internal static ExchangeCertificateValidity ValidateExchangeCertificate(X509Certificate2 cert, bool ignoreAccessible)
{
if (cert == null)
{
throw new ArgumentNullException("cert");
}
if (!cert.HasPrivateKey)
{
return(ExchangeCertificateValidity.PrivateKeyMissing);
}
string keyAlgorithm = cert.GetKeyAlgorithm();
bool flag = string.Equals(keyAlgorithm, WellKnownOid.X957Sha1Dsa.Value, StringComparison.OrdinalIgnoreCase);
if (!string.Equals(keyAlgorithm, WellKnownOid.RsaRsa.Value, StringComparison.OrdinalIgnoreCase) && !flag)
{
return(ExchangeCertificateValidity.KeyAlgorithmUnsupported);
}
foreach (X509Extension x509Extension in cert.Extensions)
{
try
{
X509KeyUsageExtension x509KeyUsageExtension = x509Extension as X509KeyUsageExtension;
if (x509KeyUsageExtension != null)
{
X509KeyUsageFlags keyUsages = x509KeyUsageExtension.KeyUsages;
bool flag2 = false;
if (keyUsages == X509KeyUsageFlags.None)
{
flag2 = true;
}
else if ((keyUsages & (X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.DigitalSignature)) != X509KeyUsageFlags.None)
{
flag2 = true;
}
if (!flag2)
{
return(ExchangeCertificateValidity.SigningNotSupported);
}
}
}
catch (CryptographicException)
{
return(ExchangeCertificateValidity.KeyUsageCorrupted);
}
try
{
X509EnhancedKeyUsageExtension x509EnhancedKeyUsageExtension = x509Extension as X509EnhancedKeyUsageExtension;
if (x509EnhancedKeyUsageExtension != null && x509EnhancedKeyUsageExtension.EnhancedKeyUsages.Count > 0 && x509EnhancedKeyUsageExtension.EnhancedKeyUsages[WellKnownOid.PkixKpServerAuth.Value] == null)
{
return(ExchangeCertificateValidity.PkixKpServerAuthNotFoundInEnhancedKeyUsage);
}
}
catch (CryptographicException)
{
return(ExchangeCertificateValidity.EnhancedKeyUsageCorrupted);
}
}
if (TlsCertificateInfo.IsCNGProvider(cert))
{
return(ManageExchangeCertificate.CheckCNGSettings(cert));
}
AsymmetricAlgorithm privateKey;
try
{
privateKey = cert.PrivateKey;
}
catch (CryptographicException)
{
return(ExchangeCertificateValidity.PrivateKeyNotAccessible);
}
ICspAsymmetricAlgorithm cspAsymmetricAlgorithm = privateKey as ICspAsymmetricAlgorithm;
if (cspAsymmetricAlgorithm == null)
{
return(ExchangeCertificateValidity.PrivateKeyUnsupportedAlgorithm);
}
CspKeyContainerInfo cspKeyContainerInfo = cspAsymmetricAlgorithm.CspKeyContainerInfo;
if (cspKeyContainerInfo.Protected)
{
return(ExchangeCertificateValidity.CspKeyContainerInfoProtected);
}
if (cspKeyContainerInfo.HardwareDevice && cspKeyContainerInfo.Removable)
{
return(ExchangeCertificateValidity.CspKeyContainerInfoRemovableDevice);
}
if (!ignoreAccessible && !cspKeyContainerInfo.Accessible)
{
return(ExchangeCertificateValidity.CspKeyContainerInfoNotAccessible);
}
switch (cspKeyContainerInfo.KeyNumber)
{
case KeyNumber.Exchange:
case KeyNumber.Signature:
{
AsymmetricAlgorithm key = cert.PublicKey.Key;
if (key.KeySize < 1024)
{
return(ExchangeCertificateValidity.PublicKeyUnsupportedSize);
}
return(ExchangeCertificateValidity.Valid);
}
default:
return(ExchangeCertificateValidity.CspKeyContainerInfoUnknownKeyNumber);
}
}
