/// <summary>
/// Perform OCSP, which checks whether the certificate is revoked or not.
/// </summary>
/// <since_tizen> 3 </since_tizen>
/// <param name="certificateChain">
/// Valid certificate chain to perform the OCSP check.
/// </param>
/// <returns>A status result of the OCSP check.</returns>
/// <exception cref="ArgumentNullException">
/// The certificateChain argument is null.
/// </exception>
/// <exception cref="ArgumentException">
/// The certificateChain is not valid chain or certificate.
/// </exception>
/// <exception cref="InvalidOperationException">
/// Some of the certificates in chain are expired or not valid yet.
/// </exception>
static public OcspStatus CheckOcsp(IEnumerable <Certificate> certificateChain)
{
if (certificateChain == null)
{
throw new ArgumentNullException("Certificate chain is null");
}
IntPtr ptr = IntPtr.Zero;
try
{
int ocspStatus = (int)OcspStatus.Good;
var certChain = new SafeCertificateListHandle(certificateChain);
ptr = certChain.GetHandle();
Interop.CheckNThrowException(
Interop.CkmcManager.OcspCheck(ptr, ref ocspStatus),
"Failed to get certificate chain with trusted certificates");
return((OcspStatus)ocspStatus);
}
finally
{
if (ptr != IntPtr.Zero)
{
Interop.CkmcTypes.CertListAllFree(ptr);
}
}
}
/// <summary>
/// Verifies a certificate chain and returns that chain using user entered
/// trusted and untrusted CA certificates.
/// </summary>
/// <since_tizen> 3 </since_tizen>
/// <param name="certificate">The certificate to be verified.</param>
/// <param name="untrustedCertificates">
/// The untrusted CA certificates to be used in verifying a certificate chain.
/// </param>
/// <param name="trustedCertificates">
/// The trusted CA certificates to be used in verifying a certificate chain.
/// </param>
/// <param name="useTrustedSystemCertificates">
/// The flag indicating the use of the trusted root certificates in the
/// system's certificate storage.
/// </param>
/// <returns>A newly created certificate chain.</returns>
/// <exception cref="ArgumentNullException">
/// The certificate argument is null.
/// </exception>
/// <exception cref="ArgumentException">
/// Some of the certificates in arguments are invalid.
/// </exception>
/// <exception cref="InvalidOperationException">
/// Some of the certificates in arguments are expired or not valid yet.
/// Certificate cannot build chain.
/// The root certificate is not in the trusted system certificate store.
/// </exception>
/// <remarks>
/// The trusted root certificate of the chain in the system's certificate storage
/// is added to the certificate chain.
/// </remarks>
static public IEnumerable <Certificate> GetCertificateChain(
Certificate certificate, IEnumerable <Certificate> untrustedCertificates,
IEnumerable <Certificate> trustedCertificates,
bool useTrustedSystemCertificates)
{
if (certificate == null)
{
throw new ArgumentNullException("Certificate is null");
}
IntPtr certPtr = IntPtr.Zero;
IntPtr untrustedPtr = IntPtr.Zero;
IntPtr trustedPtr = IntPtr.Zero;
IntPtr ptrCertChain = IntPtr.Zero;
try
{
var untrusted = new SafeCertificateListHandle(untrustedCertificates);
var trusted = new SafeCertificateListHandle(trustedCertificates);
certPtr = certificate.GetHandle();
untrustedPtr = untrusted.GetHandle();
trustedPtr = trusted.GetHandle();
Interop.CheckNThrowException(
Interop.CkmcManager.GetCertChainWithTrustedCerts(
certPtr, untrustedPtr, trustedPtr,
useTrustedSystemCertificates, out ptrCertChain),
"Failed to get certificate chain with trusted certificates");
return(new SafeCertificateListHandle(ptrCertChain).Certificates);
}
finally
{
if (certPtr != IntPtr.Zero)
{
Interop.CkmcTypes.CertFree(certPtr);
}
if (untrustedPtr != IntPtr.Zero)
{
Interop.CkmcTypes.CertListAllFree(untrustedPtr);
}
if (trustedPtr != IntPtr.Zero)
{
Interop.CkmcTypes.CertListAllFree(trustedPtr);
}
}
}