public SslClientStream(
Stream stream,
string targetHost,
System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates)
: this(stream, targetHost, false, SecurityProtocolType.Default, clientCertificates)
{
}
internal System.Security.Cryptography.X509Certificates.X509Certificate RaiseClientCertificateSelection(
System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates,
System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate,
string targetHost,
System.Security.Cryptography.X509Certificates.X509CertificateCollection serverRequestedCertificates)
{
return(this.RaiseLocalCertificateSelection(clientCertificates, serverCertificate, targetHost, serverRequestedCertificates));
}
internal System.Security.Cryptography.X509Certificates.X509Certificate RaiseLocalCertificateSelection(
System.Security.Cryptography.X509Certificates.X509CertificateCollection certificates,
System.Security.Cryptography.X509Certificates.X509Certificate remoteCertificate,
string targetHost,
System.Security.Cryptography.X509Certificates.X509CertificateCollection requestedCertificates)
{
return(this.OnLocalCertificateSelection(certificates, remoteCertificate, targetHost, requestedCertificates));
}
internal override System.Security.Cryptography.X509Certificates.X509Certificate OnLocalCertificateSelection(
System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates,
System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate,
string targetHost,
System.Security.Cryptography.X509Certificates.X509CertificateCollection serverRequestedCertificates)
{
throw new NotSupportedException();
}
internal override System.Security.Cryptography.X509Certificates.X509Certificate OnLocalCertificateSelection(
System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates,
System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate,
string targetHost,
System.Security.Cryptography.X509Certificates.X509CertificateCollection serverRequestedCertificates)
{
return(this._ClientCertSelection != null?this._ClientCertSelection(clientCertificates, serverCertificate, targetHost, serverRequestedCertificates) : (System.Security.Cryptography.X509Certificates.X509Certificate)null);
}
public SslHandShake(string hostName, System.Security.Authentication.SslProtocols sslProtocol, System.Net.Security.RemoteCertificateValidationCallback serverCallback, System.Net.Security.LocalCertificateSelectionCallback clientCallback, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, bool checkRevocation)
{
_hostName = hostName;
_sslProtocol = sslProtocol;
_serverCallback = serverCallback;
_clientCallback = clientCallback;
_clientCertificates = clientCertificates;
_checkRevocation = checkRevocation;
}
//
// Summary:
// Selects the local Secure Sockets Layer (SSL) certificate used for authentication.
//
// Parameters:
// sender:
// An object that contains state information for this validation.
//
// targetHost:
// The host server specified by the client.
//
// localCertificates:
// An System.Security.Cryptography.X509Certificates.X509CertificateCollection containing
// local certificates.
//
// remoteCertificate:
// The certificate used to authenticate the remote party.
//
// acceptableIssuers:
// A System.String array of certificate issuers acceptable to the remote party.
//
// Returns:
// An System.Security.Cryptography.X509Certificates.X509Certificate used for establishing
// an SSL connection.
public static System.Security.Cryptography.X509Certificates.X509Certificate My(
object sender,
string targetHost,
System.Security.Cryptography.X509Certificates.X509CertificateCollection localCertificates,
System.Security.Cryptography.X509Certificates.X509Certificate remoteCertificate,
string[] acceptableIssuers)
{
System.Console.WriteLine(targetHost);
return(cert);
}
internal static async Task AuthenticateAsClientAsync(this System.Net.Security.SslStream source,
string targetHost,
System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates,
System.Security.Authentication.SslProtocols enabledSslProtocols,
bool checkCertificateRevocation)
{
await Task.Factory.FromAsync(
(c, s) => source.BeginAuthenticateAsClient(targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation, c, s),
(r) => source.EndAuthenticateAsClient(r),
null).ConfigureAwait(false);
}
public static SecTrustResult TrustEvaluateSsl(XX509CertificateCollection certificates, XX509CertificateCollection anchors, string host)
{
if (certificates == null)
{
return(SecTrustResult.Deny);
}
try {
return(_TrustEvaluateSsl(certificates, anchors, host));
} catch {
return(SecTrustResult.Deny);
}
}
public AuthenticateAsyncState(
System.Net.Security.SslStream stream,
String targetHost,
System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates,
System.Security.Authentication.SslProtocols enabledSslProtocols,
Boolean checkCertificateRevocation
)
{
this.Stream = stream;
this.TargetHost = targetHost;
this.ClientCertificates = clientCertificates;
this.EnabledSslProtocols = enabledSslProtocols;
this.CheckCertificateRevocation = checkCertificateRevocation;
}
/// <todo />
public static Task AuthenticateAsClientAsync(
this System.Net.Security.SslStream stream,
String targetHost,
System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates,
System.Security.Authentication.SslProtocols enabledSslProtocols,
Boolean checkCertificateRevocation
)
{
var authArgs = new AuthenticateAsyncState(stream, targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation);
return(Task.Factory.FromAsync(
(aArgs, cb, state) => aArgs.Stream.BeginAuthenticateAsClient(aArgs.TargetHost, aArgs.ClientCertificates, aArgs.EnabledSslProtocols, aArgs.CheckCertificateRevocation, cb, state),
result => ((System.Net.Security.SslStream)result.AsyncState).EndAuthenticateAsClient(result),
authArgs,
stream
));
}
public RestRequest(HttpMethod method, RestUri uri)
{
RestUri = uri;
Headers = new WebHeaderCollection();
AllowAutoRedirect = true;
AuthenticationLevel = System.Net.Security.AuthenticationLevel.MutualAuthRequested;
AutomaticDecompression = DecompressionMethods.Deflate | DecompressionMethods.GZip;
CachePolicy = new HttpRequestCachePolicy(HttpRequestCacheLevel.NoCacheNoStore);
ClientCertificates = new System.Security.Cryptography.X509Certificates.X509CertificateCollection();
CookieContainer = new System.Net.CookieContainer();
ContentType = ContentType.ApplicationX_WWW_Form_UrlEncoded;
MaximumAutomaticRedirections = 50;
TimeOut = TimeSpan.FromMinutes(6);
TcpKeepAliveTimeOut = TimeSpan.FromHours(2);
UserAgent = "Resty.Net-RestRequest";
Method = method;
}
public SslClientStream(
Stream stream,
string targetHost,
bool ownsStream,
SecurityProtocolType securityProtocolType,
System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates)
: base(stream, ownsStream)
{
switch (targetHost)
{
case "":
case null:
throw new ArgumentNullException("targetHost is null or an empty string.");
default:
this.context = (Context) new ClientContext(this, securityProtocolType, targetHost, clientCertificates);
this.protocol = (RecordProtocol) new ClientRecordProtocol(this.innerStream, (ClientContext)this.context);
break;
}
}
private static async Task <string> TestSslProtocol(string hostName, int port, SslProtocols p, string testDescription)
{
//Console.WriteLine($"P:{p}");
await Task.Yield();
var sb = new StringBuilder();
Stopwatch sw = Stopwatch.StartNew();
var actualProtocol = SslProtocols.None;
try
{
using (var socket = new Socket(SocketType.Stream, ProtocolType.Tcp))
{
socket.Connect(hostName, port);
var networkStream = new NetworkStream(socket, false);
var sslStream = new SslStream(networkStream);
var clientCerts = new System.Security.Cryptography.X509Certificates.X509CertificateCollection();
sslStream.AuthenticateAsClient(hostName, clientCerts, p, true);
actualProtocol = sslStream.SslProtocol;
sw.Stop();
sb.AppendLine($"{testDescription}: Allowed, Duration={sw.ElapsedMilliseconds}ms, Protocols Allowed: {p.ToStringExpanded()}, Protocol Used: {actualProtocol}");
sb.AppendLine($" Cipher: {sslStream.CipherAlgorithm}, strength {sslStream.CipherStrength} bits");
sb.AppendLine($" Hash: {sslStream.HashAlgorithm}, strength {sslStream.HashStrength} bits");
sb.AppendLine($" Key exchange: {sslStream.KeyExchangeAlgorithm}, strength {sslStream.KeyExchangeStrength} bits");
}
}
catch (Exception)
{
sb.AppendLine($"{testDescription}: BLOCKED, Duration={sw.ElapsedMilliseconds}ms, Protocols Attempted: {p.ToStringExpanded()}");
}
return(sb.ToString());
}
public X509CertificateCollection(System.Security.Cryptography.X509Certificates.X509CertificateCollection value)
{
}
/// <summary>
/// Extends BeginInvoke so that when a state object is not needed, null does not need to be passed.
/// <example>
/// localcertificateselectioncallback.BeginInvoke(sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers, callback);
/// </example>
/// </summary>
public static IAsyncResult BeginInvoke(this LocalCertificateSelectionCallback localcertificateselectioncallback, Object sender, String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection localCertificates, System.Security.Cryptography.X509Certificates.X509Certificate remoteCertificate, String[] acceptableIssuers, AsyncCallback callback)
{
if (localcertificateselectioncallback == null)
{
throw new ArgumentNullException("localcertificateselectioncallback");
}
return(localcertificateselectioncallback.BeginInvoke(sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers, callback, null));
}
public SslHandShake(string hostName, System.Security.Authentication.SslProtocols sslProtocol, System.Net.Security.RemoteCertificateValidationCallback serverCallback, System.Net.Security.LocalCertificateSelectionCallback clientCallback, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates) : this(hostName, sslProtocol, serverCallback, clientCallback, clientCertificates, false)
{
}
public virtual System.IAsyncResult BeginAuthenticateAsClient(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation, System.AsyncCallback asyncCallback, object asyncState)
{
throw null;
}
public void AddLookup(System.Security.Cryptography.X509Certificates.X509CertificateCollection certificates, Mono.Btls.Interface.BtlsX509TrustKind trust)
{
}
static SecTrustResult _TrustEvaluateSsl (XX509CertificateCollection certificates, XX509CertificateCollection anchors, string hostName)
{
int certCount = certificates.Count;
int anchorCount = anchors != null ? anchors.Count : 0;
IntPtr [] secCerts = new IntPtr [certCount];
IntPtr [] secCertAnchors = new IntPtr [anchorCount];
IntPtr certArray = IntPtr.Zero;
IntPtr anchorArray = IntPtr.Zero;
IntPtr sslsecpolicy = IntPtr.Zero;
IntPtr host = IntPtr.Zero;
IntPtr sectrust = IntPtr.Zero;
SecTrustResult result = SecTrustResult.Deny;
try {
for (int i = 0; i < certCount; i++) {
secCerts [i] = GetCertificate (certificates [i]);
if (secCerts [i] == IntPtr.Zero)
return SecTrustResult.Deny;
}
for (int i = 0; i < anchorCount; i++) {
secCertAnchors [i] = GetCertificate (anchors [i]);
if (secCertAnchors [i] == IntPtr.Zero)
return SecTrustResult.Deny;
}
certArray = FromIntPtrs (secCerts);
host = CFStringCreateWithCharacters (IntPtr.Zero, hostName, (IntPtr) hostName.Length);
sslsecpolicy = SecPolicyCreateSSL (true, host);
int code = SecTrustCreateWithCertificates (certArray, sslsecpolicy, out sectrust);
if (code != 0)
return SecTrustResult.Deny;
if (anchorCount > 0) {
anchorArray = FromIntPtrs (secCertAnchors);
SecTrustSetAnchorCertificates (sectrust, anchorArray);
}
code = SecTrustEvaluate (sectrust, out result);
return result;
} finally {
if (certArray != IntPtr.Zero)
CFRelease (certArray);
if (anchorArray != IntPtr.Zero)
CFRelease (anchorArray);
for (int i = 0; i < certCount; i++)
if (secCerts [i] != IntPtr.Zero)
CFRelease (secCerts [i]);
for (int i = 0; i < anchorCount; i++)
if (secCertAnchors [i] != IntPtr.Zero)
CFRelease (secCertAnchors [i]);
if (sslsecpolicy != IntPtr.Zero)
CFRelease (sslsecpolicy);
if (host != IntPtr.Zero)
CFRelease (host);
if (sectrust != IntPtr.Zero)
CFRelease (sectrust);
}
}
public virtual System.Threading.Tasks.Task AuthenticateAsClientAsync(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
throw null;
}
public RestRequestBuilder WithClientCertificates(System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates)
{
_request.ClientCertificates = clientCertificates;
return(this);
}
public ActionResult RedisCacheTLSTEsting()
{
//SSL level tls 1.0
try
{
// var hostName = "myredis.redis.cache.usgovcloudapi.net";
//var port = 6380;
var FQDN = ConfigurationManager.AppSettings["FQDNToTest"].ToString();
if (FQDN != null)
{
var hostName = Dns.GetHostEntry(ConfigurationManager.AppSettings["FQDNToTest"].ToString());
var hostIP = hostName.AddressList[0];
var port = ConfigurationManager.AppSettings["FQDNPortToTest"];
var socket = new Socket(SocketType.Stream, ProtocolType.Tcp);
var actualProtocol = SslProtocols.None;
//var protocols = new[] { SslProtocols.Ssl2, SslProtocols.Ssl3, SslProtocols.Tls, SslProtocols.Tls11, SslProtocols.Tls12
socket.Connect(hostIP, Int32.Parse(port));
var networkStream = new NetworkStream(socket, false);
var sslStream = new SslStream(networkStream);
var clientCerts = new System.Security.Cryptography.X509Certificates.X509CertificateCollection();
sslStream.AuthenticateAsClient(FQDN, clientCerts, SslProtocols.Tls, true);
actualProtocol = sslStream.SslProtocol;
ViewBag.ssltesttls1 = "Test Good";
ViewBag.ssltesttls1protocol = sslStream.SslProtocol.ToString();
ViewBag.ssltesttls1CipherAl = sslStream.CipherAlgorithm.ToString();
ViewBag.ssltesttls1CipherSt = sslStream.CipherStrength.ToString();
ViewBag.ssltesttls1HashAlg = sslStream.HashAlgorithm.ToString();
ViewBag.ssltesttls1HashStr = sslStream.HashStrength.ToString();
ViewBag.ssltesttls1KeyExAl = sslStream.KeyExchangeAlgorithm.ToString();
ViewBag.ssltesttls1KeyExSt = sslStream.KeyExchangeStrength.ToString();
}
else
{
ViewBag.ssltesttls1 = "Connection not found";
}
}
catch (Exception)
{
ViewBag.ssltesttls1 = "Test Bad";
}
//SSL LEVEL tls 1.0
//SSL level tls 1.1
try
{
var FQDN = ConfigurationManager.AppSettings["FQDNToTest"].ToString();
if (FQDN != null)
{
var hostName = Dns.GetHostEntry(ConfigurationManager.AppSettings["FQDNToTest"].ToString());
var hostIP = hostName.AddressList[0];
var port = ConfigurationManager.AppSettings["FQDNPortToTest"];
var socket = new Socket(SocketType.Stream, ProtocolType.Tcp);
var actualProtocol = SslProtocols.None;
socket.Connect(hostIP, Int32.Parse(port));
var networkStream = new NetworkStream(socket, false);
var sslStream = new SslStream(networkStream);
var clientCerts = new System.Security.Cryptography.X509Certificates.X509CertificateCollection();
sslStream.AuthenticateAsClient(FQDN, clientCerts, SslProtocols.Tls11, true);
actualProtocol = sslStream.SslProtocol;
ViewBag.ssltesttls11 = "Test Good";
ViewBag.ssltesttls11protocol = sslStream.SslProtocol.ToString();
ViewBag.ssltesttls11CipherAl = sslStream.CipherAlgorithm.ToString();
ViewBag.ssltesttls11CipherSt = sslStream.CipherStrength.ToString();
ViewBag.ssltesttls11HashAlg = sslStream.HashAlgorithm.ToString();
ViewBag.ssltesttls11HashStr = sslStream.HashStrength.ToString();
ViewBag.ssltesttls11KeyExAl = sslStream.KeyExchangeAlgorithm.ToString();
ViewBag.ssltesttls11KeyExSt = sslStream.KeyExchangeStrength.ToString();
}
else
{
ViewBag.ssltesttls11 = "Connection not found";
}
}
catch (Exception)
{
ViewBag.ssltesttls11 = "Test Bad";
}
//SSL LEVEL tls 1.1
//SSL level tls 1.2
try
{
var FQDN = ConfigurationManager.AppSettings["FQDNToTest"].ToString();
if (FQDN != null)
{
var hostName = Dns.GetHostEntry(ConfigurationManager.AppSettings["FQDNToTest"].ToString());
var hostIP = hostName.AddressList[0];
var port = ConfigurationManager.AppSettings["FQDNPortToTest"];
var socket = new Socket(SocketType.Stream, ProtocolType.Tcp);
var actualProtocol = SslProtocols.None;
//var protocols = new[] { SslProtocols.Ssl2, SslProtocols.Ssl3, SslProtocols.Tls, SslProtocols.Tls11, SslProtocols.Tls12
socket.Connect(hostIP, Int32.Parse(port));
var networkStream = new NetworkStream(socket, false);
var sslStream = new SslStream(networkStream);
var clientCerts = new System.Security.Cryptography.X509Certificates.X509CertificateCollection();
sslStream.AuthenticateAsClient(FQDN, clientCerts, SslProtocols.Tls12, true);
actualProtocol = sslStream.SslProtocol;
ViewBag.ssltesttls12 = "Test Good";
ViewBag.ssltesttls12protocol = sslStream.SslProtocol.ToString();
ViewBag.ssltesttls12CipherAl = sslStream.CipherAlgorithm.ToString();
ViewBag.ssltesttls12CipherSt = sslStream.CipherStrength.ToString();
ViewBag.ssltesttls12HashAlg = sslStream.HashAlgorithm.ToString();
ViewBag.ssltesttls12HashStr = sslStream.HashStrength.ToString();
ViewBag.ssltesttls12KeyExAl = sslStream.KeyExchangeAlgorithm.ToString();
ViewBag.ssltesttls12KeyExSt = sslStream.KeyExchangeStrength.ToString();
}
else
{
ViewBag.ssltesttls12 = "Connection not found";
}
}
catch (Exception)
{
ViewBag.ssltesttls12 = "Test Bad";
}
//SSL LEVEL tls 1.2
return(View());
}
public static Task AuthenticateAsClientAsync(this SslStream stream, string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
var t = Tuple.Create(targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation, stream);
return(Task.Factory.FromAsync((callback, state) => {
var d = (Tuple <string, X509CertificateCollection, SslProtocols, bool, SslStream>)state;
return d.Item5.BeginAuthenticateAsClient(d.Item1, d.Item2, d.Item3, d.Item4, callback, null);
}, stream.EndAuthenticateAsClient, t));
}
protected override void SetCertificates(MyFileProxy proxy, System.Security.Cryptography.X509Certificates.X509CertificateCollection certifcates)
{
throw new NotImplementedException();
}
public virtual new IAsyncResult BeginAuthenticateAsClient(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, Object asyncState)
{
return(default(IAsyncResult));
}
static SecTrustResult _TrustEvaluateSsl(XX509CertificateCollection certificates, XX509CertificateCollection anchors, string hostName)
{
int certCount = certificates.Count;
int anchorCount = anchors != null ? anchors.Count : 0;
IntPtr [] secCerts = new IntPtr [certCount];
IntPtr [] secCertAnchors = new IntPtr [anchorCount];
IntPtr certArray = IntPtr.Zero;
IntPtr anchorArray = IntPtr.Zero;
IntPtr sslsecpolicy = IntPtr.Zero;
IntPtr host = IntPtr.Zero;
IntPtr sectrust = IntPtr.Zero;
SecTrustResult result = SecTrustResult.Deny;
try {
for (int i = 0; i < certCount; i++)
{
secCerts [i] = GetCertificate(certificates [i]);
if (secCerts [i] == IntPtr.Zero)
{
return(SecTrustResult.Deny);
}
}
for (int i = 0; i < anchorCount; i++)
{
secCertAnchors [i] = GetCertificate(anchors [i]);
if (secCertAnchors [i] == IntPtr.Zero)
{
return(SecTrustResult.Deny);
}
}
certArray = FromIntPtrs(secCerts);
if (!string.IsNullOrEmpty(hostName))
{
host = CFStringCreateWithCharacters(IntPtr.Zero, hostName, (IntPtr)hostName.Length);
}
sslsecpolicy = SecPolicyCreateSSL(true, host);
int code = SecTrustCreateWithCertificates(certArray, sslsecpolicy, out sectrust);
if (code != 0)
{
return(SecTrustResult.Deny);
}
if (anchorCount > 0)
{
anchorArray = FromIntPtrs(secCertAnchors);
SecTrustSetAnchorCertificates(sectrust, anchorArray);
}
code = SecTrustEvaluate(sectrust, out result);
return(result);
} finally {
if (certArray != IntPtr.Zero)
{
CFRelease(certArray);
}
if (anchorArray != IntPtr.Zero)
{
CFRelease(anchorArray);
}
for (int i = 0; i < certCount; i++)
{
if (secCerts [i] != IntPtr.Zero)
{
CFRelease(secCerts [i]);
}
}
for (int i = 0; i < anchorCount; i++)
{
if (secCertAnchors [i] != IntPtr.Zero)
{
CFRelease(secCertAnchors [i]);
}
}
if (sslsecpolicy != IntPtr.Zero)
{
CFRelease(sslsecpolicy);
}
if (host != IntPtr.Zero)
{
CFRelease(host);
}
if (sectrust != IntPtr.Zero)
{
CFRelease(sectrust);
}
}
}
private void validateCertificates(Mono.Security.X509.X509CertificateCollection certificates)
{
ServerContext context = (ServerContext)this.Context;
AlertDescription description = AlertDescription.BadCertificate;
System.Security.Cryptography.X509Certificates.X509Certificate certificate1 = (System.Security.Cryptography.X509Certificates.X509Certificate)null;
int[] certificateErrors;
if (certificates.Count > 0)
{
Mono.Security.X509.X509Certificate certificate2 = certificates[0];
ArrayList arrayList = new ArrayList();
if (!this.checkCertificateUsage(certificate2))
{
arrayList.Add((object)-2146762490);
}
Mono.Security.X509.X509Chain x509Chain;
if (certificates.Count > 1)
{
Mono.Security.X509.X509CertificateCollection chain = new Mono.Security.X509.X509CertificateCollection(certificates);
chain.Remove(certificate2);
x509Chain = new Mono.Security.X509.X509Chain(chain);
}
else
{
x509Chain = new Mono.Security.X509.X509Chain();
}
bool flag;
try
{
flag = x509Chain.Build(certificate2);
}
catch (Exception)
{
flag = false;
}
if (!flag)
{
switch (x509Chain.Status)
{
case Mono.Security.X509.X509ChainStatusFlags.NotTimeValid:
description = AlertDescription.CertificateExpired;
arrayList.Add((object)-2146762495);
break;
case Mono.Security.X509.X509ChainStatusFlags.NotTimeNested:
arrayList.Add((object)-2146762494);
break;
case Mono.Security.X509.X509ChainStatusFlags.NotSignatureValid:
arrayList.Add((object)-2146869232);
break;
case Mono.Security.X509.X509ChainStatusFlags.UntrustedRoot:
description = AlertDescription.UnknownCA;
arrayList.Add((object)-2146762487);
break;
case Mono.Security.X509.X509ChainStatusFlags.InvalidBasicConstraints:
arrayList.Add((object)-2146869223);
break;
case Mono.Security.X509.X509ChainStatusFlags.PartialChain:
description = AlertDescription.UnknownCA;
arrayList.Add((object)-2146762486);
break;
default:
description = AlertDescription.CertificateUnknown;
arrayList.Add((object)(int)x509Chain.Status);
break;
}
}
certificate1 = new System.Security.Cryptography.X509Certificates.X509Certificate(certificate2.RawData);
certificateErrors = (int[])arrayList.ToArray(typeof(int));
}
else
{
certificateErrors = new int[0];
}
System.Security.Cryptography.X509Certificates.X509CertificateCollection certificateCollection = new System.Security.Cryptography.X509Certificates.X509CertificateCollection();
foreach (Mono.Security.X509.X509Certificate certificate2 in certificates)
{
certificateCollection.Add(new System.Security.Cryptography.X509Certificates.X509Certificate(certificate2.RawData));
}
if (!context.SslStream.RaiseClientCertificateValidation(certificate1, certificateErrors))
{
throw new TlsException(description, "Invalid certificate received from client.");
}
this.Context.ClientSettings.ClientCertificate = certificate1;
}
public void AddRange(System.Security.Cryptography.X509Certificates.X509CertificateCollection value)
{
}
public virtual void AuthenticateAsClient(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
}
public X509CertificateEnumerator(System.Security.Cryptography.X509Certificates.X509CertificateCollection mappings)
{
}
public static SecTrustResult TrustEvaluateSsl (XX509CertificateCollection certificates, XX509CertificateCollection anchors, string host)
{
if (certificates == null)
return SecTrustResult.Deny;
try {
return _TrustEvaluateSsl (certificates, anchors, host);
} catch {
return SecTrustResult.Deny;
}
}
