Domain Detective

API Reference

Class

CtCertificateRecord

Namespace DomainDetective
Assembly DomainDetective
Modifiers sealed

Represents a normalized certificate transparency certificate record.

Inheritance

  • Object
  • CtCertificateRecord

Usage

This type appears in these public API surfaces even when no hand-authored example is attached directly to the page.

Constructors

Methods

public CtCertificateRecord EnsureFullDetails() #
Returns: CtCertificateRecord

Hydrates a names-only record into a full certificate record.

public static CtCertificateRecord FromDer(String providerId, Byte[] certificateDer, String providerCertificateId = null, Nullable<DateTimeOffset> entryTimestampUtc = null, String tbsSha256 = null, Nullable<Boolean> isPrecertificate = null, CtCertificateRecordDetailLevel detailLevel = Full) #
Returns: CtCertificateRecord

Creates a CT certificate record from DER-encoded certificate bytes.

Parameters

providerId System.String requiredposition: 0
Provider that supplied the certificate.
certificateDer System.Byte[] requiredposition: 1
DER-encoded certificate bytes.
providerCertificateId System.String = null optionalposition: 2
Optional provider-specific certificate identifier.
entryTimestampUtc System.Nullable{System.DateTimeOffset} = null optionalposition: 3
Optional CT entry timestamp.
tbsSha256 System.String = null optionalposition: 4
Optional provider-supplied TBS certificate SHA-256 value.
isPrecertificate System.Nullable{System.Boolean} = null optionalposition: 5
True when the provider reports a precertificate.
detailLevel DomainDetective.CtCertificateRecordDetailLevel = Full optionalposition: 6
How much certificate metadata to decode.

Properties

public String ProviderId { get; set; } #

Provider that returned the record.

public String ProviderCertificateId { get; set; } #

Provider-specific certificate or issuance identifier.

public CtCertificateRecordDetailLevel DetailLevel { get; set; } #

Detail level currently populated on the record.

public Nullable<DateTimeOffset> EntryTimestampUtc { get; set; } #

CT entry timestamp, when supplied by the provider.

public String Sha256Fingerprint { get; set; } #

SHA-256 fingerprint of the DER certificate or precertificate.

public String Sha1Fingerprint { get; set; } #

SHA-1 fingerprint of the DER certificate or precertificate.

public String TbsSha256 { get; set; } #

TBS certificate SHA-256 value when supplied by the provider.

public String Subject { get; set; } #

Subject distinguished name.

public String Issuer { get; set; } #

Issuer distinguished name or provider-normalized issuer name.

public String SerialNumber { get; set; } #

Certificate serial number.

public Nullable<DateTimeOffset> NotBeforeUtc { get; set; } #

Certificate not-before timestamp.

public Nullable<DateTimeOffset> NotAfterUtc { get; set; } #

Certificate not-after timestamp.

public IReadOnlyList<String> DnsNames { get; set; } #

Subject alternative DNS names and common name candidates observed on the certificate, sorted case-insensitively.

public Nullable<Boolean> IsSelfSigned { get; set; } #

True when the certificate subject and issuer match.

public Nullable<Boolean> WeakKey { get; set; } #

True when the public key is considered weak for modern TLS use.

public Nullable<Boolean> Sha1Signature { get; set; } #

True when the certificate signature algorithm uses SHA-1.

public Nullable<Boolean> AllowsServerAuthentication { get; set; } #

True when the certificate can be used for TLS server authentication.

public Nullable<Boolean> AllowsClientAuthentication { get; set; } #

True when the certificate can be used for TLS client authentication.

public Nullable<Boolean> AllowsSecureEmail { get; set; } #

True when the certificate can be used for secure email.

public String AuthenticationProfile { get; set; } #

Normalized authentication profile derived from Extended Key Usage.

public Byte[] CertificateDer { get; set; } #

DER-encoded X.509 certificate or precertificate bytes.

public String CertificatePem { get; set; } #

PEM-encoded certificate text, when supplied or derived by a provider.

public Nullable<Boolean> IsPrecertificate { get; set; } #

True when the record is known to represent a precertificate.

public IReadOnlyList<String> Diagnostics { get; set; } #

Non-fatal provider diagnostics captured while normalizing the CT certificate record.

public Boolean HasFullCertificate { get; } #

True when the record contains full certificate material.

{{ include "footer" }}