/* public X509Certificate2 FindRootCertificate(X509Certificate2 serverX509Certificate2, IDictionary<string, X509Certificate2> rootCertificateDirectory) * { * bool rootCertificateFound = false; * X509Certificate2 desiredRootX509Certificate2 = null; * // Find the desired root certificate * X509Chain x509Chain = new X509Chain(); * x509Chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; * x509Chain.Build(serverX509Certificate2); * * // Iterate though the chain, to validate if it contain a valid root vertificate * X509ChainElementCollection x509ChainElementCollection = x509Chain.ChainElements; * X509ChainElementEnumerator enumerator = x509ChainElementCollection.GetEnumerator(); * X509ChainElement x509ChainElement; * X509Certificate2 x509Certificate2 = null; * string x509CertificateThumbprint; * // At this point, the certificate is not valid, until a * // it is proved that it has a valid root certificate * while (rootCertificateFound == false && enumerator.MoveNext()) * { * x509ChainElement = enumerator.Current; * x509Certificate2 = x509ChainElement.Certificate; * x509CertificateThumbprint = x509Certificate2.Thumbprint.ToLowerInvariant(); * if (rootCertificateDirectory.ContainsKey(x509CertificateThumbprint)) * { * // The current chain element is in the trusted rootCertificateDirectory * rootCertificateFound = true; * * // now the loop will break, as we have found a trusted root certificate * } * } * * if (rootCertificateFound) * { * // root certificate is found * desiredRootX509Certificate2 = x509Certificate2; * } * * return desiredRootX509Certificate2; * }*/ public List <string> GetAuthorityInformationAccessOcspUrl(X509Certificate2 x509Certificate2) { List <string> ocspUrls = new List <string>(); try { // DanID test code shows how to do it Org.BouncyCastle.Asn1.X509.X509Extensions x509Extensions = this.GetX509Extensions(x509Certificate2); Org.BouncyCastle.Asn1.X509.X509Extension x509Extension = x509Extensions.GetExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.AuthorityInfoAccess); if (x509Extension == null) { // The desired info does not exist // Meaning the certificate does not contain ocsp urls } else { Org.BouncyCastle.Asn1.X509.AuthorityInformationAccess authorityInformationAccess = Org.BouncyCastle.Asn1.X509.AuthorityInformationAccess.GetInstance(x509Extension.GetParsedValue()); Org.BouncyCastle.Asn1.X509.AccessDescription[] accessDescription = authorityInformationAccess.GetAccessDescriptions(); string ocspUrl = this.GetAccessDescriptionUrlForOid(AccessDescription.IdADOcsp, accessDescription); ocspUrls.Add(ocspUrl); } } catch (Exception e) { throw new Exception("Error parsing AIA.", e); } return(ocspUrls); }
public void SetExtensions(X509Extensions extensions) { this.extensions = extensions; if (extensions != null) { X509Extension extension = extensions.GetExtension(X509Extensions.SubjectAlternativeName); if (extension != null && extension.IsCritical) { altNamePresentAndCritical = true; } } }
public void SetExtensions( X509Extensions extensions) { this.extensions = extensions; if (extensions != null) { X509Extension altName = extensions.GetExtension(X509Extensions.SubjectAlternativeName); if (altName != null && altName.IsCritical) { altNamePresentAndCritical = true; } } }
public static X509Extension GetExtension(X509Extensions extensions, DerObjectIdentifier oid) { return(null == extensions ? null : extensions.GetExtension(oid)); }