internal bool MatchesCertificatePolicies(Oid policyOid)
{
if (_failAllCertificatePolicies)
{
return(false);
}
string nextOid = policyOid.Value !;
for (int i = 1; i <= _policies.Length; i++)
{
// The loop variable (i) matches the definition in RFC 3280,
// section 6.1.3. In that description i=1 is the root CA, and n
// is the EE/leaf certificate. In our chain object 0 is the EE cert
// and _policies.Length-1 is the root cert. So we will index things as
// _policies.Length - i (because i is 1 indexed).
int dataIdx = _policies.Length - i;
CertificatePolicy policy = _policies[dataIdx];
string oidToCheck = nextOid;
if (policy.PolicyMapping != null)
{
for (int iMapping = 0; iMapping < policy.PolicyMapping.Count; iMapping++)
{
CertificatePolicyMappingAsn mapping = policy.PolicyMapping[iMapping];
if (StringComparer.Ordinal.Equals(mapping.IssuerDomainPolicy, oidToCheck))
{
nextOid = mapping.SubjectDomainPolicy;
}
}
}
if (policy.AllowsAnyCertificatePolicy)
{
continue;
}
if (policy.DeclaredCertificatePolicies == null)
{
return(false);
}
if (!policy.DeclaredCertificatePolicies.Contains(oidToCheck))
{
return(false);
}
}
return(true);
}
private static List <CertificatePolicyMappingAsn> ReadCertPolicyMappingsExtension(byte[] rawData)
{
AsnReader reader = new AsnReader(rawData, AsnEncodingRules.DER);
AsnReader sequenceReader = reader.ReadSequence();
reader.ThrowIfNotEmpty();
List <CertificatePolicyMappingAsn> mappings = new List <CertificatePolicyMappingAsn>();
while (sequenceReader.HasData)
{
CertificatePolicyMappingAsn.Decode(sequenceReader, out CertificatePolicyMappingAsn mapping);
mappings.Add(mapping);
}
return(mappings);
}
