private UnityTls.unitytls_x509verify_result VerifyCallback(UnityTls.unitytls_x509list_ref chain,
UnityTls.unitytls_errorstate *errorState)
{
try
{
using (var chainImpl = new X509ChainImplUnityTls(chain))
using (var managedChain = new X509Chain(chainImpl))
{
remoteCertificate = managedChain.ChainElements[0].Certificate;
// Note that the overload of this method that takes a X509CertificateCollection will not pass on the chain to
// user callbacks like ServicePointManager.ServerCertificateValidationCallback which can cause issues along the line.
if (ValidateCertificate(remoteCertificate, managedChain))
{
return(UnityTls.unitytls_x509verify_result.UNITYTLS_X509VERIFY_SUCCESS);
}
return(UnityTls.unitytls_x509verify_result.UNITYTLS_X509VERIFY_FLAG_NOT_TRUSTED);
}
}
catch (Exception ex)
{
// handle all exceptions and store them for later since we don't want to let them go through native code.
if (lastException == null)
{
lastException = ex;
}
return(UnityTls.unitytls_x509verify_result.UNITYTLS_X509VERIFY_FATAL_ERROR);
}
}
private static UnityTls.unitytls_x509verify_result VerifyCallback(void *userData,
UnityTls.unitytls_x509list_ref chain, UnityTls.unitytls_errorstate *errorState)
{
var handle = (GCHandle)(IntPtr)userData;
var context = (UnityTlsContext)handle.Target;
return(context.VerifyCallback(chain, errorState));
}
private void CertificateCallback(UnityTls.unitytls_tlsctx *ctx, byte *cn, size_t cnLen,
UnityTls.unitytls_x509name *caList, size_t caListLen, UnityTls.unitytls_x509list_ref *chain,
UnityTls.unitytls_key_ref *key, UnityTls.unitytls_errorstate *errorState)
{
try
{
if (remoteCertificate == null)
{
throw new TlsException(AlertDescription.InternalError,
"Cannot request client certificate before receiving one from the server.");
}
localClientCertificate = SelectClientCertificate(null);
if (localClientCertificate == null)
{
*chain = new UnityTls.unitytls_x509list_ref
{
handle = UnityTls.NativeInterface.UNITYTLS_INVALID_HANDLE
};
*key = new UnityTls.unitytls_key_ref {
handle = UnityTls.NativeInterface.UNITYTLS_INVALID_HANDLE
};
}
else
{
// Need to create native objects for client chain/key. Need to keep them cached.
// Make sure we don't have old native objects still around.
UnityTls.NativeInterface.unitytls_x509list_free(requestedClientCertChain);
UnityTls.NativeInterface.unitytls_key_free(requestedClientKey);
ExtractNativeKeyAndChainFromManagedCertificate(localClientCertificate, errorState,
out requestedClientCertChain, out requestedClientKey);
*chain = UnityTls.NativeInterface.unitytls_x509list_get_ref(requestedClientCertChain, errorState);
*key = UnityTls.NativeInterface.unitytls_key_get_ref(requestedClientKey, errorState);
}
Unity.Debug.CheckAndThrow(*errorState, "Failed to retrieve certificates on request.",
AlertDescription.HandshakeFailure);
}
catch (Exception ex)
{
// handle all exceptions and store them for later since we don't want to let them go through native code.
UnityTls.NativeInterface.unitytls_errorstate_raise_error(errorState,
UnityTls.unitytls_error_code.UNITYTLS_USER_UNKNOWN_ERROR);
if (lastException == null)
{
lastException = ex;
}
}
}
internal X509ChainImplUnityTls(UnityTls.unitytls_x509list_ref nativeCertificateChain)
{
elements = null;
this.nativeCertificateChain = nativeCertificateChain;
}
