public ServerContext(
SslServerStream stream,
SecurityProtocolType securityProtocolType,
X509Certificate serverCertificate,
bool clientCertificateRequired,
bool requestClientCertificate)
: base(securityProtocolType)
{
this.sslStream = stream;
this.clientCertificateRequired = clientCertificateRequired;
this.request_client_certificate = requestClientCertificate;
// Convert the System.Security cert to a Mono Cert
MonoX509.X509Certificate cert = new MonoX509.X509Certificate(serverCertificate.GetRawCertData());
// Add server certificate to the certificate collection
this.ServerSettings.Certificates = new MonoX509.X509CertificateCollection();
this.ServerSettings.Certificates.Add(cert);
this.ServerSettings.UpdateCertificateRSA();
if (CertificateValidationHelper.SupportsX509Chain)
{
// Build the chain for the certificate and if the chain is correct, add all certificates
// (except the root certificate [FIRST ONE] ... the client is supposed to know that one,
// otherwise the whole concept of a trusted chain doesn't work out ...
MonoX509.X509Chain chain = new MonoX509.X509Chain(MonoX509.X509StoreManager.IntermediateCACertificates);
if (chain.Build(cert))
{
for (int j = chain.Chain.Count - 1; j > 0; j--)
{
ServerSettings.Certificates.Add(chain.Chain [j]);
}
}
}
// Add requested certificate types
ServerSettings.CertificateTypes = new ClientCertificateType [ServerSettings.Certificates.Count];
for (int j = 0; j < this.ServerSettings.CertificateTypes.Length; j++)
{
ServerSettings.CertificateTypes [j] = ClientCertificateType.RSA;
}
if (CertificateValidationHelper.SupportsX509Chain)
{
// Add certificate authorities
MonoX509.X509CertificateCollection trusted = MonoX509.X509StoreManager.TrustedRootCertificates;
string[] list = new string [trusted.Count];
int i = 0;
foreach (MonoX509.X509Certificate root in trusted)
{
list [i++] = root.IssuerName;
}
this.ServerSettings.DistinguisedNames = list;
}
}
public ServerContext(
SslServerStream stream,
SecurityProtocolType securityProtocolType,
X509Certificate serverCertificate,
bool clientCertificateRequired,
bool requestClientCertificate)
: base(securityProtocolType)
{
this.sslStream = stream;
this.clientCertificateRequired = clientCertificateRequired;
this.request_client_certificate = requestClientCertificate;
// Convert the System.Security cert to a Mono Cert
MonoX509.X509Certificate cert = new MonoX509.X509Certificate(serverCertificate.GetRawCertData());
// Add server certificate to the certificate collection
this.ServerSettings.Certificates = new MonoX509.X509CertificateCollection();
this.ServerSettings.Certificates.Add(cert);
this.ServerSettings.UpdateCertificateRSA();
if (CertificateValidationHelper.SupportsX509Chain) {
// Build the chain for the certificate and if the chain is correct, add all certificates
// (except the root certificate [FIRST ONE] ... the client is supposed to know that one,
// otherwise the whole concept of a trusted chain doesn't work out ...
MonoX509.X509Chain chain = new MonoX509.X509Chain (MonoX509.X509StoreManager.IntermediateCACertificates);
if (chain.Build (cert)) {
for (int j = chain.Chain.Count - 1; j > 0; j--)
ServerSettings.Certificates.Add (chain.Chain [j]);
}
}
// Add requested certificate types
ServerSettings.CertificateTypes = new ClientCertificateType [ServerSettings.Certificates.Count];
for (int j = 0; j < this.ServerSettings.CertificateTypes.Length; j++)
ServerSettings.CertificateTypes [j] = ClientCertificateType.RSA;
if (CertificateValidationHelper.SupportsX509Chain) {
// Add certificate authorities
MonoX509.X509CertificateCollection trusted = MonoX509.X509StoreManager.TrustedRootCertificates;
string[] list = new string [trusted.Count];
int i = 0;
foreach (MonoX509.X509Certificate root in trusted) {
list [i++] = root.IssuerName;
}
this.ServerSettings.DistinguisedNames = list;
}
}
private void validateCertificates(Mono.Security.X509.X509CertificateCollection certificates)
{
ClientContext clientContext = (ClientContext)base.Context;
AlertDescription description = AlertDescription.BadCertificate;
if (clientContext.SslStream.HaveRemoteValidation2Callback)
{
ValidationResult validationResult = clientContext.SslStream.RaiseServerCertificateValidation2(certificates);
if (validationResult.Trusted)
{
return;
}
long num = (long)validationResult.ErrorCode;
long num2 = num;
if (num2 != (long)((ulong)-2146762487))
{
if (num2 != (long)((ulong)-2146762486))
{
if (num2 != (long)((ulong)-2146762495))
{
description = AlertDescription.CertificateUnknown;
}
else
{
description = AlertDescription.CertificateExpired;
}
}
else
{
description = AlertDescription.UnknownCA;
}
}
else
{
description = AlertDescription.UnknownCA;
}
string str = string.Format("0x{0:x}", num);
throw new TlsException(description, "Invalid certificate received from server. Error code: " + str);
}
else
{
Mono.Security.X509.X509Certificate x509Certificate = certificates[0];
System.Security.Cryptography.X509Certificates.X509Certificate certificate = new System.Security.Cryptography.X509Certificates.X509Certificate(x509Certificate.RawData);
ArrayList arrayList = new ArrayList();
if (!this.checkCertificateUsage(x509Certificate))
{
arrayList.Add(-2146762490);
}
if (!this.checkServerIdentity(x509Certificate))
{
arrayList.Add(-2146762481);
}
Mono.Security.X509.X509CertificateCollection x509CertificateCollection = new Mono.Security.X509.X509CertificateCollection(certificates);
x509CertificateCollection.Remove(x509Certificate);
Mono.Security.X509.X509Chain x509Chain = new Mono.Security.X509.X509Chain(x509CertificateCollection);
bool flag = false;
try
{
flag = x509Chain.Build(x509Certificate);
}
catch (Exception)
{
flag = false;
}
if (!flag)
{
Mono.Security.X509.X509ChainStatusFlags status = x509Chain.Status;
if (status != Mono.Security.X509.X509ChainStatusFlags.NotTimeValid)
{
if (status != Mono.Security.X509.X509ChainStatusFlags.NotTimeNested)
{
if (status != Mono.Security.X509.X509ChainStatusFlags.NotSignatureValid)
{
if (status != Mono.Security.X509.X509ChainStatusFlags.UntrustedRoot)
{
if (status != Mono.Security.X509.X509ChainStatusFlags.InvalidBasicConstraints)
{
if (status != Mono.Security.X509.X509ChainStatusFlags.PartialChain)
{
description = AlertDescription.CertificateUnknown;
arrayList.Add((int)x509Chain.Status);
}
else
{
description = AlertDescription.UnknownCA;
arrayList.Add(-2146762486);
}
}
else
{
arrayList.Add(-2146869223);
}
}
else
{
description = AlertDescription.UnknownCA;
arrayList.Add(-2146762487);
}
}
else
{
arrayList.Add(-2146869232);
}
}
else
{
arrayList.Add(-2146762494);
}
}
else
{
description = AlertDescription.CertificateExpired;
arrayList.Add(-2146762495);
}
}
int[] certificateErrors = (int[])arrayList.ToArray(typeof(int));
if (!clientContext.SslStream.RaiseServerCertificateValidation(certificate, certificateErrors))
{
throw new TlsException(description, "Invalid certificate received from server.");
}
return;
}
}
private void validateCertificates(Mono.Security.X509.X509CertificateCollection certificates)
{
ClientContext clientContext = (ClientContext)base.Context;
AlertDescription description = AlertDescription.BadCertificate;
if (clientContext.SslStream.HaveRemoteValidation2Callback)
{
ValidationResult validationResult = clientContext.SslStream.RaiseServerCertificateValidation2(certificates);
if (!validationResult.Trusted)
{
long num = validationResult.ErrorCode;
switch (num)
{
case 2148204801L:
description = AlertDescription.CertificateExpired;
break;
case 2148204810L:
description = AlertDescription.UnknownCA;
break;
case 2148204809L:
description = AlertDescription.UnknownCA;
break;
default:
description = AlertDescription.CertificateUnknown;
break;
}
string str = $"0x{num:x}";
throw new TlsException(description, "Invalid certificate received from server. Error code: " + str);
}
return;
}
Mono.Security.X509.X509Certificate x509Certificate = certificates[0];
System.Security.Cryptography.X509Certificates.X509Certificate certificate = new System.Security.Cryptography.X509Certificates.X509Certificate(x509Certificate.RawData);
ArrayList arrayList = new ArrayList();
if (!checkCertificateUsage(x509Certificate))
{
arrayList.Add(-2146762490);
}
if (!checkServerIdentity(x509Certificate))
{
arrayList.Add(-2146762481);
}
Mono.Security.X509.X509CertificateCollection x509CertificateCollection = new Mono.Security.X509.X509CertificateCollection(certificates);
x509CertificateCollection.Remove(x509Certificate);
Mono.Security.X509.X509Chain x509Chain = new Mono.Security.X509.X509Chain(x509CertificateCollection);
bool flag = false;
try
{
flag = x509Chain.Build(x509Certificate);
}
catch (Exception)
{
flag = false;
}
if (!flag)
{
switch (x509Chain.Status)
{
case Mono.Security.X509.X509ChainStatusFlags.InvalidBasicConstraints:
arrayList.Add(-2146869223);
break;
case Mono.Security.X509.X509ChainStatusFlags.NotSignatureValid:
arrayList.Add(-2146869232);
break;
case Mono.Security.X509.X509ChainStatusFlags.NotTimeNested:
arrayList.Add(-2146762494);
break;
case Mono.Security.X509.X509ChainStatusFlags.NotTimeValid:
description = AlertDescription.CertificateExpired;
arrayList.Add(-2146762495);
break;
case Mono.Security.X509.X509ChainStatusFlags.PartialChain:
description = AlertDescription.UnknownCA;
arrayList.Add(-2146762486);
break;
case Mono.Security.X509.X509ChainStatusFlags.UntrustedRoot:
description = AlertDescription.UnknownCA;
arrayList.Add(-2146762487);
break;
default:
description = AlertDescription.CertificateUnknown;
arrayList.Add((int)x509Chain.Status);
break;
}
}
int[] certificateErrors = (int[])arrayList.ToArray(typeof(int));
if (!clientContext.SslStream.RaiseServerCertificateValidation(certificate, certificateErrors))
{
throw new TlsException(description, "Invalid certificate received from server.");
}
}