/// <summary> /// Decode the complete CRL. /// </summary> /// <param name="crl">The raw signed CRL</param> internal void Decode(byte[] crl) { // Decode the Tbs and signature m_signature = new X509Signature(crl); // Decode the TbsCertList DecodeCrl(m_signature.Tbs); }
/// <summary> /// Create the CRL with signature generator. /// </summary> /// <param name="generator">The RSA or ECDsa signature generator to use.</param> /// <returns>The signed CRL.</returns> public IX509CRL CreateSignature(X509SignatureGenerator generator) { var tbsRawData = Encode(); var signatureAlgorithm = generator.GetSignatureAlgorithmIdentifier(HashAlgorithmName); byte[] signature = generator.SignData(tbsRawData, HashAlgorithmName); var crlSigner = new X509Signature(tbsRawData, signature, signatureAlgorithm); RawData = crlSigner.Encode(); return(this); }
/// <summary> /// Verifies the signature on the CRL. /// </summary> public bool VerifySignature(X509Certificate2 issuer, bool throwOnError) { bool result; try { var signature = new X509Signature(RawData); result = signature.Verify(issuer); } catch (Exception) { result = false; } if (!result && throwOnError) { throw new CryptographicException("Could not verify signature on CRL."); } return(result); }