Terraria v1.4.4.9
Terraria source code documentation
All Classes Namespaces Files Functions Variables Enumerations Enumerator Properties Events Macros
CertificateHelper.cs
Go to the documentation of this file.
1using System.Security.Cryptography;
2using System.Security.Cryptography.X509Certificates;
3
4namespace System.Net.Security;
5
6internal static class CertificateHelper
7{
8 internal static X509Certificate2 GetEligibleClientCertificate(X509CertificateCollection candidateCerts)
9 {
10 if (candidateCerts.Count == 0)
11 {
12 return null;
13 }
14 X509Certificate2Collection x509Certificate2Collection = new X509Certificate2Collection();
15 x509Certificate2Collection.AddRange(candidateCerts);
16 return GetEligibleClientCertificate(x509Certificate2Collection);
17 }
18
19 internal static X509Certificate2 GetEligibleClientCertificate(X509Certificate2Collection candidateCerts)
20 {
21 if (candidateCerts.Count == 0)
22 {
23 return null;
24 }
25 foreach (X509Certificate2 candidateCert in candidateCerts)
26 {
27 if (!candidateCert.HasPrivateKey)
28 {
29 if (System.Net.NetEventSource.Log.IsEnabled())
30 {
31 System.Net.NetEventSource.Info(candidateCerts, $"Skipping current X509Certificate2 {candidateCert.GetHashCode()} since it doesn't have private key. Certificate Subject: {candidateCert.Subject}, Thumbprint: {candidateCert.Thumbprint}.", "GetEligibleClientCertificate");
32 }
33 }
34 else if (IsValidClientCertificate(candidateCert))
35 {
36 if (System.Net.NetEventSource.Log.IsEnabled())
37 {
38 System.Net.NetEventSource.Info(candidateCerts, $"Choosing X509Certificate2 {candidateCert.GetHashCode()} as the Client Certificate. Certificate Subject: {candidateCert.Subject}, Thumbprint: {candidateCert.Thumbprint}.", "GetEligibleClientCertificate");
39 }
40 return candidateCert;
41 }
42 }
43 if (System.Net.NetEventSource.Log.IsEnabled())
44 {
45 System.Net.NetEventSource.Info(candidateCerts, "No eligible client certificate found.", "GetEligibleClientCertificate");
46 }
47 return null;
48 }
49
50 private static bool IsValidClientCertificate(X509Certificate2 cert)
51 {
52 foreach (X509Extension extension in cert.Extensions)
53 {
54 if (extension is X509EnhancedKeyUsageExtension x509EnhancedKeyUsageExtension && !IsValidForClientAuthenticationEKU(x509EnhancedKeyUsageExtension))
55 {
56 if (System.Net.NetEventSource.Log.IsEnabled())
57 {
58 System.Net.NetEventSource.Info(cert, $"For Certificate {cert.GetHashCode()} - current X509EnhancedKeyUsageExtension {x509EnhancedKeyUsageExtension.GetHashCode()} is not valid for Client Authentication.", "IsValidClientCertificate");
59 }
60 return false;
61 }
62 if (extension is X509KeyUsageExtension x509KeyUsageExtension && !IsValidForDigitalSignatureUsage(x509KeyUsageExtension))
63 {
64 if (System.Net.NetEventSource.Log.IsEnabled())
65 {
66 System.Net.NetEventSource.Info(cert, $"For Certificate {cert.GetHashCode()} - current X509KeyUsageExtension {x509KeyUsageExtension.GetHashCode()} is not valid for Digital Signature.", "IsValidClientCertificate");
67 }
68 return false;
69 }
70 }
71 return true;
72 }
73
74 private static bool IsValidForClientAuthenticationEKU(X509EnhancedKeyUsageExtension eku)
75 {
76 OidEnumerator enumerator = eku.EnhancedKeyUsages.GetEnumerator();
77 while (enumerator.MoveNext())
78 {
79 Oid current = enumerator.Current;
80 if (current.Value == "1.3.6.1.5.5.7.3.2")
81 {
82 return true;
83 }
84 }
85 return false;
86 }
87
88 private static bool IsValidForDigitalSignatureUsage(X509KeyUsageExtension ku)
89 {
90 return (ku.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.DigitalSignature;
91 }
92
93 internal static X509Certificate2 GetEligibleClientCertificate()
94 {
95 X509Certificate2Collection certificates;
96 using (X509Store x509Store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
97 {
98 x509Store.Open(OpenFlags.OpenExistingOnly);
99 certificates = x509Store.Certificates;
100 }
101 return GetEligibleClientCertificate(certificates);
102 }
103}
System.Net.NetEventSource.Log
static readonly System.Net.NetEventSource Log
Definition NetEventSource.cs:20
System.Net.NetEventSource.Info
static void Info(object thisOrContextObject, FormattableString formattableString=null, [CallerMemberName] string memberName=null)
Definition NetEventSource.cs:192
System.Net.Security.CertificateHelper.GetEligibleClientCertificate
static X509Certificate2 GetEligibleClientCertificate()
Definition CertificateHelper.cs:93
System.Net.Security.CertificateHelper.GetEligibleClientCertificate
static X509Certificate2 GetEligibleClientCertificate(X509Certificate2Collection candidateCerts)
Definition CertificateHelper.cs:19
System.Net.Security.CertificateHelper.GetEligibleClientCertificate
static X509Certificate2 GetEligibleClientCertificate(X509CertificateCollection candidateCerts)
Definition CertificateHelper.cs:8
System.Net.Security.CertificateHelper.IsValidClientCertificate
static bool IsValidClientCertificate(X509Certificate2 cert)
Definition CertificateHelper.cs:50
System.Net.Security.CertificateHelper.IsValidForClientAuthenticationEKU
static bool IsValidForClientAuthenticationEKU(X509EnhancedKeyUsageExtension eku)
Definition CertificateHelper.cs:74
System.Net.Security.CertificateHelper.IsValidForDigitalSignatureUsage
static bool IsValidForDigitalSignatureUsage(X509KeyUsageExtension ku)
Definition CertificateHelper.cs:88