Class PKCertificateAuthentication

Helper class to implement public-key certificate authentication.

Inheritance

Object

PKCertificateAuthentication

Inherited Members

Object.ToString()

Object.Equals(Object)

Object.Equals(Object, Object)

Object.ReferenceEquals(Object, Object)

Object.GetHashCode()

Object.GetType()

Object.MemberwiseClone()

Namespace: Lacuna.Pki

Assembly: Lacuna.Pki.dll

Syntax

public class PKCertificateAuthentication

Constructors

| Improve this Doc View Source

PKCertificateAuthentication(IAsyncNonceStore)

Declaration

public PKCertificateAuthentication(IAsyncNonceStore asyncStore)

Parameters

Type	Name	Description
IAsyncNonceStore	asyncStore

| Improve this Doc View Source

PKCertificateAuthentication(INonceStore)

Declaration

public PKCertificateAuthentication(INonceStore store)

Parameters

Type	Name	Description
INonceStore	store

Fields

| Improve this Doc View Source

DigestAlgorithm

The signature algorithm that the client must use to sign the nonce.

Declaration

public static readonly DigestAlgorithm DigestAlgorithm

Field Value

Type	Description
DigestAlgorithm

Methods

| Improve this Doc View Source

Complete(Byte[], Byte[], Byte[], CertificateValidationOptions, out PKCertificate)

Completes an authentication.

Declaration

public ValidationResults Complete(byte[] nonce, byte[] encodedCertificate, byte[] signature, CertificateValidationOptions certificateValidationOptions, out PKCertificate certificate)

Parameters

Type	Name	Description
Byte[]	nonce	The nonce signed by the client.
Byte[]	encodedCertificate	The client's certificate binary encoding.
Byte[]	signature	The signature of the nonce.
CertificateValidationOptions	certificateValidationOptions	Certificate validation options to use during the client's certificate validation.
PKCertificate	certificate	The client's decoded certificate. If the authentication succeeds, this parameter is garanteed to be assigned to. If it fails, it may or may not be assigned to, depending on the stage on which the authentication failed.

Returns

Type	Description
ValidationResults	Whether the authentication succeeded or not, that is, if the client's certificate can be trusted according to the certificate validation options passed.

| Improve this Doc View Source

Complete(Byte[], Byte[], Byte[], ITrustArbitrator, out PKCertificate)

Completes an authentication.

Declaration

public ValidationResults Complete(byte[] nonce, byte[] encodedCertificate, byte[] signature, ITrustArbitrator trustArbitrator, out PKCertificate certificate)

Parameters

Type	Name	Description
Byte[]	nonce	The nonce signed by the client.
Byte[]	encodedCertificate	The client's certificate binary encoding.
Byte[]	signature	The signature of the nonce.
ITrustArbitrator	trustArbitrator	A trust arbitrator to determine if the certificate can be trusted.
PKCertificate	certificate	The client's decoded certificate. If the authentication succeeds, this parameter is garanteed to be assigned to. If it fails, it may or may not be assigned to, depending on the stage on which the authentication failed.

Returns

Type	Description
ValidationResults	Whether the authentication succeeded or not, that is, if the client's certificate can be trusted according to the trust arbitrator chosen.

| Improve this Doc View Source

CompleteAsync(Byte[], Byte[], Byte[], CertificateValidationOptions, CancellationToken)

Declaration

public Task<PKCertificateAuthenticationResult> CompleteAsync(byte[] nonce, byte[] encodedCertificate, byte[] signature, CertificateValidationOptions certificateValidationOptions, CancellationToken cancellationToken = default(CancellationToken))

Parameters

Type	Name	Description
Byte[]	nonce
Byte[]	encodedCertificate
Byte[]	signature
CertificateValidationOptions	certificateValidationOptions
CancellationToken	cancellationToken

Returns

Type	Description
Task<PKCertificateAuthenticationResult>

| Improve this Doc View Source

CompleteAsync(Byte[], Byte[], Byte[], ITrustArbitrator, CancellationToken)

Declaration

public Task<PKCertificateAuthenticationResult> CompleteAsync(byte[] nonce, byte[] encodedCertificate, byte[] signature, ITrustArbitrator trustArbitrator, CancellationToken cancellationToken = default(CancellationToken))

Parameters

Type	Name	Description
Byte[]	nonce
Byte[]	encodedCertificate
Byte[]	signature
ITrustArbitrator	trustArbitrator
CancellationToken	cancellationToken

Returns

Type	Description
Task<PKCertificateAuthenticationResult>

| Improve this Doc View Source

Start()

Starts an authentication, generating and storing a new cryptographic nonce.

Declaration

public byte[] Start()

Returns

Type	Description
Byte[]	The nonce (16-byte byte array) that the client must digitally sign.

| Improve this Doc View Source

StartAsync(CancellationToken)

Declaration

public Task<byte[]> StartAsync(CancellationToken cancellationToken = default(CancellationToken))

Parameters

Type	Name	Description
CancellationToken	cancellationToken

Returns

Type	Description
Task<Byte[]>