///<summary>Set isAddressSpecific if you need to allow/prefer domain certificates over email address specific certificates.</summary>
private static X509Certificate2 GetValidCertForAddressFromStore(Health.Direct.Common.Certificates.SystemX509Store store,string strAddressTest,bool isAddressSpecific) {
//No need to check RemotingRole; no call to db.
X509Certificate2Collection collectionCerts=null;
MailAddress mailAddressQuery=new MailAddress(strAddressTest);
Health.Direct.Common.Certificates.ICertificateResolver certResolverLocalCache=store.CreateResolver();
if(certResolverLocalCache==null) {
return null;
}
collectionCerts=certResolverLocalCache.GetCertificates(mailAddressQuery);
if(collectionCerts==null) {
return null;
}
List<X509Certificate2> listDomainCerts=new List<X509Certificate2>();
List<X509Certificate2> listAddressCerts=new List<X509Certificate2>();
for(int i=0;i<collectionCerts.Count;i++) {
if(DateTime.Now<collectionCerts[i].NotBefore || DateTime.Now>collectionCerts[i].NotAfter) {
//If the certificate is not yet valid or is expired, then ignore.
continue;
}
string strCertSubjectName=collectionCerts[i].Subject.Trim().ToLower();
if(strCertSubjectName.Contains("e="+strAddressTest.ToLower())) {//Address specific
listAddressCerts.Add(collectionCerts[i]);
}
else {
listDomainCerts.Add(collectionCerts[i]);
}
}
if(!isAddressSpecific && listDomainCerts.Count>0) {//Domain certificates allowed/preferred and there is one.
return listDomainCerts[0];
}
if(listAddressCerts.Count>0) {
return listAddressCerts[0];
}
//A certificate was found in the local store, but it was a domain level certificate and was not for the specific address provided.
return null;
}
///<summary>The strAddressTest can be either a full email address or a domain name.
///Set isDomainIncluded to true if you would like to include domain level certificates in addition to the certificates which match the exact test address. Exact address matches will be preferred over domain matches.
///Otherwise, if isDomainIncluded is false, then only certificates which exactly match the test address will be included.</summary>
private static X509Certificate2 GetValidCertForAddressFromStore(Health.Direct.Common.Certificates.SystemX509Store store,string strAddressTest,bool isDomainIncluded) {
//No need to check RemotingRole; no call to db.
X509Certificate2Collection collectionCerts=null;
Health.Direct.Common.Certificates.ICertificateResolver certResolverLocalCache=store.CreateResolver();
if(certResolverLocalCache==null) {
return null;
}
strAddressTest=GetAddressSimple(strAddressTest);
if(strAddressTest.Contains("@")) {//The specified address is one particular email address as opposed to a domain name.
collectionCerts=certResolverLocalCache.GetCertificatesForDomain(strAddressTest);//Gets the certificates for the specified address, but does not get the certificates for the domain associated with the address.
if(collectionCerts!=null) {
for(int i=0;i<collectionCerts.Count;i++) {
if(DateTime.Now<collectionCerts[i].NotBefore || DateTime.Now>collectionCerts[i].NotAfter) {
continue;//If the certificate is not yet valid or is expired, then ignore.
}
return collectionCerts[i];
}
}
}
if(!isDomainIncluded) {
return null;
}
string domain=GetDomainForAddress(strAddressTest);
if(domain=="") {
return null;
}
collectionCerts=certResolverLocalCache.GetCertificatesForDomain(domain);
if(collectionCerts!=null) {
for(int i=0;i<collectionCerts.Count;i++) {
if(DateTime.Now<collectionCerts[i].NotBefore || DateTime.Now>collectionCerts[i].NotAfter) {
continue;//If the certificate is not yet valid or is expired, then ignore.
}
return collectionCerts[i];
}
}
return null;
}
