void FindSenderSignatures(IncomingMessage message)
{
message.SenderSignatures = null;
DirectAddress sender = message.Sender;
SignerInfoCollection allSigners = message.Signatures.SignerInfos;
MessageSignatureCollection senderSignatures = null;
bool match;
foreach (SignerInfo signer in allSigners)
{
bool isOrgCertificate = false;
match = signer.Certificate.MatchEmailNameOrName(sender.Address);
if (!match)
{
match = signer.Certificate.MatchDnsOrEmailOrName(sender.Host);
isOrgCertificate = match;
}
if (match)
{
senderSignatures = senderSignatures ?? new MessageSignatureCollection();
senderSignatures.Add(new MessageSignature(signer, isOrgCertificate));
}
}
message.SenderSignatures = senderSignatures;
}
MessageSignature FindTrustedSignature(IncomingMessage message, X509Certificate2Collection anchors)
{
DirectAddress sender = message.Sender;
MessageSignatureCollection signatures = message.SenderSignatures;
MessageSignature lastTrustedSignature = null;
foreach (MessageSignature signature in signatures)
{
if (m_certChainValidator.IsTrustedCertificate(signature.Certificate, anchors) && signature.CheckSignature())
{
if (!sender.HasCertificates)
{
// Can't really check thumbprints etc. So, this is about as good as its going to get
return(signature);
}
if (signature.CheckThumbprint(sender))
{
return(signature);
}
//
// We'll save this guy, but keep looking for a signer whose thumbprint we can verify
// If we can't find one, we'll use the last trusted signer we found.. and just mark the recipient's trust
// enforcement status as Success_ThumbprintMismatch
//
lastTrustedSignature = signature;
}
}
return(lastTrustedSignature);
}
