public virtual Task AuthenticateAsClientAsync(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation) { var t = Tuple.Create(targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation, this); return(Task.Factory.FromAsync((callback, state) => { var d = (Tuple <string, X509CertificateCollection, SslProtocols, bool, SslStream>)state; return d.Item5.BeginAuthenticateAsClient(d.Item1, d.Item2, d.Item3, d.Item4, callback, null); }, EndAuthenticateAsClient, t)); }
/* * AsymmetricAlgorithm GetPrivateKey (X509Certificate cert, string targetHost) * { * // FIXME: what can I do for non-X509Certificate2 ? * X509Certificate2 cert2 = cert as X509Certificate2; * return cert2 != null ? cert2.PrivateKey : null; * } */ X509Certificate OnCertificateSelection(X509CertificateCollection clientCerts, X509Certificate serverCert, string targetHost, X509CertificateCollection serverRequestedCerts) { string[] acceptableIssuers = new string[serverRequestedCerts != null ? serverRequestedCerts.Count : 0]; for (int i = 0; i < acceptableIssuers.Length; i++) { acceptableIssuers[i] = serverRequestedCerts[i].GetIssuerName(); } return(selection_callback(this, targetHost, clientCerts, serverCert, acceptableIssuers)); }
public virtual void AuthenticateAsClient(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation) { EndAuthenticateAsClient(BeginAuthenticateAsClient( targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation, null, null)); }
public virtual IAsyncResult BeginAuthenticateAsClient(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState) { if (IsAuthenticated) { throw new InvalidOperationException("This SslStream is already authenticated"); } SslClientStream s = new SslClientStream(InnerStream, targetHost, !LeaveInnerStreamOpen, GetMonoSslProtocol(enabledSslProtocols), clientCertificates); s.CheckCertRevocationStatus = checkCertificateRevocation; // Due to the Mono.Security internal, it cannot reuse // the delegated argument, as Mono.Security creates // another instance of X509Certificate which lacks // private key but is filled the private key via this // delegate. s.PrivateKeyCertSelectionDelegate = delegate(X509Certificate cert, string host) { #if !NETCF || SSHARP string hash = cert.GetCertHashString(); // ... so, we cannot use the delegate argument. foreach (X509Certificate cc in clientCertificates) { if (cc.GetCertHashString() != hash) { continue; } X509Certificate2 cert2 = cc as X509Certificate2; cert2 = cert2 ?? new X509Certificate2(cc); return(cert2.PrivateKey); } #endif return(null); }; #if MONOTOUCH || MONODROID // Even if validation_callback is null this allows us to verify requests where the user // does not provide a verification callback but attempts to authenticate with the website // as a client (see https://bugzilla.xamarin.com/show_bug.cgi?id=18962 for an example) var helper = new ServicePointManager.ChainValidationHelper(this, targetHost); helper.ServerCertificateValidationCallback = validation_callback; s.ServerCertValidation2 += new CertificateValidationCallback2(helper.ValidateChain); #else if (validation_callback != null) { s.ServerCertValidationDelegate = delegate(X509Certificate cert, int[] certErrors) { X509Chain chain = new X509Chain(); X509Certificate2 x2 = (cert as X509Certificate2); if (x2 == null) { x2 = new X509Certificate2(cert); } #if !NETCF if (!ServicePointManager.CheckCertificateRevocationList) #endif chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; // SSL specific checks (done by Mono.Security.dll SSL/TLS implementation) SslPolicyErrors errors = SslPolicyErrors.None; foreach (int i in certErrors) { switch (i) { case -2146762490: // CERT_E_PURPOSE errors |= SslPolicyErrors.RemoteCertificateNotAvailable; break; case -2146762481: // CERT_E_CN_NO_MATCH errors |= SslPolicyErrors.RemoteCertificateNameMismatch; break; default: errors |= SslPolicyErrors.RemoteCertificateChainErrors; break; } } chain.Build(x2); // non-SSL specific X509 checks (i.e. RFC3280 related checks) foreach (X509ChainStatus status in chain.ChainStatus) { if (status.Status == X509ChainStatusFlags.NoError) { continue; } if ((status.Status & X509ChainStatusFlags.PartialChain) != 0) { errors |= SslPolicyErrors.RemoteCertificateNotAvailable; } else { errors |= SslPolicyErrors.RemoteCertificateChainErrors; } } return(validation_callback(this, cert, chain, errors)); }; } #endif if (selection_callback != null) { s.ClientCertSelectionDelegate = OnCertificateSelection; } ssl_stream = s; return(BeginWrite(new byte[0], 0, 0, asyncCallback, asyncState)); }