Exemplo n.º 1
0
        public static void Main(string[] args)
        {
            // check that name on cert = name of host user is connecting to
            // var x5092 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificateBytes);
            // string hostName = x5092.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.DnsName, false);
            // bool hostNameMatch = string.Compare(hostName, this.Server, true) == 0;

            // need to build x509chain obj , call build with cert, examine chainstatus property to see why failed.
            // open store
            X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);

            store.Open(OpenFlags.ReadWrite);

            byte[] b                 = GetStreamBytes();
            var    x509              = new Mono.Security.X509.X509Certificate(b);
            var    chain             = new Mono.Security.X509.X509Chain();
            bool   certificateStatus = chain.Build(x509);

            Console.WriteLine(certificateStatus);
            // output true


            //         X509Certificate2 newcert = new X509Certificate2();
            //byte[] b = GetStreamBytes();
            //newcert.Import(b);
            //buildChain(newcert);
            //byte[] b = GetStreamBytes();
            //newcert.Import(b);
            //store.Add(newcert);

            //PrintStore();
            //PrintMore();

            // 3

            // read certs
        }
        private void validateCertificates(Mono.Security.X509.X509CertificateCollection certificates)
        {
            ClientContext    context      = (ClientContext)this.Context;
            AlertDescription description1 = AlertDescription.BadCertificate;

            if (context.SslStream.HaveRemoteValidation2Callback)
            {
                ValidationResult validationResult = context.SslStream.RaiseServerCertificateValidation2(certificates);
                if (!validationResult.Trusted)
                {
                    long             errorCode = (long)validationResult.ErrorCode;
                    AlertDescription description2;
                    switch (errorCode)
                    {
                    case 2148204801:
                        description2 = AlertDescription.CertificateExpired;
                        break;

                    case 2148204809:
                        description2 = AlertDescription.UnknownCA;
                        break;

                    case 2148204810:
                        description2 = AlertDescription.UnknownCA;
                        break;

                    default:
                        description2 = AlertDescription.CertificateUnknown;
                        break;
                    }
                    string str = string.Format("0x{0:x}", (object)errorCode);
                    throw new TlsException(description2, "Invalid certificate received from server. Error code: " + str);
                }
            }
            else
            {
                Mono.Security.X509.X509Certificate certificate1 = certificates[0];
                System.Security.Cryptography.X509Certificates.X509Certificate certificate2 = new System.Security.Cryptography.X509Certificates.X509Certificate(certificate1.RawData);
                ArrayList arrayList = new ArrayList();
                if (!this.checkCertificateUsage(certificate1))
                {
                    arrayList.Add((object)-2146762490);
                }
                if (!this.checkServerIdentity(certificate1))
                {
                    arrayList.Add((object)-2146762481);
                }
                Mono.Security.X509.X509CertificateCollection chain = new Mono.Security.X509.X509CertificateCollection(certificates);
                chain.Remove(certificate1);
                Mono.Security.X509.X509Chain x509Chain = new Mono.Security.X509.X509Chain(chain);
                bool flag;
                try
                {
                    flag = x509Chain.Build(certificate1);
                }
                catch (Exception)
                {
                    flag = false;
                }
                if (!flag)
                {
                    switch (x509Chain.Status)
                    {
                    case Mono.Security.X509.X509ChainStatusFlags.NotTimeValid:
                        description1 = AlertDescription.CertificateExpired;
                        arrayList.Add((object)-2146762495);
                        break;

                    case Mono.Security.X509.X509ChainStatusFlags.NotTimeNested:
                        arrayList.Add((object)-2146762494);
                        break;

                    case Mono.Security.X509.X509ChainStatusFlags.NotSignatureValid:
                        arrayList.Add((object)-2146869232);
                        break;

                    case Mono.Security.X509.X509ChainStatusFlags.UntrustedRoot:
                        description1 = AlertDescription.UnknownCA;
                        arrayList.Add((object)-2146762487);
                        break;

                    case Mono.Security.X509.X509ChainStatusFlags.InvalidBasicConstraints:
                        arrayList.Add((object)-2146869223);
                        break;

                    case Mono.Security.X509.X509ChainStatusFlags.PartialChain:
                        description1 = AlertDescription.UnknownCA;
                        arrayList.Add((object)-2146762486);
                        break;

                    default:
                        description1 = AlertDescription.CertificateUnknown;
                        arrayList.Add((object)(int)x509Chain.Status);
                        break;
                    }
                }
                int[] array = (int[])arrayList.ToArray(typeof(int));
                if (!context.SslStream.RaiseServerCertificateValidation(certificate2, array))
                {
                    throw new TlsException(description1, "Invalid certificate received from server.");
                }
            }
        }
        private void validateCertificates(Mono.Security.X509.X509CertificateCollection certificates)
        {
            ServerContext    context     = (ServerContext)this.Context;
            AlertDescription description = AlertDescription.BadCertificate;

            System.Security.Cryptography.X509Certificates.X509Certificate certificate1 = (System.Security.Cryptography.X509Certificates.X509Certificate)null;
            int[] certificateErrors;
            if (certificates.Count > 0)
            {
                Mono.Security.X509.X509Certificate certificate2 = certificates[0];
                ArrayList arrayList = new ArrayList();
                if (!this.checkCertificateUsage(certificate2))
                {
                    arrayList.Add((object)-2146762490);
                }
                Mono.Security.X509.X509Chain x509Chain;
                if (certificates.Count > 1)
                {
                    Mono.Security.X509.X509CertificateCollection chain = new Mono.Security.X509.X509CertificateCollection(certificates);
                    chain.Remove(certificate2);
                    x509Chain = new Mono.Security.X509.X509Chain(chain);
                }
                else
                {
                    x509Chain = new Mono.Security.X509.X509Chain();
                }
                bool flag;
                try
                {
                    flag = x509Chain.Build(certificate2);
                }
                catch (Exception)
                {
                    flag = false;
                }
                if (!flag)
                {
                    switch (x509Chain.Status)
                    {
                    case Mono.Security.X509.X509ChainStatusFlags.NotTimeValid:
                        description = AlertDescription.CertificateExpired;
                        arrayList.Add((object)-2146762495);
                        break;

                    case Mono.Security.X509.X509ChainStatusFlags.NotTimeNested:
                        arrayList.Add((object)-2146762494);
                        break;

                    case Mono.Security.X509.X509ChainStatusFlags.NotSignatureValid:
                        arrayList.Add((object)-2146869232);
                        break;

                    case Mono.Security.X509.X509ChainStatusFlags.UntrustedRoot:
                        description = AlertDescription.UnknownCA;
                        arrayList.Add((object)-2146762487);
                        break;

                    case Mono.Security.X509.X509ChainStatusFlags.InvalidBasicConstraints:
                        arrayList.Add((object)-2146869223);
                        break;

                    case Mono.Security.X509.X509ChainStatusFlags.PartialChain:
                        description = AlertDescription.UnknownCA;
                        arrayList.Add((object)-2146762486);
                        break;

                    default:
                        description = AlertDescription.CertificateUnknown;
                        arrayList.Add((object)(int)x509Chain.Status);
                        break;
                    }
                }
                certificate1      = new System.Security.Cryptography.X509Certificates.X509Certificate(certificate2.RawData);
                certificateErrors = (int[])arrayList.ToArray(typeof(int));
            }
            else
            {
                certificateErrors = new int[0];
            }
            System.Security.Cryptography.X509Certificates.X509CertificateCollection certificateCollection = new System.Security.Cryptography.X509Certificates.X509CertificateCollection();
            foreach (Mono.Security.X509.X509Certificate certificate2 in certificates)
            {
                certificateCollection.Add(new System.Security.Cryptography.X509Certificates.X509Certificate(certificate2.RawData));
            }
            if (!context.SslStream.RaiseClientCertificateValidation(certificate1, certificateErrors))
            {
                throw new TlsException(description, "Invalid certificate received from client.");
            }
            this.Context.ClientSettings.ClientCertificate = certificate1;
        }