|
Forums -> Security Library Forum
**BUG** CertificateChain.VerifyChain Method |
|
|
by Richard [rgaren at dot dot state dot tx dot us] posted on 2004/09/13 |
|
When the "public CertificateChain(Certificate,CertificateStore);" constructor is used and CertificateStore is a temporary CertificateStore in memory, CertificateChain.VerifyChain Method returns "[UntrustedRoot]", even when the root certificate is located in my temporary CertificateStore. Is this the intended behavior or is this a bug? I would like to be able to use the VerifyChain method inconjunction with a temporary CertificateStore. That way on my web application, all I have to do is maintain a directory of .CER files. |
by Richard [rgaren at dot dot state dot tx dot us] posted on 2004/09/15 |
|
Ok... here is my code... the sCertificate is a base64 encoded certificate (string) being passed from a java applet. It is hard coded here for testing purposes. My result is "The certificate is not valid [UntrustedRoot]". Suggestions???
<code>
static void Main(string[] args)
{
string sCertificate = "MIICxzCCAjCgAwIBAgIBUjANBgkqhkiG9w0BAQUFADB2MQswCQYDVQQGEwJVUzErMCk"
+ "GA1UEChMiVGV4YXMgRGVwYXJ0bWVudCBvZiBUcmFuc3BvcnRhdGlvbjE6MDgGA1UEAx"
+ "MxVGV4YXMgRGVwYXJ0bWVudCBvZiBUcmFuc3BvcnRhdGlvbiBTdWJvcmRpbmF0ZSBDQ"
+ "TAeFw0wMzEwMTAyMTA0NTFaFw0wNDEwMTAyMzU5MDBaMIHsMQ4wDAYDVQQKEwVUeERP"
+ "VDEMMAoGA1UECxMDSVNEMScwJQYDVQQLEx5Qcm9jZXNzIGFuZCBRdWFsaXR5IE1hbmF"
+ "nZW1lbnQxJzAlBgNVBAsTHlByb2Nlc3MgYW5kIFF1YWxpdHkgTWFuYWdlbWVudDEkMC"
+ "IGA1UECRMbMzcxMiBKYWNrc29uIEF2ZSBCdWlsZGluZyA2MQ8wDQYDVQQHEwZBdXN0a"
+ "W4xDjAMBgNVBAgTBVRleGFzMQ4wDAYDVQQREwU3ODcwMTELMAkGA1UEBhMCVVMxFjAU"
+ "BgNVBAMTDVJpY2hhcmQgR2FyZW4wXDANBgkqhkiG9w0BAQEFAANLADBIAkEArYuJGRv"
+ "FQeDTwGYyptpOvuWh6q84UH8aDwmekNBY7CJJwelloMqJMonARrfN+w3fFXibv4w66w"
+ "Ah/y+z9UegdQIDAQABozIwMDALBgNVHQ8EBAMCBaAwIQYDVR0RBBowGIEWcmdhcmVuQ"
+ "GRvdC5zdGF0ZS50eC51czANBgkqhkiG9w0BAQUFAAOBgQCa3rE1q0gcxJSZajTa0hEU"
+ "Nv1Sb0wV+LXanrEDbmxuJcLeagMPIE48RtywEbhvPHifcYTIouw7LOjD4ie9k4g7FC1"
+ "uaMAQLFYu4CiRuI4xwuiKptWyhMVA5wsMTf/Kl2LUwwG2WcSQ7VcU+lMLyjHSEdslMB"
+ "TD2RvzTWz9ttm4YA==";
BinaryReader brSub = new BinaryReader(File.OpenRead("certificates/Subordinate_CA.cer"));
byte[] subFile = new byte[brSub.BaseStream.Length];
brSub.Read(subFile, 0, subFile.Length);
BinaryReader brRoot = new BinaryReader(File.OpenRead("certificates/Root_CA.cer"));
byte[] rootFile = new byte[brRoot.BaseStream.Length];
brRoot.Read(rootFile, 0, rootFile.Length);
Certificate signingCertificate = Certificate.CreateFromBase64String(sCertificate);
Certificate subCertificate = Certificate.CreateFromCerFile(subFile); // DER encoded binary X.509 (.CER)
Certificate rootCertificate = Certificate.CreateFromCerFile(rootFile); // DER encoded binary X.509 (.CER)
CertificateStore certStore = new CertificateStore();
certStore.AddCertificate(subCertificate);
certStore.AddCertificate(rootCertificate);
CertificateChain certChain = new CertificateChain(signingCertificate);
CertificateStatus status = certChain.VerifyChain(null, AuthType.Client);
if (status == CertificateStatus.ValidCertificate)
{
Console.WriteLine("The certificate is valid.");
}
else
{
Console.WriteLine("The certificate is not valid [" + status.ToString() + "].");
}
}
</code> |
|
|