internal X509CertificateMono RaiseLocalCertificateSelection(X509CertificateCollectionMono certificates,
X509CertificateMono remoteCertificate,
string targetHost,
X509CertificateCollectionMono requestedCertificates)
{
return(OnLocalCertificateSelection(certificates, remoteCertificate, targetHost, requestedCertificates));
}
internal X509CertificateMono RaiseClientCertificateSelection(
X509CertificateCollectionMono clientCertificates,
X509CertificateMono serverCertificate,
string targetHost,
X509CertificateCollectionMono serverRequestedCertificates)
{
return(base.RaiseLocalCertificateSelection(clientCertificates, serverCertificate, targetHost, serverRequestedCertificates));
}
internal override bool OnRemoteCertificateValidation(X509CertificateMono certificate, int[] errors)
{
if (this.ServerCertValidation != null)
{
return(this.ServerCertValidation(certificate, errors));
}
return(errors != null && errors.Length == 0);
}
public SslClientStream(
Stream stream,
string targetHost,
X509CertificateMono clientCertificate)
: this(
stream, targetHost, false, SecurityProtocolType.Default,
new X509CertificateCollectionMono(new X509CertificateMono[] { clientCertificate }))
{
}
internal override AsymmetricAlgorithm OnLocalPrivateKeySelection(X509CertificateMono certificate, string targetHost)
{
if (this.PrivateKeySelection != null)
{
return(this.PrivateKeySelection(certificate, targetHost));
}
return(null);
}
internal override bool RaiseServerCertificateValidation(X509CertificateMono certificate, int[] certificateErrors)
{
bool failed = (certificateErrors.Length > 0);
// only one problem can be reported by this interface
_status = ((failed) ? certificateErrors [0] : 0);
#pragma warning disable 618
if (ServicePointManager.CertificatePolicy != null)
{
ServicePoint sp = _request.ServicePoint;
bool res = true;// ServicePointManager.CertificatePolicy.CheckValidationResult (sp, certificate, _request, _status);
if (!res)
{
return(false);
}
failed = true;
}
#pragma warning restore 618
if (HaveRemoteValidation2Callback)
{
return(failed); // The validation already tried the 2.0 callback
}
SNS.RemoteCertificateValidationCallback cb = ServicePointManager.ServerCertificateValidationCallback;
if (cb != null)
{
SNS.SslPolicyErrors ssl_errors = 0;
foreach (int i in certificateErrors)
{
if (i == (int)-2146762490) // TODO: is this what happens when the purpose is wrong?
{
ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateNotAvailable;
}
else if (i == (int)-2146762481)
{
ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateNameMismatch;
}
else
{
ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateChainErrors;
}
}
SNCX.X509Certificate2 cert2 = new SNCX.X509Certificate2(certificate.GetRawCertData());
SNCX.X509Chain chain = new SNCX.X509Chain();
if (!chain.Build(cert2))
{
ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateChainErrors;
}
return(cb(_request, cert2, chain, ssl_errors));
}
return(failed);
}
private void SendCertificates()
{
TlsStream chain = new TlsStream();
X509CertificateMono currentCert = this.ClientCertificate;
while (currentCert != null)
{
byte[] rawCert = currentCert.GetRawCertData();
chain.WriteInt24(rawCert.Length);
chain.Write(rawCert);
currentCert = FindParentCertificate(currentCert);
}
this.WriteInt24((int)chain.Length);
this.Write(chain.ToArray());
}
private X509CertificateMono FindParentCertificate(X509CertificateMono cert)
{
#pragma warning disable 618
// This certificate is the root certificate
if (cert.GetName() == cert.GetIssuerName())
{
return(null);
}
foreach (var certificate in this.Context.ClientSettings.Certificates)
{
if (certificate.GetName() == cert.GetIssuerName())
{
return(certificate);
}
}
return(null);
#pragma warning restore 618
}
private void GetClientCertificate()
{
// TODO: Client certificate selection is unfinished
ClientContext context = (ClientContext)this.Context;
// note: the server may ask for mutual authentication
// but may not require it (i.e. it can be optional).
if (context.ClientSettings.Certificates != null &&
context.ClientSettings.Certificates.Count > 0)
{
clientCert = context.SslStream.RaiseClientCertificateSelection(
this.Context.ClientSettings.Certificates,
new X509CertificateMono(this.Context.ServerSettings.Certificates[0].RawData),
this.Context.ClientSettings.TargetHost,
null);
// Note: the application code can raise it's
// own exception to stop the connection too.
}
// Update the selected client certificate
context.ClientSettings.ClientCertificate = clientCert;
}
internal virtual bool RaiseServerCertificateValidation(
X509CertificateMono certificate,
int[] certificateErrors)
{
return(base.RaiseRemoteCertificateValidation(certificate, certificateErrors));
}
internal override X509CertificateMono OnLocalCertificateSelection(X509CertificateCollectionMono clientCertificates, X509CertificateMono serverCertificate, string targetHost, X509CertificateCollectionMono serverRequestedCertificates)
{
if (this.ClientCertSelection != null)
{
return(this.ClientCertSelection(
clientCertificates,
serverCertificate,
targetHost,
serverRequestedCertificates));
}
return(null);
}
internal abstract AsymmetricAlgorithm OnLocalPrivateKeySelection(X509CertificateMono certificate, string targetHost);
internal abstract bool OnRemoteCertificateValidation(X509CertificateMono certificate, int[] errors);
internal abstract X509CertificateMono OnLocalCertificateSelection(X509CertificateCollectionMono clientCertificates,
X509CertificateMono serverCertificate,
string targetHost,
X509CertificateCollectionMono serverRequestedCertificates);
internal bool RaiseRemoteCertificateValidation(X509CertificateMono certificate, int[] errors)
{
return(OnRemoteCertificateValidation(certificate, errors));
}
internal AsymmetricAlgorithm RaisePrivateKeySelection(
X509CertificateMono certificate,
string targetHost)
{
return(base.RaiseLocalPrivateKeySelection(certificate, targetHost));
}
internal override X509CertificateMono OnLocalCertificateSelection(X509CertificateCollectionMono clientCertificates, X509CertificateMono serverCertificate, string targetHost, X509CertificateCollectionMono serverRequestedCertificates)
{
throw new NotSupportedException();
}
