bool InvokeSystemValidator(string targetHost, bool serverMode, X509CertificateCollection certificates, X509Chain chain, ref MonoSslPolicyErrors xerrors, ref int status11)
{
var errors = (SslPolicyErrors)xerrors;
var result = SystemCertificateValidator.Evaluate(settings, targetHost, certificates, chain, ref errors, ref status11);
xerrors = (MonoSslPolicyErrors)errors;
return(result);
}
public override bool ValidateCertificate(ChainValidationHelper validator, string targetHost, bool serverMode,
X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain, ref SslPolicyErrors errors,
ref int status11)
{
if (wantsChain)
{
chain = SystemCertificateValidator.CreateX509Chain(certificates);
}
var result = SystemCertificateValidator.Evaluate(validator.Settings, targetHost, certificates, chain,
ref errors, ref status11);
return(result);
}
internal override bool ValidateCertificate(
MSI.ICertificateValidator2 validator, string targetHost, bool serverMode,
X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain,
ref MSI.MonoSslPolicyErrors errors, ref int status11)
{
if (wantsChain)
{
chain = SystemCertificateValidator.CreateX509Chain(certificates);
}
var xerrors = (SslPolicyErrors)errors;
var result = SystemCertificateValidator.Evaluate(validator.Settings, targetHost, certificates, chain, ref xerrors, ref status11);
errors = (MSI.MonoSslPolicyErrors)xerrors;
return(result);
}
ValidationResult ValidateChain(string host, bool server, X509Certificate leaf,
ref X509Chain chain, X509CertificateCollection certs,
SslPolicyErrors errors)
{
// user_denied is true if the user callback is called and returns false
bool user_denied = false;
bool result = false;
var hasCallback = certValidationCallback != null || callbackWrapper != null;
if (tlsStream != null)
{
request.ServicePoint.UpdateServerCertificate(leaf);
}
if (leaf == null)
{
errors |= SslPolicyErrors.RemoteCertificateNotAvailable;
if (hasCallback)
{
if (callbackWrapper != null)
{
result = callbackWrapper.Invoke(certValidationCallback, leaf, null, (MonoSslPolicyErrors)errors);
}
else
{
result = certValidationCallback.Invoke(sender, leaf, null, errors);
}
user_denied = !result;
}
return(new ValidationResult(result, user_denied, 0, (MonoSslPolicyErrors)errors));
}
// Ignore port number when validating certificates.
if (!string.IsNullOrEmpty(host))
{
var pos = host.IndexOf(':');
if (pos > 0)
{
host = host.Substring(0, pos);
}
}
ICertificatePolicy policy = ServicePointManager.GetLegacyCertificatePolicy();
int status11 = 0; // Error code passed to the obsolete ICertificatePolicy callback
bool wantsChain = SystemCertificateValidator.NeedsChain(settings);
if (!wantsChain && hasCallback)
{
if (settings == null || settings.CallbackNeedsCertificateChain)
{
wantsChain = true;
}
}
var xerrors = (MonoSslPolicyErrors)errors;
result = provider.ValidateCertificate(this, host, server, certs, wantsChain, ref chain, ref xerrors, ref status11);
errors = (SslPolicyErrors)xerrors;
if (status11 == 0 && errors != 0)
{
// TRUST_E_FAIL
status11 = unchecked ((int)0x800B010B);
}
if (policy != null && (!(policy is DefaultCertificatePolicy) || certValidationCallback == null))
{
ServicePoint sp = null;
if (request != null)
{
sp = request.ServicePointNoLock;
}
// pre 2.0 callback
result = policy.CheckValidationResult(sp, leaf, request, status11);
user_denied = !result && !(policy is DefaultCertificatePolicy);
}
// If there's a 2.0 callback, it takes precedence
if (hasCallback)
{
if (callbackWrapper != null)
{
result = callbackWrapper.Invoke(certValidationCallback, leaf, chain, (MonoSslPolicyErrors)errors);
}
else
{
result = certValidationCallback.Invoke(sender, leaf, chain, errors);
}
user_denied = !result;
}
return(new ValidationResult(result, user_denied, status11, (MonoSslPolicyErrors)errors));
}
ValidationResult ValidateChain(string host, bool server, XX509CertificateCollection certs, SslPolicyErrors errors)
{
// user_denied is true if the user callback is called and returns false
bool user_denied = false;
bool result = false;
var hasCallback = certValidationCallback != null || callbackWrapper != null;
X509Certificate leaf;
if (certs == null || certs.Count == 0)
{
leaf = null;
}
else
{
leaf = certs [0];
}
if (tlsStream != null)
{
request.ServicePoint.SetServerCertificate(leaf);
}
if (leaf == null)
{
errors |= SslPolicyErrors.RemoteCertificateNotAvailable;
if (hasCallback)
{
if (callbackWrapper != null)
{
result = callbackWrapper.Invoke(certValidationCallback, leaf, null, (MonoSslPolicyErrors)errors);
}
else
{
result = certValidationCallback.Invoke(sender, leaf, null, errors);
}
user_denied = !result;
}
return(new ValidationResult(result, user_denied, 0, (MonoSslPolicyErrors)errors));
}
ICertificatePolicy policy = ServicePointManager.GetLegacyCertificatePolicy();
int status11 = 0; // Error code passed to the obsolete ICertificatePolicy callback
X509Chain chain = null;
bool wantsChain = SystemCertificateValidator.NeedsChain(settings);
if (!wantsChain && hasCallback)
{
if (settings == null || settings.CallbackNeedsCertificateChain)
{
wantsChain = true;
}
}
if (wantsChain)
{
chain = SystemCertificateValidator.CreateX509Chain(certs);
}
if (wantsChain || SystemCertificateValidator.NeedsChain(settings))
{
SystemCertificateValidator.BuildX509Chain(certs, chain, ref errors, ref status11);
}
bool providerValidated = false;
if (provider != null && provider.HasCustomSystemCertificateValidator)
{
var xerrors = (MonoSslPolicyErrors)errors;
var xchain = (XX509Chain)(object)chain;
providerValidated = provider.InvokeSystemCertificateValidator(this, host, server, certs, xchain, out result, ref xerrors, ref status11);
errors = (SslPolicyErrors)xerrors;
}
if (!providerValidated)
{
result = SystemCertificateValidator.Evaluate(settings, host, certs, chain, ref errors, ref status11);
}
if (policy != null && (!(policy is DefaultCertificatePolicy) || certValidationCallback == null))
{
ServicePoint sp = null;
if (request != null)
{
sp = request.ServicePointNoLock;
}
if (status11 == 0 && errors != 0)
{
// TRUST_E_FAIL
status11 = unchecked ((int)0x800B010B);
}
// pre 2.0 callback
result = policy.CheckValidationResult(sp, leaf, request, status11);
user_denied = !result && !(policy is DefaultCertificatePolicy);
}
// If there's a 2.0 callback, it takes precedence
if (hasCallback)
{
if (callbackWrapper != null)
{
result = callbackWrapper.Invoke(certValidationCallback, leaf, chain, (MonoSslPolicyErrors)errors);
}
else
{
result = certValidationCallback.Invoke(sender, leaf, chain, errors);
}
user_denied = !result;
}
return(new ValidationResult(result, user_denied, status11, (MonoSslPolicyErrors)errors));
}
