How to verify Certificate Revocation using EIDNative library

This example receives the raw certificate date from eID card, then convert the raw data to X509Certificate and uses X509Chain for certificate validation.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using EIDNative;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.IO;


namespace Certificates
{
class Program
{
static void Main(string[] args)
{
byte[] rawCertificate;
X509Certificate2 certificate;
X509Certificate2 caCertificate;
X509Certificate2 rootCaCertificate;
X509Certificate2Collection certs;
EIDCard card = new EIDCard();

card.InitReader();
if (card.IsEIDCard())
{
rawCertificate = card.ReadAuthenticationCertificate();
if (rawCertificate.Length > 0)
{
certs = new X509Certificate2Collection();
certificate = new X509Certificate2(rawCertificate);
certs.Add(certificate);

rawCertificate = card.ReadCACertificate();
caCertificate = new X509Certificate2(rawCertificate);
certs.Add(caCertificate);

rawCertificate = card.ReadRootCACertificate();
rootCaCertificate = new X509Certificate2(rawCertificate);
rootCaCertificate.Verify();
certs.Add(rootCaCertificate);

X509Store store = new X509Store(StoreName.Root);
store.Open(OpenFlags.ReadWrite);
store.Add(rootCaCertificate);
store.Close();

X509Store astore = new X509Store(StoreName.CertificateAuthority);
astore.Open(OpenFlags.ReadWrite);
astore.Add(caCertificate);
astore.Close();


X509Certificate2UI.DisplayCertificate(certs[0]);
X509Chain ch = new X509Chain();
ch.ChainPolicy.ExtraStore.Add(caCertificate);
ch.ChainPolicy.ExtraStore.Add(rootCaCertificate);
ch.Build(certificate);
Console.WriteLine("Chain Information");
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;
Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag);
Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode);
Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags);
Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime);
Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length);
Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count);
Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine);
//Output chain element information.
Console.WriteLine("Chain Element Information");
Console.WriteLine("Number of chain elements: {0}", ch.ChainElements.Count);
Console.WriteLine("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine);

foreach (X509ChainElement element in ch.ChainElements)
{
Console.WriteLine("Element issuer name: {0}", element.Certificate.Issuer);
Console.WriteLine("Element certificate valid until: {0}", element.Certificate.NotAfter);
Console.WriteLine("Element certificate is valid: {0}", element.Certificate.Verify());
Console.WriteLine("Element error status length: {0}", element.ChainElementStatus.Length);
Console.WriteLine("Element information: {0}", element.Information);
Console.WriteLine("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine);

if (ch.ChainStatus.Length > 1)
{
for (int index = 0; index < element.ChainElementStatus.Length; index++)
{
Console.WriteLine(element.ChainElementStatus[index].Status);
Console.WriteLine(element.ChainElementStatus[index].StatusInformation);
}
}
}

}
}
card.DoneReader();
}
}
}
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s