/// <summary>
/// Sets the certificate type
/// </summary>
/// <param name="certificate">The certificate to check</param>
/// <param name="result">The result object to store the result</param>
private void CheckCertificateType(X509Certificate2 certificate, CertificateCheckResult result)
{
try {
result.CertificateType = GetCertificateType(certificate);
} catch (ArgumentNullException) {
throw;
} catch (CryptographicUnexpectedOperationException) {
throw;
} catch (CryptographicException) {
throw;
} catch (CheckCertificateTypeUnexpectedException) {
throw;
} catch (Exception) {
throw;
}
}
/// <summary>
/// Checks if the rootcertificate is valid
/// </summary>
/// <param name="root">The rootcertificate to check</param>
/// <param name="result">The object to store the result of the check</param>
/// <exception cref="CheckRootCertificateValidUnexpectedException">This exception is thrown, if an unexpected exception is thrown during the method</exception>
private void CheckRootCertificateValidation(X509Certificate2 root, CertificateCheckResult result)
{
try {
if (root.NotAfter.CompareTo(DateTime.Now) > 0 ||
root.NotAfter.CompareTo(DateTime.Now) == 0)
{
result.RootCertificateValid = true;
}
} catch (ArgumentNullException) {
throw;
} catch (CryptographicUnexpectedOperationException) {
throw;
} catch (CryptographicException) {
throw;
} catch (Exception e) {
throw new CheckRootCertificateValidUnexpectedException(e);
}
}
/// <summary>
/// Performs a certificate chain validation
/// </summary>
/// <param name="certificate">the certificate to validate</param>
/// <param name="result">the object to store the result</param>
/// <exception cref="CheckCertificateChainUnexpectedException">This exception is thrown, if an unexpected exception is thrown during the method</exception>
private void CheckCertificateChain(X509Certificate2 certificate, CertificateCheckResult result)
{
try {
CertificateValidator.ValidateCertificate(certificate, _defaultOCESrootCertificate);
result.RootCertificateAsRoot = true;
result.CertificateActivated = true;
result.CertificateValid = true;
} catch (CertificateFailedChainValidationException) {
result.RootCertificateAsRoot = false;
} catch (CertificateNotActiveException) {
result.CertificateActivated = false;
} catch (CertificateExpiredException) {
result.CertificateValid = false;
} catch (ArgumentNullException) {
throw;
} catch (CryptographicUnexpectedOperationException) {
throw;
} catch (CryptographicException) {
throw;
} catch (Exception e) {
throw new CheckCertificateChainUnexpectedException(e);
}
}
/// <summary>
/// Checks a certificate, with default rootcertificate.
/// All fields of the CertificateCheckResult structure are initialized as "false".
/// Certificate checking may end before all checks have been performed, if individual
/// checks fail. In that case, only the fields of the CertificateCheckResult structure that
/// corresponds to checks already performed are valid.
/// </summary>
/// <param name="certificate">certificate to check</param>
/// <param name="rootCertificate">a given rootcertificate</param>
/// <returns>The object that contains the result. Note that all fields of the CertificateCheckResult
/// structure are initialized as "false". Certificate checking may end before all checks have
/// been performed, if individual checks fail. In that case, only the fields of the
/// CertificateCheckResult structure that
/// corresponds to checks already performed are valid.</returns>
public CertificateCheckResult CheckCertificate(X509Certificate2 certificate, X509Certificate2 rootCertificate)
{
CertificateCheckResult result = new CertificateCheckResult();
try {
//1. that the certificate has the default rootcertificate as root.
// Also checks that the cert is not expired or not yet activated.
CheckCertificateChain(certificate, result);
if (!result.CertificateActivated ||
!result.CertificateValid ||
!result.RootCertificateAsRoot
)
{
result.AllTestsPassed = false;
return(result);
}
//2. that the rootcertificate is not expired or not activated
if (rootCertificate == null)
{
CheckRootCertificateValidation(_defaultOCESrootCertificate, result);
CheckRootCertificateActivated(_defaultOCESrootCertificate, result);
}
else
{
CheckRootCertificateValidation(rootCertificate, result);
CheckRootCertificateActivated(rootCertificate, result);
}
if (!result.RootCertificateValid || !result.RootCertificateActivated)
{
result.AllTestsPassed = false;
return(result);
}
//4. check if the certificate is revoked async
RevocationResponse response = CheckCertificateRevocation(certificate);
if (!response.IsValid)
{
result.AllTestsPassed = false;
result.CertificateRevoked = true;
return(result);
}
//5. check certificatetype
CheckCertificateType(certificate, result);
if (result.CertificateActivated && !result.CertificateRevoked && result.CertificateValid &&
result.RootCertificateActivated && result.RootCertificateAsRoot && result.RootCertificateValid)
{
result.AllTestsPassed = true;
}
} catch (ArgumentNullException) {
throw;
} catch (OverflowException) {
throw;
} catch (FormatException) {
throw;
} catch (CryptographicUnexpectedOperationException) {
throw;
} catch (CryptographicException) {
throw;
} catch (CheckCertificateOcspUnexpectedException) {
throw;
} catch (CertificateRevokedTimeoutException) {
throw;
} catch (Exception) {
throw;
}
return(result);
}
