/// <summary> /// Find all certificates that are not self-signed and has key usage "digital signature". /// Then sort all certificates, so that issuers are after the certificates they sign. /// Certificates in the list that were not part of the trust chain for the digital signatures are not retained. /// </summary> /// <returns>sorted certificates needed to verify the digital signatures from the input list</returns> static List <X509Certificate2> SortCertificatesIssuerLast(IEnumerable <X509Certificate2> inputCertificates) { var result = new List <X509Certificate2>(); var certBySubject = new Dictionary <string, X509Certificate2>(); foreach (var certificate in inputCertificates) { certBySubject[certificate.Subject] = certificate; var keyUsage = X509CertificatePropertyExtrator.GetKeyUsage(certificate); if (keyUsage != null && keyUsage.KeyUsages.ToString().Contains("DigitalSignature") && !keyUsage.KeyUsages.ToString().Contains("CrlSign")) { result.Add(certificate); } } for (var i = 0; i < result.Count; i++) { var certificate = result[i]; if (!certBySubject.ContainsKey(certificate.Issuer)) { continue; } var issuer = certBySubject[result[i].Issuer]; if (!result.Contains(issuer)) { result.Add(issuer); } } return(result); }
/// <summary> /// </summary> /// <returns><code>true</code> if this certificate is a youth certificate</returns> public bool IsYouthCertificate() { var element = X509CertificatePropertyExtrator.GetElementInX509Name(Certificate, ObjectIdentifiers.OrganizationalUnit); return(element != null && element == "Ung mellem 15 og 18 - Kan som udgangspunkt ikke lave juridisk bindende aftaler"); }
static void AddIssuerCertificateIfNeeded(IList <X509Certificate2> certificates) { if (certificates.Count == 1) { var certificate = certificates[0]; if (certificate.Issuer.ToUpper().Contains("TRUST2408")) { var url = X509CertificatePropertyExtrator.GetCaIssuerUrl(certificate); var icaCertificate = new X509Certificate2(HttpClient.Download(url)); certificates.Add(icaCertificate); } } }
public static bool VerifyTrust(X509Certificate2 certificate, Ca signingCa) { var basicConstraints = X509CertificatePropertyExtrator.GetBasicConstraints(certificate); if (Verify(certificate, GetPublicKey(signingCa.Certificate))) { if (VerifyChain(signingCa, 0)) { return(VerifyRoot(signingCa)); } } return(false); }
private static bool VerifyChain(Ca ca, int pathLength) { var basicConstraints = X509CertificatePropertyExtrator.GetBasicConstraints(ca.Certificate); //check that CA certificate is in fact a CA if (!basicConstraints.CertificateAuthority) { return(false); } //check that CA certificate must sign other certificates X509KeyUsageFlags flags = X509CertificatePropertyExtrator.GetKeyUsage(ca.Certificate).KeyUsages; if ((flags & (X509KeyUsageFlags.KeyCertSign)) != X509KeyUsageFlags.KeyCertSign) { return(false); } // Check path length if (basicConstraints.HasPathLengthConstraint && basicConstraints.PathLengthConstraint < pathLength) { return(false); } if (IsSelfSigned(ca) && !ca.IsRoot) { return(false); } if (ca.IsRoot) { return(true); } if (ca.IssuingCa == null) { return(false); } Ca signingCa = ca.IssuingCa; if (X509CertificatePropertyExtrator.GetBasicConstraints(signingCa.Certificate).PathLengthConstraint >= 0) { if (Verify(ca.Certificate, GetPublicKey(signingCa.Certificate))) { return(VerifyChain(ca.IssuingCa, ++pathLength)); } } return(false); }
/// <summary> /// </summary> /// <returns><code>true</code> if this certificate has the string "Pseudonym" as name</returns> public bool HasPseudonym() { return(X509CertificatePropertyExtrator.HasPseudonym(Certificate)); }
private static bool MatchPolicy(X509Certificate2 endUserCertificate, string oidPrefix) { return(X509CertificatePropertyExtrator.GetCertificatePolicyOid(endUserCertificate).StartsWith(oidPrefix)); }
static string FindOcspUrlInCertificate(X509Certificate2 cert) { return(X509CertificatePropertyExtrator.GetOcspUrl(cert)); }
/// <summary> /// Gets a specific element of the subject DN /// </summary> /// <param name="element">element <code>Name</code> of element to return value of</param> /// <returns>Specific element of the subject DN</returns> protected string GetElementInX509Name(String element) { return(X509CertificatePropertyExtrator.GetElementInX509Name(Certificate, element)); }