public static void CreateNewIdentity(string friendlyName, string hostNameOrAddress, int port, out PublicIdentity publicIdentity, out PrivateIdentity privateIdentity) { var key = RSA.Create(4096); var subject = string.Format("CN = {0}", friendlyName); var req = new CertificateRequest(subject, key, HashAlgorithmName.SHA256, RSASignaturePadding.Pss); var now = DateTime.Now; var expiry = now.AddYears(10); var cert = req.CreateSelfSigned(now, expiry); var pkcs12 = cert.Export(X509ContentType.Pkcs12, "" /* empty password */); publicIdentity = new PublicIdentity { FriendlyName = friendlyName, PublicKey = IoScheduler.GetCertificatePublicKey(cert), HostNameOrAddress = hostNameOrAddress, Port = port }; privateIdentity = new PrivateIdentity { FriendlyName = friendlyName, Pkcs12 = pkcs12, HostNameOrAddress = hostNameOrAddress, Port = port }; }
public bool ValidateSSLCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { const SslPolicyErrors ignoredErrors = SslPolicyErrors.RemoteCertificateChainErrors; if ((sslPolicyErrors & ~ignoredErrors) != SslPolicyErrors.None) { Console.Error.WriteLine("Could not validate SSL certificate for {0} due to errors {1}", IoScheduler.GetCertificatePublicKey(certificate as X509Certificate2), sslPolicyErrors & ~ignoredErrors); return(false); } var cert2 = certificate as X509Certificate2; // If we were expecting a specific public identity, check that // the key in the certificate matches what we were expecting. if (expectedPublicIdentity != null) { if (!ByteArrayComparer.Default().Equals(IoScheduler.GetCertificatePublicKey(cert2), expectedPublicIdentity.PublicKey)) { Console.Error.WriteLine("Connected to {0} expecting public key {1} but found public key {2}, so disconnecting.", IoScheduler.PublicIdentityToString(expectedPublicIdentity), IoScheduler.PublicKeyToString(expectedPublicIdentity.PublicKey), IoScheduler.PublicKeyToString(IoScheduler.GetCertificatePublicKey(cert2))); return(false); } if (cert2.SubjectName.Name != "CN=" + expectedPublicIdentity.FriendlyName) { Console.Error.WriteLine("Connected to {0} expecting subject CN={1} but found {2}, so disconnecting.", IoScheduler.PublicIdentityToString(expectedPublicIdentity), expectedPublicIdentity.FriendlyName, cert2.SubjectName.Name); return(false); } } else { // If we weren't expecting any particular public identity, // consider the expected public identity to be the known one // matching the public key in the certificate we got. If // there is no known one, then this is just an anonymous // client, which is fine. Otherwise, check that the subject // matches what we expect. This is just a paranoid check; it // should never fail. expectedPublicIdentity = scheduler.LookupPublicKey(IoScheduler.GetCertificatePublicKey(cert2)); if (expectedPublicIdentity != null) { if (cert2.SubjectName.Name != "CN=" + expectedPublicIdentity.FriendlyName) { Console.Error.WriteLine("Received a certificate we expected to have subject CN={1} but found {2}, so disconnecting.", IoScheduler.PublicIdentityToString(expectedPublicIdentity), expectedPublicIdentity.FriendlyName, cert2.SubjectName.Name); return(false); } } } return(true); }
public CertificateValidator(IoScheduler i_scheduler, PublicIdentity i_expectedPublicIdentity = null) { scheduler = i_scheduler; expectedPublicIdentity = i_expectedPublicIdentity; }
public static string PublicIdentityToString(PublicIdentity id) { return(string.Format("{0} (key {1}) @ {2}:{3}", id.FriendlyName, PublicKeyToString(id.PublicKey), id.HostNameOrAddress, id.Port)); }