private void ConnectCallback(IAsyncResult ar) { try { this.m_socket.EndConnect(ar); if (!this.m_socket.Connected) { s_log.LogWarning("Failed to connect."); this.ExecuteBeginConnectDelegate(true); } else { RemoteCertificateValidationCallback userCertificateValidationCallback = new RemoteCertificateValidationCallback(SslSocket.OnValidateServerCertificate); this.m_sslStream = new SslStream(new NetworkStream(this.m_socket, true), false, userCertificateValidationCallback); SslStreamValidationContext context = new SslStreamValidationContext { m_socket = this }; s_streamValidationContexts.Add(this.m_sslStream, context); this.m_sslStream.BeginAuthenticateAsClient(this.m_address, new AsyncCallback(this.OnAuthenticateAsClient), null); } } catch (Exception exception) { object[] args = new object[] { exception }; s_log.LogWarning("Exception while trying to authenticate. {0}", args); this.ExecuteBeginConnectDelegate(true); } }
private static bool OnValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { SslStream stream = (SslStream)sender; SslStreamValidationContext context = s_streamValidationContexts[stream]; SslSocket socket = context.m_socket; List <string> commonNamesFromCertSubject = GetCommonNamesFromCertSubject(certificate.Subject); bool flag = false; if ((socket.m_bundleInfo != null) && socket.m_bundleInfo.isUsingCertBundle) { byte[] certBundleBytes = socket.m_bundleInfo.certBundleBytes; if (socket.m_bundleInfo.isCertBundleSigned) { if (!VerifyBundleSignature(socket.m_bundleInfo.certBundleBytes)) { return(false); } certBundleBytes = GetUnsignedBundleBytes(socket.m_bundleInfo.certBundleBytes); } byte[] publicKey = certificate.GetPublicKey(); foreach (string str in commonNamesFromCertSubject) { if (IsWhitelistedInCertBundle(certBundleBytes, str, publicKey)) { flag = true; break; } } if (!flag) { return(false); } } bool flag3 = IsCertSignedByBlizzard(certificate); bool flag4 = false; flag4 = true; bool flag5 = (!flag3 && flag4) && (chain.ChainElements.Count == 1); try { if (sslPolicyErrors != SslPolicyErrors.None) { SslPolicyErrors errors = (!flag3 && !flag5) ? SslPolicyErrors.None : (SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNotAvailable); if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) != SslPolicyErrors.None) { string resolvedAddress = socket.m_resolvedAddress; foreach (string str3 in commonNamesFromCertSubject) { if (str3.Equals(resolvedAddress)) { errors |= SslPolicyErrors.RemoteCertificateNameMismatch; break; } } } if ((sslPolicyErrors & ~errors) != SslPolicyErrors.None) { object[] args = new object[] { sslPolicyErrors }; s_log.LogWarning("Failed policy check. {0}", args); return(false); } } if (chain.ChainElements == null) { s_log.LogWarning("ChainElements is null"); return(false); } X509ChainElementEnumerator enumerator = chain.ChainElements.GetEnumerator(); while (enumerator.MoveNext()) { X509ChainElement current = enumerator.Current; object[] objArray2 = new object[] { current.Certificate.Thumbprint }; s_log.LogDebug("Certificate Thumbprint: {0}", objArray2); foreach (X509ChainStatus status in current.ChainElementStatus) { object[] objArray3 = new object[] { status.Status }; s_log.LogDebug(" Certificate Status: {0}", objArray3); } } bool flag6 = false; if (flag3 && (chain.ChainElements.Count == 1)) { chain.ChainPolicy.ExtraStore.Add(s_rootCertificate); chain.Build(new X509Certificate2(certificate)); flag6 = true; } int num2 = !flag3 ? 3 : 2; if (flag4 && !flag6) { num2 = 1; } if (chain.ChainElements.Count != num2) { object[] objArray4 = new object[] { chain.ChainElements.Count }; s_log.LogWarning("ChainElements.Count is {0}", objArray4); return(false); } for (int i = 0; i < num2; i++) { if (chain.ChainElements[i] == null) { s_log.LogWarning("ChainElements[" + i + "] is null"); return(false); } } if (flag3) { string str4; if (ApplicationMgr.GetMobileEnvironment() == MobileEnv.PRODUCTION) { str4 = "673D9D1072B625CAD95CB47BF0F0F512233E39FD"; } else { str4 = "C0805E3CF51F1A56CE9E6E35CB4F4901B68128B7"; } if (chain.ChainElements[1].Certificate.Thumbprint != str4) { s_log.LogWarning("Root certificate thumb print check failure"); object[] objArray5 = new object[] { str4 }; s_log.LogWarning(" expected: {0}", objArray5); object[] objArray6 = new object[] { chain.ChainElements[1].Certificate.Thumbprint }; s_log.LogWarning(" received: {0}", objArray6); return(false); } } for (int j = 0; j < num2; j++) { if (DateTime.Now > chain.ChainElements[j].Certificate.NotAfter) { s_log.LogWarning("ChainElements[" + j + "] certificate is expired."); return(false); } } X509ChainElementEnumerator enumerator4 = chain.ChainElements.GetEnumerator(); while (enumerator4.MoveNext()) { foreach (X509ChainStatus status2 in enumerator4.Current.ChainElementStatus) { if ((!flag3 && !flag6) || (status2.Status != X509ChainStatusFlags.UntrustedRoot)) { object[] objArray7 = new object[] { status2.Status }; s_log.LogWarning("Found unexpected chain error={0}.", objArray7); return(false); } } } } catch (Exception exception) { object[] objArray8 = new object[] { exception }; s_log.LogWarning("Exception while trying to validate certificate. {0}", objArray8); return(false); } return(true); }