Beispiel #1
0
 private void ConnectCallback(IAsyncResult ar)
 {
     try
     {
         this.m_socket.EndConnect(ar);
         if (!this.m_socket.Connected)
         {
             s_log.LogWarning("Failed to connect.");
             this.ExecuteBeginConnectDelegate(true);
         }
         else
         {
             RemoteCertificateValidationCallback userCertificateValidationCallback = new RemoteCertificateValidationCallback(SslSocket.OnValidateServerCertificate);
             this.m_sslStream = new SslStream(new NetworkStream(this.m_socket, true), false, userCertificateValidationCallback);
             SslStreamValidationContext context = new SslStreamValidationContext {
                 m_socket = this
             };
             s_streamValidationContexts.Add(this.m_sslStream, context);
             this.m_sslStream.BeginAuthenticateAsClient(this.m_address, new AsyncCallback(this.OnAuthenticateAsClient), null);
         }
     }
     catch (Exception exception)
     {
         object[] args = new object[] { exception };
         s_log.LogWarning("Exception while trying to authenticate. {0}", args);
         this.ExecuteBeginConnectDelegate(true);
     }
 }
Beispiel #2
0
    private static bool OnValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        SslStream stream = (SslStream)sender;
        SslStreamValidationContext context = s_streamValidationContexts[stream];
        SslSocket     socket = context.m_socket;
        List <string> commonNamesFromCertSubject = GetCommonNamesFromCertSubject(certificate.Subject);
        bool          flag = false;

        if ((socket.m_bundleInfo != null) && socket.m_bundleInfo.isUsingCertBundle)
        {
            byte[] certBundleBytes = socket.m_bundleInfo.certBundleBytes;
            if (socket.m_bundleInfo.isCertBundleSigned)
            {
                if (!VerifyBundleSignature(socket.m_bundleInfo.certBundleBytes))
                {
                    return(false);
                }
                certBundleBytes = GetUnsignedBundleBytes(socket.m_bundleInfo.certBundleBytes);
            }
            byte[] publicKey = certificate.GetPublicKey();
            foreach (string str in commonNamesFromCertSubject)
            {
                if (IsWhitelistedInCertBundle(certBundleBytes, str, publicKey))
                {
                    flag = true;
                    break;
                }
            }
            if (!flag)
            {
                return(false);
            }
        }
        bool flag3 = IsCertSignedByBlizzard(certificate);
        bool flag4 = false;

        flag4 = true;
        bool flag5 = (!flag3 && flag4) && (chain.ChainElements.Count == 1);

        try
        {
            if (sslPolicyErrors != SslPolicyErrors.None)
            {
                SslPolicyErrors errors = (!flag3 && !flag5) ? SslPolicyErrors.None : (SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNotAvailable);
                if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) != SslPolicyErrors.None)
                {
                    string resolvedAddress = socket.m_resolvedAddress;
                    foreach (string str3 in commonNamesFromCertSubject)
                    {
                        if (str3.Equals(resolvedAddress))
                        {
                            errors |= SslPolicyErrors.RemoteCertificateNameMismatch;
                            break;
                        }
                    }
                }
                if ((sslPolicyErrors & ~errors) != SslPolicyErrors.None)
                {
                    object[] args = new object[] { sslPolicyErrors };
                    s_log.LogWarning("Failed policy check. {0}", args);
                    return(false);
                }
            }
            if (chain.ChainElements == null)
            {
                s_log.LogWarning("ChainElements is null");
                return(false);
            }
            X509ChainElementEnumerator enumerator = chain.ChainElements.GetEnumerator();
            while (enumerator.MoveNext())
            {
                X509ChainElement current   = enumerator.Current;
                object[]         objArray2 = new object[] { current.Certificate.Thumbprint };
                s_log.LogDebug("Certificate Thumbprint: {0}", objArray2);
                foreach (X509ChainStatus status in current.ChainElementStatus)
                {
                    object[] objArray3 = new object[] { status.Status };
                    s_log.LogDebug("  Certificate Status: {0}", objArray3);
                }
            }
            bool flag6 = false;
            if (flag3 && (chain.ChainElements.Count == 1))
            {
                chain.ChainPolicy.ExtraStore.Add(s_rootCertificate);
                chain.Build(new X509Certificate2(certificate));
                flag6 = true;
            }
            int num2 = !flag3 ? 3 : 2;
            if (flag4 && !flag6)
            {
                num2 = 1;
            }
            if (chain.ChainElements.Count != num2)
            {
                object[] objArray4 = new object[] { chain.ChainElements.Count };
                s_log.LogWarning("ChainElements.Count is {0}", objArray4);
                return(false);
            }
            for (int i = 0; i < num2; i++)
            {
                if (chain.ChainElements[i] == null)
                {
                    s_log.LogWarning("ChainElements[" + i + "] is null");
                    return(false);
                }
            }
            if (flag3)
            {
                string str4;
                if (ApplicationMgr.GetMobileEnvironment() == MobileEnv.PRODUCTION)
                {
                    str4 = "673D9D1072B625CAD95CB47BF0F0F512233E39FD";
                }
                else
                {
                    str4 = "C0805E3CF51F1A56CE9E6E35CB4F4901B68128B7";
                }
                if (chain.ChainElements[1].Certificate.Thumbprint != str4)
                {
                    s_log.LogWarning("Root certificate thumb print check failure");
                    object[] objArray5 = new object[] { str4 };
                    s_log.LogWarning("  expected: {0}", objArray5);
                    object[] objArray6 = new object[] { chain.ChainElements[1].Certificate.Thumbprint };
                    s_log.LogWarning("  received: {0}", objArray6);
                    return(false);
                }
            }
            for (int j = 0; j < num2; j++)
            {
                if (DateTime.Now > chain.ChainElements[j].Certificate.NotAfter)
                {
                    s_log.LogWarning("ChainElements[" + j + "] certificate is expired.");
                    return(false);
                }
            }
            X509ChainElementEnumerator enumerator4 = chain.ChainElements.GetEnumerator();
            while (enumerator4.MoveNext())
            {
                foreach (X509ChainStatus status2 in enumerator4.Current.ChainElementStatus)
                {
                    if ((!flag3 && !flag6) || (status2.Status != X509ChainStatusFlags.UntrustedRoot))
                    {
                        object[] objArray7 = new object[] { status2.Status };
                        s_log.LogWarning("Found unexpected chain error={0}.", objArray7);
                        return(false);
                    }
                }
            }
        }
        catch (Exception exception)
        {
            object[] objArray8 = new object[] { exception };
            s_log.LogWarning("Exception while trying to validate certificate. {0}", objArray8);
            return(false);
        }
        return(true);
    }