public void TestCertificateVerificationEventConverter()
{
AGDnsApi.ag_certificate_verification_event coreArgsС = new AGDnsApi.ag_certificate_verification_event();
CertificateVerificationEventArgs certificate = DnsApiConverter.FromNativeObject(coreArgsС);
Assert.IsNotNull(certificate);
}
internal static CertificateVerificationEventArgs FromNativeObject(
AGDnsApi.ag_certificate_verification_event coreArgsС)
{
byte[] certBytes = MarshalUtils.AgBufferToBytes(coreArgsС.pCertificate);
List <byte[]> chain = MarshalUtils.AgListToList <AGDnsApi.ag_buffer, byte[]>(
coreArgsС.chain,
MarshalUtils.AgBufferToBytes);
CertificateVerificationEventArgs eventArgs = new CertificateVerificationEventArgs
{
Certificate = certBytes,
Chain = chain
};
return(eventArgs);
}
public void TestCertificateVerification()
{
byte[] certBytes = Properties.Resources.ExampleTestCertificate;
CertificateVerificationEventArgs args = new CertificateVerificationEventArgs
{
Certificate = certBytes,
Chain = new List <byte[]>
{
certBytes
}
};
ICertificateVerificationCallback certificateVerificationCallback = new CertificateVerificationCallback();
AGDnsApi.ag_certificate_verification_result certificateVerificationResult =
certificateVerificationCallback.OnCertificateVerification(this, args);
Assert.AreEqual(AGDnsApi.ag_certificate_verification_result.AGCVR_OK, certificateVerificationResult);
}
/// <summary>
/// <see cref="AGDnsApi.cbd_onCertificateVerification"/> adapter
/// </summary>
/// <param name="pInfo">The pointer to an instance of
/// <see cref="AGDnsApi.ag_certificate_verification_event"/></param>
/// <returns>Certificate verification result
/// (<seealso cref="AGDnsApi.ag_certificate_verification_result"/>)</returns>
private AGDnsApi.ag_certificate_verification_result AGCOnCertificateVerification(IntPtr pInfo)
{
try
{
AGDnsApi.ag_certificate_verification_event coreArgs =
MarshalUtils.PtrToStructure <AGDnsApi.ag_certificate_verification_event>(pInfo);
CertificateVerificationEventArgs args = DnsApiConverter.FromNativeObject(coreArgs);
AGDnsApi.ag_certificate_verification_result certificateVerificationResult =
m_CertificateVerificationCallback.OnCertificateVerification(this, args);
return(certificateVerificationResult);
}
catch (Exception ex)
{
DnsExceptionHandler.HandleManagedException(ex);
return(AGDnsApi.ag_certificate_verification_result.AGCVR_ERROR_CERT_VERIFICATION);
}
}
/// <summary>
/// Called synchronously when a certificate needs to be verified.
/// Return NULL for success or an error message
/// </summary>
/// <param name="sender">Sender</param>
/// <param name="args">Event data
/// (<seealso cref="CertificateVerificationEventArgs"/>)</param>
/// <returns>Certificate verification result
/// (<seealso cref="AGDnsApi.ag_certificate_verification_result"/>)</returns>
public AGDnsApi.ag_certificate_verification_result OnCertificateVerification(
object sender,
CertificateVerificationEventArgs args)
{
X509Chain fullChain = new X509Chain();
try
{
byte[] certificateData = args.Certificate;
if (certificateData == null ||
certificateData.Length == 0)
{
LOG.Info("Cannot verify certificate, because cert data is null");
return(AGDnsApi.ag_certificate_verification_result.AGCVR_ERROR_CREATE_CERT);
}
X509Certificate2 certificate = new X509Certificate2(certificateData);
List <byte[]> chainCertificatesData = args.Chain;
if (chainCertificatesData != null &&
chainCertificatesData.Any())
{
foreach (byte[] chainCertificateData in chainCertificatesData)
{
X509Certificate2 chainCertificate = new X509Certificate2(chainCertificateData);
fullChain.ChainPolicy.ExtraStore.Add(chainCertificate);
}
}
fullChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
fullChain.ChainPolicy.VerificationFlags = X509VerificationFlags.IgnoreWrongUsage;
bool isChainSuccessfullyBuilt = fullChain.Build(certificate);
if (!isChainSuccessfullyBuilt)
{
LOG.Info("Cannot verify certificate, because cannot build a valid full certificate chain");
return(AGDnsApi.ag_certificate_verification_result.AGCVR_ERROR_CERT_VERIFICATION);
}
return(AGDnsApi.ag_certificate_verification_result.AGCVR_OK);
}
catch (Exception ex)
{
LOG.InfoException("Verification certificate fails", ex);
return(AGDnsApi.ag_certificate_verification_result.AGCVR_COUNT);
}
}
