public void OnVerify(SecureSocket socket, Certificate remote, CertificateChain chain, VerifyEventArgs e) { Console.WriteLine("\r\nThe certificate of the FTP server:"); Console.WriteLine(remote.ToString(true) + "\r\n"); // certificate chain verification can be placed here }
private void stream_OnCertVerify(SecureSocket sock, Certificate cert, CertificateChain chain, VerifyEventArgs e) { isSecurityChanging = false; raiseCertificateVerifiedEvent(EventArgs.Empty); }
protected void VerifyChain(CertificateChain chain, bool client) { VerifyEventArgs e = new VerifyEventArgs(); switch(m_Options.VerificationType) { case CredentialVerification.Manual: try { m_Options.Verifier(Parent, m_RemoteCertificate, chain, e); } catch (Exception de) { throw new SslException(de, AlertDescription.InternalError, "The code inside the CertVerifyEventHandler delegate threw an exception."); } break; case CredentialVerification.Auto: if (chain != null) e.Valid = (chain.VerifyChain(m_Options.CommonName, client ? AuthType.Client : AuthType.Server) == CertificateStatus.ValidCertificate); else e.Valid = false; break; case CredentialVerification.AutoWithoutCName: if (chain != null) e.Valid = (chain.VerifyChain(m_Options.CommonName, client ? AuthType.Client : AuthType.Server, VerificationFlags.IgnoreInvalidName) == CertificateStatus.ValidCertificate); else e.Valid = false; break; case CredentialVerification.None: default: e.Valid = true; break; } if (!e.Valid) { throw new SslException(AlertDescription.CertificateUnknown, "The certificate could not be verified."); } }
private void CheckServerCertAtClient(SecureSocket socket, Certificate cert, CertificateChain chain, VerifyEventArgs args) { Debug.WriteLine("check the server certificate event"); args.Valid = m_clientAuth.IsValidServerCertificate(cert, chain, ((IPEndPoint)socket.RemoteEndPoint).Address); }
private void CheckClientCertAtServer(SecureSocket socket, Certificate clientCertificate, CertificateChain allClientCertificates, VerifyEventArgs args) { Debug.WriteLine("check the client certificate event"); if (allClientCertificates != null) { args.Valid = m_serverAuth.IsValidClientCertificate(clientCertificate, allClientCertificates, ((IPEndPoint)socket.RemoteEndPoint).Address); } else { args.Valid = !((m_requiredOptions & SecurityAssociationOptions.EstablishTrustInClient) > 0); } }
private void verifyLevel3Authentication( SecureSocket socket, Certificate cert, CertificateChain chain, VerifyEventArgs e ) { try { // Verify level 2 first verifyLevel2Authentication( socket, cert, chain, e ); if ( !e.Valid ) { return; } // Verify that the host name or IP matches the subject on the certificate // ( Level3 authentication ) // First, get the "CN=" name from the certificate string commonName = null; DistinguishedName certificateName = cert.GetDistinguishedName(); for ( int a = 0; a < certificateName.Count; a++ ) { NameAttribute part = certificateName[a]; if ( part.ObjectID == OID_CN ) { commonName = part.Value; break; } } if ( commonName == null ) { if ( (Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0 ) { log.Warn ( "Client Certificate fails SIF Level 3 Authentication: common name attribute not found." ); } e.Valid = false; return; } if( String.Compare( commonName, "localhost", true ) == 0 ) { commonName = "127.0.0.1"; } // Does it match the IP Address? IPEndPoint remoteEndPoint = (IPEndPoint) socket.RemoteEndPoint; if ( remoteEndPoint.Address.ToString() == commonName ) { e.Valid = true; return; } // Does it match the common name of the client machine? IPHostEntry entry = GetHostByAddress( remoteEndPoint.Address ); if ( entry == null ) { if ( (Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0 ) { log.Warn ( "Client Certificate fails SIF Level 3 Authentication: Host Name not found for Address " + remoteEndPoint.Address.ToString() ); } e.Valid = false; return; } if ( string.Compare( commonName, entry.HostName, true ) == 0 ) { e.Valid = true; return; } // No match was found e.Valid = false; if ( (Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0 ) { log.Warn ( "Client Certificate fails SIF Level 3 Authentication: Certificate Common Name=" + commonName + ". Does not match client IP / Host: " + remoteEndPoint.Address.ToString() + " / " + socket.CommonName ); } } catch ( Exception ex ) { if ( (Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0 ) { log.Warn ( "Client Certificate fails SIF Level 3 Authentication: " + ex.Message, ex ); } e.Valid = false; } }
private void verifyLevel2Authentication( SecureSocket socket, Certificate cert, CertificateChain chain, VerifyEventArgs e ) { // Verify level 1 first verifyLevel1Authentication( socket, cert, chain, e ); if ( !e.Valid ) { return; } CertificateStatus certStatus = chain.VerifyChain( null, AuthType.Client, VerificationFlags.IgnoreInvalidName ); if ( certStatus != CertificateStatus.ValidCertificate ) { if ( (Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0 ) { log.Warn ( "Client Certificate is not trusted and fails SIF Level 2 Authentication: " + certStatus.ToString() ); } e.Valid = false; } else { e.Valid = true; } }
private void verifyLevel1Authentication( SecureSocket socket, Certificate cert, CertificateChain chain, VerifyEventArgs e ) { if ( cert == null ) { if ( (Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0 ) { log.Warn( "Client Certificate is missing and fails SIF Level 1 Authentication" ); } e.Valid = false; } else if ( !cert.IsCurrent ) { if ( (Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0 ) { log.Warn( "Client Certificate is invalid and fails SIF Level 1 Authentication" ); } e.Valid = false; } else { e.Valid = true; } }
/// <summary> /// This method is called when the SecureSocket received the remote /// certificate and when the certificate validation type is set to Manual. /// </summary> /// <param name="socket">The <see cref="SecureSocket"/> that received the certificate to verify.</param> /// <param name="remote">The <see cref="Certificate"/> of the remote party to verify.</param> /// <param name="chain">The <see cref="CertificateChain"/> associated with the remote certificate.</param> /// <param name="e">A <see cref="VerifyEventArgs"/> instance used to (in)validate the certificate.</param> /// <remarks>If an error is thrown by the code in the delegate, the SecureSocket will close the connection.</remarks> protected void OnVerify(SecureSocket socket, Certificate remote, CertificateChain chain, VerifyEventArgs e) { // get all the certificates from the certificate chain .. Certificate[] certs = chain.GetCertificates(); // .. and print them out in the console for(int i = 0; i < certs.Length; i++) { Console.WriteLine(certs[i].ToString(true)); } // print out the result of the chain verification Console.WriteLine(chain.VerifyChain(socket.CommonName, AuthType.Server)); }
/// <summary> /// Verifies a certificate received from the remote host. /// </summary> /// <param name="socket">The SecureSocket that received the certificate.</param> /// <param name="remote">The received certificate.</param> /// <param name="e">The event parameters.</param> protected void OnVerify(SecureSocket socket, Certificate remote, CertificateChain chain, VerifyEventArgs e) { CertificateChain cc = new CertificateChain(remote); Console.WriteLine("\r\nServer Certificate:\r\n-------------------"); Console.WriteLine(remote.ToString(true)); Console.Write("\r\nServer Certificate Verification:\r\n--------------------------------\r\n -> "); Console.WriteLine(cc.VerifyChain(socket.CommonName, AuthType.Server).ToString() + "\r\n"); }