本文整理汇总了C#中System.Security.Cryptography.X509Certificates.X509Chain.Build方法的典型用法代码示例。如果您正苦于以下问题:C# X509Chain.Build方法的具体用法?C# X509Chain.Build怎么用?C# X509Chain.Build使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类System.Security.Cryptography.X509Certificates.X509Chain的用法示例。
在下文中一共展示了X509Chain.Build方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: CheckValidationResult
public bool CheckValidationResult(ServicePoint sp, X509Certificate cert,
WebRequest request, int problem)
{
var validationResult = true;
if (IssuerName != "[email protected]==")
if (!cert.Issuer.ToUpper().Contains(IssuerName.ToUpper().Trim())) return false;
var chain = new X509Chain();
chain.Build(new X509Certificate2(cert));
foreach (X509ChainElement e in chain.ChainElements)
{
foreach (X509ChainStatus s in e.ChainElementStatus)
{
if (((X509ChainStatusFlags.Revoked | X509ChainStatusFlags.NotTimeValid
| X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.InvalidExtension
| X509ChainStatusFlags.NotValidForUsage | X509ChainStatusFlags.Cyclic) & s.Status) == s.Status)
{
validationResult = false;
}
}
}
return validationResult;
}示例2: TestCertificates
private static void TestCertificates()
{
// Load certificate from cert store (user/computer store = MY = Personal)
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
foreach (var cert in store.Certificates)
{
// validate certificates
var chain = new X509Chain();
var policy = new X509ChainPolicy
{
RevocationFlag = X509RevocationFlag.EntireChain,
RevocationMode = X509RevocationMode.Online,
UrlRetrievalTimeout = TimeSpan.FromMilliseconds(10000)
};
chain.ChainPolicy = policy;
if (!chain.Build(cert))
{
// do some work
}
Console.WriteLine(cert.FriendlyName);
}
store.Close();
}示例3: DefaultValues
[Ignore ("not up to date")] // X509Chain
public void DefaultValues ()
{
X509Chain chain = new X509Chain ();
chain.Build (cert);
Assert.IsTrue (chain.ChainElements.Count > 1, "#0");
ClaimSet cs = new X509CertificateClaimSet (cert);
ClaimSet ident = cs.Issuer;
X509CertificateClaimSet x509is = ident as X509CertificateClaimSet;
Assert.IsNotNull (x509is, "#0-2");
Assert.AreEqual (chain.ChainElements [1].Certificate, x509is.X509Certificate, "#0-3");
Assert.AreEqual (6, cs.Count, "#1");
Assert.AreEqual (6, ident.Issuer.Count, "#2");
Assert.IsFalse (cs.ContainsClaim (Claim.System), "#3");
List<string> d = new List<string> ();
foreach (Claim c in cs) {
if (c.ClaimType != ClaimTypes.Thumbprint)
Assert.AreEqual (Rights.PossessProperty, c.Right, "#4");
d.Add (c.ClaimType);
}
Assert.IsTrue (d.Contains (ClaimTypes.X500DistinguishedName), "#5");
Assert.IsTrue (d.Contains (ClaimTypes.Thumbprint), "#6");
Assert.IsTrue (d.Contains (ClaimTypes.Dns), "#7");
Assert.IsTrue (d.Contains (ClaimTypes.Rsa), "#8");
Assert.IsTrue (d.Contains (ClaimTypes.Name), "#9");
}示例4: SelfSignedTest
public void SelfSignedTest()
{
var chain = new X509Chain();
var trusted = new X509Certificate2Collection();
Assert.IsFalse(chain.Build(Certificates.SelfSigned));
Assert.IsFalse(chain.VerifyWithExtraRoots(Certificates.SelfSigned, trusted));
trusted.Add(Certificates.SelfSigned);
Assert.IsTrue(chain.VerifyWithExtraRoots(Certificates.SelfSigned, trusted));
Assert.IsFalse(chain.Build(Certificates.SelfSigned));
trusted.Clear();
Assert.IsFalse(chain.VerifyWithExtraRoots(Certificates.SelfSigned, trusted));
Assert.IsFalse(chain.Build(Certificates.SelfSigned));
}示例5: Main
private static void Main(string[] args)
{
// load certificate from cert store (user/computer store = MY = Personal)
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
// ... do work
foreach (var cert in store.Certificates)
{
// validate certificates
var chain = new X509Chain();
var policy = new X509ChainPolicy
{
RevocationFlag = X509RevocationFlag.EntireChain,
RevocationMode = X509RevocationMode.Online,
UrlRetrievalTimeout = TimeSpan.FromMilliseconds(10000)
};
chain.ChainPolicy = policy;
if (!chain.Build(cert))
{
// do some work
}
// validation - special class to validate cert
var validator = X509CertificateValidator.ChainTrust;
validator.Validate(cert);
Console.WriteLine(cert.FriendlyName);
}
store.Close();
}示例6: GetCertificateChain
public X509Certificate[] GetCertificateChain()
{
var list = new List<X509Certificate>();
var chain = new SystemX509.X509Chain();
chain.ChainPolicy.RevocationFlag = SystemX509.X509RevocationFlag.EntireChain;
chain.ChainPolicy.RevocationMode = SystemX509.X509RevocationMode.Online;
chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 30);
chain.ChainPolicy.VerificationFlags = SystemX509.X509VerificationFlags.NoFlag;
if (chain.Build(this.Cert2) == true)
{
foreach (SystemX509.X509ChainElement element in chain.ChainElements)
{
list.Add(DotNetUtilities.FromX509Certificate(element.Certificate));
}
}
else
{
list.Add(DotNetUtilities.FromX509Certificate(this.Cert2));
}
return list.ToArray();
}示例7: VerifyCertificate
public static bool VerifyCertificate(byte[] certData, string publicKey, out string message)
{
var chain = new X509Chain();
chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.IgnoreWrongUsage;
var cert = new X509Certificate2(certData);
bool success = chain.Build(cert);
if (chain.ChainStatus.Count() > 0)
message = string.Format("{0}\n{1}", chain.ChainStatus[0].Status, chain.ChainStatus[0].StatusInformation);
else
message = string.Empty;
if (!success)
return false;
if (cert.GetPublicKeyString() != publicKey)
{
message = "Public keys don't match";
return false;
}
return true;
}示例8: CreateBagOfCertificates
internal static X509Certificate2Collection CreateBagOfCertificates(CmsSigner signer)
{
X509Certificate2Collection certificates = new X509Certificate2Collection();
certificates.AddRange(signer.Certificates);
if (signer.IncludeOption != X509IncludeOption.None)
{
if (signer.IncludeOption == X509IncludeOption.EndCertOnly)
{
certificates.Add(signer.Certificate);
return certificates;
}
int count = 1;
X509Chain chain = new X509Chain();
chain.Build(signer.Certificate);
if ((chain.ChainStatus.Length > 0) && ((chain.ChainStatus[0].Status & X509ChainStatusFlags.PartialChain) == X509ChainStatusFlags.PartialChain))
{
throw new CryptographicException(-2146762486);
}
if (signer.IncludeOption == X509IncludeOption.WholeChain)
{
count = chain.ChainElements.Count;
}
else if (chain.ChainElements.Count > 1)
{
count = chain.ChainElements.Count - 1;
}
for (int i = 0; i < count; i++)
{
certificates.Add(chain.ChainElements[i].Certificate);
}
}
return certificates;
}示例9: GetCertificateChain
/// <summary>
/// Ermittelt die Zertifikatskette anhand eines Zertifikats
/// </summary>
/// <param name="certificate">Das Zertifikat für das die Zertifikatskette ermittelt werden soll</param>
/// <returns>Die Zertifikate, die - zusätzlich zum übergebenen <paramref name="certificate"/> - die
/// Zertifikatskette bilden oder <code>null</code>, falls keine Zertifikatskette aufgebaut werden konnte.</returns>
public X509Certificate2Collection GetCertificateChain(X509Certificate2 certificate)
{
#if NET45
var chain = new X509Chain();
chain.ChainPolicy.ExtraStore.AddRange(_rootCertificates);
chain.ChainPolicy.ExtraStore.AddRange(_intermediateCertificates);
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;
if (!chain.Build(certificate))
return null;
if (chain.ChainStatus.Any(x => x.Status != X509ChainStatusFlags.NoError))
return null;
var chainCerts = chain.ChainElements.Cast<X509ChainElement>().Skip(1).Select(x => x.Certificate).ToArray();
return new X509Certificate2Collection(chainCerts);
#else
using (var chain = new X509Chain())
{
chain.ChainPolicy.ExtraStore.AddRange(_rootCertificates);
chain.ChainPolicy.ExtraStore.AddRange(_intermediateCertificates);
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;
if (!chain.Build(certificate))
return null;
if (chain.ChainStatus.Any(x => x.Status != X509ChainStatusFlags.NoError))
return null;
var chainCerts = chain.ChainElements.Cast<X509ChainElement>().Skip(1).Select(x => x.Certificate).ToArray();
return new X509Certificate2Collection(chainCerts);
}
#endif
}示例10: ManuallyVerifyCA
public static bool ManuallyVerifyCA(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
Console.WriteLine("ManuallyVerifyCA");
bool isValid = false;
if (sslPolicyErrors == SslPolicyErrors.None) return true;
if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateNameMismatch) return true;
if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors || (int)sslPolicyErrors == (int)SslPolicyErrors.RemoteCertificateNameMismatch + (int)SslPolicyErrors.RemoteCertificateChainErrors)
{
try
{
X509Chain chain0 = new X509Chain();
chain0.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
// add all your extra certificate chain
chain0.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
Console.WriteLine("tits buckets");
chain0.ChainPolicy.ExtraStore.Add(new X509Certificate2("..\\..\\..\\ca.p7b"));
Console.WriteLine("piss buckets");
isValid = chain0.Build((X509Certificate2)certificate);
if (isValid) return true;
}
catch (Exception e)
{
Console.WriteLine("sslPolicyErrors: {0}", e.Message);
return false;
}
}
Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
return false;
}示例11: CheckCertificateValidity
public List<string> CheckCertificateValidity(string xml, ElectronicServiceApplicant applicant, string signatureXPath, IDictionary<string, string> signatureXPathNamespaces)
{
bool missingRequiredAuthentication = false;
bool missingRequiredSignature = false;
X509Certificate2 signingCertificate = null;
if (applicant != null)
{
missingRequiredAuthentication = !HasFilledElectronicServiceApplicant(applicant);
if (signatureXPath != null)
{
missingRequiredSignature = !HasValidSignature(xml, signatureXPath, signatureXPathNamespaces, out signingCertificate);
}
}
if (missingRequiredAuthentication || missingRequiredSignature)
{
return new List<string>() { "NotAuthenticated" };
}
var x509Chain = new X509Chain();
x509Chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
x509Chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
x509Chain.Build(signingCertificate);
signingCertificate.Verify();
return x509Chain.ChainStatus.Select(e => e.StatusInformation).ToList();
}示例12: SelfSignedRootTest
public void SelfSignedRootTest()
{
var chain = new X509Chain();
var trusted = new X509Certificate2Collection();
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
Assert.IsFalse(chain.Build(Certificates.SignedBySelfSigned));
Assert.IsFalse(chain.VerifyWithExtraRoots(Certificates.SignedBySelfSigned, trusted));
trusted.Add(Certificates.SelfSigned);
Assert.IsTrue(chain.VerifyWithExtraRoots(Certificates.SignedBySelfSigned, trusted));
Assert.IsFalse(chain.Build(Certificates.SignedBySelfSigned));
trusted.Clear();
Assert.IsFalse(chain.VerifyWithExtraRoots(Certificates.SignedBySelfSigned, trusted));
Assert.IsFalse(chain.Build(Certificates.SignedBySelfSigned));
}示例13: ValidatorShouldReturnFalseWhenPassedASelfSignedCertificate
public void ValidatorShouldReturnFalseWhenPassedASelfSignedCertificate()
{
var instance = new CertificateThumbprintValidator(new string[1]);
var certificateChain = new X509Chain();
certificateChain.Build(SelfSigned);
certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
bool result = instance.Validate(null, SelfSigned, certificateChain, SslPolicyErrors.None);
result.ShouldBe(false);
}示例14: VerifyCertificateProperties
internal static SslPolicyErrors VerifyCertificateProperties(
X509Chain chain,
X509Certificate2 remoteCertificate,
bool checkCertName,
bool isServer,
string hostName)
{
SslPolicyErrors sslPolicyErrors = SslPolicyErrors.None;
if (!chain.Build(remoteCertificate))
{
sslPolicyErrors |= SslPolicyErrors.RemoteCertificateChainErrors;
}
if (checkCertName)
{
if (string.IsNullOrEmpty(hostName))
{
sslPolicyErrors |= SslPolicyErrors.RemoteCertificateNameMismatch;
}
else
{
int hostnameMatch;
using (SafeX509Handle certHandle = Interop.Crypto.X509Duplicate(remoteCertificate.Handle))
{
IPAddress hostnameAsIp;
if (IPAddress.TryParse(hostName, out hostnameAsIp))
{
byte[] addressBytes = hostnameAsIp.GetAddressBytes();
hostnameMatch = Interop.Crypto.CheckX509IpAddress(
certHandle,
addressBytes,
addressBytes.Length,
hostName,
hostName.Length);
}
else
{
hostnameMatch = Interop.Crypto.CheckX509Hostname(certHandle, hostName, hostName.Length);
}
}
if (hostnameMatch != 1)
{
Debug.Assert(hostnameMatch == 0, "hostnameMatch should be (0,1) was " + hostnameMatch);
sslPolicyErrors |= SslPolicyErrors.RemoteCertificateNameMismatch;
}
}
}
return sslPolicyErrors;
}示例15: T2_InvalidUnknownCriticalCertificateExtension
public void T2_InvalidUnknownCriticalCertificateExtension ()
{
X509Certificate2 ee = GetCertificate ("InvalidUnknownCriticalCertificateExtensionTest2EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.InvalidExtension, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.InvalidExtension, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[1].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "TrustAnchorRoot.Status");
}