public static AuthContext CreateAuthContext(X509Certificate2 clientCertificate) { // Map X509Certificate2 values to AuthContext. The name/values come BoringSSL via C Core // https://github.com/grpc/grpc/blob/a3cc5361e6f6eb679ccf5c36ecc6d0ca41b64f4f/src/core/lib/security/security_connector/ssl_utils.cc#L206-L248 var properties = new Dictionary <string, List <AuthProperty> >(StringComparer.Ordinal); string?peerIdentityPropertyName = null; var dnsNames = X509CertificateHelpers.GetDnsFromExtensions(clientCertificate); foreach (var dnsName in dnsNames) { AddProperty(properties, X509CertificateHelpers.X509SubjectAlternativeNameKey, dnsName); if (peerIdentityPropertyName == null) { peerIdentityPropertyName = X509CertificateHelpers.X509SubjectAlternativeNameKey; } } var commonName = clientCertificate.GetNameInfo(X509NameType.SimpleName, false); if (commonName != null) { AddProperty(properties, X509CertificateHelpers.X509CommonNameKey, commonName); if (peerIdentityPropertyName == null) { peerIdentityPropertyName = X509CertificateHelpers.X509CommonNameKey; } } return(new AuthContext(peerIdentityPropertyName, properties));
internal static AuthContext CreateAuthContext(X509Certificate2 clientCertificate) { Dictionary <string, List <AuthProperty> > properties2 = new Dictionary <string, List <AuthProperty> >(StringComparer.Ordinal); string peerIdentityPropertyName = null; string[] dnsFromExtensions = X509CertificateHelpers.GetDnsFromExtensions(clientCertificate); foreach (string dnsName in dnsFromExtensions) { AddProperty(properties2, "x509_subject_alternative_name", dnsName); if (peerIdentityPropertyName == null) { peerIdentityPropertyName = "x509_subject_alternative_name"; } } string commonName = clientCertificate.GetNameInfo(X509NameType.SimpleName, forIssuer: false); if (commonName != null) { AddProperty(properties2, "x509_common_name", commonName); if (peerIdentityPropertyName == null) { peerIdentityPropertyName = "x509_common_name"; } } return(new AuthContext(peerIdentityPropertyName, properties2));
public Task <IEnumerable <X509Certificate2> > GetCertificatesAsync(CancellationToken cancellationToken) { var domainNames = new HashSet <string>(_options.Value.DomainNames); var result = new List <X509Certificate2>(); var certs = _store.Certificates.Find(X509FindType.FindByTimeValid, DateTime.Now, validOnly: !AllowInvalidCerts); foreach (var cert in certs) { if (!cert.HasPrivateKey) { continue; } foreach (var dnsName in X509CertificateHelpers.GetAllDnsNames(cert)) { if (domainNames.Contains(dnsName)) { result.Add(cert); break; } } } return(Task.FromResult(result.AsEnumerable())); }
public void JustReturnAnyValue() { //Cannot test since each user will have different result. Trust me, it's works. //Act var result = X509CertificateHelpers.GetValidUserCertificates(); //Assert Assert.IsNotNull(result); }
public void InvalidPassword() { //Arrange var PFX_CERTIFICATE_STREAM = new MemoryStream(Properties.Resources.certificate); var INVALID_PASSWORD = "******"; //Act var isValid = X509CertificateHelpers.VerifyPassword(PFX_CERTIFICATE_STREAM, INVALID_PASSWORD); //Assert Assert.IsFalse(isValid); }
public void NormalUse() { //Arrange var PFX_CERTIFICATE_STREAM = new MemoryStream(Properties.Resources.certificate); var VALID_PASSWORD = "******"; var EXPECTED_DATE = new DateTime(2029, 7, 31, 17, 20, 41, DateTimeKind.Utc); //Act var expirationDate = X509CertificateHelpers.GetExpirationDate(PFX_CERTIFICATE_STREAM, VALID_PASSWORD).ToUniversalTime(); //Assert Assert.AreEqual(EXPECTED_DATE, expirationDate); }