/** * Build and validate a CertPath using the given parameter. * * @param params PKIXBuilderParameters object containing all information to * build the CertPath */ public virtual PkixCertPathBuilderResult Build( PkixBuilderParameters pkixParams) { // search target certificates IX509Selector certSelect = pkixParams.GetTargetCertConstraints(); if (!(certSelect is X509CertStoreSelector)) { throw new PkixCertPathBuilderException( "TargetConstraints must be an instance of " + typeof(X509CertStoreSelector).FullName + " for " + BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.GetTypeName(this) + " class."); } ISet targets = new HashSet(); try { targets.AddAll(PkixCertPathValidatorUtilities.FindCertificates((X509CertStoreSelector)certSelect, pkixParams.GetStores())); // TODO Should this include an entry for pkixParams.GetAdditionalStores() too? } catch (Exception e) { throw new PkixCertPathBuilderException( "Error finding target certificate.", e); } if (targets.IsEmpty) { throw new PkixCertPathBuilderException("No certificate found matching targetContraints."); } PkixCertPathBuilderResult result = null; IList certPathList = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateArrayList(); // check all potential target certificates foreach (X509Certificate cert in targets) { result = Build(cert, pkixParams, certPathList); if (result != null) { break; } } if (result == null && certPathException != null) { throw new PkixCertPathBuilderException(certPathException.Message, certPathException.InnerException); } if (result == null && certPathException == null) { throw new PkixCertPathBuilderException("Unable to find certificate chain."); } return(result); }