internal static List <ChainValidityStatus> ValidateCertificates(List <string> trustedCertificateList, List <string> certificateChainList, List <string> certificateList, bool checkCRL, int hashCodeForTracing, MailboxLogger mailboxLogger, bool againstADConfiguration, string organizationId) { X509Store trustedStore = CertificateManager.AddChainCertsToStore(trustedCertificateList, hashCodeForTracing); X509Store chainBuildStore = CertificateManager.AddChainCertsToStore(certificateChainList, hashCodeForTracing); List <ChainValidityStatus> list = new List <ChainValidityStatus>(certificateList.Count); foreach (string text in certificateList) { ChainContext chainContext = null; try { X509Certificate2 certificate = new X509Certificate2(Convert.FromBase64String(text)); ChainValidityStatus item = X509CertificateCollection.ValidateCertificate(certificate, null, X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.DigitalSignature, checkCRL, trustedStore, chainBuildStore, ref chainContext, againstADConfiguration, organizationId); list.Add(item); } catch (CryptographicException ex) { if (mailboxLogger != null) { mailboxLogger.SetData(MailboxLogDataName.ValidateCertCommand_ProcessCommand_Per_Cert_Exception, ex.ToString()); } AirSyncDiagnostics.TraceError <string, CryptographicException>(ExTraceGlobals.RequestTracer, null, "Failed to validate certificate: '{0}', Error: '{1}'", text, ex); list.Add((ChainValidityStatus)2148098052U); } finally { if (chainContext != null) { chainContext.Dispose(); } } } return(list); }
// Token: 0x06001C2B RID: 7211 RVA: 0x0006F6C0 File Offset: 0x0006D8C0 private X509ChainStatusFlags MapChainStatusToChainFlag(ChainValidityStatus status) { if (status <= (ChainValidityStatus)2148081683U) { switch (status) { case ChainValidityStatus.Valid: return(X509ChainStatusFlags.NoError); case ChainValidityStatus.ValidSelfSigned: return(X509ChainStatusFlags.NoError); case ChainValidityStatus.EmptyCertificate: return(X509ChainStatusFlags.PartialChain); case ChainValidityStatus.SubjectMismatch: return(X509ChainStatusFlags.InvalidNameConstraints); default: switch (status) { case (ChainValidityStatus)2148081680U: return(X509ChainStatusFlags.Revoked); case (ChainValidityStatus)2148081682U: return(X509ChainStatusFlags.RevocationStatusUnknown); case (ChainValidityStatus)2148081683U: return(X509ChainStatusFlags.OfflineRevocation); } break; } } else { if (status == (ChainValidityStatus)2148098052U) { return(X509ChainStatusFlags.NotSignatureValid); } if (status == (ChainValidityStatus)2148098073U) { return(X509ChainStatusFlags.InvalidBasicConstraints); } switch (status) { case (ChainValidityStatus)2148204801U: return(X509ChainStatusFlags.NotTimeValid); case (ChainValidityStatus)2148204802U: return(X509ChainStatusFlags.NotTimeNested); case (ChainValidityStatus)2148204803U: return(X509ChainStatusFlags.InvalidBasicConstraints); case (ChainValidityStatus)2148204806U: return(X509ChainStatusFlags.NotValidForUsage); case (ChainValidityStatus)2148204809U: return(X509ChainStatusFlags.UntrustedRoot); case (ChainValidityStatus)2148204810U: return(X509ChainStatusFlags.InvalidBasicConstraints); case (ChainValidityStatus)2148204812U: return(X509ChainStatusFlags.Revoked); case (ChainValidityStatus)2148204813U: return(X509ChainStatusFlags.UntrustedRoot); case (ChainValidityStatus)2148204814U: return(X509ChainStatusFlags.RevocationStatusUnknown); case (ChainValidityStatus)2148204815U: return(X509ChainStatusFlags.InvalidNameConstraints); case (ChainValidityStatus)2148204816U: return(X509ChainStatusFlags.NotValidForUsage); } } return(X509ChainStatusFlags.RevocationStatusUnknown); }
private void CheckCertificateChainAndCacheProps() { if (this.status != CertificateStatus.Unknown) { return; } if (!string.IsNullOrEmpty(this.CertificateRequest)) { this.status = CertificateStatus.PendingRequest; this.selfSigned = false; this.rootCAType = CertificateAuthorityType.Unknown; return; } this.privateKeyExportable = TlsCertificateInfo.IsCertificateExportable(this); ChainPolicyParameters options = new BaseChainPolicyParameters(ChainPolicyOptions.None); ChainMatchIssuer pkixKpServerAuth = AndChainMatchIssuer.PkixKpServerAuth; ChainBuildParameter parameter = new ChainBuildParameter(pkixKpServerAuth, TimeSpan.FromSeconds(30.0), false, TimeSpan.Zero); using (ChainEngine chainEngine = new ChainEngine()) { using (ChainContext chainContext = chainEngine.Build(this, ChainBuildOptions.CacheEndCert | ChainBuildOptions.RevocationCheckChainExcludeRoot | ChainBuildOptions.RevocationAccumulativeTimeout, parameter)) { if (chainContext == null) { this.status = CertificateStatus.Unknown; this.selfSigned = false; this.rootCAType = CertificateAuthorityType.Unknown; } else { this.selfSigned = chainContext.IsSelfSigned; if (chainContext.Status == TrustStatus.IsUntrustedRoot) { if (chainContext.IsSelfSigned) { this.status = CertificateStatus.Valid; this.rootCAType = CertificateAuthorityType.None; } else { this.status = CertificateStatus.Untrusted; this.rootCAType = CertificateAuthorityType.Unknown; } } else { ChainSummary chainSummary = chainContext.Validate(options); ChainValidityStatus chainValidityStatus = chainSummary.Status; if (chainValidityStatus <= (ChainValidityStatus)2148081683U) { if (chainValidityStatus == ChainValidityStatus.Valid) { this.status = CertificateStatus.Valid; goto IL_168; } switch (chainValidityStatus) { case (ChainValidityStatus)2148081682U: case (ChainValidityStatus)2148081683U: break; default: goto IL_15A; } } else { if (chainValidityStatus == (ChainValidityStatus)2148204801U) { this.status = CertificateStatus.DateInvalid; goto IL_168; } switch (chainValidityStatus) { case (ChainValidityStatus)2148204812U: this.status = CertificateStatus.Revoked; goto IL_168; case (ChainValidityStatus)2148204813U: goto IL_15A; case (ChainValidityStatus)2148204814U: break; default: goto IL_15A; } } this.status = CertificateStatus.RevocationCheckFailure; goto IL_168; IL_15A: this.status = CertificateStatus.Invalid; this.rootCAType = CertificateAuthorityType.Unknown; IL_168: if (this.status != CertificateStatus.Invalid) { X509Certificate2 rootCertificate = chainContext.RootCertificate; if (rootCertificate == null) { throw new InvalidOperationException("Root certificate was null!"); } this.rootCAType = ExchangeCertificate.RootSource(rootCertificate.Thumbprint); } } } } } }
// Token: 0x0600185E RID: 6238 RVA: 0x0008F0B8 File Offset: 0x0008D2B8 private string CheckStatus(ChainValidityStatus status) { if (status <= (ChainValidityStatus)2148081683U) { switch (status) { case ChainValidityStatus.Valid: case ChainValidityStatus.ValidSelfSigned: return("1"); case ChainValidityStatus.EmptyCertificate: return("10"); default: switch (status) { case (ChainValidityStatus)2148081680U: return("13"); case (ChainValidityStatus)2148081681U: goto IL_ED; case (ChainValidityStatus)2148081682U: break; case (ChainValidityStatus)2148081683U: return("14"); default: goto IL_ED; } break; } } else { if (status == (ChainValidityStatus)2148098052U) { return("3"); } switch (status) { case (ChainValidityStatus)2148204801U: return("7"); case (ChainValidityStatus)2148204802U: return("8"); case (ChainValidityStatus)2148204803U: return("11"); case (ChainValidityStatus)2148204804U: case (ChainValidityStatus)2148204805U: case (ChainValidityStatus)2148204807U: case (ChainValidityStatus)2148204808U: case (ChainValidityStatus)2148204811U: goto IL_ED; case (ChainValidityStatus)2148204806U: return("9"); case (ChainValidityStatus)2148204809U: case (ChainValidityStatus)2148204813U: return("4"); case (ChainValidityStatus)2148204810U: return("5"); case (ChainValidityStatus)2148204812U: return("15"); case (ChainValidityStatus)2148204814U: break; case (ChainValidityStatus)2148204815U: return("12"); case (ChainValidityStatus)2148204816U: return("6"); default: goto IL_ED; } } return("16"); IL_ED: AirSyncDiagnostics.TraceDebug <ChainValidityStatus>(ExTraceGlobals.RequestsTracer, this, "Unknown status: '{0}'", status); return("17"); }