public SafeFreeCredentials(SecureCredential credential)
{
this.credential = credential;
bool success = true;
DangerousAddRef(ref success);
}
private bool AcquireServerCredentials(ref byte[] thumbPrint)
{
X509Certificate serverCertificate = null;
if (this.m_CertSelectionDelegate != null)
{
X509CertificateCollection localCertificates = new X509CertificateCollection();
localCertificates.Add(this.m_ServerCertificate);
serverCertificate = this.m_CertSelectionDelegate(string.Empty, localCertificates, null, new string[0]);
}
else
{
serverCertificate = this.m_ServerCertificate;
}
if (serverCertificate == null)
{
throw new NotSupportedException(SR.GetString("net_ssl_io_no_server_cert"));
}
X509Certificate2 certificate2 = this.EnsurePrivateKey(serverCertificate);
if (certificate2 == null)
{
throw new NotSupportedException(SR.GetString("net_ssl_io_no_server_cert"));
}
byte[] certHash = certificate2.GetCertHash();
try
{
SafeFreeCredentials credentials = SslSessionsCache.TryCachedCredential(certHash, this.m_ProtocolFlags, this.m_EncryptionPolicy);
if (credentials != null)
{
this.m_CredentialsHandle = credentials;
this.m_ServerCertificate = serverCertificate;
return(true);
}
SecureCredential secureCredential = new SecureCredential(4, certificate2, SecureCredential.Flags.Zero, this.m_ProtocolFlags, this.m_EncryptionPolicy);
this.m_CredentialsHandle = this.AcquireCredentialsHandle(CredentialUse.Inbound, ref secureCredential);
thumbPrint = certHash;
this.m_ServerCertificate = serverCertificate;
}
finally
{
if (serverCertificate != certificate2)
{
certificate2.Reset();
}
}
return(false);
}
public SafeFreeCredentials (SecureCredential credential)
{
this.credential = credential;
bool success = true;
DangerousAddRef (ref success);
}
public SecureCredential (int version, X509Certificate2 certificate, SecureCredential.Flags flags, SchProtocols protocols, EncryptionPolicy policy)
{
this.version = version;
this.certificate = certificate;
this.protocols = protocols;
this.policy = policy;
}
internal static SafeFreeCredentials AcquireCredentialsHandle(SSPIInterface SecModule, string package, CredentialUse intent, SecureCredential scc)
{
return(new SafeFreeCredentials(scc));
}
internal static SafeFreeCredentials AcquireCredentialsHandle (SSPIInterface SecModule, string package, CredentialUse intent, SecureCredential scc)
{
return new SafeFreeCredentials (scc);
}
private bool AcquireClientCredentials(ref byte[] thumbPrint)
{
X509Certificate certificate = null;
ArrayList list = new ArrayList();
string[] acceptableIssuers = null;
bool flag = false;
if (this.m_CertSelectionDelegate != null)
{
if (acceptableIssuers == null)
{
acceptableIssuers = this.GetIssuers();
}
X509Certificate2 remoteCertificate = null;
try
{
X509Certificate2Collection certificates;
remoteCertificate = this.GetRemoteCertificate(out certificates);
certificate = this.m_CertSelectionDelegate(this.m_HostName, this.ClientCertificates, remoteCertificate, acceptableIssuers);
}
finally
{
if (remoteCertificate != null)
{
remoteCertificate.Reset();
}
}
if (certificate != null)
{
if (this.m_CredentialsHandle == null)
{
flag = true;
}
list.Add(certificate);
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_got_certificate_from_delegate"));
}
}
else if (this.ClientCertificates.Count == 0)
{
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_no_delegate_and_have_no_client_cert"));
}
flag = true;
}
else if (Logging.On)
{
Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_no_delegate_but_have_client_cert"));
}
}
else if (((this.m_CredentialsHandle == null) && (this.m_ClientCertificates != null)) && (this.m_ClientCertificates.Count > 0))
{
certificate = this.ClientCertificates[0];
flag = true;
if (certificate != null)
{
list.Add(certificate);
}
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_attempting_restart_using_cert", new object[] { (certificate == null) ? "null" : certificate.ToString(true) }));
}
}
else if ((this.m_ClientCertificates != null) && (this.m_ClientCertificates.Count > 0))
{
if (acceptableIssuers == null)
{
acceptableIssuers = this.GetIssuers();
}
if (Logging.On)
{
if ((acceptableIssuers == null) || (acceptableIssuers.Length == 0))
{
Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_no_issuers_try_all_certs"));
}
else
{
Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_server_issuers_look_for_matching_certs", new object[] { acceptableIssuers.Length }));
}
}
for (int j = 0; j < this.m_ClientCertificates.Count; j++)
{
if ((acceptableIssuers != null) && (acceptableIssuers.Length != 0))
{
X509Certificate2 certificate3 = null;
X509Chain chain = null;
try
{
certificate3 = MakeEx(this.m_ClientCertificates[j]);
if (certificate3 == null)
{
continue;
}
chain = new X509Chain {
ChainPolicy = { RevocationMode = X509RevocationMode.NoCheck, VerificationFlags = X509VerificationFlags.IgnoreInvalidName }
};
chain.Build(certificate3);
bool flag2 = false;
if (chain.ChainElements.Count > 0)
{
for (int k = 0; k < chain.ChainElements.Count; k++)
{
string issuer = chain.ChainElements[k].Certificate.Issuer;
flag2 = Array.IndexOf <string>(acceptableIssuers, issuer) != -1;
if (flag2)
{
break;
}
}
}
if (!flag2)
{
continue;
}
}
finally
{
if (chain != null)
{
chain.Reset();
}
if ((certificate3 != null) && (certificate3 != this.m_ClientCertificates[j]))
{
certificate3.Reset();
}
}
}
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_selected_cert", new object[] { this.m_ClientCertificates[j].ToString(true) }));
}
list.Add(this.m_ClientCertificates[j]);
}
}
X509Certificate2 certificate4 = null;
certificate = null;
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_n_certs_after_filtering", new object[] { list.Count }));
if (list.Count != 0)
{
Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_finding_matching_certs"));
}
}
for (int i = 0; i < list.Count; i++)
{
certificate = list[i] as X509Certificate;
certificate4 = this.EnsurePrivateKey(certificate);
if (certificate4 != null)
{
break;
}
certificate = null;
certificate4 = null;
}
try
{
byte[] buffer = (certificate4 == null) ? null : certificate4.GetCertHash();
SafeFreeCredentials credentials = SslSessionsCache.TryCachedCredential(buffer, this.m_ProtocolFlags, this.m_EncryptionPolicy);
if ((flag && (credentials == null)) && (certificate4 != null))
{
if (certificate != certificate4)
{
certificate4.Reset();
}
buffer = null;
certificate4 = null;
certificate = null;
}
if (credentials != null)
{
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, SR.GetString("net_log_using_cached_credential"));
}
this.m_CredentialsHandle = credentials;
this.m_SelectedClientCertificate = certificate;
return(true);
}
SecureCredential secureCredential = new SecureCredential(4, certificate4, SecureCredential.Flags.NoDefaultCred | SecureCredential.Flags.ValidateManual, this.m_ProtocolFlags, this.m_EncryptionPolicy);
this.m_CredentialsHandle = this.AcquireCredentialsHandle(CredentialUse.Outbound, ref secureCredential);
thumbPrint = buffer;
this.m_SelectedClientCertificate = certificate;
}
finally
{
if ((certificate4 != null) && (certificate != certificate4))
{
certificate4.Reset();
}
}
return(false);
}
private SafeFreeCredentials AcquireCredentialsHandle(CredentialUse credUsage, ref SecureCredential secureCredential)
{
SafeFreeCredentials credentials;
try
{
using (WindowsIdentity.Impersonate(IntPtr.Zero))
{
credentials = SSPIWrapper.AcquireCredentialsHandle(GlobalSSPI.SSPISecureChannel, "Microsoft Unified Security Protocol Provider", credUsage, secureCredential);
}
}
catch
{
credentials = SSPIWrapper.AcquireCredentialsHandle(GlobalSSPI.SSPISecureChannel, "Microsoft Unified Security Protocol Provider", credUsage, secureCredential);
}
return(credentials);
}
