Example #1
0
        void ResolveIssuers(X509Certificate2 certificate, X509Certificate2Collection issuers, int chainLength)
        {
            //
            // only look at simpleNames because intermediates are always going to be org-level, not email, certs
            //
            string issuerName = certificate.GetNameInfo(X509NameType.SimpleName, true); // true == "for issuer"
            //
            // If the issuer name matches the Cert name, we have a self-signed cert
            //
            if (certificate.MatchName(issuerName))
            {
                return;
            }
            //
            // If the issuer is already known, then we are good
            //
            if (issuers.FindByName(issuerName) != null)
            {
                return;
            }

            if (chainLength == m_maxIssuerChainLength)
            {
                //
                // Chain too long. Ignore...
                //
                return;
            }
            //
            // Retrieve the issuer's certificate
            //
            X509Certificate2Collection issuerCertificates = m_certResolver.SafeGetCertificates(certificate.ExtractEmailNameOrName(true));
            if (CollectionExtensions.IsNullOrEmpty(issuerCertificates))
            {
                return;
            }
            //
            // Recursively fetch the issuers who issued this set of certificates
            //
            foreach (X509Certificate2 issuerCertificate in issuerCertificates)
            {
                if (issuerCertificate.MatchName(issuerName) && !issuers.ContainsThumbprint(issuerCertificate.Thumbprint))
                {
                    //
                    // New issuer
                    //
                    issuers.Add(issuerCertificate);
                    //
                    // And keep working up the chain
                    //
                    this.ResolveIssuers(issuerCertificate, issuers, chainLength + 1);
                }
            }
        }