public async ValueTask <CtVerificationResult> IsValidAsync(IList <X509Certificate2> chain, CancellationToken cancellationToken) { if (chain?.Any() != true) { return(CtVerificationResult.NoCertificates()); } var leaf = chain.First(); var scts = leaf.GetSignedCertificateTimestamps(); if (scts?.Any() != true) { return(CtVerificationResult.NoScts()); } var logDictionary = await _logListService.GetLogDictionaryAsync(cancellationToken).ConfigureAwait(false); cancellationToken.ThrowIfCancellationRequested(); if (logDictionary?.Any() != true) { return(CtVerificationResult.LogServersFailed()); } var sctResults = scts.Select(sct => logDictionary.TryGetValue(sct.LogIdBase64, out var log) ? (sct.LogIdBase64, sct.VerifySignature(log, chain)) : (sct.LogIdBase64, SctVerificationResult.NoTrustedLogServerFound(sct.TimestampUtc))) .ToDictionary(t => t.LogIdBase64, t => t.Item2); return(_ctPolicy.PolicyVerificationResult(leaf, sctResults)); }
public async Task <CtVerificationResult> IsValidAsync(IList <X509Certificate2> chain, CancellationToken cancellationToken) { if (chain?.Any() != true) { return(CtVerificationResult.NoCertificates()); } var leaf = chain.First(); var scts = leaf.GetSignedCertificateTimestamps(); if (scts?.Any() != true) { return(CtVerificationResult.NoScts()); } var logDictionary = await _logListService.GetLogDictionaryAsync(cancellationToken).ConfigureAwait(false); //foreach (var log in logDictionary) //{ // Console.WriteLine($"{BitConverter.ToString(Convert.FromBase64String(log.Key)).Replace("-", string.Empty).ToLowerInvariant()} {log.Value.Description}"); //} cancellationToken.ThrowIfCancellationRequested(); if (logDictionary?.Any() != true) { return(CtVerificationResult.LogServersFailed()); } //var sctResults = scts.Select(sct => // logDictionary.TryGetValue(sct.LogIdBase64, out var log) // ? new { LogIdBase64 = sct.LogIdBase64, Item2 = sct.VerifySignature(log, chain) } // : new { LogIdBase64 = sct.LogIdBase64, Item2 = SctVerificationResult.NoTrustedLogServerFound(sct.TimestampUtc) }) // .ToDictionary(t => t.LogIdBase64, t => t.Item2); var sctResults = new Dictionary <string, SctVerificationResult>(); foreach (var sct in scts) { SctVerificationResult result; if (logDictionary.TryGetValue(sct.LogIdBase64, out var log)) { result = sct.VerifySignature(log, chain); } else { result = SctVerificationResult.NoTrustedLogServerFound(sct.TimestampUtc); } sctResults.Add(sct.LogIdBase64, result); Console.WriteLine($"{BitConverter.ToString(Convert.FromBase64String(sct.LogIdBase64)).Replace("-", string.Empty).ToLowerInvariant()} {result}"); } return(_ctPolicy.PolicyVerificationResult(leaf, sctResults)); }
public async Task <CtVerificationResult> IsValidAsync(string hostname, IList <X509Certificate2> chain, CancellationToken cancellationToken) { if (string.IsNullOrEmpty(hostname)) { throw new ArgumentNullException(nameof(hostname)); } if (_hostnameValidator.ValidateHost(hostname)) { return(await IsValidAsync(chain, cancellationToken).ConfigureAwait(false)); } return(CtVerificationResult.DisabledForHost()); }
private bool VerifyCtResult(string host, IList <X509Certificate2> chain, CtVerificationResult result) { #if DEBUG System.Diagnostics.Debug.WriteLine($"😺 CT Result, host: {host}, description: {result?.Description ?? string.Empty}"); #endif if (!result.IsValid) { _logger.Event("ct_result_invalid", new Dictionary <string, string>() { { "host", host }, { "result", result?.Result.ToString() ?? string.Empty }, { "description", result?.Description ?? string.Empty } }); } return(result.IsValid); }
public CtVerificationResult PolicyVerificationResult(X509Certificate2 leafCertificate, IDictionary <string, SctVerificationResult> sctResults) { #if DEBUG var moqCert = leafCertificate as MoqX509Certificate2; var before = moqCert?.NotBefore ?? leafCertificate.NotBefore; var after = moqCert?.NotAfter ?? leafCertificate.NotAfter; #else var before = leafCertificate.NotBefore; var after = leafCertificate.NotAfter; #endif var(months, partial) = FlooredMonth(before, after); var minValidScts = MinimumValidSignedCertificateTimestamps(months, partial); var validScts = sctResults.Count(kv => kv.Value.IsValid); if (validScts < minValidScts) { return(CtVerificationResult.TooFewSctsTrusted(sctResults.Values, minValidScts)); } return(CtVerificationResult.Trusted(sctResults.Values, minValidScts)); }