Last active
July 25, 2023 06:47
-
-
Save VulBusters/4ea8c3c7f56077ded94d027aca0bfff9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class CertPinning | |
{ | |
public static bool CertCheck(object sender, X509Certificate certificate, | |
X509Chain chain, SslPolicyErrors sslPolicyErrors) | |
{ | |
String certSha256FingerprintHex = "xxxxxxxxxxxxxxxxxx"; | |
if (certificate == null){ | |
return false; | |
} | |
var request = sender as HttpWebRequest; | |
if (request == null){ | |
return false; | |
} | |
// if the request is for the target domain, perform certificate pinning | |
if (Const.WhiteListDomainNames.Contains(request.Address.Authority)) | |
{ | |
String sha256FingerprintHex; | |
using (SHA256 sha256 = SHA256.Create()) | |
{ | |
byte[] bytes = sha256.ComputeHash(certificate.GetPublicKey()); | |
sha256FingerprintHex = Conversion.HexToString(bytes); | |
} | |
return certSha256FingerprintHex.Equals(sha256FingerprintHex); | |
} | |
// Check whether there were any policy errors for any other domain | |
return sslPolicyErrors == SslPolicyErrors.None; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment