public X509Certificate (System.Security.Cryptography.X509Certificates.X509Certificate cert) 
		{
			if (cert == null)
				throw new ArgumentNullException ("cert");

			if (cert != null) {
				byte[] data = cert.GetRawCertData ();
				if (data != null)
					x509 = new Mono.Security.X509.X509Certificate (data);
				hideDates = false;
			}
		}
示例#2
0
        /// <summary>
        /// Validates the web certificates.
        /// </summary>
        /// <returns>
        /// <c>true</c>, if web certificates was validated, <c>false</c> otherwise.
        /// </returns>
        /// <param name='sender'>
        /// <c>Object</c> usually parsed as WebRequest or HttpWebRequest.
        /// </param>
        /// <param name='endCert'>
        /// Certificate consumed in the request.
        /// </param>
        /// <param name='chain'>
        /// Certificate chain total or partial.
        /// </param>
        /// <param name='Errors'>
        /// Policy errors found during the chain build process.
        /// </param>
        public static bool ValidateWebCertificates(Object sender, System.Security.Cryptography.X509Certificates.X509Certificate endCert, System.Security.Cryptography.X509Certificates.X509Chain chain, SslPolicyErrors Errors)
        {
            var request = sender as WebRequest;
            string requestUri = request.RequestUri.ToString();

            SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation");
            bool bErrorsFound = false;
            try {
                X509Certificate BCCert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate (endCert);
                if (!CertificateIsTheSame (BCCert)) {
                    chain.Build (new System.Security.Cryptography.X509Certificates.X509Certificate2 (endCert.GetRawCertData ()));
                    if(Errors.Equals(SslPolicyErrors.None))
                    {
                        if(chain== null || chain.ChainElements== null || chain.ChainElements.Count == 0){
                            SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Chain is empty");
                            bErrorsFound = true;
                        }else
                            SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Chain Element count: " + chain.ChainElements.Count);

                        if(CertIsSelfSigned(BCCert)){
                            SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. End Certificate is Self Signed");
                            bErrorsFound = true;
                        }else
                            SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. End Certificate NOT Self Signed");

                        if(ValidateFingerprints){
                            SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. VALIDATING Fingerprint");
                            if(!VerifyFingerprint(endCert, requestUri)){
                                SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Invalid Fingerprint");
                                bErrorsFound = true;
                            }else
                                SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Valid Fingerprint");
                        }else{
                            SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. DO NOT validate Fingerprint");
                        }

                        if(ValidatePublicKey){
                            SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. VALIDATING Public Key");
                            if(!VerifyPublicKey(endCert, requestUri)){
                                SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Invalid Public Key");
                                bErrorsFound = true;
                            }else
                                SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Valid Public Key");
                        }else{
                            SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. DO NOT validate Public Key");
                        }

                        /*foreach (System.Security.Cryptography.X509Certificates.X509ChainElement cert in chain.ChainElements) {
                            X509Certificate BCCerto = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate (cert.Certificate);
                            if(CertIsSelfSigned(BCCerto)){
                                SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** SELF SIGNED Certificate: CERT NAME " + BCCerto.SubjectDN.ToString() + " ;ID = " + BCCerto.SerialNumber);
                                if(cert.Certificate.SerialNumber.Equals(chain.ChainElements[chain.ChainElements.Count-1].Certificate.SerialNumber)){
                                    string[] stringSeparators = new string[] {";"};
                                    string[] valids = _VALIDROOTAUTHORITIES.Split(stringSeparators, StringSplitOptions.RemoveEmptyEntries);
                                    foreach(String validRoot in valids){
                                        SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** SELF SIGNED Certificate check ["+validRoot+"]: "+cert.Certificate.SerialNumber+":"+chain.ChainElements[chain.ChainElements.Count-1].Certificate.SerialNumber);
                                        if(BCCerto.SubjectDN.ToString().Contains(validRoot)){
                                            bErrorsFound = false;
                                        } else {
                                            bErrorsFound = true;
                                        }
                                    }
                                }else {
                                    bErrorsFound = true;
                                }

                            }else{
                                SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** CERT NAME " + BCCerto.SubjectDN.ToString() + " ;ID = " + BCCerto.SerialNumber);
                            }

                            if(!CertIsValidNow(BCCerto)) bErrorsFound = true;
                        }*/

                            //if (chain.ChainElements.Count > 1 && !VerifyCertificateOCSP(chain)) bCertIsOk = true;

                            //if (chain.ChainElements.Count > 1) bCertIsOk = true;
                            // DO NOT check OCSP revocation URLs. The time consuming this is expensive.
                            // TODO make this configurable and asynchronously in the case of enabled
                            // !VerifyCertificateOCSP(chain)  ---> ASYNC
                            SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** OCSP Verification (certificate revocation check) is DISABLED for this build");

                        if (!bErrorsFound) {
                            myCertificateList.Add (BCCert.GetHashCode(), DateTime.Now);
                            SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Valid Certificate");
                            return true;
                        } else{
                            SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Invalid Certificate");
                            return false;
                        }

                    }else if(Errors.Equals(SslPolicyErrors.RemoteCertificateChainErrors)){
                        SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation: Errors found in the certificate chain.");

                        SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation: Checking chain status information for each element in the chain");
                        foreach (System.Security.Cryptography.X509Certificates.X509ChainElement element in chain.ChainElements)
                        {
                            SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation: Checking chain element... " + element.Information);

                            if (chain.ChainStatus!=null && chain.ChainStatus.Length >= 0)
                            {
                                SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation: Chain Status array is not empty");
                                for (int index = 0; index < element.ChainElementStatus.Length; index++)
                                {
                                    SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation: chain element status: "
                                        + element.ChainElementStatus[index].Status);
                                    SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation: chain element status information: "
                                        + element.ChainElementStatus[index].StatusInformation);
                                }
                            }
                        }
                    }
                    else if(Errors.Equals(SslPolicyErrors.RemoteCertificateNameMismatch)){
                        SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation: The certificate contains errors.");
                    }
                    else if(Errors.Equals(SslPolicyErrors.RemoteCertificateNotAvailable)){
                        SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation: The certificate is not available");
                    }

                    SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Policy Errors: " + Errors);
                    return false;
                } else{ //Trusted certificate
                    SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Trusted Certificate");
                    return true;
                }
            } catch (Exception e) {
                SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation: Unhandled exception: " + e.Message);
                return false;
            }
        }
示例#3
0
        /// <summary>
        /// Validates the web certificates.
        /// </summary>
        /// <returns>
        /// <c>true</c>, if web certificates was validated, <c>false</c> otherwise.
        /// </returns>
        /// <param name='sender'>
        /// <c>Object</c> usually parsed as WebRequest or HttpWebRequest.
        /// </param>
        /// <param name='endCert'>
        /// Certificate consumed in the request.
        /// </param>
        /// <param name='chain'>
        /// Certificate chain total or partial.
        /// </param>
        /// <param name='Errors'>
        /// Policy errors found during the chain build process.
        /// </param>
        public static bool ValidateWebCertificates(Object sender, System.Security.Cryptography.X509Certificates.X509Certificate endCert, System.Security.Cryptography.X509Certificates.X509Chain chain, SslPolicyErrors Errors)
        {
            SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation");
            try {
                X509Certificate BCCert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate (endCert);
                if (!CertificateIsTheSame (BCCert)) {
                    chain.Build (new System.Security.Cryptography.X509Certificates.X509Certificate2 (endCert.GetRawCertData ()));
                    if(Errors.Equals(SslPolicyErrors.None))
                    {
                        if(chain== null || chain.ChainElements== null || chain.ChainElements.Count==0)
                            SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Chain is empty");
                        bool bCertIsOk = false;
                        if (CertIsValidNow (BCCert))
                            if (chain.ChainElements.Count > 1 && !VerifyCertificateOCSP(chain)) bCertIsOk = true;
                        if (bCertIsOk) {
                            myCertificateList.Add (BCCert.GetHashCode(), DateTime.Now);
                            SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Valid Certificate");
                            return true;
                        } else{
                            SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Invalid Certificate");
                            return false;
                        }

                    }else if(Errors.Equals(SslPolicyErrors.RemoteCertificateChainErrors)){
                        SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation: Errors found in the certificate chain.");
                    }
                    else if(Errors.Equals(SslPolicyErrors.RemoteCertificateNameMismatch)){
                        SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation: The certificate contains errors.");
                    }
                    else if(Errors.Equals(SslPolicyErrors.RemoteCertificateNotAvailable)){
                        SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation: The certificate is not available");
                    }

                    SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Policy Errors: " + Errors);
                    return false;
                } else{ //Trusted certificate
                    SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Trusted Certificate");
                    return true;
                }
            } catch (Exception e) {
                SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation: Unhandled exception: " + e.Message);
                return false;
            }
        }