1 // ==++== 2 // 3 // Copyright (c) Microsoft Corporation. All rights reserved. 4 // 5 // ==--== 6 7 // 8 // X509ChainPolicy.cs 9 // 10 11 namespace System.Security.Cryptography.X509Certificates { 12 using System.Globalization; 13 14 public enum X509RevocationMode { 15 NoCheck = 0, 16 Online = 1, 17 Offline = 2 18 } 19 20 public enum X509RevocationFlag { 21 EndCertificateOnly = 0, 22 EntireChain = 1, 23 ExcludeRoot = 2 24 } 25 26 [Flags] 27 public enum X509VerificationFlags { 28 NoFlag = 0x00000000, 29 IgnoreNotTimeValid = 0x00000001, 30 IgnoreCtlNotTimeValid = 0x00000002, 31 IgnoreNotTimeNested = 0x00000004, 32 IgnoreInvalidBasicConstraints = 0x00000008, 33 AllowUnknownCertificateAuthority = 0x00000010, 34 IgnoreWrongUsage = 0x00000020, 35 IgnoreInvalidName = 0x00000040, 36 IgnoreInvalidPolicy = 0x00000080, 37 IgnoreEndRevocationUnknown = 0x00000100, 38 IgnoreCtlSignerRevocationUnknown = 0x00000200, 39 IgnoreCertificateAuthorityRevocationUnknown = 0x00000400, 40 IgnoreRootRevocationUnknown = 0x00000800, 41 AllFlags = 0x00000FFF 42 } 43 44 public sealed class X509ChainPolicy { 45 private OidCollection m_applicationPolicy; 46 private OidCollection m_certificatePolicy; 47 private X509RevocationMode m_revocationMode; 48 private X509RevocationFlag m_revocationFlag; 49 private DateTime m_verificationTime; 50 private TimeSpan m_timeout; 51 private X509Certificate2Collection m_extraStore; 52 private X509VerificationFlags m_verificationFlags; 53 X509ChainPolicy()54 public X509ChainPolicy () { 55 Reset(); 56 } 57 58 public OidCollection ApplicationPolicy { 59 get { 60 return m_applicationPolicy; 61 } 62 } 63 64 public OidCollection CertificatePolicy { 65 get { 66 return m_certificatePolicy; 67 } 68 } 69 70 public X509RevocationMode RevocationMode { 71 get { 72 return m_revocationMode; 73 } 74 set { 75 if (value < X509RevocationMode.NoCheck || value > X509RevocationMode.Offline) 76 throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, SR.GetString(SR.Arg_EnumIllegalVal), "value")); 77 m_revocationMode = value; 78 } 79 } 80 81 public X509RevocationFlag RevocationFlag { 82 get { 83 return m_revocationFlag; 84 } 85 set { 86 if (value < X509RevocationFlag.EndCertificateOnly || value > X509RevocationFlag.ExcludeRoot) 87 throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, SR.GetString(SR.Arg_EnumIllegalVal), "value")); 88 m_revocationFlag = value; 89 } 90 } 91 92 public X509VerificationFlags VerificationFlags { 93 get { 94 return m_verificationFlags; 95 } 96 set { 97 if (value < X509VerificationFlags.NoFlag || value > X509VerificationFlags.AllFlags) 98 throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, SR.GetString(SR.Arg_EnumIllegalVal), "value")); 99 m_verificationFlags = value; 100 } 101 } 102 103 public DateTime VerificationTime { 104 get { 105 return m_verificationTime; 106 } 107 set { 108 m_verificationTime = value; 109 } 110 } 111 112 public TimeSpan UrlRetrievalTimeout { 113 get { 114 return m_timeout; 115 } 116 set { 117 m_timeout = value; 118 } 119 } 120 121 public X509Certificate2Collection ExtraStore { 122 get { 123 return m_extraStore; 124 } 125 } 126 Reset()127 public void Reset () { 128 m_applicationPolicy = new OidCollection(); 129 m_certificatePolicy = new OidCollection(); 130 m_revocationMode = X509RevocationMode.Online; 131 m_revocationFlag = X509RevocationFlag.ExcludeRoot; 132 m_verificationFlags = X509VerificationFlags.NoFlag; 133 m_verificationTime = DateTime.Now; 134 m_timeout = new TimeSpan(0, 0, 0); // default timeout 135 m_extraStore = new X509Certificate2Collection(); 136 } 137 } 138 } 139