internal static ExchangeCertificateValidity ValidateExchangeCertificate(X509Certificate2 cert, bool ignoreAccessible) { if (cert == null) { throw new ArgumentNullException("cert"); } if (!cert.HasPrivateKey) { return(ExchangeCertificateValidity.PrivateKeyMissing); } string keyAlgorithm = cert.GetKeyAlgorithm(); bool flag = string.Equals(keyAlgorithm, WellKnownOid.X957Sha1Dsa.Value, StringComparison.OrdinalIgnoreCase); if (!string.Equals(keyAlgorithm, WellKnownOid.RsaRsa.Value, StringComparison.OrdinalIgnoreCase) && !flag) { return(ExchangeCertificateValidity.KeyAlgorithmUnsupported); } foreach (X509Extension x509Extension in cert.Extensions) { try { X509KeyUsageExtension x509KeyUsageExtension = x509Extension as X509KeyUsageExtension; if (x509KeyUsageExtension != null) { X509KeyUsageFlags keyUsages = x509KeyUsageExtension.KeyUsages; bool flag2 = false; if (keyUsages == X509KeyUsageFlags.None) { flag2 = true; } else if ((keyUsages & (X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.DigitalSignature)) != X509KeyUsageFlags.None) { flag2 = true; } if (!flag2) { return(ExchangeCertificateValidity.SigningNotSupported); } } } catch (CryptographicException) { return(ExchangeCertificateValidity.KeyUsageCorrupted); } try { X509EnhancedKeyUsageExtension x509EnhancedKeyUsageExtension = x509Extension as X509EnhancedKeyUsageExtension; if (x509EnhancedKeyUsageExtension != null && x509EnhancedKeyUsageExtension.EnhancedKeyUsages.Count > 0 && x509EnhancedKeyUsageExtension.EnhancedKeyUsages[WellKnownOid.PkixKpServerAuth.Value] == null) { return(ExchangeCertificateValidity.PkixKpServerAuthNotFoundInEnhancedKeyUsage); } } catch (CryptographicException) { return(ExchangeCertificateValidity.EnhancedKeyUsageCorrupted); } } if (TlsCertificateInfo.IsCNGProvider(cert)) { return(ManageExchangeCertificate.CheckCNGSettings(cert)); } AsymmetricAlgorithm privateKey; try { privateKey = cert.PrivateKey; } catch (CryptographicException) { return(ExchangeCertificateValidity.PrivateKeyNotAccessible); } ICspAsymmetricAlgorithm cspAsymmetricAlgorithm = privateKey as ICspAsymmetricAlgorithm; if (cspAsymmetricAlgorithm == null) { return(ExchangeCertificateValidity.PrivateKeyUnsupportedAlgorithm); } CspKeyContainerInfo cspKeyContainerInfo = cspAsymmetricAlgorithm.CspKeyContainerInfo; if (cspKeyContainerInfo.Protected) { return(ExchangeCertificateValidity.CspKeyContainerInfoProtected); } if (cspKeyContainerInfo.HardwareDevice && cspKeyContainerInfo.Removable) { return(ExchangeCertificateValidity.CspKeyContainerInfoRemovableDevice); } if (!ignoreAccessible && !cspKeyContainerInfo.Accessible) { return(ExchangeCertificateValidity.CspKeyContainerInfoNotAccessible); } switch (cspKeyContainerInfo.KeyNumber) { case KeyNumber.Exchange: case KeyNumber.Signature: { AsymmetricAlgorithm key = cert.PublicKey.Key; if (key.KeySize < 1024) { return(ExchangeCertificateValidity.PublicKeyUnsupportedSize); } return(ExchangeCertificateValidity.Valid); } default: return(ExchangeCertificateValidity.CspKeyContainerInfoUnknownKeyNumber); } }