public X509Chain(byte[][] encoded, byte[][] encodedRev) { this.encoded = encoded; this.encodedRev = encodedRev; int n = encoded.Length; elements = new X509Cert[n]; elementsRev = new X509Cert[n]; thumbprints = new string[n]; thumbprintsRev = new string[n]; decodingIssues = new string[n]; decodingIssuesRev = new string[n]; decodable = (n > 0); for (int i = 0; i < n; i++) { X509Cert xc; string msg; try { xc = new X509Cert(encoded[i]); msg = null; } catch (Exception e) { xc = null; msg = e.Message; if (msg == null) { msg = e.GetType().FullName; } decodable = false; } elements[i] = xc; elementsRev[n - 1 - i] = xc; decodingIssues[i] = msg; decodingIssuesRev[n - 1 - i] = msg; string tt = M.DoSHA1(encoded[i]).ToUpperInvariant(); thumbprints[i] = tt; thumbprintsRev[n - 1 - i] = tt; } if (decodable) { goodNameChaining = true; X509Cert lc = elementsRev[0]; IDictionary <string, bool> sghf = new SortedDictionary <string, bool>( StringComparer.Ordinal); if (!lc.SelfIssued) { sghf[lc.HashAlgorithm] = true; } for (int i = 1; i < n; i++) { X509Cert ca = elementsRev[i]; if (!ca.SelfIssued) { sghf[ca.HashAlgorithm] = true; } if (!ca.Subject.Equals(lc.Issuer)) { goodNameChaining = false; } lc = ca; } includesRoot = lc.Subject.Equals(lc.Issuer); signHashes = new string[sghf.Count]; int k = 0; foreach (string name in sghf.Keys) { signHashes[k++] = name; } } else { goodNameChaining = false; includesRoot = false; signHashes = null; } hash = M.DoSHA1(encodedRev); }
public static void UpdateReportAggregator(ReportAggregator aggregator, Report report) { String serverUnderTest = $"{report.ConnName}:{report.ConnPort}"; if (report.SSLv2Chain != null) { aggregator.AddSsl2Cert(serverUnderTest, report.SSLv2Chain); X509Cert xc = report.SSLv2Chain.ElementsRev[0]; if (xc != null && xc.ValidTo.CompareTo(DateTime.Now) < 0) { aggregator.AddOverduedCertificate(serverUnderTest, xc.ValidTo); } } if (report.ssl2Suites != null && report.ssl2Suites.Length > 0) { aggregator.AddSuportedSslVersion(M.VersionString(M.SSLv20)); foreach (int s in report.ssl2Suites) { aggregator.AddSupportedCipherSuite(CipherSuite.ToNameV2(s)); } } aggregator.AddSsl3Certs(serverUnderTest, report.chains.Values); InspectCerts(aggregator, report, serverUnderTest); foreach (int v in report.suites.Keys) { aggregator.AddSuportedSslVersion(M.VersionString(v)); SupportedCipherSuites scs = report.suites[v]; if (scs.PrefClient) { aggregator.AddCipherSuiteSelectionMode("uses client preferences"); } else if (scs.PrefServer) { aggregator.AddCipherSuiteSelectionMode("enforce server preferences"); } else { aggregator.AddCipherSuiteSelectionMode("complex"); } foreach (int s in scs.Suites) { CipherSuite cs; string strength; string fsf; string anon; string kt; if (CipherSuite.ALL.TryGetValue(s, out cs)) { strength = cs.Strength.ToString(); fsf = cs.HasForwardSecrecy ? "f" : "-"; anon = cs.IsAnonymous ? "A" : "-"; kt = cs.ServerKeyType; } else { strength = "?"; fsf = "?"; anon = "?"; kt = "?"; } aggregator.AddSupportedCipherSuite($"{strength}{fsf}{anon} (key: {kt,4}) {CipherSuite.ToName(s)}"); } } foreach (var warning in report.Warnings) { aggregator.AddWarning(warning.Value); } }