public static bool ValidateServerCertificate(
object sender,
System.Security.Cryptography.X509Certificates.X509Certificate certificate,
X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
bool isOk = true;
// If there are errors in the certificate chain, look at each error to determine the cause.
if (sslPolicyErrors != SslPolicyErrors.None)
{
for (int i = 0; i < chain.ChainStatus.Length; i++)
{
if (chain.ChainStatus[i].Status != X509ChainStatusFlags.RevocationStatusUnknown)
{
chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 0);
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;
bool chainIsValid = chain.Build((X509Certificate2)certificate);
if (!chainIsValid)
{
isOk = false;
}
}
}
}
return(isOk);
}
private static bool AcceptAllCertifications(object sender,
System.Security.Cryptography.X509Certificates.X509Certificate certification,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return(true);
}
public static bool TrustAllCertificateCallback(object sender,
System.Security.Cryptography.X509Certificates.X509Certificate cert,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors errors)
{
return(true);
}
private static Boolean UserCertificateValidationCallback(Object sender,
System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
// always pass
return(true);
}
private bool IgnoreCertificateErrorHandler
(object sender,
System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return(true);
}
public static bool RemoteCertificateValidationCallback(
Object sender,
X509Certificate certificate,
X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return(true);
}
private bool CheckValidationResult(Object sender,
System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
// Always accept
return(true);
}
// Set certificate policy to allow all certificates
private static bool RemoteCertificateValidation(Object sender,
System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
//Handle bad certificates here
return(true);
}
internal override bool RaiseServerCertificateValidation(X509Certificate certificate, int[] certificateErrors)
{
bool failed = (certificateErrors.Length > 0);
// only one problem can be reported by this interface
_status = ((failed) ? certificateErrors [0] : 0);
#if NET_2_0
#pragma warning disable 618
#endif
if (ServicePointManager.CertificatePolicy != null)
{
ServicePoint sp = _request.ServicePoint;
bool res = ServicePointManager.CertificatePolicy.CheckValidationResult(sp, certificate, _request, _status);
if (!res)
{
return(false);
}
failed = true;
}
#if NET_2_0
#pragma warning restore 618
#endif
#if NET_2_0
if (HaveRemoteValidation2Callback)
{
return(failed); // The validation already tried the 2.0 callback
}
SNS.RemoteCertificateValidationCallback cb = ServicePointManager.ServerCertificateValidationCallback;
if (cb != null)
{
SNS.SslPolicyErrors ssl_errors = 0;
foreach (int i in certificateErrors)
{
if (i == (int)-2146762490) // TODO: is this what happens when the purpose is wrong?
{
ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateNotAvailable;
}
else if (i == (int)-2146762481)
{
ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateNameMismatch;
}
else
{
ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateChainErrors;
}
}
SNCX.X509Certificate2 cert2 = new SNCX.X509Certificate2(certificate.GetRawCertData());
SNCX.X509Chain chain = new SNCX.X509Chain();
if (!chain.Build(cert2))
{
ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateChainErrors;
}
return(cb(_request, cert2, chain, ssl_errors));
}
#endif
return(failed);
}
/// <summary>
/// Workaround for the bug described here
/// https://bugzilla.xamarin.com/show_bug.cgi?id=6501
/// </summary>
/// <param name="sender">Sender.</param>
/// <param name="certificate">Certificate.</param>
/// <param name="chain">Chain.</param>
/// <param name="sslPolicyErrors">Ssl policy errors.</param>
static bool ValidatorUnity(object sender,
System.Security.Cryptography.X509Certificates.X509Certificate
certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
//TODO:
return(true);
}
private bool CheckCertificate(
object sender, X509Certificate cert,
X509Chain chain,
System.Net.Security.SslPolicyErrors errors)
{
if (errors != System.Net.Security.SslPolicyErrors.None && CertificateManualValidation != null)
{
return(this.CertificateManualValidation(this, cert, chain, errors));
}
return(false);
}
private static System.Net.Security.SslPolicyErrors GetErrorsFromChain(System.Security.Cryptography.X509Certificates.X509Chain chain)
{
System.Net.Security.SslPolicyErrors sslPolicyErrors = System.Net.Security.SslPolicyErrors.None;
foreach (System.Security.Cryptography.X509Certificates.X509ChainStatus x509ChainStatus in chain.ChainStatus)
{
if (x509ChainStatus.Status != System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.NoError)
{
sslPolicyErrors |= System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors;
break;
}
}
return(sslPolicyErrors);
}
private static bool CertificateValidationCallBack(
object sender,
System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return(true);
/*// If the certificate is a valid, signed certificate, return true.
* if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None)
* {
* return true;
* }
*
* // If there are errors in the certificate chain, look at each error to determine the cause.
* if ((sslPolicyErrors & System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors) != 0)
* {
* if (chain != null && chain.ChainStatus != null)
* {
* foreach (System.Security.Cryptography.X509Certificates.X509ChainStatus status in chain.ChainStatus)
* {
* if ((certificate.Subject == certificate.Issuer) &&
* (status.Status == System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.UntrustedRoot))
* {
* // Self-signed certificates with an untrusted root are valid.
* continue;
* }
* else
* {
* if (status.Status != System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.NoError)
* {
* // If there are any other errors in the certificate chain, the certificate is invalid,
* // so the method returns false.
* return false;
* }
* }
* }
* }
*
* // When processing reaches this line, the only errors in the certificate chain are
* // untrusted root errors for self-signed certificates. These certificates are valid
* // for default Exchange server installations, so return true.
* return true;
* }
* else
* {
* // In all other cases, return false.
* return false;
* }*/
}
private bool LdapSSLHandler(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
//if (sslPolicyErrors == SslPolicyErrors.None)
//{
// return true; //Is valid
//}
//if (certificate.GetCertHashString() == "YOUR CERTIFICATE HASH KEY") // Thumbprint value of the certificate
//{
// return true;
//}
//return false;
return(true);
}
/// <summary>
/// Workaround for the bug described here
/// https://bugzilla.xamarin.com/show_bug.cgi?id=6501
/// </summary>
/// <param name="sender">Sender.</param>
/// <param name="certificate">Certificate.</param>
/// <param name="chain">Chain.</param>
/// <param name="sslPolicyErrors">Ssl policy errors.</param>
static bool Validator(object sender,
System.Security.Cryptography.X509Certificates.X509Certificate
certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
var sslTrustManager = (IX509TrustManager)typeof(AndroidEnvironment)
.GetField("sslTrustManager",
System.Reflection.BindingFlags.NonPublic |
System.Reflection.BindingFlags.Static)
.GetValue(null);
Func <Java.Security.Cert.CertificateFactory,
System.Security.Cryptography.X509Certificates.X509Certificate,
Java.Security.Cert.X509Certificate>
c = (f, v) =>
f.GenerateCertificate(
new System.IO.MemoryStream(v.GetRawCertData()))
.JavaCast <Java.Security.Cert.X509Certificate> ();
var cFactory = Java.Security.Cert.CertificateFactory.GetInstance(Javax.Net.Ssl.TrustManagerFactory.DefaultAlgorithm);
var certs = new List <Java.Security.Cert.X509Certificate> (
chain.ChainElements.Count + 1);
certs.Add(c(cFactory, certificate));
foreach (var ce in chain.ChainElements)
{
if (certificate.Equals(ce.Certificate))
{
continue;
}
certificate = ce.Certificate;
certs.Add(c(cFactory, certificate));
}
try {
//had to comment this out as sslTrustManager was returning null
//working on the fix or a workaround
//sslTrustManager.CheckServerTrusted (certs.ToArray (),
// Javax.Net.Ssl.TrustManagerFactory.DefaultAlgorithm);
return(true);
} catch (Exception e) {
throw new Exception("SSL error");
}
}
public static bool Validator(object sender, System.Security.Cryptography.X509Certificates.X509Certificate cert,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors error)
{
return(true);
}
private static bool CertificateValidationCallBack(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return(true);
}
private static bool customXertificateValidation(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
return(true);
}
private static bool CheckValidationResult(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors errors)
{
return(true); //总是接受
}
/// <summary>
/// TODO: Check if HTTPClient have automation way to validate certificates
/// </summary>
/// <param name="sender"></param>
/// <param name="certificate"></param>
/// <param name="chain"></param>
/// <param name="sslPolicyErrors"></param>
/// <returns></returns>
private Boolean ValidateCertificate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate
certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return(true);
}
public static bool RemoteServerCertificateValidationCallback(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
//Console.WriteLine(certificate);
return(true);
}
internal static bool AcceptAllCertifications(object sender,
X509Certificate certification, X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return(true);
}
private static bool CertificateValidationCallBack(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None)
{
return(true);
}
if ((sslPolicyErrors & System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors) != 0)
{
if (chain != null && chain.ChainStatus != null)
{
foreach (System.Security.Cryptography.X509Certificates.X509ChainStatus status in chain.ChainStatus)
{
if ((certificate.Subject == certificate.Issuer) &&
(status.Status == System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.UntrustedRoot))
{
continue;
}
else
{
if (status.Status != System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.NoError)
{
return(false);
}
}
}
}
return(true);
}
else
{
return(false);
}
}
internal ValidationResult ValidateChain(Mono.Security.X509.X509CertificateCollection certs)
{
bool user_denied = false;
if (certs == null || certs.Count == 0)
{
return(null);
}
ICertificatePolicy certificatePolicy = ServicePointManager.CertificatePolicy;
System.Net.Security.RemoteCertificateValidationCallback serverCertificateValidationCallback = ServicePointManager.ServerCertificateValidationCallback;
System.Security.Cryptography.X509Certificates.X509Chain x509Chain = new System.Security.Cryptography.X509Certificates.X509Chain();
x509Chain.ChainPolicy = new System.Security.Cryptography.X509Certificates.X509ChainPolicy();
for (int i = 1; i < certs.Count; i++)
{
System.Security.Cryptography.X509Certificates.X509Certificate2 certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certs[i].RawData);
x509Chain.ChainPolicy.ExtraStore.Add(certificate);
}
System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certs[0].RawData);
int num = 0;
System.Net.Security.SslPolicyErrors sslPolicyErrors = System.Net.Security.SslPolicyErrors.None;
try
{
if (!x509Chain.Build(x509Certificate))
{
sslPolicyErrors |= ServicePointManager.ChainValidationHelper.GetErrorsFromChain(x509Chain);
}
}
catch (Exception arg)
{
Console.Error.WriteLine("ERROR building certificate chain: {0}", arg);
Console.Error.WriteLine("Please, report this problem to the Mono team");
sslPolicyErrors |= System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors;
}
if (!ServicePointManager.ChainValidationHelper.CheckCertificateUsage(x509Certificate))
{
sslPolicyErrors |= System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors;
num = -2146762490;
}
if (!ServicePointManager.ChainValidationHelper.CheckServerIdentity(certs[0], this.Host))
{
sslPolicyErrors |= System.Net.Security.SslPolicyErrors.RemoteCertificateNameMismatch;
num = -2146762481;
}
bool flag = false;
try
{
OSX509Certificates.SecTrustResult secTrustResult = OSX509Certificates.TrustEvaluateSsl(certs);
flag = (secTrustResult == OSX509Certificates.SecTrustResult.Proceed || secTrustResult == OSX509Certificates.SecTrustResult.Unspecified);
}
catch
{
}
if (flag)
{
num = 0;
sslPolicyErrors = System.Net.Security.SslPolicyErrors.None;
}
if (certificatePolicy != null && (!(certificatePolicy is DefaultCertificatePolicy) || serverCertificateValidationCallback == null))
{
ServicePoint srvPoint = null;
HttpWebRequest httpWebRequest = this.sender as HttpWebRequest;
if (httpWebRequest != null)
{
srvPoint = httpWebRequest.ServicePoint;
}
if (num == 0 && sslPolicyErrors != System.Net.Security.SslPolicyErrors.None)
{
num = ServicePointManager.ChainValidationHelper.GetStatusFromChain(x509Chain);
}
flag = certificatePolicy.CheckValidationResult(srvPoint, x509Certificate, httpWebRequest, num);
user_denied = (!flag && !(certificatePolicy is DefaultCertificatePolicy));
}
if (serverCertificateValidationCallback != null)
{
flag = serverCertificateValidationCallback(this.sender, x509Certificate, x509Chain, sslPolicyErrors);
user_denied = !flag;
}
return(new ValidationResult(flag, user_denied, num));
}
private static bool CertificateValidationCallBack(
object sender,
System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
// If the certificate is a valid, signed certificate, return true.
if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None)
{
Console.WriteLine("It's ok");
return(true);
}
// If there are errors in the certificate chain, look at each error to determine the cause.
if ((sslPolicyErrors & System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors) != 0)
{
if (chain != null && chain.ChainStatus != null)
{
foreach (System.Security.Cryptography.X509Certificates.X509ChainStatus status in chain.ChainStatus)
{
if ((certificate.Subject == certificate.Issuer) &&
(status.Status == System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.UntrustedRoot))
{
// Self-signed certificates with an untrusted root are valid.
Console.WriteLine("Untrusted root certificate");
continue;
}
else
{
Console.WriteLine(sslPolicyErrors);
SslPolicyErrors ignoredErrors = SslPolicyErrors.None;
if (JSConfig.tlsAllowInvalidHostnames)
{
ignoredErrors |= SslPolicyErrors.RemoteCertificateNameMismatch; // name mismatch
}
if (JSConfig.tlsAllowChainErrors)
{
ignoredErrors |= SslPolicyErrors.RemoteCertificateChainErrors; // self-signed
}
if ((sslPolicyErrors & ~ignoredErrors) == SslPolicyErrors.None)
{
Console.WriteLine("FORCED ACCEPT CERTIFICATE!");
return(true);
}
if (status.Status != System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.NoError)
{
Console.WriteLine(status.StatusInformation);
// If there are any other errors in the certificate chain, the certificate is invalid,
// so the method returns false.
return(false);
}
}
}
}
// When processing reaches this line, the only errors in the certificate chain are
// untrusted root errors for self-signed certificates. These certificates are valid
// for default Exchange server installations, so return true.
Console.WriteLine("Certificates ok.");
return(true);
}
else
{
Console.WriteLine("Certificate Error!");
// In all other cases, return false.
return(false);
}
}
private ValidateCertificateResult Channel_OnValidateCertificate(Uri source, X509Certificate certificate, X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
if (OnValidateCertificate != null)
{
return(OnValidateCertificate(source, certificate, chain, sslPolicyErrors));
}
return(ValidateCertificateResult.NotValidated);
}
public bool ServerCertificateValidation(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
if (ServerCertificateValidationCallback != null)
{
return(ServerCertificateValidationCallback(sender, certification, chain, sslPolicyErrors));
}
return(false);
}
private static bool ValidateCertificate(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return(true);
}
private bool ServerCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, System.Net.Security.SslPolicyErrors errors)
{
return(true);
}
/// <summary>
/// Verify the remote Secure Sockets Layer (SSL) certificate used for authentication.
/// In adapter, this method always return true, make client can communicate with server under HTTPS without a certification.
/// </summary>
/// <param name="sender">An object that contains state information for this validation.</param>
/// <param name="certificate">The certificate used to authenticate the remote party.</param>
/// <param name="chain">The chain of certificate authorities associated with the remote certificate.</param>
/// <param name="sslPolicyErrors">One or more errors associated with the remote certificate.</param>
/// <returns>A Boolean value that determines whether the specified certificate is accepted for authentication.</returns>
private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
SslPolicyErrors errors = sslPolicyErrors;
if ((errors & SslPolicyErrors.RemoteCertificateNameMismatch) == SslPolicyErrors.RemoteCertificateNameMismatch)
{
Zone zone = Zone.CreateFromUrl(((HttpWebRequest)sender).RequestUri.ToString());
if (zone.SecurityZone == SecurityZone.Intranet || zone.SecurityZone == SecurityZone.MyComputer)
{
errors -= SslPolicyErrors.RemoteCertificateNameMismatch;
}
}
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) == SslPolicyErrors.RemoteCertificateChainErrors)
{
if (chain != null && chain.ChainStatus != null)
{
foreach (X509ChainStatus status in chain.ChainStatus)
{
// Self-signed certificates have the issuer in the subject field.
if ((certificate.Subject == certificate.Issuer) && (status.Status == X509ChainStatusFlags.UntrustedRoot))
{
// Self-signed certificates with an untrusted root are valid.
continue;
}
else if (status.Status != X509ChainStatusFlags.NoError)
{
// If there are any other errors in the certificate chain, the certificate is invalid, the method returns false.
return(false);
}
}
}
// When processing reaches this line, the only errors in the certificate chain are untrusted root errors for self-signed certificates.
// These certificates are valid.
errors -= SslPolicyErrors.RemoteCertificateChainErrors;
}
return(errors == SslPolicyErrors.None);
}
