// This is a non-recursive chain/path building algorithm.
//
// At this stage we only checks for PartialChain, Cyclic and UntrustedRoot errors are they
// affect the path building (other errors are verification errors).
//
// Note that the order match the one we need to match MS and not the one defined in RFC3280,
// we also include the trusted root certificate (trust anchor in RFC3280) in the list.
// (this isn't an issue, just keep that in mind if you look at the source and the RFC)
private X509ChainStatusFlags BuildChainFrom(X509Certificate2 certificate)
{
elements.Add(certificate);
while (!IsChainComplete(certificate))
{
certificate = FindParent(certificate);
if (certificate == null)
{
return(X509ChainStatusFlags.PartialChain);
}
if (elements.Contains(certificate))
{
return(X509ChainStatusFlags.Cyclic);
}
elements.Add(certificate);
}
// roots may be supplied (e.g. in the ExtraStore) so we need to confirm their
// trustiness (what a cute word) in the trusted root collection
if (!Roots.Contains(certificate))
{
elements [elements.Count - 1].StatusFlags |= X509ChainStatusFlags.UntrustedRoot;
}
return(X509ChainStatusFlags.NoError);
}
private X509ChainStatusFlags BuildChainFrom(X509Certificate2 certificate)
{
elements.Add(certificate);
while (!IsChainComplete(certificate))
{
certificate = FindParent(certificate);
if (certificate == null)
{
return(X509ChainStatusFlags.PartialChain);
}
if (elements.Contains(certificate))
{
return(X509ChainStatusFlags.Cyclic);
}
elements.Add(certificate);
}
if (!Roots.Certificates.Contains(certificate))
{
elements[elements.Count - 1].StatusFlags |= X509ChainStatusFlags.UntrustedRoot;
}
return(X509ChainStatusFlags.NoError);
}