/// <summary> /// Initializes a new instance of the <see cref="SslWrapping"/> class. /// </summary> /// <param name="clientCerts">The client certs.</param> /// <param name="serverCerts">The server certs.</param> /// <param name="mustCheckCertificateRevocation">Whether certificate revocation checking is enabled</param> /// <param name="mustCheckCertificateTrustChain">Wheteher certificate trust chain checking is enabled</param> public SslWrapping(X509Certificate[] clientCerts, X509Certificate[] serverCerts, bool mustCheckCertificateRevocation, bool mustCheckCertificateTrustChain) : this(clientCerts, serverCerts, null, CertificateValidator.GetFlags(mustCheckCertificateRevocation, mustCheckCertificateTrustChain)) { }
/// <summary> /// Initializes a new instance of the <see cref="SslConnection"/> class. /// </summary> /// <param name="transportId">Unique Id of the transport associated with this policy</param> /// <param name="configuration">Configuration settings</param> public SslConnection(long transportId, Configuration configuration) { this.transportId = transportId; if (configuration == null) { throw new ArgumentNullException(nameof(configuration)); } if ((configuration.ClientCertificates != null || configuration.ServerCertificates != null) && configuration.Identities != null) { throw new ArgumentException("ClientCertificates and ServerCertificates must be null if Identities is provided"); } this.configuration = configuration; this.identities = configuration.Identities; if (this.identities == null) { X509Certificate[] clientCertificates = this.configuration.ClientCertificates; X509Certificate[] serverCertificates = this.configuration.ServerCertificates; if (!configuration.StartAsClient && (serverCertificates == null || serverCertificates.Length == 0)) { SecureTransportEventSource.Log.ServerCertificatesWereNotProvided(this.transportId); throw new ArgumentException("Server certificates were not provided"); } if (configuration.StartAsClient && (clientCertificates == null || clientCertificates.Length == 0)) { SecureTransportEventSource.Log.ServerCertificatesWereNotProvided(this.transportId); throw new ArgumentException("Client certificates were not provided"); } this.identities = new CertIdentities(); this.identities.IsClientWithNoCertificateAllowed = clientCertificates == null && !this.FoundAnySubjectRuleMatch(configuration, AbstractCertificateRule.RoleToApply.ClientCert); if (clientCertificates == null) { SecureTransportEventSource.Log.ClientCertificatesWereNotProvided(this.transportId); clientCertificates = new X509Certificate[0]; } if (serverCertificates == null) { SecureTransportEventSource.Log.ServerCertificatesWereNotProvided(this.transportId); serverCertificates = new X509Certificate[0]; } foreach (X509Certificate serverCertificate in serverCertificates) { if (serverCertificate != null) { string key = serverCertificate.GetSerialNumberString(); if (key != null) { SecureTransportEventSource.Log.SupportedServerCertificate(this.transportId, key); } } else { throw new ArgumentException("One of the Server Certificates is null"); } } foreach (X509Certificate clientCertificate in clientCertificates) { if (clientCertificate != null) { string key = clientCertificate.GetSerialNumberString(); if (key != null) { SecureTransportEventSource.Log.SupportedClientCertificate(this.transportId, key); } } else { throw new ArgumentException("One of the client certificates is null"); } } this.identities.SetClientIdentities(clientCertificates); this.identities.SetServerIdentities(serverCertificates); } if (this.configuration.ExplicitRule != null) { this.certificateValidator = new CertificateValidator(this.configuration.ExplicitRule); } else { CertificateRulesFlags flags = CertificateValidator.GetFlags(this.configuration.MustCheckCertificateRevocation, this.configuration.MustCheckCertificateTrustChain); if (this.configuration.SubjectValidations == null || this.configuration.SubjectValidations.Count == 0) { this.certificateValidator = new CertificateValidator(this.identities, flags); } else { Action <StandardValidationRuleSet> modifySet = (s) => { foreach (SecureTransport.SubjectRuleValidation subjectRule in this.configuration.SubjectValidations) { s.AddAcceptedCertificateSubject( subjectRule.Role, subjectRule.SubjectValidation.CertificateSubject, subjectRule.SubjectValidation.SigningCertThumbprints); } if (this.configuration.BlacklistedThumbprints != null) { foreach (string blacklisted in this.configuration.BlacklistedThumbprints) { s.AddBlacklistedCertificateThumbprint(AbstractCertificateRule.RoleToApply.AllCerts, blacklisted); } } }; this.certificateValidator = new CertificateValidator(this.identities, flags, modifySet); } } }
public SslWrapping(string[] clientThumbprints, string[] serverThumbprints, bool mustCheckCertificateRevocation, bool mustCheckCertificateTrustChain) { this.Initialize(StaticGetCertsFromThumbPrintOrFileName(clientThumbprints), StaticGetCertsFromThumbPrintOrFileName(serverThumbprints), null, CertificateValidator.GetFlags(mustCheckCertificateRevocation, mustCheckCertificateTrustChain)); }