/* public X509Certificate2 FindRootCertificate(X509Certificate2 serverX509Certificate2, IDictionary<string, X509Certificate2> rootCertificateDirectory)
* {
* bool rootCertificateFound = false;
* X509Certificate2 desiredRootX509Certificate2 = null;
* // Find the desired root certificate
* X509Chain x509Chain = new X509Chain();
* x509Chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
* x509Chain.Build(serverX509Certificate2);
*
* // Iterate though the chain, to validate if it contain a valid root vertificate
* X509ChainElementCollection x509ChainElementCollection = x509Chain.ChainElements;
* X509ChainElementEnumerator enumerator = x509ChainElementCollection.GetEnumerator();
* X509ChainElement x509ChainElement;
* X509Certificate2 x509Certificate2 = null;
* string x509CertificateThumbprint;
* // At this point, the certificate is not valid, until a
* // it is proved that it has a valid root certificate
* while (rootCertificateFound == false && enumerator.MoveNext())
* {
* x509ChainElement = enumerator.Current;
* x509Certificate2 = x509ChainElement.Certificate;
* x509CertificateThumbprint = x509Certificate2.Thumbprint.ToLowerInvariant();
* if (rootCertificateDirectory.ContainsKey(x509CertificateThumbprint))
* {
* // The current chain element is in the trusted rootCertificateDirectory
* rootCertificateFound = true;
*
* // now the loop will break, as we have found a trusted root certificate
* }
* }
*
* if (rootCertificateFound)
* {
* // root certificate is found
* desiredRootX509Certificate2 = x509Certificate2;
* }
*
* return desiredRootX509Certificate2;
* }*/
public List <string> GetAuthorityInformationAccessOcspUrl(X509Certificate2 x509Certificate2)
{
List <string> ocspUrls = new List <string>();
try
{
// DanID test code shows how to do it
Org.BouncyCastle.Asn1.X509.X509Extensions x509Extensions = this.GetX509Extensions(x509Certificate2);
Org.BouncyCastle.Asn1.X509.X509Extension x509Extension = x509Extensions.GetExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.AuthorityInfoAccess);
if (x509Extension == null)
{
// The desired info does not exist
// Meaning the certificate does not contain ocsp urls
}
else
{
Org.BouncyCastle.Asn1.X509.AuthorityInformationAccess authorityInformationAccess = Org.BouncyCastle.Asn1.X509.AuthorityInformationAccess.GetInstance(x509Extension.GetParsedValue());
Org.BouncyCastle.Asn1.X509.AccessDescription[] accessDescription = authorityInformationAccess.GetAccessDescriptions();
string ocspUrl = this.GetAccessDescriptionUrlForOid(AccessDescription.IdADOcsp, accessDescription);
ocspUrls.Add(ocspUrl);
}
}
catch (Exception e)
{
throw new Exception("Error parsing AIA.", e);
}
return(ocspUrls);
}