예제 #1
0
        public override bool CheckAccess(EndpointIdentity identity, AuthorizationContext authContext)
        {
            List <Claim>  claims = new List <Claim>();
            X509Extension item   = null;

            foreach (ClaimSet claimSet in authContext.ClaimSets)
            {
                if (item == null)
                {
                    X509CertificateClaimSet x509CertificateClaimSet = claimSet as X509CertificateClaimSet;
                    if (x509CertificateClaimSet != null && x509CertificateClaimSet.X509Certificate != null)
                    {
                        item = x509CertificateClaimSet.X509Certificate.Extensions["2.5.29.17"];
                    }
                }
                foreach (Claim claim in claimSet)
                {
                    if (ClaimTypes.Dns != claim.ClaimType)
                    {
                        continue;
                    }
                    claims.Add(claim);
                }
            }
            if (1 != claims.Count)
            {
                throw new InvalidOperationException(SRClient.InvalidDNSClaims(claims.Count));
            }
            if (LenientDnsIdentityVerifier.CheckTopLevelDomainCompatibleness(claims[0].Resource.ToString(), identity.IdentityClaim.Resource.ToString()))
            {
                return(true);
            }
            return(SecureSocketUtil.CertificateCheckSubjectAlternativeNames(item, identity.IdentityClaim.Resource.ToString()));
        }
예제 #2
0
 public static bool CertificateCheckSubjectAlternativeNames(X509Extension extensions, string hostName)
 {
     if (extensions != null)
     {
         string[] strArrays  = Regex.Split(extensions.Format(true), Environment.NewLine);
         string[] strArrays1 = strArrays;
         for (int i = 0; i < (int)strArrays1.Length; i++)
         {
             string str = strArrays1[i];
             if (!string.IsNullOrEmpty(str))
             {
                 string[] strArrays2 = str.Trim().Split(new char[] { '=' });
                 if (strArrays2[0].Trim().Equals("DNS Name") && LenientDnsIdentityVerifier.CheckTopLevelDomainCompatibleness(strArrays2[1].Trim(), hostName))
                 {
                     return(true);
                 }
             }
         }
     }
     return(false);
 }
예제 #3
0
        public static bool CustomizedCertificateValidator(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors, string hostName)
        {
            bool flag;

            if (sslPolicyErrors == SslPolicyErrors.None)
            {
                return(true);
            }
            if (sslPolicyErrors != SslPolicyErrors.RemoteCertificateNameMismatch)
            {
                return(false);
            }
            X509Certificate2 x509Certificate2 = certificate as X509Certificate2;

            Fx.AssertAndThrow(x509Certificate2 != null, "CustomizedCertificateValidator received an invalid certificate");
            try
            {
                foreach (Claim claim in new X509CertificateClaimSet(x509Certificate2))
                {
                    if (!(claim.ClaimType == ClaimTypes.Dns) || !LenientDnsIdentityVerifier.CheckTopLevelDomainCompatibleness(claim.Resource.ToString(), hostName))
                    {
                        continue;
                    }
                    flag = true;
                    return(flag);
                }
                flag = SecureSocketUtil.CertificateCheckSubjectAlternativeNames(x509Certificate2.Extensions["2.5.29.17"], hostName);
            }
            catch (Exception exception)
            {
                if (Fx.IsFatal(exception))
                {
                    throw;
                }
                return(false);
            }
            return(flag);
        }