Esempio n. 1
0
        bool InvokeSystemValidator(string targetHost, bool serverMode, X509CertificateCollection certificates, X509Chain chain, ref MonoSslPolicyErrors xerrors, ref int status11)
        {
            var errors = (SslPolicyErrors)xerrors;
            var result = SystemCertificateValidator.Evaluate(settings, targetHost, certificates, chain, ref errors, ref status11);

            xerrors = (MonoSslPolicyErrors)errors;
            return(result);
        }
Esempio n. 2
0
        public override bool ValidateCertificate(ChainValidationHelper validator, string targetHost, bool serverMode,
                                                 X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain, ref SslPolicyErrors errors,
                                                 ref int status11)
        {
            if (wantsChain)
            {
                chain = SystemCertificateValidator.CreateX509Chain(certificates);
            }
            var result = SystemCertificateValidator.Evaluate(validator.Settings, targetHost, certificates, chain,
                                                             ref errors, ref status11);

            return(result);
        }
Esempio n. 3
0
        internal override bool ValidateCertificate(
            MSI.ICertificateValidator2 validator, string targetHost, bool serverMode,
            X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain,
            ref MSI.MonoSslPolicyErrors errors, ref int status11)
        {
            if (wantsChain)
            {
                chain = SystemCertificateValidator.CreateX509Chain(certificates);
            }
            var xerrors = (SslPolicyErrors)errors;
            var result  = SystemCertificateValidator.Evaluate(validator.Settings, targetHost, certificates, chain, ref xerrors, ref status11);

            errors = (MSI.MonoSslPolicyErrors)xerrors;
            return(result);
        }
Esempio n. 4
0
        ValidationResult ValidateChain(string host, bool server, X509Certificate leaf,
                                       ref X509Chain chain, X509CertificateCollection certs,
                                       SslPolicyErrors errors)
        {
            // user_denied is true if the user callback is called and returns false
            bool user_denied = false;
            bool result      = false;

            var hasCallback = certValidationCallback != null || callbackWrapper != null;

            if (tlsStream != null)
            {
                request.ServicePoint.UpdateServerCertificate(leaf);
            }

            if (leaf == null)
            {
                errors |= SslPolicyErrors.RemoteCertificateNotAvailable;
                if (hasCallback)
                {
                    if (callbackWrapper != null)
                    {
                        result = callbackWrapper.Invoke(certValidationCallback, leaf, null, (MonoSslPolicyErrors)errors);
                    }
                    else
                    {
                        result = certValidationCallback.Invoke(sender, leaf, null, errors);
                    }
                    user_denied = !result;
                }
                return(new ValidationResult(result, user_denied, 0, (MonoSslPolicyErrors)errors));
            }

            // Ignore port number when validating certificates.
            if (!string.IsNullOrEmpty(host))
            {
                var pos = host.IndexOf(':');
                if (pos > 0)
                {
                    host = host.Substring(0, pos);
                }
            }

            ICertificatePolicy policy = ServicePointManager.GetLegacyCertificatePolicy();

            int status11 = 0;             // Error code passed to the obsolete ICertificatePolicy callback

            bool wantsChain = SystemCertificateValidator.NeedsChain(settings);

            if (!wantsChain && hasCallback)
            {
                if (settings == null || settings.CallbackNeedsCertificateChain)
                {
                    wantsChain = true;
                }
            }

            var xerrors = (MonoSslPolicyErrors)errors;

            result = provider.ValidateCertificate(this, host, server, certs, wantsChain, ref chain, ref xerrors, ref status11);
            errors = (SslPolicyErrors)xerrors;

            if (status11 == 0 && errors != 0)
            {
                // TRUST_E_FAIL
                status11 = unchecked ((int)0x800B010B);
            }

            if (policy != null && (!(policy is DefaultCertificatePolicy) || certValidationCallback == null))
            {
                ServicePoint sp = null;
                if (request != null)
                {
                    sp = request.ServicePointNoLock;
                }

                // pre 2.0 callback
                result      = policy.CheckValidationResult(sp, leaf, request, status11);
                user_denied = !result && !(policy is DefaultCertificatePolicy);
            }
            // If there's a 2.0 callback, it takes precedence
            if (hasCallback)
            {
                if (callbackWrapper != null)
                {
                    result = callbackWrapper.Invoke(certValidationCallback, leaf, chain, (MonoSslPolicyErrors)errors);
                }
                else
                {
                    result = certValidationCallback.Invoke(sender, leaf, chain, errors);
                }
                user_denied = !result;
            }
            return(new ValidationResult(result, user_denied, status11, (MonoSslPolicyErrors)errors));
        }
        ValidationResult ValidateChain(string host, bool server, XX509CertificateCollection certs, SslPolicyErrors errors)
        {
            // user_denied is true if the user callback is called and returns false
            bool user_denied = false;
            bool result      = false;

            var hasCallback = certValidationCallback != null || callbackWrapper != null;

            X509Certificate leaf;

            if (certs == null || certs.Count == 0)
            {
                leaf = null;
            }
            else
            {
                leaf = certs [0];
            }

            if (tlsStream != null)
            {
                request.ServicePoint.SetServerCertificate(leaf);
            }

            if (leaf == null)
            {
                errors |= SslPolicyErrors.RemoteCertificateNotAvailable;
                if (hasCallback)
                {
                    if (callbackWrapper != null)
                    {
                        result = callbackWrapper.Invoke(certValidationCallback, leaf, null, (MonoSslPolicyErrors)errors);
                    }
                    else
                    {
                        result = certValidationCallback.Invoke(sender, leaf, null, errors);
                    }
                    user_denied = !result;
                }
                return(new ValidationResult(result, user_denied, 0, (MonoSslPolicyErrors)errors));
            }

            ICertificatePolicy policy = ServicePointManager.GetLegacyCertificatePolicy();

            int       status11 = 0;       // Error code passed to the obsolete ICertificatePolicy callback
            X509Chain chain    = null;

            bool wantsChain = SystemCertificateValidator.NeedsChain(settings);

            if (!wantsChain && hasCallback)
            {
                if (settings == null || settings.CallbackNeedsCertificateChain)
                {
                    wantsChain = true;
                }
            }

            if (wantsChain)
            {
                chain = SystemCertificateValidator.CreateX509Chain(certs);
            }

            if (wantsChain || SystemCertificateValidator.NeedsChain(settings))
            {
                SystemCertificateValidator.BuildX509Chain(certs, chain, ref errors, ref status11);
            }

            bool providerValidated = false;

            if (provider != null && provider.HasCustomSystemCertificateValidator)
            {
                var xerrors = (MonoSslPolicyErrors)errors;
                var xchain  = (XX509Chain)(object)chain;
                providerValidated = provider.InvokeSystemCertificateValidator(this, host, server, certs, xchain, out result, ref xerrors, ref status11);
                errors            = (SslPolicyErrors)xerrors;
            }

            if (!providerValidated)
            {
                result = SystemCertificateValidator.Evaluate(settings, host, certs, chain, ref errors, ref status11);
            }

            if (policy != null && (!(policy is DefaultCertificatePolicy) || certValidationCallback == null))
            {
                ServicePoint sp = null;
                if (request != null)
                {
                    sp = request.ServicePointNoLock;
                }
                if (status11 == 0 && errors != 0)
                {
                    // TRUST_E_FAIL
                    status11 = unchecked ((int)0x800B010B);
                }

                // pre 2.0 callback
                result      = policy.CheckValidationResult(sp, leaf, request, status11);
                user_denied = !result && !(policy is DefaultCertificatePolicy);
            }
            // If there's a 2.0 callback, it takes precedence
            if (hasCallback)
            {
                if (callbackWrapper != null)
                {
                    result = callbackWrapper.Invoke(certValidationCallback, leaf, chain, (MonoSslPolicyErrors)errors);
                }
                else
                {
                    result = certValidationCallback.Invoke(sender, leaf, chain, errors);
                }
                user_denied = !result;
            }
            return(new ValidationResult(result, user_denied, status11, (MonoSslPolicyErrors)errors));
        }