private void PinCerts(HttpWebRequest client)
{
LogHelper.Log("CORE: Pinning certs...");
client.ClientCertificates.Clear();
foreach (var values in CertManager.GetCerts())
{
X509Certificate cert = new X509Certificate(values.Value);
client.ClientCertificates.Add(cert);
}
}
public static Tuple <NetTcpBinding, EndpointAddress> PrepBindingAndAddressForReader(string ServiceCertCN)
{
NetTcpBinding binding = new NetTcpBinding();
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate;
/// Use CertManager class to obtain the certificate based on the "srvCertCN" representing the expected service identity.
X509Certificate2 srvCert = CertManager.GetCertificateFromStorage(StoreName.TrustedPeople, StoreLocation.LocalMachine, ServiceCertCN);
EndpointAddress address = new EndpointAddress(new Uri(Config.ReaderServiceAddress), new X509CertificateEndpointIdentity(srvCert));
binding.ReceiveTimeout = TimeSpan.FromMinutes(30);
binding.SendTimeout = TimeSpan.FromMinutes(30);
return(new Tuple <NetTcpBinding, EndpointAddress>(binding, address));
}
public static bool ValidateSignature(string s, byte[] signature, string signCert)
{
if (signature == null)
{
return(false);
}
X509Certificate2 clientCertificate = CertManager.GetCertificateFromStorage(StoreName.TrustedPeople, StoreLocation.LocalMachine, signCert);
/// Verify signature using SHA1 hash algorithm
if (DigitalSignature.Verify(s, "SHA1", signature, clientCertificate))
{
Console.WriteLine("Digital Signature is valid.");
//Console.WriteLine(message);
return(true);
}
else
{
Console.WriteLine("Digital Signature is invalid.");
return(false);
}
}
/// <summary>
/// Validates the server certificate.
/// </summary>
/// <returns><c>true</c>, if server certificate was validated, <c>false</c> otherwise.</returns>
/// <param name="sender">Sender.</param>
/// <param name="certificate">Certificate.</param>
/// <param name="chain">Chain.</param>
/// <param name="policyErrors">Policy errors.</param>
public static bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors policyErrors)
{
// Logic to determine the validity of the certificate
if (policyErrors == SslPolicyErrors.None)
{
return(true);
}
if (policyErrors == SslPolicyErrors.RemoteCertificateChainErrors)
{
Console.WriteLine("Certificate chain error: {0}", policyErrors);
foreach (var chainstat in chain.ChainStatus)
{
Console.WriteLine("{0}", chainstat.Status);
Console.WriteLine("{0}", chainstat.StatusInformation);
}
foreach (var cert in CertManager.GetCerts())
{
X509Certificate c = new X509Certificate(cert.Value);
if (c.GetCertHashString().Equals(certificate.GetCertHashString()))
{
return(true);
}
}
return(false);
}
Console.WriteLine("Certificate error: {0}", policyErrors);
return(false);
}
