/// <summary>
/// Create a Trust Model from the given settings
/// </summary>
/// <param name="trustPolicyResolver"><see cref="IPolicyResolver"/> injected for trust policy resolution.</param>
/// <param name="policyFilter"><see cref="IPolicyFilter"/></param>
/// <returns>TrustModel</returns>
public TrustModel CreateTrustModel(IPolicyResolver trustPolicyResolver, IPolicyFilter policyFilter)
{
TrustChainValidator validator = new TrustChainValidator();
validator.RevocationCheckMode = this.RevocationCheckMode;
validator.RevocationCheckGranularity = this.RevocationCheckGranularity;
if (this.MaxIssuerChainLength > 0)
{
validator.MaxIssuerChainLength = this.MaxIssuerChainLength;
}
if (this.TimeoutMilliseconds > 0)
{
validator.ValidationPolicy.UrlRetrievalTimeout = TimeSpan.FromMilliseconds(this.TimeoutMilliseconds);
}
TrustModel trustModel = new TrustModel(validator, trustPolicyResolver, policyFilter);
if (this.ProblemFlags != null)
{
X509ChainStatusFlags flags = X509ChainStatusFlags.NoError;
foreach (X509ChainStatusFlags flag in this.ProblemFlags)
{
flags = (flags | flag);
}
trustModel.CertChainValidator.ProblemFlags = flags;
}
return(trustModel);
}
public void Verify(string[] args)
{
string path = args.GetRequiredValue(0);
X509Certificate2 cert = new X509Certificate2(path);
X509Certificate2Collection anchors = SystemX509Store.OpenAnchor().GetAllCertificates();
TrustChainValidator validator = new TrustChainValidator();
validator.IsTrustedCertificate(cert, anchors);
}
public TrustChainTests()
{
m_store = TestCertificates.ChainCertsStore.Clone();
m_resolver = m_store.CreateResolver();
m_validator = this.CreateValidator();
//
// Find the endcert and the root cert
// We'll trust the root cert, but the intermediaries are not trusted
//
m_endCerts = m_resolver.GetCertificates(new MailAddress("*****@*****.**"));
m_trustedAnchors = m_resolver.GetCertificatesForDomain("root.xyz");
}
public TrustChainTests()
{
m_store = TestCertificates.ChainCertsStore.Clone();
m_resolver = m_store.CreateResolver();
m_validator = this.CreateValidator();
//
// Find the endcert and the root cert
// We'll trust the root cert, but the intermediaries are not trusted
//
m_endCerts = m_resolver.GetCertificates(new MailAddress("*****@*****.**"));
m_trustedAnchors = m_resolver.GetCertificatesForDomain("root.xyz");
}
TrustChainValidator CreateValidator()
{
TrustChainValidator validator = new TrustChainValidator();
validator.IssuerResolver = m_resolver;
validator.ProblemFlags =
X509ChainStatusFlags.NotTimeValid |
X509ChainStatusFlags.Revoked |
X509ChainStatusFlags.NotSignatureValid |
X509ChainStatusFlags.CtlNotTimeValid |
X509ChainStatusFlags.CtlNotSignatureValid;
return(validator);
}
/// <summary>
/// Create a Trust Model from the given settings
/// </summary>
/// <returns>TrustModel</returns>
public TrustModel CreateTrustModel()
{
TrustChainValidator validator = new TrustChainValidator();
validator.RevocationCheckMode = this.RevocationCheckMode;
validator.RevocationCheckGranularity = this.RevocationCheckGranularity;
if (this.MaxIssuerChainLength > 0)
{
validator.MaxIssuerChainLength = this.MaxIssuerChainLength;
}
if (this.TimeoutMilliseconds > 0)
{
validator.ValidationPolicy.UrlRetrievalTimeout = TimeSpan.FromMilliseconds(this.TimeoutMilliseconds);
}
TrustModel trustModel = new TrustModel(validator);
if (this.ProblemFlags != null)
{
X509ChainStatusFlags flags = X509ChainStatusFlags.NoError;
foreach(X509ChainStatusFlags flag in this.ProblemFlags)
{
flags = (flags | flag);
}
trustModel.CertChainValidator.ProblemFlags = flags;
}
return trustModel;
}
TrustChainValidator CreateValidator()
{
TrustChainValidator validator = new TrustChainValidator();
validator.IssuerResolver = m_resolver;
validator.ProblemFlags =
X509ChainStatusFlags.NotTimeValid |
X509ChainStatusFlags.Revoked |
X509ChainStatusFlags.NotSignatureValid |
X509ChainStatusFlags.CtlNotTimeValid |
X509ChainStatusFlags.CtlNotSignatureValid;
return validator;
}
