Пример #1
0
        private void validateCertificates(Mono.Security.X509.X509CertificateCollection certificates)
        {
            ServerContext    serverContext = (ServerContext)base.Context;
            AlertDescription description   = AlertDescription.BadCertificate;

            System.Security.Cryptography.X509Certificates.X509Certificate x509Certificate = null;
            int[] certificateErrors = null;
            if (certificates.Count > 0)
            {
                Mono.Security.X509.X509Certificate x509Certificate2 = certificates[0];
                ArrayList arrayList = new ArrayList();
                if (!this.checkCertificateUsage(x509Certificate2))
                {
                    arrayList.Add(-2146762490);
                }
                Mono.Security.X509.X509Chain x509Chain;
                if (certificates.Count > 1)
                {
                    Mono.Security.X509.X509CertificateCollection x509CertificateCollection = new Mono.Security.X509.X509CertificateCollection(certificates);
                    x509CertificateCollection.Remove(x509Certificate2);
                    x509Chain = new Mono.Security.X509.X509Chain(x509CertificateCollection);
                }
                else
                {
                    x509Chain = new Mono.Security.X509.X509Chain();
                }
                bool flag = false;
                try
                {
                    flag = x509Chain.Build(x509Certificate2);
                }
                catch (Exception)
                {
                    flag = false;
                }
                if (!flag)
                {
                    Mono.Security.X509.X509ChainStatusFlags status = x509Chain.Status;
                    if (status != Mono.Security.X509.X509ChainStatusFlags.NotTimeValid)
                    {
                        if (status != Mono.Security.X509.X509ChainStatusFlags.NotTimeNested)
                        {
                            if (status != Mono.Security.X509.X509ChainStatusFlags.NotSignatureValid)
                            {
                                if (status != Mono.Security.X509.X509ChainStatusFlags.UntrustedRoot)
                                {
                                    if (status != Mono.Security.X509.X509ChainStatusFlags.InvalidBasicConstraints)
                                    {
                                        if (status != Mono.Security.X509.X509ChainStatusFlags.PartialChain)
                                        {
                                            description = AlertDescription.CertificateUnknown;
                                            arrayList.Add((int)x509Chain.Status);
                                        }
                                        else
                                        {
                                            description = AlertDescription.UnknownCA;
                                            arrayList.Add(-2146762486);
                                        }
                                    }
                                    else
                                    {
                                        arrayList.Add(-2146869223);
                                    }
                                }
                                else
                                {
                                    description = AlertDescription.UnknownCA;
                                    arrayList.Add(-2146762487);
                                }
                            }
                            else
                            {
                                arrayList.Add(-2146869232);
                            }
                        }
                        else
                        {
                            arrayList.Add(-2146762494);
                        }
                    }
                    else
                    {
                        description = AlertDescription.CertificateExpired;
                        arrayList.Add(-2146762495);
                    }
                }
                x509Certificate   = new System.Security.Cryptography.X509Certificates.X509Certificate(x509Certificate2.RawData);
                certificateErrors = (int[])arrayList.ToArray(typeof(int));
            }
            else
            {
                certificateErrors = new int[0];
            }
            System.Security.Cryptography.X509Certificates.X509CertificateCollection x509CertificateCollection2 = new System.Security.Cryptography.X509Certificates.X509CertificateCollection();
            foreach (Mono.Security.X509.X509Certificate x509Certificate3 in certificates)
            {
                x509CertificateCollection2.Add(new System.Security.Cryptography.X509Certificates.X509Certificate(x509Certificate3.RawData));
            }
            if (!serverContext.SslStream.RaiseClientCertificateValidation(x509Certificate, certificateErrors))
            {
                throw new TlsException(description, "Invalid certificate received from client.");
            }
            base.Context.ClientSettings.ClientCertificate = x509Certificate;
        }
Пример #2
0
        private void validateCertificates(Mono.Security.X509.X509CertificateCollection certificates)
        {
            ClientContext    clientContext = (ClientContext)base.Context;
            AlertDescription description   = AlertDescription.BadCertificate;

            if (clientContext.SslStream.HaveRemoteValidation2Callback)
            {
                ValidationResult validationResult = clientContext.SslStream.RaiseServerCertificateValidation2(certificates);
                if (validationResult.Trusted)
                {
                    return;
                }
                long num  = (long)validationResult.ErrorCode;
                long num2 = num;
                if (num2 != (long)((ulong)-2146762487))
                {
                    if (num2 != (long)((ulong)-2146762486))
                    {
                        if (num2 != (long)((ulong)-2146762495))
                        {
                            description = AlertDescription.CertificateUnknown;
                        }
                        else
                        {
                            description = AlertDescription.CertificateExpired;
                        }
                    }
                    else
                    {
                        description = AlertDescription.UnknownCA;
                    }
                }
                else
                {
                    description = AlertDescription.UnknownCA;
                }
                string str = string.Format("0x{0:x}", num);
                throw new TlsException(description, "Invalid certificate received from server. Error code: " + str);
            }
            else
            {
                Mono.Security.X509.X509Certificate x509Certificate = certificates[0];
                System.Security.Cryptography.X509Certificates.X509Certificate certificate = new System.Security.Cryptography.X509Certificates.X509Certificate(x509Certificate.RawData);
                ArrayList arrayList = new ArrayList();
                if (!this.checkCertificateUsage(x509Certificate))
                {
                    arrayList.Add(-2146762490);
                }
                if (!this.checkServerIdentity(x509Certificate))
                {
                    arrayList.Add(-2146762481);
                }
                Mono.Security.X509.X509CertificateCollection x509CertificateCollection = new Mono.Security.X509.X509CertificateCollection(certificates);
                x509CertificateCollection.Remove(x509Certificate);
                Mono.Security.X509.X509Chain x509Chain = new Mono.Security.X509.X509Chain(x509CertificateCollection);
                bool flag = false;
                try
                {
                    flag = x509Chain.Build(x509Certificate);
                }
                catch (Exception)
                {
                    flag = false;
                }
                if (!flag)
                {
                    Mono.Security.X509.X509ChainStatusFlags status = x509Chain.Status;
                    if (status != Mono.Security.X509.X509ChainStatusFlags.NotTimeValid)
                    {
                        if (status != Mono.Security.X509.X509ChainStatusFlags.NotTimeNested)
                        {
                            if (status != Mono.Security.X509.X509ChainStatusFlags.NotSignatureValid)
                            {
                                if (status != Mono.Security.X509.X509ChainStatusFlags.UntrustedRoot)
                                {
                                    if (status != Mono.Security.X509.X509ChainStatusFlags.InvalidBasicConstraints)
                                    {
                                        if (status != Mono.Security.X509.X509ChainStatusFlags.PartialChain)
                                        {
                                            description = AlertDescription.CertificateUnknown;
                                            arrayList.Add((int)x509Chain.Status);
                                        }
                                        else
                                        {
                                            description = AlertDescription.UnknownCA;
                                            arrayList.Add(-2146762486);
                                        }
                                    }
                                    else
                                    {
                                        arrayList.Add(-2146869223);
                                    }
                                }
                                else
                                {
                                    description = AlertDescription.UnknownCA;
                                    arrayList.Add(-2146762487);
                                }
                            }
                            else
                            {
                                arrayList.Add(-2146869232);
                            }
                        }
                        else
                        {
                            arrayList.Add(-2146762494);
                        }
                    }
                    else
                    {
                        description = AlertDescription.CertificateExpired;
                        arrayList.Add(-2146762495);
                    }
                }
                int[] certificateErrors = (int[])arrayList.ToArray(typeof(int));
                if (!clientContext.SslStream.RaiseServerCertificateValidation(certificate, certificateErrors))
                {
                    throw new TlsException(description, "Invalid certificate received from server.");
                }
                return;
            }
        }