Skip to content

dmariogatto/certificate-transparency

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

87 Commits
src
src
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
NOTICE.md
NOTICE.md
 
 
README.md
README.md
 
 
ThirdPartyLicense.md
ThirdPartyLicense.md
 
 
logo.png
logo.png
 
 

Repository files navigation

Certificate Transparency for .NET

C# .NET port of,

Cats.CertificateTransparency Logo

    Install-Package Cats.CertificateTransparency

Blog Post

The library is designed to be dependency injection friendly, every service class has a matching interface. However, to get things up and running quickly there is also a static Instance class which will construct lazy singletons for both ILogListService and CertificateTransparencyVerifier.

If you want to provide a custom list of included and excluded domains to these static instances you must first call Instance.InitDomains. By default validation will be enabled for all TLS secured domains.

Instance.InitDomains(new [] { "*.google.com", "microsoft.com" }, new [] { "nuget.org" });

Examples

Plain old .NET Framework

var client = new HttpClient(new HttpClientHandler()
{
    ServerCertificateCustomValidationCallback = (request, certificate, chain, sslPolicyErrors) =>
    {
        var certificateChain = chain.ChainElements.OfType<X509ChainElement>().Select(i => i.Certificate).ToList();
        var certificateVerifier = Cats.CertificateTransparency.Instance.CertificateTransparencyVerifier;
        var ctValueTask = certificateVerifier.IsValidAsync(request.RequestUri.Host, certificateChain, CancellationToken.None);

        var ctResult = ctValueTask.IsCompleted
            ? ctValueTask.Result
            : ctValueTask.AsTask().Result;

        return ctResult.IsValid;
    }
});

Xamarin Android

bool VerifyCtResult(string hostname, IList<DotNetX509Certificate> certificateChain, CtVerificationResult result)
{
    // any extra checks or logging you might want to add
    return result.IsValid;
}

// optionally pass in a function to manually handle the transparency result
var httpHandler = new Cats.CertificateTransparency.CatsAndroidClientHandler(VerifyCtResult);
var client = new HttpClient(httpHandler);

Xamarin iOS

There is currently no platform specific implementation for iOS. Certificate transparency is already enabled since iOS 12.1.1, however, it can be disabled per domain via a property list setting NSRequiresCertificateTransparency.

If you are keen you could use the CertificateVerifier to build your own HttpClientHandler, similar to the included Android implementation.

Contributions

Any contributions are welcome! Especially extra test cases!

About

Certificate Transparency ported to C# for .NET

Topics

certificate-transparency

Resources

Readme

License

MIT license
Activity

Stars

6 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases 9

3.0.0 Latest
Sep 29, 2024
+ 8 releases

Packages

No packages published

Languages