static void Main(string[] args) { string host = "localhost"; if (args.Length > 0) host = args[0]; SslProtocols protocol = SslProtocols.Tls; if (args.Length > 1) { switch (args [1].ToUpper ()) { case "SSL": protocol = SslProtocols.Ssl3; break; } } X509CertificateCollection certificates = null; if (args.Length > 2) { string password = null; if (args.Length > 3) password = args [3]; p12 = Mono.Security.X509.PKCS12.LoadFromFile(args [2], password); certificates = new X509CertificateCollection (); foreach (Mono.Security.X509.X509Certificate cert in p12.Certificates) { certificates.Add(new X509Certificate2(args [2], password)); break; } } TcpClient client = new TcpClient (); client.Connect (host, 4433); SslStream ssl = new SslStream (client.GetStream(), false, new RemoteCertificateValidationCallback (CertificateValidation), new LocalCertificateSelectionCallback (ClientCertificateSelection)); ssl.AuthenticateAsClient (host, certificates, protocol, false); StreamWriter sw = new StreamWriter (ssl, System.Text.Encoding.ASCII); sw.WriteLine ("GET /clientcert.aspx{0}", Environment.NewLine); sw.Flush (); StreamReader sr = new StreamReader (ssl); Console.WriteLine (sr.ReadToEnd ()); }
static bool BuildX509Chain (X509CertificateCollection certs, X509Chain chain, ref SslPolicyErrors errors, ref int status11) { #if MOBILE return false; #else if (is_macosx) return false; var leaf = (X509Certificate2)certs [0]; bool ok; try { ok = chain.Build (leaf); if (!ok) errors |= GetErrorsFromChain (chain); } catch (Exception e) { Console.Error.WriteLine ("ERROR building certificate chain: {0}", e); Console.Error.WriteLine ("Please, report this problem to the Mono team"); errors |= SslPolicyErrors.RemoteCertificateChainErrors; ok = false; } try { status11 = GetStatusFromChain (chain); } catch { status11 = -2146762485; // TRUST_E_FAIL - generic } return ok; #endif }
public AppleTlsContext( MobileAuthenticatedStream parent, MonoTlsSettings settings, AppleTlsProvider provider, bool serverMode, string targetHost, SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool askForClientCert) { this.parent = parent; this.settings = settings; this.provider = provider; this.serverMode = serverMode; this.targetHost = targetHost; this.enabledProtocols = enabledProtocols; this.serverCertificate = serverCertificate; this.clientCertificates = clientCertificates; this.askForClientCert = askForClientCert; handle = GCHandle.Alloc (this); connectionId = GCHandle.ToIntPtr (handle); readFunc = NativeReadCallback; writeFunc = NativeWriteCallback; // a bit higher than the default maximum fragment size readBuffer = new byte [16384]; writeBuffer = new byte [16384]; certificateValidator = CertificateValidationHelper.GetDefaultValidator (settings, provider); if (IsServer) { if (serverCertificate == null) throw new ArgumentNullException ("serverCertificate"); } }
internal static bool TrustEvaluateSsl (X509CertificateCollection collection) { var certsRawData = new List <byte[]> (collection.Count); foreach (var cert in collection) certsRawData.Add (cert.GetRawCertData ()); return trustEvaluateSsl (certsRawData); }
public static bool InvokeSystemCertificateValidator( ICertificateValidator2 validator, string targetHost, bool serverMode, X509CertificateCollection certificates, out bool success, ref MonoSslPolicyErrors errors, ref int status11) { if (certificates == null) { errors |= MonoSslPolicyErrors.RemoteCertificateNotAvailable; success = false; return true; } var policy = SecPolicy.CreateSslPolicy (!serverMode, targetHost); var trust = new SecTrust (certificates, policy); if (validator.Settings.TrustAnchors != null) { var status = trust.SetAnchorCertificates (validator.Settings.TrustAnchors); if (status != SecStatusCode.Success) throw new InvalidOperationException (status.ToString ()); trust.SetAnchorCertificatesOnly (false); } var result = trust.Evaluate (); if (result == SecTrustResult.Unspecified) { success = true; return true; } errors |= MonoSslPolicyErrors.RemoteCertificateChainErrors; success = false; return true; }
protected override void ProcessAsTls1() { this.certificates = new X509CertificateCollection(); int readed = 0; int length = this.ReadInt24(); while (readed < length) { // Read certificate length int certLength = ReadInt24(); // Increment readed readed += 3; if (certLength > 0) { // Read certificate data byte[] buffer = this.ReadBytes(certLength); // Create a new X509 Certificate X509Certificate certificate = new X509Certificate(buffer); certificates.Add(certificate); readed += certLength; DebugHelper.WriteLine( String.Format("Server Certificate {0}", certificates.Count), buffer); } } this.validateCertificates(certificates); }
public static void X509CertificateCollectionEnumerator() { using (X509Certificate2 c1 = new X509Certificate2()) using (X509Certificate2 c2 = new X509Certificate2()) using (X509Certificate2 c3 = new X509Certificate2()) { X509CertificateCollection cc = new X509CertificateCollection(new X509Certificate[] { c1, c2, c3 }); X509CertificateCollection.X509CertificateEnumerator e = cc.GetEnumerator(); object ignored; // Not started Assert.Throws<InvalidOperationException>(() => ignored = e.Current); Assert.True(e.MoveNext()); Assert.Same(c1, e.Current); Assert.True(e.MoveNext()); Assert.Same(c2, e.Current); Assert.True(e.MoveNext()); Assert.Same(c3, e.Current); Assert.False(e.MoveNext()); Assert.False(e.MoveNext()); Assert.False(e.MoveNext()); Assert.False(e.MoveNext()); Assert.False(e.MoveNext()); // ended. Assert.Throws<InvalidOperationException>(() => ignored = e.Current); } }
public static X509Chain CreateX509Chain (X509CertificateCollection certs) { var chain = new X509Chain (); chain.ChainPolicy = new X509ChainPolicy ((X509CertificateCollection)(object)certs); #if !MOBILE chain.ChainPolicy.RevocationMode = revocation_mode; #endif return chain; }
internal static SSPIInterface Create (string hostname, bool serverMode, SchProtocols protocolFlags, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool remoteCertRequired, bool checkCertName, bool checkCertRevocationStatus, EncryptionPolicy encryptionPolicy, LocalCertSelectionCallback certSelectionDelegate, RemoteCertValidationCallback remoteValidationCallback, SSPIConfiguration userConfig) { if (userConfig.Settings != null && remoteValidationCallback != null) throw new InvalidOperationException (); var context = userConfig.Provider.CreateTlsContext ( hostname, serverMode, (TlsProtocols)protocolFlags, serverCertificate, clientCertificates, remoteCertRequired, checkCertName, checkCertRevocationStatus, (MonoEncryptionPolicy)encryptionPolicy, userConfig.Settings); return new SSPIInterface (context, userConfig.EventSink); }
public static void X509CertificateCollectionsProperties() { IList ilist = new X509CertificateCollection(); Assert.False(ilist.IsSynchronized); Assert.False(ilist.IsFixedSize); Assert.False(ilist.IsReadOnly); ilist = new X509Certificate2Collection(); Assert.False(ilist.IsSynchronized); Assert.False(ilist.IsFixedSize); Assert.False(ilist.IsReadOnly); }
static X509Certificate ClientCertificateSelection (X509CertificateCollection clientCertificates, X509Certificate serverCertificate, string targetHost, X509CertificateCollection serverRequestedCertificates) { Console.WriteLine ("ClientCertificateSelection"); Console.WriteLine ("\tClient Certificates ({0})", clientCertificates.Count); int i = 1; foreach (X509Certificate client in clientCertificates) Console.WriteLine ("#{0} - {1}", i++, client.ToString (true)); Console.WriteLine ("\tHost: {0}", targetHost); Console.Write ("SERVER {0}", serverCertificate.ToString (true)); Console.WriteLine (); return clientCertificates [0]; }
public static X509Certificate SelectClientCertificate(string targetHost, ICertificateValidator2 validator, X509CertificateCollection clientCertificates, X509Certificate serverCertificate) { X509Certificate certificate; var selected = validator.SelectClientCertificate (targetHost, clientCertificates, serverCertificate, null, out certificate); if (selected) return certificate; if (clientCertificates == null || clientCertificates.Count == 0) return null; if (clientCertificates.Count == 1) return clientCertificates [0]; // FIXME: select onne. throw new NotImplementedException (); }
static X509Certificate ClientCertificateSelection (object sender, string targetHost, X509CertificateCollection clientCertificates, X509Certificate serverCertificate, string [] acceptableIssuers) { Console.WriteLine ("ClientCertificateSelection"); Console.WriteLine ("\tClient Certificates ({0})", clientCertificates.Count); int i = 1; foreach (X509Certificate client in clientCertificates) Console.WriteLine ("#{0} - {1}", i++, client.ToString (true)); Console.WriteLine ("\tHost: {0}", targetHost); Console.Write ("SERVER {0}", serverCertificate != null ? serverCertificate.ToString (true) : null); Console.WriteLine (); if (i == 1) return null; X509Certificate2 cc = new X509Certificate2 (clientCertificates [0]); cc.PrivateKey = PrivateKeySelection (cc, targetHost); return cc; }
/// <summary> /// Connect to the registry end point /// </summary> public void Connect() { var client = new TcpClient(EPP_REGISTRY_COM, PORT); stream = new SslStream(client.GetStream(), false, ValidateServerCertificate); if (clientCertificate != null) { var clientCertificates = new X509CertificateCollection {clientCertificate}; stream.AuthenticateAsClient(EPP_REGISTRY_COM, clientCertificates, SslProtocols.Ssl3, false); } else { stream.AuthenticateAsClient(EPP_REGISTRY_COM); } }
static void Main(string[] args) { string host = "localhost"; if (args.Length > 0) host = args[0]; SecurityProtocolType protocol = SecurityProtocolType.Tls; if (args.Length > 1) { switch (args [1].ToUpper ()) { case "SSL": protocol = SecurityProtocolType.Ssl3; break; } } X509CertificateCollection certificates = null; if (args.Length > 2) { string password = null; if (args.Length > 3) password = args [3]; p12 = Mono.Security.X509.PKCS12.LoadFromFile(args [2], password); certificates = new X509CertificateCollection (); foreach (Mono.Security.X509.X509Certificate cert in p12.Certificates) { certificates.Add(new X509Certificate(cert.RawData)); } } TcpClient client = new TcpClient (); client.Connect (host, 4433); SslClientStream ssl = new SslClientStream (client.GetStream(), host, false, protocol, certificates); ssl.ServerCertValidationDelegate += new CertificateValidationCallback (CertificateValidation); ssl.ClientCertSelectionDelegate += new CertificateSelectionCallback (ClientCertificateSelection); ssl.PrivateKeyCertSelectionDelegate += new PrivateKeySelectionCallback (PrivateKeySelection); StreamWriter sw = new StreamWriter (ssl, System.Text.Encoding.ASCII); sw.WriteLine ("GET /clientcert.aspx{0}", Environment.NewLine); sw.Flush (); StreamReader sr = new StreamReader (ssl); Console.WriteLine (sr.ReadToEnd ()); }
public static void X509CertificateCollectionConstructors() { using (X509Certificate c1 = new X509Certificate()) using (X509Certificate c2 = new X509Certificate()) using (X509Certificate c3 = new X509Certificate()) { X509CertificateCollection cc = new X509CertificateCollection(new X509Certificate[] { c1, c2, c3 }); Assert.Equal(3, cc.Count); Assert.Same(c1, cc[0]); Assert.Same(c2, cc[1]); Assert.Same(c3, cc[2]); X509CertificateCollection cc2 = new X509CertificateCollection(cc); Assert.Equal(3, cc2.Count); Assert.Same(c1, cc2[0]); Assert.Same(c2, cc2[1]); Assert.Same(c3, cc2[2]); Assert.Throws<ArgumentNullException>(() => new X509CertificateCollection(new X509Certificate[] { c1, c2, null, c3 })); } }
protected override void ProcessAsTls1() { int bytesRead = 0; int length = this.ReadInt24 (); this.clientCertificates = new X509CertificateCollection (); while (length > bytesRead) { int certLength = this.ReadInt24 (); bytesRead += certLength + 3; byte[] cert = this.ReadBytes (certLength); this.clientCertificates.Add (new X509Certificate (cert)); } if (this.clientCertificates.Count > 0) { this.validateCertificates (this.clientCertificates); } else if ((this.Context as ServerContext).ClientCertificateRequired) { throw new TlsException (AlertDescription.NoCertificate); } }
/// <summary> /// Connect to the registry end point /// </summary> public void Connect(SslProtocols sslProtocols) { var client = new TcpClient(EPP_REGISTRY_COM, PORT); stream = new SslStream(client.GetStream(), false, ValidateServerCertificate) { ReadTimeout = READ_TIMEOUT, WriteTimeout = WRITE_TIMEOUT }; if (clientCertificate != null) { var clientCertificates = new X509CertificateCollection {clientCertificate}; stream.AuthenticateAsClient(EPP_REGISTRY_COM, clientCertificates, sslProtocols, false); } else { stream.AuthenticateAsClient(EPP_REGISTRY_COM); } }
internal override X509Certificate OnLocalCertificateSelection(X509CertificateCollection clientCertificates, X509Certificate serverCertificate, string targetHost, X509CertificateCollection serverRequestedCertificates) { if (this.ClientCertSelection != null) { return(this.ClientCertSelection( clientCertificates, serverCertificate, targetHost, serverRequestedCertificates)); } return(null); }
private X509Certificate LocalSelection(object sender, string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers) { return(Certificate); }
static int Process() { ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => { if (sslPolicyErrors != System.Net.Security.SslPolicyErrors.None) { Console.WriteLine("WARNING: Downloading the trusted certificate list couldn't be done securely (error: {0}), continuing anyway. If you're using mozroots to bootstrap Mono's trust store on a clean system this might be OK, otherwise it could indicate a network intrusion. Please ensure you're using a trusted network or move to cert-sync.", sslPolicyErrors); } // this is very bad, but on a clean system without an existing trust store we don't really have a better option return(true); }; X509CertificateCollection roots = DecodeCollection(); if (roots == null) { return(1); } else if (roots.Count == 0) { WriteLine("No certificates were found."); return(0); } if (pkcs7filename != null) { SoftwarePublisherCertificate pkcs7 = new SoftwarePublisherCertificate(); pkcs7.Certificates.AddRange(roots); WriteLine("Saving root certificates into '{0}' file...", pkcs7filename); using (FileStream fs = File.OpenWrite(pkcs7filename)) { byte[] data = pkcs7.GetBytes(); fs.Write(data, 0, data.Length); fs.Close(); } } if (import) { WriteLine("Importing certificates into {0} store...", machine ? "machine" : "user"); X509Stores stores = (machine ? X509StoreManager.LocalMachine : X509StoreManager.CurrentUser); X509CertificateCollection trusted = stores.TrustedRoot.Certificates; int additions = 0; foreach (X509Certificate root in roots) { if (!trusted.Contains(root)) { if (!confirmAddition || AskConfirmation("add", root)) { stores.TrustedRoot.Import(root); if (confirmAddition) { WriteLine("Certificate added.{0}", Environment.NewLine); } additions++; } } } if (additions > 0) { WriteLine("{0} new root certificates were added to your trust store.", additions); } X509CertificateCollection removed = new X509CertificateCollection(); foreach (X509Certificate trust in trusted) { if (!roots.Contains(trust)) { removed.Add(trust); } } if (removed.Count > 0) { if (confirmRemoval) { WriteLine("{0} previously trusted certificates were not part of the update.", removed.Count); } else { WriteLine("{0} previously trusted certificates were removed.", removed.Count); } foreach (X509Certificate old in removed) { if (!confirmRemoval || AskConfirmation("remove", old)) { stores.TrustedRoot.Remove(old); if (confirmRemoval) { WriteLine("Certificate removed.{0}", Environment.NewLine); } } } } WriteLine("Import process completed.{0}", Environment.NewLine); } return(0); }
public async Task AuthenticateAsClientAsync(string targetHost, int port, ProtocolType protocol = ProtocolType.Tcp, X509CertificateCollection clientCertificates = null, SslProtocols enabledSslProtocols = SslProtocols.None, bool checkCertificateRevocation = false) { if (enabledSslProtocols == SslProtocols.None) { enabledSslProtocols = IPA.Cores.Basic.CoresConfig.SslSettings.DefaultSslProtocolVersionsAsClient; } _tlsaRecords = await _resolver.ResolveSecureAsync <TlsaRecord>(DomainName.Parse("_" + port + "._" + EnumHelper <ProtocolType> .ToString(protocol).ToLowerInvariant() + "." + targetHost), RecordType.Tlsa); await _sslStream.AuthenticateAsClientAsync(targetHost, clientCertificates ?? new X509CertificateCollection(), enabledSslProtocols, checkCertificateRevocation); }
static X509Certificate CertificateSelectionCallback(object sender, string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers) { return(localCertificates[0]); }
public virtual Task AuthenticateAsClientAsync(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation) { SecurityProtocol.ThrowOnNotAllowed(enabledSslProtocols); return(Task.Factory.FromAsync((callback, state) => BeginAuthenticateAsClient(targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation, callback, state), EndAuthenticateAsClient, null)); }
public void AuthenticateAsClient(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation) { ValidateCreateContext(false, targetHost, enabledSslProtocols, null, clientCertificates, false); ProcessAuthentication(null); }
internal void ValidateCreateContext(bool serverMode, string targetHost, SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool clientCertRequired) { if (xobileTlsContext != null) { throw new InvalidOperationException(); } if (serverMode) { if (serverCertificate == null) { throw new ArgumentException("serverCertificate"); } } else { if (targetHost == null) { throw new ArgumentException("targetHost"); } if (targetHost.Length == 0) { targetHost = "?" + Interlocked.Increment(ref uniqueNameInteger).ToString(NumberFormatInfo.InvariantInfo); } } xobileTlsContext = CreateContext(this, serverMode, targetHost, enabledProtocols, serverCertificate, clientCertificates, clientCertRequired); }
public virtual void AuthenticateAsClient(string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation) { AuthenticateAsClient(targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation); }
public virtual IAsyncResult BeginAuthenticateAsClient(string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState) { return(BeginAuthenticateAsClient(targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState)); }
public async Task CertificateValidationClientServer_EndToEnd_Ok(bool useClientSelectionCallback) { IPEndPoint endPoint = new IPEndPoint(IPAddress.IPv6Loopback, 0); var server = new TcpListener(endPoint); server.Start(); using (var clientConnection = new TcpClient(AddressFamily.InterNetworkV6)) { IPEndPoint serverEndPoint = (IPEndPoint)server.LocalEndpoint; Task clientConnect = clientConnection.ConnectAsync(serverEndPoint.Address, serverEndPoint.Port); Task <TcpClient> serverAccept = server.AcceptTcpClientAsync(); Assert.True( Task.WaitAll( new Task[] { clientConnect, serverAccept }, TestConfiguration.PassingTestTimeoutMilliseconds), "Client/Server TCP Connect timed out."); LocalCertificateSelectionCallback clientCertCallback = null; if (useClientSelectionCallback) { clientCertCallback = ClientCertSelectionCallback; } using (TcpClient serverConnection = await serverAccept) using (SslStream sslClientStream = new SslStream( clientConnection.GetStream(), false, ClientSideRemoteServerCertificateValidation, clientCertCallback)) using (SslStream sslServerStream = new SslStream( serverConnection.GetStream(), false, ServerSideRemoteClientCertificateValidation)) { string serverName = _serverCertificate.GetNameInfo(X509NameType.SimpleName, false); var clientCerts = new X509CertificateCollection(); if (!useClientSelectionCallback) { clientCerts.Add(_clientCertificate); } Task clientAuthentication = sslClientStream.AuthenticateAsClientAsync( serverName, clientCerts, SslProtocolSupport.DefaultSslProtocols, false); Task serverAuthentication = sslServerStream.AuthenticateAsServerAsync( _serverCertificate, true, SslProtocolSupport.DefaultSslProtocols, false); Assert.True( Task.WaitAll( new Task[] { clientAuthentication, serverAuthentication }, TestConfiguration.PassingTestTimeoutMilliseconds), "Client/Server Authentication timed out."); Assert.True(sslClientStream.IsMutuallyAuthenticated, "sslClientStream.IsMutuallyAuthenticated"); Assert.True(sslServerStream.IsMutuallyAuthenticated, "sslServerStream.IsMutuallyAuthenticated"); Assert.Equal(sslClientStream.RemoteCertificate.Subject, _serverCertificate.Subject); Assert.Equal(sslServerStream.RemoteCertificate.Subject, _clientCertificate.Subject); } } }
internal override X509Certificate OnLocalCertificateSelection(X509CertificateCollection clientCertificates, X509Certificate serverCertificate, string targetHost, X509CertificateCollection serverRequestedCertificates) { throw new NotSupportedException(); }
private X509Certificate LocalCertificateSelectionCallback(object sender, string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers) { Debug.Print("ServerConnector.LocalCertificateSelectionCallback: target host '{0}'", targetHost); if (ServerConnectorNoisySsl.Enabled) { Debug.Print("+ Local certificates: {0}", localCertificates); Debug.Print("+ Remote certificate: {0}", remoteCertificate); Debug.Print("+ Acceptable issuers:"); foreach (var issuer in acceptableIssuers) { Debug.Print("+ {0}", issuer); } } return(null); }
internal abstract X509Certificate OnLocalCertificateSelection(X509CertificateCollection clientCertificates, X509Certificate serverCertificate, string targetHost, X509CertificateCollection serverRequestedCertificates);
public SecurityOption(SslProtocols enabledSslProtocols, X509CertificateCollection certificates) { EnabledSslProtocols = enabledSslProtocols; Certificates = certificates; }
/// <summary> /// Defines the encryption mode for the transport. /// </summary> /// <param name="encryption"></param> /// <param name="cancellationToken"></param> /// <returns></returns> /// <exception cref="System.NotSupportedException"></exception> public override async Task SetEncryptionAsync(SessionEncryption encryption, CancellationToken cancellationToken) { await _optionsSemaphore.WaitAsync(cancellationToken).ConfigureAwait(false); try { switch (encryption) { case SessionEncryption.None: _stream = _tcpClient.GetStream(); break; case SessionEncryption.TLS: SslStream sslStream; if (_serverCertificate != null) { if (_stream == null) { throw new InvalidOperationException("The stream was not initialized. Call OpenAsync first."); } // Server sslStream = new SslStream( _stream, false, _clientCertificateValidationCallback, null, EncryptionPolicy.RequireEncryption); await sslStream .AuthenticateAsServerAsync( _serverCertificate, true, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, false) .WithCancellation(cancellationToken) .ConfigureAwait(false); } else { // Client if (string.IsNullOrWhiteSpace(_hostName)) { throw new InvalidOperationException("The hostname is mandatory for TLS client encryption support"); } sslStream = new SslStream( _stream, false, _serverCertificateValidationCallback); X509CertificateCollection clientCertificates = null; if (_clientCertificate != null) { clientCertificates = new X509CertificateCollection(new X509Certificate[] { _clientCertificate }); } await sslStream .AuthenticateAsClientAsync( _hostName, clientCertificates, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, false) .WithCancellation(cancellationToken) .ConfigureAwait(false); } _stream = sslStream; break; default: throw new NotSupportedException(); } Encryption = encryption; } finally { _optionsSemaphore.Release(); } }
private X509Certificate UserCertSelectionCallbackWrapper(string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers) { return(_userCertificateSelectionCallback(this, targetHost, localCertificates, remoteCertificate, acceptableIssuers)); }
public static void X509CertificateCollectionAsIList() { using (X509Certificate2 c1 = new X509Certificate2()) using (X509Certificate2 c2 = new X509Certificate2()) { IList il = new X509CertificateCollection(); il.Add(c1); il.Add(c2); Assert.Throws<ArgumentNullException>(() => il[0] = null); string bogus = "Bogus"; Assert.Throws<ArgumentException>(() => il[0] = bogus); Assert.Throws<ArgumentException>(() => il.Add(bogus)); Assert.Throws<ArgumentException>(() => il.Insert(0, bogus)); } }
public void Check() { var encoding = Encoding.ASCII; var certificate = Configuration.Certificate; var certificates = new X509CertificateCollection(); certificates.Add(certificate); var client = new TcpClient(Configuration.FeedbackHost, Configuration.FeedbackPort); var stream = new SslStream(client.GetStream(), true, (sender, cert, chain, sslErrs) => { return(true); }, (sender, targetHost, localCerts, remoteCert, acceptableIssuers) => { return(certificate); }); var tls = System.Security.Authentication.SslProtocols.Tls | System.Security.Authentication.SslProtocols.Tls11 | System.Security.Authentication.SslProtocols.Tls12; stream.AuthenticateAsClient(Configuration.FeedbackHost, certificates, tls, false); //Set up byte[] buffer = new byte[4096]; int recd = 0; var data = new List <byte> (); //Get the first feedback recd = stream.Read(buffer, 0, buffer.Length); //Continue while we have results and are not disposing while (recd > 0) { // Add the received data to a list buffer to work with (easier to manipulate) for (int i = 0; i < recd; i++) { data.Add(buffer [i]); } //Process each complete notification "packet" available in the buffer while (data.Count >= (4 + 2 + 32)) // Minimum size for a valid packet { var secondsBuffer = data.GetRange(0, 4).ToArray(); var tokenLengthBuffer = data.GetRange(4, 2).ToArray(); // Get our seconds since epoch // Check endianness and reverse if needed if (BitConverter.IsLittleEndian) { Array.Reverse(secondsBuffer); } var seconds = BitConverter.ToInt32(secondsBuffer, 0); //Add seconds since 1970 to that date, in UTC var timestamp = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc).AddSeconds(seconds); //flag to allow feedback times in UTC or local, but default is local if (!Configuration.FeedbackTimeIsUTC) { timestamp = timestamp.ToLocalTime(); } if (BitConverter.IsLittleEndian) { Array.Reverse(tokenLengthBuffer); } var tokenLength = BitConverter.ToInt16(tokenLengthBuffer, 0); if (data.Count >= 4 + 2 + tokenLength) { var tokenBuffer = data.GetRange(6, tokenLength).ToArray(); // Strings shouldn't care about endian-ness... this shouldn't be reversed //if (BitConverter.IsLittleEndian) // Array.Reverse (tokenBuffer); var token = BitConverter.ToString(tokenBuffer).Replace("-", "").ToLower().Trim(); // Remove what we parsed from the buffer data.RemoveRange(0, 4 + 2 + tokenLength); // Raise the event to the consumer var evt = FeedbackReceived; if (evt != null) { evt(token, timestamp); } } else { continue; } } //Read the next feedback recd = stream.Read(buffer, 0, buffer.Length); } try { stream.Close(); stream.Dispose(); } catch { } try { client.Client.Shutdown(SocketShutdown.Both); client.Client.Dispose(); } catch { } try { client.Close(); } catch { } }
public static void X509CertificateCollectionCopyTo() { using (X509Certificate c1 = new X509Certificate()) using (X509Certificate c2 = new X509Certificate()) using (X509Certificate c3 = new X509Certificate()) { X509CertificateCollection cc = new X509CertificateCollection(new X509Certificate[] { c1, c2, c3 }); X509Certificate[] array1 = new X509Certificate[cc.Count]; cc.CopyTo(array1, 0); Assert.Same(c1, array1[0]); Assert.Same(c2, array1[1]); Assert.Same(c3, array1[2]); X509Certificate[] array2 = new X509Certificate[cc.Count]; ((ICollection)cc).CopyTo(array2, 0); Assert.Same(c1, array2[0]); Assert.Same(c2, array2[1]); Assert.Same(c3, array2[2]); } }
X509Certificate UserCertificateSelectionCallback(object sender, string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers) { return(clientCertificate); }
public static void X509CertificateCollectionRemove() { using (X509Certificate2 c1 = new X509Certificate2()) using (X509Certificate2 c2 = new X509Certificate2(TestData.PfxData, TestData.PfxDataPassword)) { X509CertificateCollection cc = new X509CertificateCollection(new X509Certificate[] { c1, c2 }); cc.Remove(c1); Assert.Equal(1, cc.Count); Assert.Same(c2, cc[0]); cc.Remove(c2); Assert.Equal(0, cc.Count); Assert.Throws<ArgumentException>(() => cc.Remove(c2)); IList il = new X509CertificateCollection(new X509Certificate[] { c1, c2 }); il.Remove(c1); Assert.Equal(1, il.Count); Assert.Same(c2, il[0]); il.Remove(c2); Assert.Equal(0, il.Count); Assert.Throws<ArgumentException>(() => il.Remove(c2)); } }
void Trust_FullChain(SecTrust trust, SecPolicy policy, X509CertificateCollection certs) { // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc)); SecTrustResult trust_result = SecTrustResult.Unspecified; var ios9 = TestRuntime.CheckXcodeVersion(7, 0); var ios10 = TestRuntime.CheckXcodeVersion(8, 0); var ios11 = TestRuntime.CheckXcodeVersion(9, 0); var ios13 = TestRuntime.CheckXcodeVersion(11, 0); if (ios10) { trust_result = SecTrustResult.FatalTrustFailure; } // iOS9 is not fully happy with the basic constraints: `SecTrustEvaluate [root AnchorTrusted BasicContraints]` else if (ios9) { trust_result = SecTrustResult.RecoverableTrustFailure; } var result = Evaluate(trust, true); Assert.That(result, Is.EqualTo(trust_result), "Evaluate"); // Evalute must be called prior to Count (Apple documentation) Assert.That(trust.Count, Is.EqualTo(3), "Count"); using (SecCertificate sc1 = trust [0]) { // seems the leaf gets an extra one Assert.That(CFGetRetainCount(sc1.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc1)"); Assert.That(sc1.SubjectSummary, Is.EqualTo("mail.google.com"), "SubjectSummary(sc1)"); } using (SecCertificate sc2 = trust [1]) { Assert.That(CFGetRetainCount(sc2.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc2)"); Assert.That(sc2.SubjectSummary, Is.EqualTo("Thawte SGC CA"), "SubjectSummary(sc2)"); } using (SecCertificate sc3 = trust [2]) { Assert.That(CFGetRetainCount(sc3.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc3)"); Assert.That(sc3.SubjectSummary, Is.EqualTo("Class 3 Public Primary Certification Authority"), "SubjectSummary(sc3)"); } if (TestRuntime.CheckXcodeVersion(5, 0)) { Assert.That(trust.GetTrustResult(), Is.EqualTo(trust_result), "GetTrustResult"); trust.SetAnchorCertificates(certs); Assert.That(trust.GetCustomAnchorCertificates().Length, Is.EqualTo(certs.Count), "GetCustomAnchorCertificates"); #if __MACOS__ if (TestRuntime.CheckSystemVersion(PlatformName.MacOSX, 10, 15)) { trust_result = SecTrustResult.RecoverableTrustFailure; } else if (TestRuntime.CheckSystemVersion(PlatformName.MacOSX, 10, 13)) { trust_result = SecTrustResult.Unspecified; } else if (TestRuntime.CheckSystemVersion(PlatformName.MacOSX, 10, 12)) { trust_result = SecTrustResult.Invalid; } else if (TestRuntime.CheckSystemVersion(PlatformName.MacOSX, 10, 11)) { trust_result = SecTrustResult.RecoverableTrustFailure; } else { trust_result = SecTrustResult.Unspecified; } #else if (ios13) { trust_result = SecTrustResult.RecoverableTrustFailure; } else if (ios11) { trust_result = SecTrustResult.Unspecified; } else { trust_result = SecTrustResult.Invalid; } #endif // since we modified the `trust` instance it's result was invalidated (marked as unspecified on iOS 11) Assert.That(trust.GetTrustResult(), Is.EqualTo(trust_result), "GetTrustResult-2"); } if (TestRuntime.CheckXcodeVersion(12, 0)) { // old certificate (built in our tests) was not quite up to spec and it eventually became important Assert.False(trust.Evaluate(out var error), "Evaluate"); Assert.NotNull(error, "error"); // We have different error messages that all contain mail.google.com and some different text. Assert.That(error.LocalizedDescription, Does.Contain("mail.google.com"), "LocalizedDescription"); } else if (TestRuntime.CheckXcodeVersion(11, 0)) { Assert.False(trust.Evaluate(out var error), "Evaluate"); Assert.NotNull(error, "error"); Assert.That(error.LocalizedDescription, Does.Contain("\"mail.google.com\",\"Thawte SGC CA\",\"Class 3 Public Primary Certification Authority\" certificates do not meet pinning requirements")); var underlyingError = (NSError)error.UserInfo [NSError.UnderlyingErrorKey]; // Error is: // Certificate 0 “mail.google.com” has errors: Key size is not permitted for this use, SSL hostname does not match name(s) in certificate, Signature hash algorithm is not permitted for this use;Certificate 1 “Thawte SGC CA” has errors: Key size is not permitted for this use, Signature hash algorithm is not permitted for this use;Certificate 2 “Class 3 Public Primary Certification Authority” has errors: Key size is not permitted for this use; // But the exact format can vary // watchOS reports this: // Certificate 0 “mail.google.com” has errors: Key size is not permitted for this use, Signature hash algorithm is not permitted for this use, SSL hostname does not match name(s) in certificate;Certificate 1 “Thawte SGC CA” has errors: Key size is not permitted for this use, Signature hash algorithm is not permitted for this use;Certificate 2 “Class 3 Public Primary Certification Authority” has errors: Key size is not permitted for this use; Assert.That(underlyingError.LocalizedDescription, Does.Contain("Certificate 0 “mail.google.com” has errors: ")); Assert.That(underlyingError.LocalizedDescription, Does.Contain("Key size is not permitted for this use")); Assert.That(underlyingError.LocalizedDescription, Does.Contain("SSL hostname does not match name(s) in certificate").Or.Contain("Signature hash algorithm is not permitted for this use")); Assert.That(underlyingError.LocalizedDescription, Does.Contain("Certificate 1 “Thawte SGC CA” has errors: Key size is not permitted for this use")); Assert.That(underlyingError.LocalizedDescription, Does.Contain("Certificate 2 “Class 3 Public Primary Certification Authority” has errors:")); } else if (TestRuntime.CheckXcodeVersion(10, 0)) { Assert.True(trust.Evaluate(out var error), "Evaluate"); Assert.Null(error, "error"); } }
public static void X509CertificateCollectionIndexer() { using (X509Certificate c1 = new X509Certificate()) using (X509Certificate c2 = new X509Certificate()) using (X509Certificate c3 = new X509Certificate()) { X509CertificateCollection cc = new X509CertificateCollection(new X509Certificate[] { c1, c2, c3 }); cc[0] = c3; cc[1] = c2; cc[2] = c1; Assert.Same(c3, cc[0]); Assert.Same(c2, cc[1]); Assert.Same(c1, cc[2]); IList il = cc; il[0] = c1; il[1] = c2; il[2] = c3; Assert.Same(c1, il[0]); Assert.Same(c2, il[1]); Assert.Same(c3, il[2]); } }
/// <summary> /// Sets the collection that contains the client certificates /// </summary> public SSLOptions SetCertificateCollection(X509CertificateCollection certificates) { _certificateCollection = certificates; return(this); }
protected abstract MobileTlsContext CreateContext( MobileAuthenticatedStream parent, bool serverMode, string targetHost, SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool askForClientCert);
public virtual Task AuthenticateAsClientAsync(string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation) => Task.Factory.FromAsync( (arg1, arg2, arg3, callback, state) => ((SslStream)state).BeginAuthenticateAsClient(arg1, arg2, SecurityProtocol.SystemDefaultSecurityProtocols, arg3, callback, state), iar => ((SslStream)iar.AsyncState).EndAuthenticateAsClient(iar), targetHost, clientCertificates, checkCertificateRevocation, this);
public static void X509CertificateCollectionEnumeratorModification() { using (X509Certificate c1 = new X509Certificate()) using (X509Certificate c2 = new X509Certificate()) using (X509Certificate c3 = new X509Certificate()) { X509CertificateCollection cc = new X509CertificateCollection(new X509Certificate[] { c1, c2, c3 }); X509CertificateCollection.X509CertificateEnumerator e = cc.GetEnumerator(); cc.Add(c1); // Collection changed. Assert.Throws<InvalidOperationException>(() => e.MoveNext()); Assert.Throws<InvalidOperationException>(() => e.Reset()); } }
public static void X509CertificateCollectionThrowsArgumentOutOfRangeException() { using (X509Certificate certificate = new X509Certificate()) { X509CertificateCollection collection = new X509CertificateCollection { certificate }; Assert.Throws<ArgumentOutOfRangeException>(() => collection[-1]); Assert.Throws<ArgumentOutOfRangeException>(() => collection[collection.Count]); Assert.Throws<ArgumentOutOfRangeException>(() => collection[-1] = certificate); Assert.Throws<ArgumentOutOfRangeException>(() => collection[collection.Count] = certificate); Assert.Throws<ArgumentOutOfRangeException>(() => collection.Insert(-1, certificate)); Assert.Throws<ArgumentOutOfRangeException>(() => collection.Insert(collection.Count + 1, certificate)); Assert.Throws<ArgumentOutOfRangeException>(() => collection.RemoveAt(-1)); Assert.Throws<ArgumentOutOfRangeException>(() => collection.RemoveAt(collection.Count)); IList ilist = (IList)collection; Assert.Throws<ArgumentOutOfRangeException>(() => ilist[-1]); Assert.Throws<ArgumentOutOfRangeException>(() => ilist[collection.Count]); Assert.Throws<ArgumentOutOfRangeException>(() => ilist[-1] = certificate); Assert.Throws<ArgumentOutOfRangeException>(() => ilist[collection.Count] = certificate); Assert.Throws<ArgumentOutOfRangeException>(() => ilist.Insert(-1, certificate)); Assert.Throws<ArgumentOutOfRangeException>(() => ilist.Insert(collection.Count + 1, certificate)); Assert.Throws<ArgumentOutOfRangeException>(() => ilist.RemoveAt(-1)); Assert.Throws<ArgumentOutOfRangeException>(() => ilist.RemoveAt(collection.Count)); } }
private void validateCertificates(X509CertificateCollection certificates) { ServerContext context = (ServerContext)this.Context; AlertDescription description = AlertDescription.BadCertificate; SSCX.X509Certificate client = null; int[] certificateErrors = null; // note: certificate may be null is no certificate is sent // (e.g. optional mutual authentication) if (certificates.Count > 0) { X509Certificate leaf = certificates[0]; ArrayList errors = new ArrayList(); // SSL specific check - not all certificates can be // used to server-side SSL some rules applies after // all ;-) if (!checkCertificateUsage(leaf)) { // WinError.h CERT_E_PURPOSE 0x800B0106 errors.Add((int)-2146762490); } X509Chain verify; // was a chain supplied ? if so use it, if not if (certificates.Count > 1) { // if so use it (and don't build our own) X509CertificateCollection chain = new X509CertificateCollection(certificates); chain.Remove(leaf); verify = new X509Chain(chain); } else { // if not, then let's build our own (based on what's available in the stores) verify = new X509Chain(); } bool result = false; try { result = verify.Build(leaf); } catch (Exception) { result = false; } if (!result) { switch (verify.Status) { case X509ChainStatusFlags.InvalidBasicConstraints: // WinError.h TRUST_E_BASIC_CONSTRAINTS 0x80096019 errors.Add((int)-2146869223); break; case X509ChainStatusFlags.NotSignatureValid: // WinError.h TRUST_E_BAD_DIGEST 0x80096010 errors.Add((int)-2146869232); break; case X509ChainStatusFlags.NotTimeNested: // WinError.h CERT_E_VALIDITYPERIODNESTING 0x800B0102 errors.Add((int)-2146762494); break; case X509ChainStatusFlags.NotTimeValid: // WinError.h CERT_E_EXPIRED 0x800B0101 description = AlertDescription.CertificateExpired; errors.Add((int)-2146762495); break; case X509ChainStatusFlags.PartialChain: // WinError.h CERT_E_CHAINING 0x800B010A description = AlertDescription.UnknownCA; errors.Add((int)-2146762486); break; case X509ChainStatusFlags.UntrustedRoot: // WinError.h CERT_E_UNTRUSTEDROOT 0x800B0109 description = AlertDescription.UnknownCA; errors.Add((int)-2146762487); break; default: // unknown error description = AlertDescription.CertificateUnknown; errors.Add((int)verify.Status); break; } } client = new SSCX.X509Certificate(leaf.RawData); certificateErrors = (int[])errors.ToArray(typeof(int)); } else { certificateErrors = new int[0]; } SSCX.X509CertificateCollection certCollection = new SSCX.X509CertificateCollection(); foreach (X509Certificate certificate in certificates) { certCollection.Add(new SSCX.X509Certificate(certificate.RawData)); } if (!context.SslStream.RaiseClientCertificateValidation(client, certificateErrors)) { throw new TlsException( description, "Invalid certificate received from client."); } this.Context.ClientSettings.ClientCertificate = client; }
public static void X509CertificateCollectionContains() { using (X509Certificate c1 = new X509Certificate()) using (X509Certificate c2 = new X509Certificate()) using (X509Certificate c3 = new X509Certificate()) { X509CertificateCollection collection = new X509CertificateCollection(new X509Certificate[] { c1, c2, c3 }); Assert.True(collection.Contains(c1)); Assert.True(collection.Contains(c2)); Assert.True(collection.Contains(c3)); Assert.False(collection.Contains(null)); IList ilist = (IList)collection; Assert.True(ilist.Contains(c1)); Assert.True(ilist.Contains(c2)); Assert.True(ilist.Contains(c3)); Assert.False(ilist.Contains(null)); Assert.False(ilist.Contains("Bogus")); } }
private static int Process() { ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => { if (sslPolicyErrors != SslPolicyErrors.None) { //Console.WriteLine("WARNING: Downloading the trusted certificate list couldn't be done securely (error: {0}), continuing anyway. If you're using mozroots to bootstrap Mono's trust store on a clean system this might be OK, otherwise it could indicate a network intrusion. Please ensure you're using a trusted network or move to cert-sync.", sslPolicyErrors); } // this is very bad, but on a clean system without an existing trust store we don't really have a better option return(true); }; var roots = DecodeCollection(); if (roots == null) { return(1); } else if (roots.Count == 0) { return(0); } var stores = X509StoreManager.CurrentUser; var trusted = stores.TrustedRoot.Certificates; var additions = 0; foreach (var root in roots) { if (!trusted.Contains(root)) { stores.TrustedRoot.Import(root); additions++; } } if (additions > 0) { //WriteLine("{0} new root certificates were added to your trust store.", additions); } var removed = new X509CertificateCollection(); foreach (var trust in trusted) { if (!roots.Contains(trust)) { removed.Add(trust); } } if (removed.Count > 0) { //WriteLine("{0} previously trusted certificates were removed.", removed.Count); foreach (var old in removed) { stores.TrustedRoot.Remove(old); } } //WriteLine("Import process completed.{0}", Environment.NewLine); return(0); }
public static void X509CertificateCollectionAdd() { using (X509Certificate2 c1 = new X509Certificate2()) using (X509Certificate2 c2 = new X509Certificate2()) { X509CertificateCollection cc = new X509CertificateCollection(); int idx = cc.Add(c1); Assert.Equal(0, idx); Assert.Same(c1, cc[0]); idx = cc.Add(c2); Assert.Equal(1, idx); Assert.Same(c2, cc[1]); Assert.Throws<ArgumentNullException>(() => cc.Add(null)); IList il = new X509CertificateCollection(); idx = il.Add(c1); Assert.Equal(0, idx); Assert.Same(c1, il[0]); idx = il.Add(c2); Assert.Equal(1, idx); Assert.Same(c2, il[1]); Assert.Throws<ArgumentNullException>(() => il.Add(null)); } }
private void StartInternal() { // STEP 3: Create the WebSocket Upgrade HTTP request WriteLog.To.Sync.I(Tag, $"WebSocket connecting to {_logic.UrlRequest?.Host}:{_logic.UrlRequest?.Port}"); var rng = RandomNumberGenerator.Create() ?? throw new RuntimeException("Failed to create RandomNumberGenerator"); var nonceBytes = new byte[16]; rng.GetBytes(nonceBytes); var nonceKey = Convert.ToBase64String(nonceBytes); _expectedAcceptHeader = Base64Digest(String.Concat(nonceKey, "258EAFA5-E914-47DA-95CA-C5AB0DC85B11")); foreach (var header in _options.Headers) { _logic[header.Key] = header.Value; } var cookieString = _options.CookieString; if (cookieString != null) { // https://github.com/couchbase/couchbase-lite-net/issues/974 // Don't overwrite a possible entry in the above headers unless there is // actually a value _logic["Cookie"] = cookieString; } // These ones should be overwritten. The user has no business setting them. _logic["Connection"] = "Upgrade"; _logic["Upgrade"] = "websocket"; _logic["Sec-WebSocket-Version"] = "13"; _logic["Sec-WebSocket-Key"] = nonceKey; var protocols = _options.Protocols; if (protocols != null) { _logic["Sec-WebSocket-Protocol"] = protocols; } if (_logic.UseTls) { var baseStream = _client?.GetStream(); if (baseStream == null) { WriteLog.To.Sync.W(Tag, "Failed to get network stream (already closed?). Aborting start..."); DidClose(C4WebSocketCloseCode.WebSocketCloseAbnormal, "Unexpected error in client logic"); return; } var stream = new SslStream(baseStream, false, ValidateServerCert); X509CertificateCollection clientCerts = null; if (_options.ClientCert != null) { clientCerts = new X509CertificateCollection(new[] { _options.ClientCert as X509Certificate }); } // STEP 3A: TLS handshake stream.AuthenticateAsClientAsync(_logic.UrlRequest?.Host, clientCerts, SslProtocols.Tls12, false).ContinueWith( t => { if (!NetworkTaskSuccessful(t)) { return; } _queue.DispatchAsync(OnSocketReady); }); NetworkStream = stream; } else { NetworkStream = _client?.GetStream(); OnSocketReady(); } }
public static void X509CertificateCollectionSyncRoot() { var cc = new X509CertificateCollection(); Assert.NotNull(((ICollection)cc).SyncRoot); Assert.Same(((ICollection)cc).SyncRoot, ((ICollection)cc).SyncRoot); }
//</snippet5> //<snippet7> public static int Main(string[] args) { string serverName = null; if (args == null || args.Length < 2) { Console.WriteLine( "To start the client specify the host name and" + " one or more client certificate file names."); return(1); } //<snippet6> // Server name must match the host name and the name on the host's certificate. serverName = args[0]; // Create a TCP/IP client socket. TcpClient client = new TcpClient(serverName, 80); Console.WriteLine("Client connected."); // Create an SSL stream that will close the client's stream. SslStream sslStream = new SslStream( client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), new LocalCertificateSelectionCallback(SelectLocalCertificate) ); //</snippet6> // Create the certificate collection to hold the client's certificate. X509CertificateCollection clientCertificates = new X509CertificateCollection(); for (int i = 1; i < args.Length; i++) { X509Certificate certificate = X509Certificate.CreateFromCertFile(args[i]); clientCertificates.Add(certificate); } // Begin authentication. // The server name must match the name on the server certificate. sslStream.BeginAuthenticateAsClient( serverName, clientCertificates, SslProtocols.Ssl3, true, new AsyncCallback(AuthenticateCallback), sslStream); // User can press a key to exit application, or let the // asynchronous calls continue until they complete. Console.WriteLine("To quit, press the enter key."); do { // Real world applications would do work here // while waiting for the asynchronous calls to complete. System.Threading.Thread.Sleep(100); } while (complete != true && Console.KeyAvailable == false); if (Console.KeyAvailable) { Console.ReadLine(); Console.WriteLine("Quitting."); client.Close(); sslStream.Close(); return(1); } if (e != null) { Console.WriteLine("An exception was thrown: {0}", e.ToString()); } sslStream.Close(); client.Close(); Console.WriteLine("Good bye."); return(0); }
public static void X509CertificateCollectionIndexOf() { using (X509Certificate2 c1 = new X509Certificate2()) using (X509Certificate2 c2 = new X509Certificate2(TestData.PfxData, TestData.PfxDataPassword)) { X509CertificateCollection cc = new X509CertificateCollection(new X509Certificate[] { c1, c2 }); Assert.Equal(0, cc.IndexOf(c1)); Assert.Equal(1, cc.IndexOf(c2)); IList il = cc; Assert.Equal(0, il.IndexOf(c1)); Assert.Equal(1, il.IndexOf(c2)); } }
public Http2Client(string url, X509CertificateCollection certificates = null, IStreamManager streamManager = null, IFlowControlManager flowControlManager = null) : this(new Http2ConnectionSettings(url, certificates), streamManager, flowControlManager) { }
public static void X509CertificateCollectionRemoveAt() { using (X509Certificate c1 = new X509Certificate()) using (X509Certificate c2 = new X509Certificate()) using (X509Certificate c3 = new X509Certificate()) { X509CertificateCollection cc = new X509CertificateCollection(new X509Certificate[] { c1, c2, c3 }); cc.RemoveAt(0); Assert.Equal(2, cc.Count); Assert.Same(c2, cc[0]); Assert.Same(c3, cc[1]); cc.RemoveAt(1); Assert.Equal(1, cc.Count); Assert.Same(c2, cc[0]); cc.RemoveAt(0); Assert.Equal(0, cc.Count); IList il = new X509CertificateCollection(new X509Certificate[] { c1, c2, c3 }); il.RemoveAt(0); Assert.Equal(2, il.Count); Assert.Same(c2, il[0]); Assert.Same(c3, il[1]); il.RemoveAt(1); Assert.Equal(1, il.Count); Assert.Same(c2, il[0]); il.RemoveAt(0); Assert.Equal(0, il.Count); } }
public X509Certificate CertificateSelectionCallback(object sender, string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers) { return(X509Certificate.CreateFromCertFile(certFile)); }
private void StartSession() { Global.Log("Starting SSL session with lockdownd... "); MemoryStream MS = new MemoryStream(); XmlWriter XTW = XmlWriter.Create(MS, XWS); XTW.WriteStartDocument(); XTW.WriteDocType("plist", sApplePubID, sAppleSysID, null); XTW.WriteStartElement("plist"); XTW.WriteAttributeString("version", "1.0"); XTW.WriteStartElement("dict"); XTW.WriteElementString("key", "HostID"); XTW.WriteElementString("string", iPhone.sHostID); XTW.WriteElementString("key", "Request"); XTW.WriteElementString("string", "StartSession"); XTW.WriteEndElement(); // dict XTW.WriteEndElement(); // plist XTW.WriteEndDocument(); XTW.Flush(); byte[] bXMLData = MS.GetBuffer(); XTW.Close(); // Closes MS, too. PListSend(bXMLData); bXMLData = PListReceive(); MS = new MemoryStream(bXMLData); XmlDocument XD = new XmlDocument(); XD.XmlResolver = null; // Don't fetch DTD from web. Speeds things up tremendously. XD.Load(MS); MS.Close(); if (XD["plist"]["dict"].SelectSingleNode("key[text()='Result']") != null && XD["plist"]["dict"].SelectSingleNode("key[text()='Result']").NextSibling.InnerText == "Success") sSessionID = XD["plist"]["dict"].SelectSingleNode("key[text()='SessionID']").NextSibling.InnerText; else { Global.Log("failed!\n", true); throw new Exception("StartSession command was rejected."); } // Start the SSL session. try { SSLInOutStream = new SSLHelperStream(this.LockdownReceiveSSLCallback, this.LockdownSendSSLCallback); SSLConnection = new System.Net.Security.SslStream(SSLInOutStream, false, (s, c, ch, e) => { return true; }, (s, t, L, r, a) => { if (L != null && L.Count > 0) return L[0]; return null; }); X509CertificateCollection CC = new X509CertificateCollection(); X509Certificate2 RootCertWithPrivKey = new X509Certificate2(iPhone.RootCertificate.GetEncoded()); RootCertWithPrivKey.PrivateKey = Org.BouncyCastle.Security.DotNetUtilities.ToRSA((Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters)iPhone.RootKey.Private); CC.Add(RootCertWithPrivKey); SSLConnection.AuthenticateAsClient(string.Empty, CC, System.Security.Authentication.SslProtocols.Ssl3, false); } catch (Exception e) { Global.Log("failed!\n", true); throw e; } if (!SSLConnection.IsAuthenticated) { Global.Log("failed!\n", true); SSLConnection = null; throw new Exception("AuthenticateAsClient succeeds but IsAuthenticated is false."); } Global.Log("success!\n", true); }
public TlsStream(NetworkStream stream, Socket socket, string host, X509CertificateCollection clientCertificates) : base(socket) { _sslStream = new SslStream(stream, false, ServicePointManager.ServerCertificateValidationCallback); _host = host; _clientCertificates = clientCertificates; }