Пример #1
1
        // Initialize all of the default certificates and protocols
        public SslServer()
        {
            // Initialize the Socket
            serverSocketType = SocketType.Stream;
            serverProtocolType = ProtocolType.Tcp;

            if (Microsoft.SPOT.Hardware.SystemInfo.SystemID.SKU == 3)
            {
                cert = new X509Certificate(CertificatesAndCAs.emuCert, "NetMF");
                ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caEmuCert) };
            }
            else
            {
                // Initialize the SslStream
                cert = new X509Certificate(CertificatesAndCAs.newCert);
                ca = new X509Certificate[] { new X509Certificate(CertificatesAndCAs.caCert) };
            }
            verify = SslVerification.NoVerification;
            sslProtocols = new SslProtocols[] { SslProtocols.Default };

            // Create a TCP/IP (IPv4) socket and listen for incoming connections.
            serverSocket = new Socket(AddressFamily.InterNetwork, serverSocketType, serverProtocolType);
            serverSocket.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.Linger, false);

            serverSocket.Bind(new IPEndPoint(IPAddress.Loopback, 0));
            serverEp = (IPEndPoint)serverSocket.LocalEndPoint;

            Debug.Print("Listening for a client to connect...");
            serverSocket.Listen(1);
        }
Пример #2
0
 // The GitHub SSL certificate is corrupt, or something? Who cares.
 public static bool Validator(
     object sender, X509Certificate certificate,
     X509Chain chain, SslPolicyErrors sslPolicyErrors
     )
 {
     return true;
 }
Пример #3
0
		public void CanCreateAndDispose()
		{
			using (var cert = new X509Certificate())
			{
				cert.PrintRefCount();
			}
		}
Пример #4
0
		public virtual bool IsSignedBy(X509Certificate potentialIssuer)
		{
			try
			{
				x509crl.Verify(potentialIssuer.GetPublicKey());
				return true;
			}
			catch (InvalidKeyException)
			{
				return false;
			}
			/*catch (CrlException)
			{
				return false;
			}*/
			catch (NoSuchAlgorithmException)
			{
				return false;
			}
			/*catch (NoSuchProviderException e)
			{
				throw new RuntimeException(e);
			}*/
			catch (SignatureException)
			{
				return false;
			}
		}
Пример #5
0
    public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        if (sslPolicyErrors == SslPolicyErrors.None)
        {
            return true;
        }

        byte[] receivedCertificateHash = certificate.GetCertHash();
        //If length differs, obviously different hash.
        if (receivedCertificateHash.Length != hardCodedServerCertificateHash.Length)
        {
            return false;
        }

        //Check that each byte is the same
        for (int i = 0; i < hardCodedServerCertificateHash.Length; i++)
        {
            if (receivedCertificateHash[i] != hardCodedServerCertificateHash[i])
            {
                return false;
            }
        }

        //Equality of the certificates confirmed.
        return true;
    }
Пример #6
0
 public TcpTransport(string host,int port, X509Certificate clientCertificate, bool loggingEnabled = false)
 {
     EPP_REGISTRY_COM = host;
     PORT = port;
     this.loggingEnabled = loggingEnabled;
     this.clientCertificate = clientCertificate;
 }
Пример #7
0
        public void CanAddExtensions()
        {
            X509V3ExtensionList extList = new X509V3ExtensionList();
            extList.Add(new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash"));
            extList.Add(new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always"));
            extList.Add(new X509V3ExtensionValue("basicConstraints", true, "critical,CA:true"));
            extList.Add(new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"));

            DateTime start = DateTime.Now;
            DateTime end = start + TimeSpan.FromMinutes(10);
            CryptoKey key = new CryptoKey(new DSA(true));
            using (X509Certificate cert = new X509Certificate(101, "CN=Root", "CN=Root", key, start, end)) {
                foreach (X509V3ExtensionValue extValue in extList) {
                    using (X509Extension ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value)) {
                        cert.AddExtension(ext);
                    }
                }

                foreach (X509Extension ext in cert.Extensions) {
                    Console.WriteLine(ext);
                }

                Assert.AreEqual(extList.Count, cert.Extensions.Count);
            }
        }
Пример #8
0
    public bool PosTest1()
    {
        bool            retVal = true;
        X509Certificate cer;

        TestLibrary.TestFramework.BeginScenario("PosTest1: Valid certificate");

        try
        {
            cer      = new X509Certificate(c_VALIDPATH);

            if (null == cer)
            {
                TestLibrary.TestFramework.LogError("-01", "Failed to load " + c_VALIDPATH);
                retVal = false;
            }
        }
        catch (Exception e)
        {
            TestLibrary.TestFramework.LogError("000", "Unexpected exception: " + e);
            retVal = false;
        }

        return retVal;
    }
Пример #9
0
        public SslStreamServer(
            Stream stream, 
            bool ownStream,
            X509Certificate serverCertificate,
            bool clientCertificateRequired,
            X509Chain caCerts,
            SslProtocols enabledSslProtocols,
            SslStrength sslStrength,
            bool checkCertificateRevocation,
            RemoteCertificateValidationHandler remote_callback)
            : base(stream, ownStream)
        {
            this.checkCertificateRevocationStatus = checkCertificateRevocation;
            this.remoteCertificateSelectionCallback = remote_callback;

            // Initialize the SslContext object
            InitializeServerContext(serverCertificate, clientCertificateRequired, caCerts, enabledSslProtocols, sslStrength, checkCertificateRevocation);
            
            ssl = new Ssl(sslContext);
            // Initialze the read/write bio
            read_bio = BIO.MemoryBuffer(false);
            write_bio = BIO.MemoryBuffer(false);
            // Set the read/write bio's into the the Ssl object
            ssl.SetBIO(read_bio, write_bio);
            read_bio.SetClose(BIO.CloseOption.Close);
            write_bio.SetClose(BIO.CloseOption.Close);
            // Set the Ssl object into server mode
            ssl.SetAcceptState();
        }
Пример #10
0
		public ServerContext(
			SslServerStream			stream,
			SecurityProtocolType	securityProtocolType,
			X509Certificate			serverCertificate,
			bool					clientCertificateRequired)
			: base(securityProtocolType)
		{
			this.sslStream					= stream;
			this.clientCertificateRequired	= clientCertificateRequired;

			// Convert the System.Security cert to a Mono Cert
			MonoX509.X509Certificate cert = new MonoX509.X509Certificate(serverCertificate.GetRawCertData());

			// Add server certificate to the certificate collection
			this.ServerSettings.Certificates = new MonoX509.X509CertificateCollection();
			this.ServerSettings.Certificates.Add(cert);

			this.ServerSettings.UpdateCertificateRSA();

			// Add requested certificate types
			this.ServerSettings.CertificateTypes = new ClientCertificateType[1];
			this.ServerSettings.CertificateTypes[0] = ClientCertificateType.RSA;

			// Add certificate authorities
			MonoX509.X509CertificateCollection trusted = MonoX509.X509StoreManager.TrustedRootCertificates;
			string[] list = new string [trusted.Count];
			int i = 0;
			foreach (MonoX509.X509Certificate root in trusted)
			{
				list [i++] = root.IssuerName;
			}
			this.ServerSettings.DistinguisedNames = list;
		}
Пример #11
0
		public static ICollection GetSubjectAlternativeNames(
			X509Certificate cert)
		{
			Asn1OctetString extVal = cert.GetExtensionValue(X509Extensions.SubjectAlternativeName);

			return GetAlternativeName(extVal);
		}
Пример #12
0
		private static Asn1Sequence FromCertificate(
			X509Certificate certificate)
		{
			try
			{
				GeneralName genName = new GeneralName(
					PrincipalUtilities.GetIssuerX509Principal(certificate));

				if (certificate.Version == 3)
				{
					Asn1OctetString ext = certificate.GetExtensionValue(X509Extensions.SubjectKeyIdentifier);

					if (ext != null)
					{
						Asn1OctetString str = (Asn1OctetString) X509ExtensionUtilities.FromExtensionValue(ext);

						return (Asn1Sequence) new AuthorityKeyIdentifier(
							str.GetOctets(), new GeneralNames(genName), certificate.SerialNumber).ToAsn1Object();
					}
				}

				SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(
					certificate.GetPublicKey());

				return (Asn1Sequence) new AuthorityKeyIdentifier(
					info, new GeneralNames(genName), certificate.SerialNumber).ToAsn1Object();
			}
			catch (Exception e)
			{
				throw new CertificateParsingException("Exception extracting certificate details", e);
			}
		}
Пример #13
0
		public ServerContext(
			SslServerStream			stream,
			SecurityProtocolType	securityProtocolType,
			X509Certificate			serverCertificate,
			bool					clientCertificateRequired)
			: base(securityProtocolType)
		{
			this.sslStream					= stream;
			this.clientCertificateRequired	= clientCertificateRequired;

			// Convert the System.Security cert to a Mono Cert
			MonoX509.X509Certificate cert = new MonoX509.X509Certificate(serverCertificate.GetRawCertData());

			// Add server certificate to the certificate collection
			this.ServerSettings.Certificates = new MonoX509.X509CertificateCollection();
			this.ServerSettings.Certificates.Add(cert);

			this.ServerSettings.UpdateCertificateRSA();

			// Add requested certificate types
			this.ServerSettings.CertificateTypes = new ClientCertificateType[1];
			this.ServerSettings.CertificateTypes[0] = ClientCertificateType.RSA;

			// Add certificate authorities
			this.ServerSettings.DistinguisedNames = new string[0];
		}
Пример #14
0
        public AppleTlsContext(
            MobileAuthenticatedStream parent, MonoTlsSettings settings,
            AppleTlsProvider provider, bool serverMode, string targetHost,
            SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate,
            X509CertificateCollection clientCertificates, bool askForClientCert)
        {
            this.parent = parent;
            this.settings = settings;
            this.provider = provider;
            this.serverMode = serverMode;
            this.targetHost = targetHost;
            this.enabledProtocols = enabledProtocols;
            this.serverCertificate = serverCertificate;
            this.clientCertificates = clientCertificates;
            this.askForClientCert = askForClientCert;

            handle = GCHandle.Alloc (this);
            connectionId = GCHandle.ToIntPtr (handle);
            readFunc = NativeReadCallback;
            writeFunc = NativeWriteCallback;

            // a bit higher than the default maximum fragment size
            readBuffer = new byte [16384];
            writeBuffer = new byte [16384];

            certificateValidator = CertificateValidationHelper.GetDefaultValidator (settings, provider);

            if (IsServer) {
                if (serverCertificate == null)
                    throw new ArgumentNullException ("serverCertificate");
            }
        }
Пример #15
0
        public static void X509Certificate2CollectionConstructors()
        {
            using (X509Certificate2 c1 = new X509Certificate2())
            using (X509Certificate2 c2 = new X509Certificate2())
            using (X509Certificate2 c3 = new X509Certificate2())
            {
                X509Certificate2Collection cc = new X509Certificate2Collection(new X509Certificate2[] { c1, c2, c3 });
                Assert.Equal(3, cc.Count);
                Assert.Same(c1, cc[0]);
                Assert.Same(c2, cc[1]);
                Assert.Same(c3, cc[2]);

                X509Certificate2Collection cc2 = new X509Certificate2Collection(cc);
                Assert.Equal(3, cc2.Count);
                Assert.Same(c1, cc2[0]);
                Assert.Same(c2, cc2[1]);
                Assert.Same(c3, cc2[2]);

                Assert.Throws<ArgumentNullException>(() => new X509Certificate2Collection(new X509Certificate2[] { c1, c2, null, c3 }));

                using (X509Certificate c4 = new X509Certificate())
                {
                    X509Certificate2Collection collection = new X509Certificate2Collection { c1, c2, c3 };
                    ((IList)collection).Add(c4); // Add non-X509Certificate2 object

                    Assert.Throws<InvalidCastException>(() => new X509Certificate2Collection(collection));
                }
            }
        }
Пример #16
0
	//Encryption
	internal WebSocketClient(Socket s,X509Certificate cert)
	{	
		this.Socket = s;
		var ns = new NetworkStream(s,false);
		var ss = new SslStream(ns, false);
		ss.AuthenticateAsServer(cert,false,SslProtocols.Tls12,false);
		this.stream = ss;
	}
Пример #17
0
 public bool NegTest1(string fileName) { return NegTest(1, "Import(String)", fileName,
                                                              delegate(string fName)
                                                              {
                                                                  X509Certificate cer;
                                                                  cer = new X509Certificate();
                                                                  cer.Import(fName);
                                                                  return false;
                                                              } ); }
Пример #18
0
 public bool NegTest2(string fileName) { return NegTest(2, "Import(String,String,X509KeyStorageFlags)", fileName,
                                                              delegate(string fName)
                                                              {
                                                                  X509Certificate cer;
                                                                  cer = new X509Certificate();
                                                                  cer.Import(fName, "", X509KeyStorageFlags.DefaultKeySet);
                                                                  return false;
                                                              } ); }
Пример #19
0
 public bool NegTest3(string fileName) { return NegTest(3, "Import(byte[])", fileName,
                                                              delegate(string fName)
                                                              {
                                                                  X509Certificate cer;
                                                                  cer = new X509Certificate();
                                                                  cer.Import(BytesFromFile(fName));
                                                                  return false;
                                                              } ); }
Пример #20
0
 /// <summary>
 /// Calls X509V3_EXT_conf_nid()
 /// </summary>
 /// <param name="issuer"></param>
 /// <param name="subject"></param>
 /// <param name="name"></param>
 /// <param name="critical"></param>
 /// <param name="value"></param>
 public X509Extension(X509Certificate issuer, X509Certificate subject, string name, bool critical, string value)
     : base(IntPtr.Zero, true)
 {
     using (var ctx = new X509V3Context(issuer, subject, null))
     {
         ptr = Native.ExpectNonNull(Native.X509V3_EXT_conf_nid(IntPtr.Zero, ctx.Handle, Native.TextToNID(name), value));
     }
 }
Пример #21
0
		public void CanLoadFromPEM()
		{
			using (BIO bio = new BIO(LoadString(Resources.CaCrt))) {
				using (X509Certificate cert = new X509Certificate(bio)) {
					TestCert(cert, "CN=Root", "CN=Root", 1234);
				}
			}
		}
Пример #22
0
 public bool CheckValidationResult(
       ServicePoint srvPoint
     , X509Certificate certificate
     , WebRequest request
     , int certificateProblem)
 {
     //Return True to force the certificate to be accepted.
     return true;
 }
Пример #23
0
 public TcpTransport(string host, int port, X509Certificate clientCertificate, bool loggingEnabled = false, int readTimeout = Timeout.Infinite, int writeTimeout = Timeout.Infinite)
 {
     EPP_REGISTRY_COM = host;
     PORT = port;
     READ_TIMEOUT = readTimeout;
     WRITE_TIMEOUT = writeTimeout;
     this.loggingEnabled = loggingEnabled;
     this.clientCertificate = clientCertificate;
 }
Пример #24
0
 private static void VerifyImportNotSupported(X509Certificate c)
 {
     Assert.Throws<PlatformNotSupportedException>(() => c.Import(Array.Empty<byte>()));
     Assert.Throws<PlatformNotSupportedException>(() => c.Import(string.Empty));
     Assert.Throws<PlatformNotSupportedException>(() => c.Import(Array.Empty<byte>(), string.Empty, X509KeyStorageFlags.DefaultKeySet));
     Assert.Throws<PlatformNotSupportedException>(() => c.Import(Array.Empty<byte>(), new SecureString(), X509KeyStorageFlags.DefaultKeySet));
     Assert.Throws<PlatformNotSupportedException>(() => c.Import(string.Empty, string.Empty, X509KeyStorageFlags.DefaultKeySet));
     Assert.Throws<PlatformNotSupportedException>(() => c.Import(string.Empty, new SecureString(), X509KeyStorageFlags.DefaultKeySet));
 }
Пример #25
0
	static AsymmetricAlgorithm PrivateKeySelection (X509Certificate certificate, string targetHost)
	{
		Console.WriteLine ("PrivateKeySelection");
		Console.WriteLine ("\tHost: {0}", targetHost);
		Console.WriteLine (certificate.ToString (true));
		Console.WriteLine ("\tPrivateKeySelection ({0})", p12.Keys.Count);
		Console.WriteLine ();
		return (AsymmetricAlgorithm) p12.Keys [0];
	}
Пример #26
0
	static bool CertificateValidation (X509Certificate certificate, int[] certificateErrors)
	{
		Console.WriteLine ("CertificateValidation");
		Console.WriteLine (certificate.ToString (true));
		Console.WriteLine ("\tError(s)");
		foreach (int error in certificateErrors)
			Console.WriteLine ("\t\t#{0}", error);
		Console.WriteLine ();
		return true;
	}
Пример #27
0
 public static void X509CertEmptyToString()
 {
     using (var c = new X509Certificate())
     {
         string expectedResult = "System.Security.Cryptography.X509Certificates.X509Certificate";
         Assert.Equal(expectedResult, c.ToString());
         Assert.Equal(expectedResult, c.ToString(false));
         Assert.Equal(expectedResult, c.ToString(true));
     }
 }
Пример #28
0
		public void CanLoadFromPEM()
		{
			using(BIO bio = BIO.File(Paths.CaCrt, "r"))
			{
				using(X509Certificate cert = new X509Certificate(bio))
				{
					TestCert(cert, "CN=Root", "CN=Root", 1234);
				}
			}
		}
Пример #29
0
 public virtual IAsyncResult BeginAuthenticateAsServer(X509Certificate serverCertificate, AsyncCallback asyncCallback, object asyncState)
 {
     return(BeginAuthenticateAsServer(serverCertificate, false, SslProtocols.Tls, false, asyncCallback, asyncState));
 }
Пример #30
0
 public virtual void AuthenticateAsServer(X509Certificate serverCertificate)
 {
     AuthenticateAsServer(serverCertificate, false, SslProtocols.Tls, false);
 }
Пример #31
0
 public virtual void AuthenticateAsServer(X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 {
     EndAuthenticateAsServer(BeginAuthenticateAsServer(
                                 serverCertificate, clientCertificateRequired, enabledSslProtocols, checkCertificateRevocation, null, null));
 }
Пример #32
0
        //url为请求的网址,param参数为需要查询的条件(服务端接收的参数,没有则为null)
        //返回该次请求的响应


        public static bool CheckValidationResult(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
        {
            //直接确认,否则打不开
            return(true);
        }
Пример #33
0
 public static bool IgnoreCertificateValidationFailureForTestingOnly(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
 {
     return(true);
 }
Пример #34
0
        protected X509Certificate ContextLocalCertificateSelect(object sender, string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers)
        {
            if (Tracer.IsDebugEnabled)
            {
                string subjects        = "{";
                string issuers         = "{";
                string acceptedIssuers = "{";

                foreach (X509Certificate cert in localCertificates)
                {
                    subjects += cert.Subject + ", ";
                    issuers  += cert.Issuer + ", ";
                }

                subjects += "}";
                issuers  += "}";

                for (int i = 0; i < acceptableIssuers.Length; i++)
                {
                    acceptedIssuers += acceptableIssuers[i] + ", ";
                }

                Tracer.DebugFormat("Local Certificate Selection.\n" +
                                   "Sender {0}, Target Host {1}, Remote Cert Subject {2}, Remote Cert Issuer {3}" +
                                   "\nlocal Cert Subjects {4}, " +
                                   "\nlocal Cert Issuers {5}",
                                   sender.ToString(),
                                   targetHost,
                                   remoteCertificate?.Subject,
                                   remoteCertificate?.Issuer,
                                   subjects,
                                   issuers);
            }
            X509Certificate localCertificate = null;

            if (ClientCertificateSelectCallback != null)
            {
                try
                {
                    if (Tracer.IsDebugEnabled)
                    {
                        Tracer.DebugFormat("Calling application callback for Local certificate selection.");
                    }
                    localCertificate = ClientCertificateSelectCallback(sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers);
                }
                catch (Exception ex)
                {
                    Tracer.InfoFormat("Caught Exception from application callback for local certificate selction. Exception : {0}", ex);
                    throw ex;
                }
            }
            else if (localCertificates.Count >= 1)
            {
                // when there is only one certificate select that certificate.
                localCertificate = localCertificates[0];
                if (!String.IsNullOrWhiteSpace(this.ClientCertSubject))
                {
                    // should the application identify a specific certificate to use search for that certificate.
                    localCertificate = null;
                    foreach (X509Certificate cert in localCertificates)
                    {
                        if (String.Compare(cert.Subject, this.ClientCertSubject, true) == 0)
                        {
                            localCertificate = cert;
                            break;
                        }
                    }
                }
            }

            if (localCertificate == null)
            {
                Tracer.InfoFormat("Could not select Local Certificate for target host {0}", targetHost);
            }
            else if (Tracer.IsDebugEnabled)
            {
                Tracer.DebugFormat("Selected Local Certificate {0}", localCertificate.ToString());
            }

            return(localCertificate);
        }
Пример #35
0
		private void TestCert(X509Certificate cert, string subject, string issuer, int serial)
		{
			Assert.AreEqual(subject, cert.Subject.ToString());
			Assert.AreEqual(issuer, cert.Issuer.ToString());
			Assert.AreEqual(serial, cert.SerialNumber);
		}
Пример #36
0
/*
 *              AsymmetricAlgorithm GetPrivateKey (X509Certificate cert, string targetHost)
 *              {
 *                      // FIXME: what can I do for non-X509Certificate2 ?
 *                      X509Certificate2 cert2 = cert as X509Certificate2;
 *                      return cert2 != null ? cert2.PrivateKey : null;
 *              }
 */
        X509Certificate OnCertificateSelection(X509CertificateCollection clientCerts, X509Certificate serverCert, string targetHost, X509CertificateCollection serverRequestedCerts)
        {
            string [] acceptableIssuers = new string [serverRequestedCerts != null ? serverRequestedCerts.Count : 0];
            for (int i = 0; i < acceptableIssuers.Length; i++)
            {
                acceptableIssuers [i] = serverRequestedCerts [i].GetIssuerName();
            }
            return(selection_callback(this, targetHost, clientCerts, serverCert, acceptableIssuers));
        }
Пример #37
0
 public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
 {
     return(true);
 }
Пример #38
0
        public void UntrustedSelfSignedCertificate()
        {
            String host = "-----BEGIN CERTIFICATE-----\n" +
                          "MIIEcDCCAligAwIBAgIEAP+quzANBgkqhkiG9w0BAQUFADA2MQswCQYDVQQGEwJE\n" +
                          "RTELMAkGA1UECAwCQlcxDTALBgNVBAoMBFNZU1MxCzAJBgNVBAMMAkNBMB4XDTE0\n" +
                          "MDQxMDA3Mzg0MFoXDTE1MDQxMDA3Mzg0MFowQTELMAkGA1UEBhMCREUxCzAJBgNV\n" +
                          "BAgMAkJXMQ0wCwYDVQQKDARTWVNTMRYwFAYDVQQDDA13d3cuZ29vZ2xlLmNoMIIB\n" +
                          "IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8P4nPfLKOXtl+uOOUF7YO+mH\n" +
                          "ee9hYHuDLusgyDpLEQAqnBHtBi6RCP5XmArpunNfTF8yls5QdyjKogJ6nXafzlGa\n" +
                          "If1fe6iI/OMp9oUBdqJh2mU9OfZm5he9sLobunrVWqlm5fIbSRZkhZe5o8Dutcsa\n" +
                          "p74TClaHbXTcsVbw6/aScXibj5ARIK71JgtPFUNp1QanF78GmXUu2MOROaz2duUF\n" +
                          "LxzJJCxnNElNkt663LUjtgfbcEgKQDZ0k0uNchAyDHDIkNr6FmilgBmt1LI0sjdH\n" +
                          "llY6Z/r8waH9ztTqlf78jG1AhmUSTbBNtYU92rqdRqPa21WBbhaEhNtFg8EZywID\n" +
                          "AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy\n" +
                          "YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU48hgd+eZiIeWwiDJ3XPIb6PI+0gw\n" +
                          "HwYDVR0jBBgwFoAUWc4WPc0maSLX2fTyx9YLvqqPs8YwDQYJKoZIhvcNAQEFBQAD\n" +
                          "ggIBAA8T4LM8FKvRQh+/UWmKkMFFMVcSav2UYYHwbDQ1G+38lKT9G1pddslA450H\n" +
                          "XkaOZnRIb31+bgIK/WRt16sowt/wxK34p0kphKS7ubszF6SQI/rUF7Z/44MBnyng\n" +
                          "CsJhO+hu9vk7qTBSx7wL5MI9lsmalzwmQhEnNBKyYxxwBKRpZzlns6bX/nysfIPd\n" +
                          "lJ28Q01VfuFI4LZn6XoCgP3a5KMbvkFCcoQ0BWaJZUJXj8Taunn52+4yd02CojXJ\n" +
                          "6jnM8asmeZLME7k4BZrYGzmEZWqEWlArltpo315/lEdgPvmmIsSMn3N3wi8IJnlj\n" +
                          "1LRzDy3HF2m8Kk/3HPYorUKItEFdZ2yBHJd8SvrsoahoyqLN3rPkQ6TXFg5GD6XF\n" +
                          "76GUMSbr92sjKtWI4fta5CZi2iRnQEhiuAW9mvmsr9/g9fHAvNbs8QjLfYxdG8KW\n" +
                          "oLQIuTllXuQRiWJ6X33ea4seNDpD53I7rhZNhDxkns7YdEy9IsJjHJganVBY+/3f\n" +
                          "15bn34p3g3mQlsnLA2WMX2ZyLrVWaEt82iIZKAFzHjO38fANno6IXh0HP1xy6uQd\n" +
                          "37SZV2h0nUlJYw483RIUcJghkEBkKnIJInb6wGKXSpEZE2ObDJV0cH9vJflygh+G\n" +
                          "P6IvpzJ9dGNO8yNuyxvxcG7C+yDjgWjXkHqBYDS8lY9rM0yk\n" + "-----END CERTIFICATE-----\n";

            String ca = "-----BEGIN CERTIFICATE-----\n" +
                        "MIIFPzCCAyegAwIBAgIJAODkvo4frTJPMA0GCSqGSIb3DQEBBQUAMDYxCzAJBgNV\n" +
                        "BAYTAkRFMQswCQYDVQQIDAJCVzENMAsGA1UECgwEU1lTUzELMAkGA1UEAwwCQ0Ew\n" +
                        "HhcNMTQwNDEwMDczODI2WhcNMjQwNDA5MDczODI2WjA2MQswCQYDVQQGEwJERTEL\n" +
                        "MAkGA1UECAwCQlcxDTALBgNVBAoMBFNZU1MxCzAJBgNVBAMMAkNBMIICIjANBgkq\n" +
                        "hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxYEqG0gr2sxp1KJtj8VKmv802cdfXvIv\n" +
                        "3M10eB4weWtbRim/g8NcZUzPac5R672JxdQTpGERVl4y+6fxjjc9NsxuXBBoMOam\n" +
                        "ihINUsZzhxQatQ0Vos9WHX9rVdVQXLnVDrfn//thx8pLCzN777q8xDYwuyNeiUzG\n" +
                        "KVtlQV7ltbMTCL0jLRWiKe/pX27qDx0j+VipgohVZc6UHTFgbsWIn/x9tcCYaGPU\n" +
                        "IORUDYKLxURgUxikGipGxEaLa4zyOoniH9LqAVKZ0mXGV2OKYQqppb60zPm/N5Ke\n" +
                        "9R2fjBYdY8QAkkRDe6ZfEy9/+8dJTheVIxfQ2IAh4CKmgRCutlhD99n9xtUzXfJU\n" +
                        "X8E7+t2SKgdkC3uQvLWdABO5cLqw+JC8kn1alz9mQDuhjq/63iJ9kFa3mv6/GCPd\n" +
                        "oyQ5Ey+vqKwyWP/2Y42HF5Kj8eCiLV71Jf7Njifnnn6N7DgjHeJJPfLCBxmxFuiO\n" +
                        "aB4P9fLvoUpLkCIE3bYVCXiHKc6NrZ7Bx/5QVA8471KDH9YngFF7DpbnqwYVdRys\n" +
                        "kqMEupb2kUf0W0ObjLHAAUFMcPUdY081QFrVi9m78B2wAbW3ynguzrFBK4lmj6L3\n" +
                        "5rQipe5lEVFUbDnMYLONz55kLROGyw8H4EhgRuGCPwpiJtWYq3Tyc7smEy8Y9JcS\n" +
                        "iuskbUOgTgECAwEAAaNQME4wHQYDVR0OBBYEFFnOFj3NJmki19n08sfWC76qj7PG\n" +
                        "MB8GA1UdIwQYMBaAFFnOFj3NJmki19n08sfWC76qj7PGMAwGA1UdEwQFMAMBAf8w\n" +
                        "DQYJKoZIhvcNAQEFBQADggIBAC+mnC3rSJnDkKhMuL88DG0tErvHEUwL+qrgoeNN\n" +
                        "1rOdXxv2hsVFfRMG9ieVvyMd9aHVvSgbWf43o0NHCX347eFWRq7n6A9QFNvcx4lD\n" +
                        "DFgt8eptIgRAChbRg4QV0+GdsKeBSlOL/Y03zXwxvrCEpKBrluBYz8NZ4LTDtO6Q\n" +
                        "g//+q0lnd49Gk1+PENzKKLVk2OzyQFh70o7pkm16KlpmQLnhvtkQJQPsOBVizk7v\n" +
                        "hKtdUnn/fJytniJ5F4dZykH5GV4owILTRpjiuqO0BEOAznjvFDiMnzKif/jxX6XR\n" +
                        "PMyqlWTk9VS23i1ghcU223+oeDiSNj8lbla8lHFcI8ztsvY469206pfCrK51FanL\n" +
                        "dB/G7zd9P3zQRinwfaG9/9eL4nDsvPMVqotFiyrHhJJOAeZNQtRDB+e8c+334coS\n" +
                        "Y6GQpdmCPQeL1grxH5g5VypkITPgq+aPmgHv6jk5cHdFhHy25tOwpdrk1ppN3ln4\n" +
                        "GG2QjTbVnOEH01+ySZpB4eMaqF2wME0LQYuZo4OYz5Dfu565ft3E81TWqsaOxXyQ\n" +
                        "kLHLnzzlATLh7F30aUV254MJTLwf4TL2/p4DJklo9t47iS1ckYAwtFYwgbDIziGZ\n" +
                        "hJYa6ulLyko8z7MPf8OSOipYKOW/gXfV1XxMYh+k5qwaKLK4BsoXuwiB/kMVJtTJ\n" + "ndIN\n" +
                        "-----END CERTIFICATE-----\n";


            CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
            InputStream        his         = new ByteArrayInputStream(Encoding.ASCII.GetBytes(host));
            X509Certificate    hostCert    = (X509Certificate)certFactory.generateCertificate(his);
            InputStream        cais        = new ByteArrayInputStream(Encoding.ASCII.GetBytes(ca));
            X509Certificate    caCert      = (X509Certificate)certFactory.generateCertificate(cais);


            const string hostName = "www.google.ch";
            List         certs    = new ArrayList();

            certs.add(hostCert);
            certs.add(caCert);

            try
            {
                //no exception registered yet
                new SystemCertificateStore().isTrusted(hostName, certs);
                Assert.Fail();
            }
            catch (EntryPointNotFoundException exception)
            {
                Console.WriteLine("TEST");
            }
            //register exception
            PreferencesFactory.get()
            .setProperty(hostName + ".certificate.accept",
                         SystemCertificateStore.ConvertCertificate(hostCert).Thumbprint);
            Assert.IsTrue(new SystemCertificateStore().isTrusted(hostName, certs));
        }
Пример #39
0
 public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem)
 {
     return(true);
 }
Пример #40
0
        protected bool ContextServerCertificateValidation(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
        {
            if (Tracer.IsDebugEnabled)
            {
                string name = null;
                if (certificate is X509Certificate2)
                {
                    X509Certificate2 cert = certificate as X509Certificate2;
                    name = cert.SubjectName.Name;
                }
                Tracer.DebugFormat("Cert DN {0}; Cert Subject {1}; Cert Issuer {2}; SSLPolicyErrors [{3}]", name, certificate?.Subject ?? "null", certificate?.Issuer ?? "null", sslPolicyErrors.ToString());
                try
                {
                    X509VerificationFlags verFlags = chain.ChainPolicy.VerificationFlags;
                    X509RevocationMode    revMode  = chain.ChainPolicy.RevocationMode;
                    X509RevocationFlag    revFlags = chain.ChainPolicy.RevocationFlag;
                    StringBuilder         sb       = new StringBuilder();
                    sb.Append("ChainStatus={");
                    int size = sb.Length;
                    foreach (X509ChainStatus status in chain.ChainStatus)
                    {
                        X509ChainStatusFlags csflags = status.Status;
                        sb.AppendFormat("Info={0}; flags=0x{1:X}; flagNames=[{2}]", status.StatusInformation, csflags, csflags.ToString());
                        sb.Append(", ");
                    }
                    if (size != sb.Length)
                    {
                        sb.Remove(sb.Length - 2, 2);
                    }
                    sb.Append("}");

                    Tracer.DebugFormat("X.509 Cert Chain, Verification Flags {0:X} {1}, Revocation Mode {2}, Revocation Flags {3}, Status {4} ",
                                       verFlags, verFlags.ToString(), revMode.ToString(), revFlags.ToString(), sb.ToString());
                }
                catch (Exception ex)
                {
                    Tracer.ErrorFormat("Error displaying Remote Cert fields. Cause: {0}", ex);
                }
            }

            bool?valid = null;

            if (ServerCertificateValidateCallback != null)
            {
                try
                {
                    if (Tracer.IsDebugEnabled)
                    {
                        Tracer.DebugFormat("Calling application callback for Remote Certificate Validation.");
                    }
                    valid = ServerCertificateValidateCallback(sender, certificate, chain, sslPolicyErrors);
                }
                catch (Exception ex)
                {
                    Tracer.InfoFormat("Caught Exception from application callback for Remote Certificate Validation. Exception : {0}", ex);
                    throw ex;
                }
            }
            else
            {
                if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) == SslPolicyErrors.RemoteCertificateNameMismatch &&
                    !String.IsNullOrWhiteSpace(this.ServerName))
                {
                    if (certificate.Subject.IndexOf(string.Format("CN={0}",
                                                                  this.ServerName), StringComparison.InvariantCultureIgnoreCase) > -1)
                    {
                        sslPolicyErrors &= ~(SslPolicyErrors.RemoteCertificateNameMismatch);
                    }
                }
                if (sslPolicyErrors == SslPolicyErrors.None)
                {
                    valid = true;
                }
                else
                {
                    Tracer.WarnFormat("SSL certificate {0} validation error : {1}", certificate.Subject, sslPolicyErrors.ToString());
                    valid = this.AcceptInvalidBrokerCert;
                }
            }
            return(valid ?? this.AcceptInvalidBrokerCert);
        }
Пример #41
0
 private static bool CertValidator(object sender, X509Certificate certificate,
                                   X509Chain chain, SslPolicyErrors sslPolicyErrors)
 {
     return(true);
 }
Пример #42
0
        static void Ssl(string host, bool machine, bool verbose)
        {
            if (verbose)
            {
                Console.WriteLine("Importing certificates from '{0}' into the {1} stores.",
                                  host, machine ? "machine" : "user");
            }
            int n = 0;

            X509CertificateCollection coll = GetCertificatesFromSslSession(host);

            if (coll != null)
            {
                X509Store store = null;
                // start by the end (root) so we can stop adding them anytime afterward
                for (int i = coll.Count - 1; i >= 0; i--)
                {
                    X509Certificate x509     = coll [i];
                    bool            selfsign = false;
                    bool            failed   = false;
                    try
                    {
                        selfsign = x509.IsSelfSigned;
                    }
                    catch
                    {
                        // sadly it's hard to interpret old certificates with MD2
                        // without manually changing the machine.config file
                        failed = true;
                    }

                    if (selfsign)
                    {
                        // this is a root
                        store = GetStoreFromName(X509Stores.Names.TrustedRoot, machine);
                    }
                    else if (i == 0)
                    {
                        // server certificate isn't (generally) an intermediate CA
                        store = GetStoreFromName(X509Stores.Names.OtherPeople, machine);
                    }
                    else
                    {
                        // all other certificates should be intermediate CA
                        store = GetStoreFromName(X509Stores.Names.IntermediateCA, machine);
                    }

                    Console.WriteLine("{0}{1}X.509 Certificate v{2}",
                                      Environment.NewLine,
                                      selfsign ? "Self-signed " : String.Empty,
                                      x509.Version);
                    Console.WriteLine("   Issued from: {0}", x509.IssuerName);
                    Console.WriteLine("   Issued to:   {0}", x509.SubjectName);
                    Console.WriteLine("   Valid from:  {0}", x509.ValidFrom);
                    Console.WriteLine("   Valid until: {0}", x509.ValidUntil);

                    if (!x509.IsCurrent)
                    {
                        Console.WriteLine("   *** WARNING: Certificate isn't current ***");
                    }
                    if ((i > 0) && !selfsign)
                    {
                        X509Certificate signer = coll [i - 1];
                        bool            signed = false;
                        try
                        {
                            if (signer.RSA != null)
                            {
                                signed = x509.VerifySignature(signer.RSA);
                            }
                            else if (signer.DSA != null)
                            {
                                signed = x509.VerifySignature(signer.DSA);
                            }
                            else
                            {
                                Console.WriteLine("   *** WARNING: Couldn't not find who signed this certificate ***");
                                signed = true; // skip next warning
                            }

                            if (!signed)
                            {
                                Console.WriteLine("   *** WARNING: Certificate signature is INVALID ***");
                            }
                        }
                        catch
                        {
                            failed = true;
                        }
                    }
                    if (failed)
                    {
                        Console.WriteLine("   *** ERROR: Couldn't decode certificate properly ***");
                        Console.WriteLine("   *** try 'man certmgr' for additional help or report to bugzilla.novell.com ***");
                        break;
                    }

                    if (store.Certificates.Contains(x509))
                    {
                        Console.WriteLine("This certificate is already in the {0} store.", store.Name);
                    }
                    else
                    {
                        Console.Write("Import this certificate into the {0} store ?", store.Name);
                        string answer = Console.ReadLine().ToUpper();
                        if ((answer == "YES") || (answer == "Y"))
                        {
                            store.Import(x509);
                            n++;
                        }
                        else
                        {
                            if (verbose)
                            {
                                Console.WriteLine("Certificate not imported into store {0}.",
                                                  store.Name);
                            }
                            break;
                        }
                    }
                }
            }

            Console.WriteLine();
            if (n == 0)
            {
                Console.WriteLine("No certificate were added to the stores.");
            }
            else
            {
                Console.WriteLine("{0} certificate{1} added to the stores.",
                                  n, (n == 1) ? String.Empty : "s");
            }
        }
Пример #43
0
 public virtual Task AuthenticateAsServerAsync(X509Certificate serverCertificate)
 {
     return(Task.Factory.FromAsync(BeginAuthenticateAsServer, EndAuthenticateAsServer, serverCertificate, null));
 }
Пример #44
0
Файл: Form1.cs Проект: ROCS95/x2 
 private bool AcceptAllCertifications(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
 {
     return(true);
 }
Пример #45
0
 private static X509Certificate LocalCertificateSelectionCallback(object sender,
                                                                  string targetHost, X509CertificateCollection localCertificates,
                                                                  X509Certificate remoteCertificate, string[] acceptableIssuers)
 {
     return(GetCertificate());
 }
Пример #46
0
 public static bool MyRemoteCertificateValidationCallback(System.Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
 {
     bool isOk = true;
     // If there are errors in the certificate chain,
     // look at each error to determine the cause.
     if (sslPolicyErrors != SslPolicyErrors.None)
     {
         for (int i = 0; i < chain.ChainStatus.Length; i++)
         {
             if (chain.ChainStatus[i].Status == X509ChainStatusFlags.RevocationStatusUnknown)
             {
                 continue;
             }
             chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
             chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
             chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 0);
             chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;
             bool chainIsValid = chain.Build((X509Certificate2)certificate);
             if (!chainIsValid)
             {
                 isOk = false;
                 break;
             }
         }
     }
     return isOk;
 }
Пример #47
0
 public PackageDigitalSignature Countersign(X509Certificate certificate, IEnumerable <Uri> signatures)
 {
     throw new NotImplementedException();
 }
Пример #48
0
        static X509CertificateCollection LoadCertificates(string filename, string password, bool verbose)
        {
            X509Certificate           x509 = null;
            X509CertificateCollection coll = new X509CertificateCollection();

            switch (Path.GetExtension(filename).ToUpper())
            {
            case ".P7B":
            case ".SPC":
                SoftwarePublisherCertificate spc = SoftwarePublisherCertificate.CreateFromFile(filename);
                coll.AddRange(spc.Certificates);
                spc = null;
                break;

            case ".CER":
            case ".CRT":
                using (FileStream fs = File.OpenRead(filename))
                {
                    byte[] data = new byte [fs.Length];
                    fs.Read(data, 0, data.Length);
                    if (data [0] != 0x30)
                    {
                        // maybe it's ASCII PEM base64 encoded ?
                        data = PEM("CERTIFICATE", data);
                    }
                    if (data != null)
                    {
                        x509 = new X509Certificate(data);
                    }
                }
                if (x509 != null)
                {
                    coll.Add(x509);
                }
                break;

            case ".P12":
            case ".PFX":
                PKCS12 p12 = password == null?PKCS12.LoadFromFile(filename)
                                 : PKCS12.LoadFromFile(filename, password);

                X509CertificateCollection tmp = new X509CertificateCollection(p12.Certificates);

                for (int i = 0; i != p12.Keys.Count; i++)
                {
                    X509Certificate          cert = p12.Certificates[i];
                    RSACryptoServiceProvider pk   = p12.Keys[i] as RSACryptoServiceProvider;

                    if (pk == null || pk.PublicOnly)
                    {
                        continue;
                    }

                    if (verbose)
                    {
                        Console.WriteLine("Found key for certificate: {0}", cert.SubjectName);
                    }

                    tmp[0].RSA = pk;
                }
                coll.AddRange(tmp);
                p12 = null;
                break;

            default:
                Console.WriteLine("Unknown file extension: {0}",
                                  Path.GetExtension(filename));
                break;
            }
            return(coll);
        }
Пример #49
0
 public PackageDigitalSignature Sign(IEnumerable <Uri> parts, X509Certificate certificate)
 {
     throw new NotImplementedException();
 }
Пример #50
0
 public PackageDigitalSignature Sign(IEnumerable <Uri> parts, X509Certificate certificate, IEnumerable <PackageRelationshipSelector> relationshipSelectors,
                                     string signatureId)
 {
     throw new NotImplementedException();
 }
Пример #51
0
		public void CanGetAndSetProperties()
		{
			var serial = 101;
			var subject = new X509Name("CN=localhost");
			var issuer = new X509Name("CN=Root");
			var start = DateTime.Now;
			var end = start + TimeSpan.FromMinutes(10);

			var key = new CryptoKey(new DSA(true));
			var bits = key.Bits;

			X509Name saveIssuer = null;
			X509Name saveSubject = null;
			CryptoKey savePublicKey = null;
			CryptoKey savePrivateKey = null;
			using (var cert = new X509Certificate())
			{
				cert.Subject = subject;
				cert.Issuer = issuer;
				cert.SerialNumber = serial;
				cert.NotBefore = start;
				cert.NotAfter = end;
				cert.PublicKey = key;
				cert.PrivateKey = key;

				Assert.AreEqual(subject, cert.Subject);
				Assert.AreEqual(issuer, cert.Issuer);
				Assert.AreEqual(serial, cert.SerialNumber);

				Assert.AreEqual(key, cert.PublicKey);
				Assert.AreEqual(key, cert.PrivateKey);

				// If the original key gets disposed before the internal private key,
				// make sure that memory is correctly managed
				key.Dispose();

				// If the internal private key has already been disposed, this will blowup
				Assert.AreEqual(bits, cert.PublicKey.Bits);
				Assert.AreEqual(bits, cert.PrivateKey.Bits);

				// We compare short date/time strings here because the wrapper can't handle milliseconds
				Assert.AreEqual(start.ToShortDateString(), cert.NotBefore.ToShortDateString());
				Assert.AreEqual(start.ToShortTimeString(), cert.NotBefore.ToShortTimeString());

				saveSubject = cert.Subject;
				saveIssuer = cert.Issuer;
				savePublicKey = cert.PublicKey;
				savePrivateKey = cert.PrivateKey;
			}

			// make sure that a property torn-off from the cert is still valid
			using (subject)
			using (saveSubject)
			{
				Assert.AreEqual(subject, saveSubject);
			}
			using (issuer)
			using (saveIssuer)
			{
				Assert.AreEqual(issuer, saveIssuer);
			}
			using (savePublicKey)
			{
				Assert.AreEqual(bits, savePublicKey.Bits);
			}
			using (savePrivateKey)
			{
				Assert.AreEqual(bits, savePrivateKey.Bits);
			}
		}
Пример #52
0
 private static bool AllwaysGoodCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors policyErrors)
 {
     return(true);
 }
Пример #53
0
 private bool CheckValidationResult(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
 {
     return(true);
 }
Пример #54
0
 private static bool RemoteCertificateValidate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors error)
 {
     return(true);
 }
Пример #55
0
 public SchannelCred(X509Certificate certificate, SchProtocols protocols)
     : this(CurrentVersion, certificate, SchannelCred.Flags.Zero, protocols)
 {
 }
Пример #56
0
 private static bool TrustCertificate(object sender, X509Certificate x509Certificate, X509Chain x509Chain, SslPolicyErrors sslPolicyErrors)
 {
     return(true);
 }
Пример #57
0
 private static bool Validator(object in_sender, X509Certificate in_certificate, X509Chain in_chain, SslPolicyErrors in_sslPolicyErrors)
 {
     return(true);
 }
Пример #58
0
 /// <summary>
 /// Creates a new <see cref="HttpListener"/> instance with default factories.
 /// </summary>
 /// <param name="address">Address that the listener should accept connections on.</param>
 /// <param name="port">Port that listener should accept connections on.</param>
 /// <param name="certificate">Certificate to use</param>
 /// <returns>Created HTTP listener.</returns>
 public static HttpListener Create(IPAddress address, int port, X509Certificate certificate)
 {
     //RequestParserFactory requestFactory = new RequestParserFactory();
     //HttpContextFactory factory = new HttpContextFactory(NullLogWriter.Instance, 16384, requestFactory);
     return(new SecureHttpListener(address, port, certificate));
 }
Пример #59
-1
 public static void TestImportNotSupported_X509Certificate()
 {
     using (var c = new X509Certificate())
     {
         VerifyImportNotSupported(c);
     }
 }
Пример #60
-2
 public static bool Validator(
     object sender,
     X509Certificate certificate,
     X509Chain chain,
     SslPolicyErrors policyErrors )
 {
     // Just accept and move on...
     return true;
 }