ComponentPro UltimateFtp

      Verify server's certificate

      Language Filter: AllSend comments on this topic to ComponentPro

      By default Ftp validates certificate received from the server automatically. However, you can extend the process for a specific purpose like asking the user whether to accept or reject the server's certificate. You can easily customize the validation process by handling the CertificateReceived event of the Ftp class. The example following will show you how to do that:

      using System;
      using System.Security.Cryptography.X509Certificates;
      using System.Text;
      using ComponentPro.Net;
      using ComponentPro.Security.Certificates;
      
      ...
      
      static void Main()
      {
          // Create a new class instance. 
          Ftp client = new Ftp();
      
          client.CertificateReceived += client_CertificateReceived;
      
          // Connect to the FTP server. 
          client.Connect("myserver", 21, SslSecurityMode.Explicit);
      
          // Authenticate. 
          client.Authenticate("userName", "password");
      
          // Do something here... 
          client.DownloadFile("/my remote file.dat", "my local file");
      
          // Disconnect. 
          client.Disconnect();
      }
      
      /// <summary> 
      /// Returns all issues of the given certificate. 
      /// </summary> 
      /// <param name="status">The certificate verification result.</param> 
      /// <param name="code">The error code.</param> 
      /// <returns>Certificate problems.</returns> 
      private static string GetCertProblem(CertificateVerificationStatus status, int code)
      {
          switch (status)
          {
              case CertificateVerificationStatus.TimeNotValid:
                  return "Server's certificate has expired or is not valid yet.";
      
              case CertificateVerificationStatus.Revoked:
                  return "Server's certificate has been revoked.";
      
              case CertificateVerificationStatus.UnknownCa:
                  return "Server's certificate was issued by an unknown authority.";
      
              case CertificateVerificationStatus.UntrustedRoot:
                  return "Server's certificate was issued by an untrusted authority.";
      
              case CertificateVerificationStatus.IncompleteChain:
                  return "Server's certificate does not chain up to a trusted root authority.";
      
              case CertificateVerificationStatus.Malformed:
                  return "Server's certificate is malformed.";
      
              case CertificateVerificationStatus.CnNotMatch:
                  return "Server hostname does not match the certificate.";
      
              case CertificateVerificationStatus.UnknownError:
                  return string.Format("Error {0:x} encountered while validating server's certificate.", code);
      
              default:
                  return status.ToString();
          }
      }
      
      static void client_CertificateReceived(object sender, ComponentPro.Security.CertificateReceivedEventArgs e)
      {
          X509Certificate2 cert = e.ServerCertificates[0];
      
          CertificateVerificationStatus status = e.Status;
      
          CertificateVerificationStatus[] values = (CertificateVerificationStatus[])Enum.GetValues(typeof(CertificateVerificationStatus));
      
          StringBuilder sbIssues = new StringBuilder();
          for (int i = 0; i < values.Length; i++)
          {
              // Matches the validation status? 
              if ((status & values[i]) == 0)
                  continue;
      
              // The issue is processed. 
              status ^= values[i];
      
              sbIssues.AppendFormat("{0}\r\n", GetCertProblem(values[i], e.ErrorCode));
          }
      
          Console.WriteLine("Issue: " + sbIssues.ToString());
      
          Console.WriteLine("Subject: " + cert.SubjectName.Name);
          Console.WriteLine("Issuer: " + cert.IssuerName.Name);
          Console.WriteLine("Effective Date: " + cert.NotBefore);
          Console.WriteLine("Expiry Date: " + cert.NotAfter);
          Console.ResetColor();
          Console.Write("Do you want to accept this certificate (Add to trusted list, Yes, No) [a,y,n]?");
      
          string response = Console.ReadLine().Trim().ToLower();
      
          // Add certiticate of the issuer CA to the trusted list. 
          if (response == "a")
          {
              e.AddToTrustedRoot = true;
          }
          else if (response == "y")
          {
              e.Accept = true;
          }
      }