internal override bool RaiseServerCertificateValidation(X509Certificate certificate, int[] certificateErrors)
{
bool failed = (certificateErrors.Length > 0);
// only one problem can be reported by this interface
_status = ((failed) ? certificateErrors [0] : 0);
#if NET_2_0
#pragma warning disable 618
#endif
if (ServicePointManager.CertificatePolicy != null)
{
ServicePoint sp = _request.ServicePoint;
bool res = ServicePointManager.CertificatePolicy.CheckValidationResult(sp, certificate, _request, _status);
if (!res)
{
return(false);
}
failed = true;
}
#if NET_2_0
#pragma warning restore 618
#endif
#if NET_2_0
if (HaveRemoteValidation2Callback)
{
return(failed); // The validation already tried the 2.0 callback
}
SNS.RemoteCertificateValidationCallback cb = ServicePointManager.ServerCertificateValidationCallback;
if (cb != null)
{
SNS.SslPolicyErrors ssl_errors = 0;
foreach (int i in certificateErrors)
{
if (i == (int)-2146762490) // TODO: is this what happens when the purpose is wrong?
{
ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateNotAvailable;
}
else if (i == (int)-2146762481)
{
ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateNameMismatch;
}
else
{
ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateChainErrors;
}
}
SNCX.X509Certificate2 cert2 = new SNCX.X509Certificate2(certificate.GetRawCertData());
SNCX.X509Chain chain = new SNCX.X509Chain();
if (!chain.Build(cert2))
{
ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateChainErrors;
}
return(cb(_request, cert2, chain, ssl_errors));
}
#endif
return(failed);
}
public SecureSockNetworkStream(LowLevelNetworkStream socketNetworkStream,
System.Security.Cryptography.X509Certificates.X509Certificate2 cert,
System.Net.Security.RemoteCertificateValidationCallback remoteCertValidationCb = null)
{
_sslStream = new SslStream(socketNetworkStream, true, remoteCertValidationCb, null);
_cert = cert;
_lowLevelStreamForSSL = socketNetworkStream;
_lowLevelStreamForSSL.SetRecvCompleteEventHandler(LowLevelForSSL_RecvCompleted);
_lowLevelStreamForSSL.SetSendCompleteEventHandler(LowLevelForSSL_SendCompleted);
_readableRecvBuffer = new ReadableRecvBuffer();
}
public static ClientContext GetSPContext(string webUrl)
{
TokenConstants.fedAuthRequestCtx = HttpUtility.UrlEncode(string.Format("{0}/_layouts/15/Authenticate.aspx?Source=%2f", webUrl));
EndpointAddress ep = new EndpointAddress(TokenConstants.adfsBaseUri + "/" + TokenConstants.adfsTrustPath + "/" + TokenConstants.adfsTrustEndpoint);
WS2007HttpBinding binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
WSTrustChannelFactory wstcf = new WSTrustChannelFactory(binding, ep);
wstcf.TrustVersion = TrustVersion.WSTrust13;
NetworkCredential cred = new NetworkCredential(TokenConstants.userName, TokenConstants.pwd, TokenConstants.domain);
wstcf.Credentials.Windows.ClientCredential = cred;
wstcf.Credentials.UserName.UserName = cred.UserName;
wstcf.Credentials.UserName.Password = cred.Password;
var channel = wstcf.CreateChannel();
string[] tokenType = { "urn:oasis:names:tc:SAML:1.0:assertion", "urn:oasis:names:tc:SAML:2.0:assertion" };
RequestSecurityToken rst = new RequestSecurityToken();
rst.RequestType = RequestTypes.Issue;
rst.AppliesTo = new EndpointReference(TokenConstants.adfsRealm);
rst.KeyType = KeyTypes.Bearer;
rst.TokenType = tokenType[0]; // Use the first one because that is what SharePoint itself uses (as observed in Fiddler).
RequestSecurityTokenResponse rstr = new RequestSecurityTokenResponse();
var cbk = new System.Net.Security.RemoteCertificateValidationCallback(ValidateRemoteCertificate);
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => { return(true); };
SecurityToken token = null;
try
{
token = channel.Issue(rst, out rstr);
}
finally
{
ServicePointManager.ServerCertificateValidationCallback = cbk;
}
Cookie fedAuthCookie = TransformTokenToFedAuth(((GenericXmlSecurityToken)token).TokenXml.OuterXml);
TokenConstants.fedAuth.Add(fedAuthCookie);
SP.ClientContext ctx = new SP.ClientContext(webUrl);
ctx.ExecutingWebRequest += ctx_ExecutingWebRequest;
return(ctx);
}
public static void OverrideValidation()
{
_orgCallback = ServicePointManager.ServerCertificateValidationCallback;
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(OnValidateCertificate);
ServicePointManager.Expect100Continue = true;
}
internal ValidationResult ValidateChain(Mono.Security.X509.X509CertificateCollection certs)
{
bool user_denied = false;
if (certs == null || certs.Count == 0)
{
return(null);
}
ICertificatePolicy certificatePolicy = ServicePointManager.CertificatePolicy;
System.Net.Security.RemoteCertificateValidationCallback serverCertificateValidationCallback = ServicePointManager.ServerCertificateValidationCallback;
System.Security.Cryptography.X509Certificates.X509Chain x509Chain = new System.Security.Cryptography.X509Certificates.X509Chain();
x509Chain.ChainPolicy = new System.Security.Cryptography.X509Certificates.X509ChainPolicy();
for (int i = 1; i < certs.Count; i++)
{
System.Security.Cryptography.X509Certificates.X509Certificate2 certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certs[i].RawData);
x509Chain.ChainPolicy.ExtraStore.Add(certificate);
}
System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certs[0].RawData);
int num = 0;
System.Net.Security.SslPolicyErrors sslPolicyErrors = System.Net.Security.SslPolicyErrors.None;
try
{
if (!x509Chain.Build(x509Certificate))
{
sslPolicyErrors |= ServicePointManager.ChainValidationHelper.GetErrorsFromChain(x509Chain);
}
}
catch (Exception arg)
{
Console.Error.WriteLine("ERROR building certificate chain: {0}", arg);
Console.Error.WriteLine("Please, report this problem to the Mono team");
sslPolicyErrors |= System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors;
}
if (!ServicePointManager.ChainValidationHelper.CheckCertificateUsage(x509Certificate))
{
sslPolicyErrors |= System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors;
num = -2146762490;
}
if (!ServicePointManager.ChainValidationHelper.CheckServerIdentity(certs[0], this.Host))
{
sslPolicyErrors |= System.Net.Security.SslPolicyErrors.RemoteCertificateNameMismatch;
num = -2146762481;
}
bool flag = false;
try
{
OSX509Certificates.SecTrustResult secTrustResult = OSX509Certificates.TrustEvaluateSsl(certs);
flag = (secTrustResult == OSX509Certificates.SecTrustResult.Proceed || secTrustResult == OSX509Certificates.SecTrustResult.Unspecified);
}
catch
{
}
if (flag)
{
num = 0;
sslPolicyErrors = System.Net.Security.SslPolicyErrors.None;
}
if (certificatePolicy != null && (!(certificatePolicy is DefaultCertificatePolicy) || serverCertificateValidationCallback == null))
{
ServicePoint srvPoint = null;
HttpWebRequest httpWebRequest = this.sender as HttpWebRequest;
if (httpWebRequest != null)
{
srvPoint = httpWebRequest.ServicePoint;
}
if (num == 0 && sslPolicyErrors != System.Net.Security.SslPolicyErrors.None)
{
num = ServicePointManager.ChainValidationHelper.GetStatusFromChain(x509Chain);
}
flag = certificatePolicy.CheckValidationResult(srvPoint, x509Certificate, httpWebRequest, num);
user_denied = (!flag && !(certificatePolicy is DefaultCertificatePolicy));
}
if (serverCertificateValidationCallback != null)
{
flag = serverCertificateValidationCallback(this.sender, x509Certificate, x509Chain, sslPolicyErrors);
user_denied = !flag;
}
return(new ValidationResult(flag, user_denied, num));
}
public string Post(string url, string data, System.Security.Cryptography.X509Certificates.X509Certificate x509Certificate, System.Net.Security.RemoteCertificateValidationCallback remoteCertificateValidationCallback)
{
HttpWebRequest requestScore = (HttpWebRequest)WebRequest.Create(url);
if (x509Certificate != null)
{
requestScore.ClientCertificates.Add(x509Certificate);
}
if (remoteCertificateValidationCallback != null)
{
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(remoteCertificateValidationCallback);
}
UTF8Encoding encoding = new UTF8Encoding();
byte[] dataBytes = encoding.GetBytes(data);
requestScore.Method = "Post";
requestScore.ContentType = "application/x-www-form-urlencoded";
requestScore.ContentLength = dataBytes.Length;
requestScore.KeepAlive = true;
Stream stream = requestScore.GetRequestStream();
stream.Write(dataBytes, 0, dataBytes.Length);
stream.Close();
HttpWebResponse responseSorce = (HttpWebResponse)requestScore.GetResponse();
StreamReader reader = new StreamReader(responseSorce.GetResponseStream(), Encoding.UTF8);
string content = reader.ReadToEnd();
requestScore = null;
responseSorce.Close();
responseSorce = null;
reader = null;
stream = null;
return(content);
}
