|
public Verify ( |
||
| crl | ||
| signCert | ||
| issuerCert | ||
| signDate | System.DateTime | |
| Résultat | bool | |
public bool Verify(X509Crl crl, X509Certificate signCert, X509Certificate issuerCert, DateTime signDate)
{
if (crl == null || signDate == DateTime.MaxValue)
return false;
// We only check CRLs valid on the signing date for which the issuer matches
if (crl.IssuerDN.Equals(signCert.IssuerDN)
&& signDate.CompareTo(crl.ThisUpdate) > 0 && signDate.CompareTo(crl.NextUpdate.Value) < 0) {
// the signing certificate may not be revoked
if (IsSignatureValid(crl, issuerCert) && crl.IsRevoked(signCert)) {
throw new VerificationException(signCert, String.Format("{0} The certificate has been revoked.", signCert));
}
return true;
}
return false;
}
|
CrlVerifier::Verify ( |
public static int CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert, DateTime date)
{
List<BasicOcspResp> ocsps = new List<BasicOcspResp>();
if (pkcs7.Ocsp != null)
ocsps.Add(pkcs7.Ocsp);
OcspVerifier ocspVerifier = new OcspVerifier(null, ocsps);
List<VerificationOK> verification =
ocspVerifier.Verify(signCert, issuerCert, date);
if (verification.Count == 0)
{
List<X509Crl> crls = new List<X509Crl>();
if (pkcs7.CRLs != null)
foreach (X509Crl crl in pkcs7.CRLs)
crls.Add(crl);
CrlVerifier crlVerifier = new CrlVerifier(null, crls);
verification.AddRange(crlVerifier.Verify(signCert, issuerCert, date));
}
if (verification.Count == 0)
{
Console.WriteLine("No se pudo verificar estado de revocación del certificado por CRL ni OCSP");
return CER_STATUS_NOT_VERIFIED;
}
else
{
foreach (VerificationOK v in verification)
Console.WriteLine(v);
return 0;
}
}
