void ResolveIssuers(X509Certificate2 certificate, X509Certificate2Collection issuers, int chainLength) { // // only look at simpleNames because intermediates are always going to be org-level, not email, certs // string issuerName = certificate.GetNameInfo(X509NameType.SimpleName, true); // true == "for issuer" // // If the issuer name matches the Cert name, we have a self-signed cert // if (certificate.MatchName(issuerName)) { return; } // // If the issuer is already known, then we are good // if (issuers.FindByName(issuerName) != null) { return; } if (chainLength == m_maxIssuerChainLength) { // // Chain too long. Ignore... // return; } // // Retrieve the issuer's certificate // X509Certificate2Collection issuerCertificates = m_certResolver.SafeGetCertificates(certificate.ExtractEmailNameOrName(true)); if (CollectionExtensions.IsNullOrEmpty(issuerCertificates)) { return; } // // Recursively fetch the issuers who issued this set of certificates // foreach (X509Certificate2 issuerCertificate in issuerCertificates) { if (issuerCertificate.MatchName(issuerName) && !issuers.ContainsThumbprint(issuerCertificate.Thumbprint)) { // // New issuer // issuers.Add(issuerCertificate); // // And keep working up the chain // this.ResolveIssuers(issuerCertificate, issuers, chainLength + 1); } } }