private void VerifyCertificate(X509Certificate cert)
{
// Create the selector that specifies the starting certificate
X509CertStoreSelector selector = new X509CertStoreSelector();
selector.Certificate = cert;
// Create the trust anchors (set of root CA certificates)
HashSet trustAnchors = new HashSet();
foreach (X509Certificate trustedRootCert in this.rootCertificates)
{
trustAnchors.Add(new TrustAnchor(trustedRootCert, null));
}
// Configure the PKIX certificate builder algorithm parameters
PkixBuilderParameters pkixParams = new PkixBuilderParameters(trustAnchors, selector);
// Setting explicit policy
if (this.policies.Count > 0)
{
pkixParams.SetInitialPolicies(this.policies);
pkixParams.IsExplicitPolicyRequired = true;
}
// Disable CRL checks (this is done manually as additional step)
pkixParams.IsRevocationEnabled = false;
// Specify a list of intermediate certificates
HashSet trustedIntermediateCert = new HashSet();
foreach (X509Certificate certificate in this.intermediateCertificates)
{
trustedIntermediateCert.Add(certificate);
}
var store = X509StoreFactory.Create(
"Collection",
new X509CollectionStoreParameters(trustedIntermediateCert));
pkixParams.AddStore(store);
// Build and verify the certification chain
PkixCertPathBuilder builder = new PkixCertPathBuilder();
builder.Build(pkixParams);
}
private PkixCertPathBuilderResult doBuilderTest(
string trustAnchor,
string[] certs,
string[] crls,
ISet initialPolicies,
bool policyMappingInhibited,
bool anyPolicyInhibited)
{
ISet trustedSet = new HashSet();
trustedSet.Add(GetTrustAnchor(trustAnchor));
IList x509Certs = new ArrayList();
IList x509Crls = new ArrayList();
X509Certificate endCert = LoadCert(certs[certs.Length - 1]);
for (int i = 0; i != certs.Length - 1; i++)
{
x509Certs.Add(LoadCert(certs[i]));
}
x509Certs.Add(endCert);
for (int i = 0; i != crls.Length; i++)
{
x509Crls.Add(LoadCrl(crls[i]));
}
IX509Store x509CertStore = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(x509Certs));
IX509Store x509CrlStore = X509StoreFactory.Create(
"CRL/Collection",
new X509CollectionStoreParameters(x509Crls));
// CertPathBuilder builder = CertPathBuilder.GetInstance("PKIX");
PkixCertPathBuilder builder = new PkixCertPathBuilder();
X509CertStoreSelector endSelector = new X509CertStoreSelector();
endSelector.Certificate = endCert;
PkixBuilderParameters builderParams = new PkixBuilderParameters(trustedSet, endSelector);
if (initialPolicies != null)
{
builderParams.SetInitialPolicies(initialPolicies);
builderParams.IsExplicitPolicyRequired = true;
}
if (policyMappingInhibited)
{
builderParams.IsPolicyMappingInhibited = policyMappingInhibited;
}
if (anyPolicyInhibited)
{
builderParams.IsAnyPolicyInhibited = anyPolicyInhibited;
}
builderParams.AddStore(x509CertStore);
builderParams.AddStore(x509CrlStore);
try
{
return((PkixCertPathBuilderResult)builder.Build(builderParams));
}
catch (PkixCertPathBuilderException e)
{
throw e.InnerException;
}
}
private string TestPolicies(
int index,
X509Certificate trustCert,
X509Certificate intCert,
X509Certificate endCert,
ISet requirePolicies,
bool okay)
{
ISet trust = new HashSet();
trust.Add(new TrustAnchor(trustCert, null));
X509CertStoreSelector targetConstraints = new X509CertStoreSelector();
targetConstraints.Subject = endCert.SubjectDN;
PkixBuilderParameters pbParams = new PkixBuilderParameters(trust, targetConstraints);
ISet certs = new HashSet();
certs.Add(intCert);
certs.Add(endCert);
IX509Store store = X509StoreFactory.Create(
"CERTIFICATE/COLLECTION",
new X509CollectionStoreParameters(certs));
pbParams.AddStore(store);
pbParams.IsRevocationEnabled = false;
if (requirePolicies != null)
{
pbParams.IsExplicitPolicyRequired = true;
pbParams.SetInitialPolicies(requirePolicies);
}
// CertPathBuilder cpb = CertPathBuilder.GetInstance("PKIX");
PkixCertPathBuilder cpb = new PkixCertPathBuilder();
PkixCertPathBuilderResult result = null;
try
{
result = (PkixCertPathBuilderResult)cpb.Build(pbParams);
if (!okay)
{
Fail(index + ": path validated when failure expected.");
}
// if (result.getPolicyTree() != null)
// {
// Console.WriteLine("OK");
// Console.WriteLine("policy: " + result.getPolicyTree());
// }
// else
// {
// Console.WriteLine("OK: policy tree = null");
// }
return("");
}
catch (TestFailedException e)
{
throw e;
}
catch (Exception e)
{
if (okay)
{
Fail(index + ": path failed to validate when success expected.");
}
Exception ee = e.InnerException;
if (ee != null)
{
return(ee.Message);
}
return(e.Message);
}
}