private void ConnectCallback(IAsyncResult ar)
{
try
{
this.m_socket.EndConnect(ar);
if (!this.m_socket.Connected)
{
s_log.LogWarning("Failed to connect.");
this.ExecuteBeginConnectDelegate(true);
}
else
{
RemoteCertificateValidationCallback userCertificateValidationCallback = new RemoteCertificateValidationCallback(SslSocket.OnValidateServerCertificate);
this.m_sslStream = new SslStream(new NetworkStream(this.m_socket, true), false, userCertificateValidationCallback);
SslStreamValidationContext context = new SslStreamValidationContext {
m_socket = this
};
s_streamValidationContexts.Add(this.m_sslStream, context);
this.m_sslStream.BeginAuthenticateAsClient(this.m_address, new AsyncCallback(this.OnAuthenticateAsClient), null);
}
}
catch (Exception exception)
{
object[] args = new object[] { exception };
s_log.LogWarning("Exception while trying to authenticate. {0}", args);
this.ExecuteBeginConnectDelegate(true);
}
}
private static bool OnValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
SslStream stream = (SslStream)sender;
SslStreamValidationContext context = s_streamValidationContexts[stream];
SslSocket socket = context.m_socket;
List <string> commonNamesFromCertSubject = GetCommonNamesFromCertSubject(certificate.Subject);
bool flag = false;
if ((socket.m_bundleInfo != null) && socket.m_bundleInfo.isUsingCertBundle)
{
byte[] certBundleBytes = socket.m_bundleInfo.certBundleBytes;
if (socket.m_bundleInfo.isCertBundleSigned)
{
if (!VerifyBundleSignature(socket.m_bundleInfo.certBundleBytes))
{
return(false);
}
certBundleBytes = GetUnsignedBundleBytes(socket.m_bundleInfo.certBundleBytes);
}
byte[] publicKey = certificate.GetPublicKey();
foreach (string str in commonNamesFromCertSubject)
{
if (IsWhitelistedInCertBundle(certBundleBytes, str, publicKey))
{
flag = true;
break;
}
}
if (!flag)
{
return(false);
}
}
bool flag3 = IsCertSignedByBlizzard(certificate);
bool flag4 = false;
flag4 = true;
bool flag5 = (!flag3 && flag4) && (chain.ChainElements.Count == 1);
try
{
if (sslPolicyErrors != SslPolicyErrors.None)
{
SslPolicyErrors errors = (!flag3 && !flag5) ? SslPolicyErrors.None : (SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNotAvailable);
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) != SslPolicyErrors.None)
{
string resolvedAddress = socket.m_resolvedAddress;
foreach (string str3 in commonNamesFromCertSubject)
{
if (str3.Equals(resolvedAddress))
{
errors |= SslPolicyErrors.RemoteCertificateNameMismatch;
break;
}
}
}
if ((sslPolicyErrors & ~errors) != SslPolicyErrors.None)
{
object[] args = new object[] { sslPolicyErrors };
s_log.LogWarning("Failed policy check. {0}", args);
return(false);
}
}
if (chain.ChainElements == null)
{
s_log.LogWarning("ChainElements is null");
return(false);
}
X509ChainElementEnumerator enumerator = chain.ChainElements.GetEnumerator();
while (enumerator.MoveNext())
{
X509ChainElement current = enumerator.Current;
object[] objArray2 = new object[] { current.Certificate.Thumbprint };
s_log.LogDebug("Certificate Thumbprint: {0}", objArray2);
foreach (X509ChainStatus status in current.ChainElementStatus)
{
object[] objArray3 = new object[] { status.Status };
s_log.LogDebug(" Certificate Status: {0}", objArray3);
}
}
bool flag6 = false;
if (flag3 && (chain.ChainElements.Count == 1))
{
chain.ChainPolicy.ExtraStore.Add(s_rootCertificate);
chain.Build(new X509Certificate2(certificate));
flag6 = true;
}
int num2 = !flag3 ? 3 : 2;
if (flag4 && !flag6)
{
num2 = 1;
}
if (chain.ChainElements.Count != num2)
{
object[] objArray4 = new object[] { chain.ChainElements.Count };
s_log.LogWarning("ChainElements.Count is {0}", objArray4);
return(false);
}
for (int i = 0; i < num2; i++)
{
if (chain.ChainElements[i] == null)
{
s_log.LogWarning("ChainElements[" + i + "] is null");
return(false);
}
}
if (flag3)
{
string str4;
if (ApplicationMgr.GetMobileEnvironment() == MobileEnv.PRODUCTION)
{
str4 = "673D9D1072B625CAD95CB47BF0F0F512233E39FD";
}
else
{
str4 = "C0805E3CF51F1A56CE9E6E35CB4F4901B68128B7";
}
if (chain.ChainElements[1].Certificate.Thumbprint != str4)
{
s_log.LogWarning("Root certificate thumb print check failure");
object[] objArray5 = new object[] { str4 };
s_log.LogWarning(" expected: {0}", objArray5);
object[] objArray6 = new object[] { chain.ChainElements[1].Certificate.Thumbprint };
s_log.LogWarning(" received: {0}", objArray6);
return(false);
}
}
for (int j = 0; j < num2; j++)
{
if (DateTime.Now > chain.ChainElements[j].Certificate.NotAfter)
{
s_log.LogWarning("ChainElements[" + j + "] certificate is expired.");
return(false);
}
}
X509ChainElementEnumerator enumerator4 = chain.ChainElements.GetEnumerator();
while (enumerator4.MoveNext())
{
foreach (X509ChainStatus status2 in enumerator4.Current.ChainElementStatus)
{
if ((!flag3 && !flag6) || (status2.Status != X509ChainStatusFlags.UntrustedRoot))
{
object[] objArray7 = new object[] { status2.Status };
s_log.LogWarning("Found unexpected chain error={0}.", objArray7);
return(false);
}
}
}
}
catch (Exception exception)
{
object[] objArray8 = new object[] { exception };
s_log.LogWarning("Exception while trying to validate certificate. {0}", objArray8);
return(false);
}
return(true);
}
