Class PKCertificateAuthentication
Helper class to implement public-key certificate authentication.
Inherited Members
Namespace: Lacuna.Pki
Assembly: Lacuna.Pki.dll
Syntax
public class PKCertificateAuthenticationConstructors
PKCertificateAuthentication(INonceStore)
Declaration
public PKCertificateAuthentication(INonceStore store)Parameters
| Type | Name | Description |
|---|---|---|
| INonceStore | store |
Fields
DigestAlgorithm
The signature algorithm that the client must use to sign the nonce.
Declaration
public static readonly DigestAlgorithm DigestAlgorithmField Value
| Type | Description |
|---|---|
| DigestAlgorithm |
Methods
Complete(Byte[], Byte[], Byte[], CertificateValidationOptions, out PKCertificate)
Completes an authentication.
Declaration
public ValidationResults Complete(byte[] nonce, byte[] encodedCertificate, byte[] signature, CertificateValidationOptions certificateValidationOptions, out PKCertificate certificate)Parameters
| Type | Name | Description |
|---|---|---|
| Byte[] | nonce | The nonce signed by the client. |
| Byte[] | encodedCertificate | The client's certificate binary encoding. |
| Byte[] | signature | The signature of the nonce. |
| CertificateValidationOptions | certificateValidationOptions | Certificate validation options to use during the client's certificate validation. |
| PKCertificate | certificate | The client's decoded certificate. If the authentication succeeds, this parameter is garanteed to be assigned to. If it fails, it may or may not be assigned to, depending on the stage on which the authentication failed. |
Returns
| Type | Description |
|---|---|
| ValidationResults | Whether the authentication succeeded or not, that is, if the client's certificate can be trusted according to the certificate validation options passed. |
Complete(Byte[], Byte[], Byte[], ITrustArbitrator, out PKCertificate)
Completes an authentication.
Declaration
public ValidationResults Complete(byte[] nonce, byte[] encodedCertificate, byte[] signature, ITrustArbitrator trustArbitrator, out PKCertificate certificate)Parameters
| Type | Name | Description |
|---|---|---|
| Byte[] | nonce | The nonce signed by the client. |
| Byte[] | encodedCertificate | The client's certificate binary encoding. |
| Byte[] | signature | The signature of the nonce. |
| ITrustArbitrator | trustArbitrator | A trust arbitrator to determine if the certificate can be trusted. |
| PKCertificate | certificate | The client's decoded certificate. If the authentication succeeds, this parameter is garanteed to be assigned to. If it fails, it may or may not be assigned to, depending on the stage on which the authentication failed. |
Returns
| Type | Description |
|---|---|
| ValidationResults | Whether the authentication succeeded or not, that is, if the client's certificate can be trusted according to the trust arbitrator chosen. |
Start()
Starts an authentication, generating and storing a new cryptographic nonce.
Declaration
public byte[] Start()Returns
| Type | Description |
|---|---|
| Byte[] | The nonce (16-byte byte array) that the client must digitally sign. |