internal override bool RaiseServerCertificateValidation(X509Certificate certificate, int[] certificateErrors) { bool failed = (certificateErrors.Length > 0); // only one problem can be reported by this interface _status = ((failed) ? certificateErrors [0] : 0); #if NET_2_0 #pragma warning disable 618 #endif if (ServicePointManager.CertificatePolicy != null) { ServicePoint sp = _request.ServicePoint; bool res = ServicePointManager.CertificatePolicy.CheckValidationResult(sp, certificate, _request, _status); if (!res) { return(false); } failed = true; } #if NET_2_0 #pragma warning restore 618 #endif #if NET_2_0 if (HaveRemoteValidation2Callback) { return(failed); // The validation already tried the 2.0 callback } SNS.RemoteCertificateValidationCallback cb = ServicePointManager.ServerCertificateValidationCallback; if (cb != null) { SNS.SslPolicyErrors ssl_errors = 0; foreach (int i in certificateErrors) { if (i == (int)-2146762490) // TODO: is this what happens when the purpose is wrong? { ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateNotAvailable; } else if (i == (int)-2146762481) { ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateNameMismatch; } else { ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateChainErrors; } } SNCX.X509Certificate2 cert2 = new SNCX.X509Certificate2(certificate.GetRawCertData()); SNCX.X509Chain chain = new SNCX.X509Chain(); if (!chain.Build(cert2)) { ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateChainErrors; } return(cb(_request, cert2, chain, ssl_errors)); } #endif return(failed); }
public SecureSockNetworkStream(LowLevelNetworkStream socketNetworkStream, System.Security.Cryptography.X509Certificates.X509Certificate2 cert, System.Net.Security.RemoteCertificateValidationCallback remoteCertValidationCb = null) { _sslStream = new SslStream(socketNetworkStream, true, remoteCertValidationCb, null); _cert = cert; _lowLevelStreamForSSL = socketNetworkStream; _lowLevelStreamForSSL.SetRecvCompleteEventHandler(LowLevelForSSL_RecvCompleted); _lowLevelStreamForSSL.SetSendCompleteEventHandler(LowLevelForSSL_SendCompleted); _readableRecvBuffer = new ReadableRecvBuffer(); }
public static ClientContext GetSPContext(string webUrl) { TokenConstants.fedAuthRequestCtx = HttpUtility.UrlEncode(string.Format("{0}/_layouts/15/Authenticate.aspx?Source=%2f", webUrl)); EndpointAddress ep = new EndpointAddress(TokenConstants.adfsBaseUri + "/" + TokenConstants.adfsTrustPath + "/" + TokenConstants.adfsTrustEndpoint); WS2007HttpBinding binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; WSTrustChannelFactory wstcf = new WSTrustChannelFactory(binding, ep); wstcf.TrustVersion = TrustVersion.WSTrust13; NetworkCredential cred = new NetworkCredential(TokenConstants.userName, TokenConstants.pwd, TokenConstants.domain); wstcf.Credentials.Windows.ClientCredential = cred; wstcf.Credentials.UserName.UserName = cred.UserName; wstcf.Credentials.UserName.Password = cred.Password; var channel = wstcf.CreateChannel(); string[] tokenType = { "urn:oasis:names:tc:SAML:1.0:assertion", "urn:oasis:names:tc:SAML:2.0:assertion" }; RequestSecurityToken rst = new RequestSecurityToken(); rst.RequestType = RequestTypes.Issue; rst.AppliesTo = new EndpointReference(TokenConstants.adfsRealm); rst.KeyType = KeyTypes.Bearer; rst.TokenType = tokenType[0]; // Use the first one because that is what SharePoint itself uses (as observed in Fiddler). RequestSecurityTokenResponse rstr = new RequestSecurityTokenResponse(); var cbk = new System.Net.Security.RemoteCertificateValidationCallback(ValidateRemoteCertificate); ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => { return(true); }; SecurityToken token = null; try { token = channel.Issue(rst, out rstr); } finally { ServicePointManager.ServerCertificateValidationCallback = cbk; } Cookie fedAuthCookie = TransformTokenToFedAuth(((GenericXmlSecurityToken)token).TokenXml.OuterXml); TokenConstants.fedAuth.Add(fedAuthCookie); SP.ClientContext ctx = new SP.ClientContext(webUrl); ctx.ExecutingWebRequest += ctx_ExecutingWebRequest; return(ctx); }
public static void OverrideValidation() { _orgCallback = ServicePointManager.ServerCertificateValidationCallback; ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(OnValidateCertificate); ServicePointManager.Expect100Continue = true; }
internal ValidationResult ValidateChain(Mono.Security.X509.X509CertificateCollection certs) { bool user_denied = false; if (certs == null || certs.Count == 0) { return(null); } ICertificatePolicy certificatePolicy = ServicePointManager.CertificatePolicy; System.Net.Security.RemoteCertificateValidationCallback serverCertificateValidationCallback = ServicePointManager.ServerCertificateValidationCallback; System.Security.Cryptography.X509Certificates.X509Chain x509Chain = new System.Security.Cryptography.X509Certificates.X509Chain(); x509Chain.ChainPolicy = new System.Security.Cryptography.X509Certificates.X509ChainPolicy(); for (int i = 1; i < certs.Count; i++) { System.Security.Cryptography.X509Certificates.X509Certificate2 certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certs[i].RawData); x509Chain.ChainPolicy.ExtraStore.Add(certificate); } System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certs[0].RawData); int num = 0; System.Net.Security.SslPolicyErrors sslPolicyErrors = System.Net.Security.SslPolicyErrors.None; try { if (!x509Chain.Build(x509Certificate)) { sslPolicyErrors |= ServicePointManager.ChainValidationHelper.GetErrorsFromChain(x509Chain); } } catch (Exception arg) { Console.Error.WriteLine("ERROR building certificate chain: {0}", arg); Console.Error.WriteLine("Please, report this problem to the Mono team"); sslPolicyErrors |= System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors; } if (!ServicePointManager.ChainValidationHelper.CheckCertificateUsage(x509Certificate)) { sslPolicyErrors |= System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors; num = -2146762490; } if (!ServicePointManager.ChainValidationHelper.CheckServerIdentity(certs[0], this.Host)) { sslPolicyErrors |= System.Net.Security.SslPolicyErrors.RemoteCertificateNameMismatch; num = -2146762481; } bool flag = false; try { OSX509Certificates.SecTrustResult secTrustResult = OSX509Certificates.TrustEvaluateSsl(certs); flag = (secTrustResult == OSX509Certificates.SecTrustResult.Proceed || secTrustResult == OSX509Certificates.SecTrustResult.Unspecified); } catch { } if (flag) { num = 0; sslPolicyErrors = System.Net.Security.SslPolicyErrors.None; } if (certificatePolicy != null && (!(certificatePolicy is DefaultCertificatePolicy) || serverCertificateValidationCallback == null)) { ServicePoint srvPoint = null; HttpWebRequest httpWebRequest = this.sender as HttpWebRequest; if (httpWebRequest != null) { srvPoint = httpWebRequest.ServicePoint; } if (num == 0 && sslPolicyErrors != System.Net.Security.SslPolicyErrors.None) { num = ServicePointManager.ChainValidationHelper.GetStatusFromChain(x509Chain); } flag = certificatePolicy.CheckValidationResult(srvPoint, x509Certificate, httpWebRequest, num); user_denied = (!flag && !(certificatePolicy is DefaultCertificatePolicy)); } if (serverCertificateValidationCallback != null) { flag = serverCertificateValidationCallback(this.sender, x509Certificate, x509Chain, sslPolicyErrors); user_denied = !flag; } return(new ValidationResult(flag, user_denied, num)); }
public string Post(string url, string data, System.Security.Cryptography.X509Certificates.X509Certificate x509Certificate, System.Net.Security.RemoteCertificateValidationCallback remoteCertificateValidationCallback) { HttpWebRequest requestScore = (HttpWebRequest)WebRequest.Create(url); if (x509Certificate != null) { requestScore.ClientCertificates.Add(x509Certificate); } if (remoteCertificateValidationCallback != null) { ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(remoteCertificateValidationCallback); } UTF8Encoding encoding = new UTF8Encoding(); byte[] dataBytes = encoding.GetBytes(data); requestScore.Method = "Post"; requestScore.ContentType = "application/x-www-form-urlencoded"; requestScore.ContentLength = dataBytes.Length; requestScore.KeepAlive = true; Stream stream = requestScore.GetRequestStream(); stream.Write(dataBytes, 0, dataBytes.Length); stream.Close(); HttpWebResponse responseSorce = (HttpWebResponse)requestScore.GetResponse(); StreamReader reader = new StreamReader(responseSorce.GetResponseStream(), Encoding.UTF8); string content = reader.ReadToEnd(); requestScore = null; responseSorce.Close(); responseSorce = null; reader = null; stream = null; return(content); }