public virtual async Task <IValidationResult> ValidateAsync(ICertificate certificate, CertificateValidatorOptions options)
{
if (certificate == null)
{
throw new ArgumentNullException(nameof(certificate));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
var validationResult = new ValidationResult();
var isSelfSignedCertificate = this.IsSelfSignedCertificate(certificate);
if (isSelfSignedCertificate && !options.AllowedCertificateKinds.HasFlag(CertificateKinds.SelfSigned))
{
validationResult.Exceptions.Add(new InvalidOperationException("Options do not allow self signed certificates."));
}
// ReSharper disable InvertIf
if (validationResult.Valid)
{
if (!isSelfSignedCertificate && !options.AllowedCertificateKinds.HasFlag(CertificateKinds.Chained))
{
validationResult.Exceptions.Add(new InvalidOperationException("Options do not allow chained certificates."));
}
if (validationResult.Valid)
{
var validationOptions = isSelfSignedCertificate ? options.SelfSigned : options.Chained;
var chain = this.CreateChain(certificate, validationOptions);
//// Can not find any reason to add it to the extra store.
//if (isSelfSignedCertificate)
// chain.ChainPolicy.ExtraStore.Add(this.UnwrapCertificate(certificate));
if (!chain.Build(this.UnwrapCertificate(certificate)))
{
foreach (var chainStatus in chain.ChainStatus)
{
validationResult.Exceptions.Add(new InvalidOperationException($"{chainStatus.Status}: {chainStatus.StatusInformation}"));
}
foreach (var chainLink in chain.ChainElements)
{
foreach (var chainStatus in chainLink.ChainElementStatus)
{
validationResult.Exceptions.Add(new InvalidOperationException($"{chainLink.Certificate.Subject}: {chainStatus.Status} - {chainStatus.StatusInformation}"));
}
}
}
if (validationOptions.CustomTrustChecking)
{
var certificates = chain.ChainElements.Cast <X509ChainElement>().Select(element => (X509Certificate2Wrapper)element.Certificate).ToArray();
var intermediateCertificates = certificates.Take(certificates.Length - 1).Skip(1).ToArray();
foreach (var intermediateCertificate in intermediateCertificates)
{
if (!validationOptions.TrustedIntermediateCertificates.Contains(intermediateCertificate))
{
validationResult.Exceptions.Add(new InvalidOperationException($"{certificate.Subject}: {nameof(validationOptions.CustomTrustChecking)} is set to {validationOptions.CustomTrustChecking} and the intermediate-certificate \"{intermediateCertificate.Subject}\" is not in the list of trusted intermediate-certificates."));
}
}
var rootCertificate = certificates.Last();
if (!validationOptions.TrustedRootCertificates.Contains(rootCertificate))
{
validationResult.Exceptions.Add(new InvalidOperationException($"{certificate.Subject}: {nameof(validationOptions.CustomTrustChecking)} is set to {validationOptions.CustomTrustChecking} and the root-certificate \"{rootCertificate.Subject}\" is not in the list of trusted root-certificates."));
}
}
if (validationResult.Valid)
{
validationResult.Exceptions.Add(this.EvaluateMatching(certificate, validationOptions).Exceptions);
}
}
}
// ReSharper restore InvertIf
return(await Task.FromResult(validationResult).ConfigureAwait(false));
}
public virtual async Task <IValidationResult> ValidateAsync(X509Certificate2 certificate, CertificateValidatorOptions options)
{
return(await this.ValidateAsync((X509Certificate2Wrapper)certificate, options).ConfigureAwait(false));
}
public static IValidationResult Validate(this ICertificateValidator certificateValidator, X509Certificate2 certificate, CertificateValidatorOptions options)
{
if (certificateValidator == null)
{
throw new ArgumentNullException(nameof(certificateValidator));
}
return(certificateValidator.ValidateAsync(certificate, options).Result);
}
