<PackageReference Include="BouncyCastle.Cryptography" Version="2.6.1" />

TrustAnchor

public class TrustAnchor
A trust anchor or most-trusted Certification Authority (CA). This class represents a "most-trusted CA", which is used as a trust anchor for validating X.509 certification paths. A most-trusted CA includes the public key of the CA, the CA's name, and any constraints upon the set of paths which may be validated using this key. These parameters can be specified in the form of a trusted X509Certificate or as individual parameters.
using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.X509; using System; using System.Text; namespace Org.BouncyCastle.Pkix { public class TrustAnchor { private readonly AsymmetricKeyParameter pubKey; private readonly string caName; private readonly X509Name caPrincipal; private readonly X509Certificate trustedCert; private byte[] ncBytes; private NameConstraints nc; public X509Certificate TrustedCert => trustedCert; public X509Name CA => caPrincipal; public string CAName => caName; public AsymmetricKeyParameter CAPublicKey => pubKey; public byte[] GetNameConstraints => Arrays.Clone(ncBytes); public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints) { if (trustedCert == null) throw new ArgumentNullException("trustedCert"); this.trustedCert = trustedCert; pubKey = null; caName = null; caPrincipal = null; SetNameConstraints(nameConstraints); } public TrustAnchor(X509Name caPrincipal, AsymmetricKeyParameter pubKey, byte[] nameConstraints) { if (caPrincipal == null) throw new ArgumentNullException("caPrincipal"); if (pubKey == null) throw new ArgumentNullException("pubKey"); trustedCert = null; this.caPrincipal = caPrincipal; caName = caPrincipal.ToString(); this.pubKey = pubKey; SetNameConstraints(nameConstraints); } public TrustAnchor(string caName, AsymmetricKeyParameter pubKey, byte[] nameConstraints) { if (caName == null) throw new ArgumentNullException("caName"); if (pubKey == null) throw new ArgumentNullException("pubKey"); if (caName.Length == 0) throw new ArgumentException("caName can not be an empty string"); caPrincipal = new X509Name(caName); this.pubKey = pubKey; this.caName = caName; trustedCert = null; SetNameConstraints(nameConstraints); } private void SetNameConstraints(byte[] bytes) { ncBytes = Arrays.Clone(bytes); nc = NameConstraints.GetInstance(bytes); } public override string ToString() { StringBuilder stringBuilder = new StringBuilder(); stringBuilder.AppendLine("["); if (pubKey != null) { stringBuilder.Append(" Trusted CA Public Key: ").Append(pubKey).AppendLine(); stringBuilder.Append(" Trusted CA Issuer Name: ").Append(caName).AppendLine(); } else stringBuilder.Append(" Trusted CA cert: ").Append(TrustedCert).AppendLine(); if (nc != null) stringBuilder.Append(" Name Constraints: ").Append(nc).AppendLine(); return stringBuilder.ToString(); } } }