public ValidationResponse ValidateCertificate(X509Certificate2 certificate, X509Certificate2 issuer) { Org.BouncyCastle.X509.X509Certificate certificateBC = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certificate); try { Asn1Object derAiaExtension = Asn1Object.FromByteArray(certificateBC.GetExtensionValue(new DerObjectIdentifier("1.3.6.1.5.5.7.1.1")).GetOctets()); Asn1InputStream asn1Stream = new Asn1InputStream(derAiaExtension.GetDerEncoded()); Asn1Sequence asn1Sequence = (Asn1Sequence)asn1Stream.ReadObject(); foreach (Asn1Encodable entry in asn1Sequence) { AccessDescription aiaEntry = AccessDescription.GetInstance(entry.ToAsn1Object()); if (aiaEntry.AccessMethod.Id == AccessDescription.IdADOcsp.Id) { Console.Out.WriteLine(aiaEntry.AccessLocation.ToString()); GeneralName gn = (GeneralName)aiaEntry.AccessLocation; ValidationResponse validationResponse = ValidateCertificate(certificate, issuer, gn.Name.ToString()); if ((validationResponse.status == ValidationExtensions.Enums.CertificateStatus.VALID) || (validationResponse.status == ValidationExtensions.Enums.CertificateStatus.REVOKED)) { return(validationResponse); } } } } catch (NullReferenceException) { // No Access Information Exception } return(new ValidationResponse(ValidationExtensions.Enums.CertificateStatus.UNKNOWN)); }
private bool IsCA(X509Certificate certificate) { Asn1OctetString extension = certificate.GetExtensionValue(X509Extensions.BasicConstraints); if (extension != null) { BasicConstraints constraint = BasicConstraints.GetInstance( X509ExtensionUtilities.FromExtensionValue(extension)); if (constraint != null) { return(constraint.IsCA()); } } return(false); }
protected static Asn1Object GetExtensionValue(X509Certificate cert, string oid) { if (cert == null) { return(null); } byte[] bytes = cert.GetExtensionValue(new DerObjectIdentifier(oid)).GetOctets(); if (bytes == null) { return(null); } Asn1InputStream aIn = new Asn1InputStream(bytes); return(aIn.ReadObject()); }
private static bool ManualServerCertVerification(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { Console.WriteLine(); if (certificate is X509Certificate2 cert2) { Console.WriteLine("X509Certificate2"); try { byte[] rawdata = cert2.RawData; Console.WriteLine(" Content Type: " + X509Certificate2.GetCertContentType(rawdata)); Console.WriteLine(" Friendly Name: " + cert2.FriendlyName); Console.WriteLine(" Certificate Verified?: " + cert2.Verify()); Console.WriteLine(" Simple Name: " + cert2.GetNameInfo(X509NameType.SimpleName, true)); Console.WriteLine(" Signature Algorithm: " + cert2.SignatureAlgorithm.FriendlyName); // Console.WriteLine(" Public Key: " + cert2.PublicKey.Key.ToXmlString(false)); Console.WriteLine(" Certificate Archived?: " + cert2.Archived); Console.WriteLine(" Length of Raw Data: " + cert2.RawData.Length); } catch (CryptographicException) { Console.WriteLine("Information could not be written out for this certificate."); } Console.WriteLine(); Console.WriteLine("X509Certificate2 Extensions"); foreach (X509Extension ext in cert2.Extensions) { Console.WriteLine(" " + ext.GetType().Name + "\n Oid: " + ext.Oid.FriendlyName + "\n Critical: " + ext.Critical + "\n Raw Len: " + ext.RawData.Length); if (ext is X509BasicConstraintsExtension bcExt) { Console.WriteLine(" CA: " + bcExt.CertificateAuthority); Console.WriteLine(" HPLC: " + bcExt.HasPathLengthConstraint); Console.WriteLine(" PLC: " + bcExt.PathLengthConstraint); } else if (ext is X509KeyUsageExtension kuExt) { Console.WriteLine(" Usages: " + kuExt.KeyUsages); } else if (ext is X509EnhancedKeyUsageExtension ekuExt) { if (ekuExt.EnhancedKeyUsages.Count > 0) { Console.WriteLine(" Enhanced Key Usages"); foreach (Oid oid in ekuExt.EnhancedKeyUsages) { Console.WriteLine(" " + oid.FriendlyName); } } } else if (ext is X509SubjectKeyIdentifierExtension skiExt) { Console.WriteLine(" Subject Key Identifier: " + skiExt.SubjectKeyIdentifier); } } Console.WriteLine(); } Console.WriteLine("sslPolicyErrors"); Console.WriteLine(" " + sslPolicyErrors); Console.WriteLine(); if (chain != null) { Console.WriteLine("X509Chain Statuses"); foreach (X509ChainStatus cs in chain.ChainStatus) { Console.WriteLine(" " + cs.Status + " | " + cs.StatusInformation); } Console.WriteLine(); } // ------------------------------------------------------------------------------------------ // BouncyCastle // ------------------------------------------------------------------------------------------ Org.BouncyCastle.X509.X509Certificate bcX509 = DotNetUtilities.FromX509Certificate(certificate); Console.WriteLine("BouncyCastle X509Certificate"); Console.WriteLine(" " + bcX509.CertificateStructure); Console.WriteLine(" " + bcX509.IsValidNow); Console.WriteLine(" " + bcX509.NotBefore); Console.WriteLine(" " + bcX509.NotAfter); Console.WriteLine(" " + bcX509.SigAlgName); Console.WriteLine(" " + bcX509.SigAlgOid); if (bcX509.GetExtendedKeyUsage().Count > 0) { Console.WriteLine(" Extended Key Usage"); foreach (var eku in bcX509.GetExtendedKeyUsage()) { Console.WriteLine(" " + eku); } } void InspectExtension(ISet extSet, string label) { if (extSet.Count > 0) { Console.WriteLine(" " + label); foreach (string oid in extSet) { try { Asn1OctetString asn = bcX509.GetExtensionValue(new DerObjectIdentifier(oid)); Console.WriteLine(" Oid: " + oid + " | Asn: " + asn); } catch (Exception e) { Console.WriteLine(e); } } } } InspectExtension(bcX509.GetNonCriticalExtensionOids(), "Non Critical Extensions"); InspectExtension(bcX509.GetCriticalExtensionOids(), "Critical Extensions"); return(true); // true if the cert is okay, false if it not }