Table of Contents

Class OcspClient

Namespace
SimpleSign.Core.Revocation
Assembly
SimpleSign.Core.dll

OCSP (Online Certificate Status Protocol) client for certificate revocation checking. Builds OCSP requests, sends them, and verifies response signatures.

public sealed class OcspClient : IOcspClient
Inheritance
OcspClient
Implements
Inherited Members

Constructors

OcspClient(HttpClient, ILogger?)

Creates an OCSP client with the specified HTTP client and optional logger.

public OcspClient(HttpClient httpClient, ILogger? logger = null)

Parameters

httpClient HttpClient
logger ILogger

Methods

CheckEmbeddedOcspResponse(X509Certificate2, X509Certificate2?, byte[], DateTimeOffset?)

Checks an embedded OCSP response against a certificate. Returns: true = good (not revoked), false = revoked, null = not relevant for this cert or unparseable.

public bool? CheckEmbeddedOcspResponse(X509Certificate2 cert, X509Certificate2? issuerCert, byte[] ocspResponseBytes, DateTimeOffset? signingTime = null)

Parameters

cert X509Certificate2
issuerCert X509Certificate2
ocspResponseBytes byte[]
signingTime DateTimeOffset?

Returns

bool?

CheckOcspAsync(X509Certificate2, string, CancellationToken)

Checks revocation status via OCSP for a certificate with the given responder URL.

public Task<bool> CheckOcspAsync(X509Certificate2 cert, string ocspUrl, CancellationToken ct)

Parameters

cert X509Certificate2
ocspUrl string
ct CancellationToken

Returns

Task<bool>

CheckOcspWithChainAsync(X509Certificate2, IReadOnlyList<X509Certificate2>, string, CancellationToken)

Checks revocation status via OCSP with the full certificate chain.

public Task<bool> CheckOcspWithChainAsync(X509Certificate2 cert, IReadOnlyList<X509Certificate2> chain, string ocspUrl, CancellationToken ct)

Parameters

cert X509Certificate2
chain IReadOnlyList<X509Certificate2>
ocspUrl string
ct CancellationToken

Returns

Task<bool>

FetchOcspResponseAsync(X509Certificate2, X509Certificate2?, string, CancellationToken)

Fetches an OCSP response and returns the revocation status, raw response bytes, and all responder certificates embedded in the response (for DSS inclusion).

public Task<OcspFetchResult> FetchOcspResponseAsync(X509Certificate2 cert, X509Certificate2? issuerCert, string ocspUrl, CancellationToken ct)

Parameters

cert X509Certificate2
issuerCert X509Certificate2
ocspUrl string
ct CancellationToken

Returns

Task<OcspFetchResult>