/// <inheritdoc/> public override async Task <Stream> GetStreamAsync(string requestUri) { var filter = new HttpBaseProtocolFilter(); filter.CacheControl.ReadBehavior = HttpCacheReadBehavior.NoCache; using var httpClient = new Windows.Web.Http.HttpClient(filter); var response = await httpClient.GetAsync(new Uri(requestUri)); var transportInformation = response.RequestMessage.TransportInformation; if (transportInformation.ServerCertificateErrorSeverity == SocketSslErrorSeverity.Fatal) { throw new SecurityException(); } var rootCertificate = transportInformation.ServerIntermediateCertificates.LastOrDefault()?.GetCertificateBlob().ToArray(); if (rootCertificate == null || !RootCertificates.Any(c => c.RawData != rootCertificate)) { throw new SecurityException(); } return((await response.Content.ReadAsInputStreamAsync()).AsStreamForRead()); }
private bool ValidateCertificate(HttpRequestMessage request, X509Certificate2 certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { if ((sslPolicyErrors & SslPolicyErrors.None) > 0) { return(true); } if ((sslPolicyErrors & (SslPolicyErrors.RemoteCertificateNameMismatch | SslPolicyErrors.RemoteCertificateNotAvailable)) > 0) { return(false); } foreach (var rootCertificate in RootCertificates) { chain.ChainPolicy.ExtraStore.Add(rootCertificate); } chain.ChainPolicy.VerificationFlags |= X509VerificationFlags.AllowUnknownCertificateAuthority; if (chain.Build(certificate)) { var chainRoot = chain.ChainElements.Cast <X509ChainElement>().Last().Certificate; return(RootCertificates.Any(c => c.RawData.SequenceEqual(chainRoot.RawData))); } return(false); }