Ejemplo n.º 1
0
        private static bool ManualServerCertVerification(object sender,
                                                         X509Certificate certificate, X509Chain chain,
                                                         SslPolicyErrors sslPolicyErrors)
        {
            Console.WriteLine();

            if (certificate is X509Certificate2 cert2)
            {
                Console.WriteLine("X509Certificate2");
                try
                {
                    byte[] rawdata = cert2.RawData;
                    Console.WriteLine("  Content Type: " + X509Certificate2.GetCertContentType(rawdata));
                    Console.WriteLine("  Friendly Name: " + cert2.FriendlyName);
                    Console.WriteLine("  Certificate Verified?: " + cert2.Verify());
                    Console.WriteLine("  Simple Name: " + cert2.GetNameInfo(X509NameType.SimpleName, true));
                    Console.WriteLine("  Signature Algorithm: " + cert2.SignatureAlgorithm.FriendlyName);
                    // Console.WriteLine("  Public Key: " + cert2.PublicKey.Key.ToXmlString(false));
                    Console.WriteLine("  Certificate Archived?: " + cert2.Archived);
                    Console.WriteLine("  Length of Raw Data: " + cert2.RawData.Length);
                }
                catch (CryptographicException)
                {
                    Console.WriteLine("Information could not be written out for this certificate.");
                }
                Console.WriteLine();

                Console.WriteLine("X509Certificate2 Extensions");
                foreach (X509Extension ext in cert2.Extensions)
                {
                    Console.WriteLine("  " + ext.GetType().Name
                                      + "\n    Oid: " + ext.Oid.FriendlyName
                                      + "\n    Critical: " + ext.Critical
                                      + "\n    Raw Len: " + ext.RawData.Length);

                    if (ext is X509BasicConstraintsExtension bcExt)
                    {
                        Console.WriteLine("    CA: " + bcExt.CertificateAuthority);
                        Console.WriteLine("    HPLC: " + bcExt.HasPathLengthConstraint);
                        Console.WriteLine("    PLC: " + bcExt.PathLengthConstraint);
                    }
                    else if (ext is X509KeyUsageExtension kuExt)
                    {
                        Console.WriteLine("    Usages: " + kuExt.KeyUsages);
                    }
                    else if (ext is X509EnhancedKeyUsageExtension ekuExt)
                    {
                        if (ekuExt.EnhancedKeyUsages.Count > 0)
                        {
                            Console.WriteLine("    Enhanced Key Usages");
                            foreach (Oid oid in ekuExt.EnhancedKeyUsages)
                            {
                                Console.WriteLine("      " + oid.FriendlyName);
                            }
                        }
                    }
                    else if (ext is X509SubjectKeyIdentifierExtension skiExt)
                    {
                        Console.WriteLine("    Subject Key Identifier: " + skiExt.SubjectKeyIdentifier);
                    }
                }
                Console.WriteLine();
            }

            Console.WriteLine("sslPolicyErrors");
            Console.WriteLine("  " + sslPolicyErrors);
            Console.WriteLine();

            if (chain != null)
            {
                Console.WriteLine("X509Chain Statuses");
                foreach (X509ChainStatus cs in chain.ChainStatus)
                {
                    Console.WriteLine("  " + cs.Status + " | " + cs.StatusInformation);
                }
                Console.WriteLine();
            }

            // ------------------------------------------------------------------------------------------
            // BouncyCastle
            // ------------------------------------------------------------------------------------------
            Org.BouncyCastle.X509.X509Certificate bcX509 = DotNetUtilities.FromX509Certificate(certificate);
            Console.WriteLine("BouncyCastle X509Certificate");
            Console.WriteLine("  " + bcX509.CertificateStructure);
            Console.WriteLine("  " + bcX509.IsValidNow);
            Console.WriteLine("  " + bcX509.NotBefore);
            Console.WriteLine("  " + bcX509.NotAfter);
            Console.WriteLine("  " + bcX509.SigAlgName);
            Console.WriteLine("  " + bcX509.SigAlgOid);
            if (bcX509.GetExtendedKeyUsage().Count > 0)
            {
                Console.WriteLine("  Extended Key Usage");
                foreach (var eku in bcX509.GetExtendedKeyUsage())
                {
                    Console.WriteLine("    " + eku);
                }
            }

            void InspectExtension(ISet extSet, string label)
            {
                if (extSet.Count > 0)
                {
                    Console.WriteLine("  " + label);
                    foreach (string oid in extSet)
                    {
                        try
                        {
                            Asn1OctetString asn = bcX509.GetExtensionValue(new DerObjectIdentifier(oid));
                            Console.WriteLine("    Oid: " + oid + " | Asn: " + asn);
                        }
                        catch (Exception e)
                        {
                            Console.WriteLine(e);
                        }
                    }
                }
            }

            InspectExtension(bcX509.GetNonCriticalExtensionOids(), "Non Critical Extensions");
            InspectExtension(bcX509.GetCriticalExtensionOids(), "Critical Extensions");

            return(true); // true if the cert is okay, false if it not
        }