Exemple #1
0
        internal override bool RaiseServerCertificateValidation(X509Certificate certificate, int[] certificateErrors)
        {
            bool failed = (certificateErrors.Length > 0);

            // only one problem can be reported by this interface
            _status = ((failed) ? certificateErrors [0] : 0);

#if NET_2_0
#pragma warning disable 618
#endif
            if (ServicePointManager.CertificatePolicy != null)
            {
                ServicePoint sp  = _request.ServicePoint;
                bool         res = ServicePointManager.CertificatePolicy.CheckValidationResult(sp, certificate, _request, _status);
                if (!res)
                {
                    return(false);
                }
                failed = true;
            }
#if NET_2_0
#pragma warning restore 618
#endif
#if NET_2_0
            if (HaveRemoteValidation2Callback)
            {
                return(failed);                // The validation already tried the 2.0 callback
            }
            SNS.RemoteCertificateValidationCallback cb = ServicePointManager.ServerCertificateValidationCallback;
            if (cb != null)
            {
                SNS.SslPolicyErrors ssl_errors = 0;
                foreach (int i in certificateErrors)
                {
                    if (i == (int)-2146762490)                     // TODO: is this what happens when the purpose is wrong?
                    {
                        ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateNotAvailable;
                    }
                    else if (i == (int)-2146762481)
                    {
                        ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateNameMismatch;
                    }
                    else
                    {
                        ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateChainErrors;
                    }
                }
                SNCX.X509Certificate2 cert2 = new SNCX.X509Certificate2(certificate.GetRawCertData());
                SNCX.X509Chain        chain = new SNCX.X509Chain();
                if (!chain.Build(cert2))
                {
                    ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateChainErrors;
                }
                return(cb(_request, cert2, chain, ssl_errors));
            }
#endif
            return(failed);
        }
Exemple #2
0
        public SecureSockNetworkStream(LowLevelNetworkStream socketNetworkStream,
                                       System.Security.Cryptography.X509Certificates.X509Certificate2 cert,
                                       System.Net.Security.RemoteCertificateValidationCallback remoteCertValidationCb = null)
        {
            _sslStream = new SslStream(socketNetworkStream, true, remoteCertValidationCb, null);
            _cert      = cert;

            _lowLevelStreamForSSL = socketNetworkStream;
            _lowLevelStreamForSSL.SetRecvCompleteEventHandler(LowLevelForSSL_RecvCompleted);
            _lowLevelStreamForSSL.SetSendCompleteEventHandler(LowLevelForSSL_SendCompleted);

            _readableRecvBuffer = new ReadableRecvBuffer();
        }
Exemple #3
0
        public static ClientContext GetSPContext(string webUrl)
        {
            TokenConstants.fedAuthRequestCtx = HttpUtility.UrlEncode(string.Format("{0}/_layouts/15/Authenticate.aspx?Source=%2f", webUrl));
            EndpointAddress   ep      = new EndpointAddress(TokenConstants.adfsBaseUri + "/" + TokenConstants.adfsTrustPath + "/" + TokenConstants.adfsTrustEndpoint);
            WS2007HttpBinding binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);

            binding.Security.Message.EstablishSecurityContext = false;
            binding.Security.Message.ClientCredentialType     = MessageCredentialType.UserName;
            binding.Security.Transport.ClientCredentialType   = HttpClientCredentialType.None;

            WSTrustChannelFactory wstcf = new WSTrustChannelFactory(binding, ep);

            wstcf.TrustVersion = TrustVersion.WSTrust13;
            NetworkCredential cred = new NetworkCredential(TokenConstants.userName, TokenConstants.pwd, TokenConstants.domain);

            wstcf.Credentials.Windows.ClientCredential = cred;
            wstcf.Credentials.UserName.UserName        = cred.UserName;
            wstcf.Credentials.UserName.Password        = cred.Password;
            var channel = wstcf.CreateChannel();

            string[]             tokenType = { "urn:oasis:names:tc:SAML:1.0:assertion", "urn:oasis:names:tc:SAML:2.0:assertion" };
            RequestSecurityToken rst       = new RequestSecurityToken();

            rst.RequestType = RequestTypes.Issue;
            rst.AppliesTo   = new EndpointReference(TokenConstants.adfsRealm);
            rst.KeyType     = KeyTypes.Bearer;
            rst.TokenType   = tokenType[0]; // Use the first one because that is what SharePoint itself uses (as observed in Fiddler).

            RequestSecurityTokenResponse rstr = new RequestSecurityTokenResponse();
            var cbk = new System.Net.Security.RemoteCertificateValidationCallback(ValidateRemoteCertificate);

            ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => { return(true); };
            SecurityToken token = null;

            try
            {
                token = channel.Issue(rst, out rstr);
            }
            finally
            {
                ServicePointManager.ServerCertificateValidationCallback = cbk;
            }

            Cookie fedAuthCookie = TransformTokenToFedAuth(((GenericXmlSecurityToken)token).TokenXml.OuterXml);

            TokenConstants.fedAuth.Add(fedAuthCookie);
            SP.ClientContext ctx = new SP.ClientContext(webUrl);
            ctx.ExecutingWebRequest += ctx_ExecutingWebRequest;
            return(ctx);
        }
 public static void OverrideValidation()
 {
     _orgCallback = ServicePointManager.ServerCertificateValidationCallback;
     ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(OnValidateCertificate);
     ServicePointManager.Expect100Continue = true;
 }
            internal ValidationResult ValidateChain(Mono.Security.X509.X509CertificateCollection certs)
            {
                bool user_denied = false;

                if (certs == null || certs.Count == 0)
                {
                    return(null);
                }
                ICertificatePolicy certificatePolicy = ServicePointManager.CertificatePolicy;

                System.Net.Security.RemoteCertificateValidationCallback serverCertificateValidationCallback = ServicePointManager.ServerCertificateValidationCallback;
                System.Security.Cryptography.X509Certificates.X509Chain x509Chain = new System.Security.Cryptography.X509Certificates.X509Chain();
                x509Chain.ChainPolicy = new System.Security.Cryptography.X509Certificates.X509ChainPolicy();
                for (int i = 1; i < certs.Count; i++)
                {
                    System.Security.Cryptography.X509Certificates.X509Certificate2 certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certs[i].RawData);
                    x509Chain.ChainPolicy.ExtraStore.Add(certificate);
                }
                System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certs[0].RawData);
                int num = 0;

                System.Net.Security.SslPolicyErrors sslPolicyErrors = System.Net.Security.SslPolicyErrors.None;
                try
                {
                    if (!x509Chain.Build(x509Certificate))
                    {
                        sslPolicyErrors |= ServicePointManager.ChainValidationHelper.GetErrorsFromChain(x509Chain);
                    }
                }
                catch (Exception arg)
                {
                    Console.Error.WriteLine("ERROR building certificate chain: {0}", arg);
                    Console.Error.WriteLine("Please, report this problem to the Mono team");
                    sslPolicyErrors |= System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors;
                }
                if (!ServicePointManager.ChainValidationHelper.CheckCertificateUsage(x509Certificate))
                {
                    sslPolicyErrors |= System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors;
                    num              = -2146762490;
                }
                if (!ServicePointManager.ChainValidationHelper.CheckServerIdentity(certs[0], this.Host))
                {
                    sslPolicyErrors |= System.Net.Security.SslPolicyErrors.RemoteCertificateNameMismatch;
                    num              = -2146762481;
                }
                bool flag = false;

                try
                {
                    OSX509Certificates.SecTrustResult secTrustResult = OSX509Certificates.TrustEvaluateSsl(certs);
                    flag = (secTrustResult == OSX509Certificates.SecTrustResult.Proceed || secTrustResult == OSX509Certificates.SecTrustResult.Unspecified);
                }
                catch
                {
                }
                if (flag)
                {
                    num             = 0;
                    sslPolicyErrors = System.Net.Security.SslPolicyErrors.None;
                }
                if (certificatePolicy != null && (!(certificatePolicy is DefaultCertificatePolicy) || serverCertificateValidationCallback == null))
                {
                    ServicePoint   srvPoint       = null;
                    HttpWebRequest httpWebRequest = this.sender as HttpWebRequest;
                    if (httpWebRequest != null)
                    {
                        srvPoint = httpWebRequest.ServicePoint;
                    }
                    if (num == 0 && sslPolicyErrors != System.Net.Security.SslPolicyErrors.None)
                    {
                        num = ServicePointManager.ChainValidationHelper.GetStatusFromChain(x509Chain);
                    }
                    flag        = certificatePolicy.CheckValidationResult(srvPoint, x509Certificate, httpWebRequest, num);
                    user_denied = (!flag && !(certificatePolicy is DefaultCertificatePolicy));
                }
                if (serverCertificateValidationCallback != null)
                {
                    flag        = serverCertificateValidationCallback(this.sender, x509Certificate, x509Chain, sslPolicyErrors);
                    user_denied = !flag;
                }
                return(new ValidationResult(flag, user_denied, num));
            }
Exemple #6
0
        public string Post(string url, string data, System.Security.Cryptography.X509Certificates.X509Certificate x509Certificate, System.Net.Security.RemoteCertificateValidationCallback remoteCertificateValidationCallback)
        {
            HttpWebRequest requestScore = (HttpWebRequest)WebRequest.Create(url);

            if (x509Certificate != null)
            {
                requestScore.ClientCertificates.Add(x509Certificate);
            }
            if (remoteCertificateValidationCallback != null)
            {
                ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(remoteCertificateValidationCallback);
            }
            UTF8Encoding encoding = new UTF8Encoding();

            byte[] dataBytes = encoding.GetBytes(data);
            requestScore.Method        = "Post";
            requestScore.ContentType   = "application/x-www-form-urlencoded";
            requestScore.ContentLength = dataBytes.Length;
            requestScore.KeepAlive     = true;

            Stream stream = requestScore.GetRequestStream();

            stream.Write(dataBytes, 0, dataBytes.Length);
            stream.Close();

            HttpWebResponse responseSorce = (HttpWebResponse)requestScore.GetResponse();
            StreamReader    reader        = new StreamReader(responseSorce.GetResponseStream(), Encoding.UTF8);
            string          content       = reader.ReadToEnd();

            requestScore = null;
            responseSorce.Close();
            responseSorce = null;
            reader        = null;
            stream        = null;

            return(content);
        }