public static DirectAgent CreateAgent(string domain, string certsBasePath)
{
MemoryX509Store privateCerts = LoadPrivateCerts(certsBasePath, false);
MemoryX509Store publicCerts = LoadPublicCerts(certsBasePath);
TrustAnchorResolver anchors = new TrustAnchorResolver(
(IX509CertificateStore)LoadIncomingAnchors(certsBasePath),
(IX509CertificateStore)LoadOutgoingAnchors(certsBasePath));
return(new DirectAgent(domain, privateCerts.CreateResolver(), publicCerts.CreateResolver(), anchors));
}
public TrustChainTests()
{
m_store = TestCertificates.ChainCertsStore.Clone();
m_resolver = m_store.CreateResolver();
m_validator = this.CreateValidator();
//
// Find the endcert and the root cert
// We'll trust the root cert, but the intermediaries are not trusted
//
m_endCerts = m_resolver.GetCertificates(new MailAddress("*****@*****.**"));
m_trustedAnchors = m_resolver.GetCertificatesForDomain("root.xyz");
}
public void TestInvalidTrustChain()
{
//
// We'll remove one of the intermediate certs so it will not resolve
// Then we should get validation failures
//
m_store.Remove("inter11.xyz");
m_validator.IssuerResolver = m_store.CreateResolver();
foreach (X509Certificate2 cert in m_endCerts)
{
Assert.False(m_validator.IsTrustedCertificate(cert, m_trustedAnchors));
}
}
public static DirectAgent CreateAgent(
IDomainResolver domain,
string certsBasePath,
ISmimeCryptographer cryptographer,
ICertPolicyResolvers certPolicyResolvers)
{
MemoryX509Store privateCerts = LoadPrivateCerts(certsBasePath, false);
MemoryX509Store publicCerts = LoadPublicCerts(certsBasePath);
TrustAnchorResolver anchors = new TrustAnchorResolver(
(IX509CertificateStore)LoadOutgoingAnchors(certsBasePath),
(IX509CertificateStore)LoadIncomingAnchors(certsBasePath));
return(new DirectAgent(
domain,
privateCerts.CreateResolver(),
publicCerts.CreateResolver(),
anchors,
TrustModel.Default,
cryptographer ?? SMIMECryptographer.Default,
certPolicyResolvers
));
}
