void ValidateChain(X509Certificate2 cert, CacUser cacUser)
{
// **ALL** validation flags turned on
var validator = X509CertificateValidator.ChainTrust;
try
{
validator.Validate(cert);
}
catch (Exception e)
{
cacUser.ChainError = e.Message;
}
}
/// <summary>
/// Get a CacUser.
/// </summary>
/// <remarks>
/// Example usage:
/// https://github.com/kuujinbo/Mvc.NET/blob/master/src/kuujinbo.Mvc.NET.Examples/Controllers/CacUserController.cs
/// </remarks>
public virtual CacUser GetCacUser(HttpRequestBase request, bool validateChain = false)
{
X509Certificate2 cert = new X509Certificate2(GetCertificate(request));
var subjectName = cert.GetNameInfo(X509NameType.SimpleName, false);
var cacUser = CacUser.Create(subjectName);
cacUser.Subject = subjectName;
cacUser.Issuer = cert.Issuer;
cacUser.Email = cert.GetNameInfo(X509NameType.EmailName, false)
.ToLower();
if (validateChain)
{
ValidateChain(cert, cacUser);
}
return(cacUser);
}
