未经授权检查SSL证书到期日期

ngynwnxp  于 2023-04-06  发布在  其他
关注(0)|答案(3)|浏览(123)

到目前为止,我能够获得SSL证书的网页的到期日期,在那里我不必使用用户名和密码进行授权:

class Program
{
  static void ReadExpirDate()
  {
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com");
    HttpWebResponse response = (HttpWebResponse)request.GetResponse();
    response.Close();

    X509Certificate cert = request.ServicePoint.Certificate;
    X509Certificate2 cert2 = new X509Certificate2(cert);

    string cedate = cert2.GetExpirationDateString();
    Console.WriteLine(cedate);
  }
}

但是,如果我试图获取一个网页的到期日期,我需要用用户名和密码授权才能访问它,我得到一个System.Net.WebException“error:(401)Unauthorized”异常。有没有可能的方法来获取SSL证书的到期日期?

yqlxgs2m

yqlxgs2m1#

这一行:

HttpWebResponse response = (HttpWebResponse)request.GetResponse();

实际上是在调用指定的未经授权的URL,这就是抛出异常的地方,如果你这样做,那么你可以使用返回的request中的Certificate属性,尽管Exception

HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com");
X509Certificate cert2 = null;
HttpWebResponse response =null;

try {
    response = (HttpWebResponse)request.GetResponse();
    X509Certificate cert = request.ServicePoint.Certificate;
    cert2 = new X509Certificate2(cert);
} catch {
    X509Certificate cert = request.ServicePoint.Certificate;
    cert2 = new X509Certificate2(cert);
} finally {
    response.Close();
}

if (cert2 != null) {
    string cedate = cert2.GetExpirationDateString();
    Console.WriteLine(cedate);
}

这段代码可能会受到一些更好的异常处理和重构的影响,但它应该可以工作。

6ju8rftf

6ju8rftf2#

使用ServerCertificateValidationCallback在授权前获取证书

var request = (HttpWebRequest)WebRequest.Create(GetOptionValue("url"));

request.ServerCertificateValidationCallback += delegate
    (object sender, System.Security.Cryptography.X509Certificates.X509Certificate? certificate,
     System.Security.Cryptography.X509Certificates.X509Chain? chain,
     System.Net.Security.SslPolicyErrors sslPolicyErrors)
    {
         string expirationDate = certificate.GetExpirationDateString();
         return true;
    }
ssgvzors

ssgvzors3#

HttpWebRequest现在已经过时了。我最终使用了以下代码:

// Create an HttpClientHandler object and set to use default credentials
using var handler = new HttpClientHandler();

// Set custom server validation callback
handler.ServerCertificateCustomValidationCallback = (requestMessage, certificate, x509Chain, SslPolicyErrors) =>
{
    // It is possible inpect the certificate provided by server
    Console.WriteLine($"Requested URI: {requestMessage.RequestUri}");

    if (certificate is null)
        return false;

    Console.WriteLine($"Effective date: {certificate.GetEffectiveDateString()}");
    Console.WriteLine($"Exp date: {certificate.GetExpirationDateString()}");
    Console.WriteLine($"Issuer: {certificate.Issuer}");
    Console.WriteLine($"Subject: {certificate.Subject}");

    return true;
};

// Create an HttpClient object
using var client = new HttpClient(handler);

using HttpResponseMessage response = await client.GetAsync("https://stackoverflow.com/");

// wait for callback
await Task.Delay(10000);

相关问题