bool CreateStream(HttpWebRequest request) { try { NetworkStream serverStream = new NetworkStream(socket, false); if (request.Address.Scheme == Uri.UriSchemeHttps) { ssl = true; EnsureSSLStreamAvailable(); if (!reused || nstream == null || nstream.GetType() != sslStream) { byte [] buffer = null; if (sPoint.UseConnect) { bool ok = CreateTunnel(request, serverStream, out buffer); if (!ok) { return(false); } } object[] args = new object [4] { serverStream, request.ClientCertificates, request, buffer }; nstream = (Stream)Activator.CreateInstance(sslStream, args); #if SECURITY_DEP SslClientStream scs = (SslClientStream)nstream; var helper = new ServicePointManager.ChainValidationHelper(request); scs.ServerCertValidation2 += new CertificateValidationCallback2(helper.ValidateChain); #endif certsAvailable = false; } // we also need to set ServicePoint.Certificate // and ServicePoint.ClientCertificate but this can // only be done later (after handshake - which is // done only after a read operation). } else { ssl = false; nstream = serverStream; } } catch (Exception) { if (!request.Aborted) { status = WebExceptionStatus.ConnectFailure; } return(false); } return(true); }
private bool CreateStream(HttpWebRequest request) { try { NetworkStream networkStream = new NetworkStream(socket, owns_socket: false); if (request.Address.Scheme == Uri.UriSchemeHttps) { ssl = true; EnsureSSLStreamAvailable(); if (!reused || nstream == null || nstream.GetType() != sslStream) { byte[] array = null; if (sPoint.UseConnect && !CreateTunnel(request, networkStream, out array)) { return(false); } object[] args = new object[4] { networkStream, request.ClientCertificates, request, array }; nstream = (Stream)Activator.CreateInstance(sslStream, args); SslClientStream sslClientStream = (SslClientStream)nstream; ServicePointManager.ChainValidationHelper @object = new ServicePointManager.ChainValidationHelper(request); sslClientStream.ServerCertValidation2 += @object.ValidateChain; certsAvailable = false; } } else { ssl = false; nstream = networkStream; } } catch (Exception) { if (!request.Aborted) { status = WebExceptionStatus.ConnectFailure; } return(false); IL_011e :; } return(true); }
private bool CreateStream(HttpWebRequest request) { try { System.Net.Sockets.NetworkStream networkStream = new System.Net.Sockets.NetworkStream(this.socket, false); if (request.Address.Scheme == System.Uri.UriSchemeHttps) { this.ssl = true; WebConnection.EnsureSSLStreamAvailable(); if (!this.reused || this.nstream == null || this.nstream.GetType() != WebConnection.sslStream) { byte[] array = null; if (this.sPoint.UseConnect && !this.CreateTunnel(request, networkStream, out array)) { return(false); } object[] args = new object[] { networkStream, request.ClientCertificates, request, array }; this.nstream = (Stream)Activator.CreateInstance(WebConnection.sslStream, args); SslClientStream sslClientStream = (SslClientStream)this.nstream; ServicePointManager.ChainValidationHelper @object = new ServicePointManager.ChainValidationHelper(request); sslClientStream.ServerCertValidation2 += @object.ValidateChain; this.certsAvailable = false; } } else { this.ssl = false; this.nstream = networkStream; } } catch (Exception) { if (!request.Aborted) { this.status = WebExceptionStatus.ConnectFailure; } return(false); } return(true); }
bool CreateStream (HttpWebRequest request) { try { NetworkStream serverStream = new NetworkStream (socket, false); if (request.Address.Scheme == Uri.UriSchemeHttps) { ssl = true; EnsureSSLStreamAvailable (); if (!reused || nstream == null || nstream.GetType () != sslStream) { byte [] buffer = null; if (sPoint.UseConnect) { bool ok = CreateTunnel (request, serverStream, out buffer); if (!ok) return false; } object[] args = new object [4] { serverStream, request.ClientCertificates, request, buffer}; nstream = (Stream) Activator.CreateInstance (sslStream, args); #if SECURITY_DEP SslClientStream scs = (SslClientStream) nstream; var helper = new ServicePointManager.ChainValidationHelper (request); scs.ServerCertValidation2 += new CertificateValidationCallback2 (helper.ValidateChain); #endif certsAvailable = false; } // we also need to set ServicePoint.Certificate // and ServicePoint.ClientCertificate but this can // only be done later (after handshake - which is // done only after a read operation). } else { ssl = false; nstream = serverStream; } } catch (Exception) { if (!request.Aborted) status = WebExceptionStatus.ConnectFailure; return false; } return true; }
public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState) { if (IsAuthenticated) throw new InvalidOperationException ("This SslStream is already authenticated"); SslClientStream s = new SslClientStream (InnerStream, targetHost, !LeaveInnerStreamOpen, GetMonoSslProtocol (enabledSslProtocols), clientCertificates); s.CheckCertRevocationStatus = checkCertificateRevocation; // Due to the Mono.Security internal, it cannot reuse // the delegated argument, as Mono.Security creates // another instance of X509Certificate which lacks // private key but is filled the private key via this // delegate. s.PrivateKeyCertSelectionDelegate = delegate (X509Certificate cert, string host) { string hash = cert.GetCertHashString (); // ... so, we cannot use the delegate argument. foreach (X509Certificate cc in clientCertificates) { if (cc.GetCertHashString () != hash) continue; X509Certificate2 cert2 = cc as X509Certificate2; cert2 = cert2 ?? new X509Certificate2 (cc); return cert2.PrivateKey; } return null; }; #if MONOTOUCH || MONODROID // Even if validation_callback is null this allows us to verify requests where the user // does not provide a verification callback but attempts to authenticate with the website // as a client (see https://bugzilla.xamarin.com/show_bug.cgi?id=18962 for an example) var helper = new ServicePointManager.ChainValidationHelper (this, targetHost); helper.ServerCertificateValidationCallback = validation_callback; s.ServerCertValidation2 += new CertificateValidationCallback2 (helper.ValidateChain); #else if (validation_callback != null) { s.ServerCertValidationDelegate = delegate (X509Certificate cert, int [] certErrors) { X509Chain chain = new X509Chain (); X509Certificate2 x2 = (cert as X509Certificate2); if (x2 == null) x2 = new X509Certificate2 (cert); if (!ServicePointManager.CheckCertificateRevocationList) chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; // SSL specific checks (done by Mono.Security.dll SSL/TLS implementation) SslPolicyErrors errors = SslPolicyErrors.None; foreach (int i in certErrors) { switch (i) { case -2146762490: // CERT_E_PURPOSE errors |= SslPolicyErrors.RemoteCertificateNotAvailable; break; case -2146762481: // CERT_E_CN_NO_MATCH errors |= SslPolicyErrors.RemoteCertificateNameMismatch; break; default: errors |= SslPolicyErrors.RemoteCertificateChainErrors; break; } } chain.Build (x2); // non-SSL specific X509 checks (i.e. RFC3280 related checks) foreach (X509ChainStatus status in chain.ChainStatus) { if (status.Status == X509ChainStatusFlags.NoError) continue; if ((status.Status & X509ChainStatusFlags.PartialChain) != 0) errors |= SslPolicyErrors.RemoteCertificateNotAvailable; else errors |= SslPolicyErrors.RemoteCertificateChainErrors; } return validation_callback (this, cert, chain, errors); }; } #endif if (selection_callback != null) s.ClientCertSelectionDelegate = OnCertificateSelection; ssl_stream = s; return BeginWrite (new byte [0], 0, 0, asyncCallback, asyncState); }