private int TestVerifyCert()
        {
            Certificate      c  = null;
            CertificateChain cc = null;

            try {
                c  = CertificateStore.CreateFromPfxFile(@"certs\server.pfx", "test").FindCertificateByUsage(new string[] { "1.3.6.1.5.5.7.3.1" });
                cc = c.GetCertificateChain();
            } catch {
                AddWarning("CC-W-TBC2");
                return(0);
            }
            try {
                if (cc.VerifyChain("Mentalis.org Team", AuthType.Server, VerificationFlags.AllowUnknownCA) != CertificateStatus.ValidCertificate)
                {
                    AddError("CC-TVC1");
                }
            } catch {
                AddError("CC-TVC2");
            }
            try {
                if (cc.VerifyChain("Mentalis.org Team", AuthType.Server) != CertificateStatus.UntrustedRoot)
                {
                    AddError("CC-TVC3");
                }
            } catch {
                AddError("CC-TVC4");
            }
            try {
                if (cc.VerifyChain("Other Name", AuthType.Server, VerificationFlags.AllowUnknownCA) != CertificateStatus.NoCNMatch)
                {
                    AddError("CC-TVC5");
                }
            } catch {
                AddError("CC-TVC6");
            }
            try {
                c  = CertificateStore.CreateFromCerFile(@"certs\expired.cer").FindCertificateByUsage(new string[] { "1.3.6.1.5.5.7.3.1" });
                cc = c.GetCertificateChain();
            } catch {
                AddWarning("CC-W-TBC3");
                return(0);
            }
            try {
                IAsyncResult ret = cc.BeginVerifyChain("Mentalis.org Team", AuthType.Server, VerificationFlags.AllowUnknownCA, null, null);
                ret.AsyncWaitHandle.WaitOne();
                if (cc.EndVerifyChain(ret) != CertificateStatus.Expired)
                {
                    AddError("CC-TVC7");
                }
            } catch {
                AddError("CC-TVC8");
            }
            return(8);
        }
示例#2
0
        private void verifyLevel2Authentication(SecureSocket socket,
                                                Certificate cert,
                                                CertificateChain chain,
                                                VerifyEventArgs e
                                                )
        {
            // Verify level 1 first
            verifyLevel1Authentication(socket, cert, chain, e);
            if (!e.Valid)
            {
                return;
            }

            CertificateStatus certStatus =
                chain.VerifyChain(null, AuthType.Client, VerificationFlags.IgnoreInvalidName);

            if (certStatus != CertificateStatus.ValidCertificate)
            {
                if ((Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0)
                {
                    log.Warn
                        ("Client Certificate is not trusted and fails SIF Level 2 Authentication: " +
                        certStatus.ToString());
                }
                e.Valid = false;
            }
            else
            {
                e.Valid = true;
            }
        }
示例#3
0
        protected void VerifyChain(CertificateChain chain, bool client)
        {
            VerifyEventArgs e = new VerifyEventArgs();

            switch (m_Options.VerificationType)
            {
            case CredentialVerification.Manual:
                try {
                    m_Options.Verifier(Parent, m_RemoteCertificate, chain, e);
                } catch (Exception de) {
                    throw new SslException(de, AlertDescription.InternalError, "The code inside the CertVerifyEventHandler delegate threw an exception.");
                }
                break;

            case CredentialVerification.Auto:
                if (chain != null)
                {
                    e.Valid = (chain.VerifyChain(m_Options.CommonName, client ? AuthType.Client : AuthType.Server) == CertificateStatus.ValidCertificate);
                }
                else
                {
                    e.Valid = false;
                }
                break;

            case CredentialVerification.AutoWithoutCName:
                if (chain != null)
                {
                    e.Valid = (chain.VerifyChain(m_Options.CommonName, client ? AuthType.Client : AuthType.Server, VerificationFlags.IgnoreInvalidName) == CertificateStatus.ValidCertificate);
                }
                else
                {
                    e.Valid = false;
                }
                break;

            case CredentialVerification.None:
            default:
                e.Valid = true;
                break;
            }
            if (!e.Valid)
            {
                throw new SslException(AlertDescription.CertificateUnknown, "The certificate could not be verified.");
            }
        }
示例#4
0
    /// <summary>
    /// Verifies a certificate received from the remote host.
    /// </summary>
    /// <param name="socket">The SecureSocket that received the certificate.</param>
    /// <param name="remote">The received certificate.</param>
    /// <param name="e">The event parameters.</param>
    protected void OnVerify(SecureSocket socket, Certificate remote, CertificateChain chain, VerifyEventArgs e)
    {
        CertificateChain cc = new CertificateChain(remote);

        Console.WriteLine("\r\nServer Certificate:\r\n-------------------");
        Console.WriteLine(remote.ToString(true));
        Console.Write("\r\nServer Certificate Verification:\r\n--------------------------------\r\n    -> ");
        Console.WriteLine(cc.VerifyChain(socket.CommonName, AuthType.Server).ToString() + "\r\n");
    }
        /// <summary>
        /// verifies the certificate chain against the certificate store
        /// </summary>
        /// <param name="allCertsReceived">the chain to verify</param>
        /// <param name="expectedCNName">the expected CN; may be null</param>
        /// <param name="authType">the authtype: is the certificate to verify a client or server certificate;
        /// i.e when verifying a client cert, pass AuthType.Client; when verifying a server cert: pass AuthType.Server</param>ram>
        /// <returns></returns>
        protected bool IsValidCertificate(CertificateChain allCertsReceived, string expectedCNName, AuthType authType)
        {
            VerificationFlags verificationFlags = VerificationFlags.None;

            if (expectedCNName == null)
            {
                verificationFlags = VerificationFlags.IgnoreInvalidName;
            }
            CertificateStatus status = allCertsReceived.VerifyChain(expectedCNName, authType, verificationFlags);

            return(status == CertificateStatus.ValidCertificate);
        }
示例#6
0
 /// <summary>
 /// This method is called when the SecureSocket received the remote
 /// certificate and when the certificate validation type is set to Manual.
 /// </summary>
 /// <param name="socket">The <see cref="SecureSocket"/> that received the certificate to verify.</param>
 /// <param name="remote">The <see cref="Certificate"/> of the remote party to verify.</param>
 /// <param name="chain">The <see cref="CertificateChain"/> associated with the remote certificate.</param>
 /// <param name="e">A <see cref="VerifyEventArgs"/> instance used to (in)validate the certificate.</param>
 /// <remarks>If an error is thrown by the code in the delegate, the SecureSocket will close the connection.</remarks>
 protected void OnVerify(SecureSocket socket, Certificate remote, CertificateChain chain, VerifyEventArgs e)
 {
     // get all the certificates from the certificate chain ..
     Certificate[] certs = chain.GetCertificates();
     // .. and print them out in the console
     for (int i = 0; i < certs.Length; i++)
     {
         Console.WriteLine(certs[i].ToString(true));
     }
     // print out the result of the chain verification
     Console.WriteLine(chain.VerifyChain(socket.CommonName, AuthType.Server));
 }
        // ------------------------ OnVerify -------------------------------------
        protected void OnVerify(
            SecureSocket socket,
            Certificate remote,
            CertificateChain InChain,
            VerifyEventArgs e)
        {
            Certificate[] certs = InChain.GetCertificates( );
            for (int Ix = 0; Ix < certs.Length; Ix++)
            {
                AddMessage(NetworkRole.Client, certs[Ix].ToString(true));
            }

            // print out the result of the chain verification
            AddMessage(
                NetworkRole.Client,
                "Verify certificate: " +
                InChain.VerifyChain(socket.CommonName, AuthType.Server).ToString( ));
        }
    static void Main(string[] args)
    {
        Console.WriteLine("This example shows how you can validate a certificate.");
        // load the certificate from a file
        Certificate cert = Certificate.CreateFromCerFile(@"client.cer");
        // build a certificate chain
        CertificateChain cc = new CertificateChain(cert);
        // validate the chain
        CertificateStatus status = cc.VerifyChain(null, AuthType.Client);

        // interpret the result
        if (status == CertificateStatus.ValidCertificate)
        {
            Console.WriteLine("The certificate is valid.");
        }
        else
        {
            Console.WriteLine("The certificate is not valid [" + status.ToString() + "].");
        }
    }
示例#9
0
 private void OnCertificateVerify(SecureSocket socket, Certificate remote, CertificateChain chain, VerifyEventArgs e)
 {
     Certificate[] certs = chain.GetCertificates();
     chain.VerifyChain(socket.CommonName, AuthType.Server);
 }