/// <exception cref="System.IO.IOException"/>
/// <exception cref="GeneralSecurityException"/>
internal X509TrustManager LoadTrustManager()
{
X509TrustManager trustManager = null;
KeyStore ks = KeyStore.GetInstance(type);
lastLoaded = file.LastModified();
FileInputStream @in = new FileInputStream(file);
try
{
ks.Load(@in, password.ToCharArray());
Log.Debug("Loaded truststore '" + file + "'");
}
finally
{
@in.Close();
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.GetInstance(SSLFactory
.Sslcertificate);
trustManagerFactory.Init(ks);
TrustManager[] trustManagers = trustManagerFactory.GetTrustManagers();
foreach (TrustManager trustManager1 in trustManagers)
{
if (trustManager1 is X509TrustManager)
{
trustManager = (X509TrustManager)trustManager1;
break;
}
}
return(trustManager);
}
private ITrustManager[] GetTrustManagers()
{
TrustManagerFactory trustManagerFactory = TrustManagerFactory.GetInstance(TrustManagerFactory.DefaultAlgorithm);
trustManagerFactory.Init((KeyStore)null);
return(trustManagerFactory.GetTrustManagers());
}
/// <summary>
/// Set certificates for the trusted Root Certificate Authorities (Android implementation)
/// </summary>
/// <param name="certificates">Certificates for the CAs to trust</param>
public virtual void SetTrustedRoots(params byte[][] certificates)
{
if (certificates == null)
{
_trustMgrFactory = null;
_x509TrustManager = null;
return;
}
var keyStore = KeyStore.GetInstance(KeyStore.DefaultType);
keyStore.Load(null);
var certFactory = CertificateFactory.GetInstance("X.509");
foreach (var certificate in certificates)
{
var cert = (X509Certificate)certFactory.GenerateCertificate(new System.IO.MemoryStream(certificate));
keyStore.SetCertificateEntry(cert.SubjectDN.Name, cert);
}
_trustMgrFactory = TrustManagerFactory.GetInstance(TrustManagerFactory.DefaultAlgorithm);
_trustMgrFactory.Init(keyStore);
foreach (var trustManager in TrustManagers)
{
_x509TrustManager = trustManager.JavaCast <IX509TrustManager>();
if (_x509TrustManager != null)
{
break;
}
}
}
static void SetupTrustManager()
{
if (sslTrustManager != null)
{
return;
}
lock (lock_) {
TrustManagerFactory factory = TrustManagerFactory.GetInstance(TrustManagerFactory.DefaultAlgorithm) !;
factory.Init((KeyStore?)null);
foreach (ITrustManager tm in factory.GetTrustManagers() !)
{
try {
sslTrustManager = tm.JavaCast <IX509TrustManager>();
}
catch {
// ignore
}
if (sslTrustManager != null)
{
break;
}
}
}
}
/// <exception cref="Sharpen.NoSuchAlgorithmException"></exception>
/// <exception cref="Sharpen.KeyStoreException"></exception>
public virtual Apache.Http.Conn.Ssl.SSLContextBuilder LoadTrustMaterial(KeyStore
truststore, TrustStrategy trustStrategy)
{
TrustManagerFactory tmfactory = TrustManagerFactory.GetInstance(TrustManagerFactory
.GetDefaultAlgorithm());
tmfactory.Init(truststore);
TrustManager[] tms = tmfactory.GetTrustManagers();
if (tms != null)
{
if (trustStrategy != null)
{
for (int i = 0; i < tms.Length; i++)
{
TrustManager tm = tms[i];
if (tm is X509TrustManager)
{
tms[i] = new SSLContextBuilder.TrustManagerDelegate((X509TrustManager)tm, trustStrategy
);
}
}
}
for (int i_1 = 0; i_1 < tms.Length; i_1++)
{
this.trustmanagers.AddItem(tms[i_1]);
}
}
return(this);
}
public CompleteX509TrustManager(IX509TrustManager localTrustManager)
{
this.localTrustManager = localTrustManager;
var defaultTrustManagerFactory = TrustManagerFactory.GetInstance(TrustManagerFactory.DefaultAlgorithm);
defaultTrustManagerFactory.Init((KeyStore)null);
defaultTrustManager = defaultTrustManagerFactory.GetTrustManagers()[0].JavaCast <IX509TrustManager>();
}
internal static IX509TrustManager GetLocalTrustManager()
{
var trustManager = TrustManagerFactory.GetInstance(TrustManagerFactory.DefaultAlgorithm);
trustManager.Init(null as KeyStore);
var localTrustManager = trustManager.GetTrustManagers().First().JavaCast <IX509TrustManager>();
return(localTrustManager);
}
public CustomX509TrustManager()
{
var algorithm = TrustManagerFactory.DefaultAlgorithm;
var defaultTrustManagerFactory = TrustManagerFactory.GetInstance(algorithm);
defaultTrustManagerFactory.Init((KeyStore)null);
var trustManagers = defaultTrustManagerFactory.GetTrustManagers();
defaultTrustManager = trustManagers[0].JavaCast <IX509TrustManager>();
}
void SetupSSL(HttpsURLConnection httpsConnection)
{
if (httpsConnection == null)
{
return;
}
SSLSocketFactory socketFactory = ConfigureCustomSSLSocketFactory(httpsConnection);
if (socketFactory != null)
{
httpsConnection.SSLSocketFactory = socketFactory;
return;
}
KeyStore keyStore = KeyStore.GetInstance(KeyStore.DefaultType);
keyStore.Load(null, null);
bool gotCerts = TrustedCerts?.Count > 0;
if (gotCerts)
{
for (int i = 0; i < TrustedCerts.Count; i++)
{
Certificate cert = TrustedCerts [i];
if (cert == null)
{
continue;
}
keyStore.SetCertificateEntry($"ca{i}", cert);
}
}
keyStore = ConfigureKeyStore(keyStore);
KeyManagerFactory kmf = ConfigureKeyManagerFactory(keyStore);
TrustManagerFactory tmf = ConfigureTrustManagerFactory(keyStore);
if (tmf == null)
{
// If there are no certs and no trust manager factory, we can't use a custom manager
// because it will cause all the HTTPS requests to fail because of unverified trust
// chain
if (!gotCerts)
{
return;
}
tmf = TrustManagerFactory.GetInstance(TrustManagerFactory.DefaultAlgorithm);
tmf.Init(keyStore);
}
SSLContext context = SSLContext.GetInstance("TLS");
context.Init(kmf?.GetKeyManagers(), tmf.GetTrustManagers(), null);
httpsConnection.SSLSocketFactory = context.SocketFactory;
}
public SslPolicy(PrivateKey privateKey, X509Certificate[] keyCertChain, IList <string> tlsVersions, IList <string> ciphers, ClientAuth clientAuth, TrustManagerFactory trustManagerFactory, SslProvider sslProvider, bool verifyHostname, LogProvider logProvider)
{
this._privateKey = privateKey;
this._keyCertChain = keyCertChain;
this._tlsVersions = tlsVersions == null ? null : tlsVersions.ToArray();
this._ciphers = ciphers;
this._clientAuth = clientAuth;
this._trustManagerFactory = trustManagerFactory;
this._sslProvider = sslProvider;
this._verifyHostname = verifyHostname;
this._log = logProvider.GetLog(typeof(SslPolicy));
}
protected override TrustManagerFactory ConfigureTrustManagerFactory(KeyStore keyStore)
{
if (_trustManagerFactory != null)
{
return(_trustManagerFactory);
}
_trustManagerFactory = TrustManagerFactory.GetInstance(TrustManagerFactory.DefaultAlgorithm);
_trustManagerFactory.Init(keyStore);
return(_trustManagerFactory);
}
//https://github.com/square/okhttp/issues/2372#issuecomment-244807676
public static OkHttpClient.Builder EnableTls12OnPreLollipopDevices(this OkHttpClient.Builder builder)
{
int currentVersion = (int)Build.VERSION.SdkInt;
if (currentVersion >= 16 && currentVersion < 22)
{
try
{
//Creation of X509TrustManager : https://square.github.io/okhttp/3.x/okhttp/okhttp3/OkHttpClient.Builder.html#sslSocketFactory-javax.net.ssl.SSLSocketFactory-javax.net.ssl.X509TrustManager-
var trustManagerFactory = TrustManagerFactory.GetInstance(TrustManagerFactory.DefaultAlgorithm);
trustManagerFactory.Init((Java.Security.KeyStore)null);
var trustManagers = trustManagerFactory.GetTrustManagers();
if (trustManagers.Length != 1)
{
throw new Java.Lang.IllegalStateException($"Unexpected default trust managers: {trustManagers}");
}
var trustManager = trustManagers[0].JavaCast <IX509TrustManager>();
if (trustManager == null)
{
throw new Java.Lang.IllegalStateException($"Unexpected default trust managers: {trustManagers}");
}
var context = SSLContext.GetInstance("TLS");
context.Init(null, new ITrustManager[] { trustManager }, null);
builder.SslSocketFactory(new ImprovedSSLSocketFactory(context.SocketFactory, trustManager), trustManager);
ConnectionSpec connectionSpec = new ConnectionSpec.Builder(ConnectionSpec.ModernTls)
.TlsVersions(TlsVersion.Tls12)
.Build();
List <ConnectionSpec> connexionSpecs = new List <ConnectionSpec>
{
new ConnectionSpec.Builder(ConnectionSpec.ModernTls).TlsVersions(TlsVersion.Tls12).Build(),
ConnectionSpec.ModernTls,
ConnectionSpec.CompatibleTls,
ConnectionSpec.Cleartext,
};
builder.ConnectionSpecs(connexionSpecs);
}
catch (Exception ex)
{
Android.Util.Log.Warn("ModernHttpClient", $"Unable to enable TLS 1.2 on okhttpclient: {ex}");
}
}
return(builder);
}
private void SetHandler()
{
var algoritm = TrustManagerFactory.DefaultAlgorithm;
var trustManagerFactory = TrustManagerFactory.GetInstance(algoritm);
trustManagerFactory.Init((KeyStore)null);
var tm = new ITrustManager[] { new PublicKeyManager() };
SSLContext sslContext = SSLContext.GetInstance("TLS");
sslContext.Init(null, tm, null);
SSLContext.Default = sslContext;
HttpsURLConnection.DefaultSSLSocketFactory = sslContext.SocketFactory;
}
void IGetCertificates.DebugWrite(string text)
{
//KeyStore certStore = KeyStore.GetInstance("AndroidCAStore");
KeyStore certStore = KeyStore.GetInstance(KeyStore.DefaultType); // == BKS
certStore.Load(null);
// https://forums.xamarin.com/discussion/14938/certificate-pinning-in-monodroid
var tmf = TrustManagerFactory.GetInstance(TrustManagerFactory.DefaultAlgorithm);
tmf.Init((KeyStore)null);
foreach (var itm in tmf.GetTrustManagers())
{
var tm = itm.JavaCast <IX509TrustManager>();
}
Debug.WriteLine($"\n\nGetCertificatesAndroid says; {text}\n\n");
}
protected override SSLSocketFactory ConfigureCustomSSLSocketFactory(HttpsURLConnection connection)
{
var algorithm = TrustManagerFactory.DefaultAlgorithm;
var trustManagerFactory = TrustManagerFactory.GetInstance(algorithm);
trustManagerFactory.Init((KeyStore)null);
var trustManagers = trustManagerFactory.GetTrustManagers();
var context = SSLContext.GetInstance("TLS");
context.Init(null, trustManagers, null);
SSLContext.Default = context;
if (_trustManagerExt == null)
{
var x509TrustManager = trustManagers.FirstOrDefault(x => x is IX509TrustManager) as IX509TrustManager;
_trustManagerExt = new X509TrustManagerExtensions(x509TrustManager);
}
return(context.SocketFactory);
}
public CertificatePinning()
{
try {
byte[] keyStoreBytes = Base64.Decode("H4sICIgmj1QAA2RlZmF1bHRfY2xpZW50X3RydXN0c3RvcmUuYmtzAN2aB1hUSbbHu5scJYPEBsnxNjlKziAgOSg0uQlNBgkiGVGyIogEQQQkqICIZBBQkSw5KxkRyQiI+BpBZ5xxxp19b+ftbn8fH9x7q4qqW+d3zv+cahAIBAaBQGRZ6Z6OVGc7OSWfRLZm21bvX5JmaQSBsFjBIIiQIKoNbBL3Fivo8INhxCsEiIFAEBkgBCIJhIDvQohcq2boiIY5BB+LvvRHa6+qBwgwcTgjVCI+EIDBEAwQYA7DA3Aw0fTRMUkh+rowSoD88AKXlNDAxh2hi7BDckNVkVa8MBFA6PABHimvvBPcwwMqANX2snRCWEG13RHOcHdfqLyNuyfCFmEF90S4IKGyXp72Lu4IT1+AnpJATBiA8YsBXz4mlAT8ooAo6oaAkJiQmMm/fgLBmb9eMxgDhBYcAwKCoyDBwaBWM+OMdZorYLJHRJPoMqPThg8cFGXiwvDxegSGh4m73kOMGFg+cOYrYBS8Q2O4cCnjWmUqqODUxYGi8GwrxefubO2bGs+83F6JrWjJrXpN4sY/i4W6pJzYKTpl7sohnNMaMV+SCm3TvRs+L1V3MfWAWVFgzJt8+US2m7WGDW+wvWIeBA0MAv9mS9BQ86rWIOHq4mYFaZGRjud+3MclDoveYKe1S+QLeNyyN7m6kFRDF+fEna/T7jGU06C7emaAtcEbbBiceJ5xrafk83w3o1EHgnJagTbtpIJYlNlYGuiEQQzk5nJ2vKLGTDVRjtQqPxrhWufOQqtO9Jxl5lxmw8UK97RWYXHHzDP5n60JrA9tC3ZsW2zf2RYaJhCCBkHZlyOE6OLwAVZXPn0Fka/dx7wowWe/XggGyraCG//BvZUExI/2VuCv7S2UB6rMDxMHRI96w9itOKAwMTFR6Pfjo5opubhD4Ufd/GysoV4eNlAXpJMvjAGgO+pL8bULVM/dy8MTesbG08fF3fGL+YoCQjDRPzDf/4Y1/hkh7ed7iM+ZIboLeysdNG4yGKcAsRThUCVnZem+cGjYG+eynZxl/DXKExK7ebssg41dYVbrAVZd2crrz0wFYq1l0O0bgyqtaRV9ng8ht5I4JLUXBAcvMORXOcsnJMUpGp4PbPn4Mgd96W2yiB7gUg1W5hfoGDO8ZY2A79yio43SMrP7HSEYR4ToaHbUmbWlnEwjLwWLXeDVPGHn6nrzGZHJ9RxdTT1nrgcE52SuWvcOvp8wgCea5zbTEcGFe7nZJBc4cCqJrT3byz0yaVXu1cDB76coc/GnZbAlCOeXFDw4U9cQiStuZE1iRW55CTguM26YZVXGhqy+oO0dgmwBgL2vwOh2ejoi4RMYhAaD8R8jwv49IpEoREJRiLy7jQYBQyBESvtLVY+6+U4kWqSckr6GFfdbTv4WHywCCKIG+GrEMGEYwC/4zYirvhoJ7h8ZyddZ4f1uVgIA7OgB57eeqkhPG3fkl1nAnaC6Nu7eNu5QeVmUjR5PHKYKKB91kvHx8eFFPUZ4oDryWrk488lr6x4O7OLuymvpCz1rY8sL1VCVlVPVUNUzhmroKfCiCBAT+Wb+f2q9QyFBCwMnIRcZwqnEWLJtuN7U92H01swJSxSsajiZPp4vkPRQ1C9dq32bLLecKohL3nfPbEuGZXwYq5G/1Mup+WX1nQMDNjf5Aqst4PQ19tm9NRyJjQrNM2IfzFRNnjTS9ZZeOXAFkuTaDrh0rppIiu8yacWXQvJ007QE5wvRS/1dvljvneBpIPg1cAK1YDpSdGwAEwz+DAGDAIXDG1B0KUACEMPEs4hQAUfsKIKxwGCAE2DHxObCRBkHFgRMQWvv6enqIc7H96NXBQgejsKCzgNwfe2CBv72FwQT52hcOXQwJu7Xf4ENBvAOe51AR0cZKCZA/K0VGHx863BL6RjQURMBWG8z32aKgB5OAjUHK3en7+fgagUX4EXd/QGjMrGqyTeueIzHaq6chle8vG1ZvEmIW+0lNYUc4n5ev1kZLXzrZXZ3mruS2HZuCJoNcXNNPU/u1rAEbnnKXtmFSvp1Lg3L/k+lfnSTAp88du8O8URzvu3Zf8j+eFFVhVQ99AqNij/zB9EJF1m9J4WGjpiTz7P77m2vCVsGXV6/6jUQ5IaKYoIix4hyfI9oNQrRChSimceI4s+/nqUcUjqIm7XYp1kFxH6LqM33iJIDpEe04Csg7BCH2B2aLOwkQHlk1USHW2WNemSFenT4mmDMANPhIzRSmm89ZD08vNxRjlpVAXrWxcUTBcghqIAwDAYDvoEqAPvV5d81jRAw02+ZCgGfAKHu40JCwGBQMSF554x8kFlJ5EaFxa4byd37Y6zXLxdsdm5BxdiNLPB3gkbukSfxwyXLS9jDrlwZy8TFD6X0i4svujLvq2sGC+PcPpHCL+zdPjEumZ+94vCRcf0sfDITOsgwVTJ8QGX9isTUfNeISqhGuSNLeNfxUt9D0dONNE3RAsNDfFQH7CfK8kIHmpAKDXChGxQHxmlXvZ0H17LVCbg+47mPZFh0x8YLPbugHwnN6pp1xn2hGgBLEXBiWozs5jfJriINIV4Wo0y/Ke6eNbeXM9xPCfO6H36R6b40WClim933RcnIjCFlcyAt4cNHibkGZbWlycsFeasVLfnSSRTdn7NuLGGbU/loHWFtBcABwi8coYD+wk3EMeSH1xgAGurXF69KR4hOgU6muJT9YDOxLQTGo3M1L48xfcP5xQmA4fDxKXQqgCLoxw1+Q9Xh288mrJmcWl6ddvfws75e/8Hddoh/Rs7L8n7k0nr/8IRBWWZ7Jxl7JUGyhRmJhtFMr1SoqqJRshCCOl/5rcEz30KSIbvgsMlLOJLX556wckNrpcrYoz6Yf2aaSg5jWLRZiXw92WinWnZuqRSHc4l1+ULdRWmujQpWIWfzKPBjVdNMMMatQimWxvbHl56uuUQ827O2Xwrmub4kV7EXTT9uuVanbVfhVLuxxuCIL4xFcUkk4J6ps98aiZJF6CAbep16Z3Jdkx2nPfFk0Dy+gG09KQEZcuMSgxUR/V4MDYuzU9zdCji45NUd1iwit/Tiqabdpps6FVxY2J28c9qleXu4inzZq+uHoRcQ/SHX6LVACHoliu2sY65lqJutGctIGdEIq2dIqFvofv0+8Q4lau0/GHt/JqJ+o9D4AeAvKDRRQPiISr5vg+sjESg364EKn0dQ/nFkR6lRQYD/F4chAuP/lTz9D1/fzzzRc7jI+RKw4KjlIPmtz0Ym0adODVjEJgzGp4T6zRmdFI1u2Z61Dn+U7fZxubZypEMT9OgFj8fd5wi3JAYxyVIFrLQFwj1NtWbGSQ54HD8TPKQlkgEZHWBOAdVR6HHVMnw7TTvd7vveaIjwaZnitQbu+VRKLn+QiJ+swIU3AlMbRNSXIrnrtrc+yE3N1kdaRpmD1Cdbxme8FPhlxendkIg2PC8l7J6Xr7iSurs+Vso4Wkcbau6TEvuGLZ/X2xbMxAZvELFgUqqNrNH52TqmWNjmDK+84g1ZW13BeavQSu4whYYU6C3K1Ac938Z2uF5pPvZaYC3MYteUjfjRPsV6tYFDEEvMscAoBYIf/N73fO+cMAHnr7oAjI8OB8yzzt02BYwBQ0CfAgelH+1s+OwQtgAjwABgYWJwEaJBqNHJ4mZ7qSOKYmIdm7qCHPpUqLj9T/ICLBSnjtWAk4udy/dywNvjy73DkX5xfY999hAqypm6JP1P32Lxe2P1JGOd/A2JXzyb2s7OQ7Q5bjv/mes+Vu1Ijd2LhARjLyqFKl21rPaY95xCo5XTJaw2Une9+ZMSSnxqilLrSmZgjM+CkwxMCEue9pXkGhetWbU90aAzjldbiadgZzC5T/QxWFsU36l9Tappy2q6bJqxlVls8RO5rdImDXG3psedi0q7Usv55pZ9a9I7rz0NuajSgx81s49cT77rulREV4dFvNo/Oj4bvdrP/zB0znAqrr4uq6Beiq68T/Tt4EMzcS0H6bgGWyergsXhHIrN4J4kMsKLHUmCw6/iXD2C/dMCa1PgQ4qRKfEtSxHAM6H61c9N+pdD1VcwEjHd1p+kXKt41xECXxOd00pO4TSJ+eLZ/kCxXEZ5tTDUD+6xZ+MLOjgVTch0QsWOhD0hsqgMwMXERr3PTil0NDQg+OW/DHuRfxx7RUD+CHvJb4P/9dxX8IuPE0GJIKFffBwqAYeJfvNx/02L9QaIMLG+7COKWAyuYHQQE5olCD3PwC/g7Ij1LUIes6HzRYlSB+C5k2pSZGjqexZs0OHQKMSe3rNUqvP6nNYTmNsxahLFRJI2UvGX0aNeA/Cy++fAef4TAaV1L23goIj7I3H+3VHFmnTGqbIlNcpBYxmWTbv/9i6kjCLh0/tc5Ew5r2pc5IXgoHezJeW/Nnk0e5RIhwC2jPhUrBYmov4Gcq/z9oXDdBKg3N6a8lLNdGGnuosGAoQwOzsQtfEEo04qcnSEBXIQGChNSkXslJgRNTmJsUPGSr9xKd1Z7ptuHc85Jmk44f5uPRMbDbME4moFPHlDEZzjvERfIP1aHOP8Xn4MouRHLwrS6mNIqUZ6MlgvLlSrMRp1tDtKqP2uQvavM13hv9l0hb4mL8AvpTIBYRS4wn8Dp3//Yn8mTB4wY2Nz+AllWOAXzKtLnBkLqJFUpK3men3AAdk1xL5jHU7OtrVW/AIWdY5pgbMgV64sbqdSv6KkQr3sIC4Qy/DdivyorSU5vMuCIGdoYud1kyW2lB7pkupLY71w1lmuOJrMpa2shKcCqkPyVg5n1V/FLbjqaPZEIfyfu26XjZF4jvqfUzfovVFP7pP1cDObZf0BbaId1ewmJvpKfOUMaGZcvPzkZ0jVpuT711eXRK6+2xwsWt9elXow7pUgcJKOVqbNk/kk47VhsoMizrPP4/rRVWdirJQvSyJC2w6Ua7kCtVqS7hOm9/XIN9h5TJNhB85KZ3o8EcDtOictGHnjynvdBRby/wxhcqnXJu/p+LvqVQBnQ15sD/JAACbwo5TrGrMaYG7ZNUSdwif1duwmT63P9l1fJtF3zXm3L5AUWxIqulq3zCfb8qTgBJo/GGhnt1kHF2BTK0/s7gYkmmAjoATDp52RkgTIoTnMBBmqyp3G5clR2YLXN6CtHdbkosGt199nh3HgkbrEjuKPs0BGc66eVHgl64eBUDPSsngZGOKABylgoRQrH700H2bDmXSlNmLifDBFKA9R+8Sn/BBOZ3YGArzm2Xlq1pNvNoldiMqT9uflMPhHO9N1zrM/zgjvNV25e1FRxj22gtCREPOjgJCK25N0tqvNNuYEEd5pCn7bSWbb5/ixBXL0HlNJ25uty6mFi+qFmvcscK8XEQ/kL1s5gEEQMaFjl8f1h+cB/JdjU19tLZEq71xqhoqw7PyfnQcI/vvUyv9l5wH/Rmv8s4pq1epM127z/XC9SizD3biWS/bEO82UDxXGpgGPfk5Lzifd7bTL7KaBtQ5jZQnML2UtJfch4HpaCth1jGRvZHZxLZzS6QwQsaojwqn9PN8yeMxUraDx9iPkEt+sYUsJl4zrqIlmVixDLRrDEFpfnMZNt5qpkHajhRTxiN4I0Q0QB8MfnQeER5M05lVqk/u1nS56In9lrGCcrCoqOBAsecqN8TJfyJjVHkSxSNF4kNNIwbQiM1gi0V5qSoR5y98pzlvoBk6+cXpl56lCz4HQT/webEOI0/Ke2/dbolLndQMW/bfVNxptQidirqRJXo4RM94vkGaKyWq01Q5211hmstbSehmU8JjjkBDYjwmhRBFCiiIk4EgUgL+bPvohF82/shkT2a9lPWxSfEMbj8NKOlQe7moDI0FJQ9RtLFKcw0uonosPEkYH0ByZF5mePdzH0wYq74L08HLyRCDtoFZWMHaA9WirGb63psOSPMLKxgOqgPBGuUgX5NeaIRop0fFA36r2MFaA+dt8ccAUlB5fnvAc1hQ9ZDy/tD70sMcnvSgWfkHjkItf0PjvWOaf0dGbo4188dnAca7r3OO3+PZeytkFT0fCWPbzN5V1RsLLoZ7XI+hPeLUuYsO3MJ0BJPlJyOLZBstRzZsZUw74CqIdB3XT1jiuLQcljhyP+VRfSPSxobMQJfPNxzs3sMvdHNSQn2jaYnTWyzzXZPSmYWbY9OGTsUf+k8LiT8ttmUgGIgmOoi4pQPz7mPu9zR0ig7WngTD7mNSu9D48VJMRiH05nO+iSj03ojNt4eoUBifOon6hctpY/qJWklTW1Qo8yxQ/ryvjl8+cyZAZzW/n96x0IXg2XaaAN3zFJZXj1k0qdomeaRn2VBPJ/vJ5KM3VlzmFMYs6w1Ma3Mb3RipLvWi25dZXnq9T7UbV3Pl85RSvqzIKGf6vX2Dg/h6ZMhQyD1DIJB/raGyJ1wbxckolWV4OrcYJz3+no+H/27o4FKA/sgvKbz2UnVwsv5Wnfl6a/xum8DPNOSXxhth9Ij+n945hgXZ2HJ5PfGv23fcknTdMwTjQdvC1vDNAhe4H+WYEyDB9KoZpPBJTBhSM09lJE1o/2SHhpjQ1YPsco8ybjSLOP4M+6eL7CpU72CMDD/zwxTBtLqmdY6ih3Cmse88+6HnJ78JN43B7pNkpfvX6Mw0LJs7TrvU+RPX74O3w4XwFIiP+e15U/T3ZdcpTbA6bqQI7qtgWV/vMH4mH1WcVqGlcPN2lZe7kff62ukhCxhjTnHMnGXWsQ9tBRxmZNeVzU44M/vr193u9eHJ9hRWy/CP4fSs7wf3VMUbS5TQLquzZriMw9PEPpRTrGrhnsPKX1aTOl1+6E9/0gO2fKsujTWgLGfRoVNuu3pmioWlKLpXq0f+uLP/DBj/QiG1pIgUqpCS4e+MKaVpnH25O3kff8vXFvsNMta/OFdbAU9n//GCzkcGo7Ylzmp/nfApHIXH5tOvtrA6NyzevRSe4ThWeoK27du+zVf8MlkXvnfp0U5y1/thp3c1Yqz3pvNFHtpOWtgM9SNmYdZ7ytz5qmelGU1zGDTKnlnnYQxRP++olsqa8DlLJF1lZHfC1oJgoWiDsQBYpUIryqY68UTzNWSms2yWujfmBd6HZUNUJzkjVj158QZJbPMgxb+kBOdniUFRjpajTVILTlc/WlT4shkADDfOdN2OLk8oB5Y+YsTGAdzy1ePWK9dqV9zaWUsAkxS8uP0sRNI/BlXy22J+U5DyBwln0xzij06PSYupDnQghBr27nXcV6eUA7moOaOe7fn7w70qJURpJ7P8gS/wrMk3gS0gUQ/kI2N+cEv+/LPanp4Ztd4kRz4wL1+LKT54w6GwvZ4DOZLCyqL/2sIkynugOndk6UV5dvBawwLg/s4D/PkCR6aR34iPSCqgpzh78fv763Zjwp5wDE7bCr25BNvMTLQLSEI/imOm7I85u86fJGtEz1XYoWiZhI7ttx3Wz21eJxvQ8rqJnKQkImFHKVGZo9m7U6YculETFmgSk3mCKl7jMsv5K9zIEH+/C+pwIpTqghDUT5Jw7dIN3gXuHuEyUwDb31tvWU6ajsVMbpLHUxjwFkNV3OZG2Y43SW0OVm+9Cnr2SSqKbbdAKax2+o8CO6TCoWLTq6LByxnyHOIRe1ErQVrvv9DWPPaDJtvjzNZ7kFbQfStfDFxO3x+KoZTqTc4ZNv5CJ3FjyZTlun9po4XiWuW7LbUOxp53KXHXiLwzqnw6zEYmXYEg2+MCqxXsx/J1TaYHooLZr1zhDCzF0QiAgYjvHjctwZXO0a/2mBK/X+rL4hcJLxUcfhhT2tOHWaEWbtqiDJBg4Q3IDhcPHAiXtQOUzEmdf5y+dI9995rxaTEcYXnEv1YPMxDROlr2hf4FHM+d8R8HwcufYUL+kHB1lI8k5RdEm0Y39cN5QJZXSQah5onDcvO+JlPM3F1a7c6q3dGs5O40fPkBecqp+RQ96yLi8I2sZUjlU2lytpL0Ba4kD53subV1gG5n/YCu/kRF6GlrQJGSR0HnoOQSOPQfP90KAC+U12FBCIP4PtXPn/7+oZPwSL1D8UB0PpO1u44zwcv6VuDwc7Ffi8qTrUQueI5H5l1T0f9uC/0xPvxIWdrg6+NQ0YyRY1jJO9L0quv5A9wotTRKF8gqVipD42U0uB8w4Cb63BtMPImIyKD9kPLLxgmiutOFkM+oM3eq2664iSMQk8+i71pbMCUozO4Nfs0d+dn9dATlCrIbEzuTjmd4tEI/weKyka/QiCqM2lPiJh3QBVsymnOa8TDqtyF/S06wq3BRPjfYWKDzxCwrM9aTXB1svWJw/jxSxYvIRDiylbBas3MIO328Fi37WrFunkJOfrzZR+tj4jJhhTe0hu1JrU7PcxZq9QmNkf4XOZeLpnPCTjiEaOfgkxYs596XXmlRtUqNbXpxmqbh+szqR3w1rNeL8sjZbLkHuqd3qtlwsMrlD73JMEe/38ZcZFX+hKJKwj+W04Jl+Q2j/8jvVTb5OkVEu59/F4Ht/JGaP9u04KP3jBnN8AIxHyvetYPvrkX5erEAjpfD8ampHoei3ulzkj0Lsf9BafhZBi26vfgwy7kt7ntOVnmXsgUOkiE/AjbRfczJVsVc1FtnHEzj51OdSOxFPkiDt3JImTh7tqyetycKQiqg+ZnPMhnaF69djIJYuSybjxDHsqWZh8UR+BLWetnwOoren+vUUluiwMrGqXN4vfjqDx7F1Ouw2eC2tcIc2MCpnIWvIzYbgjo7/+5pXTBYElabpk1X7OqZ4D1JKF3kX0RcsIye4XgyeadSwph/vijSqUtN6aY9FR5uu9qyfL6E9wM2dtqXBbon/U2ui2fWR8IZb9boXuXA2o9MTGJIdzrZN4Ajn+Az5R2or9J9GciA+iqmy0uPcDfKX4VlaYAtvPYB/CpwLSKbrTz/CUQ6Q+XlJ+ReB72+q2PWgs83vEyyR2uHxhtKSoYr2j6KwL3GDelnC4/3VRbs+AqRinf7CtVedaNLLIywP6Qzb6MW9b2u80/ZesHbHz7m39uTqwEBkWDX/rCxxg89wmUX6Ek1/D1JB4V4u+J2+JZ3PE7NYFdWANAlD4qJiD5FYvgtm8fbKwxYWc/tYUkxQyuYPFIvNQ+67LzwCJin4yO+d/uTA9jhryaQqhaF/WtMaN530BbxqS4w2supJrT/Tpe2DIhnf2SIiF6k4Gl/vq80iZYxUYbPCoCUr6M3KxQMB9GrZF42QXQUraEZwp1zvgDS3d69VmvF4XO4bwtu8sh94k5S7aj4JbGzjwQMDE7iClZ+yAe/ziM6JxJmJcc2gr/rHGETbo6Kw8NcKluD3UbgV5TtaUFG4+Nh/QIrMWB3wZG7F4fmu31di8fmt/3D63+bCXADHESlM33qoIOzsj76rBkda2UAVDf7hzPzvnc3PGH7WPusx97GvepaHhz93cjZYurWDRfWxG2dT/3VBu2xc2ofmiFyZkuaK0rjulJx7ssbivWPXByRHPUVz1No1WUI+qN3VJRF9v6Hq7JYQaPW4MNe8KSdsR8tSp26n5d2oaOI05ix2An4zu6z+xzaTKPJAtwWhek13HKk6cVFtUx8YTUzZc2bF1LwiZxCZCXpFFemSDm6KrCzTGRt4ZLCsdq6vWdTESTXDft65c7S63IEpHdSYFDn2Ht2C6KRmWW69JgH6o+et34hEAgbos8SPOIJI1nzFLmdDiAPYbCsuV1xYf4mbL1qIa/203vZcUlhjFgt95DlqbTwoSbtsNRJPR/SJets/laSXnG5CoO3UK4P7UlipsSErVtZcTd8l6T9s8APIaakxk8cG0zIlL9tiYhsyjjIq73DaFdRT8XvLEBk2XtnwGya2iRXay9hXLM8Y1oCpP0lYkOeOLbvQOTqt6+s2MMt4HTyiH5nKbL19xbZ9Ik2kI1+wBHHr1IuMC0xcrvLT+sow+MkVo5ZwvjPA9m0YxakX81M2FAJt9dQ0t6V2Xp6/CrtqgR3Fg49pdraieRc3pYfcPJOkLkDYSrRWIefSDCsXbnMygmAxeqqByPDJC2+SBP11FcRQDSfE9IRCHxQ2ulnlynou3iKjRp0Sh+9RG728fSsWW+Mrsw9vGSvtSdIk0+oz9oPMbll1vFMuYGGzuy2yAQq5qDd4b2eRl/SOzwKD2iHkwA8h/y5JvxWIqXrntGVl//t4FTeOFcP/sCT9rxzl/scn6X9tsT9zT21VaWf3LzBQ07vQiHjU7rQ6XicBtFaFlbe6E3C3KF/chTdSyGh+vAKPn/WGNhJjXizkRuZuEcvG7vEUc8KNc+xYNboXas6aukLRjXr8WnMQNaGU1sUYV2u6jTpjoreWVuVU8dKT2ez4kW/uXyOnda2BavJRTSReXnAKNySmXgycZiXWy1a8oR/6EohaGBu6s8wZJH3J18bwNDnUFpsv6Vp9gTJfvlLyKsnUwVNcLp0577kKpYopgtz2/CYNY/2ouQVdM9q36auWFHh5reb4qxNPvTsffHBY35PNzRYga531s+rNsBTpD7fJIJzTZfakOU9Homv6nHs+VFWC/P4V+0rD5D9M0onJbjQWJmJ/kOZrLT2YMcm0nhhl1Iq4KegtbDjeTc7XUnyJnEHE0uN037x5JyXaqNAe1+h9CxxzevM4ZDWe1FsTUnp8C5fyhvJTTLxYeG33PNuUq+kaB+86tvO9kvukOp4X1aVbNQIyYa8PmdypIqXTjgj5FAvEcSg9pJcSGhG1pKBSK557rOM08cByCdxNz3zgF0dCTWL/5KPtTTIyRbP78/cRlMFcJiKt5zk3n01lmendytUDda2uNT5PAaglhClG7yDffioufTqyAlEmvdKwVgYr1qJ9o5X24AR++ocLBEObQgZBIxXOlHHp9MHWbw5aFKuKHStx/c5oqYe9V1+7OE4MqsDje/kgd8n78wklKwDo8r7rc1X0fwBxS2vGpDgAAA==", 0);
KeyStore keyStore = KeyStore.GetInstance("BKS");
System.IO.MemoryStream ms = new System.IO.MemoryStream(keyStoreBytes);
GZIPInputStream keyStoreInputStream = new GZIPInputStream(ms);
//var readbytes = keyStoreInputStream.ToArray<byte>();
List <byte> values = new List <byte>();
bool notdone = true;
while (notdone)
{
var input = keyStoreInputStream.Read();
if (input < 0 || input > 255)
{
break;
}
values.Add((byte)input);
}
try {
keyStore.Load(new System.IO.MemoryStream(values.ToArray()), null);
} finally {
keyStoreInputStream.Close();
}
TRUST_STORE = keyStore;
String algorithm = TrustManagerFactory.DefaultAlgorithm;
TrustManagerFactory trustManagerFactory = TrustManagerFactory.GetInstance(algorithm);
trustManagerFactory.Init(keyStore);
SSLContext context = SSLContext.GetInstance("TLS");
context.Init(null, trustManagerFactory.GetTrustManagers(), null);
SSL_CONTEXT = context;
} catch (Exception e) {
}
}
public static IX509TrustManager GetSystemDefaultTrustManager()
{
IX509TrustManager x509TrustManager = null;
try
{
var trustManagerFactory = TrustManagerFactory.GetInstance(TrustManagerFactory.DefaultAlgorithm);
trustManagerFactory.Init((KeyStore)null);
foreach (var trustManager in trustManagerFactory.GetTrustManagers())
{
var manager = trustManager.JavaCast <IX509TrustManager>();
if (manager != null)
{
x509TrustManager = manager;
break;
}
}
}
catch (Exception ex) when(ex is NoSuchAlgorithmException || ex is KeyStoreException)
{
// move along...
}
return(x509TrustManager);
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: private javax.net.ssl.TrustManagerFactory createTrustManagerFactory(boolean trustAll, java.io.File trustedCertificatesDir, java.util.Collection<java.security.cert.X509CRL> crls, org.neo4j.ssl.ClientAuth clientAuth) throws Exception
private TrustManagerFactory CreateTrustManagerFactory(bool trustAll, File trustedCertificatesDir, ICollection <X509CRL> crls, ClientAuth clientAuth)
{
if (trustAll)
{
return(InsecureTrustManagerFactory.INSTANCE);
}
KeyStore trustStore = KeyStore.getInstance(KeyStore.DefaultType);
trustStore.load(null, null);
File[] trustedCertFiles = trustedCertificatesDir.listFiles();
if (trustedCertFiles == null)
{
throw new Exception(format("Could not find or list files in trusted directory: %s", trustedCertificatesDir));
}
else if (clientAuth == ClientAuth.REQUIRE && trustedCertFiles.Length == 0)
{
throw new Exception(format("Client auth is required but no trust anchors found in: %s", trustedCertificatesDir));
}
int i = 0;
foreach (File trustedCertFile in trustedCertFiles)
{
CertificateFactory certificateFactory = CertificateFactory.getInstance(PkiUtils.CERTIFICATE_TYPE);
using (Stream input = Files.newInputStream(trustedCertFile.toPath()))
{
while (input.available() > 0)
{
try
{
X509Certificate cert = ( X509Certificate )certificateFactory.generateCertificate(input);
trustStore.setCertificateEntry(Convert.ToString(i++), cert);
}
catch (Exception e)
{
throw new CertificateException("Error loading certificate file: " + trustedCertFile, e);
}
}
}
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.DefaultAlgorithm);
if (crls.Count > 0)
{
PKIXBuilderParameters pkixParamsBuilder = new PKIXBuilderParameters(trustStore, new X509CertSelector());
pkixParamsBuilder.RevocationEnabled = true;
pkixParamsBuilder.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls)));
trustManagerFactory.init(new CertPathTrustManagerParameters(pkixParamsBuilder));
}
else
{
trustManagerFactory.init(trustStore);
}
return(trustManagerFactory);
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: public static void main(String[] paramArrayOfString) throws Exception
public static void Main(string[] paramArrayOfString)
{
bool @bool;
char[] arrayOfChar;
char c;
string str1;
if (paramArrayOfString.Length == 1 || paramArrayOfString.Length == 2)
{
string[] arrayOfString = paramArrayOfString[0].Split(":", true);
str1 = arrayOfString[0];
c = (arrayOfString.Length == 1) ? (char)443 : (char)int.Parse(arrayOfString[1]);
string str = (paramArrayOfString.Length == 1) ? "changeit" : paramArrayOfString[1];
arrayOfChar = str.ToCharArray();
}
else
{
Console.WriteLine("Usage: java InstallCert [:port] [passphrase]");
return;
}
File file = new File("jssecacerts");
if (!file.File)
{
char c1 = Path.DirectorySeparatorChar;
File file1 = new File(System.getProperty("java.home") + c1 + "lib" + c1 + "security");
file = new File(file1, "jssecacerts");
if (!file.File)
{
file = new File(file1, "cacerts");
}
}
Console.WriteLine("Loading KeyStore " + file + "...");
FileStream fileInputStream = new FileStream(file, FileMode.Open, FileAccess.Read);
KeyStore keyStore = KeyStore.getInstance(KeyStore.DefaultType);
keyStore.load(fileInputStream, arrayOfChar);
fileInputStream.Close();
SSLContext sSLContext = SSLContext.getInstance("TLS");
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.DefaultAlgorithm);
trustManagerFactory.init(keyStore);
X509TrustManager x509TrustManager = (X509TrustManager)trustManagerFactory.TrustManagers[0];
SavingTrustManager savingTrustManager = new SavingTrustManager(x509TrustManager);
sSLContext.init(null, new TrustManager[] { savingTrustManager }, null);
SSLSocketFactory sSLSocketFactory = sSLContext.SocketFactory;
Console.WriteLine("Opening connection to " + str1 + ":" + c + "...");
SSLSocket sSLSocket = (SSLSocket)sSLSocketFactory.createSocket(str1, c);
sSLSocket.SoTimeout = 10000;
try
{
Console.WriteLine("Starting SSL handshake...");
sSLSocket.startHandshake();
sSLSocket.close();
Console.WriteLine();
Console.WriteLine("No errors, certificate is already trusted");
}
catch (SSLException sSLException)
{
Console.WriteLine();
sSLException.printStackTrace(System.out);
}
X509Certificate[] arrayOfX509Certificate = savingTrustManager.chain;
if (arrayOfX509Certificate == null)
{
Console.WriteLine("Could not obtain server certificate chain");
return;
}
StreamReader bufferedReader = new StreamReader(System.in);
Console.WriteLine();
Console.WriteLine("Server sent " + arrayOfX509Certificate.Length + " certificate(s):");
Console.WriteLine();
MessageDigest messageDigest1;
MessageDigest messageDigest2 = (messageDigest1 = MessageDigest.getInstance("SHA1")).getInstance("MD5");
for (sbyte b = 0; b < arrayOfX509Certificate.Length; b++)
{
X509Certificate x509Certificate1 = arrayOfX509Certificate[b];
Console.WriteLine(" " + (b + true) + " Subject " + x509Certificate1.SubjectDN);
Console.WriteLine(" Issuer " + x509Certificate1.IssuerDN);
messageDigest1.update(x509Certificate1.Encoded);
Console.WriteLine(" sha1 " + toHexString(messageDigest1.digest()));
messageDigest2.update(x509Certificate1.Encoded);
Console.WriteLine(" md5 " + toHexString(messageDigest2.digest()));
Console.WriteLine();
}
Console.WriteLine("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
string str2 = bufferedReader.ReadLine().Trim();
try
{
@bool = (str2.Length == 0) ? 0 : (int.Parse(str2) - 1);
}
catch (System.FormatException)
{
Console.WriteLine("KeyStore not changed");
return;
}
X509Certificate x509Certificate = arrayOfX509Certificate[@bool];
string str3 = str1 + "-" + (@bool + true);
keyStore.setCertificateEntry(str3, x509Certificate);
FileStream fileOutputStream = new FileStream("jssecacerts", FileMode.Create, FileAccess.Write);
keyStore.store(fileOutputStream, arrayOfChar);
fileOutputStream.Close();
Console.WriteLine();
Console.WriteLine(x509Certificate);
Console.WriteLine();
Console.WriteLine("Added certificate to keystore 'jssecacerts' using alias '" + str3 + "'");
}
private SSLSocketFactory getSSLSocketFactory()
{
SSLSocketFactory factory = null;
try
{
//reading the keyStore path and password from the environment properties
string keyStorePath = java.lang.System.getProperty("javax.net.ssl.keyStore");
java.io.FileInputStream keyStoreStream = null;
if (keyStorePath != null)
{
java.io.File file = new java.io.File(keyStorePath);
if (file.exists())
{
keyStoreStream = new java.io.FileInputStream(file);
}
else
{
keyStoreStream = searchDefaultCacerts();
}
}
else
{
keyStoreStream = searchDefaultCacerts();
}
string keyStorePassWord = java.lang.System.getProperty("javax.net.ssl.keyStorePassword");
if (keyStorePassWord == null)
{
keyStorePassWord = "******";
}
char[] passphrase = keyStorePassWord.ToCharArray();
//initiating SSLContext
SSLContext ctx = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance("JKS");
if (keyStoreStream != null)
{
ks.load(keyStoreStream, passphrase);
}
else
{
ks.load(null, null);
}
kmf.init(ks, passphrase);
tmf.init(ks);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
factory = ctx.getSocketFactory();
}
catch (Exception e)
{
factory = null;
#if DEBUG
Console.WriteLine("Can't get SSL Socket Factory, the exception is {0}, {1}", e.GetType(), e.Message);
#endif
}
return(factory);
}
public static ITrustManager[] getTrustManagers(this TrustManagerFactory factory)
{
return(factory.GetTrustManagers());
}
public static void init(this TrustManagerFactory factory, KeyStore ks)
{
factory.Init(ks);
}