public SSLCert(System.Security.Cryptography.X509Certificates.X509Certificate x509Certificate, string domainName) { DomainToCheck = domainName; Issuer = x509Certificate.Issuer; Subject = x509Certificate.Subject; Expires = x509Certificate.GetExpirationDateString(); }
internal static bool CheckSslCertificate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) { var startTime = DateTime.Parse(certificate.GetEffectiveDateString()); var endTime = DateTime.Parse(certificate.GetExpirationDateString()); if (startTime <= DateTime.Now && endTime >= DateTime.Now && certificate.Issuer.Contains("Philips Hue")) { return(true); } else { return(false); } }
// Debug SMTP Tls Certificate private bool RemoteServerCertificateValidationCallback(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) { // Test - Zertifikat ausgeben if (_param.AppCfg_DebugTLS == "True" || _param.AppCfg_DebugTLS == "true") { MessageBox.Show("SMTP-Zertifikat: " + Environment.NewLine + "SN: " + certificate.GetSerialNumberString() + Environment.NewLine + "Hash: " + certificate.GetCertHashString() + Environment.NewLine + "From: " + certificate.GetEffectiveDateString() + Environment.NewLine + "To: " + certificate.GetExpirationDateString() + Environment.NewLine + "Issuer: " + certificate.Issuer + Environment.NewLine + "Subject: " + certificate.Subject ); } return(true); }
private bool Validator(object sender, System.Security.Cryptography.X509Certificates.X509Certificate cert, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors ssl_policy_errors) { byte[] server_certificate = cert.GetRawCertData(); bool match = (server_certificate.Length == certificate.Length) && DateTime.Parse(cert.GetEffectiveDateString()) <= DateTime.Now && DateTime.Parse(cert.GetExpirationDateString()) >= DateTime.Now; int size = server_certificate.Length; int i = 0; while (match && i < size) { match = server_certificate[i] == certificate[i]; ++i; } return(match); }
private void ExtractData(Packets.TcpPacket tcpPacket, FiveTuple fiveTuple, bool transferIsClientToServer, Packets.TlsRecordPacket.HandshakePacket handshake) { NetworkHost sourceHost, destinationHost; if (transferIsClientToServer) { sourceHost = fiveTuple.ClientHost; destinationHost = fiveTuple.ServerHost; } else { sourceHost = fiveTuple.ServerHost; destinationHost = fiveTuple.ClientHost; } //foreach (Packets.AbstractPacket p in tlsRecordPacket.GetSubPackets(false)) { // if(p.GetType()==typeof(Packets.TlsRecordPacket.HandshakePacket)) { // Packets.TlsRecordPacket.HandshakePacket handshake=(Packets.TlsRecordPacket.HandshakePacket)p; foreach (var version in handshake.GetSupportedSslVersions()) { //destinationHost.AddHostName(handshake.ServerHostName); System.Collections.Specialized.NameValueCollection param = new System.Collections.Specialized.NameValueCollection { { "TLS Handshake " + Enum.GetName(typeof(Packets.TlsRecordPacket.HandshakePacket.MessageTypes), handshake.MessageType) + " Supported Version", version.Item1.ToString() + "." + version.Item2.ToString() + " (0x" + version.Item1.ToString("x2") + version.Item2.ToString("x2") + ")" } }; base.MainPacketHandler.OnParametersDetected(new Events.ParametersEventArgs(handshake.ParentFrame.FrameNumber, fiveTuple, transferIsClientToServer, param, handshake.ParentFrame.Timestamp, "TLS Handshake")); } if (!String.IsNullOrEmpty(handshake.GetAlpnNextProtocolString())) { //destinationHost.AddHostName(handshake.ServerHostName); System.Collections.Specialized.NameValueCollection param = new System.Collections.Specialized.NameValueCollection { { "TLS ALPN", handshake.GetAlpnNextProtocolString() } }; base.MainPacketHandler.OnParametersDetected(new Events.ParametersEventArgs(handshake.ParentFrame.FrameNumber, fiveTuple, transferIsClientToServer, param, handshake.ParentFrame.Timestamp, "TLS Handshake")); } if (handshake.MessageType == Packets.TlsRecordPacket.HandshakePacket.MessageTypes.ClientHello) { if (handshake.ServerHostName != null) { destinationHost.AddHostName(handshake.ServerHostName); System.Collections.Specialized.NameValueCollection param = new System.Collections.Specialized.NameValueCollection(); param.Add("TLS Server Name (SNI)", handshake.ServerHostName); base.MainPacketHandler.OnParametersDetected(new Events.ParametersEventArgs(handshake.ParentFrame.FrameNumber, fiveTuple, transferIsClientToServer, param, handshake.ParentFrame.Timestamp, "TLS Client Hello")); } } else if (handshake.MessageType == Packets.TlsRecordPacket.HandshakePacket.MessageTypes.Certificate) { for (int i = 0; i < handshake.CertificateList.Count; i++) { byte[] certificate = handshake.CertificateList[i]; string x509CertSubject; System.Security.Cryptography.X509Certificates.X509Certificate x509Cert = null; try { x509Cert = new System.Security.Cryptography.X509Certificates.X509Certificate(certificate); x509CertSubject = x509Cert.Subject; } catch { x509CertSubject = "Unknown_x509_Certificate_Subject"; x509Cert = null; } if (x509CertSubject.Contains("CN=")) { x509CertSubject = x509CertSubject.Substring(x509CertSubject.IndexOf("CN=") + 3); } else if (x509CertSubject.Contains("=")) { x509CertSubject = x509CertSubject.Substring(x509CertSubject.IndexOf('=') + 1); } if (x509CertSubject.Length > 28) { x509CertSubject = x509CertSubject.Substring(0, 28); } if (x509CertSubject.Contains(",")) { x509CertSubject = x509CertSubject.Substring(0, x509CertSubject.IndexOf(',')); } x509CertSubject.Trim(new char[] { '.', ' ' }); /* * while (x509CertSubject.EndsWith(".") || x509CertSubject.EndsWith(" ")) * x509CertSubject=x509CertSubject.Substring(0, x509CertSubject.Length-1); */ string filename = x509CertSubject + ".cer"; string fileLocation = "/"; string details; if (x509Cert != null) { details = "TLS Certificate: " + x509Cert.Subject; } else { details = "TLS Certificate: Unknown x509 Certificate"; } FileTransfer.FileStreamAssembler assembler = new FileTransfer.FileStreamAssembler(base.MainPacketHandler.FileStreamAssemblerList, fiveTuple, transferIsClientToServer, FileTransfer.FileStreamTypes.TlsCertificate, filename, fileLocation, certificate.Length, certificate.Length, details, null, tcpPacket.ParentFrame.FrameNumber, tcpPacket.ParentFrame.Timestamp, FileTransfer.FileStreamAssembler.FileAssmeblyRootLocation.source); base.MainPacketHandler.FileStreamAssemblerList.Add(assembler); if (i == 0 && x509CertSubject.Contains(".") && !x509CertSubject.Contains("*") && !x509CertSubject.Contains(" ")) { sourceHost.AddHostName(x509CertSubject); } System.Collections.Specialized.NameValueCollection parameters = new System.Collections.Specialized.NameValueCollection(); //parameters.Add("Certificate Subject", x509Cert.Subject); const string CERTIFICATE_SUBJECT = "Certificate Subject"; this.addParameters(parameters, x509Cert.Subject, CERTIFICATE_SUBJECT); if (i == 0) { //check for CN parameter if (parameters[CERTIFICATE_SUBJECT + " CN"] != null) { foreach (string cn in parameters.GetValues(CERTIFICATE_SUBJECT + " CN")) { sourceHost.AddNumberedExtraDetail("X.509 Certificate Subject CN", cn); if (cn.Contains(".") && !cn.Contains(" ")) { if (cn.Contains("*")) { if (cn.StartsWith("*.")) { sourceHost.AddDomainName(cn.Substring(2)); } } else { sourceHost.AddHostName(cn); } } } } } this.addParameters(parameters, x509Cert.Issuer, "Certificate Issuer"); //parameters.Add("Certificate Issuer", x509Cert.Issuer); parameters.Add("Certificate Hash", x509Cert.GetCertHashString()); parameters.Add("Certificate valid from", x509Cert.GetEffectiveDateString()); parameters.Add("Certificate valid to", x509Cert.GetExpirationDateString()); parameters.Add("Certificate Serial", x509Cert.GetSerialNumberString()); try { System.Security.Cryptography.X509Certificates.X509Certificate2 cert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate); foreach (var ext in cert2.Extensions) { string fn = ext.Oid.FriendlyName; string oid = ext.Oid.Value; string val = ext.Format(true); System.IO.StringReader sr = new System.IO.StringReader(val); string line = sr.ReadLine(); while (line != null) { parameters.Add(oid + " " + fn, line); if (i == 0 && oid == "2.5.29.17") { sourceHost.AddNumberedExtraDetail("X.509 Certificate " + fn, line); } line = sr.ReadLine(); } } if (cert2.Verify()) { parameters.Add("Certificate valid", "TRUE"); } else { parameters.Add("Certificate valid", "FALSE"); } } catch (Exception) { } base.MainPacketHandler.OnParametersDetected(new Events.ParametersEventArgs(tcpPacket.ParentFrame.FrameNumber, fiveTuple, transferIsClientToServer, parameters, tcpPacket.ParentFrame.Timestamp, "X.509 Certificate")); if (assembler.TryActivate()) { assembler.AddData(certificate, tcpPacket.SequenceNumber);//this one should trigger FinnishAssembling() } } } //} //return true; }
public bool PsCertificateValidationCallBack( object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) { string sCerts = string.Empty; // If the certificate is a valid, signed certificate, return true. if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None) { sCerts += "[Valid Cert - No Errors]----------------------------\r\n\r\n"; sCerts += "Issuer: " + certificate.Issuer + "\r\n"; sCerts += "Subject: " + certificate.Subject + "\r\n"; sCerts += "EffectiveDateString: " + certificate.GetEffectiveDateString() + "\r\n"; sCerts += "ExpirationDate: " + certificate.GetExpirationDateString() + "\r\n"; sCerts += "Format: " + certificate.GetFormat() + "\r\n"; sCerts += "SerialNumber: " + certificate.GetSerialNumberString() + "\r\n"; sCerts += "RawCertData: " + certificate.GetRawCertDataString() + "\r\n"; sCerts += "PublicKey: " + certificate.GetPublicKeyString() + "\r\n"; sCerts += "\r\n---------------------------------\r\n\r\n"; _Certificates += sCerts; return(true); } // If thre are errors in the certificate chain, look at each error to determine the cause. if ((sslPolicyErrors & System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors) != 0) { sCerts += "[Remote Certificate Chain Errors Found]----------------------------\r\n\r\n"; if (chain != null && chain.ChainStatus != null) { foreach (System.Security.Cryptography.X509Certificates.X509ChainStatus status in chain.ChainStatus) { if ((certificate.Subject == certificate.Issuer) && (status.Status == System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.UntrustedRoot)) { sCerts += " [Self-signed certificates with an untrusted root - Considering as valid]----------------------------\r\n\r\n"; sCerts += " Status Information: " + status.StatusInformation + "\r\n\r\n"; sCerts += " Issuer: " + certificate.Issuer + "\r\n"; sCerts += " Subject: " + certificate.Subject + "\r\n"; sCerts += " EffectiveDateString: " + certificate.GetEffectiveDateString() + "\r\n"; sCerts += " ExpirationDate: " + certificate.GetExpirationDateString() + "\r\n"; sCerts += " Format: " + certificate.GetFormat() + "\r\n"; sCerts += " SerialNumber: " + certificate.GetSerialNumberString() + "\r\n"; sCerts += " RawCertData: " + certificate.GetRawCertDataString() + "\r\n"; sCerts += " PublicKey: " + certificate.GetPublicKeyString() + "\r\n"; sCerts += "\r\n ---------------------------------\r\n\r\n"; _Certificates += sCerts; // Self-signed certificates with an untrusted root are valid. continue; } else { if (status.Status != System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.NoError) { sCerts += " [Certificate Errors - Considering as invlid]----------------------------\r\n"; sCerts += " Status Information: " + status.StatusInformation + "\r\n\r\n"; sCerts += " Issuer: " + certificate.Issuer + "\r\n"; sCerts += " Subject: " + certificate.Subject + "\r\n"; sCerts += " EffectiveDateString: " + certificate.GetEffectiveDateString() + "\r\n"; sCerts += " ExpirationDate: " + certificate.GetExpirationDateString() + "\r\n"; sCerts += " Format: " + certificate.GetFormat() + "\r\n"; sCerts += " SerialNumber: " + certificate.GetSerialNumberString() + "\r\n"; sCerts += " RawCertData: " + certificate.GetRawCertDataString() + "\r\n"; sCerts += " PublicKey: " + certificate.GetPublicKeyString() + "\r\n"; sCerts += "\r\n ---------------------------------\r\n\r\n"; _Certificates += sCerts; // If there are any other errors in the certificate chain, the certificate is invalid, // so the method returns false. return(false); } } } } // When processing reaches this line, the only errors in the certificate chain are // untrusted root errors for self-signed certifcates. These certificates are valid // for default Exchange server installations, so return true. return(true); } else { // In all other cases, return false. return(false); } }