void ResolveIssuers(X509Certificate2 certificate, X509Certificate2Collection issuers, int chainLength)
{
//
// only look at simpleNames because intermediates are always going to be org-level, not email, certs
//
string issuerName = certificate.GetNameInfo(X509NameType.SimpleName, true); // true == "for issuer"
//
// If the issuer name matches the Cert name, we have a self-signed cert
//
if (certificate.MatchName(issuerName))
{
return;
}
//
// If the issuer is already known, then we are good
//
if (issuers.FindByName(issuerName) != null)
{
return;
}
if (chainLength == m_maxIssuerChainLength)
{
//
// Chain too long. Ignore...
//
return;
}
//
// Retrieve the issuer's certificate
//
X509Certificate2Collection issuerCertificates = m_certResolver.SafeGetCertificates(certificate.ExtractEmailNameOrName(true));
if (CollectionExtensions.IsNullOrEmpty(issuerCertificates))
{
return;
}
//
// Recursively fetch the issuers who issued this set of certificates
//
foreach (X509Certificate2 issuerCertificate in issuerCertificates)
{
if (issuerCertificate.MatchName(issuerName) && !issuers.ContainsThumbprint(issuerCertificate.Thumbprint))
{
//
// New issuer
//
issuers.Add(issuerCertificate);
//
// And keep working up the chain
//
this.ResolveIssuers(issuerCertificate, issuers, chainLength + 1);
}
}
}
