public Task <(bool isValid, AcmeError?error)> ValidateCsrAsync(Order order, string csr, CancellationToken cancellationToken)
{
try
{
var request = new CertEnroll.CX509CertificateRequestPkcs10();
request.InitializeDecode(csr, CertEnroll.EncodingType.XCN_CRYPT_STRING_BASE64);
request.CheckSignature();
if (!SubjectIsValid(request, order))
{
return(Task.FromResult((false, (AcmeError?)new AcmeError("badCSR", "CN Invalid."))));
}
if (!SubjectAlternateNamesAreValid(request, order))
{
return(Task.FromResult((false, (AcmeError?)new AcmeError("badCSR", "SAN Invalid."))));
}
return(Task.FromResult((true, (AcmeError?)null)));
}
catch (Exception ex)
{
_logger.LogWarning(ex.ToString());
}
return(Task.FromResult((false, (AcmeError?)new AcmeError("badCSR", "CSR could not be read."))));
}
public Task <(bool isValid, AcmeError?error)> ValidateCsrAsync(Order order, string csr, CancellationToken cancellationToken)
{
_logger.LogDebug($"Attempting validation of CSR {csr}");
try
{
var request = new CertEnroll.CX509CertificateRequestPkcs10();
request.InitializeDecode(csr, CertEnroll.EncodingType.XCN_CRYPT_STRING_BASE64);
request.CheckSignature();
if (!SubjectIsValid(request, order))
{
_logger.LogDebug("CSR Validation failed due to invalid CN.");
return(Task.FromResult((false, (AcmeError?)new AcmeError("badCSR", "CN Invalid."))));
}
if (!SubjectAlternateNamesAreValid(request, order))
{
_logger.LogDebug("CSR Validation failed due to invalid SAN.");
return(Task.FromResult((false, (AcmeError?)new AcmeError("badCSR", "SAN Invalid."))));
}
_logger.LogDebug("CSR Validation succeeded.");
return(Task.FromResult((true, (AcmeError?)null)));
}
catch (Exception ex)
{
_logger.LogWarning(ex, $"Validation of CSR failed with exception.");
return(Task.FromResult((false, (AcmeError?)new AcmeError("badCSR", "CSR could not be read."))));
}
}