public bool Validate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
var httpMessage = sender as HttpWebRequest;
this._logProvider.LogMessage(String.Format("Validating backhannel certificate. sslPolicyErrors was: {0}", sslPolicyErrors));
var configiration = this._configurationProvider.GeBackchannelConfiguration(httpMessage.RequestUri);
var context = new BackchannelCertificateValidationContext(certificate, chain, sslPolicyErrors);
//if pinning validation is enabled it take precedence
if (configiration.UsePinningValidation && configiration.BackchannelValidatorResolver != null)
{
_logProvider.LogMessage(String.Format("Pinning validation entered. Validator type: {0}", configiration.BackchannelValidatorResolver.Type));
var type = configiration.BackchannelValidatorResolver.Type;
var instance = BackchannelCertificateValidationRulesFactory.CertificateValidatorResolverFactory(type);
if (instance != null)
{
var validators = instance.Resolve(configiration)
.Where(x => x != null)
.ToList();
Func <object, BackchannelCertificateValidationContext, Task> seed1 = (o, c) => Task.CompletedTask;
var del = validators.Aggregate(seed1, (next, validator) => new Func <object, BackchannelCertificateValidationContext, Task>((o, c) => validator.Validate(o, c, next)));
var backChannelValidationTask = del(sender, context);
backChannelValidationTask.Wait();
return(context.IsValid);
}
}
//if pinning validation is disabled run validation rules if any
//default rule. SslPolicyErrors no error vaidation. To ve reviewed
Func <BackchannelCertificateValidationContext, Task> seed = x =>
{
var isLocal = Utility.IsLocalIpAddress(httpMessage.RequestUri.Host);
if (isLocal || (!x.IsValid && x.SslPolicyErrors == SslPolicyErrors.None))
{
x.Validated();
}
return(Task.CompletedTask);
};
var rules = BackchannelCertificateValidationRulesFactory.GetRules(configiration);
var validationDelegate = rules.Aggregate(seed, (f, next) => new Func <BackchannelCertificateValidationContext, Task>(c => next.Validate(c, f)));
var task = validationDelegate(context);
task.Wait();
return(context.IsValid);
}
public bool Validate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
var federationPartyId = FederationPartyIdentifierHelper.GetFederationPartyIdFromRequestOrDefault(sender as HttpWebRequest);
var configiration = this.GetConfiguration(federationPartyId);
//ToDo: complete pinning validation. Moved to back log on 27/09/2017
if (configiration.UsePinningValidation && configiration.BackchannelValidatorResolver != null)
{
try
{
var type = configiration.BackchannelValidatorResolver.Type;
var instace = Activator.CreateInstance(type) as ICertificateValidatorResolver;
if (instace != null)
{
var validators = instace.Resolve();
return(true);
}
}
catch (Exception)
{
return(true);
}
}
var context = new BackchannelCertificateValidationContext(certificate, chain, sslPolicyErrors);
//default rule. No validation
Func <BackchannelCertificateValidationContext, Task> seed = x =>
{
x.Validated();
return(Task.CompletedTask);
};
var rules = BackchannelCertificateValidationRulesFactory.GetRules(configiration);
var validationDelegate = rules.Aggregate(seed, (f, next) => new Func <BackchannelCertificateValidationContext, Task>(c => next.Validate(c, f)));
var task = validationDelegate(context);
task.Wait();
return(context.IsValid);
}
