public async Task Validate(BackchannelCertificateValidationContext context, Func <BackchannelCertificateValidationContext, Task> next)
{
var validationResult = this.ValidateInternal(context);
if (!validationResult)
{
return;
}
await next(context);
}
public bool Validate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
var context = new BackchannelCertificateValidationContext(certificate, chain, sslPolicyErrors);
Func <BackchannelCertificateValidationContext, Task> seed = x => Task.CompletedTask;
var rules = this.GetBackchannelCertificateValidationRules();
var validationDelegate = rules.Aggregate(seed, (f, next) => new Func <BackchannelCertificateValidationContext, Task>(c => next.Validate(c, f)));
var task = validationDelegate(context);
task.Wait();
return(context.IsValid);
}
public async Task Validate(object sender, BackchannelCertificateValidationContext context, Func <object, BackchannelCertificateValidationContext, Task> next)
{
var isValid = base.Validate(sender, context.Certificate, context.Chain, context.SslPolicyErrors);
if (isValid)
{
context.Validated();
}
else
{
await next(sender, context);
}
}
public bool Validate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
var httpMessage = sender as HttpWebRequest;
this._logProvider.LogMessage(String.Format("Validating backhannel certificate. sslPolicyErrors was: {0}", sslPolicyErrors));
var configiration = this._configurationProvider.GeBackchannelConfiguration(httpMessage.RequestUri);
var context = new BackchannelCertificateValidationContext(certificate, chain, sslPolicyErrors);
//if pinning validation is enabled it take precedence
if (configiration.UsePinningValidation && configiration.BackchannelValidatorResolver != null)
{
_logProvider.LogMessage(String.Format("Pinning validation entered. Validator type: {0}", configiration.BackchannelValidatorResolver.Type));
var type = configiration.BackchannelValidatorResolver.Type;
var instance = BackchannelCertificateValidationRulesFactory.CertificateValidatorResolverFactory(type);
if (instance != null)
{
var validators = instance.Resolve(configiration)
.Where(x => x != null)
.ToList();
Func <object, BackchannelCertificateValidationContext, Task> seed1 = (o, c) => Task.CompletedTask;
var del = validators.Aggregate(seed1, (next, validator) => new Func <object, BackchannelCertificateValidationContext, Task>((o, c) => validator.Validate(o, c, next)));
var backChannelValidationTask = del(sender, context);
backChannelValidationTask.Wait();
return(context.IsValid);
}
}
//if pinning validation is disabled run validation rules if any
//default rule. SslPolicyErrors no error vaidation. To ve reviewed
Func <BackchannelCertificateValidationContext, Task> seed = x =>
{
var isLocal = Utility.IsLocalIpAddress(httpMessage.RequestUri.Host);
if (isLocal || (!x.IsValid && x.SslPolicyErrors == SslPolicyErrors.None))
{
x.Validated();
}
return(Task.CompletedTask);
};
var rules = BackchannelCertificateValidationRulesFactory.GetRules(configiration);
var validationDelegate = rules.Aggregate(seed, (f, next) => new Func <BackchannelCertificateValidationContext, Task>(c => next.Validate(c, f)));
var task = validationDelegate(context);
task.Wait();
return(context.IsValid);
}
public bool Validate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
var federationPartyId = FederationPartyIdentifierHelper.GetFederationPartyIdFromRequestOrDefault(sender as HttpWebRequest);
var configiration = this.GetConfiguration(federationPartyId);
//ToDo: complete pinning validation. Moved to back log on 27/09/2017
if (configiration.UsePinningValidation && configiration.BackchannelValidatorResolver != null)
{
try
{
var type = configiration.BackchannelValidatorResolver.Type;
var instace = Activator.CreateInstance(type) as ICertificateValidatorResolver;
if (instace != null)
{
var validators = instace.Resolve();
return(true);
}
}
catch (Exception)
{
return(true);
}
}
var context = new BackchannelCertificateValidationContext(certificate, chain, sslPolicyErrors);
//default rule. No validation
Func <BackchannelCertificateValidationContext, Task> seed = x =>
{
x.Validated();
return(Task.CompletedTask);
};
var rules = BackchannelCertificateValidationRulesFactory.GetRules(configiration);
var validationDelegate = rules.Aggregate(seed, (f, next) => new Func <BackchannelCertificateValidationContext, Task>(c => next.Validate(c, f)));
var task = validationDelegate(context);
task.Wait();
return(context.IsValid);
}
public async Task Validate(object sender, BackchannelCertificateValidationContext context, Func <object, BackchannelCertificateValidationContext, Task> next)
{
//ToDo: Review
bool backchannelLocalValidatorEnabled = true;
var found = true;//AppSettingsConfigurationManager.TryGetSettingAndParse<bool>("backchannelLocalValidatorEnabled", false, out backchannelLocalValidatorEnabled);
if (!backchannelLocalValidatorEnabled)
{
return;
}
#if (DEBUG)
var webRequest = sender as HttpWebRequest;
if (webRequest == null)
{
return;
}
var isLocal = Utility.IsLocalIpAddress(webRequest.Host);
if (webRequest != null && isLocal)
{
foreach (X509ChainElement chainElement in context.Chain.ChainElements)
{
string thumbprint = chainElement.Certificate.Thumbprint;
if (thumbprint != null && this._validThumbprints.Contains(thumbprint))
{
context.Validated();
break;
}
}
}
else
{
await next(sender, context);
}
#endif
}
protected abstract bool ValidateInternal(BackchannelCertificateValidationContext context);
public Task Validate(object sender, BackchannelCertificateValidationContext context, Func <object, BackchannelCertificateValidationContext, Task> next)
{
throw new NotImplementedException();
}
protected override bool ValidateInternal(BackchannelCertificateValidationContext context)
{
context.Validated();
return(true);
}
