Home > Uncategorized > Implementing #EV #X509 parsing in C# (.NET Core)

Implementing #EV #X509 parsing in C# (.NET Core)

Security certificates can be DV (Domain Validation), OV (Organisation Validation) or EV (Enhanced Validation).

DV will prove that the domain you are visiting is what it says it is, but says nothing about the organisation that runs the domain. It’s perfectly possible for a hacker legally purchase the domain “Micr0s0ft.com” (note the zero), and get a DV SSL cert for it. The DV is not saying that the hacker has any relation to the company “Microsoft Inc”, it’s just saying that the domain has been externally validated to respond to a basic ownership challenge.

OV and EV go a step further, and the certificate issuer will take extra manual steps to verify, that the domain is owned by a given company, and/or at a particular address.

This level of EV validation is then stored in the Subject line of the Certificate, and can be read by all visitors of the site. Browsers will typically highlight the extra level of trust and verification with a green tick in the address bar.

Reading and parsing the subject line can be done with some C# code shown at this repo; https://github.com/infiniteloopltd/EvCertParser

The code to get the cert is as follows;

public async Task<EvCertificate> Request(string url)
{
	EvCertificate certificate = null;
	var handler = new HttpClientHandler
	{
		UseDefaultCredentials = true,
		ServerCertificateCustomValidationCallback = (sender, cert, chain, error) =>
		{
			var export = cert.Export(X509ContentType.SerializedCert);
			certificate = new EvCertificate(export);
			return error == SslPolicyErrors.None;
		}
	};
	using var client = new HttpClient(handler);
	using var response = await client.GetAsync(url);
	return certificate;
}

Which can evidently throw errors if the URL is invalid, doesn’t have a cert, or an invalid cert.

Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: