private bool BuildChain(X509Chain chain, X509Certificate2 certificate) { try { if (chain.Build(certificate) && chain.HasNoError()) { return(true); } return(false); } catch (System.Security.Cryptography.CryptographicException) { return(false); } }
private void ValidateAsPEPPOLCertificate(X509Certificate2 certificate) { X509Chain chain = new X509Chain() { ChainPolicy = new X509ChainPolicy() { RevocationMode = this.RevocationMode, RevocationFlag = X509RevocationFlag.EndCertificateOnly } }; if (ExtraTrustedRootCertificates != null) { chain.ChainPolicy.ExtraStore.AddRange(ExtraTrustedRootCertificates); } if (ExtraTrustedIntermediateCertificates != null) { chain.ChainPolicy.ExtraStore.AddRange(ExtraTrustedIntermediateCertificates); } //Validate chain errors or if it is revoked try { var buildOk = chain.Build(certificate); var chainOk = chain.HasNoError(); if (!buildOk || !chainOk) { throw new Exception(string.Format("Validation failed. Chain could not be built. BuildOK: {0} ChainOK: {1} ChainStatus: {2} ", buildOk, chainOk, chain.ChainStatus.Aggregate("Errors in chain: ", (current, asdf) => asdf.Status + asdf.StatusInformation))); } } catch (System.Security.Cryptography.CryptographicException exception) { throw new SecurityTokenValidationException("Validation failed. Chain could not be built." + exception.Message, exception); } // Skip the check for the expected issuer if we are dealing with // a certificate from the Root CA or an Intermediate CA: if (IsPeppolRoot(certificate) || IsPeppolIntermediateCA(certificate)) { return; } if (!IsExpectedIssuer(chain)) { throw new SecurityTokenValidationException("Validation failed. Issued by the wrong CA."); } }