/// <summary>
/// Initializes a new instance of the <see cref="SslWrapping"/> class.
/// </summary>
/// <param name="clientCerts">The client certs.</param>
/// <param name="serverCerts">The server certs.</param>
/// <param name="mustCheckCertificateRevocation">Whether certificate revocation checking is enabled</param>
/// <param name="mustCheckCertificateTrustChain">Wheteher certificate trust chain checking is enabled</param>
public SslWrapping(X509Certificate[] clientCerts, X509Certificate[] serverCerts, bool mustCheckCertificateRevocation, bool mustCheckCertificateTrustChain)
: this(clientCerts, serverCerts, null, CertificateValidator.GetFlags(mustCheckCertificateRevocation, mustCheckCertificateTrustChain))
{
}
/// <summary>
/// Initializes a new instance of the <see cref="SslConnection"/> class.
/// </summary>
/// <param name="transportId">Unique Id of the transport associated with this policy</param>
/// <param name="configuration">Configuration settings</param>
public SslConnection(long transportId, Configuration configuration)
{
this.transportId = transportId;
if (configuration == null)
{
throw new ArgumentNullException(nameof(configuration));
}
if ((configuration.ClientCertificates != null || configuration.ServerCertificates != null) && configuration.Identities != null)
{
throw new ArgumentException("ClientCertificates and ServerCertificates must be null if Identities is provided");
}
this.configuration = configuration;
this.identities = configuration.Identities;
if (this.identities == null)
{
X509Certificate[] clientCertificates = this.configuration.ClientCertificates;
X509Certificate[] serverCertificates = this.configuration.ServerCertificates;
if (!configuration.StartAsClient && (serverCertificates == null || serverCertificates.Length == 0))
{
SecureTransportEventSource.Log.ServerCertificatesWereNotProvided(this.transportId);
throw new ArgumentException("Server certificates were not provided");
}
if (configuration.StartAsClient && (clientCertificates == null || clientCertificates.Length == 0))
{
SecureTransportEventSource.Log.ServerCertificatesWereNotProvided(this.transportId);
throw new ArgumentException("Client certificates were not provided");
}
this.identities = new CertIdentities();
this.identities.IsClientWithNoCertificateAllowed = clientCertificates == null && !this.FoundAnySubjectRuleMatch(configuration, AbstractCertificateRule.RoleToApply.ClientCert);
if (clientCertificates == null)
{
SecureTransportEventSource.Log.ClientCertificatesWereNotProvided(this.transportId);
clientCertificates = new X509Certificate[0];
}
if (serverCertificates == null)
{
SecureTransportEventSource.Log.ServerCertificatesWereNotProvided(this.transportId);
serverCertificates = new X509Certificate[0];
}
foreach (X509Certificate serverCertificate in serverCertificates)
{
if (serverCertificate != null)
{
string key = serverCertificate.GetSerialNumberString();
if (key != null)
{
SecureTransportEventSource.Log.SupportedServerCertificate(this.transportId, key);
}
}
else
{
throw new ArgumentException("One of the Server Certificates is null");
}
}
foreach (X509Certificate clientCertificate in clientCertificates)
{
if (clientCertificate != null)
{
string key = clientCertificate.GetSerialNumberString();
if (key != null)
{
SecureTransportEventSource.Log.SupportedClientCertificate(this.transportId, key);
}
}
else
{
throw new ArgumentException("One of the client certificates is null");
}
}
this.identities.SetClientIdentities(clientCertificates);
this.identities.SetServerIdentities(serverCertificates);
}
if (this.configuration.ExplicitRule != null)
{
this.certificateValidator = new CertificateValidator(this.configuration.ExplicitRule);
}
else
{
CertificateRulesFlags flags = CertificateValidator.GetFlags(this.configuration.MustCheckCertificateRevocation, this.configuration.MustCheckCertificateTrustChain);
if (this.configuration.SubjectValidations == null || this.configuration.SubjectValidations.Count == 0)
{
this.certificateValidator = new CertificateValidator(this.identities, flags);
}
else
{
Action <StandardValidationRuleSet> modifySet = (s) =>
{
foreach (SecureTransport.SubjectRuleValidation subjectRule in this.configuration.SubjectValidations)
{
s.AddAcceptedCertificateSubject(
subjectRule.Role,
subjectRule.SubjectValidation.CertificateSubject,
subjectRule.SubjectValidation.SigningCertThumbprints);
}
if (this.configuration.BlacklistedThumbprints != null)
{
foreach (string blacklisted in this.configuration.BlacklistedThumbprints)
{
s.AddBlacklistedCertificateThumbprint(AbstractCertificateRule.RoleToApply.AllCerts, blacklisted);
}
}
};
this.certificateValidator = new CertificateValidator(this.identities, flags, modifySet);
}
}
}
public SslWrapping(string[] clientThumbprints, string[] serverThumbprints, bool mustCheckCertificateRevocation, bool mustCheckCertificateTrustChain)
{
this.Initialize(StaticGetCertsFromThumbPrintOrFileName(clientThumbprints), StaticGetCertsFromThumbPrintOrFileName(serverThumbprints), null, CertificateValidator.GetFlags(mustCheckCertificateRevocation, mustCheckCertificateTrustChain));
}
