public override bool CheckAccess(EndpointIdentity identity, AuthorizationContext authContext) { List <Claim> claims = new List <Claim>(); X509Extension item = null; foreach (ClaimSet claimSet in authContext.ClaimSets) { if (item == null) { X509CertificateClaimSet x509CertificateClaimSet = claimSet as X509CertificateClaimSet; if (x509CertificateClaimSet != null && x509CertificateClaimSet.X509Certificate != null) { item = x509CertificateClaimSet.X509Certificate.Extensions["2.5.29.17"]; } } foreach (Claim claim in claimSet) { if (ClaimTypes.Dns != claim.ClaimType) { continue; } claims.Add(claim); } } if (1 != claims.Count) { throw new InvalidOperationException(SRClient.InvalidDNSClaims(claims.Count)); } if (LenientDnsIdentityVerifier.CheckTopLevelDomainCompatibleness(claims[0].Resource.ToString(), identity.IdentityClaim.Resource.ToString())) { return(true); } return(SecureSocketUtil.CertificateCheckSubjectAlternativeNames(item, identity.IdentityClaim.Resource.ToString())); }
public static bool CertificateCheckSubjectAlternativeNames(X509Extension extensions, string hostName) { if (extensions != null) { string[] strArrays = Regex.Split(extensions.Format(true), Environment.NewLine); string[] strArrays1 = strArrays; for (int i = 0; i < (int)strArrays1.Length; i++) { string str = strArrays1[i]; if (!string.IsNullOrEmpty(str)) { string[] strArrays2 = str.Trim().Split(new char[] { '=' }); if (strArrays2[0].Trim().Equals("DNS Name") && LenientDnsIdentityVerifier.CheckTopLevelDomainCompatibleness(strArrays2[1].Trim(), hostName)) { return(true); } } } } return(false); }
public override bool TryGetIdentity(EndpointAddress reference, out EndpointIdentity identity) { if (this.expectedIdentity != null) { identity = this.expectedIdentity; return(true); } if (reference == null) { throw new ArgumentNullException("reference"); } identity = reference.Identity; if (identity == null) { identity = LenientDnsIdentityVerifier.TryCreateDnsIdentity(reference); } if (identity == null) { return(false); } return(true); }
public static bool CustomizedCertificateValidator(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors, string hostName) { bool flag; if (sslPolicyErrors == SslPolicyErrors.None) { return(true); } if (sslPolicyErrors != SslPolicyErrors.RemoteCertificateNameMismatch) { return(false); } X509Certificate2 x509Certificate2 = certificate as X509Certificate2; Fx.AssertAndThrow(x509Certificate2 != null, "CustomizedCertificateValidator received an invalid certificate"); try { foreach (Claim claim in new X509CertificateClaimSet(x509Certificate2)) { if (!(claim.ClaimType == ClaimTypes.Dns) || !LenientDnsIdentityVerifier.CheckTopLevelDomainCompatibleness(claim.Resource.ToString(), hostName)) { continue; } flag = true; return(flag); } flag = SecureSocketUtil.CertificateCheckSubjectAlternativeNames(x509Certificate2.Extensions["2.5.29.17"], hostName); } catch (Exception exception) { if (Fx.IsFatal(exception)) { throw; } return(false); } return(flag); }