private static bool ManualServerCertVerification(object sender,
X509Certificate certificate, X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
Console.WriteLine();
if (certificate is X509Certificate2 cert2)
{
Console.WriteLine("X509Certificate2");
try
{
byte[] rawdata = cert2.RawData;
Console.WriteLine(" Content Type: " + X509Certificate2.GetCertContentType(rawdata));
Console.WriteLine(" Friendly Name: " + cert2.FriendlyName);
Console.WriteLine(" Certificate Verified?: " + cert2.Verify());
Console.WriteLine(" Simple Name: " + cert2.GetNameInfo(X509NameType.SimpleName, true));
Console.WriteLine(" Signature Algorithm: " + cert2.SignatureAlgorithm.FriendlyName);
// Console.WriteLine(" Public Key: " + cert2.PublicKey.Key.ToXmlString(false));
Console.WriteLine(" Certificate Archived?: " + cert2.Archived);
Console.WriteLine(" Length of Raw Data: " + cert2.RawData.Length);
}
catch (CryptographicException)
{
Console.WriteLine("Information could not be written out for this certificate.");
}
Console.WriteLine();
Console.WriteLine("X509Certificate2 Extensions");
foreach (X509Extension ext in cert2.Extensions)
{
Console.WriteLine(" " + ext.GetType().Name
+ "\n Oid: " + ext.Oid.FriendlyName
+ "\n Critical: " + ext.Critical
+ "\n Raw Len: " + ext.RawData.Length);
if (ext is X509BasicConstraintsExtension bcExt)
{
Console.WriteLine(" CA: " + bcExt.CertificateAuthority);
Console.WriteLine(" HPLC: " + bcExt.HasPathLengthConstraint);
Console.WriteLine(" PLC: " + bcExt.PathLengthConstraint);
}
else if (ext is X509KeyUsageExtension kuExt)
{
Console.WriteLine(" Usages: " + kuExt.KeyUsages);
}
else if (ext is X509EnhancedKeyUsageExtension ekuExt)
{
if (ekuExt.EnhancedKeyUsages.Count > 0)
{
Console.WriteLine(" Enhanced Key Usages");
foreach (Oid oid in ekuExt.EnhancedKeyUsages)
{
Console.WriteLine(" " + oid.FriendlyName);
}
}
}
else if (ext is X509SubjectKeyIdentifierExtension skiExt)
{
Console.WriteLine(" Subject Key Identifier: " + skiExt.SubjectKeyIdentifier);
}
}
Console.WriteLine();
}
Console.WriteLine("sslPolicyErrors");
Console.WriteLine(" " + sslPolicyErrors);
Console.WriteLine();
if (chain != null)
{
Console.WriteLine("X509Chain Statuses");
foreach (X509ChainStatus cs in chain.ChainStatus)
{
Console.WriteLine(" " + cs.Status + " | " + cs.StatusInformation);
}
Console.WriteLine();
}
// ------------------------------------------------------------------------------------------
// BouncyCastle
// ------------------------------------------------------------------------------------------
Org.BouncyCastle.X509.X509Certificate bcX509 = DotNetUtilities.FromX509Certificate(certificate);
Console.WriteLine("BouncyCastle X509Certificate");
Console.WriteLine(" " + bcX509.CertificateStructure);
Console.WriteLine(" " + bcX509.IsValidNow);
Console.WriteLine(" " + bcX509.NotBefore);
Console.WriteLine(" " + bcX509.NotAfter);
Console.WriteLine(" " + bcX509.SigAlgName);
Console.WriteLine(" " + bcX509.SigAlgOid);
if (bcX509.GetExtendedKeyUsage().Count > 0)
{
Console.WriteLine(" Extended Key Usage");
foreach (var eku in bcX509.GetExtendedKeyUsage())
{
Console.WriteLine(" " + eku);
}
}
void InspectExtension(ISet extSet, string label)
{
if (extSet.Count > 0)
{
Console.WriteLine(" " + label);
foreach (string oid in extSet)
{
try
{
Asn1OctetString asn = bcX509.GetExtensionValue(new DerObjectIdentifier(oid));
Console.WriteLine(" Oid: " + oid + " | Asn: " + asn);
}
catch (Exception e)
{
Console.WriteLine(e);
}
}
}
}
InspectExtension(bcX509.GetNonCriticalExtensionOids(), "Non Critical Extensions");
InspectExtension(bcX509.GetCriticalExtensionOids(), "Critical Extensions");
return(true); // true if the cert is okay, false if it not
}
