public static SafeFreeContextBufferChannelBinding QueryContextChannelBinding(SafeDeleteContext securityContext, ChannelBindingKind attribute)
{
SafeChannelBindingHandle bindingHandle = Interop.OpenSsl.QueryChannelBinding(((SafeDeleteSslContext)securityContext).SslContext, attribute);
var refHandle = bindingHandle == null ? null : new SafeFreeContextBufferChannelBinding(bindingHandle);
return(refHandle);
}
private static void QueryEndPointChannelBinding(SafeSslHandle context, SafeChannelBindingHandle bindingHandle)
{
using (SafeX509Handle certSafeHandle = GetPeerCertificate(context))
{
if (certSafeHandle == null || certSafeHandle.IsInvalid)
{
throw CreateSslException(SR.net_ssl_invalid_certificate);
}
bool gotReference = false;
try
{
certSafeHandle.DangerousAddRef(ref gotReference);
using (X509Certificate2 cert = new X509Certificate2(certSafeHandle.DangerousGetHandle()))
using (HashAlgorithm hashAlgo = GetHashForChannelBinding(cert))
{
byte[] bindingHash = hashAlgo.ComputeHash(cert.RawData);
bindingHandle.SetCertHash(bindingHash);
}
}
finally
{
if (gotReference)
{
certSafeHandle.DangerousRelease();
}
}
}
}
protected override bool ReleaseHandle()
{
if (_bindingHandle != null)
{
SetHandle(IntPtr.Zero);
_bindingHandle.Dispose();
_bindingHandle = null;
}
return(true);
}
internal void SetToken(X509Certificate2 cert)
{
// Parity with WinHTTP: only support retrieval of CBT for ChannelBindingKind.Endpoint.
_bindingHandle = new SafeChannelBindingHandle(ChannelBindingKind.Endpoint);
using (HashAlgorithm hashAlgo = Interop.OpenSsl.GetHashForChannelBinding(cert))
{
_bindingHash = hashAlgo.ComputeHash(cert.RawData);
_bindingHandle.SetCertHash(_bindingHash);
SetHandle(_bindingHandle.DangerousGetHandle());
}
}
internal void SetToken(X509Certificate2 cert)
{
// Parity with WinHTTP : CurHandler only supports retrieval of ChannelBindingKind.Endpoint for CBT.
_bindingHandle = new SafeChannelBindingHandle(ChannelBindingKind.Endpoint);
using (HashAlgorithm hashAlgo = Interop.OpenSsl.GetHashForChannelBinding(cert))
{
byte[] bindingHash = hashAlgo.ComputeHash(cert.RawData);
_bindingHandle.SetCertHash(bindingHash);
_description = BitConverter.ToString(bindingHash).Replace('-', ' ');
SetHandle(_bindingHandle.DangerousGetHandle());
}
}
private static void QueryUniqueChannelBinding(SafeSslHandle context, SafeChannelBindingHandle bindingHandle)
{
bool sessionReused = Ssl.SslSessionReused(context);
int certHashLength = context.IsServer ^ sessionReused?
Ssl.SslGetPeerFinished(context, bindingHandle.CertHashPtr, bindingHandle.Length) :
Ssl.SslGetFinished(context, bindingHandle.CertHashPtr, bindingHandle.Length);
if (0 == certHashLength)
{
throw CreateSslException(SR.net_ssl_get_channel_binding_token_failed);
}
bindingHandle.SetCertHashLength(certHashLength);
}
internal static SafeChannelBindingHandle? QueryChannelBinding(SafeSslHandle context, ChannelBindingKind bindingType)
{
Debug.Assert(
bindingType != ChannelBindingKind.Endpoint,
"Endpoint binding should be handled by EndpointChannelBindingToken");
SafeChannelBindingHandle? bindingHandle;
switch (bindingType)
{
case ChannelBindingKind.Unique:
bindingHandle = new SafeChannelBindingHandle(bindingType);
QueryUniqueChannelBinding(context, bindingHandle);
break;
default:
// Keeping parity with windows, we should return null in this case.
bindingHandle = null;
break;
}
return bindingHandle;
}
internal static SafeChannelBindingHandle QueryChannelBinding(SafeSslHandle context, ChannelBindingKind bindingType)
{
SafeChannelBindingHandle bindingHandle;
switch (bindingType)
{
case ChannelBindingKind.Endpoint:
bindingHandle = new SafeChannelBindingHandle(bindingType);
QueryEndPointChannelBinding(context, bindingHandle);
break;
case ChannelBindingKind.Unique:
bindingHandle = new SafeChannelBindingHandle(bindingType);
QueryUniqueChannelBinding(context, bindingHandle);
break;
default:
// Keeping parity with windows, we should return null in this case.
bindingHandle = null;
break;
}
return(bindingHandle);
}
