2 // X509CertificateValidator.cs
5 // Atsushi Enomoto <atsushi@ximian.com>
7 // Copyright (C) 2006 Novell, Inc. http://www.novell.com
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 using System.Collections.ObjectModel;
30 using System.IdentityModel.Policy;
31 using System.IdentityModel.Tokens;
32 using System.Security.Cryptography.X509Certificates;
34 namespace System.IdentityModel.Selectors
36 public abstract class X509CertificateValidator
38 static X509CertificateValidator none, chain, peer_or_chain, peer;
40 static X509CertificateValidator ()
42 none = new X509NoValidator ();
43 chain = new X509CertificateValidatorImpl (
44 false, true, false, new X509ChainPolicy ());
45 peer = new X509CertificateValidatorImpl (
46 true, false, false, null);
47 peer_or_chain = new X509CertificateValidatorImpl (
48 true, true, false, new X509ChainPolicy ());
51 protected X509CertificateValidator ()
55 public static X509CertificateValidator None {
59 public static X509CertificateValidator ChainTrust {
63 public static X509CertificateValidator PeerOrChainTrust {
64 get { return peer_or_chain; }
67 public static X509CertificateValidator PeerTrust {
71 public static X509CertificateValidator CreateChainTrustValidator (
72 bool useMachineContext, X509ChainPolicy chainPolicy)
74 return new X509CertificateValidatorImpl (
75 false, true, useMachineContext, chainPolicy);
78 public static X509CertificateValidator CreatePeerOrChainTrustValidator (
79 bool useMachineContext, X509ChainPolicy chainPolicy)
81 return new X509CertificateValidatorImpl (
82 true, true, useMachineContext, chainPolicy);
85 public abstract void Validate (X509Certificate2 certificate);
87 class X509NoValidator : X509CertificateValidator
89 public override void Validate (X509Certificate2 cert)
94 class X509CertificateValidatorImpl : X509CertificateValidator
99 X509ChainPolicy policy;
102 public X509CertificateValidatorImpl (bool peer, bool chain, bool useMachineContext, X509ChainPolicy chainPolicy)
104 this.check_peer = peer;
105 this.check_chain = chain;
106 use_machine_ctx = useMachineContext;
107 policy = chainPolicy;
110 public override void Validate (X509Certificate2 cert)
113 X509Store store = new X509Store ();
114 store.Open (OpenFlags.ReadOnly);
115 foreach (X509Certificate2 c in store.Certificates)
116 if (c.Thumbprint == cert.Thumbprint)
122 chain = X509Chain.Create ();
124 chain = new X509Chain ();
125 chain.ChainPolicy = policy;
129 if (chain.Build (cert))
132 throw new ArgumentException ("The argument certificate is invalid.");