private void Dispose(bool disposing)
{
if (WinHttpTraceHelper.IsTraceEnabled())
{
WinHttpTraceHelper.Trace(
"WinHttpRequestState.Dispose, GCHandle=0x{0:X}, disposed={1}, disposing={2}",
ToIntPtr(),
_disposed,
disposing);
}
// Since there is no finalizer and this class is sealed, the disposing parameter should be TRUE.
Debug.Assert(disposing, "WinHttpRequestState.Dispose() should have disposing=TRUE");
if (_disposed)
{
return;
}
_disposed = true;
if (_operationHandle.IsAllocated)
{
_operationHandle.Free();
}
}
private void Dispose(bool disposing)
{
#if DEBUG
Interlocked.Increment(ref s_dbg_callDispose);
#endif
if (WinHttpTraceHelper.IsTraceEnabled())
{
WinHttpTraceHelper.Trace(
"WinHttpRequestState.Dispose, GCHandle=0x{0:X}, disposed={1}, disposing={2}",
ToIntPtr(),
_disposed,
disposing);
}
// Since there is no finalizer and this class is sealed, the disposing parameter should be TRUE.
Debug.Assert(disposing, "WinHttpRequestState.Dispose() should have disposing=TRUE");
if (_disposed)
{
return;
}
_disposed = true;
if (_operationHandle.IsAllocated)
{
// This method only gets called when the WinHTTP request handle is fully closed and thus all
// async operations are done. So, it is safe at this point to unpin the buffers and release
// the strong GCHandle for this object.
if (_cachedReceivePinnedBuffer.IsAllocated)
{
_cachedReceivePinnedBuffer.Free();
_cachedReceivePinnedBuffer = default(GCHandle);
}
#if DEBUG
Interlocked.Increment(ref s_dbg_operationHandleFree);
#endif
_operationHandle.Free();
_operationHandle = default(GCHandle);
}
}
// TODO: Issue #2165. Merge with similar code used in System.Net.Security move to Common/src//System/Net.
public static void BuildChain(
X509Certificate2 certificate,
X509Certificate2Collection remoteCertificateStore,
string hostName,
bool checkCertificateRevocationList,
out X509Chain chain,
out SslPolicyErrors sslPolicyErrors)
{
chain = null;
sslPolicyErrors = SslPolicyErrors.None;
// Build the chain.
chain = new X509Chain();
chain.ChainPolicy.RevocationMode =
checkCertificateRevocationList ? X509RevocationMode.Online : X509RevocationMode.NoCheck;
chain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
// Authenticate the remote party: (e.g. when operating in client mode, authenticate the server).
chain.ChainPolicy.ApplicationPolicy.Add(s_serverAuthOid);
if (remoteCertificateStore.Count > 0)
{
if (WinHttpTraceHelper.IsTraceEnabled())
{
foreach (X509Certificate cert in remoteCertificateStore)
{
WinHttpTraceHelper.Trace("WinHttpCertificateHelper.BuildChain: adding cert to ExtraStore: {0}", cert.Subject);
}
}
chain.ChainPolicy.ExtraStore.AddRange(remoteCertificateStore);
}
if (!chain.Build(certificate))
{
sslPolicyErrors |= SslPolicyErrors.RemoteCertificateChainErrors;
}
// Verify the hostName matches the certificate.
unsafe
{
var cppStruct = new Interop.Crypt32.CERT_CHAIN_POLICY_PARA();
cppStruct.cbSize = (uint)Marshal.SizeOf <Interop.Crypt32.CERT_CHAIN_POLICY_PARA>();
cppStruct.dwFlags = 0;
var eppStruct = new Interop.Crypt32.SSL_EXTRA_CERT_CHAIN_POLICY_PARA();
eppStruct.cbSize = (uint)Marshal.SizeOf <Interop.Crypt32.SSL_EXTRA_CERT_CHAIN_POLICY_PARA>();
eppStruct.dwAuthType = Interop.Crypt32.AuthType.AUTHTYPE_SERVER;
cppStruct.pvExtraPolicyPara = &eppStruct;
fixed(char *namePtr = hostName)
{
eppStruct.pwszServerName = namePtr;
cppStruct.dwFlags =
Interop.Crypt32.CertChainPolicyIgnoreFlags.CERT_CHAIN_POLICY_IGNORE_ALL &
~Interop.Crypt32.CertChainPolicyIgnoreFlags.CERT_CHAIN_POLICY_IGNORE_INVALID_NAME_FLAG;
var status = new Interop.Crypt32.CERT_CHAIN_POLICY_STATUS();
status.cbSize = (uint)sizeof(Interop.Crypt32.CERT_CHAIN_POLICY_STATUS);
if (Interop.Crypt32.CertVerifyCertificateChainPolicy(
(IntPtr)Interop.Crypt32.CertChainPolicy.CERT_CHAIN_POLICY_SSL,
chain.SafeHandle,
ref cppStruct,
ref status))
{
if (status.dwError == Interop.Crypt32.CertChainPolicyErrors.CERT_E_CN_NO_MATCH)
{
sslPolicyErrors |= SslPolicyErrors.RemoteCertificateNameMismatch;
}
}
else
{
// Failure checking the policy. This is a rare error. We will assume the name check failed.
// TODO: Issue #2165. Log this error or perhaps throw an exception instead.
sslPolicyErrors |= SslPolicyErrors.RemoteCertificateNameMismatch;
}
}
}
}
