public AppleTlsContext( MobileAuthenticatedStream parent, MonoTlsSettings settings, AppleTlsProvider provider, bool serverMode, string targetHost, SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool askForClientCert) { this.parent = parent; this.settings = settings; this.provider = provider; this.serverMode = serverMode; this.targetHost = targetHost; this.enabledProtocols = enabledProtocols; this.serverCertificate = serverCertificate; this.clientCertificates = clientCertificates; this.askForClientCert = askForClientCert; handle = GCHandle.Alloc(this); connectionId = GCHandle.ToIntPtr(handle); readFunc = NativeReadCallback; writeFunc = NativeWriteCallback; certificateValidator = CertificateValidationHelper.GetDefaultValidator(settings, provider); if (IsServer) { if (serverCertificate == null) { throw new ArgumentNullException("serverCertificate"); } } }
public MobileTlsContext( MobileAuthenticatedStream parent, bool serverMode, string targetHost, SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool askForClientCert) { this.parent = parent; this.serverMode = serverMode; this.targetHost = targetHost; this.enabledProtocols = enabledProtocols; this.serverCertificate = serverCertificate; this.clientCertificates = clientCertificates; this.askForClientCert = askForClientCert; serverName = targetHost; if (!string.IsNullOrEmpty(serverName)) { var pos = serverName.IndexOf(':'); if (pos > 0) { serverName = serverName.Substring(0, pos); } } certificateValidator = CertificateValidationHelper.GetInternalValidator( parent.Settings, parent.Provider); }
internal static void CheckClientCertificate(TlsContext context, MX.X509CertificateCollection certificates) { if (context.SettingsProvider.HasClientCertificateParameters) { var certParams = context.SettingsProvider.ClientCertificateParameters; if (certParams.CertificateAuthorities.Count > 0) { if (!certParams.CertificateAuthorities.Contains(certificates [0].IssuerName)) { throw new TlsException(AlertDescription.BadCertificate); } } } var helper = CertificateValidationHelper.GetValidator(context.Configuration.TlsSettings); X509Certificate2Collection scerts = null; if (certificates != null) { scerts = new X509Certificate2Collection(); for (int i = 0; i < certificates.Count; i++) { scerts.Add(new X509Certificate2(certificates [i].RawData)); } } var result = helper.ValidateClientCertificate(scerts); if (result == null || !result.Trusted || result.UserDenied) { throw new TlsException(AlertDescription.CertificateUnknown); } }
internal static void CheckRemoteCertificate(TlsConfiguration config, MX.X509CertificateCollection certificates) { if (certificates == null || certificates.Count < 1) { throw new TlsException(AlertDescription.CertificateUnknown); } var helper = CertificateValidationHelper.GetValidator(config.TlsSettings); X509Certificate2Collection scerts = null; if (certificates != null) { scerts = new X509Certificate2Collection(); for (int i = 0; i < certificates.Count; i++) { scerts.Add(new X509Certificate2(certificates [i].RawData)); } } var result = helper.ValidateChain(config.TargetHost, scerts); if (result != null && result.Trusted && !result.UserDenied) { return; } // FIXME: check other values to report correct error type. throw new TlsException(AlertDescription.CertificateUnknown); }
protected MobileTlsContext(MobileAuthenticatedStream parent, MonoSslAuthenticationOptions options) { Parent = parent; IsServer = options.ServerMode; EnabledProtocols = options.EnabledSslProtocols; if (options.ServerMode) { LocalServerCertificate = options.ServerCertificate; AskForClientCertificate = options.ClientCertificateRequired; } else { ClientCertificates = options.ClientCertificates; TargetHost = options.TargetHost; ServerName = options.TargetHost; if (!string.IsNullOrEmpty(ServerName)) { var pos = ServerName.IndexOf(':'); if (pos > 0) { ServerName = ServerName.Substring(0, pos); } } } certificateValidator = CertificateValidationHelper.GetInternalValidator( parent.Settings, parent.Provider); }
public void Dispose() { _connection.Dispose(); if (_ignoreSslPolicyErrors) { CertificateValidationHelper.RestoreCertificateValidation(); } }
ICertificateValidator GetValidator(TestContext ctx) { MonoTlsSettings settings = null; if (Parameters.UseTestRunnerCallback) { settings = MonoTlsSettings.CopyDefaultSettings(); settings.CallbackNeedsCertificateChain = true; settings.UseServicePointManagerCallback = false; settings.RemoteCertificateValidationCallback = (t, c, ch, e) => ValidationCallback(ctx, t, c, ch, e); } return(CertificateValidationHelper.GetValidator(settings)); }
public ICertificateValidator GetCertificateValidator(MonoTlsSettings settings) { #if !__MOBILE__ var type = typeof(CertificateValidationHelper); var getValidator = type.GetMethod("GetValidator", new Type[] { typeof(MonoTlsSettings) }); if (getValidator != null) { return((ICertificateValidator)getValidator.Invoke(null, new object[] { settings })); } getValidator = type.GetMethod("GetValidator", new Type[] { typeof(MonoTlsSettings), typeof(MonoTlsProvider) }); return((ICertificateValidator)getValidator.Invoke(null, new object[] { settings, null })); #else return(CertificateValidationHelper.GetValidator(settings)); #endif }
public MobileTlsContext( MobileAuthenticatedStream parent, bool serverMode, string targetHost, SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool askForClientCert) { this.parent = parent; this.serverMode = serverMode; this.targetHost = targetHost; this.enabledProtocols = enabledProtocols; this.serverCertificate = serverCertificate; this.clientCertificates = clientCertificates; this.askForClientCert = askForClientCert; certificateValidator = CertificateValidationHelper.GetDefaultValidator( parent.Settings, parent.Provider); }
/// <summary> /// Creates a session object holding contracts and proxies to the web services API. Takes care of username/password and 'Active Directory' authentication (NetworkCredential) to the Secure Token Service. /// </summary> /// <param name="logger">Instance of the ILogger interface to allow some logging although Write-* is not very thread-friendly.</param> /// <param name="webServicesBaseUrl">The url to the web service API. For example 'https://example.com/ISHWS/'</param> /// <param name="ishUserName">InfoShare user name. For example 'Admin'</param> /// <param name="ishSecurePassword">Matching password as SecureString of the incoming user name. When null is provided, a NetworkCredential() is created instead.</param> /// <param name="timeout">Timeout to control Send/Receive timeouts of HttpClient when downloading content like connectionconfiguration.xml</param> /// <param name="timeoutIssue">Timeout to control Send/Receive timeouts of WCF when issuing a token</param> /// <param name="timeoutService">Timeout to control Send/Receive timeouts of WCF for InfoShareWS proxies</param> /// <param name="ignoreSslPolicyErrors">IgnoreSslPolicyErrors presence indicates that a custom callback will be assigned to ServicePointManager.ServerCertificateValidationCallback. Defaults false of course, as this is creates security holes! But very handy for Fiddler usage though.</param> public IshSession(ILogger logger, string webServicesBaseUrl, string ishUserName, SecureString ishSecurePassword, TimeSpan timeout, TimeSpan timeoutIssue, TimeSpan timeoutService, bool ignoreSslPolicyErrors) { _logger = logger; _explicitIssuer = false; _ignoreSslPolicyErrors = ignoreSslPolicyErrors; if (_ignoreSslPolicyErrors) { CertificateValidationHelper.OverrideCertificateValidation(); } ServicePointManagerHelper.RestoreCertificateValidation(); // webServicesBaseUrl should have trailing slash, otherwise .NET throws unhandy "Reference to undeclared entity 'raquo'." error _webServicesBaseUri = (webServicesBaseUrl.EndsWith("/")) ? new Uri(webServicesBaseUrl) : new Uri(webServicesBaseUrl + "/"); _ishUserName = ishUserName == null ? Environment.UserName : ishUserName; _ishSecurePassword = ishSecurePassword; _timeout = timeout; _timeoutIssue = timeoutIssue; _timeoutService = timeoutService; CreateConnection(); }
public AppleTlsContext( MobileAuthenticatedStream parent, bool serverMode, string targetHost, SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool askForClientCert) : base(parent, serverMode, targetHost, enabledProtocols, serverCertificate, clientCertificates, askForClientCert) { handle = GCHandle.Alloc(this); connectionId = GCHandle.ToIntPtr(handle); readFunc = NativeReadCallback; writeFunc = NativeWriteCallback; certificateValidator = CertificateValidationHelper.GetDefaultValidator(Settings, Provider); if (IsServer) { if (serverCertificate == null) { throw new ArgumentNullException("serverCertificate"); } } }