internal X509CertificateMono RaiseLocalCertificateSelection(X509CertificateCollectionMono certificates, X509CertificateMono remoteCertificate, string targetHost, X509CertificateCollectionMono requestedCertificates) { return(OnLocalCertificateSelection(certificates, remoteCertificate, targetHost, requestedCertificates)); }
internal X509CertificateMono RaiseClientCertificateSelection( X509CertificateCollectionMono clientCertificates, X509CertificateMono serverCertificate, string targetHost, X509CertificateCollectionMono serverRequestedCertificates) { return(base.RaiseLocalCertificateSelection(clientCertificates, serverCertificate, targetHost, serverRequestedCertificates)); }
internal override bool OnRemoteCertificateValidation(X509CertificateMono certificate, int[] errors) { if (this.ServerCertValidation != null) { return(this.ServerCertValidation(certificate, errors)); } return(errors != null && errors.Length == 0); }
public SslClientStream( Stream stream, string targetHost, X509CertificateMono clientCertificate) : this( stream, targetHost, false, SecurityProtocolType.Default, new X509CertificateCollectionMono(new X509CertificateMono[] { clientCertificate })) { }
internal override AsymmetricAlgorithm OnLocalPrivateKeySelection(X509CertificateMono certificate, string targetHost) { if (this.PrivateKeySelection != null) { return(this.PrivateKeySelection(certificate, targetHost)); } return(null); }
internal override bool RaiseServerCertificateValidation(X509CertificateMono certificate, int[] certificateErrors) { bool failed = (certificateErrors.Length > 0); // only one problem can be reported by this interface _status = ((failed) ? certificateErrors [0] : 0); #pragma warning disable 618 if (ServicePointManager.CertificatePolicy != null) { ServicePoint sp = _request.ServicePoint; bool res = true;// ServicePointManager.CertificatePolicy.CheckValidationResult (sp, certificate, _request, _status); if (!res) { return(false); } failed = true; } #pragma warning restore 618 if (HaveRemoteValidation2Callback) { return(failed); // The validation already tried the 2.0 callback } SNS.RemoteCertificateValidationCallback cb = ServicePointManager.ServerCertificateValidationCallback; if (cb != null) { SNS.SslPolicyErrors ssl_errors = 0; foreach (int i in certificateErrors) { if (i == (int)-2146762490) // TODO: is this what happens when the purpose is wrong? { ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateNotAvailable; } else if (i == (int)-2146762481) { ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateNameMismatch; } else { ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateChainErrors; } } SNCX.X509Certificate2 cert2 = new SNCX.X509Certificate2(certificate.GetRawCertData()); SNCX.X509Chain chain = new SNCX.X509Chain(); if (!chain.Build(cert2)) { ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateChainErrors; } return(cb(_request, cert2, chain, ssl_errors)); } return(failed); }
private void SendCertificates() { TlsStream chain = new TlsStream(); X509CertificateMono currentCert = this.ClientCertificate; while (currentCert != null) { byte[] rawCert = currentCert.GetRawCertData(); chain.WriteInt24(rawCert.Length); chain.Write(rawCert); currentCert = FindParentCertificate(currentCert); } this.WriteInt24((int)chain.Length); this.Write(chain.ToArray()); }
private X509CertificateMono FindParentCertificate(X509CertificateMono cert) { #pragma warning disable 618 // This certificate is the root certificate if (cert.GetName() == cert.GetIssuerName()) { return(null); } foreach (var certificate in this.Context.ClientSettings.Certificates) { if (certificate.GetName() == cert.GetIssuerName()) { return(certificate); } } return(null); #pragma warning restore 618 }
private void GetClientCertificate() { // TODO: Client certificate selection is unfinished ClientContext context = (ClientContext)this.Context; // note: the server may ask for mutual authentication // but may not require it (i.e. it can be optional). if (context.ClientSettings.Certificates != null && context.ClientSettings.Certificates.Count > 0) { clientCert = context.SslStream.RaiseClientCertificateSelection( this.Context.ClientSettings.Certificates, new X509CertificateMono(this.Context.ServerSettings.Certificates[0].RawData), this.Context.ClientSettings.TargetHost, null); // Note: the application code can raise it's // own exception to stop the connection too. } // Update the selected client certificate context.ClientSettings.ClientCertificate = clientCert; }
internal virtual bool RaiseServerCertificateValidation( X509CertificateMono certificate, int[] certificateErrors) { return(base.RaiseRemoteCertificateValidation(certificate, certificateErrors)); }
internal override X509CertificateMono OnLocalCertificateSelection(X509CertificateCollectionMono clientCertificates, X509CertificateMono serverCertificate, string targetHost, X509CertificateCollectionMono serverRequestedCertificates) { if (this.ClientCertSelection != null) { return(this.ClientCertSelection( clientCertificates, serverCertificate, targetHost, serverRequestedCertificates)); } return(null); }
internal abstract AsymmetricAlgorithm OnLocalPrivateKeySelection(X509CertificateMono certificate, string targetHost);
internal abstract bool OnRemoteCertificateValidation(X509CertificateMono certificate, int[] errors);
internal abstract X509CertificateMono OnLocalCertificateSelection(X509CertificateCollectionMono clientCertificates, X509CertificateMono serverCertificate, string targetHost, X509CertificateCollectionMono serverRequestedCertificates);
internal bool RaiseRemoteCertificateValidation(X509CertificateMono certificate, int[] errors) { return(OnRemoteCertificateValidation(certificate, errors)); }
internal AsymmetricAlgorithm RaisePrivateKeySelection( X509CertificateMono certificate, string targetHost) { return(base.RaiseLocalPrivateKeySelection(certificate, targetHost)); }
internal override X509CertificateMono OnLocalCertificateSelection(X509CertificateCollectionMono clientCertificates, X509CertificateMono serverCertificate, string targetHost, X509CertificateCollectionMono serverRequestedCertificates) { throw new NotSupportedException(); }