/// <summary> /// Create a Trust Model from the given settings /// </summary> /// <param name="trustPolicyResolver"><see cref="IPolicyResolver"/> injected for trust policy resolution.</param> /// <param name="policyFilter"><see cref="IPolicyFilter"/></param> /// <returns>TrustModel</returns> public TrustModel CreateTrustModel(IPolicyResolver trustPolicyResolver, IPolicyFilter policyFilter) { TrustChainValidator validator = new TrustChainValidator(); validator.RevocationCheckMode = this.RevocationCheckMode; validator.RevocationCheckGranularity = this.RevocationCheckGranularity; if (this.MaxIssuerChainLength > 0) { validator.MaxIssuerChainLength = this.MaxIssuerChainLength; } if (this.TimeoutMilliseconds > 0) { validator.ValidationPolicy.UrlRetrievalTimeout = TimeSpan.FromMilliseconds(this.TimeoutMilliseconds); } TrustModel trustModel = new TrustModel(validator, trustPolicyResolver, policyFilter); if (this.ProblemFlags != null) { X509ChainStatusFlags flags = X509ChainStatusFlags.NoError; foreach (X509ChainStatusFlags flag in this.ProblemFlags) { flags = (flags | flag); } trustModel.CertChainValidator.ProblemFlags = flags; } return(trustModel); }
public void Verify(string[] args) { string path = args.GetRequiredValue(0); X509Certificate2 cert = new X509Certificate2(path); X509Certificate2Collection anchors = SystemX509Store.OpenAnchor().GetAllCertificates(); TrustChainValidator validator = new TrustChainValidator(); validator.IsTrustedCertificate(cert, anchors); }
public TrustChainTests() { m_store = TestCertificates.ChainCertsStore.Clone(); m_resolver = m_store.CreateResolver(); m_validator = this.CreateValidator(); // // Find the endcert and the root cert // We'll trust the root cert, but the intermediaries are not trusted // m_endCerts = m_resolver.GetCertificates(new MailAddress("*****@*****.**")); m_trustedAnchors = m_resolver.GetCertificatesForDomain("root.xyz"); }
TrustChainValidator CreateValidator() { TrustChainValidator validator = new TrustChainValidator(); validator.IssuerResolver = m_resolver; validator.ProblemFlags = X509ChainStatusFlags.NotTimeValid | X509ChainStatusFlags.Revoked | X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.CtlNotTimeValid | X509ChainStatusFlags.CtlNotSignatureValid; return(validator); }
/// <summary> /// Create a Trust Model from the given settings /// </summary> /// <returns>TrustModel</returns> public TrustModel CreateTrustModel() { TrustChainValidator validator = new TrustChainValidator(); validator.RevocationCheckMode = this.RevocationCheckMode; validator.RevocationCheckGranularity = this.RevocationCheckGranularity; if (this.MaxIssuerChainLength > 0) { validator.MaxIssuerChainLength = this.MaxIssuerChainLength; } if (this.TimeoutMilliseconds > 0) { validator.ValidationPolicy.UrlRetrievalTimeout = TimeSpan.FromMilliseconds(this.TimeoutMilliseconds); } TrustModel trustModel = new TrustModel(validator); if (this.ProblemFlags != null) { X509ChainStatusFlags flags = X509ChainStatusFlags.NoError; foreach(X509ChainStatusFlags flag in this.ProblemFlags) { flags = (flags | flag); } trustModel.CertChainValidator.ProblemFlags = flags; } return trustModel; }
TrustChainValidator CreateValidator() { TrustChainValidator validator = new TrustChainValidator(); validator.IssuerResolver = m_resolver; validator.ProblemFlags = X509ChainStatusFlags.NotTimeValid | X509ChainStatusFlags.Revoked | X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.CtlNotTimeValid | X509ChainStatusFlags.CtlNotSignatureValid; return validator; }