Razširitvene metode za preverjanje preklica certifikatov.
namespace WvdS.System.Security.Cryptography.X509Certificates; public static class RevocationExtensions
| Metoda | Opis |
|---|---|
| IsRevoked | Preveri, ali je certifikat preklican |
| FetchCrlAsync | Prenese CRL iz URL (iz razširitve certifikata) |
| CheckRevocationAsync | Kombinirano: prenos CRL in preverjanje preklica |
| GetCrlDistributionPoints | Ekstrahira CRL-URL-je iz certifikata |
| GetOcspUrls | Ekstrahira OCSP-URL-je iz certifikata |
Z obstoječim CRL:
var certificate = new X509Certificate2("user.cer"); byte[] crlData = File.ReadAllBytes("ca.crl"); var caCert = new X509Certificate2("ca.cer"); RevocationResult result = certificate.IsRevoked(crlData, caCert, CryptoMode.Hybrid); if (result.Success && result.IsRevoked) { Console.WriteLine($"Certifikat preklican: {result.RevocationDate}"); Console.WriteLine($"Razlog: {result.Reason}"); }
Samodejni prenos CRL:
RevocationResult result = await certificate.CheckRevocationAsync( caCert, mode: CryptoMode.Hybrid);
| Lastnost | Tip | Opis |
|---|---|---|
IsRevoked | bool | Certifikat je preklican |
RevocationDate | DateTimeOffset? | Čas preklica |
Reason | CrlReason? | Razlog preklica |
CrlVerified | bool | Podpis CRL je bil preverjen |
Success | bool | Preverjanje je bilo uspešno |
using var cache = new CrlCache(defaultCacheDuration: TimeSpan.FromHours(1)); // Preverjanje s samodejnim predpomnenjem CRL RevocationResult result1 = await cache.CheckRevocationAsync(cert1, caCert); RevocationResult result2 = await cache.CheckRevocationAsync(cert2, caCert); // CRL iz predpomnilnika
Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional