private void CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert, DateTime date) { IList <BasicOcspResp> ocsps = new List <BasicOcspResp>(); if (pkcs7.GetOcsp() != null) { ocsps.Add(pkcs7.GetOcsp()); } OCSPVerifier ocspVerifier = new OCSPVerifier(null, ocsps); IList <VerificationOK> verification = ocspVerifier.Verify(signCert, issuerCert, date); if (verification.Count == 0) { IList <X509Crl> crls = new List <X509Crl>(); if (pkcs7.GetCRLs() != null) { foreach (X509Crl crl in pkcs7.GetCRLs()) { crls.Add((X509Crl)crl); } } CRLVerifier crlVerifier = new CRLVerifier(null, crls); var verOks = crlVerifier.Verify(signCert, issuerCert, date); foreach (VerificationOK verOk in verOks) { verification.Add(verOk); } } }
private static void CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert, DateTime date) { IList <BasicOcspResp> ocsps = new List <BasicOcspResp>(); if (pkcs7.GetOcsp() != null) { ocsps.Add(pkcs7.GetOcsp()); } // Check if the OCSP responses in the list were valid for the certificate on a specific date. OCSPVerifier ocspVerifier = new OCSPVerifier(null, ocsps); IList <VerificationOK> verification = ocspVerifier.Verify(signCert, issuerCert, date); // If that list is empty, we can’t verify using OCSP, and we need to look for CRLs. if (verification.Count == 0) { IList <X509Crl> crls = new List <X509Crl>(); if (pkcs7.GetCRLs() != null) { foreach (X509Crl crl in pkcs7.GetCRLs()) { crls.Add((X509Crl)crl); } } // Check if the CRLs in the list were valid on a specific date. CRLVerifier crlVerifier = new CRLVerifier(null, crls); IList <VerificationOK> verificationOks = crlVerifier.Verify(signCert, issuerCert, date); foreach (VerificationOK verOK in verificationOks) { verification.Add(verOK); } } if (verification.Count == 0) { OUT_STREAM.WriteLine("The signing certificate couldn't be verified"); } else { foreach (VerificationOK v in verification) { OUT_STREAM.WriteLine(v); } } }