2 // X509Chain.cs: X.509 Certificate Path
3 // This is a VERY simplified and minimal version (for Authenticode support)
6 // Sebastien Pouliot (spouliot@motus.com)
8 // (C) 2003 Motus Technologies Inc. (http://www.motus.com)
13 namespace Mono.Security.X509 {
15 public class X509Chain {
17 private X509CertificateCollection roots;
18 private X509CertificateCollection certs;
19 private X509Certificate root;
23 certs = new X509CertificateCollection ();
26 public void LoadCertificate (X509Certificate x509)
31 public void LoadCertificates (X509CertificateCollection coll)
33 certs.AddRange (coll);
36 public X509Certificate FindByIssuerName (string issuerName)
38 foreach (X509Certificate x in certs) {
39 if (x.IssuerName == issuerName)
45 public X509CertificateCollection GetChain (X509Certificate x509)
47 X509CertificateCollection path = new X509CertificateCollection ();
48 X509Certificate x = FindCertificateParent (x509);
53 x = FindCertificateParent (x509);
54 if ((x != null) && (x.IsSelfSigned))
58 // find a trusted root
59 x = FindCertificateRoot (x509);
66 private X509CertificateCollection GetTrustAnchors ()
68 // TODO - Load from machine.config
69 ITrustAnchors trust = (ITrustAnchors) new TestAnchors ();
73 public X509CertificateCollection TrustAnchors {
74 get { return ((roots == null) ? GetTrustAnchors () : roots); }
75 set { roots = value; }
78 public X509Certificate Root {
84 // this force a reload
89 private X509Certificate FindCertificateParent (X509Certificate child)
91 foreach (X509Certificate potentialParent in certs) {
92 if (IsParent (child, potentialParent))
93 return potentialParent;
98 private X509Certificate FindCertificateRoot (X509Certificate x509)
100 // if the trusted root is in the path
101 if (TrustAnchors.Contains (x509))
104 foreach (X509Certificate root in TrustAnchors) {
105 if (IsParent (x509, root))
112 private bool IsParent (X509Certificate child, X509Certificate parent)
114 if (child.IssuerName != parent.SubjectName)
116 return (child.VerifySignature (parent.RSA));