Ejemplo n.º 1
0
 public void OnVerify(SecureSocket socket, Certificate remote, CertificateChain chain, VerifyEventArgs e)
 {
     Console.WriteLine("\r\nThe certificate of the FTP server:");
     Console.WriteLine(remote.ToString(true) + "\r\n");
     // certificate chain verification can be placed here
 }
Ejemplo n.º 2
0
		private void stream_OnCertVerify(SecureSocket sock, Certificate cert, CertificateChain chain, VerifyEventArgs e)
		{
			isSecurityChanging = false;
			raiseCertificateVerifiedEvent(EventArgs.Empty);
		}
Ejemplo n.º 3
0
 protected void VerifyChain(CertificateChain chain, bool client)
 {
     VerifyEventArgs e = new VerifyEventArgs();
     switch(m_Options.VerificationType) {
         case CredentialVerification.Manual:
             try {
                 m_Options.Verifier(Parent, m_RemoteCertificate, chain, e);
             } catch (Exception de) {
                 throw new SslException(de, AlertDescription.InternalError, "The code inside the CertVerifyEventHandler delegate threw an exception.");
             }
             break;
         case CredentialVerification.Auto:
             if (chain != null)
                 e.Valid = (chain.VerifyChain(m_Options.CommonName, client ? AuthType.Client : AuthType.Server) == CertificateStatus.ValidCertificate);
             else
                 e.Valid = false;
             break;
         case CredentialVerification.AutoWithoutCName:
             if (chain != null)
                 e.Valid = (chain.VerifyChain(m_Options.CommonName, client ? AuthType.Client : AuthType.Server, VerificationFlags.IgnoreInvalidName) == CertificateStatus.ValidCertificate);
             else
                 e.Valid = false;
             break;
         case CredentialVerification.None:
         default:
             e.Valid = true;
             break;
     }
     if (!e.Valid) {
         throw new SslException(AlertDescription.CertificateUnknown, "The certificate could not be verified.");
     }
 }
Ejemplo n.º 4
0
 private void CheckServerCertAtClient(SecureSocket socket, Certificate cert, CertificateChain chain, VerifyEventArgs args) {
     Debug.WriteLine("check the server certificate event");
     args.Valid = m_clientAuth.IsValidServerCertificate(cert, chain, ((IPEndPoint)socket.RemoteEndPoint).Address);
 }
Ejemplo n.º 5
0
 private void CheckClientCertAtServer(SecureSocket socket, Certificate clientCertificate, CertificateChain allClientCertificates,
                                      VerifyEventArgs args) {
     Debug.WriteLine("check the client certificate event");
     if (allClientCertificates != null) {
         args.Valid = m_serverAuth.IsValidClientCertificate(clientCertificate,
                                                            allClientCertificates, ((IPEndPoint)socket.RemoteEndPoint).Address);
     } else {
         args.Valid = !((m_requiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0);
     }
 }
Ejemplo n.º 6
0
        private void verifyLevel3Authentication( SecureSocket socket,
                                                 Certificate cert,
                                                 CertificateChain chain,
                                                 VerifyEventArgs e
            )
        {
            try
            {
                // Verify level 2 first
                verifyLevel2Authentication( socket, cert, chain, e );
                if ( !e.Valid )
                {
                    return;
                }

                // Verify that the host name or IP matches the subject on the certificate
                // ( Level3 authentication )
                // First, get the "CN=" name from the certificate
                string commonName = null;
                DistinguishedName certificateName = cert.GetDistinguishedName();
                for ( int a = 0; a < certificateName.Count; a++ )
                {
                    NameAttribute part = certificateName[a];
                    if ( part.ObjectID == OID_CN )
                    {
                        commonName = part.Value;
                        break;
                    }
                }
                if ( commonName == null )
                {
                    if ( (Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0 )
                    {
                        log.Warn
                            ( "Client Certificate fails SIF Level 3 Authentication: common name attribute not found." );
                    }
                    e.Valid = false;
                    return;
                }

                if( String.Compare( commonName, "localhost", true ) == 0 )
                {
                    commonName = "127.0.0.1";
                }

                // Does it match the IP Address?
                IPEndPoint remoteEndPoint = (IPEndPoint) socket.RemoteEndPoint;
                if ( remoteEndPoint.Address.ToString() == commonName )
                {
                    e.Valid = true;
                    return;
                }

                // Does it match the common name of the client machine?
                IPHostEntry entry = GetHostByAddress( remoteEndPoint.Address );
                if ( entry == null )
                {
                    if ( (Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0 )
                    {
                        log.Warn
                            ( "Client Certificate fails SIF Level 3 Authentication: Host Name not found for Address " +
                              remoteEndPoint.Address.ToString() );
                    }
                    e.Valid = false;
                    return;
                }

                if ( string.Compare( commonName, entry.HostName, true ) == 0 )
                {
                    e.Valid = true;
                    return;
                }

                // No match was found
                e.Valid = false;
                if ( (Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0 )
                {
                    log.Warn
                        ( "Client Certificate fails SIF Level 3 Authentication: Certificate Common Name=" +
                          commonName + ". Does not match client IP / Host: " +
                          remoteEndPoint.Address.ToString() + " / " + socket.CommonName );
                }
            }
            catch ( Exception ex )
            {
                if ( (Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0 )
                {
                    log.Warn
                        ( "Client Certificate fails SIF Level 3 Authentication: " + ex.Message, ex );
                }
                e.Valid = false;
            }
        }
Ejemplo n.º 7
0
        private void verifyLevel2Authentication( SecureSocket socket,
                                                 Certificate cert,
                                                 CertificateChain chain,
                                                 VerifyEventArgs e
            )
        {
            // Verify level 1 first
            verifyLevel1Authentication( socket, cert, chain, e );
            if ( !e.Valid )
            {
                return;
            }

            CertificateStatus certStatus =
                chain.VerifyChain( null, AuthType.Client, VerificationFlags.IgnoreInvalidName );
            if ( certStatus != CertificateStatus.ValidCertificate )
            {
                if ( (Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0 )
                {
                    log.Warn
                        ( "Client Certificate is not trusted and fails SIF Level 2 Authentication: " +
                          certStatus.ToString() );
                }
                e.Valid = false;
            }
            else
            {
                e.Valid = true;
            }
        }
Ejemplo n.º 8
0
 private void verifyLevel1Authentication( SecureSocket socket,
                                          Certificate cert,
                                          CertificateChain chain,
                                          VerifyEventArgs e
     )
 {
     if ( cert == null )
     {
         if ( (Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0 )
         {
             log.Warn( "Client Certificate is missing and fails SIF Level 1 Authentication" );
         }
         e.Valid = false;
     }
     else if ( !cert.IsCurrent )
     {
         if ( (Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0 )
         {
             log.Warn( "Client Certificate is invalid and fails SIF Level 1 Authentication" );
         }
         e.Valid = false;
     }
     else
     {
         e.Valid = true;
     }
 }
Ejemplo n.º 9
0
 /// <summary>
 /// This method is called when the SecureSocket received the remote
 /// certificate and when the certificate validation type is set to Manual.
 /// </summary>
 /// <param name="socket">The <see cref="SecureSocket"/> that received the certificate to verify.</param>
 /// <param name="remote">The <see cref="Certificate"/> of the remote party to verify.</param>
 /// <param name="chain">The <see cref="CertificateChain"/> associated with the remote certificate.</param>
 /// <param name="e">A <see cref="VerifyEventArgs"/> instance used to (in)validate the certificate.</param>
 /// <remarks>If an error is thrown by the code in the delegate, the SecureSocket will close the connection.</remarks>
 protected void OnVerify(SecureSocket socket, Certificate remote, CertificateChain chain, VerifyEventArgs e)
 {
     // get all the certificates from the certificate chain ..
     Certificate[] certs = chain.GetCertificates();
     // .. and print them out in the console
     for(int i = 0; i < certs.Length; i++) {
         Console.WriteLine(certs[i].ToString(true));
     }
     // print out the result of the chain verification
     Console.WriteLine(chain.VerifyChain(socket.CommonName, AuthType.Server));
 }
Ejemplo n.º 10
0
 /// <summary>
 /// Verifies a certificate received from the remote host.
 /// </summary>
 /// <param name="socket">The SecureSocket that received the certificate.</param>
 /// <param name="remote">The received certificate.</param>
 /// <param name="e">The event parameters.</param>
 protected void OnVerify(SecureSocket socket, Certificate remote, CertificateChain chain, VerifyEventArgs e)
 {
     CertificateChain cc = new CertificateChain(remote);
     Console.WriteLine("\r\nServer Certificate:\r\n-------------------");
     Console.WriteLine(remote.ToString(true));
     Console.Write("\r\nServer Certificate Verification:\r\n--------------------------------\r\n    -> ");
     Console.WriteLine(cc.VerifyChain(socket.CommonName, AuthType.Server).ToString() + "\r\n");
 }