Entropy/SslScripts/VerifySSLCertFromServer.ps1 at e1f5fa0993104d71217ad1e110a44f36fe5ddcbd · NuGet/Entropy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<#
    .SYNOPSIS
    This script is used to verify the SSL certificate from the server
#>

$TestMaxRounds = 1000
$SleepDurationInSeconds = 6

$resultPath = ".\result.csv"

$Domain = "api.nuget.org"
$CertSubjectName = "CN=*.nuget.org"
$URLs = @("https://$Domain/v3-registration5-gz-semver2/newtonsoft.json/index.json",
          "https://$Domain/v3-flatcontainer/newtonsoft.json/index.json",
          "https://$Domain/v3/index.json")

$TestRound = 1
$SuccessedTimes = 0
$FailedTimes = 0
while ($TestRound -le $TestMaxRounds)
{
    Write-Host "Round: ", $TestRound

    $URL = $URLs | Get-Random
    $request = [Net.WebRequest]::Create($URL)

    $servicePoint = $request.ServicePoint
    # Set "MaxIdleTime" as 0 to ensure that the certificate is refreshed from the server again each round
    $servicePoint.MaxIdleTime = 0
    Write-Host "ServicePointHash: ", $servicePoint.GetHashCode()

    try {
        $request.GetResponse().Dispose()
    } catch
    {

    }

    $certificate = $request.ServicePoint.Certificate
    if ($null -ne $certificate)
    {
        $subjectName = $certificate.Subject.Split(",")[0]

        if ($subjectName -eq $CertSubjectName)
        {
            $SuccessedTimes = $SuccessedTimes + 1
        }
        else
        {
            $FailedTimes = $FailedTimes + 1

            $dnsRecord = (Resolve-DnsName $Domain | where-Object { $_.QueryType -eq "A" })[0]

            $date = (Get-Date).ToUniversalTime()
            Write-Host $TestRound, $date, $subjectName, $dnsRecord.Name, $dnsRecord.IP4Address, $URL -ForegroundColor red

            $log = @(
                [pscustomobject]@{
                    TestRound = $TestRound
                    Date_UTC = $date
                    ReturnedCertSubjectName = $subjectName
                    DNSRecord = $dnsRecord.Name
                    IP4Address = $dnsRecord.IP4Address
                    TestURL = $URL
                }
            )

            $log | Export-Csv -Path $resultPath -Append -NoTypeInformation
        }
    }

    $TestRound = $TestRound + 1
    Start-Sleep -Seconds $SleepDurationInSeconds
}

Write-Host "Succeeded: ", $SuccessedTimes
Write-Host "Failed: ", $FailedTimes