Description
The dialog shown in the following screenshot is an example for displaying an untrusted server certificate. It can be accepted temporarily or permanently. Press the button “Show Code” to display the corresponding code, and the button “Help” for further information.
This dialog is used in the .NET based OPC UA Demo Server included in the SDK. It shows up when connecting to the server on a secure endpoint with a client (e.g UaExpert) whose certificate is not on the server’s trust list.
To trust the certificate only for the current session, click on the “Trust” button. To accept the certificate permanently, check the box next to “Save Certificate in TrustList”. When clicking the button “Reject”, the certificate is rejected and the client is not able to connect to the server. If the certificate is neither accepted nor trusted after a specified amount of time (indicated by a countdown next to the “Reject” button), it is rejected automatically.
Sample Code
private void Application_UntrustedCertificate(object sender, UntrustedCertificateEventArgs e)
{
try
{
TrustCertificateDialogSettings settings = new TrustCertificateDialogSettings()
{
Application = e.Application,
UntrustedCertificate = e.Certificate,
Issuers = e.Issuers,
ValidationError = e.ValidationError,
SaveToTrustList = false
};
e.Accept = TrustCertificateDialog.ShowDialog(this, settings, 10000);
if (settings.SaveToTrustList)
{
e.Persist = true;
}
}
catch (Exception exception)
{
ExceptionDlg.Show(this.Text, exception);
}
}
public static bool ShowDialog(Form owner, TrustCertificateDialogSettings settings, int timeout)
{
if (owner.InvokeRequired)
{
ManualResetEvent e = new ManualResetEvent(false);
bool? result = owner.Invoke(new ShowDialogEventHandler(ShowDialog), owner, settings, e) as bool?;
if (!e.WaitOne(timeout))
{
return false;
}
return (result != null) ? result.Value : false;
}
return ShowDialog(null, settings, timeout, null);
}
public bool ShowDialog(IWin32Window owner, TrustCertificateDialogSettings settings, int timeout)
{
if (settings == null)
{
throw new ArgumentNullException("settings");
}
m_settings = settings;
m_parent = owner as MainForm;
if (timeout != 0)
{
m_counter = timeout / 1000 + 1;
TimeoutTimer.Enabled = true;
}
InstructionsGB.Visible = false;
WarningLabel.Visible = false;
if (m_parent != null)
{
InstructionsLB.Text = m_parent.GetInstructions(GetType());
InstructionsGB.Visible = true;
}
if (settings.ValidationError.IsBad())
{
WarningLabel.Text = "This certificate is not trusted ({0}).\r\nPlease review and decide if you would like to trust it.";
WarningLabel.Text =
String.Format(WarningLabel.Text, settings.ValidationError);
}
WarningLabel.Visible = settings.ValidationError.IsBad();
ICertificate certificate = settings.UntrustedCertificate;
if (certificate != null)
{
}
if (base.ShowDialog(owner) != DialogResult.OK)
{
return false;
}
return true;
}
private static bool ShowDialog(IWin32Window owner, TrustCertificateDialogSettings settings, int timeout, ManualResetEvent e)
{
TrustCertificateDialog dialog = new TrustCertificateDialog();
dialog.StartPosition = FormStartPosition.CenterParent;
bool result = dialog.ShowDialog(owner, settings, timeout);
if (e != null)
{
e.Set();
if (!dialog.IsDisposed)
{
dialog.Close();
}
}
return result;
}
private void Update(ICertificate certificate)
{
SubjectNameTextBox.Text = certificate.SubjectName;
IssuerNameTextBox.Text = certificate.IssuerName;
ApplicationNameTextBox.Text = null;
OrganizationNameTextBox.Text = null;
OrganizationUnitTextBox.Text = null;
if (certificate.IsCertificateAuthority)
{
ApplicationNameLabel.Text = "Authority Name";
}
else
{
ApplicationNameLabel.Text = "Application Name";
}
List<string> fields = SecurityUtils.ParseDistinguishedName(certificate.SubjectName);
foreach (string field in fields)
{
if (field.StartsWith("CN=", StringComparison.OrdinalIgnoreCase))
{
ApplicationNameTextBox.Text = field.Substring(3);
}
else if (field.StartsWith("O=", StringComparison.OrdinalIgnoreCase))
{
OrganizationNameTextBox.Text = field.Substring(2);
}
else if (field.StartsWith("OU=", StringComparison.OrdinalIgnoreCase))
{
OrganizationUnitTextBox.Text = field.Substring(3);
}
}
OrganizationNameTextBox.Visible = !
String.IsNullOrEmpty(OrganizationNameTextBox.Text);
OrganizationNameLabel.Visible = !
String.IsNullOrEmpty(OrganizationNameTextBox.Text);
OrganizationUnitTextBox.Visible = !
String.IsNullOrEmpty(OrganizationUnitTextBox.Text);
OrganizationUnitLabel.Visible = !
String.IsNullOrEmpty(OrganizationUnitTextBox.Text);
ApplicationUriTextBox.Text = SecurityUtils.GetApplicationUriFromCertficate(certificate.InternalCertificate);
if (!certificate.IsCertificateAuthority)
{
IList<string> domains = SecurityUtils.GetDomainsFromCertficate(certificate.InternalCertificate);
foreach (string domain in domains)
{
if (!
String.IsNullOrEmpty(DomainNamesTextBox.Text))
{
DomainNamesTextBox.Text += ", ";
}
DomainNamesTextBox.Text += domain;
}
}
ValidFromTextBox.Text = certificate.ValidFrom.ToString("yyyy-MM-dd");
ValidToTextBox.Text = certificate.ValidTo.ToString("yyyy-MM-dd");
ThumbprintTextBox.Text = certificate.Thumbprint;
KeySizeTextBox.Text += "RSA ";
KeySizeTextBox.Text += certificate.InternalCertificate.PublicKey.Key.KeySize.ToString();
}
private void OkButton_Click(object sender, EventArgs e)
{
try
{
m_settings.SaveToTrustList = PermanentCheckBox.Checked;
DialogResult = DialogResult.OK;
}
catch (Exception exception)
{
ExceptionDlg.Show(this.Text, exception);
}
}
private void ShowHelpBTN_Click(object sender, EventArgs e)
{
try
{
m_parent.ShowHelp(this.GetType());
}
catch (Exception exception)
{
ExceptionDlg.Show(this.Text, exception);
}
}
private void ShowCodeBTN_Click(object sender, EventArgs e)
{
try
{
m_parent.ShowCode(this.GetType());
}
catch (Exception exception)
{
ExceptionDlg.Show(this.Text, exception);
}
}
private void TimeoutTimer_Tick(object sender, EventArgs e)
{
if (m_counter == 0)
{
DialogResult = DialogResult.Cancel;
return;
}
CountdownLabel.Text =
String.Format(
"Reject in {0}s", m_counter--);
}
