public X509Chain(byte[][] encoded, byte[][] encodedRev)
{
this.encoded = encoded;
this.encodedRev = encodedRev;
int n = encoded.Length;
elements = new X509Cert[n];
elementsRev = new X509Cert[n];
thumbprints = new string[n];
thumbprintsRev = new string[n];
decodingIssues = new string[n];
decodingIssuesRev = new string[n];
decodable = (n > 0);
for (int i = 0; i < n; i++)
{
X509Cert xc;
string msg;
try {
xc = new X509Cert(encoded[i]);
msg = null;
} catch (Exception e) {
xc = null;
msg = e.Message;
if (msg == null)
{
msg = e.GetType().FullName;
}
decodable = false;
}
elements[i] = xc;
elementsRev[n - 1 - i] = xc;
decodingIssues[i] = msg;
decodingIssuesRev[n - 1 - i] = msg;
string tt = M.DoSHA1(encoded[i]).ToUpperInvariant();
thumbprints[i] = tt;
thumbprintsRev[n - 1 - i] = tt;
}
if (decodable)
{
goodNameChaining = true;
X509Cert lc = elementsRev[0];
IDictionary <string, bool> sghf =
new SortedDictionary <string, bool>(
StringComparer.Ordinal);
if (!lc.SelfIssued)
{
sghf[lc.HashAlgorithm] = true;
}
for (int i = 1; i < n; i++)
{
X509Cert ca = elementsRev[i];
if (!ca.SelfIssued)
{
sghf[ca.HashAlgorithm] = true;
}
if (!ca.Subject.Equals(lc.Issuer))
{
goodNameChaining = false;
}
lc = ca;
}
includesRoot = lc.Subject.Equals(lc.Issuer);
signHashes = new string[sghf.Count];
int k = 0;
foreach (string name in sghf.Keys)
{
signHashes[k++] = name;
}
}
else
{
goodNameChaining = false;
includesRoot = false;
signHashes = null;
}
hash = M.DoSHA1(encodedRev);
}
public static void UpdateReportAggregator(ReportAggregator aggregator, Report report)
{
String serverUnderTest = $"{report.ConnName}:{report.ConnPort}";
if (report.SSLv2Chain != null)
{
aggregator.AddSsl2Cert(serverUnderTest, report.SSLv2Chain);
X509Cert xc = report.SSLv2Chain.ElementsRev[0];
if (xc != null && xc.ValidTo.CompareTo(DateTime.Now) < 0)
{
aggregator.AddOverduedCertificate(serverUnderTest, xc.ValidTo);
}
}
if (report.ssl2Suites != null && report.ssl2Suites.Length > 0)
{
aggregator.AddSuportedSslVersion(M.VersionString(M.SSLv20));
foreach (int s in report.ssl2Suites)
{
aggregator.AddSupportedCipherSuite(CipherSuite.ToNameV2(s));
}
}
aggregator.AddSsl3Certs(serverUnderTest, report.chains.Values);
InspectCerts(aggregator, report, serverUnderTest);
foreach (int v in report.suites.Keys)
{
aggregator.AddSuportedSslVersion(M.VersionString(v));
SupportedCipherSuites scs = report.suites[v];
if (scs.PrefClient)
{
aggregator.AddCipherSuiteSelectionMode("uses client preferences");
}
else if (scs.PrefServer)
{
aggregator.AddCipherSuiteSelectionMode("enforce server preferences");
}
else
{
aggregator.AddCipherSuiteSelectionMode("complex");
}
foreach (int s in scs.Suites)
{
CipherSuite cs;
string strength;
string fsf;
string anon;
string kt;
if (CipherSuite.ALL.TryGetValue(s, out cs))
{
strength = cs.Strength.ToString();
fsf = cs.HasForwardSecrecy ? "f" : "-";
anon = cs.IsAnonymous ? "A" : "-";
kt = cs.ServerKeyType;
}
else
{
strength = "?";
fsf = "?";
anon = "?";
kt = "?";
}
aggregator.AddSupportedCipherSuite($"{strength}{fsf}{anon} (key: {kt,4}) {CipherSuite.ToName(s)}");
}
}
foreach (var warning in report.Warnings)
{
aggregator.AddWarning(warning.Value);
}
}
