protected static void EnsureCertificateIsAllowedForClientAuth(X509Certificate2 certificate)
{
if (!CertificateLoader.IsCertificateAllowedForClientAuth(certificate))
{
throw new InvalidOperationException($"Invalid client certificate for client authentication: {certificate.Thumbprint}");
}
}
private static X509Certificate2 ValidateCertificate(X509Certificate2 certificate, RemoteCertificateMode mode)
{
switch (mode)
{
case RemoteCertificateMode.NoCertificate:
return(null);
case RemoteCertificateMode.AllowCertificate:
//if certificate exists but can not be used for client authentication.
if (certificate != null && CertificateLoader.IsCertificateAllowedForClientAuth(certificate))
{
return(certificate);
}
return(null);
case RemoteCertificateMode.RequireCertificate:
EnsureCertificateIsAllowedForClientAuth(certificate);
return(certificate);
default:
throw new ArgumentOutOfRangeException(nameof(mode), mode, null);
}
}
