| public VerifyChain ( string server, AuthType type ) : CertificateStatus | ||
| server | string | The server that returned the certificate -or- a null reference if the certificate is a client certificate. |
| type | AuthType | One of the |
| return | CertificateStatus | |
static void Main(string[] args)
{
Console.WriteLine("This example shows how you can validate a certificate.");
// load the certificate from a file
Certificate cert = Certificate.CreateFromCerFile(@"client.cer");
// build a certificate chain
CertificateChain cc = new CertificateChain(cert);
// validate the chain
CertificateStatus status = cc.VerifyChain(null, AuthType.Client);
// interpret the result
if (status == CertificateStatus.ValidCertificate) {
Console.WriteLine("The certificate is valid.");
} else {
Console.WriteLine("The certificate is not valid [" + status.ToString() + "].");
}
}
protected void VerifyChain(CertificateChain chain, bool client)
{
VerifyEventArgs e = new VerifyEventArgs();
switch(m_Options.VerificationType) {
case CredentialVerification.Manual:
try {
m_Options.Verifier(Parent, m_RemoteCertificate, chain, e);
} catch (Exception de) {
throw new SslException(de, AlertDescription.InternalError, "The code inside the CertVerifyEventHandler delegate threw an exception.");
}
break;
case CredentialVerification.Auto:
if (chain != null)
e.Valid = (chain.VerifyChain(m_Options.CommonName, client ? AuthType.Client : AuthType.Server) == CertificateStatus.ValidCertificate);
else
e.Valid = false;
break;
case CredentialVerification.AutoWithoutCName:
if (chain != null)
e.Valid = (chain.VerifyChain(m_Options.CommonName, client ? AuthType.Client : AuthType.Server, VerificationFlags.IgnoreInvalidName) == CertificateStatus.ValidCertificate);
else
e.Valid = false;
break;
case CredentialVerification.None:
default:
e.Valid = true;
break;
}
if (!e.Valid) {
throw new SslException(AlertDescription.CertificateUnknown, "The certificate could not be verified.");
}
}
private void verifyLevel2Authentication( SecureSocket socket,
Certificate cert,
CertificateChain chain,
VerifyEventArgs e
)
{
// Verify level 1 first
verifyLevel1Authentication( socket, cert, chain, e );
if ( !e.Valid )
{
return;
}
CertificateStatus certStatus =
chain.VerifyChain( null, AuthType.Client, VerificationFlags.IgnoreInvalidName );
if ( certStatus != CertificateStatus.ValidCertificate )
{
if ( (Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0 )
{
log.Warn
( "Client Certificate is not trusted and fails SIF Level 2 Authentication: " +
certStatus.ToString() );
}
e.Valid = false;
}
else
{
e.Valid = true;
}
}
/// <summary>
/// This method is called when the SecureSocket received the remote
/// certificate and when the certificate validation type is set to Manual.
/// </summary>
/// <param name="socket">The <see cref="SecureSocket"/> that received the certificate to verify.</param>
/// <param name="remote">The <see cref="Certificate"/> of the remote party to verify.</param>
/// <param name="chain">The <see cref="CertificateChain"/> associated with the remote certificate.</param>
/// <param name="e">A <see cref="VerifyEventArgs"/> instance used to (in)validate the certificate.</param>
/// <remarks>If an error is thrown by the code in the delegate, the SecureSocket will close the connection.</remarks>
protected void OnVerify(SecureSocket socket, Certificate remote, CertificateChain chain, VerifyEventArgs e)
{
// get all the certificates from the certificate chain ..
Certificate[] certs = chain.GetCertificates();
// .. and print them out in the console
for(int i = 0; i < certs.Length; i++) {
Console.WriteLine(certs[i].ToString(true));
}
// print out the result of the chain verification
Console.WriteLine(chain.VerifyChain(socket.CommonName, AuthType.Server));
}
/// <summary>
/// Verifies a certificate received from the remote host.
/// </summary>
/// <param name="socket">The SecureSocket that received the certificate.</param>
/// <param name="remote">The received certificate.</param>
/// <param name="e">The event parameters.</param>
protected void OnVerify(SecureSocket socket, Certificate remote, CertificateChain chain, VerifyEventArgs e)
{
CertificateChain cc = new CertificateChain(remote);
Console.WriteLine("\r\nServer Certificate:\r\n-------------------");
Console.WriteLine(remote.ToString(true));
Console.Write("\r\nServer Certificate Verification:\r\n--------------------------------\r\n -> ");
Console.WriteLine(cc.VerifyChain(socket.CommonName, AuthType.Server).ToString() + "\r\n");
}
/// <summary>
/// verifies the certificate chain against the certificate store
/// </summary>
/// <param name="allCertsReceived">the chain to verify</param>
/// <param name="expectedCNName">the expected CN; may be null</param>
/// <param name="authType">the authtype: is the certificate to verify a client or server certificate;
/// i.e when verifying a client cert, pass AuthType.Client; when verifying a server cert: pass AuthType.Server</param>ram>
/// <returns></returns>
protected bool IsValidCertificate(CertificateChain allCertsReceived, string expectedCNName, AuthType authType) {
VerificationFlags verificationFlags = VerificationFlags.None;
if (expectedCNName == null) {
verificationFlags = VerificationFlags.IgnoreInvalidName;
}
CertificateStatus status = allCertsReceived.VerifyChain(expectedCNName, authType, verificationFlags);
return status == CertificateStatus.ValidCertificate;
}
