|
public Verify ( |
||
| signCert | ||
| issuerCert | ||
| signDate | System.DateTime | |
| Résultat | List |
|
public override List<VerificationOK> Verify(X509Certificate signCert, X509Certificate issuerCert, DateTime signDate)
{
List<VerificationOK> result = new List<VerificationOK>();
int validCrlsFound = 0;
// first check the list of CRLs that is provided
if (crls != null) {
foreach (X509Crl crl in crls) {
if (Verify(crl, signCert, issuerCert, signDate))
validCrlsFound++;
}
}
// then check online if allowed
bool online = false;
if (onlineCheckingAllowed && validCrlsFound == 0) {
if (Verify(GetCrl(signCert, issuerCert), signCert, issuerCert, signDate)) {
validCrlsFound++;
online = true;
}
}
// show how many valid CRLs were found
LOGGER.Info("Valid CRLs found: " + validCrlsFound);
if (validCrlsFound > 0) {
result.Add(new VerificationOK(signCert, this, "Valid CRLs found: " + validCrlsFound + (online ? " (online)" : "")));
}
if (verifier != null)
result.AddRange(verifier.Verify(signCert, issuerCert, signDate));
// verify using the previous verifier in the chain (if any)
return result;
}
|
CrlVerifier::Verify ( |
public static int CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert, DateTime date)
{
List<BasicOcspResp> ocsps = new List<BasicOcspResp>();
if (pkcs7.Ocsp != null)
ocsps.Add(pkcs7.Ocsp);
OcspVerifier ocspVerifier = new OcspVerifier(null, ocsps);
List<VerificationOK> verification =
ocspVerifier.Verify(signCert, issuerCert, date);
if (verification.Count == 0)
{
List<X509Crl> crls = new List<X509Crl>();
if (pkcs7.CRLs != null)
foreach (X509Crl crl in pkcs7.CRLs)
crls.Add(crl);
CrlVerifier crlVerifier = new CrlVerifier(null, crls);
verification.AddRange(crlVerifier.Verify(signCert, issuerCert, date));
}
if (verification.Count == 0)
{
Console.WriteLine("No se pudo verificar estado de revocación del certificado por CRL ni OCSP");
return CER_STATUS_NOT_VERIFIED;
}
else
{
foreach (VerificationOK v in verification)
Console.WriteLine(v);
return 0;
}
}
