private int TestVerifyCert()
{
Certificate c = null;
CertificateChain cc = null;
try {
c = CertificateStore.CreateFromPfxFile(@"certs\server.pfx", "test").FindCertificateByUsage(new string[] { "1.3.6.1.5.5.7.3.1" });
cc = c.GetCertificateChain();
} catch {
AddWarning("CC-W-TBC2");
return(0);
}
try {
if (cc.VerifyChain("Mentalis.org Team", AuthType.Server, VerificationFlags.AllowUnknownCA) != CertificateStatus.ValidCertificate)
{
AddError("CC-TVC1");
}
} catch {
AddError("CC-TVC2");
}
try {
if (cc.VerifyChain("Mentalis.org Team", AuthType.Server) != CertificateStatus.UntrustedRoot)
{
AddError("CC-TVC3");
}
} catch {
AddError("CC-TVC4");
}
try {
if (cc.VerifyChain("Other Name", AuthType.Server, VerificationFlags.AllowUnknownCA) != CertificateStatus.NoCNMatch)
{
AddError("CC-TVC5");
}
} catch {
AddError("CC-TVC6");
}
try {
c = CertificateStore.CreateFromCerFile(@"certs\expired.cer").FindCertificateByUsage(new string[] { "1.3.6.1.5.5.7.3.1" });
cc = c.GetCertificateChain();
} catch {
AddWarning("CC-W-TBC3");
return(0);
}
try {
IAsyncResult ret = cc.BeginVerifyChain("Mentalis.org Team", AuthType.Server, VerificationFlags.AllowUnknownCA, null, null);
ret.AsyncWaitHandle.WaitOne();
if (cc.EndVerifyChain(ret) != CertificateStatus.Expired)
{
AddError("CC-TVC7");
}
} catch {
AddError("CC-TVC8");
}
return(8);
}
private void verifyLevel2Authentication(SecureSocket socket,
Certificate cert,
CertificateChain chain,
VerifyEventArgs e
)
{
// Verify level 1 first
verifyLevel1Authentication(socket, cert, chain, e);
if (!e.Valid)
{
return;
}
CertificateStatus certStatus =
chain.VerifyChain(null, AuthType.Client, VerificationFlags.IgnoreInvalidName);
if (certStatus != CertificateStatus.ValidCertificate)
{
if ((Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0)
{
log.Warn
("Client Certificate is not trusted and fails SIF Level 2 Authentication: " +
certStatus.ToString());
}
e.Valid = false;
}
else
{
e.Valid = true;
}
}
protected void VerifyChain(CertificateChain chain, bool client)
{
VerifyEventArgs e = new VerifyEventArgs();
switch (m_Options.VerificationType)
{
case CredentialVerification.Manual:
try {
m_Options.Verifier(Parent, m_RemoteCertificate, chain, e);
} catch (Exception de) {
throw new SslException(de, AlertDescription.InternalError, "The code inside the CertVerifyEventHandler delegate threw an exception.");
}
break;
case CredentialVerification.Auto:
if (chain != null)
{
e.Valid = (chain.VerifyChain(m_Options.CommonName, client ? AuthType.Client : AuthType.Server) == CertificateStatus.ValidCertificate);
}
else
{
e.Valid = false;
}
break;
case CredentialVerification.AutoWithoutCName:
if (chain != null)
{
e.Valid = (chain.VerifyChain(m_Options.CommonName, client ? AuthType.Client : AuthType.Server, VerificationFlags.IgnoreInvalidName) == CertificateStatus.ValidCertificate);
}
else
{
e.Valid = false;
}
break;
case CredentialVerification.None:
default:
e.Valid = true;
break;
}
if (!e.Valid)
{
throw new SslException(AlertDescription.CertificateUnknown, "The certificate could not be verified.");
}
}
/// <summary>
/// Verifies a certificate received from the remote host.
/// </summary>
/// <param name="socket">The SecureSocket that received the certificate.</param>
/// <param name="remote">The received certificate.</param>
/// <param name="e">The event parameters.</param>
protected void OnVerify(SecureSocket socket, Certificate remote, CertificateChain chain, VerifyEventArgs e)
{
CertificateChain cc = new CertificateChain(remote);
Console.WriteLine("\r\nServer Certificate:\r\n-------------------");
Console.WriteLine(remote.ToString(true));
Console.Write("\r\nServer Certificate Verification:\r\n--------------------------------\r\n -> ");
Console.WriteLine(cc.VerifyChain(socket.CommonName, AuthType.Server).ToString() + "\r\n");
}
/// <summary>
/// verifies the certificate chain against the certificate store
/// </summary>
/// <param name="allCertsReceived">the chain to verify</param>
/// <param name="expectedCNName">the expected CN; may be null</param>
/// <param name="authType">the authtype: is the certificate to verify a client or server certificate;
/// i.e when verifying a client cert, pass AuthType.Client; when verifying a server cert: pass AuthType.Server</param>ram>
/// <returns></returns>
protected bool IsValidCertificate(CertificateChain allCertsReceived, string expectedCNName, AuthType authType)
{
VerificationFlags verificationFlags = VerificationFlags.None;
if (expectedCNName == null)
{
verificationFlags = VerificationFlags.IgnoreInvalidName;
}
CertificateStatus status = allCertsReceived.VerifyChain(expectedCNName, authType, verificationFlags);
return(status == CertificateStatus.ValidCertificate);
}
/// <summary>
/// This method is called when the SecureSocket received the remote
/// certificate and when the certificate validation type is set to Manual.
/// </summary>
/// <param name="socket">The <see cref="SecureSocket"/> that received the certificate to verify.</param>
/// <param name="remote">The <see cref="Certificate"/> of the remote party to verify.</param>
/// <param name="chain">The <see cref="CertificateChain"/> associated with the remote certificate.</param>
/// <param name="e">A <see cref="VerifyEventArgs"/> instance used to (in)validate the certificate.</param>
/// <remarks>If an error is thrown by the code in the delegate, the SecureSocket will close the connection.</remarks>
protected void OnVerify(SecureSocket socket, Certificate remote, CertificateChain chain, VerifyEventArgs e)
{
// get all the certificates from the certificate chain ..
Certificate[] certs = chain.GetCertificates();
// .. and print them out in the console
for (int i = 0; i < certs.Length; i++)
{
Console.WriteLine(certs[i].ToString(true));
}
// print out the result of the chain verification
Console.WriteLine(chain.VerifyChain(socket.CommonName, AuthType.Server));
}
// ------------------------ OnVerify -------------------------------------
protected void OnVerify(
SecureSocket socket,
Certificate remote,
CertificateChain InChain,
VerifyEventArgs e)
{
Certificate[] certs = InChain.GetCertificates( );
for (int Ix = 0; Ix < certs.Length; Ix++)
{
AddMessage(NetworkRole.Client, certs[Ix].ToString(true));
}
// print out the result of the chain verification
AddMessage(
NetworkRole.Client,
"Verify certificate: " +
InChain.VerifyChain(socket.CommonName, AuthType.Server).ToString( ));
}
static void Main(string[] args)
{
Console.WriteLine("This example shows how you can validate a certificate.");
// load the certificate from a file
Certificate cert = Certificate.CreateFromCerFile(@"client.cer");
// build a certificate chain
CertificateChain cc = new CertificateChain(cert);
// validate the chain
CertificateStatus status = cc.VerifyChain(null, AuthType.Client);
// interpret the result
if (status == CertificateStatus.ValidCertificate)
{
Console.WriteLine("The certificate is valid.");
}
else
{
Console.WriteLine("The certificate is not valid [" + status.ToString() + "].");
}
}
private void OnCertificateVerify(SecureSocket socket, Certificate remote, CertificateChain chain, VerifyEventArgs e)
{
Certificate[] certs = chain.GetCertificates();
chain.VerifyChain(socket.CommonName, AuthType.Server);
}