Esempio n. 1
0
        public static IChainPal BuildChain(
            bool useMachineContext,
            ICertificatePal cert,
            X509Certificate2Collection extraStore,
            OidCollection applicationPolicy,
            OidCollection certificatePolicy,
            X509RevocationMode revocationMode,
            X509RevocationFlag revocationFlag,
            DateTime verificationTime,
            TimeSpan timeout)
        {
            // An input value of 0 on the timeout is "take all the time you need".
            if (timeout == TimeSpan.Zero)
            {
                timeout = TimeSpan.MaxValue;
            }

            // Let Unspecified mean Local, so only convert if the source was UTC.
            //
            // Converge on Local instead of UTC because OpenSSL is going to assume we gave it
            // local time.
            if (verificationTime.Kind == DateTimeKind.Utc)
            {
                verificationTime = verificationTime.ToLocalTime();
            }

            TimeSpan                remainingDownloadTime = timeout;
            X509Certificate2        leaf          = new X509Certificate2(cert.Handle);
            List <X509Certificate2> downloaded    = new List <X509Certificate2>();
            List <X509Certificate2> systemTrusted = new List <X509Certificate2>();

            List <X509Certificate2> candidates = OpenSslX509ChainProcessor.FindCandidates(
                leaf,
                extraStore,
                downloaded,
                systemTrusted,
                ref remainingDownloadTime);

            IChainPal chain = OpenSslX509ChainProcessor.BuildChain(
                leaf,
                candidates,
                downloaded,
                systemTrusted,
                applicationPolicy,
                certificatePolicy,
                revocationMode,
                revocationFlag,
                verificationTime,
                ref remainingDownloadTime);

            if (chain.ChainStatus.Length == 0 && downloaded.Count > 0)
            {
                SaveIntermediateCertificates(chain.ChainElements, downloaded);
            }

            return(chain);
        }
Esempio n. 2
0
        private void Reset()
        {
            _lazyChainStatus = null;
            _chainElements   = new X509ChainElementCollection();

            IChainPal pal = _pal;

            _pal = null;
            if (pal != null)
            {
                pal.Dispose();
            }
        }
Esempio n. 3
0
        public void Reset()
        {
            // _chainPolicy is not reset for .NET Framework compat
            _lazyChainStatus   = null;
            _chainElements     = null;
            _useMachineContext = false;

            IChainPal pal = _pal;

            _pal = null;
            if (pal != null)
            {
                pal.Dispose();
            }
        }
Esempio n. 4
0
        internal bool Build(X509Certificate2 certificate, bool throwOnException)
        {
            lock (_syncRoot)
            {
                if (certificate == null || certificate.Pal == null)
                {
                    throw new ArgumentException(SR.Cryptography_InvalidContextHandle, nameof(certificate));
                }

                Reset();

                X509ChainPolicy chainPolicy = ChainPolicy;
                _pal = ChainPal.BuildChain(
                    _useMachineContext,
                    certificate.Pal,
                    chainPolicy.ExtraStore,
                    chainPolicy.ApplicationPolicy,
                    chainPolicy.CertificatePolicy,
                    chainPolicy.RevocationMode,
                    chainPolicy.RevocationFlag,
                    chainPolicy.VerificationTime,
                    chainPolicy.UrlRetrievalTimeout
                    );
                if (_pal == null)
                {
                    return(false);
                }

                _chainElements = new X509ChainElementCollection(_pal.ChainElements);

                Exception verificationException;
                bool?     verified = _pal.Verify(chainPolicy.VerificationFlags, out verificationException);
                if (!verified.HasValue)
                {
                    if (throwOnException)
                    {
                        throw verificationException;
                    }
                    else
                    {
                        verified = false;
                    }
                }

                return(verified.Value);
            }
        }
Esempio n. 5
0
        public static IChainPal BuildChain(
            bool useMachineContext,
            ICertificatePal cert,
            X509Certificate2Collection extraStore,
            OidCollection applicationPolicy,
            OidCollection certificatePolicy,
            X509RevocationMode revocationMode,
            X509RevocationFlag revocationFlag,
            DateTime verificationTime,
            TimeSpan timeout)
        {
            CheckRevocationMode(revocationMode);

            // An input value of 0 on the timeout is "take all the time you need".
            if (timeout == TimeSpan.Zero)
            {
                timeout = TimeSpan.MaxValue;
            }

            TimeSpan                remainingDownloadTime = timeout;
            X509Certificate2        leaf       = new X509Certificate2(cert.Handle);
            List <X509Certificate2> downloaded = new List <X509Certificate2>();

            List <X509Certificate2> candidates = OpenSslX509ChainProcessor.FindCandidates(
                leaf,
                extraStore,
                downloaded,
                ref remainingDownloadTime);

            IChainPal chain = OpenSslX509ChainProcessor.BuildChain(
                leaf,
                candidates,
                downloaded,
                applicationPolicy,
                certificatePolicy,
                verificationTime);

            if (chain.ChainStatus.Length == 0 && downloaded.Count > 0)
            {
                SaveIntermediateCertificates(chain.ChainElements, downloaded);
            }

            return(chain);
        }
Esempio n. 6
0
 public X509Chain(IntPtr chainContext)
 {
     _pal = ChainPal.FromHandle(chainContext);
     Debug.Assert(_pal != null);
     _chainElements = new X509ChainElementCollection(_pal.ChainElements);
 }
Esempio n. 7
0
        internal bool Build(X509Certificate2 certificate, bool throwOnException)
        {
            lock (_syncRoot)
            {
                if (certificate == null || certificate.Pal == null)
                {
                    throw new ArgumentException(SR.Cryptography_InvalidContextHandle, nameof(certificate));
                }

                if (_chainPolicy != null && _chainPolicy.CustomTrustStore != null)
                {
                    if (_chainPolicy.TrustMode == X509ChainTrustMode.System && _chainPolicy.CustomTrustStore.Count > 0)
                    {
                        throw new CryptographicException(SR.Cryptography_CustomTrustCertsInSystemMode, nameof(_chainPolicy.TrustMode));
                    }

                    foreach (X509Certificate2 customCertificate in _chainPolicy.CustomTrustStore)
                    {
                        if (customCertificate == null || customCertificate.Handle == IntPtr.Zero)
                        {
                            throw new CryptographicException(SR.Cryptography_InvalidTrustCertificate, nameof(_chainPolicy.CustomTrustStore));
                        }
                    }
                }

                Reset();

                X509ChainPolicy chainPolicy = ChainPolicy;
                _pal = ChainPal.BuildChain(
                    _useMachineContext,
                    certificate.Pal,
                    chainPolicy._extraStore,
                    chainPolicy._applicationPolicy,
                    chainPolicy._certificatePolicy,
                    chainPolicy.RevocationMode,
                    chainPolicy.RevocationFlag,
                    chainPolicy.CustomTrustStore,
                    chainPolicy.TrustMode,
                    chainPolicy.VerificationTime,
                    chainPolicy.UrlRetrievalTimeout
                    );
                if (_pal == null)
                {
                    return(false);
                }

                _chainElements = new X509ChainElementCollection(_pal.ChainElements);

                Exception verificationException;
                bool?     verified = _pal.Verify(chainPolicy.VerificationFlags, out verificationException);
                if (!verified.HasValue)
                {
                    if (throwOnException)
                    {
                        throw verificationException;
                    }
                    else
                    {
                        verified = false;
                    }
                }

                return(verified.Value);
            }
        }
Esempio n. 8
0
        public static IChainPal BuildChain(
            bool useMachineContext,
            ICertificatePal cert,
            X509Certificate2Collection extraStore,
            OidCollection applicationPolicy,
            OidCollection certificatePolicy,
            X509RevocationMode revocationMode,
            X509RevocationFlag revocationFlag,
            DateTime verificationTime,
            TimeSpan timeout)
        {
            // An input value of 0 on the timeout is "take all the time you need".
            if (timeout == TimeSpan.Zero)
            {
                timeout = TimeSpan.MaxValue;
            }

            // Let Unspecified mean Local, so only convert if the source was UTC.
            //
            // Converge on Local instead of UTC because OpenSSL is going to assume we gave it
            // local time.
            if (verificationTime.Kind == DateTimeKind.Utc)
            {
                verificationTime = verificationTime.ToLocalTime();
            }

            TimeSpan remainingDownloadTime = timeout;

            using (var leaf = new X509Certificate2(cert.Handle))
            {
                var downloaded    = new HashSet <X509Certificate2>();
                var systemTrusted = new HashSet <X509Certificate2>();

                HashSet <X509Certificate2> candidates = OpenSslX509ChainProcessor.FindCandidates(
                    leaf,
                    extraStore,
                    downloaded,
                    systemTrusted,
                    ref remainingDownloadTime);

                IChainPal chain = OpenSslX509ChainProcessor.BuildChain(
                    leaf,
                    candidates,
                    downloaded,
                    systemTrusted,
                    applicationPolicy,
                    certificatePolicy,
                    revocationMode,
                    revocationFlag,
                    verificationTime,
                    ref remainingDownloadTime);

#if DEBUG
                if (chain.ChainElements.Length > 0)
                {
                    X509Certificate2 reportedLeaf = chain.ChainElements[0].Certificate;
                    Debug.Assert(reportedLeaf != null, "reportedLeaf != null");
                    Debug.Assert(reportedLeaf.Equals(leaf), "reportedLeaf.Equals(leaf)");
                    Debug.Assert(!ReferenceEquals(reportedLeaf, leaf), "!ReferenceEquals(reportedLeaf, leaf)");
                }
#endif

                if (chain.ChainStatus.Length == 0 && downloaded.Count > 0)
                {
                    SaveIntermediateCertificates(chain.ChainElements, downloaded);
                }

                // Everything we put into the chain has been cloned, dispose all the originals.
                systemTrusted.DisposeAll();
                downloaded.DisposeAll();

                // Candidate certs which came from extraStore should NOT be disposed, since they came
                // from outside.
                var extraStoreByReference = new HashSet <X509Certificate2>(
                    ReferenceEqualityComparer <X509Certificate2> .Instance);

                foreach (X509Certificate2 extraCert in extraStore)
                {
                    extraStoreByReference.Add(extraCert);
                }

                foreach (X509Certificate2 candidate in candidates)
                {
                    if (!extraStoreByReference.Contains(candidate))
                    {
                        candidate.Dispose();
                    }
                }

                return(chain);
            }
        }
Esempio n. 9
0
 public X509Chain(IntPtr chainContext)
 {
     _pal = ChainPal.FromHandle(chainContext);
     Debug.Assert(_pal != null);
     _chainElements = new X509ChainElementCollection(_pal.ChainElements);
 }
Esempio n. 10
0
        internal bool Build(X509Certificate2 certificate, bool throwOnException)
        {
            lock (_syncRoot)
            {
                if (certificate == null)
                    throw new ArgumentException(SR.Cryptography_InvalidContextHandle, nameof(certificate));

                Reset();

                X509ChainPolicy chainPolicy = ChainPolicy;
                _pal = ChainPal.BuildChain(
                    _useMachineContext,
                    certificate.Pal,
                    chainPolicy.ExtraStore,
                    chainPolicy.ApplicationPolicy,
                    chainPolicy.CertificatePolicy,
                    chainPolicy.RevocationMode,
                    chainPolicy.RevocationFlag,
                    chainPolicy.VerificationTime,
                    chainPolicy.UrlRetrievalTimeout
                    );
                if (_pal == null)
                    return false;

                _chainElements = new X509ChainElementCollection(_pal.ChainElements);

                Exception verificationException;
                bool? verified = _pal.Verify(chainPolicy.VerificationFlags, out verificationException);
                if (!verified.HasValue)
                {
                    if (throwOnException)
                    {
                        throw verificationException;
                    }
                    else
                    {
                        verified = false;
                    }
                }

                return verified.Value;
            }
        }
Esempio n. 11
0
        public void Reset()
        {
            // _chainPolicy is not reset for desktop compat
            _lazyChainStatus = null;
            _chainElements = null;
            _useMachineContext = false;

            IChainPal pal = _pal;
            _pal = null;
            if (pal != null)
                pal.Dispose();
        }