public virtual void ValidateHttpEndpoint(Models.Endpoint endpoint, X509Chain?chain, SslPolicyErrors sslPolicyErrors)
{
if (endpoint.GetHttpIgnoreTlsCerts())
{
return; // Everything is OK
}
chain ??= new X509Chain();
var customCertPem = endpoint.GetHttpCustomTlsCert();
if (!string.IsNullOrWhiteSpace(customCertPem))
{
if (sslPolicyErrors.HasFlag(SslPolicyErrors.RemoteCertificateNotAvailable))
{
// Unacceptable errors are present; throw
throw GetAppropriateException(false, chain, sslPolicyErrors, false);
}
foreach (var el in chain.ChainElements)
{
if (el.ChainElementStatus != null && el.ChainElementStatus.Length > 0)
{
foreach (var status in el.ChainElementStatus)
{
if (status.Status == X509ChainStatusFlags.NoError)
{
continue;
}
if (status.Status.HasFlag(X509ChainStatusFlags.Cyclic) || status.Status.HasFlag(X509ChainStatusFlags.ExplicitDistrust) || status.Status.HasFlag(X509ChainStatusFlags.NotSignatureValid) || status.Status.HasFlag(X509ChainStatusFlags.Revoked))
{
// Unacceptable errors are present; throw
throw GetAppropriateException(false, chain, sslPolicyErrors, false);
}
}
}
}
// Everything looks good so far; load the custom cert
var cert = LoadCert(false, customCertPem);
foreach (var el in chain.ChainElements)
{
if (el.Certificate.Thumbprint.Equals(cert.Thumbprint))
{
// Got a matching cert; everything is okay
return;
}
}
throw GetAppropriateException(false, chain, sslPolicyErrors, true);
}
else
{
// Use existing status information
if (sslPolicyErrors == SslPolicyErrors.None)
{
return; // OK
}
throw GetAppropriateException(false, chain, sslPolicyErrors, false);
}
}
public SimulatorFactory(IMemoryCache cache, IHttpContextAccessor context, Settings settings)
{
_key = settings.Instance.GetSecretKey();
_private = settings.Instance.GetPrivateKey();
_config = settings.Endpoints.Simulator;
_orkId = settings.Instance.Username;
_cache = cache;
_context = context.HttpContext;
}
