public ValidationResponse ValidateCertificate(X509Certificate2 certificate, X509Certificate2 issuer)
{
Org.BouncyCastle.X509.X509Certificate certificateBC = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certificate);
try
{
Asn1Object derAiaExtension = Asn1Object.FromByteArray(certificateBC.GetExtensionValue(new DerObjectIdentifier("1.3.6.1.5.5.7.1.1")).GetOctets());
Asn1InputStream asn1Stream = new Asn1InputStream(derAiaExtension.GetDerEncoded());
Asn1Sequence asn1Sequence = (Asn1Sequence)asn1Stream.ReadObject();
foreach (Asn1Encodable entry in asn1Sequence)
{
AccessDescription aiaEntry = AccessDescription.GetInstance(entry.ToAsn1Object());
if (aiaEntry.AccessMethod.Id == AccessDescription.IdADOcsp.Id)
{
Console.Out.WriteLine(aiaEntry.AccessLocation.ToString());
GeneralName gn = (GeneralName)aiaEntry.AccessLocation;
ValidationResponse validationResponse = ValidateCertificate(certificate, issuer, gn.Name.ToString());
if ((validationResponse.status == ValidationExtensions.Enums.CertificateStatus.VALID) ||
(validationResponse.status == ValidationExtensions.Enums.CertificateStatus.REVOKED))
{
return(validationResponse);
}
}
}
}
catch (NullReferenceException)
{
// No Access Information Exception
}
return(new ValidationResponse(ValidationExtensions.Enums.CertificateStatus.UNKNOWN));
}
private bool IsCA(X509Certificate certificate)
{
Asn1OctetString extension = certificate.GetExtensionValue(X509Extensions.BasicConstraints);
if (extension != null)
{
BasicConstraints constraint = BasicConstraints.GetInstance(
X509ExtensionUtilities.FromExtensionValue(extension));
if (constraint != null)
{
return(constraint.IsCA());
}
}
return(false);
}
protected static Asn1Object GetExtensionValue(X509Certificate cert, string oid)
{
if (cert == null)
{
return(null);
}
byte[] bytes = cert.GetExtensionValue(new DerObjectIdentifier(oid)).GetOctets();
if (bytes == null)
{
return(null);
}
Asn1InputStream aIn = new Asn1InputStream(bytes);
return(aIn.ReadObject());
}
private static bool ManualServerCertVerification(object sender,
X509Certificate certificate, X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
Console.WriteLine();
if (certificate is X509Certificate2 cert2)
{
Console.WriteLine("X509Certificate2");
try
{
byte[] rawdata = cert2.RawData;
Console.WriteLine(" Content Type: " + X509Certificate2.GetCertContentType(rawdata));
Console.WriteLine(" Friendly Name: " + cert2.FriendlyName);
Console.WriteLine(" Certificate Verified?: " + cert2.Verify());
Console.WriteLine(" Simple Name: " + cert2.GetNameInfo(X509NameType.SimpleName, true));
Console.WriteLine(" Signature Algorithm: " + cert2.SignatureAlgorithm.FriendlyName);
// Console.WriteLine(" Public Key: " + cert2.PublicKey.Key.ToXmlString(false));
Console.WriteLine(" Certificate Archived?: " + cert2.Archived);
Console.WriteLine(" Length of Raw Data: " + cert2.RawData.Length);
}
catch (CryptographicException)
{
Console.WriteLine("Information could not be written out for this certificate.");
}
Console.WriteLine();
Console.WriteLine("X509Certificate2 Extensions");
foreach (X509Extension ext in cert2.Extensions)
{
Console.WriteLine(" " + ext.GetType().Name
+ "\n Oid: " + ext.Oid.FriendlyName
+ "\n Critical: " + ext.Critical
+ "\n Raw Len: " + ext.RawData.Length);
if (ext is X509BasicConstraintsExtension bcExt)
{
Console.WriteLine(" CA: " + bcExt.CertificateAuthority);
Console.WriteLine(" HPLC: " + bcExt.HasPathLengthConstraint);
Console.WriteLine(" PLC: " + bcExt.PathLengthConstraint);
}
else if (ext is X509KeyUsageExtension kuExt)
{
Console.WriteLine(" Usages: " + kuExt.KeyUsages);
}
else if (ext is X509EnhancedKeyUsageExtension ekuExt)
{
if (ekuExt.EnhancedKeyUsages.Count > 0)
{
Console.WriteLine(" Enhanced Key Usages");
foreach (Oid oid in ekuExt.EnhancedKeyUsages)
{
Console.WriteLine(" " + oid.FriendlyName);
}
}
}
else if (ext is X509SubjectKeyIdentifierExtension skiExt)
{
Console.WriteLine(" Subject Key Identifier: " + skiExt.SubjectKeyIdentifier);
}
}
Console.WriteLine();
}
Console.WriteLine("sslPolicyErrors");
Console.WriteLine(" " + sslPolicyErrors);
Console.WriteLine();
if (chain != null)
{
Console.WriteLine("X509Chain Statuses");
foreach (X509ChainStatus cs in chain.ChainStatus)
{
Console.WriteLine(" " + cs.Status + " | " + cs.StatusInformation);
}
Console.WriteLine();
}
// ------------------------------------------------------------------------------------------
// BouncyCastle
// ------------------------------------------------------------------------------------------
Org.BouncyCastle.X509.X509Certificate bcX509 = DotNetUtilities.FromX509Certificate(certificate);
Console.WriteLine("BouncyCastle X509Certificate");
Console.WriteLine(" " + bcX509.CertificateStructure);
Console.WriteLine(" " + bcX509.IsValidNow);
Console.WriteLine(" " + bcX509.NotBefore);
Console.WriteLine(" " + bcX509.NotAfter);
Console.WriteLine(" " + bcX509.SigAlgName);
Console.WriteLine(" " + bcX509.SigAlgOid);
if (bcX509.GetExtendedKeyUsage().Count > 0)
{
Console.WriteLine(" Extended Key Usage");
foreach (var eku in bcX509.GetExtendedKeyUsage())
{
Console.WriteLine(" " + eku);
}
}
void InspectExtension(ISet extSet, string label)
{
if (extSet.Count > 0)
{
Console.WriteLine(" " + label);
foreach (string oid in extSet)
{
try
{
Asn1OctetString asn = bcX509.GetExtensionValue(new DerObjectIdentifier(oid));
Console.WriteLine(" Oid: " + oid + " | Asn: " + asn);
}
catch (Exception e)
{
Console.WriteLine(e);
}
}
}
}
InspectExtension(bcX509.GetNonCriticalExtensionOids(), "Non Critical Extensions");
InspectExtension(bcX509.GetCriticalExtensionOids(), "Critical Extensions");
return(true); // true if the cert is okay, false if it not
}
