public PkixCertPathBuilderResult(
            PkixCertPath certPath,
            TrustAnchor trustAnchor,
            PkixPolicyNode policyTree,
            AsymmetricKeyParameter subjectPublicKey)
            : base(trustAnchor, policyTree, subjectPublicKey)
        {
            if (certPath == null)
            {
                throw new ArgumentNullException("certPath");
            }

            this.certPath = certPath;
        }
        public PkixCertPathValidatorResult(
            TrustAnchor trustAnchor,
            PkixPolicyNode policyTree,
            AsymmetricKeyParameter subjectPublicKey)
        {
            if (subjectPublicKey == null)
            {
                throw new NullReferenceException("subjectPublicKey must be non-null");
            }
            if (trustAnchor == null)
            {
                throw new NullReferenceException("trustAnchor must be non-null");
            }

            this.trustAnchor      = trustAnchor;
            this.policyTree       = policyTree;
            this.subjectPublicKey = subjectPublicKey;
        }
Beispiel #3
0
        /// <summary>
        /// Search the given Set of TrustAnchor's for one that is the
        /// issuer of the given X509 certificate.
        /// </summary>
        /// <param name="cert">the X509 certificate</param>
        /// <param name="trustAnchors">a Set of TrustAnchor's</param>
        /// <returns>the <code>TrustAnchor</code> object if found or
        /// <code>null</code> if not.
        /// </returns>
        /// @exception
        internal static TrustAnchor FindTrustAnchor(
            X509Certificate cert,
            ISet trustAnchors)
        {
            IEnumerator            iter           = trustAnchors.GetEnumerator();
            TrustAnchor            trust          = null;
            AsymmetricKeyParameter trustPublicKey = null;
            Exception invalidKeyEx = null;

            X509CertStoreSelector certSelectX509 = new X509CertStoreSelector();

            try
            {
                certSelectX509.Subject = GetIssuerPrincipal(cert);
            }
            catch (IOException ex)
            {
                throw new Exception("Cannot set subject search criteria for trust anchor.", ex);
            }

            while (iter.MoveNext() && trust == null)
            {
                trust = (TrustAnchor)iter.Current;
                if (trust.TrustedCert != null)
                {
                    if (certSelectX509.Match(trust.TrustedCert))
                    {
                        trustPublicKey = trust.TrustedCert.GetPublicKey();
                    }
                    else
                    {
                        trust = null;
                    }
                }
                else if (trust.CAName != null && trust.CAPublicKey != null)
                {
                    try
                    {
                        X509Name certIssuer = GetIssuerPrincipal(cert);
                        X509Name caName     = new X509Name(trust.CAName);

                        if (certIssuer.Equivalent(caName, true))
                        {
                            trustPublicKey = trust.CAPublicKey;
                        }
                        else
                        {
                            trust = null;
                        }
                    }
                    catch (InvalidParameterException)
                    {
                        trust = null;
                    }
                }
                else
                {
                    trust = null;
                }

                if (trustPublicKey != null)
                {
                    try
                    {
                        cert.Verify(trustPublicKey);
                    }
                    catch (Exception ex)
                    {
                        invalidKeyEx = ex;
                        trust        = null;
                    }
                }
            }

            if (trust == null && invalidKeyEx != null)
            {
                throw new Exception("TrustAnchor found but certificate validation failed.", invalidKeyEx);
            }

            return(trust);
        }