Exemple #1
0
        public bool Build(X509Certificate2 certificate)
        {
            if (certificate == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("certificate");
            }
            if (certificate.Handle == IntPtr.Zero)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("certificate", System.IdentityModel.SR.GetString("ArgumentInvalidCertificate"));
            }
            System.IdentityModel.SafeCertChainHandle invalidHandle = System.IdentityModel.SafeCertChainHandle.InvalidHandle;
            X509ChainPolicy chainPolicy = this.ChainPolicy;

            chainPolicy.VerificationTime = DateTime.Now;
            BuildChain(this.useMachineContext ? new IntPtr(1L) : new IntPtr(0L), certificate.Handle, chainPolicy.ExtraStore, chainPolicy.ApplicationPolicy, chainPolicy.CertificatePolicy, chainPolicy.RevocationMode, chainPolicy.RevocationFlag, chainPolicy.VerificationTime, chainPolicy.UrlRetrievalTimeout, out invalidHandle);
            System.IdentityModel.CAPI.CERT_CHAIN_POLICY_PARA   pPolicyPara   = new System.IdentityModel.CAPI.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(System.IdentityModel.CAPI.CERT_CHAIN_POLICY_PARA)));
            System.IdentityModel.CAPI.CERT_CHAIN_POLICY_STATUS pPolicyStatus = new System.IdentityModel.CAPI.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(System.IdentityModel.CAPI.CERT_CHAIN_POLICY_STATUS)));
            pPolicyPara.dwFlags = (uint)(chainPolicy.VerificationFlags | 0x1000);
            if (!System.IdentityModel.CAPI.CertVerifyCertificateChainPolicy(new IntPtr((long)this.chainPolicyOID), invalidHandle, ref pPolicyPara, ref pPolicyStatus))
            {
                int hr = Marshal.GetLastWin32Error();
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(hr));
            }
            if (pPolicyStatus.dwError != 0)
            {
                int dwError = (int)pPolicyStatus.dwError;
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenValidationException(System.IdentityModel.SR.GetString("X509ChainBuildFail", new object[] { System.IdentityModel.SecurityUtils.GetCertificateId(certificate), new CryptographicException(dwError).Message })));
            }
            return(true);
        }
 public bool Build(X509Certificate2 certificate)
 {
     if (certificate == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("certificate");
     }
     if (certificate.Handle == IntPtr.Zero)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("certificate", System.IdentityModel.SR.GetString("ArgumentInvalidCertificate"));
     }
     System.IdentityModel.SafeCertChainHandle invalidHandle = System.IdentityModel.SafeCertChainHandle.InvalidHandle;
     X509ChainPolicy chainPolicy = this.ChainPolicy;
     chainPolicy.VerificationTime = DateTime.Now;
     BuildChain(this.useMachineContext ? new IntPtr(1L) : new IntPtr(0L), certificate.Handle, chainPolicy.ExtraStore, chainPolicy.ApplicationPolicy, chainPolicy.CertificatePolicy, chainPolicy.RevocationMode, chainPolicy.RevocationFlag, chainPolicy.VerificationTime, chainPolicy.UrlRetrievalTimeout, out invalidHandle);
     System.IdentityModel.CAPI.CERT_CHAIN_POLICY_PARA pPolicyPara = new System.IdentityModel.CAPI.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(System.IdentityModel.CAPI.CERT_CHAIN_POLICY_PARA)));
     System.IdentityModel.CAPI.CERT_CHAIN_POLICY_STATUS pPolicyStatus = new System.IdentityModel.CAPI.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(System.IdentityModel.CAPI.CERT_CHAIN_POLICY_STATUS)));
     pPolicyPara.dwFlags = (uint) (chainPolicy.VerificationFlags | 0x1000);
     if (!System.IdentityModel.CAPI.CertVerifyCertificateChainPolicy(new IntPtr((long) this.chainPolicyOID), invalidHandle, ref pPolicyPara, ref pPolicyStatus))
     {
         int hr = Marshal.GetLastWin32Error();
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(hr));
     }
     if (pPolicyStatus.dwError != 0)
     {
         int dwError = (int) pPolicyStatus.dwError;
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenValidationException(System.IdentityModel.SR.GetString("X509ChainBuildFail", new object[] { System.IdentityModel.SecurityUtils.GetCertificateId(certificate), new CryptographicException(dwError).Message })));
     }
     return true;
 }