How to verify Certificate Revocation using EIDNative library
This example receives the raw certificate date from eID card, then convert the raw data to X509Certificate and uses X509Chain for certificate validation.
using System; using System.Collections.Generic; using System.Linq; using System.Text; using EIDNative; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using System.IO; namespace Certificates { class Program { static void Main(string[] args) { byte[] rawCertificate; X509Certificate2 certificate; X509Certificate2 caCertificate; X509Certificate2 rootCaCertificate; X509Certificate2Collection certs; EIDCard card = new EIDCard(); card.InitReader(); if (card.IsEIDCard()) { rawCertificate = card.ReadAuthenticationCertificate(); if (rawCertificate.Length > 0) { certs = new X509Certificate2Collection(); certificate = new X509Certificate2(rawCertificate); certs.Add(certificate); rawCertificate = card.ReadCACertificate(); caCertificate = new X509Certificate2(rawCertificate); certs.Add(caCertificate); rawCertificate = card.ReadRootCACertificate(); rootCaCertificate = new X509Certificate2(rawCertificate); rootCaCertificate.Verify(); certs.Add(rootCaCertificate); X509Store store = new X509Store(StoreName.Root); store.Open(OpenFlags.ReadWrite); store.Add(rootCaCertificate); store.Close(); X509Store astore = new X509Store(StoreName.CertificateAuthority); astore.Open(OpenFlags.ReadWrite); astore.Add(caCertificate); astore.Close(); X509Certificate2UI.DisplayCertificate(certs[0]); X509Chain ch = new X509Chain(); ch.ChainPolicy.ExtraStore.Add(caCertificate); ch.ChainPolicy.ExtraStore.Add(rootCaCertificate); ch.Build(certificate); Console.WriteLine("Chain Information"); ch.ChainPolicy.RevocationMode = X509RevocationMode.Online; Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag); Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode); Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags); Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime); Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length); Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count); Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine); //Output chain element information. Console.WriteLine("Chain Element Information"); Console.WriteLine("Number of chain elements: {0}", ch.ChainElements.Count); Console.WriteLine("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine); foreach (X509ChainElement element in ch.ChainElements) { Console.WriteLine("Element issuer name: {0}", element.Certificate.Issuer); Console.WriteLine("Element certificate valid until: {0}", element.Certificate.NotAfter); Console.WriteLine("Element certificate is valid: {0}", element.Certificate.Verify()); Console.WriteLine("Element error status length: {0}", element.ChainElementStatus.Length); Console.WriteLine("Element information: {0}", element.Information); Console.WriteLine("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine); if (ch.ChainStatus.Length > 1) { for (int index = 0; index < element.ChainElementStatus.Length; index++) { Console.WriteLine(element.ChainElementStatus[index].Status); Console.WriteLine(element.ChainElementStatus[index].StatusInformation); } } } } } card.DoneReader(); } } }
Comments
Post a Comment