/// <summary>
/// Build a new SSL steam.
/// </summary>
/// <returns>Stream which is ready to be used (must have been validated)</returns>
public SslStream Build(ISslContainer connection)
{
connection.SslCertificates = new SslCertificatePair {
Certificate = Certificate
};
var stream = new SslStream(connection.Client.GetStream(), true,
(s, cert, chain, err) => OnRemoteCertificateValidation(connection, cert, chain, err),
OnCertificateSelection);
try
{
X509CertificateCollection certificates = null;
if (Certificate != null)
{
certificates = new X509CertificateCollection(new[] { Certificate });
}
var task = stream.AuthenticateAsClientAsync(CommonName, certificates, Protocols, false);
task.Wait();
}
catch (IOException err)
{
throw new SslException("Failed to authenticate", err);
}
catch (ObjectDisposedException err)
{
throw new SslException("Failed to create stream, did client disconnect directly?", err);
}
catch (AuthenticationException err)
{
throw new SslException("Failed to authenticate", err);
}
return(stream);
}
public SslStream Build(ISslContainer connection)
{
connection.SslCertificates = new SslCertificatePair {
Certificate = Certificate
};
var stream = new SslStream(connection.Client.GetStream(), true,
(s, cert, chain, err) => OnRemoteCertificateValidation(connection, cert, chain, err));
try
{
var task = stream.AuthenticateAsServerAsync(Certificate, UseClientCertificate, Protocols,
CheckCertificateRevocation);
task.Wait();
}
catch (IOException err)
{
throw new SslException("Failed to authenticate", err);
}
catch (ObjectDisposedException err)
{
throw new SslException("Failed to create stream, did client disconnect directly?", err);
}
catch (AuthenticationException err)
{
throw new SslException("Failed to authenticate", err);
}
return(stream);
}
/// <summary>
/// Used to validate the certificate that the server have provided.
/// </summary>
/// <param name="sender">Server.</param>
/// <param name="certificate">The certificate.</param>
/// <param name="chain">The chain.</param>
/// <param name="sslpolicyerrors">The sslpolicyerrors.</param>
/// <returns><c>true</c> if the certificate will be allowed, otherwise <c>false</c>.</returns>
protected virtual bool OnRemoteCertificateValidation(ISslContainer sender, X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslpolicyerrors)
{
((SslCertificatePair)sender.SslCertificates).RemoteCertificate = new BasicCertificateInfo(certificate);
((SslCertificatePair)sender.SslCertificates).RemotePolicyErrors = sslpolicyerrors;
return(sslpolicyerrors == SslPolicyErrors.None);
//return (Certificate != null && certificate == null) || (Certificate == null && certificate != null);
}
protected virtual bool OnRemoteCertificateValidation(ISslContainer sender, X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslpolicyerrors)
{
((SslCertificatePair)sender.SslCertificates).RemoteCertificate = new BasicCertificateInfo(certificate);
((SslCertificatePair)sender.SslCertificates).RemotePolicyErrors = sslpolicyerrors;
if (UseClientCertificate)
{
if (sslpolicyerrors != SslPolicyErrors.None)
{
return(false);
}
}
return(true);
}
