public CertificateProbe(ProbeConfig config, string logFilePath) { doFind_ = !String.IsNullOrWhiteSpace(config.FindValue); doProbe_ = !String.IsNullOrWhiteSpace(config.ServerUri); if (doFind_) { localStore_ = config.StoreName; localFindType_ = Enum.Parse <X509FindType>(config.FindType); localFindValue_ = config.FindValue; } logger_ = new Logger(logFilePath); if (doProbe_) { serverCertExplorer_ = new ServerCertExplorer(config.ServerUri, config.Ports, logger_); } probeDriver_ = ConfigureProbeDriver(TimeSpan.FromSeconds(config.TimerInterval)); CertExplorer.Logger = logger_; CertExplorer.Config = new CertExplorerConfig { DoVerboseLogging = false, FindType = config.FindType, FindValue = localFindValue_, StoreName = localStore_, LogLevel = config.LogLevel }; }
public static void Probe(object state) { string correlationId = Guid.NewGuid().ToString("N").Substring(16); ServerCertExplorer typedState = (ServerCertExplorer)state; var overallProbe = true; var overallAtRisk = false; typedState.logger_.Log(LogLevel.Info, $"{DateTime.UtcNow.ToString("u")} | {correlationId} | === beginning remote certificate probing"); try { foreach (var port in typedState.ports_) { using (var tcpClient = new TcpClient() { ReceiveTimeout = 5000, SendTimeout = 5 }) { typedState.logger_.Log(LogLevel.Info, $"{DateTime.UtcNow.ToString("u")} | {correlationId} | endpoint probe | probing {typedState.serverUri_}:{port}.."); var portResult = typedState.TryProbeServerEndpoint(tcpClient, typedState.serverUri_, port, out X509Certificate2 serverCert); overallProbe &= portResult; if (!portResult) { typedState.logger_.Log(LogLevel.Info, $"{DateTime.UtcNow.ToString("u")} | {correlationId} | endpoint probe | failed to retrieve server cert for {typedState.serverUri_}:{port}"); continue; } if (serverCert == null) { typedState.logger_.Log(LogLevel.Info, $"{DateTime.UtcNow.ToString("u")} | {correlationId} | endpoint probe | server at {typedState.serverUri_}:{port} did not present a certificate"); continue; } var serverCertCN = serverCert.GetNameInfo(X509NameType.SimpleName, forIssuer: false); var serverCertIssuer = serverCert.GetNameInfo(X509NameType.SimpleName, forIssuer: true); var portAtRisk = serverCertIssuer.Contains(v1IssuerPrefix); overallAtRisk |= portAtRisk; var serverCertDesc = String.Format($"TP={serverCert.Thumbprint}, CN={serverCertCN}, issued by: {serverCertIssuer}, NBF={serverCert.NotBefore.ToShortDateString()}, NA={serverCert.NotAfter.ToShortDateString()}, at risk: {(portAtRisk ? "YES" : "no")}"); typedState.logger_.Log(LogLevel.Info, $"{DateTime.UtcNow.ToString("u")} | {correlationId} | endpoint probe | server at {typedState.serverUri_}:{port} presented cert {serverCertDesc}"); } } } catch (Exception ex) { typedState.logger_.Log(LogLevel.Info, $"encountered {ex.GetType()}: {ex.Message}"); } finally { var status = overallProbe ? (overallAtRisk? "YES" : "no") : ("undetermined"); typedState.logger_.Log(LogLevel.Info, $"{DateTime.UtcNow.ToString("u")} | {correlationId} | === completed probing {typedState.serverUri_}; overall probing: {(overallProbe ? "succeeded" : "failed")}; overall at risk: {status}"); } }
public CertificateProbe( string localCertStoreName, X509FindType localCertFindType, string localCertFindValue, string serverUri, int[] ports, TimeSpan observationInterval, string logFilePath) { if (String.IsNullOrWhiteSpace(localCertStoreName)) { throw new ArgumentException(nameof(localCertStoreName)); } if (String.IsNullOrWhiteSpace(localCertFindValue)) { throw new ArgumentException(nameof(localCertFindValue)); } if (String.IsNullOrWhiteSpace(serverUri)) { throw new ArgumentException(nameof(serverUri)); } localStore_ = localCertStoreName; localFindType_ = localCertFindType; localFindValue_ = localCertFindValue; logger_ = new Logger(logFilePath); serverCertExplorer_ = new ServerCertExplorer(serverUri, ports, logger_); probeDriver_ = ConfigureProbeDriver(observationInterval); doFind_ = true; doProbe_ = true; CertExplorer.Logger = logger_; CertExplorer.Config = new CertExplorerConfig { DoVerboseLogging = false }; }