Class OcspClient
- Namespace
- SimpleSign.Core.Revocation
- Assembly
- SimpleSign.Core.dll
OCSP (Online Certificate Status Protocol) client for certificate revocation checking. Builds OCSP requests, sends them, and verifies response signatures.
public sealed class OcspClient : IOcspClient
- Inheritance
-
OcspClient
- Implements
- Inherited Members
Constructors
OcspClient(HttpClient, ILogger?)
Creates an OCSP client with the specified HTTP client and optional logger.
public OcspClient(HttpClient httpClient, ILogger? logger = null)
Parameters
httpClientHttpClientloggerILogger
Methods
CheckEmbeddedOcspResponse(X509Certificate2, X509Certificate2?, byte[], DateTimeOffset?)
Checks an embedded OCSP response against a certificate. Returns: true = good (not revoked), false = revoked, null = not relevant for this cert or unparseable.
public bool? CheckEmbeddedOcspResponse(X509Certificate2 cert, X509Certificate2? issuerCert, byte[] ocspResponseBytes, DateTimeOffset? signingTime = null)
Parameters
certX509Certificate2issuerCertX509Certificate2ocspResponseBytesbyte[]signingTimeDateTimeOffset?
Returns
- bool?
CheckOcspAsync(X509Certificate2, string, CancellationToken)
Checks revocation status via OCSP for a certificate with the given responder URL.
public Task<bool> CheckOcspAsync(X509Certificate2 cert, string ocspUrl, CancellationToken ct)
Parameters
certX509Certificate2ocspUrlstringctCancellationToken
Returns
CheckOcspWithChainAsync(X509Certificate2, IReadOnlyList<X509Certificate2>, string, CancellationToken)
Checks revocation status via OCSP with the full certificate chain.
public Task<bool> CheckOcspWithChainAsync(X509Certificate2 cert, IReadOnlyList<X509Certificate2> chain, string ocspUrl, CancellationToken ct)
Parameters
certX509Certificate2chainIReadOnlyList<X509Certificate2>ocspUrlstringctCancellationToken
Returns
FetchOcspResponseAsync(X509Certificate2, X509Certificate2?, string, CancellationToken)
Fetches an OCSP response and returns the revocation status, raw response bytes, and all responder certificates embedded in the response (for DSS inclusion).
public Task<OcspFetchResult> FetchOcspResponseAsync(X509Certificate2 cert, X509Certificate2? issuerCert, string ocspUrl, CancellationToken ct)
Parameters
certX509Certificate2issuerCertX509Certificate2ocspUrlstringctCancellationToken