public bool IsCertificateTrusted(X509Certificate channelCertificate, CertificateProof proof)
{
var cert = new EphemeralCertificate(proof.EphemeralCertificate);
if (!(cert.ValidFrom <= DateTime.UtcNow && DateTime.UtcNow <= cert.ValidTo))
{
return(false);
}
if (!channelCertificate.GetRawCertData().SequenceEqual(cert.ClientCertificate))
{
return(false);
}
lock (m_syncRoot)
{
TryAgain:
if (!m_list.TryGetValue(HexToString(cert.TrustedCertThumbprint), out var data))
{
if (m_lastCertRefresh.ElapsedSeconds() > 60)//check at most once per minute
{
RebuildCerts();
goto TryAgain;
}
return(false);
}
return(cert.ValidateSignature(new X509Certificate2(data)));
}
}
private void createSaveProofButon_Click(object sender, EventArgs e)
{
if (DecryptPrivateKeyDialog.TryDecryptIfNessecary(this.certificate, "Sign Certificate Proof"))
{
var proof = new CertificateProof(this.createProofTextTextBox.Text);
var signedProof = new Signed<CertificateProof>(proof, this.certificate);
SaveFileDialog dialog = new SaveFileDialog();
dialog.Filter = ProofFileFilter;
dialog.Title = "Save Certificate Proof";
if (dialog.ShowDialog() == DialogResult.OK)
{
signedProof.Save(dialog.FileName);
}
}
}
public bool IsCertificateTrusted(CtpNetStream stream, CertificateProof proof)
{
var eph = new EphemeralCertificate(proof.EphemeralCertificate);
if (!TryFindCertificate(HexToString(eph.TrustedCertThumbprint), out var signingCert, out var account))
{
return(false);
}
if (!eph.ValidateSignature(signingCert))
{
return(false);
}
if (!account.IsIPAllowed(stream.RemoteEndpoint.Address))
{
return(false);
}
GrantPermissions(stream, account, eph.LoginName, eph.GrantedRoles, eph.DeniedRoles);
return(true);
}
public bool IsCertificateTrusted(X509Certificate channelCertificate, CertificateProof proof)
{
return(m_trustedRemotes.IsCertificateTrusted(channelCertificate, proof));
}
public bool IsCertificateTrusted(X509Certificate channelCertificate, CertificateProof proof)
{
throw new NotImplementedException();
}