public bool IsSignatureValid(X509Crl crl, X509Certificate crlIssuer)
{
// check if the CRL was issued by the issuer
if (crlIssuer != null) {
try {
crl.Verify(crlIssuer.GetPublicKey());
return true;
} catch (GeneralSecurityException) {
LOGGER.Warn("CRL not issued by the same authority as the certificate that is being checked");
}
}
// check the CRL against trusted anchors
if (certificates == null)
return false;
try {
// loop over the certificate in the key store
foreach (X509Certificate anchor in certificates) {
try {
crl.Verify(anchor.GetPublicKey());
return true;
} catch (GeneralSecurityException) {}
}
}
catch (GeneralSecurityException) {
return false;
}
return false;
}