internal static bool Validate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
Debug.Print(sender.ToString());
Debug.Print(certificate.ToString());
Debug.Print(chain.ToString());
Debug.Print(sslPolicyErrors.ToString());
return(false);
}
private static bool CheckValidationResult(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
{
QLog.D("XIAO", sender.ToString());
QLog.D("XIAO", certificate.ToString());
QLog.D("XIAO", chain.ToString());
QLog.D("XIAO", errors.ToString());
if (errors == SslPolicyErrors.None) // 第三方证书有效
{
return(true);
}
return(false);
}
// Certificate Check
private static bool CertificateValidation(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
Console.WriteLine(sender.ToString());
Console.WriteLine(certificate.ToString());
Console.WriteLine(chain.ToString());
Console.WriteLine(sslPolicyErrors.ToString());
if (sslPolicyErrors == SslPolicyErrors.None)
{
hasValidCertificate = true;
return(true);
}
else
{
hasValidCertificate = false;
return(false);
}
}
/// <summary>
/// Verify server certificate within returned HttpResponse to prevent MITM attack.
/// </summary>
/// <param name="httpRequestMessage">The httpRequestMessage returned.</param>
/// <param name="serverCertVerifier">The server certificate.</param>
/// <param name="chain">The X509Chain.</param>
/// <param name="policyErrors">SslPolicyErrors.</param>
/// <param name="clientCertVerifier">Client certificate.</param>
/// <returns>Returns true when server certificate is valid.</returns>
public bool VerifyServerCertificate(HttpRequestMessage httpRequestMessage, ICertificateVerifier serverCertVerifier, X509Chain chain, SslPolicyErrors policyErrors, ICertificateVerifier clientCertVerifier)
{
Arguments.IsNotNull(clientCertVerifier, nameof(clientCertVerifier));
X509Certificate2 serverCert = serverCertVerifier.Certificate;
logger?.LogDebug("Server certification custom validation callback.");
logger?.LogTrace(httpRequestMessage?.ToString());
logger?.LogTrace(chain?.ToString());
logger?.LogTrace(policyErrors.ToString());
logger?.LogTrace("ServerCert:" + Environment.NewLine + serverCert);
try
{
// Verify Issuer. Issuer field is case-insensitive.
if (!string.Equals(clientCertVerifier.Issuer, serverCertVerifier.Issuer, StringComparison.OrdinalIgnoreCase))
{
logger?.LogError(Invariant($"Issuer are different for server certificate and the client certificate. Server Certificate Issuer: {clientCertVerifier.Issuer}, Client Certificate Issuer: {serverCertVerifier.Issuer}"));
return(false);
}
else
{
logger?.LogDebug(Invariant($"Issuer validation passed: {serverCertVerifier.Issuer}"));
}
// Server certificate is not expired.
DateTime now = DateTime.Now;
if (serverCertVerifier.NotBefore > now || serverCertVerifier.NotAfter.AddDays(1) <= now)
{
logger?.LogError(Invariant($"Server certification is not in valid period from {serverCertVerifier.NotBefore.ToString(DateTimeFormatInfo.InvariantInfo)} until {serverCertVerifier.NotAfter.ToString(DateTimeFormatInfo.InvariantInfo)}"));
return(false);
}
else
{
logger?.LogDebug("Server certificate validate date verification passed.");
}
}
catch (Exception ex)
{
logger?.LogError(ex.ToString());
return(false);
}
logger?.LogDebug("Server certification custom validation successed.");
return(true);
}
