So for a school project I need to find out if a provided X509Certificate is issued by microsoft. If it is I have to return true, else I have to return false.
This is what i've got at the moment
private bool IsAcceptedCertificate(X509Certificate cert)
{
try
{
//if microsoft
if (cert.Issuer.Equals("Microsoft")) {
return true;
}
}
catch (CryptographicException ex)
{
System.Diagnostics.Debug.WriteLine(ex.ToString());
}
//if not microsoft
return false;
}
Edit 1: Is this the correct way to tackle this problem. I can't test it out because the teacher can't provide me a certificate to test it. Yet I still need this thing to work correctly.
答案 0 :(得分:1)
Something like this should be sufficient:
private bool IsAcceptedCertificate(X509Certificate2 cert)
{
try
{
if(cert.Verify() && cert.Issuer.StartsWith("CN=Microsoft"))
{
return true;
}
}
catch (CryptographicException ex)
{
System.Diagnostics.Debug.WriteLine(ex.ToString());
}
//if not microsoft
return false;
}
It checks that the certificate is valid, and that its issued by "some" Microsoft CA. To be more specific you can check against all Microsoft CAs, instead of CN=Microsoft*
Edit: In the Trusted Root Certificaton Authorities store on Windows 10 machines, there are 4 trusted Micorosft root certificates. "CN = Microsoft Root Authority","CN = Microsoft Root Certificate Authority", "CN = Microsoft Root Certificate Authority 2010" and "CN = Microsoft Root Certificate Authority 2011"