Inhaltsverzeichnis

RevocationExtensions Class

Extension methods for checking certificate revocation.

Definition

namespace WvdS.System.Security.Cryptography.X509Certificates;
 
public static class RevocationExtensions

Methods

Method Description
IsRevoked Checks if a certificate is revoked
FetchCrlAsync Loads CRL from URL (from certificate extension)
CheckRevocationAsync Combined: Load CRL and check revocation
GetCrlDistributionPoints Extracts CRL URLs from certificate
GetOcspUrls Extracts OCSP URLs from certificate

Check Revocation

With existing CRL: 

var certificate = new X509Certificate2("user.cer");
byte[] crlData = File.ReadAllBytes("ca.crl");
var caCert = new X509Certificate2("ca.cer");
 
RevocationResult result = certificate.IsRevoked(crlData, caCert, CryptoMode.Hybrid);
 
if (result.Success && result.IsRevoked)
{
    Console.WriteLine($"Certificate revoked on: {result.RevocationDate}");
    Console.WriteLine($"Reason: {result.Reason}");
}

Load CRL automatically: 

RevocationResult result = await certificate.CheckRevocationAsync(
    caCert,
    mode: CryptoMode.Hybrid);

RevocationResult Class

Property Type Description
IsRevoked bool Certificate is revoked
RevocationDate DateTimeOffset? Time of revocation
Reason CrlReason? Revocation reason
CrlVerified bool CRL signature was verified
Success bool Check was successful

CRL Cache

using var cache = new CrlCache(defaultCacheDuration: TimeSpan.FromHours(1));
 
// Check with automatic CRL caching
RevocationResult result1 = await cache.CheckRevocationAsync(cert1, caCert);
RevocationResult result2 = await cache.CheckRevocationAsync(cert2, caCert); // CRL from cache

See Also

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional

, ,