private void PinCerts(HttpWebRequest client) { LogHelper.Log("CORE: Pinning certs..."); client.ClientCertificates.Clear(); foreach (var values in CertManager.GetCerts()) { X509Certificate cert = new X509Certificate(values.Value); client.ClientCertificates.Add(cert); } }
public static Tuple <NetTcpBinding, EndpointAddress> PrepBindingAndAddressForReader(string ServiceCertCN) { NetTcpBinding binding = new NetTcpBinding(); binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate; /// Use CertManager class to obtain the certificate based on the "srvCertCN" representing the expected service identity. X509Certificate2 srvCert = CertManager.GetCertificateFromStorage(StoreName.TrustedPeople, StoreLocation.LocalMachine, ServiceCertCN); EndpointAddress address = new EndpointAddress(new Uri(Config.ReaderServiceAddress), new X509CertificateEndpointIdentity(srvCert)); binding.ReceiveTimeout = TimeSpan.FromMinutes(30); binding.SendTimeout = TimeSpan.FromMinutes(30); return(new Tuple <NetTcpBinding, EndpointAddress>(binding, address)); }
public static bool ValidateSignature(string s, byte[] signature, string signCert) { if (signature == null) { return(false); } X509Certificate2 clientCertificate = CertManager.GetCertificateFromStorage(StoreName.TrustedPeople, StoreLocation.LocalMachine, signCert); /// Verify signature using SHA1 hash algorithm if (DigitalSignature.Verify(s, "SHA1", signature, clientCertificate)) { Console.WriteLine("Digital Signature is valid."); //Console.WriteLine(message); return(true); } else { Console.WriteLine("Digital Signature is invalid."); return(false); } }
/// <summary> /// Validates the server certificate. /// </summary> /// <returns><c>true</c>, if server certificate was validated, <c>false</c> otherwise.</returns> /// <param name="sender">Sender.</param> /// <param name="certificate">Certificate.</param> /// <param name="chain">Chain.</param> /// <param name="policyErrors">Policy errors.</param> public static bool ValidateServerCertificate( object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors policyErrors) { // Logic to determine the validity of the certificate if (policyErrors == SslPolicyErrors.None) { return(true); } if (policyErrors == SslPolicyErrors.RemoteCertificateChainErrors) { Console.WriteLine("Certificate chain error: {0}", policyErrors); foreach (var chainstat in chain.ChainStatus) { Console.WriteLine("{0}", chainstat.Status); Console.WriteLine("{0}", chainstat.StatusInformation); } foreach (var cert in CertManager.GetCerts()) { X509Certificate c = new X509Certificate(cert.Value); if (c.GetCertHashString().Equals(certificate.GetCertHashString())) { return(true); } } return(false); } Console.WriteLine("Certificate error: {0}", policyErrors); return(false); }