public static void Main(string[] args)
{
// check that name on cert = name of host user is connecting to
// var x5092 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificateBytes);
// string hostName = x5092.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.DnsName, false);
// bool hostNameMatch = string.Compare(hostName, this.Server, true) == 0;
// need to build x509chain obj , call build with cert, examine chainstatus property to see why failed.
// open store
X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
byte[] b = GetStreamBytes();
var x509 = new Mono.Security.X509.X509Certificate(b);
var chain = new Mono.Security.X509.X509Chain();
bool certificateStatus = chain.Build(x509);
Console.WriteLine(certificateStatus);
// output true
// X509Certificate2 newcert = new X509Certificate2();
//byte[] b = GetStreamBytes();
//newcert.Import(b);
//buildChain(newcert);
//byte[] b = GetStreamBytes();
//newcert.Import(b);
//store.Add(newcert);
//PrintStore();
//PrintMore();
// 3
// read certs
}
private void validateCertificates(Mono.Security.X509.X509CertificateCollection certificates)
{
ClientContext context = (ClientContext)this.Context;
AlertDescription description1 = AlertDescription.BadCertificate;
if (context.SslStream.HaveRemoteValidation2Callback)
{
ValidationResult validationResult = context.SslStream.RaiseServerCertificateValidation2(certificates);
if (!validationResult.Trusted)
{
long errorCode = (long)validationResult.ErrorCode;
AlertDescription description2;
switch (errorCode)
{
case 2148204801:
description2 = AlertDescription.CertificateExpired;
break;
case 2148204809:
description2 = AlertDescription.UnknownCA;
break;
case 2148204810:
description2 = AlertDescription.UnknownCA;
break;
default:
description2 = AlertDescription.CertificateUnknown;
break;
}
string str = string.Format("0x{0:x}", (object)errorCode);
throw new TlsException(description2, "Invalid certificate received from server. Error code: " + str);
}
}
else
{
Mono.Security.X509.X509Certificate certificate1 = certificates[0];
System.Security.Cryptography.X509Certificates.X509Certificate certificate2 = new System.Security.Cryptography.X509Certificates.X509Certificate(certificate1.RawData);
ArrayList arrayList = new ArrayList();
if (!this.checkCertificateUsage(certificate1))
{
arrayList.Add((object)-2146762490);
}
if (!this.checkServerIdentity(certificate1))
{
arrayList.Add((object)-2146762481);
}
Mono.Security.X509.X509CertificateCollection chain = new Mono.Security.X509.X509CertificateCollection(certificates);
chain.Remove(certificate1);
Mono.Security.X509.X509Chain x509Chain = new Mono.Security.X509.X509Chain(chain);
bool flag;
try
{
flag = x509Chain.Build(certificate1);
}
catch (Exception)
{
flag = false;
}
if (!flag)
{
switch (x509Chain.Status)
{
case Mono.Security.X509.X509ChainStatusFlags.NotTimeValid:
description1 = AlertDescription.CertificateExpired;
arrayList.Add((object)-2146762495);
break;
case Mono.Security.X509.X509ChainStatusFlags.NotTimeNested:
arrayList.Add((object)-2146762494);
break;
case Mono.Security.X509.X509ChainStatusFlags.NotSignatureValid:
arrayList.Add((object)-2146869232);
break;
case Mono.Security.X509.X509ChainStatusFlags.UntrustedRoot:
description1 = AlertDescription.UnknownCA;
arrayList.Add((object)-2146762487);
break;
case Mono.Security.X509.X509ChainStatusFlags.InvalidBasicConstraints:
arrayList.Add((object)-2146869223);
break;
case Mono.Security.X509.X509ChainStatusFlags.PartialChain:
description1 = AlertDescription.UnknownCA;
arrayList.Add((object)-2146762486);
break;
default:
description1 = AlertDescription.CertificateUnknown;
arrayList.Add((object)(int)x509Chain.Status);
break;
}
}
int[] array = (int[])arrayList.ToArray(typeof(int));
if (!context.SslStream.RaiseServerCertificateValidation(certificate2, array))
{
throw new TlsException(description1, "Invalid certificate received from server.");
}
}
}
private void validateCertificates(Mono.Security.X509.X509CertificateCollection certificates)
{
ServerContext context = (ServerContext)this.Context;
AlertDescription description = AlertDescription.BadCertificate;
System.Security.Cryptography.X509Certificates.X509Certificate certificate1 = (System.Security.Cryptography.X509Certificates.X509Certificate)null;
int[] certificateErrors;
if (certificates.Count > 0)
{
Mono.Security.X509.X509Certificate certificate2 = certificates[0];
ArrayList arrayList = new ArrayList();
if (!this.checkCertificateUsage(certificate2))
{
arrayList.Add((object)-2146762490);
}
Mono.Security.X509.X509Chain x509Chain;
if (certificates.Count > 1)
{
Mono.Security.X509.X509CertificateCollection chain = new Mono.Security.X509.X509CertificateCollection(certificates);
chain.Remove(certificate2);
x509Chain = new Mono.Security.X509.X509Chain(chain);
}
else
{
x509Chain = new Mono.Security.X509.X509Chain();
}
bool flag;
try
{
flag = x509Chain.Build(certificate2);
}
catch (Exception)
{
flag = false;
}
if (!flag)
{
switch (x509Chain.Status)
{
case Mono.Security.X509.X509ChainStatusFlags.NotTimeValid:
description = AlertDescription.CertificateExpired;
arrayList.Add((object)-2146762495);
break;
case Mono.Security.X509.X509ChainStatusFlags.NotTimeNested:
arrayList.Add((object)-2146762494);
break;
case Mono.Security.X509.X509ChainStatusFlags.NotSignatureValid:
arrayList.Add((object)-2146869232);
break;
case Mono.Security.X509.X509ChainStatusFlags.UntrustedRoot:
description = AlertDescription.UnknownCA;
arrayList.Add((object)-2146762487);
break;
case Mono.Security.X509.X509ChainStatusFlags.InvalidBasicConstraints:
arrayList.Add((object)-2146869223);
break;
case Mono.Security.X509.X509ChainStatusFlags.PartialChain:
description = AlertDescription.UnknownCA;
arrayList.Add((object)-2146762486);
break;
default:
description = AlertDescription.CertificateUnknown;
arrayList.Add((object)(int)x509Chain.Status);
break;
}
}
certificate1 = new System.Security.Cryptography.X509Certificates.X509Certificate(certificate2.RawData);
certificateErrors = (int[])arrayList.ToArray(typeof(int));
}
else
{
certificateErrors = new int[0];
}
System.Security.Cryptography.X509Certificates.X509CertificateCollection certificateCollection = new System.Security.Cryptography.X509Certificates.X509CertificateCollection();
foreach (Mono.Security.X509.X509Certificate certificate2 in certificates)
{
certificateCollection.Add(new System.Security.Cryptography.X509Certificates.X509Certificate(certificate2.RawData));
}
if (!context.SslStream.RaiseClientCertificateValidation(certificate1, certificateErrors))
{
throw new TlsException(description, "Invalid certificate received from client.");
}
this.Context.ClientSettings.ClientCertificate = certificate1;
}
