Exemplo n.º 1
0
		private bool ValidateCertificateByTlsa(TlsaRecord tlsaRecord, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
		{
			switch (tlsaRecord.CertificateUsage)
			{
				case TlsaRecord.TlsaCertificateUsage.PkixTA:
					return chain.ChainElements.Cast<X509ChainElement>().Any(x => ValidateCertificateByTlsa(tlsaRecord, x.Certificate)) && (sslPolicyErrors == SslPolicyErrors.None);

				case TlsaRecord.TlsaCertificateUsage.PkixEE:
					return ValidateCertificateByTlsa(tlsaRecord, certificate) && (sslPolicyErrors == SslPolicyErrors.None);

				case TlsaRecord.TlsaCertificateUsage.DaneTA:
					return chain.ChainElements.Cast<X509ChainElement>().Any(x => ValidateCertificateByTlsa(tlsaRecord, x.Certificate)) && ((sslPolicyErrors | SslPolicyErrors.RemoteCertificateChainErrors) == SslPolicyErrors.RemoteCertificateChainErrors);

				case TlsaRecord.TlsaCertificateUsage.DaneEE:
					return ValidateCertificateByTlsa(tlsaRecord, certificate) && ((sslPolicyErrors | SslPolicyErrors.RemoteCertificateChainErrors) == SslPolicyErrors.RemoteCertificateChainErrors);

				default:
					throw new NotSupportedException();
			}
		}
Exemplo n.º 2
0
		private bool ValidateCertificateByTlsa(TlsaRecord tlsaRecord, X509Certificate certificate)
		{
			return TlsaRecord.GetCertificateAssocicationData(tlsaRecord.Selector, tlsaRecord.MatchingType, certificate).SequenceEqual(tlsaRecord.CertificateAssociationData);
		}