在 C# 的 BouncyCastle 库中通过 x509Crl.IsRevoked() 方法检查证书？

Question

我正在尝试使用吊销列表（crl 文件）检查证书。在 BouncyCustle 库中有一个方法 x509Crl.IsRevoked()，应该用于此。关键是它获取 x509Certificate 对象作为参数，但我不明白如何创建这个 x509Certificate 对象。我使用 DotNetUtilities.FromX509Certificate() 从 System.Security.Cryptography.X509Certificates.x509Certificate2 对象转换为 Org.BouncyCastle.X509.X509Certificate 对象，但我遇到了问题 - 方法 IsRevoked() 总是 returns true - 对于所有crl 我测试过了。

问题：如何直接从二进制创建 Org.BouncyCastle.X509.X509Certificate 对象而不从 System.Security.Cryptography.X509Certificates.x509Certificate2 转换？

我用它的 crl 文件检查证书的代码：

static public void RevocationChecker(string certPath, string crlPath)
    {
        X509Certificate2 cert = new X509Certificate2();
        cert.Import(File.ReadAllBytes(certPath));
        Org.BouncyCastle.X509.X509Certificate bouncyCert = DotNetUtilities.FromX509Certificate(cert);

        X509CrlParser crlParser = new X509CrlParser();
        X509Crl crl = crlParser.ReadCrl(File.ReadAllBytes(crlPath));

        bool rezult = crl.IsRevoked(bouncyCert);
        Console.WriteLine(rezult);
    }

Answer 1

试一试：

System.Security.Cryptography.X509Certificates.X509Certificate cert = new System.Security
.Cryptography.X509Certificates.X509Certificate(File.ReadAllBytes(certPath));`    

Org.BouncyCastle.X509.X509Certificate bouncyCert = new Org.BouncyCastle.X509
.X509CertificateParser().ReadCertificate(cert.GetRawCertData());

在 C# 的 BouncyCastle 库中通过 x509Crl.IsRevoked() 方法检查证书？

Checking certificate by x509Crl.IsRevoked() method in BouncyCastle library in C#?

c#

bouncycastle

x509certificate

x509certificate2

certificate-revocation