public virtual void Validate(X509Certificate2Collection chain)
{
X509Certificate2 certificate = chain[0];
try
{
Task.Run(async () =>
{
await InternalValidate(chain);
}).Wait();
lock (m_lock)
{
// add to list of validated certificates.
m_validatedCertificates[certificate.Thumbprint] = certificate;
}
}
catch (AggregateException ae)
{
foreach (ServiceResultException e in ae.InnerExceptions)
{
// check for errors that may be suppressed.
switch (e.StatusCode)
{
case StatusCodes.BadCertificateHostNameInvalid:
case StatusCodes.BadCertificateIssuerRevocationUnknown:
case StatusCodes.BadCertificateIssuerTimeInvalid:
case StatusCodes.BadCertificateIssuerUseNotAllowed:
case StatusCodes.BadCertificateRevocationUnknown:
case StatusCodes.BadCertificateTimeInvalid:
case StatusCodes.BadCertificateUriInvalid:
case StatusCodes.BadCertificateUseNotAllowed:
case StatusCodes.BadCertificateUntrusted:
{
Utils.Trace("Cert Validate failed: {0}", (StatusCode)e.StatusCode);
break;
}
default:
{
throw new ServiceResultException(e, StatusCodes.BadCertificateInvalid);
}
}
// invoke callback.
bool accept = false;
lock (m_callbackLock)
{
if (m_CertificateValidation != null)
{
CertificateValidationEventArgs args = new CertificateValidationEventArgs(new ServiceResult(e), certificate);
m_CertificateValidation(this, args);
accept = args.Accept;
}
}
// throw if rejected.
if (!accept)
{
// write the invalid certificate to a directory if specified.
lock (m_lock)
{
Utils.Trace((int)Utils.TraceMasks.Error, "Certificate '{0}' rejected. Reason={1}", certificate.Subject, (StatusCode)e.StatusCode);
if (m_rejectedCertificateStore != null)
{
Utils.Trace((int)Utils.TraceMasks.Error, "Writing rejected certificate to directory: {0}", m_rejectedCertificateStore);
SaveCertificate(certificate);
}
}
throw new ServiceResultException(e, StatusCodes.BadCertificateInvalid);
}
// add to list of peers.
lock (m_lock)
{
m_validatedCertificates[certificate.Thumbprint] = certificate;
}
}
}
}