More than 3 years have passed since last update.

cscの作法その213

Last updated at 2022-06-26Posted at 2022-06-26

概要

cscの作法、調べてみた。
練習問題やってみた。

練習問題

qiitaの証明書を読め。

サンプルコード

using System.Reflection;
using System.Collections;
using System.IO;
using System;
using System.Text;
using System.Net;
using System.Net.Http;
using System.Security.Cryptography.X509Certificates;

namespace app
{
	class test0 {
		private static void PrintChain(X509Chain chain) {
			Console.WriteLine("Chain: " + chain.ChainStatus.Length);
			//Console.WriteLine("Certificate error: " + sslPolicyErrors);
			Console.WriteLine(string.Format("Chain revocation flag: {0}", chain.ChainPolicy.RevocationFlag));
			Console.WriteLine(string.Format("Chain revocation mode: {0}", chain.ChainPolicy.RevocationMode));
			Console.WriteLine(string.Format("Chain verification flag: {0}", chain.ChainPolicy.VerificationFlags));
			Console.WriteLine(string.Format("Chain verification time: {0}", chain.ChainPolicy.VerificationTime));
			Console.WriteLine(string.Format("Chain status length: {0}", chain.ChainStatus.Length));
			Console.WriteLine(string.Format("Chain application policy count: {0}", chain.ChainPolicy.ApplicationPolicy.Count));
			Console.WriteLine(string.Format("Chain certificate policy count: {0} {1}", chain.ChainPolicy.CertificatePolicy.Count, Environment.NewLine));
			for (int i = 0; i < chain.ChainStatus.Length; i++) 
			{
				Console.WriteLine("Chain status: " + chain.ChainStatus[i].Status);
				foreach (X509ChainElement element in chain.ChainElements)
				{
					Console.WriteLine(string.Format("Element issuer name: {0}", element.Certificate.Issuer));
					Console.WriteLine(string.Format("Element certificate valid until: {0}", element.Certificate.NotAfter));
					Console.WriteLine(string.Format("Element certificate is valid: {0}", element.Certificate.Verify ()));
					Console.WriteLine(string.Format("Element error status length: {0}", element.ChainElementStatus.Length));
					Console.WriteLine(string.Format("Element information: {0}", element.Information));
					Console.WriteLine(string.Format("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine));
					if (chain.ChainStatus.Length > 1)
					{
						for (int index = 0; index < element.ChainElementStatus.Length; index++)
						{
							Console.WriteLine("Status:" + element.ChainElementStatus[index].Status);
							Console.WriteLine("Status:" + element.ChainElementStatus[index].StatusInformation);
						}
					}
				}
			}
		}
		private static void PrintCertificate(X509Certificate certificate) {
			Console.WriteLine("Subject: {0}", certificate.Subject);
			Console.WriteLine("Issuer: {0}", certificate.Issuer);
			Console.WriteLine("Format: {0}", certificate.GetFormat());
			Console.WriteLine("ExpirationDate: {0}", certificate.GetExpirationDateString());
			Console.WriteLine("EffectiveDate: {0}", certificate.GetEffectiveDateString());
			Console.WriteLine("KeyAlgorithm: {0}", certificate.GetKeyAlgorithm());
			Console.WriteLine("PublicKey: {0}", certificate.GetPublicKeyString());
			Console.WriteLine("SerialNumber: {0}", certificate.GetSerialNumberString());
		}
		static void Main() {
			ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
			string url = "https://qiita.com/";
			var httpClientHandler = new HttpClientHandler {
				ServerCertificateCustomValidationCallback = (_, cert, chain, ___) => {
					PrintCertificate(cert);
					PrintChain(chain);
					return true;
				}
			};
			HttpClient client = new HttpClient(httpClientHandler);
			string response = client.GetStringAsync(url).Result;
			Console.WriteLine("ok");
		}
	}
}

実行結果

>ssl9
Subject: CN=qiita.com
Issuer: CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
Format: X509
ExpirationDate: 2023/02/02 8:59:59
EffectiveDate: 2022/01/03 9:00:00
KeyAlgorithm: 1.2.840.113549.1.1.1
PublicKey: 3082010A02820101008DC442B02D1E493C8D88F0D3DD8DA0A5B7EDC154133D78CA2101CD29F4826F03E7AAE81481A3DD886E2B17CDB11FB182CD57099EF256DBC8D26E12E850A2E1C1E47DF0A112D9F422BC09CF5D6C189032C0231B306B69AD67F2A3A118880321B92154A43FBD0E8643FE6AE6C3B645FCE6AFC5C2DAF15BF53FFDDCC7DEC1E65761ABE6E2891D6E4C80363B4BAB0ECE567A6FA84E53410CE755E9C90C0D39193CEEB3D666E13D74F37A3371DD53A0E66324DAA4E55A657B423EE09F1F0A30573B5E2FFD8A61A2B9232631184595D41634D161F364AB1204BCA4E13954C13F93076A52F52E2CA19B8D0FA13C7EFB3E49ED0FE6A310AAFA3D72B52C4823DAA30683010203010001
SerialNumber: 01178E8CAD28548D5889A72737A5E69D
Chain: 0
Chain revocation flag: ExcludeRoot
Chain revocation mode: NoCheck
Chain verification flag: NoFlag
Chain verification time: 2022/06/25 20:46:41
Chain status length: 0
Chain application policy count: 1
Chain certificate policy count: 0

ok

以上。

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up

cscの作法 その213

概要

練習問題

サンプルコード

実行結果

cscの作法その213