void FindSenderSignatures(IncomingMessage message) { message.SenderSignatures = null; DirectAddress sender = message.Sender; SignerInfoCollection allSigners = message.Signatures.SignerInfos; MessageSignatureCollection senderSignatures = null; bool match; foreach (SignerInfo signer in allSigners) { bool isOrgCertificate = false; match = signer.Certificate.MatchEmailNameOrName(sender.Address); if (!match) { match = signer.Certificate.MatchDnsOrEmailOrName(sender.Host); isOrgCertificate = match; } if (match) { senderSignatures = senderSignatures ?? new MessageSignatureCollection(); senderSignatures.Add(new MessageSignature(signer, isOrgCertificate)); } } message.SenderSignatures = senderSignatures; }
MessageSignature FindTrustedSignature(IncomingMessage message, X509Certificate2Collection anchors) { DirectAddress sender = message.Sender; MessageSignatureCollection signatures = message.SenderSignatures; MessageSignature lastTrustedSignature = null; foreach (MessageSignature signature in signatures) { if (m_certChainValidator.IsTrustedCertificate(signature.Certificate, anchors) && signature.CheckSignature()) { if (!sender.HasCertificates) { // Can't really check thumbprints etc. So, this is about as good as its going to get return(signature); } if (signature.CheckThumbprint(sender)) { return(signature); } // // We'll save this guy, but keep looking for a signer whose thumbprint we can verify // If we can't find one, we'll use the last trusted signer we found.. and just mark the recipient's trust // enforcement status as Success_ThumbprintMismatch // lastTrustedSignature = signature; } } return(lastTrustedSignature); }