/// <inheritdoc/>
public override async Task <Stream> GetStreamAsync(string requestUri)
{
var filter = new HttpBaseProtocolFilter();
filter.CacheControl.ReadBehavior = HttpCacheReadBehavior.NoCache;
using var httpClient = new Windows.Web.Http.HttpClient(filter);
var response = await httpClient.GetAsync(new Uri(requestUri));
var transportInformation = response.RequestMessage.TransportInformation;
if (transportInformation.ServerCertificateErrorSeverity == SocketSslErrorSeverity.Fatal)
{
throw new SecurityException();
}
var rootCertificate = transportInformation.ServerIntermediateCertificates.LastOrDefault()?.GetCertificateBlob().ToArray();
if (rootCertificate == null || !RootCertificates.Any(c => c.RawData != rootCertificate))
{
throw new SecurityException();
}
return((await response.Content.ReadAsInputStreamAsync()).AsStreamForRead());
}
private bool ValidateCertificate(HttpRequestMessage request, X509Certificate2 certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if ((sslPolicyErrors & SslPolicyErrors.None) > 0)
{
return(true);
}
if ((sslPolicyErrors & (SslPolicyErrors.RemoteCertificateNameMismatch | SslPolicyErrors.RemoteCertificateNotAvailable)) > 0)
{
return(false);
}
foreach (var rootCertificate in RootCertificates)
{
chain.ChainPolicy.ExtraStore.Add(rootCertificate);
}
chain.ChainPolicy.VerificationFlags |= X509VerificationFlags.AllowUnknownCertificateAuthority;
if (chain.Build(certificate))
{
var chainRoot = chain.ChainElements.Cast <X509ChainElement>().Last().Certificate;
return(RootCertificates.Any(c => c.RawData.SequenceEqual(chainRoot.RawData)));
}
return(false);
}
