Early Preview
This is currently very much a preview. Please feel free to try things out,
but don't be upset if anything is not yet working. Feedback is welcome over on our
GitHub Dicussions page.
class System.Security.Cryptography.X509Certificates.CertificateRevocationListBuilder
Assembly: System.Security.Cryptography
Inheritance: object → CertificateRevocationListBuilder
Facilitates building a Certificate Revocation List (CRL).
Methods
public
void
AddEntry(byte[] serialNumber,
DateTimeOffset? revocationTime = null,
X509RevocationReason? reason = null)
Adds the specified serial number to the revocation list with an optional revocation time and an optional revocation reason.
serialNumber
The serial number of the certificate to revoke.
revocationTime
The time the certificate was revoked, or <see langword="null" /> to use the current system time.
The default is <see langword="null" /> .
reason
The reason why the certificate was revoked, or <see langword="null" /> to not include a reason.
The default is <see langword="null" /> .
public
void
AddEntry(ReadOnlySpan<byte> serialNumber,
DateTimeOffset? revocationTime = null,
X509RevocationReason? reason = null)
Adds the specified serial number to the revocation list with an optional revocation time and an optional revocation reason.
serialNumber
The serial number of the certificate to revoke.
revocationTime
The time the certificate was revoked, or <see langword="null" /> to use the current system time.
The default is <see langword="null" /> .
reason
The reason why the certificate was revoked, or <see langword="null" /> to not include a reason.
The default is <see langword="null" /> .
public
void
AddEntry(X509Certificate2 certificate,
DateTimeOffset? revocationTime = null,
X509RevocationReason? reason = null)
Adds the specified certificate to the revocation list with an optional revocation time and an optional revocation reason.
certificate
The certificate to revoke.
revocationTime
The time the certificate was revoked, or <see langword="null" /> to use the current system time.
The default is <see langword="null" /> .
reason
The reason why the certificate was revoked, or <see langword="null" /> to not include a reason.
The default is <see langword="null" /> .
public
byte[]
Build(X500DistinguishedName issuerName,
X509SignatureGenerator generator,
Numerics.BigInteger crlNumber,
DateTimeOffset nextUpdate,
HashAlgorithmName hashAlgorithm,
X509AuthorityKeyIdentifierExtension authorityKeyIdentifier,
DateTimeOffset? thisUpdate = null)
Builds a Certificate Revocation List (CRL).
Returns An array that contains the bytes of the signed CRL.
issuerName
The subject name of the certificate for the Certificate Authority (CA) that is issuing this CRL.
generator
A signature generator to produce the CA signature for this CRL.
crlNumber
The sequence number for this CRL. Per IETF RFC 5280, this value must always increase from one CRL to the next for a given CA.
nextUpdate
The latest possible time before the CA will publish a newer CRL, generally treated as an expiration date for this CRL.
hashAlgorithm
The hash algorithm to use when signing the CRL.
authorityKeyIdentifier
The Authority Key Identifier to use in this CRL, identifying the CA certificate.
thisUpdate
An optional value that specifies when this CRL was created, or <see langword="null" /> to use the current system time.
The default is <see langword="null" /> .
public
byte[]
Build(X509Certificate2 issuerCertificate,
Numerics.BigInteger crlNumber,
DateTimeOffset nextUpdate,
HashAlgorithmName hashAlgorithm,
RSASignaturePadding? rsaSignaturePadding = null,
DateTimeOffset? thisUpdate = null)
Builds a Certificate Revocation List (CRL) signed by the specified certificate.
Returns An array that contains the bytes of the signed CRL.
issuerCertificate
The certificate representing the Certificate Authority (CA) that is creating this Certificate Revocation List.
crlNumber
The sequence number for this CRL. Per IETF RFC 5280, this value must always increase from one CRL to the next for a given CA.
nextUpdate
The latest possible time before the CA will publish a newer CRL, generally treated as an expiration date for this CRL.
hashAlgorithm
The hash algorithm to use when signing the CRL.
rsaSignaturePadding
For Certificate Authorities with RSA keys, this parameter is required and specifies the RSA signature padding mode to use when signing the CRL.
For all other algorithms, this parameter is ignored.
The default is <see langword="null" /> .
thisUpdate
An optional value that specifies when this CRL was created, or <see langword="null" /> to use the current system time.
The default is <see langword="null" /> .
public static
X509Extension
BuildCrlDistributionPointExtension(Collections.Generic.IEnumerable<string> uris,
bool critical = false)
Builds a CRL Distribution Point Extension with the specified retrieval URIs.
Returns An object suitable for use as a CRL Distribution Point Extension.
uris
The URIs to include as distribution points for the relevant Certificate Revocation List (CRL).
critical
<see langword="true" /> to mark the extension as critical; otherwise, <see langword="false" /> .
The default is <see langword="false" /> .
public static
CertificateRevocationListBuilder
Load(byte[] currentCrl,
Numerics.BigInteger& currentCrlNumber)
public static
CertificateRevocationListBuilder
Load(ReadOnlySpan<byte> currentCrl,
Numerics.BigInteger& currentCrlNumber,
Int32& bytesConsumed)
public static
CertificateRevocationListBuilder
LoadPem(ReadOnlySpan<char> currentCrl,
Numerics.BigInteger& currentCrlNumber)
public static
CertificateRevocationListBuilder
LoadPem(string currentCrl,
Numerics.BigInteger& currentCrlNumber)
public
bool
RemoveEntry(byte[] serialNumber)
Removes the specified serial number from the revocation list.
Returns <see langword="true" /> if the serial number was found in the list and was removed; otherwise, <see langword="false" /> .
serialNumber
The serial number to remove.
public
bool
RemoveEntry(ReadOnlySpan<byte> serialNumber)
Removes the specified serial number from the revocation list.
Returns <see langword="true" /> if the serial number was found in the list and was removed; otherwise, <see langword="false" /> .
serialNumber
The serial number to remove.
public
bool
Equals(object obj)
Inherited from object
protected
void
Finalize()
Inherited from object
public
int
GetHashCode()
Inherited from object
protected
object
MemberwiseClone()
Inherited from object
public
string
ToString()
Inherited from object