/// <summary>
/// Authority Key Identifier is an optional field. If present, it should be the key identifier of the parent.
/// Absence of the field is a warning. If present, bad linkage is an error.
/// </summary>
/// <returns></returns>
internal bool CheckAuthKeyIdentifierLinkage()
{
bool ok = true;
// alias to root
for (int j = 0; j < NumCerts - 1; j++)
{
var signer = Certs[j + 1];
var target = Certs[j];
var akiData = target.GetExtensionValue(X509Extensions.AuthorityKeyIdentifier);
if (akiData == null)
{
Warning($"Certificate does not contain an Authority Key Identifier Extension: {target.SubjectDN.ToString()}");
continue;
}
if (akiData != null)
{
var aki = new AuthorityKeyIdentifierStructure(akiData);
var signerKeyId = new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(signer.GetPublicKey()));
if (!signerKeyId.Equals(aki))
{
Error($"Authority Key Identifier does not match signer for certificate with subject: {target.SubjectDN.ToString()}");
ok = false;
}
}
}
return(ok);
}
/// <summary>
/// Returns true if VerifyCertificateResponse instances are equal
/// </summary>
/// <param name="other">Instance of VerifyCertificateResponse to be compared</param>
/// <returns>Boolean</returns>
public bool Equals(VerifyCertificateResponse other)
{
if (other is null)
{
return(false);
}
if (ReferenceEquals(this, other))
{
return(true);
}
return
((
AuthorityKeyIdentifier == other.AuthorityKeyIdentifier ||
AuthorityKeyIdentifier != null &&
AuthorityKeyIdentifier.Equals(other.AuthorityKeyIdentifier)
) &&
(
CertificatePolicies == other.CertificatePolicies ||
CertificatePolicies != null &&
CertificatePolicies.Equals(other.CertificatePolicies)
) &&
(
CrlDistributionPoints == other.CrlDistributionPoints ||
CrlDistributionPoints != null &&
CrlDistributionPoints.Equals(other.CrlDistributionPoints)
) &&
(
IssuerAltName == other.IssuerAltName ||
IssuerAltName != null &&
IssuerAltName.Equals(other.IssuerAltName)
) &&
(
SubjectAltName == other.SubjectAltName ||
SubjectAltName != null &&
SubjectAltName.Equals(other.SubjectAltName)
) &&
(
VerifyResult == other.VerifyResult ||
VerifyResult != null &&
VerifyResult.Equals(other.VerifyResult)
));
}