Beispiel #1
0
        private void PinCerts(HttpWebRequest client)
        {
            LogHelper.Log("CORE: Pinning certs...");

            client.ClientCertificates.Clear();

            foreach (var values in CertManager.GetCerts())
            {
                X509Certificate cert = new X509Certificate(values.Value);

                client.ClientCertificates.Add(cert);
            }
        }
        public static Tuple <NetTcpBinding, EndpointAddress> PrepBindingAndAddressForReader(string ServiceCertCN)
        {
            NetTcpBinding binding = new NetTcpBinding();

            binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate;
            /// Use CertManager class to obtain the certificate based on the "srvCertCN" representing the expected service identity.
            X509Certificate2 srvCert = CertManager.GetCertificateFromStorage(StoreName.TrustedPeople, StoreLocation.LocalMachine, ServiceCertCN);
            EndpointAddress  address = new EndpointAddress(new Uri(Config.ReaderServiceAddress), new X509CertificateEndpointIdentity(srvCert));

            binding.ReceiveTimeout = TimeSpan.FromMinutes(30);
            binding.SendTimeout    = TimeSpan.FromMinutes(30);

            return(new Tuple <NetTcpBinding, EndpointAddress>(binding, address));
        }
        public static bool ValidateSignature(string s, byte[] signature, string signCert)
        {
            if (signature == null)
            {
                return(false);
            }
            X509Certificate2 clientCertificate = CertManager.GetCertificateFromStorage(StoreName.TrustedPeople, StoreLocation.LocalMachine, signCert);

            /// Verify signature using SHA1 hash algorithm
            if (DigitalSignature.Verify(s, "SHA1", signature, clientCertificate))
            {
                Console.WriteLine("Digital Signature is valid.");
                //Console.WriteLine(message);
                return(true);
            }
            else
            {
                Console.WriteLine("Digital Signature is invalid.");
                return(false);
            }
        }
        /// <summary>
        /// Validates the server certificate.
        /// </summary>
        /// <returns><c>true</c>, if server certificate was validated, <c>false</c> otherwise.</returns>
        /// <param name="sender">Sender.</param>
        /// <param name="certificate">Certificate.</param>
        /// <param name="chain">Chain.</param>
        /// <param name="policyErrors">Policy errors.</param>
        public static bool ValidateServerCertificate(
            object sender,
            X509Certificate certificate,
            X509Chain chain,
            SslPolicyErrors policyErrors)
        {
            // Logic to determine the validity of the certificate
            if (policyErrors == SslPolicyErrors.None)
            {
                return(true);
            }

            if (policyErrors == SslPolicyErrors.RemoteCertificateChainErrors)
            {
                Console.WriteLine("Certificate chain error: {0}", policyErrors);
                foreach (var chainstat in chain.ChainStatus)
                {
                    Console.WriteLine("{0}", chainstat.Status);
                    Console.WriteLine("{0}", chainstat.StatusInformation);
                }

                foreach (var cert in CertManager.GetCerts())
                {
                    X509Certificate c = new X509Certificate(cert.Value);

                    if (c.GetCertHashString().Equals(certificate.GetCertHashString()))
                    {
                        return(true);
                    }
                }
                return(false);
            }

            Console.WriteLine("Certificate error: {0}", policyErrors);

            return(false);
        }