X509ChainExtensions

Namespace: WvdS.System.Security.Cryptography.X509Certificates

Drop-in replacement extensions for X509Chain with post-quantum signature validation. Extends standard chain validation with PQ signature checking in all three crypto modes.

Methods

Method	Description
`Build(certificate, mode)`	Builds and validates certificate chain with CryptoMode
`Build(certificate, customTrustStore, mode)`	Chain validation with custom trust store
`Build(certificate, trustStore, mode)`	Chain validation with PqTrustStore
`BuildWithRevocationCheck(…)`	Chain build with CRL/OCSP checking
`BuildWithOfflineCrl(…)`	Chain build with offline CRL data
`IsFullyPqProtected()`	Checks if entire chain is PQ-protected
`GetChainCryptoModes()`	Returns CryptoModes of all chain elements
`GetValidationReport()`	Creates detailed validation report

Build with CryptoMode

using var chain = new X509Chain();
var cert = new X509Certificate2("certificate.pfx");
 
// With explicit CryptoMode
bool isValid = chain.Build(cert, CryptoMode.Hybrid);
 
// With default mode from CryptoConfig
bool isValid2 = chain.Build(cert, null);

Validation Behavior by Mode

Mode	Classic Signature	PQ Signature
Classic	Checked	Ignored
Hybrid	Checked	Checked (if present)
PostQuantum	Checked (structure)	Required

IsFullyPqProtected

using var chain = new X509Chain();
chain.Build(cert, CryptoMode.Hybrid);
 
if (chain.IsFullyPqProtected())
{
    Console.WriteLine("Entire chain is PQ-protected");
}
else
{
    var modes = chain.GetChainCryptoModes();
    for (int i = 0; i < modes.Length; i++)
    {
        if (modes[i] == CryptoMode.Classic)
            Console.WriteLine($"Element {i} has no PQ protection");
    }
}

GetValidationReport

using var chain = new X509Chain();
chain.Build(cert, CryptoMode.Hybrid);
 
var report = chain.GetValidationReport();
Console.WriteLine($"Valid: {report.IsValid}");
Console.WriteLine($"Chain length: {report.ChainLength}");
Console.WriteLine($"Fully PQ-protected: {report.IsFullyPqProtected}");

Inhaltsverzeichnis