//-----------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
//-----------------------------------------------------------------------
namespace System.IdentityModel.Tokens
{
using System.IdentityModel.Selectors;
using System.Security.Cryptography.X509Certificates;
using System.Text;
///
/// can be mapped to Windows account and if the Certificatez chain is trusted.
///
public class X509NTAuthChainTrustValidator : X509CertificateValidator
{
private bool useMachineContext;
private X509ChainPolicy chainPolicy;
private uint chainPolicyOID = CAPI.CERT_CHAIN_POLICY_NT_AUTH;
///
/// Creates an instance of
///
public X509NTAuthChainTrustValidator()
: this(false, null)
{
}
///
/// Creates an instance of
///
/// True to use local machine context to build the cert chain.
/// X509Chain policy to use.
public X509NTAuthChainTrustValidator(bool useMachineContext, X509ChainPolicy chainPolicy)
{
this.useMachineContext = useMachineContext;
this.chainPolicy = chainPolicy;
}
///
/// Validates the given certificate.
///
/// X.509 Certificate to validate.
/// The input parameter 'certificate' is null.
/// X.509 Certificate validation failed.
public override void Validate(X509Certificate2 certificate)
{
if (certificate == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("certificate");
}
X509CertificateChain chain = new X509CertificateChain(this.useMachineContext, (uint)this.chainPolicyOID);
if (this.chainPolicy != null)
{
chain.ChainPolicy = this.chainPolicy;
}
if (!chain.Build(certificate))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new SecurityTokenValidationException(
SR.GetString(
SR.ID4070,
X509Util.GetCertificateId(certificate),
GetChainStatusInformation(chain.ChainStatus))));
}
}
private static string GetChainStatusInformation(X509ChainStatus[] chainStatus)
{
if (chainStatus != null)
{
StringBuilder error = new StringBuilder(128);
for (int i = 0; i < chainStatus.Length; ++i)
{
error.Append(chainStatus[i].StatusInformation);
error.Append(" ");
}
return error.ToString();
}
return string.Empty;
}
}
}