C# Class Opc.Ua.CertificateValidator

Validates certificates.
Afficher le fichier Open project: OPCFoundation/UA-.NETStandardLibrary Class Usage Examples

Méthodes publiques

Méthode Description
CertificateValidator ( ) : System

The default constructor.
GetIssuers ( X509Certificate2 certificate, List issuers ) : Task

Returns the issuers for the certificate.
GetIssuers ( X509Certificate2Collection certificates, List issuers ) : Task

Returns the issuers for the certificates.
Update ( ApplicationConfiguration configuration ) : System.Threading.Tasks.Task

Updates the validator with the current state of the configuration.
Update ( SecurityConfiguration configuration ) : System.Threading.Tasks.Task

Updates the validator with the current state of the configuration.
Update ( CertificateTrustList issuerStore, CertificateTrustList trustedStore, CertificateStoreIdentifier rejectedCertificateStore ) : void

Updates the validator with a new set of trust lists.
Validate ( X509Certificate2 certificate ) : void

Validates the specified certificate against the trust list.
Validate ( X509Certificate2Collection chain ) : void

Validates a certificate.

Each UA application may have a list of trusted certificates that is different from all other UA applications that may be running on the same machine. As a result, the certificate validator cannot rely completely on the Windows certificate store and user or machine specific CTLs (certificate trust lists). The validator constructs the trust chain for the certificate and follows the chain until it finds a certification that is in the application trust list. Non-fatal trust chain errors (i.e. certificate expired) are ignored if the certificate is in the application trust list. If no certificate in the chain is trusted then the validator will still accept the certification if there are no trust chain errors. The validator may be configured to ignore the application trust list and/or trust chain.

Méthodes protégées

Méthode Description
InternalValidate ( X509Certificate2Collection certificates ) : System.Threading.Tasks.Task

Throws an exception if validation fails.

Private Methods

Méthode Description
CheckChainStatus ( X509ChainStatus status, CertificateIdentifier id, CertificateIdentifier issuer, bool isIssuer ) : ServiceResult
FindAuthorityKeyIdentifier ( X509Certificate2 certificate ) : X509AuthorityKeyIdentifierExtension

Returns the authority key identifier in the certificate.
FindSubjectKeyIdentifierExtension ( X509Certificate2 certificate ) : X509SubjectKeyIdentifierExtension

Returns the authority key identifier in the certificate.
GetChannelValidator ( ) : Opc.Ua.X509CertificateValidator
GetIssuer ( X509Certificate2 certificate, CertificateIdentifierCollection explicitList, CertificateStoreIdentifier certificateStore, bool checkRecovationStatus ) : Task

Returns the certificate information for a trusted issuer certificate.
GetTrustedCertificate ( X509Certificate2 certificate ) : Task

Returns the certificate information for a trusted peer certificate.
IsIssuerAllowed ( X509Certificate2 certificate ) : bool

Determines whether the certificate is allowed to be an issuer.
Match ( X509Certificate2 certificate, string subjectName, string serialNumber, string authorityKeyId ) : bool

Returns true if the certificate matches the criteria.
SaveCertificate ( X509Certificate2 certificate ) : void

Saves the certificate in the invalid certificate directory.

Method Details

CertificateValidator() public méthode

The default constructor.
public CertificateValidator ( ) : System
Résultat System

GetIssuers() public méthode

Returns the issuers for the certificate.
public GetIssuers ( X509Certificate2 certificate, List issuers ) : Task
certificate System.Security.Cryptography.X509Certificates.X509Certificate2 The certificate.
issuers List The issuers.
Résultat Task

GetIssuers() public méthode

Returns the issuers for the certificates.
public GetIssuers ( X509Certificate2Collection certificates, List issuers ) : Task
certificates System.Security.Cryptography.X509Certificates.X509Certificate2Collection
issuers List
Résultat Task

InternalValidate() protected méthode

Throws an exception if validation fails.
If certificate[0] cannot be accepted
protected InternalValidate ( X509Certificate2Collection certificates ) : System.Threading.Tasks.Task
certificates System.Security.Cryptography.X509Certificates.X509Certificate2Collection The certificates to be checked.
Résultat System.Threading.Tasks.Task

Update() public méthode

Updates the validator with the current state of the configuration.
public Update ( ApplicationConfiguration configuration ) : System.Threading.Tasks.Task
configuration ApplicationConfiguration
Résultat System.Threading.Tasks.Task

Update() public méthode

Updates the validator with the current state of the configuration.
public Update ( SecurityConfiguration configuration ) : System.Threading.Tasks.Task
configuration SecurityConfiguration
Résultat System.Threading.Tasks.Task

Update() public méthode

Updates the validator with a new set of trust lists.
public Update ( CertificateTrustList issuerStore, CertificateTrustList trustedStore, CertificateStoreIdentifier rejectedCertificateStore ) : void
issuerStore CertificateTrustList
trustedStore CertificateTrustList
rejectedCertificateStore CertificateStoreIdentifier
Résultat void

Validate() public méthode

Validates the specified certificate against the trust list.
public Validate ( X509Certificate2 certificate ) : void
certificate System.Security.Cryptography.X509Certificates.X509Certificate2 The certificate.
Résultat void

Validate() public méthode

Validates a certificate.
Each UA application may have a list of trusted certificates that is different from all other UA applications that may be running on the same machine. As a result, the certificate validator cannot rely completely on the Windows certificate store and user or machine specific CTLs (certificate trust lists). The validator constructs the trust chain for the certificate and follows the chain until it finds a certification that is in the application trust list. Non-fatal trust chain errors (i.e. certificate expired) are ignored if the certificate is in the application trust list. If no certificate in the chain is trusted then the validator will still accept the certification if there are no trust chain errors. The validator may be configured to ignore the application trust list and/or trust chain.
public Validate ( X509Certificate2Collection chain ) : void
chain System.Security.Cryptography.X509Certificates.X509Certificate2Collection
Résultat void