C# Класс Opc.Ua.CertificateValidator

Validates certificates.
Показать файл Открыть проект Примеры использования класса

Открытые методы

Метод Описание
CertificateValidator ( ) : System

The default constructor.
GetIssuers ( X509Certificate2 certificate, List issuers ) : Task

Returns the issuers for the certificate.
GetIssuers ( X509Certificate2Collection certificates, List issuers ) : Task

Returns the issuers for the certificates.
Update ( ApplicationConfiguration configuration ) : System.Threading.Tasks.Task

Updates the validator with the current state of the configuration.
Update ( SecurityConfiguration configuration ) : System.Threading.Tasks.Task

Updates the validator with the current state of the configuration.
Update ( CertificateTrustList issuerStore, CertificateTrustList trustedStore, CertificateStoreIdentifier rejectedCertificateStore ) : void

Updates the validator with a new set of trust lists.
Validate ( X509Certificate2 certificate ) : void

Validates the specified certificate against the trust list.
Validate ( X509Certificate2Collection chain ) : void

Validates a certificate.

Each UA application may have a list of trusted certificates that is different from all other UA applications that may be running on the same machine. As a result, the certificate validator cannot rely completely on the Windows certificate store and user or machine specific CTLs (certificate trust lists). The validator constructs the trust chain for the certificate and follows the chain until it finds a certification that is in the application trust list. Non-fatal trust chain errors (i.e. certificate expired) are ignored if the certificate is in the application trust list. If no certificate in the chain is trusted then the validator will still accept the certification if there are no trust chain errors. The validator may be configured to ignore the application trust list and/or trust chain.

Защищенные методы

Метод Описание
InternalValidate ( X509Certificate2Collection certificates ) : System.Threading.Tasks.Task

Throws an exception if validation fails.

Приватные методы

Метод Описание
CheckChainStatus ( X509ChainStatus status, CertificateIdentifier id, CertificateIdentifier issuer, bool isIssuer ) : ServiceResult
FindAuthorityKeyIdentifier ( X509Certificate2 certificate ) : X509AuthorityKeyIdentifierExtension

Returns the authority key identifier in the certificate.
FindSubjectKeyIdentifierExtension ( X509Certificate2 certificate ) : X509SubjectKeyIdentifierExtension

Returns the authority key identifier in the certificate.
GetChannelValidator ( ) : Opc.Ua.X509CertificateValidator
GetIssuer ( X509Certificate2 certificate, CertificateIdentifierCollection explicitList, CertificateStoreIdentifier certificateStore, bool checkRecovationStatus ) : Task

Returns the certificate information for a trusted issuer certificate.
GetTrustedCertificate ( X509Certificate2 certificate ) : Task

Returns the certificate information for a trusted peer certificate.
IsIssuerAllowed ( X509Certificate2 certificate ) : bool

Determines whether the certificate is allowed to be an issuer.
Match ( X509Certificate2 certificate, string subjectName, string serialNumber, string authorityKeyId ) : bool

Returns true if the certificate matches the criteria.
SaveCertificate ( X509Certificate2 certificate ) : void

Saves the certificate in the invalid certificate directory.

Описание методов

CertificateValidator() публичный Метод

The default constructor.
public CertificateValidator ( ) : System
Результат System

GetIssuers() публичный Метод

Returns the issuers for the certificate.
public GetIssuers ( X509Certificate2 certificate, List issuers ) : Task
certificate System.Security.Cryptography.X509Certificates.X509Certificate2 The certificate.
issuers List The issuers.
Результат Task

GetIssuers() публичный Метод

Returns the issuers for the certificates.
public GetIssuers ( X509Certificate2Collection certificates, List issuers ) : Task
certificates System.Security.Cryptography.X509Certificates.X509Certificate2Collection
issuers List
Результат Task

InternalValidate() защищенный Метод

Throws an exception if validation fails.
If certificate[0] cannot be accepted
protected InternalValidate ( X509Certificate2Collection certificates ) : System.Threading.Tasks.Task
certificates System.Security.Cryptography.X509Certificates.X509Certificate2Collection The certificates to be checked.
Результат System.Threading.Tasks.Task

Update() публичный Метод

Updates the validator with the current state of the configuration.
public Update ( ApplicationConfiguration configuration ) : System.Threading.Tasks.Task
configuration ApplicationConfiguration
Результат System.Threading.Tasks.Task

Update() публичный Метод

Updates the validator with the current state of the configuration.
public Update ( SecurityConfiguration configuration ) : System.Threading.Tasks.Task
configuration SecurityConfiguration
Результат System.Threading.Tasks.Task

Update() публичный Метод

Updates the validator with a new set of trust lists.
public Update ( CertificateTrustList issuerStore, CertificateTrustList trustedStore, CertificateStoreIdentifier rejectedCertificateStore ) : void
issuerStore CertificateTrustList
trustedStore CertificateTrustList
rejectedCertificateStore CertificateStoreIdentifier
Результат void

Validate() публичный Метод

Validates the specified certificate against the trust list.
public Validate ( X509Certificate2 certificate ) : void
certificate System.Security.Cryptography.X509Certificates.X509Certificate2 The certificate.
Результат void

Validate() публичный Метод

Validates a certificate.
Each UA application may have a list of trusted certificates that is different from all other UA applications that may be running on the same machine. As a result, the certificate validator cannot rely completely on the Windows certificate store and user or machine specific CTLs (certificate trust lists). The validator constructs the trust chain for the certificate and follows the chain until it finds a certification that is in the application trust list. Non-fatal trust chain errors (i.e. certificate expired) are ignored if the certificate is in the application trust list. If no certificate in the chain is trusted then the validator will still accept the certification if there are no trust chain errors. The validator may be configured to ignore the application trust list and/or trust chain.
public Validate ( X509Certificate2Collection chain ) : void
chain System.Security.Cryptography.X509Certificates.X509Certificate2Collection
Результат void