private void ConnectCallback()
{
try
{
this.ResolveSSLAddress();
byte[] certBundleBytes;
if (FileUtil.LoadFromDrive(SslSocket.GetBundleStoragePath(), out certBundleBytes))
{
this.m_bundleSettings.bundle = new SslCertBundle(certBundleBytes);
}
RemoteCertificateValidationCallback userCertificateValidationCallback = new RemoteCertificateValidationCallback(SslSocket.OnValidateServerCertificate);
this.m_sslStream = new SslStream(new NetworkStream(this.Socket, true), false, userCertificateValidationCallback);
SslSocket.SslStreamValidateContext sslStreamValidateContext = new SslSocket.SslStreamValidateContext();
sslStreamValidateContext.m_sslSocket = this;
SslSocket.s_streamValidationContexts.Add(this.m_sslStream, sslStreamValidateContext);
this.m_sslStream.BeginAuthenticateAsClient(this.m_address, new AsyncCallback(this.OnAuthenticateAsClient), null);
}
catch (Exception ex)
{
SslSocket.s_log.LogError("Exception while trying to authenticate. {0}", new object[]
{
ex
});
this.ExecuteBeginConnectDelegate(true);
}
}
private static bool VerifySignedHash(RSAParameters key, byte[] hash, byte[] signature)
{
byte[] numArray = new byte[(int)key.Modulus.Length];
byte[] numArray1 = new byte[(int)key.Exponent.Length];
byte[] numArray2 = new byte[(int)signature.Length];
Array.Copy(key.Modulus, numArray, (int)key.Modulus.Length);
Array.Copy(key.Exponent, numArray1, (int)key.Exponent.Length);
Array.Copy(signature, numArray2, (int)signature.Length);
Array.Reverse(numArray);
Array.Reverse(numArray1);
Array.Reverse(numArray2);
BigInteger bigInteger = new BigInteger(numArray);
BigInteger bigInteger1 = new BigInteger(numArray1);
BigInteger bigInteger2 = BigInteger.PowMod(new BigInteger(numArray2), bigInteger1, bigInteger);
byte[] numArray3 = new byte[(int)key.Modulus.Length];
byte[] fieldHandle = new byte[] { typeof(< PrivateImplementationDetails >).GetField("$field-2FFAC053D2D8FD53E1733DCE28216805289D3E35").FieldHandle };
if (!SslSocket.MakePKCS1SignatureBlock(hash, (int)hash.Length, fieldHandle, (int)fieldHandle.Length, numArray3, (int)key.Modulus.Length))
{
return(false);
}
byte[] numArray4 = new byte[(int)numArray3.Length];
Array.Copy(numArray3, numArray4, (int)numArray3.Length);
Array.Reverse(numArray4);
return((new BigInteger(numArray4)).CompareTo(bigInteger2) == 0);
}
private static bool VerifyBundleSignature(byte[] signedBundleData)
{
int length = (int)signedBundleData.Length - (SslSocket.s_magicBundleSignaturePreamble.Length + 256);
if (length <= 0)
{
return(false);
}
byte[] bytes = Encoding.ASCII.GetBytes(SslSocket.s_magicBundleSignaturePreamble);
for (int i = 0; i < (int)bytes.Length; i++)
{
if (signedBundleData[length + i] != bytes[i])
{
return(false);
}
}
SHA256 sHA256 = SHA256.Create();
sHA256.Initialize();
sHA256.TransformBlock(signedBundleData, 0, length, null, 0);
byte[] numArray = Encoding.ASCII.GetBytes("Blizzard Certificate Bundle");
sHA256.TransformBlock(numArray, 0, (int)numArray.Length, null, 0);
sHA256.TransformFinalBlock(new byte[1], 0, 0);
byte[] hash = sHA256.Hash;
byte[] numArray1 = new byte[256];
Array.Copy(signedBundleData, length + SslSocket.s_magicBundleSignaturePreamble.Length, numArray1, 0, 256);
List <RSAParameters> rSAParameters = new List <RSAParameters>();
RSAParameters rSAParameter = new RSAParameters()
{
Modulus = SslSocket.s_standardPublicModulus,
Exponent = SslSocket.s_standardPublicExponent
};
rSAParameters.Add(rSAParameter);
RSAParameters rSAParameter1 = new RSAParameters()
{
Modulus = SslSocket.s_debugPublicModulus,
Exponent = SslSocket.s_debugPublicExponent
};
rSAParameters.Add(rSAParameter1);
bool flag = false;
int num = 0;
while (num < rSAParameters.Count)
{
if (!SslSocket.VerifySignedHash(rSAParameters[num], hash, numArray1))
{
num++;
}
else
{
flag = true;
break;
}
}
return(flag);
}
public void Disconnect()
{
if (this.m_sslSocket != null)
{
this.m_sslSocket.Close();
this.m_sslSocket = null;
}
this.m_connectionState = SslClientConnection.ConnectionState.Disconnected;
}
private static bool VerifyBundleSignature(byte[] signedBundleData)
{
int num = signedBundleData.Length - (SslSocket.s_magicBundleSignaturePreamble.Length + 256);
if (num <= 0)
{
return(false);
}
byte[] bytes = Encoding.ASCII.GetBytes(SslSocket.s_magicBundleSignaturePreamble);
for (int i = 0; i < bytes.Length; i++)
{
if (signedBundleData[num + i] != bytes[i])
{
return(false);
}
}
SHA256 sha = SHA256.Create();
sha.Initialize();
sha.TransformBlock(signedBundleData, 0, num, null, 0);
string s = "Blizzard Certificate Bundle";
byte[] bytes2 = Encoding.ASCII.GetBytes(s);
sha.TransformBlock(bytes2, 0, bytes2.Length, null, 0);
sha.TransformFinalBlock(new byte[1], 0, 0);
byte[] hash = sha.Hash;
byte[] array = new byte[256];
Array.Copy(signedBundleData, num + SslSocket.s_magicBundleSignaturePreamble.Length, array, 0, 256);
List <RSAParameters> list = new List <RSAParameters>();
list.Add(new RSAParameters
{
Modulus = SslSocket.s_standardPublicModulus,
Exponent = SslSocket.s_standardPublicExponent
});
list.Add(new RSAParameters
{
Modulus = SslSocket.s_debugPublicModulus,
Exponent = SslSocket.s_debugPublicExponent
});
bool result = false;
for (int j = 0; j < list.Count; j++)
{
RSAParameters key = list[j];
if (SslSocket.VerifySignedHash(key, hash, array))
{
result = true;
break;
}
}
return(result);
}
private static bool GetBundleInfo(byte[] unsignedBundleBytes, out SslSocket.BundleInfo info)
{
info.bundleKeyHashs = new List <byte[]>();
info.bundleUris = new List <string>();
info.bundleCerts = new List <X509Certificate2>();
string text = null;
string @string = Encoding.ASCII.GetString(unsignedBundleBytes);
try
{
JsonNode jsonNode = Json.Deserialize(@string) as JsonNode;
JsonList jsonList = jsonNode["PublicKeys"] as JsonList;
foreach (object obj in jsonList)
{
JsonNode jsonNode2 = (JsonNode)obj;
string item = (string)jsonNode2["Uri"];
string hex = (string)jsonNode2["ShaHashPublicKeyInfo"];
byte[] item2 = null;
SslSocket.HexStrToBytesError hexStrToBytesError = SslSocket.HexStrToBytes(hex, out item2);
if (hexStrToBytesError != SslSocket.HexStrToBytesError.OK)
{
text = EnumUtils.GetString <SslSocket.HexStrToBytesError>(hexStrToBytesError);
break;
}
info.bundleKeyHashs.Add(item2);
info.bundleUris.Add(item);
}
JsonList jsonList2 = jsonNode["SigningCertificates"] as JsonList;
foreach (object obj2 in jsonList2)
{
JsonNode jsonNode3 = (JsonNode)obj2;
string s = (string)jsonNode3["RawData"];
byte[] bytes = Encoding.ASCII.GetBytes(s);
X509Certificate2 item3 = new X509Certificate2(bytes);
info.bundleCerts.Add(item3);
}
}
catch (Exception ex)
{
text = ex.ToString();
}
if (text != null)
{
SslSocket.s_log.LogWarning("Exception while trying to parse certificate bundle. {0}", new object[]
{
text
});
return(false);
}
return(true);
}
private static bool VerifySignedHash(RSAParameters key, byte[] hash, byte[] signature)
{
byte[] array = new byte[key.Modulus.Length];
byte[] array2 = new byte[key.Exponent.Length];
byte[] array3 = new byte[signature.Length];
Array.Copy(key.Modulus, array, key.Modulus.Length);
Array.Copy(key.Exponent, array2, key.Exponent.Length);
Array.Copy(signature, array3, signature.Length);
Array.Reverse(array);
Array.Reverse(array2);
Array.Reverse(array3);
BigInteger mod = new BigInteger(array);
BigInteger exp = new BigInteger(array2);
BigInteger b = new BigInteger(array3);
BigInteger value = BigInteger.PowMod(b, exp, mod);
byte[] array4 = new byte[key.Modulus.Length];
byte[] array5 = new byte[]
{
48,
49,
48,
13,
6,
9,
96,
134,
72,
1,
101,
3,
4,
2,
1,
5,
0,
4,
32
};
if (!SslSocket.MakePKCS1SignatureBlock(hash, hash.Length, array5, array5.Length, array4, key.Modulus.Length))
{
return(false);
}
byte[] array6 = new byte[array4.Length];
Array.Copy(array4, array6, array4.Length);
Array.Reverse(array6);
BigInteger bigInteger = new BigInteger(array6);
return(bigInteger.CompareTo(value) == 0);
}
private static bool GetBundleInfo(byte[] unsignedBundleBytes, out SslSocket.BundleInfo info)
{
info = new SslSocket.BundleInfo();
info.bundleKeyHashs = new List <byte[]>();
info.bundleUris = new List <string>();
info.bundleCerts = new List <X509Certificate2>();
string str = null;
string str1 = Encoding.ASCII.GetString(unsignedBundleBytes);
try
{
JsonNode jsonNode = Json.Deserialize(str1) as JsonNode;
foreach (JsonNode item in jsonNode["PublicKeys"] as JsonList)
{
string item1 = (string)item["Uri"];
string item2 = (string)item["ShaHashPublicKeyInfo"];
byte[] numArray = null;
SslSocket.HexStrToBytesError bytes = SslSocket.HexStrToBytes(item2, out numArray);
if (bytes == SslSocket.HexStrToBytesError.OK)
{
info.bundleKeyHashs.Add(numArray);
info.bundleUris.Add(item1);
}
else
{
str = EnumUtils.GetString <SslSocket.HexStrToBytesError>(bytes);
break;
}
}
foreach (JsonNode jsonNode1 in jsonNode["SigningCertificates"] as JsonList)
{
string str2 = (string)jsonNode1["RawData"];
X509Certificate2 x509Certificate2 = new X509Certificate2(Encoding.ASCII.GetBytes(str2));
info.bundleCerts.Add(x509Certificate2);
}
}
catch (Exception exception)
{
str = exception.ToString();
}
if (str == null)
{
return(true);
}
SslSocket.s_log.LogWarning("Exception while trying to parse certificate bundle. {0}", new object[] { str });
return(false);
}
public void Connect(string host, int port)
{
this.m_hostAddress = host;
this.m_hostPort = port;
this.Disconnect();
this.m_sslSocket = new SslSocket();
this.m_connectionState = SslClientConnection.ConnectionState.Connecting;
try
{
this.m_sslSocket.BeginConnect(host, port, this.m_bundleSettings, new SslSocket.BeginConnectDelegate(this.ConnectCallback));
}
catch (Exception ex)
{
string text = this.m_hostAddress + ":" + this.m_hostPort;
LogAdapter.Log(LogLevel.Warning, "Could not connect to " + text + " -- " + ex.get_Message());
this.m_connectionState = SslClientConnection.ConnectionState.ConnectionFailed;
this.TriggerOnConnectHandler(BattleNetErrors.ERROR_RPC_PEER_UNKNOWN);
}
this.m_bundleSettings = null;
}
public void Connect(string host, int port)
{
this.m_hostAddress = host;
this.m_hostPort = port;
this.Disconnect();
this.m_sslSocket = new SslSocket();
this.m_connectionState = SslClientConnection.ConnectionState.Connecting;
try
{
this.m_sslSocket.BeginConnect(host, port, this.m_bundleSettings, new SslSocket.BeginConnectDelegate(this.ConnectCallback));
}
catch (Exception exception1)
{
Exception exception = exception1;
string str = string.Concat(this.m_hostAddress, ":", this.m_hostPort);
LogAdapter.Log(LogLevel.Warning, string.Concat("Could not connect to ", str, " -- ", exception.Message));
this.m_connectionState = SslClientConnection.ConnectionState.ConnectionFailed;
this.TriggerOnConnectHandler(BattleNetErrors.ERROR_RPC_PEER_UNKNOWN);
}
this.m_bundleSettings = null;
}
private static bool OnValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
SslSocket.CertValidationResult certValidationResult = SslSocket.IsServerCertificateValid(sender, certificate, chain, sslPolicyErrors);
if (certValidationResult == SslSocket.CertValidationResult.FAILED_CERT_BUNDLE)
{
SslStream sslStream = (SslStream)sender;
SslSocket mSslSocket = SslSocket.s_streamValidationContexts[sslStream].m_sslSocket;
foreach (SslCertBundle sslCertBundle in SslSocket.DownloadCertBundles(mSslSocket.m_bundleSettings.bundleDownloadConfig))
{
mSslSocket.m_bundleSettings.bundle = sslCertBundle;
certValidationResult = SslSocket.IsServerCertificateValid(sender, certificate, chain, sslPolicyErrors);
if (certValidationResult != SslSocket.CertValidationResult.OK)
{
continue;
}
FileUtil.StoreToDrive(sslCertBundle.CertBundleBytes, SslSocket.GetBundleStoragePath(), true, true);
break;
}
}
return(certValidationResult == SslSocket.CertValidationResult.OK);
}
private static bool OnValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
SslSocket.CertValidationResult certValidationResult = SslSocket.IsServerCertificateValid(sender, certificate, chain, sslPolicyErrors);
if (certValidationResult == SslSocket.CertValidationResult.FAILED_CERT_BUNDLE)
{
SslStream key = (SslStream)sender;
SslSocket.SslStreamValidateContext sslStreamValidateContext = SslSocket.s_streamValidationContexts[key];
SslSocket sslSocket = sslStreamValidateContext.m_sslSocket;
UrlDownloaderConfig bundleDownloadConfig = sslSocket.m_bundleSettings.bundleDownloadConfig;
List <SslCertBundle> list = SslSocket.DownloadCertBundles(bundleDownloadConfig);
foreach (SslCertBundle sslCertBundle in list)
{
sslSocket.m_bundleSettings.bundle = sslCertBundle;
certValidationResult = SslSocket.IsServerCertificateValid(sender, certificate, chain, sslPolicyErrors);
if (certValidationResult == SslSocket.CertValidationResult.OK)
{
FileUtil.StoreToDrive(sslCertBundle.CertBundleBytes, SslSocket.GetBundleStoragePath(), true, true);
break;
}
}
}
return(certValidationResult == SslSocket.CertValidationResult.OK);
}
public void Update()
{
SslSocket.Process();
object connectionEvents = this.m_connectionEvents;
lock (connectionEvents)
{
foreach (SslClientConnection.ConnectionEvent connectionEvent in this.m_connectionEvents)
{
SslClientConnection.ConnectionEventTypes type = connectionEvent.Type;
if (type != SslClientConnection.ConnectionEventTypes.OnConnected)
{
if (type != SslClientConnection.ConnectionEventTypes.OnDisconnected)
{
if (type == SslClientConnection.ConnectionEventTypes.OnPacketCompleted)
{
for (int i = 0; i < this.m_listeners.Count; i++)
{
IClientConnectionListener <BattleNetPacket> clientConnectionListener = this.m_listeners[i];
object state = this.m_listenerStates[i];
clientConnectionListener.PacketReceived(connectionEvent.Packet, state);
}
}
}
else
{
if (connectionEvent.Error != BattleNetErrors.ERROR_OK)
{
this.Disconnect();
}
foreach (DisconnectHandler disconnectHandler in this.m_disconnectHandlers.ToArray())
{
disconnectHandler(connectionEvent.Error);
}
}
}
else
{
if (connectionEvent.Error != BattleNetErrors.ERROR_OK)
{
this.Disconnect();
this.m_connectionState = SslClientConnection.ConnectionState.ConnectionFailed;
}
else
{
this.m_connectionState = SslClientConnection.ConnectionState.Connected;
}
foreach (ConnectHandler connectHandler in this.m_connectHandlers.ToArray())
{
connectHandler(connectionEvent.Error);
}
}
}
this.m_connectionEvents.Clear();
}
if (this.m_sslSocket == null || this.m_connectionState != SslClientConnection.ConnectionState.Connected)
{
return;
}
while (this.m_outQueue.Count > 0)
{
if (this.OnlyOneSend && !this.m_sslSocket.m_canSend)
{
return;
}
BattleNetPacket packet = this.m_outQueue.Dequeue();
this.SendPacket(packet);
}
}
public void Update()
{
SslSocket.Process();
List <SslClientConnection.ConnectionEvent> connectionEvents = this.m_connectionEvents;
lock (connectionEvents)
{
using (List <SslClientConnection.ConnectionEvent> .Enumerator enumerator = this.m_connectionEvents.GetEnumerator())
{
while (enumerator.MoveNext())
{
SslClientConnection.ConnectionEvent current = enumerator.get_Current();
switch (current.Type)
{
case SslClientConnection.ConnectionEventTypes.OnConnected:
{
if (current.Error != BattleNetErrors.ERROR_OK)
{
this.Disconnect();
this.m_connectionState = SslClientConnection.ConnectionState.ConnectionFailed;
}
else
{
this.m_connectionState = SslClientConnection.ConnectionState.Connected;
}
ConnectHandler[] array = this.m_connectHandlers.ToArray();
for (int i = 0; i < array.Length; i++)
{
ConnectHandler connectHandler = array[i];
connectHandler(current.Error);
}
break;
}
case SslClientConnection.ConnectionEventTypes.OnDisconnected:
{
if (current.Error != BattleNetErrors.ERROR_OK)
{
this.Disconnect();
}
DisconnectHandler[] array2 = this.m_disconnectHandlers.ToArray();
for (int j = 0; j < array2.Length; j++)
{
DisconnectHandler disconnectHandler = array2[j];
disconnectHandler(current.Error);
}
break;
}
case SslClientConnection.ConnectionEventTypes.OnPacketCompleted:
for (int k = 0; k < this.m_listeners.get_Count(); k++)
{
IClientConnectionListener <BattleNetPacket> clientConnectionListener = this.m_listeners.get_Item(k);
object state = this.m_listenerStates.get_Item(k);
clientConnectionListener.PacketReceived(current.Packet, state);
}
break;
}
}
}
this.m_connectionEvents.Clear();
}
if (this.m_sslSocket == null || this.m_connectionState != SslClientConnection.ConnectionState.Connected)
{
return;
}
while (this.m_outQueue.get_Count() > 0)
{
if (this.OnlyOneSend && !this.m_sslSocket.m_canSend)
{
return;
}
BattleNetPacket packet = this.m_outQueue.Dequeue();
this.SendPacket(packet);
}
}
private static SslSocket.CertValidationResult IsServerCertificateValid(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
SslSocket.CertValidationResult certValidationResult;
string str;
SslStream sslStream = (SslStream)sender;
SslSocket mSslSocket = SslSocket.s_streamValidationContexts[sslStream].m_sslSocket;
SslCertBundleSettings mBundleSettings = mSslSocket.m_bundleSettings;
if (mBundleSettings.bundle == null || !mBundleSettings.bundle.IsUsingCertBundle)
{
return(SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
}
List <string> commonNamesFromCertSubject = SslSocket.GetCommonNamesFromCertSubject(certificate.Subject);
SslSocket.BundleInfo bundleInfo = new SslSocket.BundleInfo();
byte[] certBundleBytes = mBundleSettings.bundle.CertBundleBytes;
if (mBundleSettings.bundle.isCertBundleSigned)
{
if (!SslSocket.VerifyBundleSignature(mBundleSettings.bundle.CertBundleBytes))
{
return(SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
}
certBundleBytes = SslSocket.GetUnsignedBundleBytes(mBundleSettings.bundle.CertBundleBytes);
}
if (!SslSocket.GetBundleInfo(certBundleBytes, out bundleInfo))
{
return(SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
}
bool flag = false;
byte[] publicKey = certificate.GetPublicKey();
foreach (string str1 in commonNamesFromCertSubject)
{
if (!SslSocket.IsWhitelistedInCertBundle(bundleInfo, str1, publicKey))
{
continue;
}
flag = true;
break;
}
if (!flag)
{
return(SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
}
bool flag1 = SslSocket.IsCertSignedByBlizzard(certificate);
bool runtimeEnvironment = BattleNet.Client().GetRuntimeEnvironment() == constants.RuntimeEnvironment.Mono;
bool flag2 = (flag1 || !runtimeEnvironment ? false : chain.ChainElements.Count == 1);
try
{
if (sslPolicyErrors != SslPolicyErrors.None)
{
SslPolicyErrors sslPolicyError = (flag1 || flag2 ? SslPolicyErrors.RemoteCertificateNotAvailable | SslPolicyErrors.RemoteCertificateChainErrors : SslPolicyErrors.None);
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) != SslPolicyErrors.None && mSslSocket.m_connection.MatchSslCertName(commonNamesFromCertSubject))
{
sslPolicyError |= SslPolicyErrors.RemoteCertificateNameMismatch;
}
if ((sslPolicyErrors & ~sslPolicyError) != SslPolicyErrors.None)
{
SslSocket.s_log.LogWarning("Failed policy check. sslPolicyErrors: {0}, expectedPolicyErrors: {1}", new object[] { sslPolicyErrors, sslPolicyError });
certValidationResult = SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE;
return(certValidationResult);
}
}
if (chain.ChainElements != null)
{
X509ChainElementEnumerator enumerator = chain.ChainElements.GetEnumerator();
while (enumerator.MoveNext())
{
X509ChainElement current = enumerator.Current;
SslSocket.s_log.LogDebug("Certificate Thumbprint: {0}", new object[] { current.Certificate.Thumbprint });
X509ChainStatus[] chainElementStatus = current.ChainElementStatus;
for (int i = 0; i < (int)chainElementStatus.Length; i++)
{
X509ChainStatus x509ChainStatu = chainElementStatus[i];
SslSocket.s_log.LogDebug(" Certificate Status: {0}", new object[] { x509ChainStatu.Status });
}
}
bool flag3 = false;
if (flag1)
{
if (chain.ChainElements.Count == 1)
{
chain.ChainPolicy.ExtraStore.Add(SslSocket.s_rootCertificate);
chain.Build(new X509Certificate2(certificate));
flag3 = true;
}
}
else if (flag2 && bundleInfo.bundleCerts != null)
{
foreach (X509Certificate2 bundleCert in bundleInfo.bundleCerts)
{
chain.ChainPolicy.ExtraStore.Add(bundleCert);
}
chain.Build(new X509Certificate2(certificate));
flag3 = true;
}
int num = 0;
while (num < chain.ChainElements.Count)
{
if (chain.ChainElements[num] != null)
{
num++;
}
else
{
SslSocket.s_log.LogWarning(string.Concat("ChainElements[", num, "] is null"));
certValidationResult = (!flag3 ? SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE : SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
return(certValidationResult);
}
}
if (flag1)
{
str = (BattleNet.Client().GetMobileEnvironment() != constants.MobileEnv.PRODUCTION ? "C0805E3CF51F1A56CE9E6E35CB4F4901B68128B7" : "673D9D1072B625CAD95CB47BF0F0F512233E39FD");
if (chain.ChainElements[1].Certificate.Thumbprint != str)
{
SslSocket.s_log.LogWarning("Root certificate thumb print check failure");
SslSocket.s_log.LogWarning(" expected: {0}", new object[] { str });
SslSocket.s_log.LogWarning(" received: {0}", new object[] { chain.ChainElements[1].Certificate.Thumbprint });
certValidationResult = (!flag3 ? SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE : SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
return(certValidationResult);
}
}
int num1 = 0;
while (num1 < chain.ChainElements.Count)
{
if (DateTime.Now <= chain.ChainElements[num1].Certificate.NotAfter)
{
num1++;
}
else
{
SslSocket.s_log.LogWarning(string.Concat("ChainElements[", num1, "] certificate is expired."));
certValidationResult = (!flag3 ? SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE : SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
return(certValidationResult);
}
}
X509ChainElementEnumerator x509ChainElementEnumerator = chain.ChainElements.GetEnumerator();
while (x509ChainElementEnumerator.MoveNext())
{
X509ChainStatus[] x509ChainStatusArray = x509ChainElementEnumerator.Current.ChainElementStatus;
int num2 = 0;
while (num2 < (int)x509ChainStatusArray.Length)
{
X509ChainStatus x509ChainStatu1 = x509ChainStatusArray[num2];
if ((flag1 || flag3) && x509ChainStatu1.Status == X509ChainStatusFlags.UntrustedRoot)
{
num2++;
}
else
{
SslSocket.s_log.LogWarning("Found unexpected chain error={0}.", new object[] { x509ChainStatu1.Status });
certValidationResult = (!flag3 ? SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE : SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
return(certValidationResult);
}
}
}
X509Certificate2 x509Certificate2 = new X509Certificate2(chain.ChainElements[0].Certificate);
SslSocket.s_log.LogDebug("Received valid certificate from FRONT >");
SslSocket.s_log.LogDebug(" Subject: {0}", new object[] { x509Certificate2.Subject });
SslSocket.s_log.LogDebug(" Issuer: {0}", new object[] { x509Certificate2.Issuer });
SslSocket.s_log.LogDebug(" Version: {0}", new object[] { x509Certificate2.Version });
SslSocket.s_log.LogDebug(" Valid Date: {0}", new object[] { x509Certificate2.NotBefore });
SslSocket.s_log.LogDebug(" Expiry Date: {0}", new object[] { x509Certificate2.NotAfter });
SslSocket.s_log.LogDebug(" Thumbprint: {0}", new object[] { x509Certificate2.Thumbprint });
SslSocket.s_log.LogDebug(" Serial Number: {0}", new object[] { x509Certificate2.SerialNumber });
SslSocket.s_log.LogDebug(" Friendly Name: {0}", new object[] { x509Certificate2.FriendlyName });
SslSocket.s_log.LogDebug(" Public Key Format: {0}", new object[] { x509Certificate2.PublicKey.EncodedKeyValue.Format(true) });
SslSocket.s_log.LogDebug(" Raw Data Length: {0}", new object[] { (int)x509Certificate2.RawData.Length });
SslSocket.s_log.LogDebug(" CN: {0}", new object[] { x509Certificate2.GetNameInfo(X509NameType.DnsName, false) });
return(SslSocket.CertValidationResult.OK);
}
else
{
SslSocket.s_log.LogWarning("ChainElements is null");
certValidationResult = SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE;
}
}
catch (Exception exception)
{
SslSocket.s_log.LogWarning("Exception while trying to validate certificate. {0}", new object[] { exception });
certValidationResult = SslSocket.CertValidationResult.FAILED_CERT_BUNDLE;
}
return(certValidationResult);
}
public void Update()
{
SslSocket.Process();
object mConnectionEvents = this.m_connectionEvents;
Monitor.Enter(mConnectionEvents);
try
{
foreach (SslClientConnection.ConnectionEvent mConnectionEvent in this.m_connectionEvents)
{
SslClientConnection.ConnectionEventTypes type = mConnectionEvent.Type;
if (type == SslClientConnection.ConnectionEventTypes.OnConnected)
{
if (mConnectionEvent.Error == BattleNetErrors.ERROR_OK)
{
this.m_connectionState = SslClientConnection.ConnectionState.Connected;
}
else
{
this.Disconnect();
this.m_connectionState = SslClientConnection.ConnectionState.ConnectionFailed;
}
ConnectHandler[] array = this.m_connectHandlers.ToArray();
for (int i = 0; i < (int)array.Length; i++)
{
array[i](mConnectionEvent.Error);
}
}
else if (type == SslClientConnection.ConnectionEventTypes.OnDisconnected)
{
if (mConnectionEvent.Error != BattleNetErrors.ERROR_OK)
{
this.Disconnect();
}
DisconnectHandler[] disconnectHandlerArray = this.m_disconnectHandlers.ToArray();
for (int j = 0; j < (int)disconnectHandlerArray.Length; j++)
{
disconnectHandlerArray[j](mConnectionEvent.Error);
}
}
else if (type == SslClientConnection.ConnectionEventTypes.OnPacketCompleted)
{
for (int k = 0; k < this.m_listeners.Count; k++)
{
IClientConnectionListener <BattleNetPacket> item = this.m_listeners[k];
object obj = this.m_listenerStates[k];
item.PacketReceived(mConnectionEvent.Packet, obj);
}
}
}
this.m_connectionEvents.Clear();
}
finally
{
Monitor.Exit(mConnectionEvents);
}
if (this.m_sslSocket == null || this.m_connectionState != SslClientConnection.ConnectionState.Connected)
{
return;
}
while (this.m_outQueue.Count > 0)
{
if (this.OnlyOneSend && !this.m_sslSocket.m_canSend)
{
return;
}
this.SendPacket(this.m_outQueue.Dequeue());
}
}
private static SslSocket.CertValidationResult IsServerCertificateValid(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
SslStream key = (SslStream)sender;
SslSocket.SslStreamValidateContext sslStreamValidateContext = SslSocket.s_streamValidationContexts[key];
SslSocket sslSocket = sslStreamValidateContext.m_sslSocket;
SslCertBundleSettings bundleSettings = sslSocket.m_bundleSettings;
if (bundleSettings.bundle == null || !bundleSettings.bundle.IsUsingCertBundle)
{
return(SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
}
List <string> commonNamesFromCertSubject = SslSocket.GetCommonNamesFromCertSubject(certificate.Subject);
SslSocket.BundleInfo bundleInfo = default(SslSocket.BundleInfo);
byte[] unsignedBundleBytes = bundleSettings.bundle.CertBundleBytes;
if (bundleSettings.bundle.isCertBundleSigned)
{
if (!SslSocket.VerifyBundleSignature(bundleSettings.bundle.CertBundleBytes))
{
return(SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
}
unsignedBundleBytes = SslSocket.GetUnsignedBundleBytes(bundleSettings.bundle.CertBundleBytes);
}
if (!SslSocket.GetBundleInfo(unsignedBundleBytes, out bundleInfo))
{
return(SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
}
bool flag = false;
byte[] publicKey = certificate.GetPublicKey();
foreach (string uri in commonNamesFromCertSubject)
{
if (SslSocket.IsWhitelistedInCertBundle(bundleInfo, uri, publicKey))
{
flag = true;
break;
}
}
if (!flag)
{
return(SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
}
bool flag2 = SslSocket.IsCertSignedByBlizzard(certificate);
bool flag3 = BattleNet.Client().GetRuntimeEnvironment() == constants.RuntimeEnvironment.Mono;
bool flag4 = !flag2 && flag3 && chain.ChainElements.Count == 1;
try
{
if (sslPolicyErrors != SslPolicyErrors.None)
{
SslPolicyErrors sslPolicyErrors2 = (!flag2 && !flag4) ? SslPolicyErrors.None : (SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNotAvailable);
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) != SslPolicyErrors.None && sslSocket.m_connection.MatchSslCertName(commonNamesFromCertSubject))
{
sslPolicyErrors2 |= SslPolicyErrors.RemoteCertificateNameMismatch;
}
if ((sslPolicyErrors & ~(sslPolicyErrors2 != SslPolicyErrors.None)) != SslPolicyErrors.None)
{
SslSocket.s_log.LogWarning("Failed policy check. sslPolicyErrors: {0}, expectedPolicyErrors: {1}", new object[]
{
sslPolicyErrors,
sslPolicyErrors2
});
return(SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE);
}
}
if (chain.ChainElements == null)
{
SslSocket.s_log.LogWarning("ChainElements is null");
return(SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE);
}
foreach (X509ChainElement x509ChainElement in chain.ChainElements)
{
SslSocket.s_log.LogDebug("Certificate Thumbprint: {0}", new object[]
{
x509ChainElement.Certificate.Thumbprint
});
foreach (X509ChainStatus x509ChainStatus in x509ChainElement.ChainElementStatus)
{
SslSocket.s_log.LogDebug(" Certificate Status: {0}", new object[]
{
x509ChainStatus.Status
});
}
}
bool flag5 = false;
if (flag2)
{
if (chain.ChainElements.Count == 1)
{
chain.ChainPolicy.ExtraStore.Add(SslSocket.s_rootCertificate);
chain.Build(new X509Certificate2(certificate));
flag5 = true;
}
}
else if (flag4 && bundleInfo.bundleCerts != null)
{
foreach (X509Certificate2 certificate2 in bundleInfo.bundleCerts)
{
chain.ChainPolicy.ExtraStore.Add(certificate2);
}
chain.Build(new X509Certificate2(certificate));
flag5 = true;
}
for (int j = 0; j < chain.ChainElements.Count; j++)
{
if (chain.ChainElements[j] == null)
{
SslSocket.s_log.LogWarning("ChainElements[" + j + "] is null");
return((!flag5) ? SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE : SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
}
}
if (flag2)
{
string text;
if (BattleNet.Client().GetMobileEnvironment() == constants.MobileEnv.PRODUCTION)
{
text = "673D9D1072B625CAD95CB47BF0F0F512233E39FD";
}
else
{
text = "C0805E3CF51F1A56CE9E6E35CB4F4901B68128B7";
}
if (chain.ChainElements[1].Certificate.Thumbprint != text)
{
SslSocket.s_log.LogWarning("Root certificate thumb print check failure");
SslSocket.s_log.LogWarning(" expected: {0}", new object[]
{
text
});
SslSocket.s_log.LogWarning(" received: {0}", new object[]
{
chain.ChainElements[1].Certificate.Thumbprint
});
return((!flag5) ? SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE : SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
}
}
for (int k = 0; k < chain.ChainElements.Count; k++)
{
if (DateTime.Now > chain.ChainElements[k].Certificate.NotAfter)
{
SslSocket.s_log.LogWarning("ChainElements[" + k + "] certificate is expired.");
return((!flag5) ? SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE : SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
}
}
foreach (X509ChainElement x509ChainElement2 in chain.ChainElements)
{
foreach (X509ChainStatus x509ChainStatus2 in x509ChainElement2.ChainElementStatus)
{
if ((!flag2 && !flag5) || x509ChainStatus2.Status != X509ChainStatusFlags.UntrustedRoot)
{
SslSocket.s_log.LogWarning("Found unexpected chain error={0}.", new object[]
{
x509ChainStatus2.Status
});
return((!flag5) ? SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE : SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
}
}
}
X509Certificate2 x509Certificate = new X509Certificate2(chain.ChainElements[0].Certificate);
SslSocket.s_log.LogDebug("Received valid certificate from FRONT >");
SslSocket.s_log.LogDebug(" Subject: {0}", new object[]
{
x509Certificate.Subject
});
SslSocket.s_log.LogDebug(" Issuer: {0}", new object[]
{
x509Certificate.Issuer
});
SslSocket.s_log.LogDebug(" Version: {0}", new object[]
{
x509Certificate.Version
});
SslSocket.s_log.LogDebug(" Valid Date: {0}", new object[]
{
x509Certificate.NotBefore
});
SslSocket.s_log.LogDebug(" Expiry Date: {0}", new object[]
{
x509Certificate.NotAfter
});
SslSocket.s_log.LogDebug(" Thumbprint: {0}", new object[]
{
x509Certificate.Thumbprint
});
SslSocket.s_log.LogDebug(" Serial Number: {0}", new object[]
{
x509Certificate.SerialNumber
});
SslSocket.s_log.LogDebug(" Friendly Name: {0}", new object[]
{
x509Certificate.FriendlyName
});
SslSocket.s_log.LogDebug(" Public Key Format: {0}", new object[]
{
x509Certificate.PublicKey.EncodedKeyValue.Format(true)
});
SslSocket.s_log.LogDebug(" Raw Data Length: {0}", new object[]
{
x509Certificate.RawData.Length
});
SslSocket.s_log.LogDebug(" CN: {0}", new object[]
{
x509Certificate.GetNameInfo(X509NameType.DnsName, false)
});
}
catch (Exception ex)
{
SslSocket.s_log.LogWarning("Exception while trying to validate certificate. {0}", new object[]
{
ex
});
return(SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
}
return(SslSocket.CertValidationResult.OK);
}
