public static X509Certificate2Collection FilterValidCerts(
X509Certificate2Collection certs,
X509ChainPolicy policy,
X509ChainStatusFlags problemFlags,
Action<Exception> notification)
{
var validCerts = new X509Certificate2Collection();
if (certs == null) return null;
foreach (var cert in certs)
{
X509Chain chainBuilder = new X509Chain();
chainBuilder.ChainPolicy = policy.Clone();
try
{
// We're using the system class as a helper to merely build the chain
// However, we will review each item in the chain ourselves, because we have our own rules...
chainBuilder.Build(cert);
X509ChainElementCollection chainElements = chainBuilder.ChainElements;
// If we don't have a trust chain, then we obviously have a problem...
if (chainElements.IsNullOrEmpty())
{
notification(new Exception(string.Format("Can't find a trust chain: {0} ", cert.Subject)));
return null;
}
// walk the chain starting at the leaf and see if we hit any issues before the anchor
foreach (X509ChainElement chainElement in chainElements)
{
if (ChainElementHasProblems(chainElement, problemFlags))
{
//this.NotifyProblem(chainElement);
notification(new Exception(string.Format("Chain Element has problem {0}", Summarize(chainElement, problemFlags))));
// Whoops... problem with at least one cert in the chain. Stop immediately
return null;
}
}
}
catch (Exception ex)
{
//this.NotifyError(certificate, ex);
// just eat it and drop out to return null
notification(ex);
return null;
}
validCerts.Add(cert);
}
return validCerts;
}
