public async Task<X509Certificate2Collection> GetCertificates()
{
X509Certificate2Collection collection = new X509Certificate2Collection();
CertificateStoreIdentifier id = new CertificateStoreIdentifier();
id.StoreType = this.StoreType;
id.StorePath = this.StorePath;
if (!String.IsNullOrEmpty(id.StorePath))
{
try
{
ICertificateStore store = id.OpenStore();
try
{
collection = await store.Enumerate();
}
finally
{
store.Close();
}
}
catch (Exception)
{
Utils.Trace("Could not load certificates from store: {0}.", this.StorePath);
}
}
foreach (CertificateIdentifier trustedCertificate in TrustedCertificates)
{
X509Certificate2 certificate = await trustedCertificate.Find();
if (certificate != null)
{
collection.Add(certificate);
}
}
return collection;
}
/// <summary>
/// Returns the certificate information for a trusted issuer certificate.
/// </summary>
private CertificateIdentifier GetIssuer(
X509Certificate2 certificate,
CertificateIdentifierCollection explicitList,
CertificateStoreIdentifier certificateStore,
bool checkRecovationStatus)
{
string subjectName = certificate.IssuerName.Name;
string keyId = null;
string serialNumber = null;
// find the authority key identifier.
X509AuthorityKeyIdentifierExtension authority = FindAuthorityKeyIdentifier(certificate);
if (authority != null)
{
keyId = authority.KeyId;
serialNumber = authority.SerialNumber;
}
// check in explicit list.
if (explicitList != null)
{
for (int ii = 0; ii < explicitList.Count; ii++)
{
X509Certificate2 issuer = explicitList[ii].Find(false);
if (issuer != null)
{
if (!IsIssuerAllowed(issuer))
{
continue;
}
if (Match(issuer, subjectName, serialNumber, keyId))
{
// can't check revocation.
return new CertificateIdentifier(issuer, CertificateValidationOptions.SuppressRevocationStatusUnknown);
}
}
}
}
// check in certificate store.
if (certificateStore != null)
{
ICertificateStore store = certificateStore.OpenStore();
try
{
X509Certificate2Collection certificates = store.Enumerate();
for (int ii = 0; ii < certificates.Count; ii++)
{
X509Certificate2 issuer = certificates[ii];
if (issuer != null)
{
if (!IsIssuerAllowed(issuer))
{
continue;
}
if (Match(issuer, subjectName, serialNumber, keyId))
{
CertificateValidationOptions options = certificateStore.ValidationOptions;
// already checked revocation for file based stores. windows based stores always suppress.
options |= CertificateValidationOptions.SuppressRevocationStatusUnknown;
if (checkRecovationStatus)
{
StatusCode status = store.IsRevoked(issuer, certificate);
if (StatusCode.IsBad(status))
{
if (status != StatusCodes.BadNotSupported && status != StatusCodes.BadCertificateRevocationUnknown)
{
throw new ServiceResultException(status);
}
}
}
return new CertificateIdentifier(certificates[ii], options);
}
}
}
}
finally
{
store.Close();
}
}
// not a trusted issuer.
return null;
}
/// <summary>
/// Adds an application certificate to a store.
/// </summary>
private static void AddApplicationCertificateToStore(
CertificateStoreIdentifier csid,
X509Certificate2 certificate,
string oldThumbprint)
{
ICertificateStore store = csid.OpenStore();
try
{
// delete the old certificate.
if (oldThumbprint != null)
{
store.Delete(oldThumbprint);
}
// delete certificates with the same application uri.
if (store.FindByThumbprint(certificate.Thumbprint) == null)
{
string applicationUri = Utils.GetApplicationUriFromCertficate(certificate);
// delete any existing certificates.
foreach (X509Certificate2 target in store.Enumerate())
{
if (Utils.CompareDistinguishedName(target.Subject, certificate.Subject))
{
if (Utils.GetApplicationUriFromCertficate(target) == applicationUri)
{
store.Delete(target.Thumbprint);
}
}
}
// add new certificate.
store.Add(new X509Certificate2(certificate.RawData));
}
}
finally
{
store.Close();
}
}
/// <summary>
/// Adds an application certificate to a store.
/// </summary>
private static void AddIssuerCertificatesToStore(CertificateStoreIdentifier csid, IList<X509Certificate2> issuers)
{
ICertificateStore store = csid.OpenStore();
try
{
foreach (X509Certificate2 issuer in issuers)
{
if (store.FindByThumbprint(issuer.Thumbprint) == null)
{
store.Add(issuer);
}
}
}
finally
{
store.Close();
}
}
/// <summary>
/// Returns the certificate information for a trusted issuer certificate.
/// </summary>
private async Task <CertificateIdentifier> GetIssuer(
X509Certificate2 certificate,
CertificateIdentifierCollection explicitList,
CertificateStoreIdentifier certificateStore,
bool checkRecovationStatus)
{
string subjectName = certificate.IssuerName.Name;
string keyId = null;
string serialNumber = null;
// find the authority key identifier.
X509AuthorityKeyIdentifierExtension authority = FindAuthorityKeyIdentifier(certificate);
if (authority != null)
{
keyId = authority.KeyId;
serialNumber = authority.SerialNumber;
}
// check in explicit list.
if (explicitList != null)
{
for (int ii = 0; ii < explicitList.Count; ii++)
{
X509Certificate2 issuer = await explicitList[ii].Find(false);
if (issuer != null)
{
if (!IsIssuerAllowed(issuer))
{
continue;
}
if (Match(issuer, subjectName, serialNumber, keyId))
{
// can't check revocation.
return(new CertificateIdentifier(issuer, CertificateValidationOptions.SuppressRevocationStatusUnknown));
}
}
}
}
// check in certificate store.
if (certificateStore != null)
{
ICertificateStore store = certificateStore.OpenStore();
try
{
X509Certificate2Collection certificates = await store.Enumerate();
for (int ii = 0; ii < certificates.Count; ii++)
{
X509Certificate2 issuer = certificates[ii];
if (issuer != null)
{
if (!IsIssuerAllowed(issuer))
{
continue;
}
if (Match(issuer, subjectName, serialNumber, keyId))
{
CertificateValidationOptions options = certificateStore.ValidationOptions;
// already checked revocation for file based stores. windows based stores always suppress.
options |= CertificateValidationOptions.SuppressRevocationStatusUnknown;
if (checkRecovationStatus)
{
StatusCode status = store.IsRevoked(issuer, certificate);
if (StatusCode.IsBad(status))
{
if (status != StatusCodes.BadNotSupported && status != StatusCodes.BadCertificateRevocationUnknown)
{
throw new ServiceResultException(status);
}
}
}
return(new CertificateIdentifier(certificates[ii], options));
}
}
}
}
finally
{
store.Close();
}
}
// not a trusted issuer.
return(null);
}
