private static TlsAlertMessage GetAlertMessageFromChain(X509Chain chain)
{
foreach (X509ChainStatus chainStatus in chain.ChainStatus)
{
if (chainStatus.Status == X509ChainStatusFlags.NoError)
{
continue;
}
if ((chainStatus.Status &
(X509ChainStatusFlags.UntrustedRoot | X509ChainStatusFlags.PartialChain |
X509ChainStatusFlags.Cyclic)) != 0)
{
return TlsAlertMessage.UnknownCA;
}
if ((chainStatus.Status &
(X509ChainStatusFlags.Revoked | X509ChainStatusFlags.OfflineRevocation )) != 0)
{
return TlsAlertMessage.CertificateRevoked;
}
if ((chainStatus.Status &
(X509ChainStatusFlags.CtlNotTimeValid | X509ChainStatusFlags.NotTimeNested |
X509ChainStatusFlags.NotTimeValid)) != 0)
{
return TlsAlertMessage.CertificateExpired;
}
if ((chainStatus.Status & X509ChainStatusFlags.CtlNotValidForUsage) != 0)
{
return TlsAlertMessage.UnsupportedCert;
}
if ((chainStatus.Status &
(X509ChainStatusFlags.CtlNotSignatureValid | X509ChainStatusFlags.InvalidExtension |
X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.InvalidPolicyConstraints) |
X509ChainStatusFlags.NoIssuanceChainPolicy | X509ChainStatusFlags.NotValidForUsage) != 0)
{
return TlsAlertMessage.BadCertificate;
}
// All other errors:
return TlsAlertMessage.CertificateUnknown;
}
Debug.Fail("GetAlertMessageFromChain was called but none of the chain elements had errors.");
return TlsAlertMessage.BadCertificate;
}