Class MtlsCertOwner

Namespace

Kuestenlogik.Bowire.Auth

Assembly

Kuestenlogik.Bowire.dll

Lightweight cert-only owner for transports that don't go through an HttpMessageHandler — primarily System.Net.WebSockets.ClientWebSocket, which exposes its own ClientCertificates + RemoteCertificateValidationCallback on ClientWebSocketOptions. Disposes the loaded X509 resources when the channel goes away.

public sealed class MtlsCertOwner : IDisposable

Inheritance

object

MtlsCertOwner

Implements

IDisposable

Inherited Members

object.GetType()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Properties

CaCert

public X509Certificate2? CaCert { get; }

Property Value

X509Certificate2

ClientCert

public X509Certificate2 ClientCert { get; }

Property Value

X509Certificate2

Validator

public Func<object?, X509Certificate2?, X509Chain?, SslPolicyErrors, bool>? Validator { get; }

Property Value

Func<object, X509Certificate2, X509Chain, SslPolicyErrors, bool>

Methods

Dispose()

public void Dispose()

Load(MtlsConfig, out string?)

Load the configured certs and pre-build the server-validation callback (allow-self-signed → accept-anything; CA pem → CA-pinning validator). Returns null on PEM-parse failure with a clean error.

public static MtlsCertOwner? Load(MtlsConfig config, out string? error)

Parameters

config MtlsConfig

error string

Returns

MtlsCertOwner