bool CreateStream(HttpWebRequest request)
{
try
{
NetworkStream serverStream = new NetworkStream(socket, false);
if (request.Address.Scheme == Uri.UriSchemeHttps)
{
ssl = true;
EnsureSSLStreamAvailable();
if (!reused || nstream == null || nstream.GetType() != sslStream)
{
byte [] buffer = null;
if (sPoint.UseConnect)
{
bool ok = CreateTunnel(request, serverStream, out buffer);
if (!ok)
{
return(false);
}
}
object[] args = new object [4] {
serverStream,
request.ClientCertificates,
request, buffer
};
nstream = (Stream)Activator.CreateInstance(sslStream, args);
#if SECURITY_DEP
SslClientStream scs = (SslClientStream)nstream;
var helper = new ServicePointManager.ChainValidationHelper(request);
scs.ServerCertValidation2 += new CertificateValidationCallback2(helper.ValidateChain);
#endif
certsAvailable = false;
}
// we also need to set ServicePoint.Certificate
// and ServicePoint.ClientCertificate but this can
// only be done later (after handshake - which is
// done only after a read operation).
}
else
{
ssl = false;
nstream = serverStream;
}
}
catch (Exception)
{
if (!request.Aborted)
{
status = WebExceptionStatus.ConnectFailure;
}
return(false);
}
return(true);
}
private bool CreateStream(HttpWebRequest request)
{
try
{
NetworkStream networkStream = new NetworkStream(socket, owns_socket: false);
if (request.Address.Scheme == Uri.UriSchemeHttps)
{
ssl = true;
EnsureSSLStreamAvailable();
if (!reused || nstream == null || nstream.GetType() != sslStream)
{
byte[] array = null;
if (sPoint.UseConnect && !CreateTunnel(request, networkStream, out array))
{
return(false);
}
object[] args = new object[4]
{
networkStream,
request.ClientCertificates,
request,
array
};
nstream = (Stream)Activator.CreateInstance(sslStream, args);
SslClientStream sslClientStream = (SslClientStream)nstream;
ServicePointManager.ChainValidationHelper @object = new ServicePointManager.ChainValidationHelper(request);
sslClientStream.ServerCertValidation2 += @object.ValidateChain;
certsAvailable = false;
}
}
else
{
ssl = false;
nstream = networkStream;
}
}
catch (Exception)
{
if (!request.Aborted)
{
status = WebExceptionStatus.ConnectFailure;
}
return(false);
IL_011e :;
}
return(true);
}
private bool CreateStream(HttpWebRequest request)
{
try
{
System.Net.Sockets.NetworkStream networkStream = new System.Net.Sockets.NetworkStream(this.socket, false);
if (request.Address.Scheme == System.Uri.UriSchemeHttps)
{
this.ssl = true;
WebConnection.EnsureSSLStreamAvailable();
if (!this.reused || this.nstream == null || this.nstream.GetType() != WebConnection.sslStream)
{
byte[] array = null;
if (this.sPoint.UseConnect && !this.CreateTunnel(request, networkStream, out array))
{
return(false);
}
object[] args = new object[]
{
networkStream,
request.ClientCertificates,
request,
array
};
this.nstream = (Stream)Activator.CreateInstance(WebConnection.sslStream, args);
SslClientStream sslClientStream = (SslClientStream)this.nstream;
ServicePointManager.ChainValidationHelper @object = new ServicePointManager.ChainValidationHelper(request);
sslClientStream.ServerCertValidation2 += @object.ValidateChain;
this.certsAvailable = false;
}
}
else
{
this.ssl = false;
this.nstream = networkStream;
}
}
catch (Exception)
{
if (!request.Aborted)
{
this.status = WebExceptionStatus.ConnectFailure;
}
return(false);
}
return(true);
}
bool CreateStream (HttpWebRequest request)
{
try {
NetworkStream serverStream = new NetworkStream (socket, false);
if (request.Address.Scheme == Uri.UriSchemeHttps) {
ssl = true;
EnsureSSLStreamAvailable ();
if (!reused || nstream == null || nstream.GetType () != sslStream) {
byte [] buffer = null;
if (sPoint.UseConnect) {
bool ok = CreateTunnel (request, serverStream, out buffer);
if (!ok)
return false;
}
object[] args = new object [4] { serverStream,
request.ClientCertificates,
request, buffer};
nstream = (Stream) Activator.CreateInstance (sslStream, args);
#if SECURITY_DEP
SslClientStream scs = (SslClientStream) nstream;
var helper = new ServicePointManager.ChainValidationHelper (request);
scs.ServerCertValidation2 += new CertificateValidationCallback2 (helper.ValidateChain);
#endif
certsAvailable = false;
}
// we also need to set ServicePoint.Certificate
// and ServicePoint.ClientCertificate but this can
// only be done later (after handshake - which is
// done only after a read operation).
} else {
ssl = false;
nstream = serverStream;
}
} catch (Exception) {
if (!request.Aborted)
status = WebExceptionStatus.ConnectFailure;
return false;
}
return true;
}
public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
{
if (IsAuthenticated)
throw new InvalidOperationException ("This SslStream is already authenticated");
SslClientStream s = new SslClientStream (InnerStream, targetHost, !LeaveInnerStreamOpen, GetMonoSslProtocol (enabledSslProtocols), clientCertificates);
s.CheckCertRevocationStatus = checkCertificateRevocation;
// Due to the Mono.Security internal, it cannot reuse
// the delegated argument, as Mono.Security creates
// another instance of X509Certificate which lacks
// private key but is filled the private key via this
// delegate.
s.PrivateKeyCertSelectionDelegate = delegate (X509Certificate cert, string host) {
string hash = cert.GetCertHashString ();
// ... so, we cannot use the delegate argument.
foreach (X509Certificate cc in clientCertificates) {
if (cc.GetCertHashString () != hash)
continue;
X509Certificate2 cert2 = cc as X509Certificate2;
cert2 = cert2 ?? new X509Certificate2 (cc);
return cert2.PrivateKey;
}
return null;
};
#if MONOTOUCH || MONODROID
// Even if validation_callback is null this allows us to verify requests where the user
// does not provide a verification callback but attempts to authenticate with the website
// as a client (see https://bugzilla.xamarin.com/show_bug.cgi?id=18962 for an example)
var helper = new ServicePointManager.ChainValidationHelper (this, targetHost);
helper.ServerCertificateValidationCallback = validation_callback;
s.ServerCertValidation2 += new CertificateValidationCallback2 (helper.ValidateChain);
#else
if (validation_callback != null) {
s.ServerCertValidationDelegate = delegate (X509Certificate cert, int [] certErrors) {
X509Chain chain = new X509Chain ();
X509Certificate2 x2 = (cert as X509Certificate2);
if (x2 == null)
x2 = new X509Certificate2 (cert);
if (!ServicePointManager.CheckCertificateRevocationList)
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
// SSL specific checks (done by Mono.Security.dll SSL/TLS implementation)
SslPolicyErrors errors = SslPolicyErrors.None;
foreach (int i in certErrors) {
switch (i) {
case -2146762490: // CERT_E_PURPOSE
errors |= SslPolicyErrors.RemoteCertificateNotAvailable;
break;
case -2146762481: // CERT_E_CN_NO_MATCH
errors |= SslPolicyErrors.RemoteCertificateNameMismatch;
break;
default:
errors |= SslPolicyErrors.RemoteCertificateChainErrors;
break;
}
}
chain.Build (x2);
// non-SSL specific X509 checks (i.e. RFC3280 related checks)
foreach (X509ChainStatus status in chain.ChainStatus) {
if (status.Status == X509ChainStatusFlags.NoError)
continue;
if ((status.Status & X509ChainStatusFlags.PartialChain) != 0)
errors |= SslPolicyErrors.RemoteCertificateNotAvailable;
else
errors |= SslPolicyErrors.RemoteCertificateChainErrors;
}
return validation_callback (this, cert, chain, errors);
};
}
#endif
if (selection_callback != null)
s.ClientCertSelectionDelegate = OnCertificateSelection;
ssl_stream = s;
return BeginWrite (new byte [0], 0, 0, asyncCallback, asyncState);
}
