public Task <(bool isValid, AcmeError?error)> ValidateCsrAsync(Order order, string csr, CancellationToken cancellationToken) { try { var request = new CertEnroll.CX509CertificateRequestPkcs10(); request.InitializeDecode(csr, CertEnroll.EncodingType.XCN_CRYPT_STRING_BASE64); request.CheckSignature(); if (!SubjectIsValid(request, order)) { return(Task.FromResult((false, (AcmeError?)new AcmeError("badCSR", "CN Invalid.")))); } if (!SubjectAlternateNamesAreValid(request, order)) { return(Task.FromResult((false, (AcmeError?)new AcmeError("badCSR", "SAN Invalid.")))); } return(Task.FromResult((true, (AcmeError?)null))); } catch (Exception ex) { _logger.LogWarning(ex.ToString()); } return(Task.FromResult((false, (AcmeError?)new AcmeError("badCSR", "CSR could not be read.")))); }
public Task <(bool isValid, AcmeError?error)> ValidateCsrAsync(Order order, string csr, CancellationToken cancellationToken) { _logger.LogDebug($"Attempting validation of CSR {csr}"); try { var request = new CertEnroll.CX509CertificateRequestPkcs10(); request.InitializeDecode(csr, CertEnroll.EncodingType.XCN_CRYPT_STRING_BASE64); request.CheckSignature(); if (!SubjectIsValid(request, order)) { _logger.LogDebug("CSR Validation failed due to invalid CN."); return(Task.FromResult((false, (AcmeError?)new AcmeError("badCSR", "CN Invalid.")))); } if (!SubjectAlternateNamesAreValid(request, order)) { _logger.LogDebug("CSR Validation failed due to invalid SAN."); return(Task.FromResult((false, (AcmeError?)new AcmeError("badCSR", "SAN Invalid.")))); } _logger.LogDebug("CSR Validation succeeded."); return(Task.FromResult((true, (AcmeError?)null))); } catch (Exception ex) { _logger.LogWarning(ex, $"Validation of CSR failed with exception."); return(Task.FromResult((false, (AcmeError?)new AcmeError("badCSR", "CSR could not be read.")))); } }