public SysCertificateChain Request(TlsSocket socket, DistinguishedName[] issuers) { string serverCertificateFingerprint = BitConverter.ToString( socket.ServerCertificate.LeafCertificate.GetCertHash()); if (_chosenCertificates.Contains(serverCertificateFingerprint)) { return(_chosenCertificates[serverCertificateFingerprint] as SysCertificateChain); } SysCertificateStore my = new SysCertificateStore("MY"); SysCertificate[] certs; if (issuers.Length > 0) { certs = my.FindCertificates ( issuers, SysCertificateSearchFlags.IsTimeValid | SysCertificateSearchFlags.HasPrivateKey | SysCertificateSearchFlags.ClientAuthentication ); } else { certs = my.FindCertificates ( SysCertificateSearchFlags.IsTimeValid | SysCertificateSearchFlags.HasPrivateKey | SysCertificateSearchFlags.ClientAuthentication ); } if (certs.Length == 0) { return(null); } RequesetHandlerForm rhForm = new RequesetHandlerForm(); rhForm.LoadData(certs); if (rhForm.ShowDialog() == System.Windows.Forms.DialogResult.OK) { SysCertificateChain chain = null; if (rhForm.Certificate != null) { chain = SysCertificateChain.BuildFrom(rhForm.Certificate); } // save chosen certificate for the server in static HashTable _chosenCertificates.Add(serverCertificateFingerprint, chain); return(chain); } return(null); }
public TlsCertificateAcceptance Verify(TlsSocket socket, string commonName, CertificateChain certificateChain) { ValidationResult res = certificateChain.Validate(commonName, 0); if (res.Valid) { return(TlsCertificateAcceptance.Accept); } ValidationStatus status = res.Status; ValidationStatus[] values = (ValidationStatus[])Enum.GetValues(typeof(ValidationStatus)); bool showAddIssuerCaToTrustedCaStore = false; StringBuilder sb = new StringBuilder(); for (int i = 0; i < values.Length; i++) { if ((status & values[i]) == 0) { continue; } status ^= values[i]; string problem; switch (values[i]) { case ValidationStatus.TimeNotValid: problem = "Server certificate has expired or is not valid yet."; break; case ValidationStatus.Revoked: problem = "Server certificate has been revoked."; break; case ValidationStatus.UnknownCa: problem = "Server certificate was issued by an unknown authority."; break; case ValidationStatus.RootNotTrusted: problem = "Server certificate was issued by an untrusted authority."; if (certificateChain.RootCertificate != null) { showAddIssuerCaToTrustedCaStore = true; } break; case ValidationStatus.IncompleteChain: problem = "Server certificate does not chain up to a trusted root authority."; break; case ValidationStatus.Malformed: problem = "Server certificate is malformed."; break; case ValidationStatus.CnNotMatch: problem = "Server hostname does not match the certificate."; break; case ValidationStatus.UnknownError: problem = string.Format("Error {0:x} encountered while validating server's certificate.", res.ErrorCode); break; default: problem = values[i].ToString(); break; } sb.AppendFormat("{0}\r\n", problem); } Certificate cert = certificateChain.LeafCertificate; string certFingerprint = BitConverter.ToString(cert.GetCertHash()); // if certificate is already saved than return Accept if (acceptedCertificates.Contains(certFingerprint)) { return(TlsCertificateAcceptance.Accept); } VerifierForm certForm = new VerifierForm(); certForm.Problem = sb.ToString(); certForm.Hostname = cert.GetCommonName(); certForm.Subject = cert.GetSubjectName(); certForm.Issuer = cert.GetIssuerName(); certForm.ShowAddIssuerToTrustedCaStoreButton = showAddIssuerCaToTrustedCaStore; certForm.ValidFrom = cert.GetEffectiveDate().ToString(); certForm.ValidTo = cert.GetExpirationDate().ToString(); certForm.ShowDialog(); // add certificate of the issuer CA to truster authorities store if (certForm.AddIssuerCertificateAuthothorityToTrustedCaStore) { CertificateStore trustedCaStore = new CertificateStore(CertificateStoreName.Root); Certificate rootCertificate = certificateChain.RootCertificate; trustedCaStore.AddCertificate(rootCertificate); } if (certForm.Accepted) { // save accepted certificate for this session in static HashTable acceptedCertificates.Add(certFingerprint, cert); return(TlsCertificateAcceptance.Accept); } if ((res.Status & ValidationStatus.TimeNotValid) != 0) { return(TlsCertificateAcceptance.Expired); } if ((res.Status & ValidationStatus.Revoked) != 0) { return(TlsCertificateAcceptance.Revoked); } if ((res.Status & (ValidationStatus.UnknownCa | ValidationStatus.RootNotTrusted | ValidationStatus.IncompleteChain)) != 0) { return(TlsCertificateAcceptance.UnknownAuthority); } if ((res.Status & (ValidationStatus.Malformed | ValidationStatus.UnknownError)) != 0) { return(TlsCertificateAcceptance.Other); } return(TlsCertificateAcceptance.Bad); }