/// <summary>
/// Search the given Set of TrustAnchor's for one that is the
/// issuer of the given X509 certificate.
/// </summary>
/// <param name="cert">the X509 certificate</param>
/// <param name="trustAnchors">a Set of TrustAnchor's</param>
/// <returns>the <code>TrustAnchor</code> object if found or
/// <code>null</code> if not.
/// </returns>
/// @exception
internal static TrustAnchor FindTrustAnchor(
X509Certificate cert,
ISet trustAnchors)
{
IEnumerator iter = trustAnchors.GetEnumerator();
TrustAnchor trust = null;
AsymmetricKeyParameter trustPublicKey = null;
Exception invalidKeyEx = null;
X509CertStoreSelector certSelectX509 = new X509CertStoreSelector();
try
{
certSelectX509.Subject = GetIssuerPrincipal(cert);
}
catch (IOException ex)
{
throw new Exception("Cannot set subject search criteria for trust anchor.", ex);
}
while (iter.MoveNext() && trust == null)
{
trust = (TrustAnchor) iter.Current;
if (trust.TrustedCert != null)
{
if (certSelectX509.Match(trust.TrustedCert))
{
trustPublicKey = trust.TrustedCert.GetPublicKey();
}
else
{
trust = null;
}
}
else if (trust.CAName != null && trust.CAPublicKey != null)
{
try
{
X509Name certIssuer = GetIssuerPrincipal(cert);
X509Name caName = new X509Name(trust.CAName);
if (certIssuer.Equivalent(caName, true))
{
trustPublicKey = trust.CAPublicKey;
}
else
{
trust = null;
}
}
catch (InvalidParameterException)
{
trust = null;
}
}
else
{
trust = null;
}
if (trustPublicKey != null)
{
try
{
cert.Verify(trustPublicKey);
}
catch (Exception ex)
{
invalidKeyEx = ex;
trust = null;
}
}
}
if (trust == null && invalidKeyEx != null)
{
throw new Exception("TrustAnchor found but certificate validation failed.", invalidKeyEx);
}
return trust;
}
