public static bool VerifyCertificate(byte[] certData, string publicKey, out string message)
{
var chain = new X509Chain();
chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.IgnoreWrongUsage;
var cert = new X509Certificate2(certData);
bool success = chain.Build(cert);
if (chain.ChainStatus.Count() > 0)
message = string.Format("{0}\n{1}", chain.ChainStatus[0].Status, chain.ChainStatus[0].StatusInformation);
else
message = string.Empty;
if (!success)
return false;
if (cert.GetPublicKeyString() != publicKey)
{
message = "Public keys don't match";
return false;
}
return true;
}
public static Dictionary <string, string> ParseCert(byte[] certDER)
{
var ret = new Dictionary <string, string>();
try {
var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certDER);
//logger.Debug("X.509v3証明書の発行先であるプリンシパルの名前(古い形式)");
//logger.Debug(x509.GetName());
ret.Add("X.509v3証明書の形式の名前", x509.GetFormat());
ret.Add("バージョン", $"{x509.Version}");
ret.Add("シリアル番号", x509.GetSerialNumberString());
ret.Add("署名アルゴリズム", x509.SignatureAlgorithm.FriendlyName);
ret.Add("証明書を発行した証明機関の名前", x509.Issuer);
ret.Add("サブジェクトの識別名", x509.Subject);
ret.Add("証明書のハッシュ値の16進文字列", x509.GetCertHashString());
ret.Add("証明書の発効日", x509.GetEffectiveDateString());
ret.Add("証明書の失効日", x509.GetExpirationDateString());
ret.Add("キーアルゴリズム情報", x509.GetKeyAlgorithm());
ret.Add("キーアルゴリズムパラメータ", x509.GetKeyAlgorithmParametersString());
ret.Add("公開鍵", x509.GetPublicKeyString());
foreach (var extension in x509.Extensions)
{
/*
* if (extension.Oid.FriendlyName == "キー使用法") {
* var ext = (X509KeyUsageExtension)extension;
* ret.Add("Extension キー使用法", ext.KeyUsages.ToString());
* }
* if (extension.Oid.FriendlyName == "拡張キー使用法") {
* var ext = (X509EnhancedKeyUsageExtension)extension;
* string value = "";
* var oids = ext.EnhancedKeyUsages;
* foreach (var oid in oids) {
* value = value + oid.FriendlyName + "(" + oid.Value + ")";
* }
* ret.Add("Extension 拡張キー使用法", value);
* }
*/
ret.Add($"- Extension {extension.Oid.FriendlyName}", extension.Oid.Value);
}
//logger.Debug("X.509v3証明書を発行した証明機関の名前(古い形式)");
//logger.Debug(x509.GetIssuerName());
//logger.Debug("X.509証明書全体の生データ");
//logger.Debug(x509.GetRawCertDataString());
} catch (Exception ex) {
logger.Debug(ex);
}
return(ret);
}
public override void AssignSession(Session oS)
{
base.AssignSession(oS);
var dataItems = new List<DataItem>();
dataItems.Add(new DataItem("Is Https", oS.isHTTPS));
if (oS.isHTTPS && oS.oFlags.ContainsKey(CertificateStorage.CeritificateRequestPropertyName))
{
try
{
var thumbprint = oS.oFlags[CertificateStorage.CeritificateRequestPropertyName];
FiddlerApplication.Log.LogString(thumbprint);
if (CertificateStorage.Certificates.ContainsKey(thumbprint))
{
var certificate = CertificateStorage.Certificates[thumbprint];
var cert = new X509Certificate2(certificate);
_informationTab.Certificate = cert;
//most commonly desired information up top.
dataItems.InsertRange(0, new[] { new DataItem("FriendlyName", cert.FriendlyName),
new DataItem("Subject", cert.Subject),
new DataItem("Issuer", cert.Issuer),
new DataItem("Effective Date", cert.GetEffectiveDateString()),
new DataItem("Expiration Date", cert.GetExpirationDateString()),
new DataItem("Thumbprint", cert.Thumbprint),
new DataItem("------------------------", "------------------------")});
//alphabatized data properties below
dataItems.Add(new DataItem("Archived", cert.Archived));
dataItems.Add(new DataItem("FriendlyName", cert.FriendlyName));
dataItems.Add(new DataItem("Certficate Hash", cert.GetCertHashString()));
dataItems.Add(new DataItem("Certificate Format", cert.GetFormat()));
dataItems.Add(new DataItem("Effective Date", cert.GetEffectiveDateString()));
dataItems.Add(new DataItem("Expiration Date", cert.GetExpirationDateString()));
dataItems.Add(new DataItem("Full Issuer Name", cert.IssuerName.Format(true)));
dataItems.Add(new DataItem("Full Subject Name", cert.SubjectName.Format(true)));
dataItems.Add(new DataItem("Has Private Key", cert.HasPrivateKey));
dataItems.Add(new DataItem("Issuer", cert.Issuer));
dataItems.Add(new DataItem("Key Algorithm", cert.GetKeyAlgorithm()));
dataItems.Add(new DataItem("Key Algorithm Parameters", cert.GetKeyAlgorithmParametersString()));
dataItems.Add(new DataItem("Public Key", cert.GetPublicKeyString()));
dataItems.Add(new DataItem("Raw Certificate Data", cert.GetRawCertDataString()));
dataItems.Add(new DataItem("SerialNumberString", cert.GetSerialNumberString()));
dataItems.Add(new DataItem("Subject", cert.Subject));
dataItems.Add(new DataItem("Thumbprint", cert.Thumbprint));
dataItems.Add(new DataItem("Version", cert.Version));
dataItems.Add(new DataItem("------------------------", "------------------------"));
dataItems.Add(new DataItem("Extensions", string.Empty));
dataItems.Add(new DataItem("------------------------", "------------------------"));
foreach (var extension in cert.Extensions)
{
dataItems.Add(new DataItem(extension.Oid.FriendlyName, extension.Format(true)));
}
}
}
catch (Exception ex)
{
FiddlerApplication.Log.LogString("Unexpected error loading the assigned certificate." + ex.Message);
}
}
_informationTab.DataGrid.DataSource = dataItems;
}
