public static AuthContext CreateAuthContext(X509Certificate2 clientCertificate)
{
// Map X509Certificate2 values to AuthContext. The name/values come BoringSSL via C Core
// https://github.com/grpc/grpc/blob/a3cc5361e6f6eb679ccf5c36ecc6d0ca41b64f4f/src/core/lib/security/security_connector/ssl_utils.cc#L206-L248
var properties = new Dictionary <string, List <AuthProperty> >(StringComparer.Ordinal);
string?peerIdentityPropertyName = null;
var dnsNames = X509CertificateHelpers.GetDnsFromExtensions(clientCertificate);
foreach (var dnsName in dnsNames)
{
AddProperty(properties, X509CertificateHelpers.X509SubjectAlternativeNameKey, dnsName);
if (peerIdentityPropertyName == null)
{
peerIdentityPropertyName = X509CertificateHelpers.X509SubjectAlternativeNameKey;
}
}
var commonName = clientCertificate.GetNameInfo(X509NameType.SimpleName, false);
if (commonName != null)
{
AddProperty(properties, X509CertificateHelpers.X509CommonNameKey, commonName);
if (peerIdentityPropertyName == null)
{
peerIdentityPropertyName = X509CertificateHelpers.X509CommonNameKey;
}
}
return(new AuthContext(peerIdentityPropertyName, properties));
internal static AuthContext CreateAuthContext(X509Certificate2 clientCertificate)
{
Dictionary <string, List <AuthProperty> > properties2 = new Dictionary <string, List <AuthProperty> >(StringComparer.Ordinal);
string peerIdentityPropertyName = null;
string[] dnsFromExtensions = X509CertificateHelpers.GetDnsFromExtensions(clientCertificate);
foreach (string dnsName in dnsFromExtensions)
{
AddProperty(properties2, "x509_subject_alternative_name", dnsName);
if (peerIdentityPropertyName == null)
{
peerIdentityPropertyName = "x509_subject_alternative_name";
}
}
string commonName = clientCertificate.GetNameInfo(X509NameType.SimpleName, forIssuer: false);
if (commonName != null)
{
AddProperty(properties2, "x509_common_name", commonName);
if (peerIdentityPropertyName == null)
{
peerIdentityPropertyName = "x509_common_name";
}
}
return(new AuthContext(peerIdentityPropertyName, properties2));
public Task <IEnumerable <X509Certificate2> > GetCertificatesAsync(CancellationToken cancellationToken)
{
var domainNames = new HashSet <string>(_options.Value.DomainNames);
var result = new List <X509Certificate2>();
var certs = _store.Certificates.Find(X509FindType.FindByTimeValid,
DateTime.Now,
validOnly: !AllowInvalidCerts);
foreach (var cert in certs)
{
if (!cert.HasPrivateKey)
{
continue;
}
foreach (var dnsName in X509CertificateHelpers.GetAllDnsNames(cert))
{
if (domainNames.Contains(dnsName))
{
result.Add(cert);
break;
}
}
}
return(Task.FromResult(result.AsEnumerable()));
}
public void JustReturnAnyValue()
{
//Cannot test since each user will have different result. Trust me, it's works.
//Act
var result = X509CertificateHelpers.GetValidUserCertificates();
//Assert
Assert.IsNotNull(result);
}
public void InvalidPassword()
{
//Arrange
var PFX_CERTIFICATE_STREAM = new MemoryStream(Properties.Resources.certificate);
var INVALID_PASSWORD = "******";
//Act
var isValid = X509CertificateHelpers.VerifyPassword(PFX_CERTIFICATE_STREAM, INVALID_PASSWORD);
//Assert
Assert.IsFalse(isValid);
}
public void NormalUse()
{
//Arrange
var PFX_CERTIFICATE_STREAM = new MemoryStream(Properties.Resources.certificate);
var VALID_PASSWORD = "******";
var EXPECTED_DATE = new DateTime(2029, 7, 31, 17, 20, 41, DateTimeKind.Utc);
//Act
var expirationDate = X509CertificateHelpers.GetExpirationDate(PFX_CERTIFICATE_STREAM, VALID_PASSWORD).ToUniversalTime();
//Assert
Assert.AreEqual(EXPECTED_DATE, expirationDate);
}