예제 #1
0
 public CertProcessor(ICertProcessorConfig config)
 {
     Config           = config;
     _warningStatuses = X509ChainStatusFlags2.AboutExpire
                        | X509ChainStatusFlags2.WeakRsaPublicKey
                        | X509ChainStatusFlags2.HasWeakSignature;
 }
예제 #2
0
        static Boolean serverCertificateValidationCallback(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
        {
            lock (_lock) {
                var request = (HttpWebRequest)sender;
                // normally, the key is presented, but the call to CT may mess this, so silently skip it.
                if (!_syncTable.ContainsKey(request.RequestUri.ToString()))
                {
                    return(sslPolicyErrors == SslPolicyErrors.None && chain.ChainStatus.All(x => x.Status == X509ChainStatusFlags.NoError));
                }
                CertProcessor        processor = _syncTable[request.RequestUri.ToString()];
                ServerObjectWrapper  entry     = processor.Entry;
                ICertProcessorConfig config    = processor.Config;

                entry.InternalChain = new X509Chain(!config.AllowUserTrust);
                if (processor.redirected)
                {
                    if (!processor._visitedNames.Add(request.Address.Host))
                    {
                        entry.ServerObject.Log.AppendLine(
                            $"We are redirected to an already visited host: {request.Address.Host}. Stop execution.");
                        processor.shouldProceed   = false;
                        request.AllowAutoRedirect = false;
                        return(true);
                    }
                    entry.ServerObject.Log.AppendLine("We are redirected. Entering the certificate validation callback function again.");
                    entry.ServerObject.Log.AppendLine($"Redirected URL: {((HttpWebRequest)sender).Address.AbsoluteUri}");
                    entry.ServerObject.ChainStatus = 0;
                }
                else
                {
                    entry.ServerObject.Log.AppendLine($"Server returned {chain.ChainElements.Count} certificates.");
                }
                if (chain.ChainElements.Count > 1)
                {
                    entry.ServerObject.Log.AppendLine("Dumping certificates:");
                    for (Int32 index = 0; index < chain.ChainElements.Count; index++)
                    {
                        entry.ServerObject.Log.AppendLine($"=============================== Certificate {index} ===============================");
                        try {
                            // there is a bug in .NET 4.5 on Windows 7 when calling ToString(true) on ECC cert
                            entry.ServerObject.Log.AppendLine(chain.ChainElements[index].Certificate.ToString(true));
                        } catch {
                            // fallback to brief dump
                            entry.ServerObject.Log.AppendLine(chain.ChainElements[index].Certificate.ToString(false));
                        }
                        entry.InternalChain.ChainPolicy.ExtraStore.Add(chain.ChainElements[index].Certificate);
                    }
                }
                Boolean hasNameMismatch = ((Int32)sslPolicyErrors & (Int32)SslPolicyErrors.RemoteCertificateNameMismatch) > 0;
                processor.executeChain(chain);
                if (hasNameMismatch)
                {
                    processor.addStatus(entry.ServerObject.Tree.Last().Flatten().Last(), new X509ChainStatus2 {
                        Status = X509ChainStatusFlags2.NameMismatch
                    });
                }
                entry.InternalChain.Reset();
                processor.redirected = true;
            }
            return(true);
        }
예제 #3
0
 public HtmlProcessor(ICertProcessorConfig config)
 {
     _config = config ?? throw new ArgumentNullException(nameof(config));
 }