private static X509Certificate2? PickBestCertificate()

in src/Hosting/Certificates/CertificateReader.cs [101:120]

• 18 lines of code
• 8 McCabe index (conditional complexity)

		private static X509Certificate2? PickBestCertificate(IEnumerable<X509Certificate2> certificates)
		{
			DateTime now = DateTime.Now;
			X509Certificate2? selectedCert = null;
			bool isSelectedValid = false;
			foreach (X509Certificate2 current in certificates)
			{
				bool isValid = current.NotAfter >= now && current.NotBefore <= now;

				if (selectedCert == null
					|| (!isSelectedValid && isValid)
					|| (isSelectedValid == isValid && (selectedCert.NotAfter < current.NotAfter)))
				{
					selectedCert = current;
					isSelectedValid = isValid;
				}
			}

			return selectedCert;
		}