Пример #1
0
        bool CreateStream(HttpWebRequest request)
        {
            try
            {
                NetworkStream serverStream = new NetworkStream(socket, false);

                if (request.Address.Scheme == Uri.UriSchemeHttps)
                {
                    ssl = true;
                    EnsureSSLStreamAvailable();
                    if (!reused || nstream == null || nstream.GetType() != sslStream)
                    {
                        byte [] buffer = null;
                        if (sPoint.UseConnect)
                        {
                            bool ok = CreateTunnel(request, serverStream, out buffer);
                            if (!ok)
                            {
                                return(false);
                            }
                        }

                        object[] args = new object [4] {
                            serverStream,
                            request.ClientCertificates,
                            request, buffer
                        };
                        nstream = (Stream)Activator.CreateInstance(sslStream, args);
#if SECURITY_DEP
                        SslClientStream scs    = (SslClientStream)nstream;
                        var             helper = new ServicePointManager.ChainValidationHelper(request);
                        scs.ServerCertValidation2 += new CertificateValidationCallback2(helper.ValidateChain);
#endif
                        certsAvailable = false;
                    }
                    // we also need to set ServicePoint.Certificate
                    // and ServicePoint.ClientCertificate but this can
                    // only be done later (after handshake - which is
                    // done only after a read operation).
                }
                else
                {
                    ssl     = false;
                    nstream = serverStream;
                }
            }
            catch (Exception)
            {
                if (!request.Aborted)
                {
                    status = WebExceptionStatus.ConnectFailure;
                }
                return(false);
            }

            return(true);
        }
Пример #2
0
        private bool CreateStream(HttpWebRequest request)
        {
            try
            {
                NetworkStream networkStream = new NetworkStream(socket, owns_socket: false);
                if (request.Address.Scheme == Uri.UriSchemeHttps)
                {
                    ssl = true;
                    EnsureSSLStreamAvailable();
                    if (!reused || nstream == null || nstream.GetType() != sslStream)
                    {
                        byte[] array = null;
                        if (sPoint.UseConnect && !CreateTunnel(request, networkStream, out array))
                        {
                            return(false);
                        }
                        object[] args = new object[4]
                        {
                            networkStream,
                            request.ClientCertificates,
                            request,
                            array
                        };
                        nstream = (Stream)Activator.CreateInstance(sslStream, args);
                        SslClientStream sslClientStream = (SslClientStream)nstream;
                        ServicePointManager.ChainValidationHelper @object = new ServicePointManager.ChainValidationHelper(request);
                        sslClientStream.ServerCertValidation2 += @object.ValidateChain;
                        certsAvailable = false;
                    }
                }
                else
                {
                    ssl     = false;
                    nstream = networkStream;
                }
            }
            catch (Exception)
            {
                if (!request.Aborted)
                {
                    status = WebExceptionStatus.ConnectFailure;
                }
                return(false);

                IL_011e :;
            }
            return(true);
        }
Пример #3
0
 private bool CreateStream(HttpWebRequest request)
 {
     try
     {
         System.Net.Sockets.NetworkStream networkStream = new System.Net.Sockets.NetworkStream(this.socket, false);
         if (request.Address.Scheme == System.Uri.UriSchemeHttps)
         {
             this.ssl = true;
             WebConnection.EnsureSSLStreamAvailable();
             if (!this.reused || this.nstream == null || this.nstream.GetType() != WebConnection.sslStream)
             {
                 byte[] array = null;
                 if (this.sPoint.UseConnect && !this.CreateTunnel(request, networkStream, out array))
                 {
                     return(false);
                 }
                 object[] args = new object[]
                 {
                     networkStream,
                     request.ClientCertificates,
                     request,
                     array
                 };
                 this.nstream = (Stream)Activator.CreateInstance(WebConnection.sslStream, args);
                 SslClientStream sslClientStream = (SslClientStream)this.nstream;
                 ServicePointManager.ChainValidationHelper @object = new ServicePointManager.ChainValidationHelper(request);
                 sslClientStream.ServerCertValidation2 += @object.ValidateChain;
                 this.certsAvailable = false;
             }
         }
         else
         {
             this.ssl     = false;
             this.nstream = networkStream;
         }
     }
     catch (Exception)
     {
         if (!request.Aborted)
         {
             this.status = WebExceptionStatus.ConnectFailure;
         }
         return(false);
     }
     return(true);
 }
Пример #4
0
		bool CreateStream (HttpWebRequest request)
		{
			try {
				NetworkStream serverStream = new NetworkStream (socket, false);

				if (request.Address.Scheme == Uri.UriSchemeHttps) {
					ssl = true;
					EnsureSSLStreamAvailable ();
					if (!reused || nstream == null || nstream.GetType () != sslStream) {
						byte [] buffer = null;
						if (sPoint.UseConnect) {
							bool ok = CreateTunnel (request, serverStream, out buffer);
							if (!ok)
								return false;
						}

						object[] args = new object [4] { serverStream,
										request.ClientCertificates,
										request, buffer};
						nstream = (Stream) Activator.CreateInstance (sslStream, args);
#if SECURITY_DEP
						SslClientStream scs = (SslClientStream) nstream;
						var helper = new ServicePointManager.ChainValidationHelper (request);
						scs.ServerCertValidation2 += new CertificateValidationCallback2 (helper.ValidateChain);
#endif
						certsAvailable = false;
					}
					// we also need to set ServicePoint.Certificate 
					// and ServicePoint.ClientCertificate but this can
					// only be done later (after handshake - which is
					// done only after a read operation).
				} else {
					ssl = false;
					nstream = serverStream;
				}
			} catch (Exception) {
				if (!request.Aborted)
					status = WebExceptionStatus.ConnectFailure;
				return false;
			}

			return true;
		}
Пример #5
0
		public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
		{
			if (IsAuthenticated)
				throw new InvalidOperationException ("This SslStream is already authenticated");

			SslClientStream s = new SslClientStream (InnerStream, targetHost, !LeaveInnerStreamOpen, GetMonoSslProtocol (enabledSslProtocols), clientCertificates);
			s.CheckCertRevocationStatus = checkCertificateRevocation;

			// Due to the Mono.Security internal, it cannot reuse
			// the delegated argument, as Mono.Security creates 
			// another instance of X509Certificate which lacks 
			// private key but is filled the private key via this
			// delegate.
			s.PrivateKeyCertSelectionDelegate = delegate (X509Certificate cert, string host) {
				string hash = cert.GetCertHashString ();
				// ... so, we cannot use the delegate argument.
				foreach (X509Certificate cc in clientCertificates) {
					if (cc.GetCertHashString () != hash)
						continue;
					X509Certificate2 cert2 = cc as X509Certificate2;
					cert2 = cert2 ?? new X509Certificate2 (cc);
					return cert2.PrivateKey;
				}
				return null;
			};

#if MONOTOUCH || MONODROID
			// Even if validation_callback is null this allows us to verify requests where the user
			// does not provide a verification callback but attempts to authenticate with the website
			// as a client (see https://bugzilla.xamarin.com/show_bug.cgi?id=18962 for an example)
			var helper = new ServicePointManager.ChainValidationHelper (this, targetHost);
			helper.ServerCertificateValidationCallback = validation_callback;
			s.ServerCertValidation2 += new CertificateValidationCallback2 (helper.ValidateChain);
#else
			if (validation_callback != null) {
				s.ServerCertValidationDelegate = delegate (X509Certificate cert, int [] certErrors) {
					X509Chain chain = new X509Chain ();
					X509Certificate2 x2 = (cert as X509Certificate2);
					if (x2 == null)
						x2 = new X509Certificate2 (cert);

					if (!ServicePointManager.CheckCertificateRevocationList)
						chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;

					// SSL specific checks (done by Mono.Security.dll SSL/TLS implementation) 
					SslPolicyErrors errors = SslPolicyErrors.None;
					foreach (int i in certErrors) {
						switch (i) {
						case -2146762490: // CERT_E_PURPOSE
							errors |= SslPolicyErrors.RemoteCertificateNotAvailable;
							break;
						case -2146762481: // CERT_E_CN_NO_MATCH
							errors |= SslPolicyErrors.RemoteCertificateNameMismatch;
							break;
						default:
							errors |= SslPolicyErrors.RemoteCertificateChainErrors;
							break;
						}
					}

					chain.Build (x2);

					// non-SSL specific X509 checks (i.e. RFC3280 related checks)
					foreach (X509ChainStatus status in chain.ChainStatus) {
						if (status.Status == X509ChainStatusFlags.NoError)
							continue;
						if ((status.Status & X509ChainStatusFlags.PartialChain) != 0)
							errors |= SslPolicyErrors.RemoteCertificateNotAvailable;
						else
							errors |= SslPolicyErrors.RemoteCertificateChainErrors;
					}

					return validation_callback (this, cert, chain, errors);
				};
			}
#endif
			if (selection_callback != null)
				s.ClientCertSelectionDelegate = OnCertificateSelection;

			ssl_stream = s;

			return BeginWrite (new byte [0], 0, 0, asyncCallback, asyncState);
		}