Commit c1673fa3 authored by Marvin S. Addison's avatar Marvin S. Addison
Browse files

Provide custom hostname verification strategy that is suitable for ED in

a separate EdCommon library that could be used by other parties at VT.
Demonstate usage in EdIdTest console program.


git-svn-id: https://svn.middleware.vt.edu/svn/ed/edsamples@10056 fa4a4108-76f2-0310-9f0d-ba9fffaf4ff6
parent 21fa225d
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="3.5" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProductVersion>9.0.30729</ProductVersion>
<SchemaVersion>2.0</SchemaVersion>
<ProjectGuid>{88836A16-D3D0-4453-95C8-4ACC8DA91D18}</ProjectGuid>
<OutputType>Library</OutputType>
<AppDesignerFolder>Properties</AppDesignerFolder>
<RootNamespace>EdCommon</RootNamespace>
<AssemblyName>EdCommon</AssemblyName>
<TargetFrameworkVersion>v3.5</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Core">
<RequiredTargetFramework>3.5</RequiredTargetFramework>
</Reference>
<Reference Include="System.DirectoryServices.Protocols" />
<Reference Include="System.Xml.Linq">
<RequiredTargetFramework>3.5</RequiredTargetFramework>
</Reference>
<Reference Include="System.Data.DataSetExtensions">
<RequiredTargetFramework>3.5</RequiredTargetFramework>
</Reference>
<Reference Include="System.Data" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="EdHostnameVerifier.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<!-- To modify your build process, add your task inside one of the targets below and uncomment it.
Other similar extension points exist, see Microsoft.Common.targets.
<Target Name="BeforeBuild">
</Target>
<Target Name="AfterBuild">
</Target>
-->
</Project>
\ No newline at end of file
using System;
using System.Diagnostics;
using System.DirectoryServices.Protocols;
using System.Security.Cryptography.X509Certificates;
namespace EdCommon
{
public class EdHostnameVerifier
{
public const string SUBJECT_ALT_NAME_OID = "2.5.29.17";
public EdHostnameVerifier(string hostName)
{
if (hostName == null)
{
throw new ArgumentNullException("hostName");
}
HostName = hostName;
}
public string HostName
{
get;
protected set;
}
public bool VerifyCertificate(LdapConnection connection, X509Certificate certificate)
{
Trace.WriteLine("Verifying certificate for host " + connection.SessionOptions.HostName);
X509Certificate2 extendedCert = new X509Certificate2(certificate);
X509Extension subjectAltNames = extendedCert.Extensions[SUBJECT_ALT_NAME_OID];
if (subjectAltNames != null)
{
foreach (string altName in subjectAltNames.Format(true).Split('\n'))
{
Trace.WriteLine("Evaluating alt name " + altName);
if (altName.Trim().EndsWith(HostName))
{
return true;
}
}
}
return false;
}
}
}
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("EdCommon")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("EdCommon")]
[assembly: AssemblyCopyright("Copyright © 2010")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
// Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]
// The following GUID is for the ID of the typelib if this project is exposed to COM
[assembly: Guid("e82cc41f-6c37-4557-9334-becdb11a74f6")]
// Version information for an assembly consists of the following four values:
//
// Major Version
// Minor Version
// Build Number
// Revision
//
// You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]
...@@ -49,6 +49,12 @@ ...@@ -49,6 +49,12 @@
<Compile Include="Program.cs" /> <Compile Include="Program.cs" />
<Compile Include="Properties\AssemblyInfo.cs" /> <Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup> </ItemGroup>
<ItemGroup>
<ProjectReference Include="..\EdCommon\EdCommon.csproj">
<Project>{88836A16-D3D0-4453-95C8-4ACC8DA91D18}</Project>
<Name>EdCommon</Name>
</ProjectReference>
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" /> <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<!-- To modify your build process, add your task inside one of the targets below and uncomment it. <!-- To modify your build process, add your task inside one of the targets below and uncomment it.
Other similar extension points exist, see Microsoft.Common.targets. Other similar extension points exist, see Microsoft.Common.targets.
......
...@@ -2,11 +2,13 @@ ...@@ -2,11 +2,13 @@
using System.Security.Cryptography.X509Certificates; using System.Security.Cryptography.X509Certificates;
using System.DirectoryServices.Protocols; using System.DirectoryServices.Protocols;
using EdCommon;
namespace EdIdTest namespace EdIdTest
{ {
class Program class Program
{ {
const string LDAP_HOST = "ed.middleware.vt.edu"; const string LDAP_HOST = "id.directory.vt.edu";
const int LDAP_PORT = 636; const int LDAP_PORT = 636;
const string LDAP_BASE = "ou=people,dc=vt,dc=edu"; const string LDAP_BASE = "ou=people,dc=vt,dc=edu";
...@@ -34,6 +36,8 @@ namespace EdIdTest ...@@ -34,6 +36,8 @@ namespace EdIdTest
// VT Enterprise Directory requires LDAPv3 // VT Enterprise Directory requires LDAPv3
conn.SessionOptions.ProtocolVersion = 3; conn.SessionOptions.ProtocolVersion = 3;
conn.SessionOptions.SecureSocketLayer = true; conn.SessionOptions.SecureSocketLayer = true;
conn.SessionOptions.VerifyServerCertificate += new VerifyServerCertificateCallback(
new EdHostnameVerifier(LDAP_HOST).VerifyCertificate);
// Look up client cert in Local Machine store by subject CN // Look up client cert in Local Machine store by subject CN
conn.SessionOptions.QueryClientCertificate = conn.SessionOptions.QueryClientCertificate =
......
...@@ -3,6 +3,8 @@ Microsoft Visual Studio Solution File, Format Version 10.00 ...@@ -3,6 +3,8 @@ Microsoft Visual Studio Solution File, Format Version 10.00
# Visual Studio 2008 # Visual Studio 2008
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EdIdTest", "EdIdTest\EdIdTest.csproj", "{2899C510-962B-47C3-B972-F9FB7871FE27}" Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EdIdTest", "EdIdTest\EdIdTest.csproj", "{2899C510-962B-47C3-B972-F9FB7871FE27}"
EndProject EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EdCommon", "EdCommon\EdCommon.csproj", "{88836A16-D3D0-4453-95C8-4ACC8DA91D18}"
EndProject
Global Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU Debug|Any CPU = Debug|Any CPU
...@@ -13,6 +15,10 @@ Global ...@@ -13,6 +15,10 @@ Global
{2899C510-962B-47C3-B972-F9FB7871FE27}.Debug|Any CPU.Build.0 = Debug|Any CPU {2899C510-962B-47C3-B972-F9FB7871FE27}.Debug|Any CPU.Build.0 = Debug|Any CPU
{2899C510-962B-47C3-B972-F9FB7871FE27}.Release|Any CPU.ActiveCfg = Release|Any CPU {2899C510-962B-47C3-B972-F9FB7871FE27}.Release|Any CPU.ActiveCfg = Release|Any CPU
{2899C510-962B-47C3-B972-F9FB7871FE27}.Release|Any CPU.Build.0 = Release|Any CPU {2899C510-962B-47C3-B972-F9FB7871FE27}.Release|Any CPU.Build.0 = Release|Any CPU
{88836A16-D3D0-4453-95C8-4ACC8DA91D18}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{88836A16-D3D0-4453-95C8-4ACC8DA91D18}.Debug|Any CPU.Build.0 = Debug|Any CPU
{88836A16-D3D0-4453-95C8-4ACC8DA91D18}.Release|Any CPU.ActiveCfg = Release|Any CPU
{88836A16-D3D0-4453-95C8-4ACC8DA91D18}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection EndGlobalSection
GlobalSection(SolutionProperties) = preSolution GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE HideSolutionNode = FALSE
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment