Switching branch to support customer

847a4caf · Klaus Fischer · 2e5bd2bf · 847a4caf · 847a4caf · 847a4caf
Commit 847a4caf authored 2 years ago by Klaus Fischer
--- a/.idea/.idea.FitConnect/.idea/.name
+++ b/.idea/.idea.FitConnect/.idea/.name
+FitConnect
\ No newline at end of file
--- a/FitConnect/Encryption/CertificateHelper.cs
+++ b/FitConnect/Encryption/CertificateHelper.cs
@@ -29,10 +29,9 @@ public class CertificateHelper {

        if (rootCertificate != null) {
            certificateChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
-            certificateChain.ChainPolicy.ExtraStore.AddRange(rootCertificate);
            certificateChain.ChainPolicy.CustomTrustStore.AddRange(rootCertificate);
-            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
-            certificateChain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
+            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.Offline;
+            certificateChain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
            certificateChain.ChainPolicy.DisableCertificateDownloads = false;
            certificateChain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;
            _logger?.LogDebug("Using custom root certificate");
@@ -53,7 +52,7 @@ public class CertificateHelper {
        var statusAggregation = certificateChain.ChainStatus.Aggregate("",
            (r, s) => r + "\n\t - " + s.Status + ": " + s.StatusInformation);

-        if (!result)
+        if (certificateChain.ChainStatus.Length > 0)
            _logger?.Log(logLevel, "Certificate status: {ObjStatusInformation}",
                statusAggregation);

@@ -76,7 +75,7 @@ public class CertificateHelper {
        var valid = certificates.Aggregate(true,
            (result, cert) => result
                              && ValidateCertificate(cert, out _, root, logLevel)
-                              // && cert.Verify()
+            // && cert.Verify()
        );
        return valid;
    }

--- a/IntegrationTests/CertificateValidation.cs
+++ b/IntegrationTests/CertificateValidation.cs
@@ -162,7 +162,8 @@ public class CertificateValidation {
                    shouldFail ? LogLevel.Warning : LogLevel.Critical, new[] {
                        new X509Certificate2("./certificates/root.pem"),
                        new X509Certificate2("./certificates/ca.30244.der"),
-                        new X509Certificate2("./certificates/ca.21636.der")
+                        new X509Certificate2("./certificates/ca.26305.der"),
+                        new X509Certificate2("./certificates/ca.26281.der")
                    });

                if (shouldFail)

--- a/IntegrationTests/IntegrationTests.csproj
+++ b/IntegrationTests/IntegrationTests.csproj
@@ -66,6 +66,12 @@
        <None Update="certificates\invalidEncJwkWithLessThan3Certificates.json">
          <CopyToOutputDirectory>Always</CopyToOutputDirectory>
        </None>
+        <None Update="certificates\ca.26281.der">
+          <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+        </None>
+        <None Update="certificates\ca.26305.der">
+          <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+        </None>
    </ItemGroup>

 </Project>