/// <summary>
/// Decode the complete CRL.
/// </summary>
/// <param name="crl">The raw signed CRL</param>
internal void Decode(byte[] crl)
{
// Decode the Tbs and signature
m_signature = new X509Signature(crl);
// Decode the TbsCertList
DecodeCrl(m_signature.Tbs);
}
/// <summary>
/// Create the CRL with signature generator.
/// </summary>
/// <param name="generator">The RSA or ECDsa signature generator to use.</param>
/// <returns>The signed CRL.</returns>
public IX509CRL CreateSignature(X509SignatureGenerator generator)
{
var tbsRawData = Encode();
var signatureAlgorithm = generator.GetSignatureAlgorithmIdentifier(HashAlgorithmName);
byte[] signature = generator.SignData(tbsRawData, HashAlgorithmName);
var crlSigner = new X509Signature(tbsRawData, signature, signatureAlgorithm);
RawData = crlSigner.Encode();
return(this);
}
/// <summary>
/// Verifies the signature on the CRL.
/// </summary>
public bool VerifySignature(X509Certificate2 issuer, bool throwOnError)
{
bool result;
try
{
var signature = new X509Signature(RawData);
result = signature.Verify(issuer);
}
catch (Exception)
{
result = false;
}
if (!result && throwOnError)
{
throw new CryptographicException("Could not verify signature on CRL.");
}
return(result);
}
