private static SpkiHashesModel CalculateHashes(X509Certificate2 certificate, bool reportOnly, PublicPinnedKeys pinnedKeys)
{
var sha256 = CertificateHashBuilder.BuildHashForPublicKey <SHA256CryptoServiceProvider>(certificate);
var model = new SpkiHashesModel
{
Hashes = new ObservableCollection <SpkiHashModel>
{
new SpkiHashModel
{
ReportOnly = reportOnly,
Algorithm = PinAlgorithm.SHA256,
HashBase64 = sha256,
IsPinned = pinnedKeys?.PinnedKeys?.Any(pk => pk.FingerprintBase64 == sha256) ?? false
},
}
};
return(model);
}
private CertificateModel AssignCertificate(X509ChainElement chainElement, bool reportOnly, PublicPinnedKeys pinnedKey, X509Chain chain, int index)
{
var certificate = chainElement.Certificate;
var algorithmBits = BitStrengthCalculator.CalculateStrength(certificate);
var dn = DistinguishedNameParser.Parse(certificate.Subject);
return(new CertificateModel
{
CommonName = dn.ContainsKey("cn") ? dn["cn"].FirstOrDefault() ?? certificate.Thumbprint : certificate.Thumbprint,
Thumbprint = certificate.Thumbprint,
DistinguishedName = dn,
SubjectAlternativeName = certificate.Extensions[KnownOids.X509Extensions.SubjectAltNameExtension]?.Format(false) ?? "None",
PublicKey = new PublicKeyModel
{
Algorithm = algorithmBits.AlgorithmName,
KeySizeBits = algorithmBits.BitSize,
PublicKey = certificate.PublicKey.EncodedKeyValue.RawData
},
BeginDate = certificate.NotBefore,
EndDate = certificate.NotAfter,
SerialNumber = certificate.SerialNumber ?? "None",
SignatureAlgorithm = new SignatureAlgorithmModel
{
SignatureAlgorithm = certificate.SignatureAlgorithm,
IsTrustedRoot = _rootStore.Certificates.Contains(certificate) || _userStore.Certificates.Contains(certificate)
},
CertificateType = index == 0 ? GetCertificateType(certificate, chain) : CertificateType.None,
Errors = new AsyncProperty <CertificateErrors>(Task.Factory.StartNew(() => CertificateErrorsCalculator.GetCertificateErrors(chainElement))),
SpkiHashes = new AsyncProperty <SpkiHashesModel>(Task.Factory.StartNew(() => CalculateHashes(chainElement.Certificate, reportOnly, pinnedKey))),
InstallCommand = new RelayCommand(parameter => CertificateUI.ShowImportCertificate(chainElement.Certificate, FiddlerApplication.UI)),
ViewCommand = new RelayCommand(parameter => CertificateUI.ShowCertificate(chainElement.Certificate, FiddlerApplication.UI))
});
}
private static SpkiHashesModel CalculateHashes(X509Certificate2 certificate, bool reportOnly, PublicPinnedKeys pinnedKeys)
{
var sha256 = CertificateHashBuilder.BuildHashForPublicKeyBinary<SHA256CryptoServiceProvider>(certificate);
var model = new SpkiHashesModel
{
Hashes = new ObservableCollection<SpkiHashModel>
{
new SpkiHashModel
{
ReportOnly = reportOnly,
Algorithm = PinAlgorithm.SHA256,
Hash = sha256,
IsPinned = pinnedKeys?.PinnedKeys?.Any(pk => pk.Fingerprint.SequenceEqual(sha256)) ?? false
},
}
};
return model;
}
private CertificateModel AssignCertificate(X509ChainElement chainElement, bool reportOnly, PublicPinnedKeys pinnedKey, X509Chain chain, int index)
{
var certificate = chainElement.Certificate;
var algorithmBits = BitStrengthCalculator.CalculateStrength(certificate);
var dn = DistinguishedNameParser.Parse(certificate.Subject);
return new CertificateModel
{
CommonName = dn.ContainsKey("cn") ? dn["cn"].FirstOrDefault() ?? certificate.Thumbprint : certificate.Thumbprint,
Thumbprint = certificate.Thumbprint,
DistinguishedName = dn,
SubjectAlternativeName = certificate.Extensions[KnownOids.X509Extensions.SubjectAltNameExtension]?.Format(false) ?? "None",
PublicKey = new PublicKeyModel
{
Algorithm = algorithmBits.AlgorithmName,
KeySizeBits = algorithmBits.BitSize,
PublicKey = certificate.PublicKey.EncodedKeyValue.RawData
},
BeginDate = certificate.NotBefore,
EndDate = certificate.NotAfter,
SerialNumber = certificate.SerialNumber ?? "None",
SignatureAlgorithm = new SignatureAlgorithmModel
{
SignatureAlgorithm = certificate.SignatureAlgorithm,
IsTrustedRoot = _rootStore.Certificates.Contains(certificate) || _userStore.Certificates.Contains(certificate)
},
CertificateType = index == 0 ? GetCertificateType(certificate, chain) : CertificateType.None,
CertificateCtModel = new AsyncProperty<CertificateCtModel>(Task.Factory.StartNew(() => GetCtModel(certificate))),
Errors = new AsyncProperty<CertificateErrors>(Task.Factory.StartNew(() => CertificateErrorsCalculator.GetCertificateErrors(chainElement))),
SpkiHashes = new AsyncProperty<SpkiHashesModel>(Task.Factory.StartNew(() => CalculateHashes(chainElement.Certificate, reportOnly, pinnedKey))),
InstallCommand = new RelayCommand(parameter => CertificateUI.ShowImportCertificate(chainElement.Certificate, FiddlerApplication.UI)),
ViewCommand = new RelayCommand(parameter => CertificateUI.ShowCertificate(chainElement.Certificate, FiddlerApplication.UI)),
BrowseCommand = new RelayCommand(parameter =>
{
var uri = parameter as Uri;
if (uri?.Scheme == Uri.UriSchemeHttps)
{
Process.Start(uri.AbsoluteUri);
}
})
};
}
private CertificateModel AssignCertificate(X509ChainElement chainElement, bool reportOnly, PublicPinnedKeys pinnedKey)
{
var certificate = chainElement.Certificate;
var algorithmBits = BitStrengthCalculator.CalculateStrength(certificate);
var dn = DistinguishedNameParser.Parse(certificate.Subject);
return new CertificateModel
{
CommonName = dn.ContainsKey("cn") ? dn["cn"].FirstOrDefault() ?? certificate.Thumbprint : certificate.Thumbprint,
Thumbprint = certificate.Thumbprint,
SubjectAlternativeName = certificate.Extensions[KnownOids.X509Extensions.SubjectAltNameExtension]?.Format(false) ?? "None",
PublicKey = new PublicKeyModel
{
Algorithm = algorithmBits.AlgorithmName,
KeySizeBits = algorithmBits.BitSize,
PublicKey = certificate.PublicKey.EncodedKeyValue.RawData
},
BeginDate = certificate.NotBefore,
EndDate = certificate.NotAfter,
SignatureAlgorithm = new SignatureAlgorithmModel
{
SignatureAlgorithm = certificate.SignatureAlgorithm,
IsTrustedRoot = _rootStore.Certificates.Contains(certificate) || _userStore.Certificates.Contains(certificate)
},
Errors = new AsyncProperty<CertificateErrors>(Task.Factory.StartNew(() => CertificateErrorsCalculator.GetCertificateErrors(chainElement))),
SpkiHashes = new AsyncProperty<SpkiHashesModel>(Task.Factory.StartNew(() => CalculateHashes(chainElement.Certificate, reportOnly, pinnedKey))),
InstallCommand = new RelayCommand(parameter => CertificateUI.ShowImportCertificate(chainElement.Certificate)),
ViewCommand = new RelayCommand(parameter => CertificateUI.ShowCertificate(chainElement.Certificate))
};
}
