public static void Main(string[] args) { // check that name on cert = name of host user is connecting to // var x5092 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificateBytes); // string hostName = x5092.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.DnsName, false); // bool hostNameMatch = string.Compare(hostName, this.Server, true) == 0; // need to build x509chain obj , call build with cert, examine chainstatus property to see why failed. // open store X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite); byte[] b = GetStreamBytes(); var x509 = new Mono.Security.X509.X509Certificate(b); var chain = new Mono.Security.X509.X509Chain(); bool certificateStatus = chain.Build(x509); Console.WriteLine(certificateStatus); // output true // X509Certificate2 newcert = new X509Certificate2(); //byte[] b = GetStreamBytes(); //newcert.Import(b); //buildChain(newcert); //byte[] b = GetStreamBytes(); //newcert.Import(b); //store.Add(newcert); //PrintStore(); //PrintMore(); // 3 // read certs }
private void validateCertificates(Mono.Security.X509.X509CertificateCollection certificates) { ClientContext context = (ClientContext)this.Context; AlertDescription description1 = AlertDescription.BadCertificate; if (context.SslStream.HaveRemoteValidation2Callback) { ValidationResult validationResult = context.SslStream.RaiseServerCertificateValidation2(certificates); if (!validationResult.Trusted) { long errorCode = (long)validationResult.ErrorCode; AlertDescription description2; switch (errorCode) { case 2148204801: description2 = AlertDescription.CertificateExpired; break; case 2148204809: description2 = AlertDescription.UnknownCA; break; case 2148204810: description2 = AlertDescription.UnknownCA; break; default: description2 = AlertDescription.CertificateUnknown; break; } string str = string.Format("0x{0:x}", (object)errorCode); throw new TlsException(description2, "Invalid certificate received from server. Error code: " + str); } } else { Mono.Security.X509.X509Certificate certificate1 = certificates[0]; System.Security.Cryptography.X509Certificates.X509Certificate certificate2 = new System.Security.Cryptography.X509Certificates.X509Certificate(certificate1.RawData); ArrayList arrayList = new ArrayList(); if (!this.checkCertificateUsage(certificate1)) { arrayList.Add((object)-2146762490); } if (!this.checkServerIdentity(certificate1)) { arrayList.Add((object)-2146762481); } Mono.Security.X509.X509CertificateCollection chain = new Mono.Security.X509.X509CertificateCollection(certificates); chain.Remove(certificate1); Mono.Security.X509.X509Chain x509Chain = new Mono.Security.X509.X509Chain(chain); bool flag; try { flag = x509Chain.Build(certificate1); } catch (Exception) { flag = false; } if (!flag) { switch (x509Chain.Status) { case Mono.Security.X509.X509ChainStatusFlags.NotTimeValid: description1 = AlertDescription.CertificateExpired; arrayList.Add((object)-2146762495); break; case Mono.Security.X509.X509ChainStatusFlags.NotTimeNested: arrayList.Add((object)-2146762494); break; case Mono.Security.X509.X509ChainStatusFlags.NotSignatureValid: arrayList.Add((object)-2146869232); break; case Mono.Security.X509.X509ChainStatusFlags.UntrustedRoot: description1 = AlertDescription.UnknownCA; arrayList.Add((object)-2146762487); break; case Mono.Security.X509.X509ChainStatusFlags.InvalidBasicConstraints: arrayList.Add((object)-2146869223); break; case Mono.Security.X509.X509ChainStatusFlags.PartialChain: description1 = AlertDescription.UnknownCA; arrayList.Add((object)-2146762486); break; default: description1 = AlertDescription.CertificateUnknown; arrayList.Add((object)(int)x509Chain.Status); break; } } int[] array = (int[])arrayList.ToArray(typeof(int)); if (!context.SslStream.RaiseServerCertificateValidation(certificate2, array)) { throw new TlsException(description1, "Invalid certificate received from server."); } } }
private void validateCertificates(Mono.Security.X509.X509CertificateCollection certificates) { ServerContext context = (ServerContext)this.Context; AlertDescription description = AlertDescription.BadCertificate; System.Security.Cryptography.X509Certificates.X509Certificate certificate1 = (System.Security.Cryptography.X509Certificates.X509Certificate)null; int[] certificateErrors; if (certificates.Count > 0) { Mono.Security.X509.X509Certificate certificate2 = certificates[0]; ArrayList arrayList = new ArrayList(); if (!this.checkCertificateUsage(certificate2)) { arrayList.Add((object)-2146762490); } Mono.Security.X509.X509Chain x509Chain; if (certificates.Count > 1) { Mono.Security.X509.X509CertificateCollection chain = new Mono.Security.X509.X509CertificateCollection(certificates); chain.Remove(certificate2); x509Chain = new Mono.Security.X509.X509Chain(chain); } else { x509Chain = new Mono.Security.X509.X509Chain(); } bool flag; try { flag = x509Chain.Build(certificate2); } catch (Exception) { flag = false; } if (!flag) { switch (x509Chain.Status) { case Mono.Security.X509.X509ChainStatusFlags.NotTimeValid: description = AlertDescription.CertificateExpired; arrayList.Add((object)-2146762495); break; case Mono.Security.X509.X509ChainStatusFlags.NotTimeNested: arrayList.Add((object)-2146762494); break; case Mono.Security.X509.X509ChainStatusFlags.NotSignatureValid: arrayList.Add((object)-2146869232); break; case Mono.Security.X509.X509ChainStatusFlags.UntrustedRoot: description = AlertDescription.UnknownCA; arrayList.Add((object)-2146762487); break; case Mono.Security.X509.X509ChainStatusFlags.InvalidBasicConstraints: arrayList.Add((object)-2146869223); break; case Mono.Security.X509.X509ChainStatusFlags.PartialChain: description = AlertDescription.UnknownCA; arrayList.Add((object)-2146762486); break; default: description = AlertDescription.CertificateUnknown; arrayList.Add((object)(int)x509Chain.Status); break; } } certificate1 = new System.Security.Cryptography.X509Certificates.X509Certificate(certificate2.RawData); certificateErrors = (int[])arrayList.ToArray(typeof(int)); } else { certificateErrors = new int[0]; } System.Security.Cryptography.X509Certificates.X509CertificateCollection certificateCollection = new System.Security.Cryptography.X509Certificates.X509CertificateCollection(); foreach (Mono.Security.X509.X509Certificate certificate2 in certificates) { certificateCollection.Add(new System.Security.Cryptography.X509Certificates.X509Certificate(certificate2.RawData)); } if (!context.SslStream.RaiseClientCertificateValidation(certificate1, certificateErrors)) { throw new TlsException(description, "Invalid certificate received from client."); } this.Context.ClientSettings.ClientCertificate = certificate1; }