|
public Validate ( |
||
| chain | ||
| return | void | |
public virtual void Validate(X509Certificate2Collection chain)
{
X509Certificate2 certificate = chain[0];
try
{
Task.Run(async () =>
{
await InternalValidate(chain);
}).Wait();
lock (m_lock)
{
// add to list of validated certificates.
m_validatedCertificates[certificate.Thumbprint] = certificate;
}
}
catch (AggregateException ae)
{
foreach (ServiceResultException e in ae.InnerExceptions)
{
// check for errors that may be suppressed.
switch (e.StatusCode)
{
case StatusCodes.BadCertificateHostNameInvalid:
case StatusCodes.BadCertificateIssuerRevocationUnknown:
case StatusCodes.BadCertificateIssuerTimeInvalid:
case StatusCodes.BadCertificateIssuerUseNotAllowed:
case StatusCodes.BadCertificateRevocationUnknown:
case StatusCodes.BadCertificateTimeInvalid:
case StatusCodes.BadCertificateUriInvalid:
case StatusCodes.BadCertificateUseNotAllowed:
case StatusCodes.BadCertificateUntrusted:
{
Utils.Trace("Cert Validate failed: {0}", (StatusCode)e.StatusCode);
break;
}
default:
{
throw new ServiceResultException(e, StatusCodes.BadCertificateInvalid);
}
}
// invoke callback.
bool accept = false;
lock (m_callbackLock)
{
if (m_CertificateValidation != null)
{
CertificateValidationEventArgs args = new CertificateValidationEventArgs(new ServiceResult(e), certificate);
m_CertificateValidation(this, args);
accept = args.Accept;
}
}
// throw if rejected.
if (!accept)
{
// write the invalid certificate to a directory if specified.
lock (m_lock)
{
Utils.Trace((int)Utils.TraceMasks.Error, "Certificate '{0}' rejected. Reason={1}", certificate.Subject, (StatusCode)e.StatusCode);
if (m_rejectedCertificateStore != null)
{
Utils.Trace((int)Utils.TraceMasks.Error, "Writing rejected certificate to directory: {0}", m_rejectedCertificateStore);
SaveCertificate(certificate);
}
}
throw new ServiceResultException(e, StatusCodes.BadCertificateInvalid);
}
// add to list of peers.
lock (m_lock)
{
m_validatedCertificates[certificate.Thumbprint] = certificate;
}
}
}
}
|
CertificateValidator::Validate ( |
/// <summary>
/// Validates a software certificate.
/// </summary>
public static ServiceResult Validate(
CertificateValidator validator,
byte[] signedCertificate,
out SoftwareCertificate softwareCertificate)
{
softwareCertificate = null;
// validate the certificate.
X509Certificate2 certificate = null;
try
{
certificate = CertificateFactory.Create(signedCertificate, true);
validator.Validate(certificate);
}
catch (Exception e)
{
return ServiceResult.Create(e, StatusCodes.BadDecodingError, "Could not decode software certificate body.");
}
// find the software certficate.
byte[] encodedData = null;
foreach (X509Extension extension in certificate.Extensions)
{
if (extension.Oid.Value == "0.0.0.0.0")
{
encodedData = extension.RawData;
break;
}
}
if (encodedData == null)
{
return ServiceResult.Create(StatusCodes.BadCertificateInvalid, "Could not find extension containing the software certficate.");
}
try
{
MemoryStream istrm = new MemoryStream(encodedData, false);
DataContractSerializer serializer = new DataContractSerializer(typeof(SoftwareCertificate));
softwareCertificate = (SoftwareCertificate)serializer.ReadObject(istrm);
softwareCertificate.SignedCertificate = certificate;
}
catch (Exception e)
{
return ServiceResult.Create(e, StatusCodes.BadCertificateInvalid, "Certificate does not contain a valid SoftwareCertificate body.");
}
// certificate is valid.
return ServiceResult.Good;
}
