public static bool ValidateCertificates(X509Certificate2 cert) { var pathCA = Directory.GetCurrentDirectory() + "/../../CryptoFiles/rootca.pem"; var caCertificate = new X509CertificateParser().ReadCertificate(File.ReadAllBytes(pathCA)); var pathCRL = Directory.GetCurrentDirectory() + "/../../CryptoFiles/crl/list.pem"; var crl = new X509CrlParser().ReadCrl(File.ReadAllBytes(pathCRL)); var receiverCert = new X509CertificateParser().ReadCertificate(cert.GetRawCertData()); try { receiverCert.Verify(caCertificate.GetPublicKey()); } catch { MessageBox.Show("Receiver's certificate is not signed by CA!"); return(false); } if (crl.IsRevoked(receiverCert)) { MessageBox.Show("Receiver's certificate is revoked!"); return(false); } return(true); }
public static void Main(String[] args) { DirectoryInfo directory = new DirectoryInfo(DEST); directory.Create(); Properties properties = new Properties(); // Specify the correct path to the certificate properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open, FileAccess.Read)); String path = properties.GetProperty("PRIVATE"); char[] pass = properties.GetProperty("PASSWORD").ToCharArray(); Pkcs12Store pk12 = new Pkcs12Store(new FileStream(path, FileMode.Open, FileAccess.Read), pass); string alias = null; foreach (var a in pk12.Aliases) { alias = ((string)a); if (pk12.IsKeyEntry(alias)) { break; } } ICipherParameters pk = pk12.GetKey(alias).Key; X509CertificateEntry[] ce = pk12.GetCertificateChain(alias); X509Certificate[] chain = new X509Certificate[ce.Length]; for (int k = 0; k < ce.Length; ++k) { chain[k] = ce[k].Certificate; } FileStream fileStream = new FileStream(CRLURL, FileMode.Open, FileAccess.Read); MemoryStream baos = new MemoryStream(); byte[] buf = new byte[1024]; while (fileStream.Read(buf, 0, buf.Length) != 0) { baos.Write(buf, 0, buf.Length); } /* Create a CrlClientOffline instance with the read CRL file's data. * Given CRL file is specific to the CAcert provider and was downloaded long time ago. * Make sure that you have the CRL specific for your certificate and CRL is up to date * (by checking NextUpdate properties as seen below). */ ICrlClient crlClient = new CrlClientOffline(baos.ToArray()); X509Crl crl = new X509CrlParser().ReadCrl(new FileStream(CRLURL, FileMode.Open, FileAccess.Read)); Console.WriteLine("CRL valid until: " + crl.NextUpdate); Console.WriteLine("Certificate revoked: " + crl.IsRevoked(chain[0])); IList <ICrlClient> crlList = new List <ICrlClient>(); crlList.Add(crlClient); new C3_05_SignWithCRLOffline().Sign(SRC, DEST + RESULT_FILES[0], chain, pk, DigestAlgorithms.SHA256, PdfSigner.CryptoStandard.CMS, "Test", "Ghent", crlList, null, null, 0); }