/// <summary>
/// Resolve incoming public policies base on recipient
/// Any negative policy will retturn an uncompliant result.
/// No policies will result in compliance.
/// </summary>
/// <param name="recipient">Incoming messages are sent to the recipent</param>
/// <param name="cert">Signing cert</param>
/// <param name="policyFilter">The <see cref="IPolicyFilter"/> to use in validating certificate against policies</param>
public bool IsCertPolicyCompliant(MailAddress recipient, X509Certificate2 cert, IPolicyFilter policyFilter = null)
{
bool isCompliant = true;
// apply the policy if it exists
if (m_trustPolicyResolver != null)
{
IList <IPolicyExpression> expressions = m_trustPolicyResolver.GetIncomingPolicy(recipient);
foreach (var expression in expressions)
{
try
{
// check for compliance
if (policyFilter.IsCompliant(cert, expression))
{
continue;
}
isCompliant = false;
break;
}
catch (PolicyRequiredException)
{
isCompliant = false;
break;
}
catch (PolicyProcessException ppe)
{
throw new AgentException(AgentError.InvalidPolicy, ppe);
}
}
}
return(isCompliant);
}
bool FilterCertificateByPolicy(MailAddress address, X509Certificate2 cert, IPolicyResolver resolver, bool incoming)
{
if (cert == null || resolver == null)
{
return(true);
}
IList <IPolicyExpression> exressions = (incoming)
? resolver.GetIncomingPolicy(address)
: resolver.GetOutgoingPolicy(address);
try
{
var policyFilter = PolicyFilter.Default;
foreach (var expression in exressions)
{
if (!policyFilter.IsCompliant(cert, expression))
{
return(false);
}
}
}
catch (PolicyRequiredException) // certificate
{
return(false);
}
catch (PolicyProcessException processException)
{
throw new AgentException(AgentError.InvalidPolicy, processException);
}
return(true);
}
bool FilterCertificateByPolicy(MailAddress address, X509Certificate2 cert, IPolicyResolver resolver, bool incoming)
{
if (cert == null || resolver == null || m_policyFilter == null)
{
return true;
}
IList<IPolicyExpression> exressions = (incoming)
? resolver.GetIncomingPolicy(address)
: resolver.GetOutgoingPolicy(address);
try
{
foreach (var expression in exressions)
{
if (! m_policyFilter.IsCompliant(cert, expression))
{
return false;
}
}
}
catch (PolicyRequiredException) // certificate
{
return false;
}
catch (PolicyProcessException processException)
{
throw new AgentException(AgentError.InvalidPolicy, processException);
}
return true;
}
public virtual IList <IPolicyExpression> GetIncomingPolicy(MailAddress address)
{
return(m_incomingResolver.GetIncomingPolicy(address));
}