/// <summary>
/// Verifies that a certificate user token is trusted.
/// </summary>
private bool VerifyCertificate(X509Certificate2 certificate)
{
try {
if (_certificateValidator != null)
{
_certificateValidator.Validate(certificate);
}
else
{
CertificateValidator.Validate(certificate);
}
// determine if self-signed.
var isSelfSigned = X509Utils.CompareDistinguishedName(
certificate.Subject, certificate.Issuer);
// do not allow self signed application certs as user token
if (isSelfSigned && X509Utils.HasApplicationURN(certificate))
{
throw new ServiceResultException(StatusCodes.BadCertificateUseNotAllowed);
}
return(false);
}
catch (Exception e) {
TranslationInfo info;
StatusCode result = StatusCodes.BadIdentityTokenRejected;
if (e is ServiceResultException se &&
se.StatusCode == StatusCodes.BadCertificateUseNotAllowed)
{
info = new TranslationInfo(
"InvalidCertificate",
"en-US",
"'{0}' is an invalid user certificate.",
certificate.Subject);
result = StatusCodes.BadIdentityTokenInvalid;
}
