C# Class Opc.Ua.CertificateValidator

Validates certificates.
ファイルを表示 Open project: OPCFoundation/UA-.NETStandardLibrary Class Usage Examples

Public Methods

Method Description
CertificateValidator ( ) : System

The default constructor.
GetIssuers ( X509Certificate2 certificate, List issuers ) : Task

Returns the issuers for the certificate.
GetIssuers ( X509Certificate2Collection certificates, List issuers ) : Task

Returns the issuers for the certificates.
Update ( ApplicationConfiguration configuration ) : System.Threading.Tasks.Task

Updates the validator with the current state of the configuration.
Update ( SecurityConfiguration configuration ) : System.Threading.Tasks.Task

Updates the validator with the current state of the configuration.
Update ( CertificateTrustList issuerStore, CertificateTrustList trustedStore, CertificateStoreIdentifier rejectedCertificateStore ) : void

Updates the validator with a new set of trust lists.
Validate ( X509Certificate2 certificate ) : void

Validates the specified certificate against the trust list.
Validate ( X509Certificate2Collection chain ) : void

Validates a certificate.

Each UA application may have a list of trusted certificates that is different from all other UA applications that may be running on the same machine. As a result, the certificate validator cannot rely completely on the Windows certificate store and user or machine specific CTLs (certificate trust lists). The validator constructs the trust chain for the certificate and follows the chain until it finds a certification that is in the application trust list. Non-fatal trust chain errors (i.e. certificate expired) are ignored if the certificate is in the application trust list. If no certificate in the chain is trusted then the validator will still accept the certification if there are no trust chain errors. The validator may be configured to ignore the application trust list and/or trust chain.

Protected Methods

Method Description
InternalValidate ( X509Certificate2Collection certificates ) : System.Threading.Tasks.Task

Throws an exception if validation fails.

Private Methods

Method Description
CheckChainStatus ( X509ChainStatus status, CertificateIdentifier id, CertificateIdentifier issuer, bool isIssuer ) : ServiceResult
FindAuthorityKeyIdentifier ( X509Certificate2 certificate ) : X509AuthorityKeyIdentifierExtension

Returns the authority key identifier in the certificate.
FindSubjectKeyIdentifierExtension ( X509Certificate2 certificate ) : X509SubjectKeyIdentifierExtension

Returns the authority key identifier in the certificate.
GetChannelValidator ( ) : Opc.Ua.X509CertificateValidator
GetIssuer ( X509Certificate2 certificate, CertificateIdentifierCollection explicitList, CertificateStoreIdentifier certificateStore, bool checkRecovationStatus ) : Task

Returns the certificate information for a trusted issuer certificate.
GetTrustedCertificate ( X509Certificate2 certificate ) : Task

Returns the certificate information for a trusted peer certificate.
IsIssuerAllowed ( X509Certificate2 certificate ) : bool

Determines whether the certificate is allowed to be an issuer.
Match ( X509Certificate2 certificate, string subjectName, string serialNumber, string authorityKeyId ) : bool

Returns true if the certificate matches the criteria.
SaveCertificate ( X509Certificate2 certificate ) : void

Saves the certificate in the invalid certificate directory.

Method Details

CertificateValidator() public method

The default constructor.
public CertificateValidator ( ) : System
return System

GetIssuers() public method

Returns the issuers for the certificate.
public GetIssuers ( X509Certificate2 certificate, List issuers ) : Task
certificate System.Security.Cryptography.X509Certificates.X509Certificate2 The certificate.
issuers List The issuers.
return Task

GetIssuers() public method

Returns the issuers for the certificates.
public GetIssuers ( X509Certificate2Collection certificates, List issuers ) : Task
certificates System.Security.Cryptography.X509Certificates.X509Certificate2Collection
issuers List
return Task

InternalValidate() protected method

Throws an exception if validation fails.
If certificate[0] cannot be accepted
protected InternalValidate ( X509Certificate2Collection certificates ) : System.Threading.Tasks.Task
certificates System.Security.Cryptography.X509Certificates.X509Certificate2Collection The certificates to be checked.
return System.Threading.Tasks.Task

Update() public method

Updates the validator with the current state of the configuration.
public Update ( ApplicationConfiguration configuration ) : System.Threading.Tasks.Task
configuration ApplicationConfiguration
return System.Threading.Tasks.Task

Update() public method

Updates the validator with the current state of the configuration.
public Update ( SecurityConfiguration configuration ) : System.Threading.Tasks.Task
configuration SecurityConfiguration
return System.Threading.Tasks.Task

Update() public method

Updates the validator with a new set of trust lists.
public Update ( CertificateTrustList issuerStore, CertificateTrustList trustedStore, CertificateStoreIdentifier rejectedCertificateStore ) : void
issuerStore CertificateTrustList
trustedStore CertificateTrustList
rejectedCertificateStore CertificateStoreIdentifier
return void

Validate() public method

Validates the specified certificate against the trust list.
public Validate ( X509Certificate2 certificate ) : void
certificate System.Security.Cryptography.X509Certificates.X509Certificate2 The certificate.
return void

Validate() public method

Validates a certificate.
Each UA application may have a list of trusted certificates that is different from all other UA applications that may be running on the same machine. As a result, the certificate validator cannot rely completely on the Windows certificate store and user or machine specific CTLs (certificate trust lists). The validator constructs the trust chain for the certificate and follows the chain until it finds a certification that is in the application trust list. Non-fatal trust chain errors (i.e. certificate expired) are ignored if the certificate is in the application trust list. If no certificate in the chain is trusted then the validator will still accept the certification if there are no trust chain errors. The validator may be configured to ignore the application trust list and/or trust chain.
public Validate ( X509Certificate2Collection chain ) : void
chain System.Security.Cryptography.X509Certificates.X509Certificate2Collection
return void