public _ConnectionConfigurator_536(SSLSocketFactory sf, HostnameVerifier hv, int
timeout)
{
this.sf = sf;
this.hv = hv;
this.timeout = timeout;
}
/// <summary>Initializes the factory.</summary>
/// <exception cref="GeneralSecurityException">
/// thrown if an SSL initialization error
/// happened.
/// </exception>
/// <exception cref="System.IO.IOException">
/// thrown if an IO error happened while reading the SSL
/// configuration.
/// </exception>
public virtual void Init()
{
keystoresFactory.Init(mode);
context = SSLContext.GetInstance("TLS");
context.Init(keystoresFactory.GetKeyManagers(), keystoresFactory.GetTrustManagers
(), null);
context.GetDefaultSSLParameters().SetProtocols(enabledProtocols);
hostnameVerifier = GetHostnameVerifier(conf);
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: private static com.sun.jersey.api.client.Client createClient() throws Exception
private static Client CreateClient()
{
HostnameVerifier hostnameVerifier = HttpsURLConnection.DefaultHostnameVerifier;
ClientConfig config = new DefaultClientConfig();
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[] { new InsecureTrustManager() }, null);
config.Properties.put(PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hostnameVerifier, ctx));
return(Client.create(config));
}
/// <summary>
/// Create a Jersey HTTP client that is able to talk HTTPS and trusts all certificates.
/// </summary>
/// <returns> new client. </returns>
private static Client CreateClient()
{
try
{
HostnameVerifier hostnameVerifier = HttpsURLConnection.DefaultHostnameVerifier;
ClientConfig config = new DefaultClientConfig();
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[] { new InsecureTrustManager() }, null);
IDictionary <string, object> properties = config.Properties;
properties[PROPERTY_HTTPS_PROPERTIES] = new HTTPSProperties(hostnameVerifier, ctx);
properties[PROPERTY_FOLLOW_REDIRECTS] = false;
return(Client.create(config));
}
catch (Exception e)
{
throw new Exception(e);
}
}
/// <exception cref="GeneralSecurityException"/>
/// <exception cref="System.IO.IOException"/>
public static HostnameVerifier GetHostnameVerifier(string verifier)
{
HostnameVerifier hostnameVerifier;
if (verifier.Equals("DEFAULT"))
{
hostnameVerifier = SSLHostnameVerifier.Default;
}
else
{
if (verifier.Equals("DEFAULT_AND_LOCALHOST"))
{
hostnameVerifier = SSLHostnameVerifier.DefaultAndLocalhost;
}
else
{
if (verifier.Equals("STRICT"))
{
hostnameVerifier = SSLHostnameVerifier.Strict;
}
else
{
if (verifier.Equals("STRICT_IE6"))
{
hostnameVerifier = SSLHostnameVerifier.StrictIe6;
}
else
{
if (verifier.Equals("ALLOW_ALL"))
{
hostnameVerifier = SSLHostnameVerifier.AllowAll;
}
else
{
throw new GeneralSecurityException("Invalid hostname verifier: " + verifier);
}
}
}
}
}
return(hostnameVerifier);
}
protected override void init(CurlResource curl)
{
Proxy proxy = getProxy();
URLConnection conn;
HttpsURLConnection httpsConn = null;
if (proxy != null)
{
conn = getURL().openConnection(proxy);
}
else
{
conn = getURL().openConnection();
}
if (conn instanceof HttpsURLConnection)
{
httpsConn = (HttpsURLConnection)conn;
if (!curl.getIsVerifySSLPeer() ||
!curl.getIsVerifySSLCommonName() ||
!curl.getIsVerifySSLHostname())
{
HostnameVerifier hostnameVerifier
= CurlHostnameVerifier.create(curl.getIsVerifySSLPeer(),
curl.getIsVerifySSLCommonName(),
curl.getIsVerifySSLHostname());
httpsConn.setHostnameVerifier(hostnameVerifier);
}
}
setConnection(conn);
}
public bool verify(CertificateTrustCallback prompt, String hostName, List certs)
{
X509Certificate2 serverCert = ConvertCertificate(certs.iterator().next() as X509Certificate);
X509Chain chain = new X509Chain();
chain.ChainPolicy.RevocationMode =
PreferencesFactory.get().getBoolean("connection.ssl.x509.revocation.online")
? X509RevocationMode.Online
: X509RevocationMode.Offline;
chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 0, 10); // set timeout to 10 seconds
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;
for (int index = 1; index < certs.size(); index++)
{
chain.ChainPolicy.ExtraStore.Add(ConvertCertificate(certs.get(index) as X509Certificate));
}
chain.Build(serverCert);
bool isException = CheckForException(hostName, serverCert);
if (isException)
{
// Exceptions always have precedence
return(true);
}
string errorFromChainStatus = GetErrorFromChainStatus(chain, hostName);
bool certError = null != errorFromChainStatus;
bool hostnameMismatch = hostName != null &&
!HostnameVerifier.CheckServerIdentity(certs.iterator().next() as X509Certificate,
serverCert, hostName);
// check if host name matches
if (null == errorFromChainStatus && hostnameMismatch)
{
errorFromChainStatus =
string.Format(LocaleFactory.localizedString(
"The certificate for this server is invalid. You might be connecting to a server that is pretending to be {0} which could put your confidential information at risk. Would you like to connect to the server anyway?",
"Keychain"), hostName);
}
if (null != errorFromChainStatus)
{
// Title: LocaleFactory.localizedString("Certificate Error", "Keychain")
// Main Instruction: LocaleFactory.localizedString("Certificate Error", "Keychain")
// Content: errorFromChainStatus
// Verification Text: LocaleFactory.localizedString("Always Trust", "Keychain")
// CommandButtons: { LocaleFactory.localizedString("Continue", "Credentials"), LocaleFactory.localizedString("Disconnect"), LocaleFactory.localizedString("Show Certificate", "Keychain") }
// ShowCancelButton: false
// Main Icon: Warning
// Footer Icon: Information
TaskDialogResult result =
TaskDialog.TaskDialog.Show(
title: LocaleFactory.localizedString("Certificate Error", "Keychain"),
mainInstruction: LocaleFactory.localizedString("Certificate Error", "Keychain"),
verificationText: LocaleFactory.localizedString("Always Trust", "Keychain"),
content: errorFromChainStatus,
commandLinks:
new string[]
{
LocaleFactory.localizedString("Continue", "Credentials"),
LocaleFactory.localizedString("Disconnect"),
LocaleFactory.localizedString("Show Certificate", "Keychain")
},
mainIcon: TaskDialogIcon.Warning, footerIcon: TaskDialogIcon.Information,
callback: (dialog, args, data) =>
{
switch (args.Notification)
{
case TaskDialogNotification.ButtonClicked:
if (args.ButtonIndex == 2)
{
X509Certificate2UI.DisplayCertificate(serverCert);
return(true);
}
break;
}
return(false);
});
if (result.Result == TaskDialogSimpleResult.Command)
{
if (result.CommandButtonResult == 0)
{
if (result.VerificationChecked == true)
{
if (certError)
{
//todo can we use the Trusted People and Third Party Certificate Authority Store? Currently X509Chain is the problem.
AddCertificate(serverCert, StoreName.Root);
}
PreferencesFactory.get()
.setProperty(hostName + ".certificate.accept", serverCert.Thumbprint);
}
return(true);
}
if (result.CommandButtonResult == 1)
{
return(false);
}
}
}
return(true);
}
public override bool isTrusted(String hostName, X509Certificate[] certs)
{
X509Certificate2 serverCert = ConvertCertificate(certs[0]);
X509Chain chain = new X509Chain();
//todo Online revocation check. Preference.
chain.ChainPolicy.RevocationMode = X509RevocationMode.Offline; // | X509RevocationMode.Online
chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 0, 10); // set timeout to 10 seconds
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;
for (int index = 1; index < certs.Length; index++)
{
chain.ChainPolicy.ExtraStore.Add(ConvertCertificate(certs[index]));
}
chain.Build(serverCert);
string errorFromChainStatus = GetErrorFromChainStatus(chain, hostName);
bool certError = null != errorFromChainStatus;
bool hostnameMismatch = !HostnameVerifier.CheckServerIdentity(certs[0], serverCert, hostName) &&
!CheckForException(hostName, serverCert);
// check if host name matches
if (null == errorFromChainStatus && hostnameMismatch)
{
errorFromChainStatus = Locale.localizedString(
"The certificate for this server is invalid. You might be connecting to a server that is pretending to be “%@” which could put your confidential information at risk. Would you like to connect to the server anyway?",
"Keychain").Replace("%@", hostName);
}
if (null != errorFromChainStatus)
{
while (true)
{
TaskDialog d = new TaskDialog();
DialogResult r =
d.ShowCommandBox(Locale.localizedString("This certificate is not valid", "Keychain"),
Locale.localizedString("This certificate is not valid", "Keychain"),
errorFromChainStatus,
null,
null,
Locale.localizedString("Always Trust", "Keychain"),
String.Format("{0}|{1}|{2}",
Locale.localizedString("Continue", "Credentials"),
Locale.localizedString("Disconnect"),
Locale.localizedString("Show Certificate", "Keychain")),
false,
SysIcons.Warning, SysIcons.Information);
if (r == DialogResult.OK)
{
if (d.CommandButtonResult == 0)
{
if (d.VerificationChecked)
{
if (certError)
{
//todo can we use the Trusted People and Third Party Certificate Authority Store? Currently X509Chain is the problem.
AddCertificate(serverCert, StoreName.Root);
}
if (hostnameMismatch)
{
Preferences.instance().setProperty(hostName + ".certificate.accept",
serverCert.SubjectName.Name);
}
}
return(true);
}
if (d.CommandButtonResult == 1)
{
return(false);
}
if (d.CommandButtonResult == 2)
{
X509Certificate2UI.DisplayCertificate(serverCert);
}
}
}
}
return(true);
}
public static void setDefaultHostnameVerifier(HostnameVerifier v)
{
}
public static void setDefaultHostnameVerifier(HostnameVerifier v)
{
}
