/// Validates that the certificate provided is a CA certificate. /// </summary> /// <param name="certificate">The certificate to validate.</param> /// <param name="certificationPathLength">The allowed certification path length.</param> /// <returns><c>null</c> if the certificate info does not allow to determine the CA status; /// otherwise, a boolean value indicating the CA status.</null></returns> private static bool?IsCA(Org.BouncyCastle.X509.X509Certificate certificate, out int certificationPathLength) { // If certificate version equal to 3 then the isCA property can be retrieved. if (certificate.Version == 3) { // A value of -1 indicates certificate is not a CA. // A value of Integer.MAX_VALUE indicates there is no limit on the allowed length of the certification path. certificationPathLength = certificate.GetBasicConstraints(); return(certificationPathLength != -1); } certificationPathLength = -1; return(null); }
internal static void ProcessAttrCert3( X509Certificate acIssuerCert, PkixParameters pkixParams) { if (acIssuerCert.GetKeyUsage() != null && (!acIssuerCert.GetKeyUsage()[0] && !acIssuerCert.GetKeyUsage()[1])) { throw new PkixCertPathValidatorException( "Attribute certificate issuer public key cannot be used to validate digital signatures."); } if (acIssuerCert.GetBasicConstraints() != -1) { throw new PkixCertPathValidatorException( "Attribute certificate issuer is also a public key certificate issuer."); } }