![](/img/trans.png)
[英]C# X509 certificate validation, with Online CRL check, without importing root certificate to trusted root CA certificate store
[英]Checking certificate by x509Crl.IsRevoked() method in BouncyCastle library in C#?
我正在嘗試使用其吊銷列表(crl 文件)檢查證書。 在 BouncyCustle 庫中有一個方法x509Crl.IsRevoked()
,應該用於此。 關鍵是它獲取x509Certificate
對象作為參數,但我無法理解如何創建這個x509Certificate
對象。 我使用DotNetUtilities.FromX509Certificate()
將System.Security.Cryptography.X509Certificates.x509Certificate2
對象轉換為Org.BouncyCastle.X509.X509Certificate
對象,但我遇到了問題 - 方法IsRevoked()
總是返回true
- 對於所有 crl 測試。
問題:如何直接從二進制創建Org.BouncyCastle.X509.X509Certificate
對象而不從System.Security.Cryptography.X509Certificates.x509Certificate2
轉換?
我用它的 crl 文件檢查證書的代碼:
static public void RevocationChecker(string certPath, string crlPath)
{
X509Certificate2 cert = new X509Certificate2();
cert.Import(File.ReadAllBytes(certPath));
Org.BouncyCastle.X509.X509Certificate bouncyCert = DotNetUtilities.FromX509Certificate(cert);
X509CrlParser crlParser = new X509CrlParser();
X509Crl crl = crlParser.ReadCrl(File.ReadAllBytes(crlPath));
bool rezult = crl.IsRevoked(bouncyCert);
Console.WriteLine(rezult);
}
試一試:
System.Security.Cryptography.X509Certificates.X509Certificate cert = new System.Security
.Cryptography.X509Certificates.X509Certificate(File.ReadAllBytes(certPath));`
Org.BouncyCastle.X509.X509Certificate bouncyCert = new Org.BouncyCastle.X509
.X509CertificateParser().ReadCertificate(cert.GetRawCertData());
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.