public SafeFreeCredentials(SecureCredential credential) { this.credential = credential; bool success = true; DangerousAddRef(ref success); }
private bool AcquireServerCredentials(ref byte[] thumbPrint) { X509Certificate serverCertificate = null; if (this.m_CertSelectionDelegate != null) { X509CertificateCollection localCertificates = new X509CertificateCollection(); localCertificates.Add(this.m_ServerCertificate); serverCertificate = this.m_CertSelectionDelegate(string.Empty, localCertificates, null, new string[0]); } else { serverCertificate = this.m_ServerCertificate; } if (serverCertificate == null) { throw new NotSupportedException(SR.GetString("net_ssl_io_no_server_cert")); } X509Certificate2 certificate2 = this.EnsurePrivateKey(serverCertificate); if (certificate2 == null) { throw new NotSupportedException(SR.GetString("net_ssl_io_no_server_cert")); } byte[] certHash = certificate2.GetCertHash(); try { SafeFreeCredentials credentials = SslSessionsCache.TryCachedCredential(certHash, this.m_ProtocolFlags, this.m_EncryptionPolicy); if (credentials != null) { this.m_CredentialsHandle = credentials; this.m_ServerCertificate = serverCertificate; return(true); } SecureCredential secureCredential = new SecureCredential(4, certificate2, SecureCredential.Flags.Zero, this.m_ProtocolFlags, this.m_EncryptionPolicy); this.m_CredentialsHandle = this.AcquireCredentialsHandle(CredentialUse.Inbound, ref secureCredential); thumbPrint = certHash; this.m_ServerCertificate = serverCertificate; } finally { if (serverCertificate != certificate2) { certificate2.Reset(); } } return(false); }
public SafeFreeCredentials (SecureCredential credential) { this.credential = credential; bool success = true; DangerousAddRef (ref success); }
public SecureCredential (int version, X509Certificate2 certificate, SecureCredential.Flags flags, SchProtocols protocols, EncryptionPolicy policy) { this.version = version; this.certificate = certificate; this.protocols = protocols; this.policy = policy; }
internal static SafeFreeCredentials AcquireCredentialsHandle(SSPIInterface SecModule, string package, CredentialUse intent, SecureCredential scc) { return(new SafeFreeCredentials(scc)); }
internal static SafeFreeCredentials AcquireCredentialsHandle (SSPIInterface SecModule, string package, CredentialUse intent, SecureCredential scc) { return new SafeFreeCredentials (scc); }
private bool AcquireClientCredentials(ref byte[] thumbPrint) { X509Certificate certificate = null; ArrayList list = new ArrayList(); string[] acceptableIssuers = null; bool flag = false; if (this.m_CertSelectionDelegate != null) { if (acceptableIssuers == null) { acceptableIssuers = this.GetIssuers(); } X509Certificate2 remoteCertificate = null; try { X509Certificate2Collection certificates; remoteCertificate = this.GetRemoteCertificate(out certificates); certificate = this.m_CertSelectionDelegate(this.m_HostName, this.ClientCertificates, remoteCertificate, acceptableIssuers); } finally { if (remoteCertificate != null) { remoteCertificate.Reset(); } } if (certificate != null) { if (this.m_CredentialsHandle == null) { flag = true; } list.Add(certificate); if (Logging.On) { Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_got_certificate_from_delegate")); } } else if (this.ClientCertificates.Count == 0) { if (Logging.On) { Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_no_delegate_and_have_no_client_cert")); } flag = true; } else if (Logging.On) { Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_no_delegate_but_have_client_cert")); } } else if (((this.m_CredentialsHandle == null) && (this.m_ClientCertificates != null)) && (this.m_ClientCertificates.Count > 0)) { certificate = this.ClientCertificates[0]; flag = true; if (certificate != null) { list.Add(certificate); } if (Logging.On) { Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_attempting_restart_using_cert", new object[] { (certificate == null) ? "null" : certificate.ToString(true) })); } } else if ((this.m_ClientCertificates != null) && (this.m_ClientCertificates.Count > 0)) { if (acceptableIssuers == null) { acceptableIssuers = this.GetIssuers(); } if (Logging.On) { if ((acceptableIssuers == null) || (acceptableIssuers.Length == 0)) { Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_no_issuers_try_all_certs")); } else { Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_server_issuers_look_for_matching_certs", new object[] { acceptableIssuers.Length })); } } for (int j = 0; j < this.m_ClientCertificates.Count; j++) { if ((acceptableIssuers != null) && (acceptableIssuers.Length != 0)) { X509Certificate2 certificate3 = null; X509Chain chain = null; try { certificate3 = MakeEx(this.m_ClientCertificates[j]); if (certificate3 == null) { continue; } chain = new X509Chain { ChainPolicy = { RevocationMode = X509RevocationMode.NoCheck, VerificationFlags = X509VerificationFlags.IgnoreInvalidName } }; chain.Build(certificate3); bool flag2 = false; if (chain.ChainElements.Count > 0) { for (int k = 0; k < chain.ChainElements.Count; k++) { string issuer = chain.ChainElements[k].Certificate.Issuer; flag2 = Array.IndexOf <string>(acceptableIssuers, issuer) != -1; if (flag2) { break; } } } if (!flag2) { continue; } } finally { if (chain != null) { chain.Reset(); } if ((certificate3 != null) && (certificate3 != this.m_ClientCertificates[j])) { certificate3.Reset(); } } } if (Logging.On) { Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_selected_cert", new object[] { this.m_ClientCertificates[j].ToString(true) })); } list.Add(this.m_ClientCertificates[j]); } } X509Certificate2 certificate4 = null; certificate = null; if (Logging.On) { Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_n_certs_after_filtering", new object[] { list.Count })); if (list.Count != 0) { Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_finding_matching_certs")); } } for (int i = 0; i < list.Count; i++) { certificate = list[i] as X509Certificate; certificate4 = this.EnsurePrivateKey(certificate); if (certificate4 != null) { break; } certificate = null; certificate4 = null; } try { byte[] buffer = (certificate4 == null) ? null : certificate4.GetCertHash(); SafeFreeCredentials credentials = SslSessionsCache.TryCachedCredential(buffer, this.m_ProtocolFlags, this.m_EncryptionPolicy); if ((flag && (credentials == null)) && (certificate4 != null)) { if (certificate != certificate4) { certificate4.Reset(); } buffer = null; certificate4 = null; certificate = null; } if (credentials != null) { if (Logging.On) { Logging.PrintInfo(Logging.Web, SR.GetString("net_log_using_cached_credential")); } this.m_CredentialsHandle = credentials; this.m_SelectedClientCertificate = certificate; return(true); } SecureCredential secureCredential = new SecureCredential(4, certificate4, SecureCredential.Flags.NoDefaultCred | SecureCredential.Flags.ValidateManual, this.m_ProtocolFlags, this.m_EncryptionPolicy); this.m_CredentialsHandle = this.AcquireCredentialsHandle(CredentialUse.Outbound, ref secureCredential); thumbPrint = buffer; this.m_SelectedClientCertificate = certificate; } finally { if ((certificate4 != null) && (certificate != certificate4)) { certificate4.Reset(); } } return(false); }
private SafeFreeCredentials AcquireCredentialsHandle(CredentialUse credUsage, ref SecureCredential secureCredential) { SafeFreeCredentials credentials; try { using (WindowsIdentity.Impersonate(IntPtr.Zero)) { credentials = SSPIWrapper.AcquireCredentialsHandle(GlobalSSPI.SSPISecureChannel, "Microsoft Unified Security Protocol Provider", credUsage, secureCredential); } } catch { credentials = SSPIWrapper.AcquireCredentialsHandle(GlobalSSPI.SSPISecureChannel, "Microsoft Unified Security Protocol Provider", credUsage, secureCredential); } return(credentials); }