/// <summary>
/// Validate the certificate on ARN. The ARN is stored in the appsettings.json.
///
/// The X509Certificate2 is injected into this class.
///
/// </summary>
/// <param name="clientCertificate"></param>
/// <param name="arn"></param>
/// <returns></returns>
public bool ValidateCertificate(X509Certificate2 clientCertificate, string arn)
{
bool validCert = false;
try
{
Log.Information("Before Validate Certificate");
AmazonCertificateManagerClient client = new AmazonCertificateManagerClient();
var certificates = client.GetCertificateAsync(arn).Result;
var handler = new HttpClientHandler
{
ClientCertificateOptions = ClientCertificateOption.Manual,
SslProtocols = SslProtocols.Tls12
};
byte[] toBytes = Encoding.ASCII.GetBytes(certificates.Certificate);
var cert = new X509Certificate2(toBytes);
handler.ClientCertificates.Add(cert);
var httpClient = new HttpClient(handler);
// I removed the issuer name for security reasons
if (cert.IssuerName.Name == "Dummy Issues Name")
{
validCert = true;
Log.Information("Valid Certificate Found!");
}
}
catch (Exception ex)
{
Log.Error("Error in Validate Certificate: " + ex.Message);
}
return(validCert);
}
public Task <GetCertificateResponse> GetCertificateAsync(string arn, CancellationToken cancellationToken = default(CancellationToken))
=> _client.GetCertificateAsync(new GetCertificateRequest()
{
CertificateArn = arn
}, cancellationToken).EnsureSuccessAsync();
