Skip to content
Snippets Groups Projects
Commit e9e34a2b authored by Klaus Fischer's avatar Klaus Fischer
Browse files

Validating amazon cert working

parent 2c064388
No related branches found
No related tags found
1 merge request!9.NET-SDK: SET-Empfang inkl. Signaturprüfung - Ticket 562
Hide whitespace changes
Inline Side-by-side
FitConnect/Encryption/CertificateHelper.cs
+ 11
8
View file @ e9e34a2b
...@@ -14,26 +14,29 @@ public class CertificateHelper { ...@@ -14,26 +14,29 @@ public class CertificateHelper {
internal bool ValidateCertificate(JsonWebKey key) { internal bool ValidateCertificate(JsonWebKey key) {
var certificates = key.X5c.Select(s => new X509Certificate2(Convert.FromBase64String(s))) var certificates = key.X5c.Select(s => new X509Certificate2(Convert.FromBase64String(s)))
.ToList(); .ToList();
_logger?.LogWarning("Found {Count} certificate(s)", certificates.Count);
var valid = certificates.Aggregate(true, var valid = certificates.Aggregate(true,
(result, cert) => result (result, cert) => result
&& ValidateCertificate(cert, out var _)
&& cert.Verify() && cert.Verify()
&& OcspCheck(cert, cert.Issuer)
); );
return valid; return valid;
} }
private bool OcspCheck(X509Certificate2 certificateX509, string issuer) { public bool ValidateCertificate(X509Certificate2 certificateX509, out X509ChainStatus[] chainStatus) {
var issuerBytes = Convert.FromBase64String(issuer);
var issuerX509 = new X509Certificate2(issuerBytes);
var certificateChain = new X509Chain(); var certificateChain = new X509Chain();
certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.Online; certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.Offline;
certificateChain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot; certificateChain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
certificateChain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag; certificateChain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;
certificateChain.ChainPolicy.ExtraStore.Add(issuerX509);
certificateChain.Build(certificateX509); certificateChain.Build(certificateX509);
chainStatus = certificateChain.ChainStatus;
_logger?.LogInformation("Certificate status: {ObjStatusInformation}",
certificateChain.ChainStatus.Aggregate("", (r,s)=>r+"\n\t - "+s.Status + ": "+ s.StatusInformation));
return certificateChain.ChainStatus.Length == 0; return certificateChain.ChainStatus.Length == 0;
} }
} }
IntegrationTests/CertificateValidation.cs
+ 31
0
View file @ e9e34a2b
using System.IO;
using System.Linq;
using System.Net;
using System.Security.Cryptography.X509Certificates;
using Autofac; using Autofac;
using FitConnect.Encryption; using FitConnect.Encryption;
using FluentAssertions; using FluentAssertions;
...@@ -34,9 +38,36 @@ public class CertificateValidation { ...@@ -34,9 +38,36 @@ public class CertificateValidation {
.Should().BeTrue(); .Should().BeTrue();
} }
[Test]
public void CheckPublicKeySignature() {
_certificateHelper.ValidateCertificate(new JsonWebKey(_settings.PublicKeySignatureVerification))
.Should().BeTrue();
}
[Test] [Test]
public void CheckPrivateKeyDecryption() { public void CheckPrivateKeyDecryption() {
_certificateHelper.ValidateCertificate(new JsonWebKey(_settings.PrivateKeyDecryption)) _certificateHelper.ValidateCertificate(new JsonWebKey(_settings.PrivateKeyDecryption))
.Should().BeTrue(); .Should().BeTrue();
} }
[Test]
public void CheckSetPublicKey() {
_certificateHelper.ValidateCertificate(new JsonWebKey("{\"keys\":[{\"alg\":\"PS512\",\"e\":\"AQAB\",\"key_ops\":[\"verify\"],\"kid\":\"ti1Z0KkG1uAXvd2XnWb5wWu8slGylvsvz3nOSe7yuAc\",\"kty\":\"RSA\",\"n\":\"xZcHMixJpDROXgGMU53Y9Y0KqYzJkKp8G5XTa1VhRmZ8kMqCZ5YJr07MeJNhpxKFaVhpNX3msRXVzSIm7PI4aG4qKCl0glB7OgnkGtwoJcIYjhbamxBgeWsfDR47LiyQykPZC61SFUkdvPsB6elrKHc9zYK_ijd2wCJrSoVkDJuH4A5xwrh8tdNDuQrirySW7BnqLlBfVgsEjM_66oK3PLRtbA09lbqqTqWkdgKNkWOkFc4zvHBjFFLKR8gWt0EpifhJWgazj6LnkUPiswuP8gel3rGrwe9DLaKndaB01bCnXNRjX2W-K8h6TFdU2sDExCwvTHRRNDEEo3dtqYi6vArnY25I7Lw2S-W3c8Kha7hkAZRCMafCsRXbskrW5pkQl2uYlBMdWiKtaRiqkwfmIW_DjWitscaX3I_oDMHLvXrDIvrbR3sY14WeudoiVOOs_lHmNn_CH_QmOLRIouE5PIVxbDDoohvgvNug-JtuL32y8ePxmutP6qoAaJw01UzhiyoJ0uEAwr4_1z46gy1eIzDCPdd9PU3YsnvD8YVi1KqxWWh-QzZyr-L4aiPMkgbBh5sJqHO5FHnpgTCxNQX6z5N4m65t72XhXyUDwtIWuY2RRr67SlMlzlC4vEeR-JKfGyeSjAqpH_HdmokxRYXsa991ppvJ-nGOrDkwTS9t4-U\",\"x5c\":[\"MIIFCTCCAvECBAM+S80wDQYJKoZIhvcNAQENBQAwSTELMAkGA1UEBhMCREUxFTATBgNVBAoMDFRlc3RiZWhvZXJkZTEjMCEGA1UEAwwaRklUIENvbm5lY3QgVGVzdHplcnRpZmlrYXQwHhcNMjIwNjI4MTE1MzE2WhcNMzIwNjI1MTE1MzE2WjBJMQswCQYDVQQGEwJERTEVMBMGA1UECgwMVGVzdGJlaG9lcmRlMSMwIQYDVQQDDBpGSVQgQ29ubmVjdCBUZXN0emVydGlmaWthdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMWXBzIsSaQ0Tl4BjFOd2PWNCqmMyZCqfBuV02tVYUZmfJDKgmeWCa9OzHiTYacShWlYaTV95rEV1c0iJuzyOGhuKigpdIJQezoJ5BrcKCXCGI4W2psQYHlrHw0eOy4skMpD2QutUhVJHbz7Aenpayh3Pc2Cv4o3dsAia0qFZAybh+AOccK4fLXTQ7kK4q8kluwZ6i5QX1YLBIzP+uqCtzy0bWwNPZW6qk6lpHYCjZFjpBXOM7xwYxRSykfIFrdBKYn4SVoGs4+i55FD4rMLj/IHpd6xq8HvQy2ip3WgdNWwp1zUY19lvivIekxXVNrAxMQsL0x0UTQxBKN3bamIurwK52NuSOy8Nkvlt3PCoWu4ZAGUQjGnwrEV27JK1uaZEJdrmJQTHVoirWkYqpMH5iFvw41orbHGl9yP6AzBy716wyL620d7GNeFnrnaIlTjrP5R5jZ/wh/0Jji0SKLhOTyFcWww6KIb4LzboPibbi99svHj8ZrrT+qqAGicNNVM4YsqCdLhAMK+P9c+OoMtXiMwwj3XfT1N2LJ7w/GFYtSqsVlofkM2cq/i+GojzJIGwYebCahzuRR56YEwsTUF+s+TeJuube9l4V8lA8LSFrmNkUa+u0pTJc5QuLxHkfiSnxsnkowKqR/x3ZqJMUWF7Gvfdaabyfpxjqw5ME0vbePlAgMBAAEwDQYJKoZIhvcNAQENBQADggIBAH31Bm9xhtAv7kTWH2fgsoQkYKwFhcd7sYtTaBljbHVf3lIxqT70/UpJ6oN2avreSdPf1gO+pB1AhOnfs3pqzPxKubXOda39CyG7jkbHEea+nYjnLxaSKze/rNKpuxj7ZnEXxxt6YIHaq1Ihy4qevDknpGiWEuX57YP6Ojfp9o/pk1VP90r3+KeT3leXKd6dIfN2z14nVe082lmZcMzI8CIrXVRVaxce/OKHIpePHDdDCuycpTOvUfLpQgkXkMAIg5ksT0k0kvk0IXDZAKiVe3lK+ciqAm3kCjXATto+6AFighIwIbTPK35bD9VVjd4BjQx+VAVcAOznp66YcPfdlA+zYQfC3BQ38bzjuEm0jZkhzn/B1SUWzboh6qOGHMxz9V/pROJwjQQ/acvwcN3dcAZFBjMfORMzxippP07U0KfpTJzB95P8wyKQJpgoQ0CZITzxprrW1XF9f/Rjibw6uDHC3Tj7ByBYWZIArCOWEmfKkup7c5bOwucaPRTd4zjF0dPM8jrvbZNItmroMrUQTZ/TRkLTD1x8JJoVLadtnINkNXAgc+ATa07BIAw8Vp/POVC1JHTSvjMVm+c1KAT2C98kMHGcMQjx356n3GjoTBhMtuRS8+BYrFfnWkdmwNRkRu4qrHwecL5eu0K2tosq2KM5KYEraeb9sDna3t3McOju\"]},{\"alg\":\"RSA-OAEP-256\",\"e\":\"AQAB\",\"key_ops\":[\"wrapKey\"],\"kid\":\"vr7cWKGl-g4Wa_CRGowNhAYW_gQb-akMbiigxN0EkDI\",\"kty\":\"RSA\",\"n\":\"zjG3Ic12-kGWiXqVE7CDjICyAb3MpDuhCSM1NTGduy6KqFE-meJjX9lu1MRmquwMu1LNv0Hjx4ksiB0ZL6YjlnqQVMbVdoxnjpcQnFk1j8t1_ndhOatbdCrEZXTm3v_KWpZBm1II8OweN9flLKgk4VM9YyoWMuIqWUnMGLaP8VNsnvcrWBVS_tXtSJG4BF-pJwNQfp6A0rNrsKm_MBF-3uTIXfNrdybjDWu1XrIGR25Y6r8kvNy0yynu9tfhLwBbqbgG8PYktIy6THspdja7QCC2afM0INci1Gj_48YfesLcLbv-jIjLKQn3h9mxKLPYV9-dsRSCZT7HpHPBZ9PcqiuAbfAjpwQKIGYUJkt0GGOhnM-ljKvosGsh4xsCKncJbE2drIHbM1kiGWuGQ_DVaTFxkMEslqqX8_t1AqSdTWD3gqI-02PGc7w1J-iUWQsZDfNPQsihJdg_Icw6IbzGApzNIyAFeSSgJNNJSpY5eXHZB4V0IoGTHFb3jt8wqkDycYiEiTgmLJylXVd_l5DlqXP47HdB5RKLbaZI3iGEMzK98vBl4qWkixDBxDzONa5eWUckB1-vdYYuPksKTqLk1Wlh9a2b75KsOJKcaBOXEHufVIBZy8a-GGbkg21rnGCYU5jmLcPBij0D03PFnD7u0RlPaTe5jWCbF3oYMmQ6Ehc\",\"x5c\":[\"MIIFCTCCAvECBAONrDowDQYJKoZIhvcNAQENBQAwSTELMAkGA1UEBhMCREUxFTATBgNVBAoMDFRlc3RiZWhvZXJkZTEjMCEGA1UEAwwaRklUIENvbm5lY3QgVGVzdHplcnRpZmlrYXQwHhcNMjIwNjI4MTE1MzE1WhcNMzIwNjI1MTE1MzE1WjBJMQswCQYDVQQGEwJERTEVMBMGA1UECgwMVGVzdGJlaG9lcmRlMSMwIQYDVQQDDBpGSVQgQ29ubmVjdCBUZXN0emVydGlmaWthdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM4xtyHNdvpBlol6lROwg4yAsgG9zKQ7oQkjNTUxnbsuiqhRPpniY1/ZbtTEZqrsDLtSzb9B48eJLIgdGS+mI5Z6kFTG1XaMZ46XEJxZNY/Ldf53YTmrW3QqxGV05t7/ylqWQZtSCPDsHjfX5SyoJOFTPWMqFjLiKllJzBi2j/FTbJ73K1gVUv7V7UiRuARfqScDUH6egNKza7CpvzARft7kyF3za3cm4w1rtV6yBkduWOq/JLzctMsp7vbX4S8AW6m4BvD2JLSMukx7KXY2u0AgtmnzNCDXItRo/+PGH3rC3C27/oyIyykJ94fZsSiz2FffnbEUgmU+x6RzwWfT3KorgG3wI6cECiBmFCZLdBhjoZzPpYyr6LBrIeMbAip3CWxNnayB2zNZIhlrhkPw1WkxcZDBLJaql/P7dQKknU1g94KiPtNjxnO8NSfolFkLGQ3zT0LIoSXYPyHMOiG8xgKczSMgBXkkoCTTSUqWOXlx2QeFdCKBkxxW947fMKpA8nGIhIk4JiycpV1Xf5eQ5alz+Ox3QeUSi22mSN4hhDMyvfLwZeKlpIsQwcQ8zjWuXllHJAdfr3WGLj5LCk6i5NVpYfWtm++SrDiSnGgTlxB7n1SAWcvGvhhm5INta5xgmFOY5i3DwYo9A9NzxZw+7tEZT2k3uY1gmxd6GDJkOhIXAgMBAAEwDQYJKoZIhvcNAQENBQADggIBAI2knmZldxsrJp6Lyk+eLEVbrZI3BuHdfs+9q5I8R2b/RoqEuI05ZxoFPMZGyOMUINsXpthWMGsyALs512nmzR4bD1NGu5Ada3P/UiK3zaZk+xpJ9qAJo9xATRlGkdPhW5HyztUap1M+UW0GA/fDZJLRDVAlF+8czCPahP8ZhP5pkZcPTL/xxvQwDmadmdDRAEObOQlx58SwqQYC/FnO6lEFRhY+Hak9W4E1MoegoG8KFwOvqVRiRx3IVy1vdMQZgRRLDLkZzKIlI8WwkJONObVqdSrF2HfnEk6jhsG7/4Prn16XBSRi7wdqLOnnUpxwKsvL7BZVqAPcJ821XLxZ8wmRVItMnO3qJPP6RqVj7wfB7hnUOLHDywbGGWSrk0gi3x81x3tYXf8S+AbEn59uGIiArZjKmErvgFdtCWS8ILd7EFGYaMSYCCaJxoM/N5LckxAQXmsCgiLeOxXez2+H/uTRbctc5XEgNuVt+k92bF8amaGi5gUO60v7k4hPsnSHFzIqhsfiiOE6Pewyt96teAx4Xc2vMULcc2MUOHeiqK77OzHj8jN+/nztVSnYSrbaPYhJuIXVW5UZExG8kCTSNKK3aS+4++El7sbIHsqBTKvTmQvOMaBrGbZZR5jy5RTZSPi4njBdkjzRogloZRBoOSLebbR4B+4LMeoidxoOQN6O\"]}]}"))
.Should().BeTrue();
}
[Test]
public void CheckPrivateKeySigning() {
_certificateHelper.ValidateCertificate(new JsonWebKey(_settings.PrivateKeySigning))
.Should().BeTrue();
}
[Test]
public void CheckPemFiles() {
var files = System.IO.Directory.GetFiles("./certificates");
foreach (var fileName in files) {
_logger.LogInformation(fileName);
var certificate = X509Certificate2.CreateFromPem(File.ReadAllText(fileName));
_certificateHelper.ValidateCertificate(certificate, out var states);
}
}
} }
IntegrationTests/IntegrationTests.csproj
+ 6
0
View file @ e9e34a2b
...@@ -30,6 +30,12 @@ ...@@ -30,6 +30,12 @@
<None Update="Test.pdf"> <None Update="Test.pdf">
<CopyToOutputDirectory>Always</CopyToOutputDirectory> <CopyToOutputDirectory>Always</CopyToOutputDirectory>
</None> </None>
<None Update="certificates\www-amazon-de.pem">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</None>
<None Update="certificates\www-amazon-de-zertifikatskette.pem">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</None>
</ItemGroup> </ItemGroup>
</Project> </Project>
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment