);
verification.AddRange(crlVerifier.Verify(signCert, issuerCert, date));
}
if (verification.Count == 0)
{
Console.WriteLine("No se pudo verificar estado de revocación del certificado por CRL ni OCSP");
return CER_STATUS_NOT_VERIFIED;
}
else
{
foreach (VerificationOK v in verification)
Console.WriteLine(v);
return 0;
}
}
/**
* Verifies certificates against a list of CRLs and OCSP responses.
* @param signingCert
* @param issuerCert
* @return a list of <code>VerificationOK</code> objects.
* The list will be empty if the certificate couldn't be verified.
* @throws GeneralSecurityException
* @throws IOException
* @see com.itextpdf.text.pdf.security.RootStoreVerifier#verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate)
*/
override public List <VerificationOK> Verify(X509Certificate signCert, X509Certificate issuerCert, DateTime sigDate)
{
// we'll verify agains the rootstore (if present)
RootStoreVerifier rootStoreVerifier = new RootStoreVerifier(verifier);
rootStoreVerifier.Certificates = certificates;
// We'll verify against a list of CRLs
CrlVerifier crlVerifier = new CrlVerifier(rootStoreVerifier, GetCRLsFromDSS());
crlVerifier.Certificates = certificates;
crlVerifier.OnlineCheckingAllowed = latestRevision || onlineCheckingAllowed;
// We'll verify against a list of OCSPs
OcspVerifier ocspVerifier = new OcspVerifier(crlVerifier, GetOCSPResponsesFromDSS());
ocspVerifier.Certificates = certificates;
ocspVerifier.OnlineCheckingAllowed = latestRevision || onlineCheckingAllowed;
// We verify the chain
return(ocspVerifier.Verify(signCert, issuerCert, sigDate));
}
public static void CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert, DateTime date) {
List<BasicOcspResp> ocsps = new List<BasicOcspResp>();
if (pkcs7.Ocsp != null)
ocsps.Add(pkcs7.Ocsp);
OcspVerifier ocspVerifier = new OcspVerifier(null, ocsps);
List<VerificationOK> verification =
ocspVerifier.Verify(signCert, issuerCert, date);
if (verification.Count == 0) {
List<X509Crl> crls = new List<X509Crl>();
if (pkcs7.CRLs != null)
foreach (X509Crl crl in pkcs7.CRLs)
crls.Add(crl);
CrlVerifier crlVerifier = new CrlVerifier(null, crls);
verification.AddRange(crlVerifier.Verify(signCert, issuerCert, date));
}
if (verification.Count == 0)
Console.WriteLine("The signing certificate couldn't be verified");
else
foreach (VerificationOK v in verification)
Console.WriteLine(v);
}
/**
* Verifies certificates against a list of CRLs and OCSP responses.
* @param signingCert
* @param issuerCert
* @return a list of <code>VerificationOK</code> objects.
* The list will be empty if the certificate couldn't be verified.
* @throws GeneralSecurityException
* @throws IOException
* @see com.itextpdf.text.pdf.security.RootStoreVerifier#verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate)
*/
override public List<VerificationOK> Verify(X509Certificate signCert, X509Certificate issuerCert, DateTime sigDate) {
// we'll verify agains the rootstore (if present)
RootStoreVerifier rootStoreVerifier = new RootStoreVerifier(verifier);
rootStoreVerifier.Certificates = certificates;
// We'll verify against a list of CRLs
CrlVerifier crlVerifier = new CrlVerifier(rootStoreVerifier, GetCRLsFromDSS());
crlVerifier.Certificates = certificates;
crlVerifier.OnlineCheckingAllowed = latestRevision || onlineCheckingAllowed;
// We'll verify against a list of OCSPs
OcspVerifier ocspVerifier = new OcspVerifier(crlVerifier, GetOCSPResponsesFromDSS());
ocspVerifier.Certificates = certificates;
ocspVerifier.OnlineCheckingAllowed = latestRevision || onlineCheckingAllowed;
// We verify the chain
return ocspVerifier.Verify(signCert, issuerCert, sigDate);
}
/**
* Create {@code OcspClient}
* @param verifier will be used for response verification. {@see OCSPVerifier}.
*/
public OcspClientBouncyCastle(OcspVerifier verifier) {
this.verifier = verifier;
}
public OcspClientBouncyCastle() {
verifier = null;
}
/**
* Create {@code OcspClient}
* @param verifier will be used for response verification. {@see OCSPVerifier}.
*/
public OcspClientBouncyCastle(OcspVerifier verifier)
{
this.verifier = verifier;
}
public OcspClientBouncyCastle()
{
verifier = null;
}
private static bool CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert, DateTime date)
{
List<BasicOcspResp> ocsps = new List<BasicOcspResp>();
if (pkcs7.Ocsp != null)
ocsps.Add(pkcs7.Ocsp);
OcspVerifier ocspVerifier = new OcspVerifier(null, ocsps);
List<VerificationOK> verification =
ocspVerifier.Verify(signCert, issuerCert, date);
if (verification.Count == 0)
{
List<X509Crl> crls = new List<X509Crl>();
if (pkcs7.CRLs != null)
foreach (X509Crl crl in pkcs7.CRLs)
crls.Add(crl);
if (crls.Count > 0)
{
CrlVerifier crlVerifier = new CrlVerifier(null, crls);
verification.AddRange(crlVerifier.Verify(signCert, issuerCert, date));
}
}
if (verification.Count == 0)
return false;
else
foreach (VerificationOK v in verification)
Console.WriteLine(v);
return (verification.Count > 0);
}
