public VerifyChain ( string server, AuthType type ) : CertificateStatus | ||
server | string | The server that returned the certificate -or- a null reference if the certificate is a client certificate. |
type | AuthType | One of the |
return | CertificateStatus |
static void Main(string[] args) { Console.WriteLine("This example shows how you can validate a certificate."); // load the certificate from a file Certificate cert = Certificate.CreateFromCerFile(@"client.cer"); // build a certificate chain CertificateChain cc = new CertificateChain(cert); // validate the chain CertificateStatus status = cc.VerifyChain(null, AuthType.Client); // interpret the result if (status == CertificateStatus.ValidCertificate) { Console.WriteLine("The certificate is valid."); } else { Console.WriteLine("The certificate is not valid [" + status.ToString() + "]."); } }
protected void VerifyChain(CertificateChain chain, bool client) { VerifyEventArgs e = new VerifyEventArgs(); switch(m_Options.VerificationType) { case CredentialVerification.Manual: try { m_Options.Verifier(Parent, m_RemoteCertificate, chain, e); } catch (Exception de) { throw new SslException(de, AlertDescription.InternalError, "The code inside the CertVerifyEventHandler delegate threw an exception."); } break; case CredentialVerification.Auto: if (chain != null) e.Valid = (chain.VerifyChain(m_Options.CommonName, client ? AuthType.Client : AuthType.Server) == CertificateStatus.ValidCertificate); else e.Valid = false; break; case CredentialVerification.AutoWithoutCName: if (chain != null) e.Valid = (chain.VerifyChain(m_Options.CommonName, client ? AuthType.Client : AuthType.Server, VerificationFlags.IgnoreInvalidName) == CertificateStatus.ValidCertificate); else e.Valid = false; break; case CredentialVerification.None: default: e.Valid = true; break; } if (!e.Valid) { throw new SslException(AlertDescription.CertificateUnknown, "The certificate could not be verified."); } }
private void verifyLevel2Authentication( SecureSocket socket, Certificate cert, CertificateChain chain, VerifyEventArgs e ) { // Verify level 1 first verifyLevel1Authentication( socket, cert, chain, e ); if ( !e.Valid ) { return; } CertificateStatus certStatus = chain.VerifyChain( null, AuthType.Client, VerificationFlags.IgnoreInvalidName ); if ( certStatus != CertificateStatus.ValidCertificate ) { if ( (Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0 ) { log.Warn ( "Client Certificate is not trusted and fails SIF Level 2 Authentication: " + certStatus.ToString() ); } e.Valid = false; } else { e.Valid = true; } }
/// <summary> /// This method is called when the SecureSocket received the remote /// certificate and when the certificate validation type is set to Manual. /// </summary> /// <param name="socket">The <see cref="SecureSocket"/> that received the certificate to verify.</param> /// <param name="remote">The <see cref="Certificate"/> of the remote party to verify.</param> /// <param name="chain">The <see cref="CertificateChain"/> associated with the remote certificate.</param> /// <param name="e">A <see cref="VerifyEventArgs"/> instance used to (in)validate the certificate.</param> /// <remarks>If an error is thrown by the code in the delegate, the SecureSocket will close the connection.</remarks> protected void OnVerify(SecureSocket socket, Certificate remote, CertificateChain chain, VerifyEventArgs e) { // get all the certificates from the certificate chain .. Certificate[] certs = chain.GetCertificates(); // .. and print them out in the console for(int i = 0; i < certs.Length; i++) { Console.WriteLine(certs[i].ToString(true)); } // print out the result of the chain verification Console.WriteLine(chain.VerifyChain(socket.CommonName, AuthType.Server)); }
/// <summary> /// Verifies a certificate received from the remote host. /// </summary> /// <param name="socket">The SecureSocket that received the certificate.</param> /// <param name="remote">The received certificate.</param> /// <param name="e">The event parameters.</param> protected void OnVerify(SecureSocket socket, Certificate remote, CertificateChain chain, VerifyEventArgs e) { CertificateChain cc = new CertificateChain(remote); Console.WriteLine("\r\nServer Certificate:\r\n-------------------"); Console.WriteLine(remote.ToString(true)); Console.Write("\r\nServer Certificate Verification:\r\n--------------------------------\r\n -> "); Console.WriteLine(cc.VerifyChain(socket.CommonName, AuthType.Server).ToString() + "\r\n"); }
/// <summary> /// verifies the certificate chain against the certificate store /// </summary> /// <param name="allCertsReceived">the chain to verify</param> /// <param name="expectedCNName">the expected CN; may be null</param> /// <param name="authType">the authtype: is the certificate to verify a client or server certificate; /// i.e when verifying a client cert, pass AuthType.Client; when verifying a server cert: pass AuthType.Server</param>ram> /// <returns></returns> protected bool IsValidCertificate(CertificateChain allCertsReceived, string expectedCNName, AuthType authType) { VerificationFlags verificationFlags = VerificationFlags.None; if (expectedCNName == null) { verificationFlags = VerificationFlags.IgnoreInvalidName; } CertificateStatus status = allCertsReceived.VerifyChain(expectedCNName, authType, verificationFlags); return status == CertificateStatus.ValidCertificate; }