Skip to content
This repository was archived by the owner on Dec 18, 2018. It is now read-only.

Commit 7c50a29

Browse files
author
Cesar Blum Silveira
committed
More cert validation.
1 parent 633a275 commit 7c50a29

File tree

1 file changed

+14
-1
lines changed

1 file changed

+14
-1
lines changed

src/Kestrel/DefaultHttpsProvider.cs

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
using System;
55
using System.Collections.Generic;
66
using System.Linq;
7+
using System.Security.Cryptography;
78
using System.Security.Cryptography.X509Certificates;
89
using Microsoft.AspNetCore.Hosting;
910
using Microsoft.AspNetCore.Server.Kestrel.Core;
@@ -22,13 +23,15 @@ public void ConfigureHttps(ListenOptions listenOptions)
2223

2324
private static X509Certificate2 FindDevelopmentCertificate()
2425
{
26+
// TODO: replace this with call to CertificateManager.FindCertificates(CertificatePurpose.HTTPS, StoreName.My, StoreLocation.CurrentUser, isValid: true)
27+
// when that becomes available.
2528
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
2629
{
2730
store.Open(OpenFlags.ReadOnly);
2831

2932
var certificates = store.Certificates.OfType<X509Certificate2>();
3033
var certificate = certificates
31-
.FirstOrDefault(c => HasOid(c, AspNetHttpsOid));
34+
.FirstOrDefault(c => HasOid(c, AspNetHttpsOid) && !IsExpired(c) /*&& HasPrivateKey(c)*/);
3235

3336
if (certificate == null)
3437
{
@@ -46,6 +49,16 @@ private static bool HasOid(X509Certificate2 certificate, string oid) =>
4649
.OfType<X509Extension>()
4750
.Any(e => string.Equals(oid, e.Oid.Value, StringComparison.Ordinal));
4851

52+
private static bool IsExpired(X509Certificate2 certificate)
53+
{
54+
var now = DateTimeOffset.Now;
55+
return now < certificate.NotBefore || now > certificate.NotAfter;
56+
}
57+
58+
private static bool HasPrivateKey(X509Certificate2 certificate)
59+
=> (certificate.GetRSAPrivateKey() is RSACryptoServiceProvider rsaPrivateKey && rsaPrivateKey.CspKeyContainerInfo.Exportable)/* ||
60+
(certificate.GetRSAPrivateKey() is RSACng cngPrivateKey && cngPrivateKey.CspKeyContainerInfo.Exportable)*/;
61+
4962
private static void DisposeCertificates(IEnumerable<X509Certificate2> certificates)
5063
{
5164
foreach (var certificate in certificates)

0 commit comments

Comments
 (0)