public CertificateProbe(ProbeConfig config, string logFilePath)
{
doFind_ = !String.IsNullOrWhiteSpace(config.FindValue);
doProbe_ = !String.IsNullOrWhiteSpace(config.ServerUri);
if (doFind_)
{
localStore_ = config.StoreName;
localFindType_ = Enum.Parse <X509FindType>(config.FindType);
localFindValue_ = config.FindValue;
}
logger_ = new Logger(logFilePath);
if (doProbe_)
{
serverCertExplorer_ = new ServerCertExplorer(config.ServerUri, config.Ports, logger_);
}
probeDriver_ = ConfigureProbeDriver(TimeSpan.FromSeconds(config.TimerInterval));
CertExplorer.Logger = logger_;
CertExplorer.Config = new CertExplorerConfig {
DoVerboseLogging = false,
FindType = config.FindType,
FindValue = localFindValue_,
StoreName = localStore_,
LogLevel = config.LogLevel
};
}
public static void Probe(object state)
{
string correlationId = Guid.NewGuid().ToString("N").Substring(16);
ServerCertExplorer typedState = (ServerCertExplorer)state;
var overallProbe = true;
var overallAtRisk = false;
typedState.logger_.Log(LogLevel.Info, $"{DateTime.UtcNow.ToString("u")} | {correlationId} | === beginning remote certificate probing");
try
{
foreach (var port in typedState.ports_)
{
using (var tcpClient = new TcpClient()
{
ReceiveTimeout = 5000, SendTimeout = 5
})
{
typedState.logger_.Log(LogLevel.Info, $"{DateTime.UtcNow.ToString("u")} | {correlationId} | endpoint probe | probing {typedState.serverUri_}:{port}..");
var portResult = typedState.TryProbeServerEndpoint(tcpClient, typedState.serverUri_, port, out X509Certificate2 serverCert);
overallProbe &= portResult;
if (!portResult)
{
typedState.logger_.Log(LogLevel.Info, $"{DateTime.UtcNow.ToString("u")} | {correlationId} | endpoint probe | failed to retrieve server cert for {typedState.serverUri_}:{port}");
continue;
}
if (serverCert == null)
{
typedState.logger_.Log(LogLevel.Info, $"{DateTime.UtcNow.ToString("u")} | {correlationId} | endpoint probe | server at {typedState.serverUri_}:{port} did not present a certificate");
continue;
}
var serverCertCN = serverCert.GetNameInfo(X509NameType.SimpleName, forIssuer: false);
var serverCertIssuer = serverCert.GetNameInfo(X509NameType.SimpleName, forIssuer: true);
var portAtRisk = serverCertIssuer.Contains(v1IssuerPrefix);
overallAtRisk |= portAtRisk;
var serverCertDesc = String.Format($"TP={serverCert.Thumbprint}, CN={serverCertCN}, issued by: {serverCertIssuer}, NBF={serverCert.NotBefore.ToShortDateString()}, NA={serverCert.NotAfter.ToShortDateString()}, at risk: {(portAtRisk ? "YES" : "no")}");
typedState.logger_.Log(LogLevel.Info, $"{DateTime.UtcNow.ToString("u")} | {correlationId} | endpoint probe | server at {typedState.serverUri_}:{port} presented cert {serverCertDesc}");
}
}
}
catch (Exception ex)
{
typedState.logger_.Log(LogLevel.Info, $"encountered {ex.GetType()}: {ex.Message}");
}
finally
{
var status = overallProbe ? (overallAtRisk? "YES" : "no") : ("undetermined");
typedState.logger_.Log(LogLevel.Info, $"{DateTime.UtcNow.ToString("u")} | {correlationId} | === completed probing {typedState.serverUri_}; overall probing: {(overallProbe ? "succeeded" : "failed")}; overall at risk: {status}");
}
}
public CertificateProbe(
string localCertStoreName,
X509FindType localCertFindType,
string localCertFindValue,
string serverUri,
int[] ports,
TimeSpan observationInterval,
string logFilePath)
{
if (String.IsNullOrWhiteSpace(localCertStoreName))
{
throw new ArgumentException(nameof(localCertStoreName));
}
if (String.IsNullOrWhiteSpace(localCertFindValue))
{
throw new ArgumentException(nameof(localCertFindValue));
}
if (String.IsNullOrWhiteSpace(serverUri))
{
throw new ArgumentException(nameof(serverUri));
}
localStore_ = localCertStoreName;
localFindType_ = localCertFindType;
localFindValue_ = localCertFindValue;
logger_ = new Logger(logFilePath);
serverCertExplorer_ = new ServerCertExplorer(serverUri, ports, logger_);
probeDriver_ = ConfigureProbeDriver(observationInterval);
doFind_ = true;
doProbe_ = true;
CertExplorer.Logger = logger_;
CertExplorer.Config = new CertExplorerConfig {
DoVerboseLogging = false
};
}
