Пример #1
0
        internal static bool ValidateServerCertificate(
            object sender,
            X509Certificate certificate,
            X509Chain chain,
            SslPolicyErrors sslPolicyErrors)
        {
            if (sslPolicyErrors == SslPolicyErrors.None)
            {
                log.Debug("SslPolicyErrors is set to None, exiting validation");
                return(true);
            }
            lock (CertificateValidationLock)
            {
                bool           AcceptCertificate = false;
                HttpWebRequest webreq            = (HttpWebRequest)sender;

                if (webreq.Address.Host == InvisibleMessages.ACTIVATION_SERVER)
                {
                    // Strict checking on the activation server certificate.
                    // Also, this ensures that it doesn't get added to the user settings
                    // through Settings.AddCertificate or Settings.ReplaceCertificate below.
                    log.Debug("SslPolicyErrors is set to None, exiting validation");
                    return(sslPolicyErrors == SslPolicyErrors.None);
                }

                //This allows to run tests without MainWindow
                if (Program.MainWindow == null)
                {
                    return(true);
                }

                foreach (KeyValuePair <string, string> kvp in Settings.KnownServers)
                {
                    if (kvp.Key != webreq.Address.Host)
                    {
                        continue;
                    }

                    if (kvp.Value == certificate.GetCertHashString())
                    {
                        return(true);
                    }
                    else if (!XenAdmin.Properties.Settings.Default.WarnChangedCertificate && Registry.AlwaysShowSSLCertificates == SSLCertificateTypes.None)
                    {
                        Settings.ReplaceCertificate(kvp.Key, certificate);
                        log.Debug("Updating cert silently");
                        return(true);
                    }
                    else
                    {
                        Program.Invoke(Program.MainWindow, delegate
                        {
                            CertificateChangedDialog dialog = new CertificateChangedDialog(certificate, webreq.Address.Host);
                            AcceptCertificate = dialog.ShowDialog(Program.MainWindow) == DialogResult.OK;
                        });
                        if (AcceptCertificate)
                        {
                            log.Debug("Updating cert after confirmation");
                        }
                        else
                        {
                            log.Debug("User rejected changed cert");
                        }
                        return(AcceptCertificate);
                    }
                }

                if (!XenAdmin.Properties.Settings.Default.WarnUnrecognizedCertificate && Registry.AlwaysShowSSLCertificates != SSLCertificateTypes.All)
                {
                    // user has chosen to ignore new certificates
                    Settings.AddCertificate(certificate, webreq.Address.Host);
                    log.Debug("Adding new cert silently");
                    return(true);
                }

                Program.Invoke(Program.MainWindow, delegate
                {
                    UnknownCertificateDialog dialog = new UnknownCertificateDialog(certificate, webreq.Address.Host);
                    AcceptCertificate = dialog.ShowDialog(Program.MainWindow) == DialogResult.OK;
                });
                if (AcceptCertificate)
                {
                    log.Debug("Adding cert after confirmation");
                }
                else
                {
                    log.Debug("User rejected new cert");
                }
                return(AcceptCertificate);
            }
        }
Пример #2
0
        internal static bool ValidateServerCertificate(
            object sender,
            X509Certificate certificate,
            X509Chain chain,
            SslPolicyErrors sslPolicyErrors)
        {
            if (sslPolicyErrors == SslPolicyErrors.None)
            {
                log.Debug("SslPolicyErrors is set to None, exiting validation");
                return(true);
            }
            lock (CertificateValidationLock)
            {
                bool           AcceptCertificate = false;
                HttpWebRequest webreq            = (HttpWebRequest)sender;

                //This allows to run tests without MainWindow
                if (Program.MainWindow == null)
                {
                    return(true);
                }

                foreach (KeyValuePair <string, string> kvp in Settings.KnownServers)
                {
                    if (kvp.Key != webreq.Address.Host)
                    {
                        continue;
                    }

                    if (kvp.Value == certificate.GetCertHashString())
                    {
                        return(true);
                    }
                    else if (!Properties.Settings.Default.WarnChangedCertificate && Registry.SSLCertificateTypes == SSLCertificateTypes.None)
                    {
                        Settings.ReplaceCertificate(kvp.Key, certificate);
                        log.Debug("Updating cert silently");
                        return(true);
                    }
                    else
                    {
                        Program.Invoke(Program.MainWindow, () =>
                        {
                            using (var dialog = new CertificateChangedDialog(certificate, webreq.Address.Host))
                                AcceptCertificate = dialog.ShowDialog(Program.MainWindow) == DialogResult.OK;
                        });

                        if (AcceptCertificate)
                        {
                            log.Debug("Updating cert after confirmation");
                        }
                        else
                        {
                            log.Debug("User rejected changed cert");
                        }
                        return(AcceptCertificate);
                    }
                }

                if (!Properties.Settings.Default.WarnUnrecognizedCertificate && Registry.SSLCertificateTypes != SSLCertificateTypes.All)
                {
                    // user has chosen to ignore new certificates
                    Settings.AddCertificate(certificate, webreq.Address.Host);
                    log.Debug("Adding new cert silently");
                    return(true);
                }

                Program.Invoke(Program.MainWindow, () =>
                {
                    using (var dialog = new UnknownCertificateDialog(certificate, webreq.Address.Host))
                        AcceptCertificate = dialog.ShowDialog(Program.MainWindow) == DialogResult.OK;
                });

                if (AcceptCertificate)
                {
                    log.Debug("Adding cert after confirmation");
                }
                else
                {
                    log.Debug("User rejected new cert");
                }
                return(AcceptCertificate);
            }
        }