public Validate ( |
||
chain | ||
리턴 | void |
public virtual void Validate(X509Certificate2Collection chain)
{
X509Certificate2 certificate = chain[0];
try
{
Task.Run(async () =>
{
await InternalValidate(chain);
}).Wait();
lock (m_lock)
{
// add to list of validated certificates.
m_validatedCertificates[certificate.Thumbprint] = certificate;
}
}
catch (AggregateException ae)
{
foreach (ServiceResultException e in ae.InnerExceptions)
{
// check for errors that may be suppressed.
switch (e.StatusCode)
{
case StatusCodes.BadCertificateHostNameInvalid:
case StatusCodes.BadCertificateIssuerRevocationUnknown:
case StatusCodes.BadCertificateIssuerTimeInvalid:
case StatusCodes.BadCertificateIssuerUseNotAllowed:
case StatusCodes.BadCertificateRevocationUnknown:
case StatusCodes.BadCertificateTimeInvalid:
case StatusCodes.BadCertificateUriInvalid:
case StatusCodes.BadCertificateUseNotAllowed:
case StatusCodes.BadCertificateUntrusted:
{
Utils.Trace("Cert Validate failed: {0}", (StatusCode)e.StatusCode);
break;
}
default:
{
throw new ServiceResultException(e, StatusCodes.BadCertificateInvalid);
}
}
// invoke callback.
bool accept = false;
lock (m_callbackLock)
{
if (m_CertificateValidation != null)
{
CertificateValidationEventArgs args = new CertificateValidationEventArgs(new ServiceResult(e), certificate);
m_CertificateValidation(this, args);
accept = args.Accept;
}
}
// throw if rejected.
if (!accept)
{
// write the invalid certificate to a directory if specified.
lock (m_lock)
{
Utils.Trace((int)Utils.TraceMasks.Error, "Certificate '{0}' rejected. Reason={1}", certificate.Subject, (StatusCode)e.StatusCode);
if (m_rejectedCertificateStore != null)
{
Utils.Trace((int)Utils.TraceMasks.Error, "Writing rejected certificate to directory: {0}", m_rejectedCertificateStore);
SaveCertificate(certificate);
}
}
throw new ServiceResultException(e, StatusCodes.BadCertificateInvalid);
}
// add to list of peers.
lock (m_lock)
{
m_validatedCertificates[certificate.Thumbprint] = certificate;
}
}
}
}
CertificateValidator::Validate ( |
/// <summary> /// Validates a software certificate. /// </summary> public static ServiceResult Validate( CertificateValidator validator, byte[] signedCertificate, out SoftwareCertificate softwareCertificate) { softwareCertificate = null; // validate the certificate. X509Certificate2 certificate = null; try { certificate = CertificateFactory.Create(signedCertificate, true); validator.Validate(certificate); } catch (Exception e) { return ServiceResult.Create(e, StatusCodes.BadDecodingError, "Could not decode software certificate body."); } // find the software certficate. byte[] encodedData = null; foreach (X509Extension extension in certificate.Extensions) { if (extension.Oid.Value == "0.0.0.0.0") { encodedData = extension.RawData; break; } } if (encodedData == null) { return ServiceResult.Create(StatusCodes.BadCertificateInvalid, "Could not find extension containing the software certficate."); } try { MemoryStream istrm = new MemoryStream(encodedData, false); DataContractSerializer serializer = new DataContractSerializer(typeof(SoftwareCertificate)); softwareCertificate = (SoftwareCertificate)serializer.ReadObject(istrm); softwareCertificate.SignedCertificate = certificate; } catch (Exception e) { return ServiceResult.Create(e, StatusCodes.BadCertificateInvalid, "Certificate does not contain a valid SoftwareCertificate body."); } // certificate is valid. return ServiceResult.Good; }