private static unsafe int VerifyCertificate(X509Certificate2 certificate,
X509Certificate2Collection extraStore)
{
int dwErrorStatus;
int hr = X509Utils.VerifyCertificate(X509Utils.GetCertContext(certificate),
null,
null,
X509RevocationMode.Online,
X509RevocationFlag.ExcludeRoot,
DateTime.Now,
new TimeSpan(0, 0, 0),
extraStore,
new IntPtr(CAPI.CERT_CHAIN_POLICY_BASE),
new IntPtr(&dwErrorStatus));
if (hr != CAPI.S_OK)
{
return(dwErrorStatus);
}
// Check key usages to make sure it is good for signing.
foreach (X509Extension extension in certificate.Extensions)
{
if (String.Compare(extension.Oid.Value, CAPI.szOID_KEY_USAGE, StringComparison.OrdinalIgnoreCase) == 0)
{
X509KeyUsageExtension keyUsage = new X509KeyUsageExtension();
keyUsage.CopyFrom(extension);
if ((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == 0 &&
(keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == 0)
{
hr = CAPI.CERT_E_WRONG_USAGE;
break;
}
}
}
return(hr);
}