private void ConfigureCertificates() { _certificate = _appleSettings.Certificate; _certificates = new X509CertificateCollection(); if (_appleSettings.AddLocalAndMachineCertificateStores) { var store = new X509Store(StoreLocation.LocalMachine); _certificates.AddRange(store.Certificates); store = new X509Store(StoreLocation.CurrentUser); _certificates.AddRange(store.Certificates); } _certificates.Add(_certificate); if (_appleSettings.AdditionalCertificates != null) { foreach (var additionalCertificate in _appleSettings.AdditionalCertificates) { _certificates.Add(additionalCertificate); } } }
public HttpsClientStream (Stream stream, X509CertificateCollection clientCertificates, HttpWebRequest request, byte [] buffer) : base (stream, request.RequestUri.Host, false, (Mono.Security.Protocol.Tls.SecurityProtocolType) ServicePointManager.SecurityProtocol, clientCertificates) { // this constructor permit access to the WebRequest to call // ICertificatePolicy.CheckValidationResult _request = request; _status = 0; if (buffer != null) InputBuffer.Write (buffer, 0, buffer.Length); #if !NET_1_0 // also saved from reflection base.CheckCertRevocationStatus = ServicePointManager.CheckCertificateRevocationList; #endif #if NET_2_0 ClientCertSelection += delegate (X509CertificateCollection clientCerts, X509Certificate serverCertificate, string targetHost, X509CertificateCollection serverRequestedCertificates) { return ((clientCerts == null) || (clientCerts.Count == 0)) ? null : clientCerts [0]; }; PrivateKeySelection += delegate (X509Certificate certificate, string targetHost) { X509Certificate2 cert = (certificate as X509Certificate2); return (cert == null) ? null : cert.PrivateKey; }; #endif }
internal SecureChannel(string hostname, bool serverMode, SchProtocols protocolFlags, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool remoteCertRequired, bool checkCertName, bool checkCertRevocationStatus, EncryptionPolicy encryptionPolicy, LocalCertSelectionCallback certSelectionDelegate) { if (Logging.On) { Logging.PrintInfo(Logging.Web, this, ".ctor", string.Concat(new object[] { "hostname=", hostname, ", #clientCertificates=", (clientCertificates == null) ? "0" : clientCertificates.Count.ToString(NumberFormatInfo.InvariantInfo), ", encryptionPolicy=", encryptionPolicy })); } SSPIWrapper.GetVerifyPackageInfo(GlobalSSPI.SSPISecureChannel, "Microsoft Unified Security Protocol Provider", true); if (ComNetOS.IsWin9x && (clientCertificates.Count > 0)) { this.m_Destination = hostname + "+" + clientCertificates.GetHashCode(); } else { this.m_Destination = hostname; } this.m_HostName = hostname; this.m_ServerMode = serverMode; if (serverMode) { this.m_ProtocolFlags = protocolFlags & SchProtocols.ServerMask; } else { this.m_ProtocolFlags = protocolFlags & SchProtocols.ClientMask; } this.m_ServerCertificate = serverCertificate; this.m_ClientCertificates = clientCertificates; this.m_RemoteCertRequired = remoteCertRequired; this.m_SecurityContext = null; this.m_CheckCertRevocation = checkCertRevocationStatus; this.m_CheckCertName = checkCertName; this.m_CertSelectionDelegate = certSelectionDelegate; this.m_RefreshCredentialNeeded = true; this.m_EncryptionPolicy = encryptionPolicy; }
internal SecureChannel(string hostname, bool serverMode, SslProtocols sslProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool remoteCertRequired, bool checkCertName, bool checkCertRevocationStatus, EncryptionPolicy encryptionPolicy, LocalCertSelectionCallback certSelectionDelegate) { GlobalLog.Enter("SecureChannel#" + Logging.HashString(this) + "::.ctor", "hostname:" + hostname + " #clientCertificates=" + ((clientCertificates == null) ? "0" : clientCertificates.Count.ToString(NumberFormatInfo.InvariantInfo))); if (Logging.On) { Logging.PrintInfo(Logging.Web, this, ".ctor", "hostname=" + hostname + ", #clientCertificates=" + ((clientCertificates == null) ? "0" : clientCertificates.Count.ToString(NumberFormatInfo.InvariantInfo)) + ", encryptionPolicy=" + encryptionPolicy); } SSPIWrapper.VerifyPackageInfo(GlobalSSPI.SSPISecureChannel); _destination = hostname; GlobalLog.Assert(hostname != null, "SecureChannel#{0}::.ctor()|hostname == null", Logging.HashString(this)); _hostName = hostname; _serverMode = serverMode; _sslProtocols = sslProtocols; _serverCertificate = serverCertificate; _clientCertificates = clientCertificates; _remoteCertRequired = remoteCertRequired; _securityContext = null; _checkCertRevocation = checkCertRevocationStatus; _checkCertName = checkCertName; _certSelectionDelegate = certSelectionDelegate; _refreshCredentialNeeded = true; _encryptionPolicy = encryptionPolicy; GlobalLog.Leave("SecureChannel#" + Logging.HashString(this) + "::.ctor"); }
public LocalCertificationSelectionInfo(string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssures) { this.target = targetHost; this.localCerts = localCertificates; this.remoteCert = remoteCertificate; this.accIssures = acceptableIssures; }
static bool BuildX509Chain(XX509CertificateCollection certs, X509Chain chain, ref SslPolicyErrors errors, ref int status11) { #if MOBILE return(false); #else if (is_macosx) { return(false); } var leaf = (X509Certificate2)certs [0]; bool ok; try { ok = chain.Build(leaf); if (!ok) { errors |= GetErrorsFromChain(chain); } } catch (Exception e) { Console.Error.WriteLine("ERROR building certificate chain: {0}", e); Console.Error.WriteLine("Please, report this problem to the Mono team"); errors |= SslPolicyErrors.RemoteCertificateChainErrors; ok = false; } try { status11 = GetStatusFromChain(chain); } catch { status11 = -2146762485; // TRUST_E_FAIL - generic } return(ok); #endif }
public AsyncWebSocketClientConfiguration() { InitialBufferAllocationCount = 4; ReceiveBufferSize = 8192; SendBufferSize = 8192; ReceiveTimeout = TimeSpan.Zero; SendTimeout = TimeSpan.Zero; NoDelay = true; LingerState = new LingerOption(false, 0); // The socket will linger for x seconds after Socket.Close is called. SslTargetHost = null; SslClientCertificates = new X509CertificateCollection(); SslEncryptionPolicy = EncryptionPolicy.RequireEncryption; SslEnabledProtocols = SslProtocols.Ssl3 | SslProtocols.Tls; SslCheckCertificateRevocation = false; SslPolicyErrorsBypassed = false; ConnectTimeout = TimeSpan.FromSeconds(10); CloseTimeout = TimeSpan.FromSeconds(5); KeepAliveInterval = TimeSpan.FromSeconds(30); KeepAliveTimeout = TimeSpan.FromSeconds(5); ReasonableFragmentSize = 4096; EnabledExtensions = new Dictionary<string, IWebSocketExtensionNegotiator>() { { PerMessageCompressionExtension.RegisteredToken, new PerMessageCompressionExtensionNegotiator() }, }; EnabledSubProtocols = new Dictionary<string, IWebSocketSubProtocolNegotiator>(); OfferedExtensions = new List<WebSocketExtensionOfferDescription>() { new WebSocketExtensionOfferDescription(PerMessageCompressionExtension.RegisteredToken), }; RequestedSubProtocols = new List<WebSocketSubProtocolRequestDescription>(); }
static bool CheckUsage(XX509CertificateCollection certs, string host, ref SslPolicyErrors errors, ref int status11) { #if !MONOTOUCH var leaf = certs[0] as X509Certificate2; if (leaf == null) { leaf = new X509Certificate2(certs[0]); } // for OSX and iOS we're using the native API to check for the SSL server policy and host names if (!is_macosx) { if (!CheckCertificateUsage(leaf)) { errors |= SslPolicyErrors.RemoteCertificateChainErrors; status11 = -2146762490; //CERT_E_PURPOSE 0x800B0106 return(false); } if (!string.IsNullOrEmpty(host) && !CheckServerIdentity(leaf, host)) { errors |= SslPolicyErrors.RemoteCertificateNameMismatch; status11 = -2146762481; // CERT_E_CN_NO_MATCH 0x800B010F return(false); } } #endif return(true); }
public ApplePushChannel(ApplePushChannelSettings channelSettings, PushServiceSettings serviceSettings = null) : base(channelSettings, serviceSettings) { this.appleSettings = channelSettings; certificate = this.appleSettings.Certificate; certificates = new X509CertificateCollection(); if (appleSettings.AddLocalAndMachineCertificateStores) { var store = new X509Store(StoreLocation.LocalMachine); certificates.AddRange(store.Certificates); store = new X509Store(StoreLocation.CurrentUser); certificates.AddRange(store.Certificates); } certificates.Add(certificate); if (this.appleSettings.AdditionalCertificates != null) foreach (var addlCert in this.appleSettings.AdditionalCertificates) certificates.Add(addlCert); //Start our cleanup task taskCleanup = new Task(() => Cleanup(), TaskCreationOptions.LongRunning); taskCleanup.ContinueWith((t) => { var ex = t.Exception; }, TaskContinuationOptions.OnlyOnFaulted); taskCleanup.Start(); }
// // This version of an Ssl Stream is for internal HttpWebrequest use. // This Ssl client owns the underlined socket // The TlsStream will own secured read/write and disposal of the passed "networkStream" stream. // public TlsStream(string destinationHost, NetworkStream networkStream, X509CertificateCollection clientCertificates, ServicePoint servicePoint, object initiatingRequest, ExecutionContext executionContext) :base(networkStream, true) { // WebRequest manages the execution context manually so we have to ensure we get one for SSL client certificate demand _ExecutionContext = executionContext; if (_ExecutionContext == null) { _ExecutionContext = ExecutionContext.Capture(); } // GlobalLog.Enter("TlsStream::TlsStream", "host="+destinationHost+", #certs="+((clientCertificates == null) ? "none" : clientCertificates.Count.ToString(NumberFormatInfo.InvariantInfo))); if (Logging.On) Logging.PrintInfo(Logging.Web, this, ".ctor", "host="+destinationHost+", #certs="+((clientCertificates == null) ? "null" : clientCertificates.Count.ToString(NumberFormatInfo.InvariantInfo))); m_ExceptionStatus = WebExceptionStatus.SecureChannelFailure; m_Worker = new SslState(networkStream, initiatingRequest is HttpWebRequest, SettingsSectionInternal.Section.EncryptionPolicy); m_DestinationHost = destinationHost; m_ClientCertificates = clientCertificates; RemoteCertValidationCallback certValidationCallback = servicePoint.SetupHandshakeDoneProcedure(this, initiatingRequest); m_Worker.SetCertValidationDelegate(certValidationCallback); // The Handshake is NOT done at this point GlobalLog.Leave("TlsStream::TlsStream (Handshake is not done)"); }
public ValidationResult ValidateCertificate(string host, bool serverMode, XX509CertificateCollection certs) { try { X509Certificate leaf; if (certs != null && certs.Count != 0) { leaf = certs [0]; } else { leaf = null; } var result = ValidateChain(host, serverMode, leaf, null, certs, 0); if (tlsStream != null) { tlsStream.CertificateValidationFailed = result == null || !result.Trusted || result.UserDenied; } return(result); } catch { if (tlsStream != null) { tlsStream.CertificateValidationFailed = true; } throw; } }
public GcmXmppConnection (GcmXmppConfiguration configuration) { authCompletion = new TaskCompletionSource<bool> (); notifications = new Dictionary<string,CompletableNotification> (); Configuration = configuration; certificates = new X509CertificateCollection (); // Add local/machine certificate stores to our collection if requested //if (Configuration.AddLocalAndMachineCertificateStores) { var store = new X509Store (StoreLocation.LocalMachine); certificates.AddRange (store.Certificates); store = new X509Store (StoreLocation.CurrentUser); certificates.AddRange (store.Certificates); //} // Add optionally specified additional certs into our collection // if (Configuration.AdditionalCertificates != null) { // foreach (var addlCert in Configuration.AdditionalCertificates) // certificates.Add (addlCert); // } // Finally, add the main private cert for authenticating to our collection // if (certificate != null) // certificates.Add (certificate); }
/// <summary> /// Initializes the dialog box. /// </summary> /// <param name="eventArgs">Event arguments.</param> protected override void OnLoad(EventArgs eventArgs) { // Call the base class to inherit any initialization. base.OnLoad(eventArgs); // Load up the certificates from the personal certificate store. this.x509CertificateCollection = Crypt.GetCertificateStore(myCertificateStoreName); // Parse the friendly name out of the different tags in the certificate name and place them // in the list box. foreach (X509Certificate x509Certificate in this.x509CertificateCollection) { Regex regex = new Regex("CN=(?<friendlyName>[^,]+)"); MatchCollection matches = regex.Matches(x509Certificate.Subject); foreach (Match match in matches) { if (match.Groups["friendlyName"].Value != "Users") { this.listBoxCertificates.Items.Add(match.Groups["friendlyName"].Value); break; } } } }
protected HandshakeSession(SecurityParameters securityParameters, ILogger logger) { this.logger = logger; _pluginManager = new CipherSuitePluginManager(this.logger); _state = HandshakeState.Initial; _minVersion = securityParameters.MinimumVersion; _maxVersion = securityParameters.MaximumVersion; _supportedCipherSuites = securityParameters.CipherSuiteIDs.ToArray(); _supportedCompressions = securityParameters.CompressionIDs.ToArray(); _availableCertificates = new List<X509CertificateCollection>(securityParameters.AvailableCertificates); _availablePrivateKeys = new List<CertificatePrivateKey>(securityParameters.AvailablePrivateKeys); _clientCertificates = new X509CertificateCollection(); _serverCertificates = new X509CertificateCollection(); // Initialize the default ClientHello version, to // be as compatible as possible based on maxVersion _version = _minVersion; _cipherSuite = new CipherSuite(_version); }
static byte[] InternalSslSocketHttp(IPEndPoint endpoint, HttpArgs args, HttpMethod method, X509CertificateCollection certificates) { using (Socket client = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)) { try { client.Connect(endpoint); if (client.Connected) { using (SslStream stream = new SslStream(new NetworkStream(client), false, ValidateServerCertificate, null)) { stream.AuthenticateAsClient("ServerName", certificates, SslProtocols.Tls, false); if (stream.IsAuthenticated) { //生成协议包 byte[] buff = HttpClient.ParseHttpArgs(method, args); stream.Write(buff, 0, buff.Length); stream.Flush(); return ParseSslResponse(endpoint, stream, args, certificates); } } } } catch (Exception ex) { Console.WriteLine(ex.Message); } } return null; }
public ApplePushChannel(ApplePushChannelSettings channelSettings) { cancelToken = cancelTokenSrc.Token; appleSettings = channelSettings; certificate = this.appleSettings.Certificate; certificates = new X509CertificateCollection(); if (appleSettings.AddLocalAndMachineCertificateStores) { var store = new X509Store(StoreLocation.LocalMachine); certificates.AddRange(store.Certificates); store = new X509Store(StoreLocation.CurrentUser); certificates.AddRange(store.Certificates); } certificates.Add(certificate); if (this.appleSettings.AdditionalCertificates != null) foreach (var addlCert in this.appleSettings.AdditionalCertificates) certificates.Add(addlCert); timerCleanup = new Timer(state => Cleanup(), null, TimeSpan.FromMilliseconds(1000), TimeSpan.FromMilliseconds(1000)); }
public async Task<Stream> ConnectAsync(string host, int port, X509Certificate clientCert, CancellationToken cancel) { Stream lowerStream = null; SslStream sslStream = null; X509CertificateCollection certCollection = null;; if (clientCert != null) { certCollection = new X509CertificateCollection(new[] { clientCert }); } try { lowerStream = await _connectionResolver.ConnectAsync(host, port, cancel); sslStream = new SslStream(lowerStream); await sslStream.AuthenticateAsClientAsync(host, certCollection, _protocols, checkCertificateRevocation: true); return sslStream; } catch (Exception) { if (sslStream != null) { sslStream.Dispose(); } if (lowerStream != null) { lowerStream.Dispose(); } throw; } }
/// <summary> /// Build a new SSL steam. /// </summary> /// <param name="channel">Channel which will use the stream</param> /// <param name="socket">Socket to wrap</param> /// <returns>Stream which is ready to be used (must have been validated)</returns> public SslStream Build(ITcpChannel channel, Socket socket) { var ns = new NetworkStream(socket); var stream = new SslStream(ns, true, OnRemoteCertifiateValidation); try { X509CertificateCollection certificates = null; if (Certificate != null) { certificates = new X509CertificateCollection(new[] { Certificate }); } stream.AuthenticateAsClient(CommonName, certificates, Protocols, false); } catch (IOException err) { throw new InvalidOperationException("Failed to authenticate " + socket.RemoteEndPoint, err); } catch (ObjectDisposedException err) { throw new InvalidOperationException("Failed to create stream, did client disconnect directly?", err); } catch (AuthenticationException err) { throw new InvalidOperationException("Failed to authenticate " + socket.RemoteEndPoint, err); } return stream; }
/// <summary> /// Creates a new SSL filter to a server. /// </summary> /// <param name="targetHost">the name of the server that shares this SSL connection</param> /// <param name="clientCertificates">the <see cref="X509CertificateCollection"/> containing client certificates</param> public SslFilter(String targetHost, X509CertificateCollection clientCertificates) { TargetHost = targetHost; ClientCertificates = clientCertificates; UseClientMode = true; CheckCertificateRevocation = false; }
public X509CertificateEnumerator(X509CertificateCollection mappings) { if (mappings == null) throw new ArgumentNullException(nameof(mappings)); _enumerator = ((IEnumerable)mappings).GetEnumerator(); }
internal SecureChannel(string hostname, bool serverMode, SchProtocols protocolFlags, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool remoteCertRequired, bool checkCertName, bool checkCertRevocationStatus, EncryptionPolicy encryptionPolicy, LocalCertSelectionCallback certSelectionDelegate) { GlobalLog.Enter("SecureChannel#" + ValidationHelper.HashString(this) + "::.ctor", "hostname:" + hostname + " #clientCertificates=" + ((clientCertificates == null) ? "0" : clientCertificates.Count.ToString(NumberFormatInfo.InvariantInfo))); if (Logging.On) Logging.PrintInfo(Logging.Web, this, ".ctor", "hostname=" + hostname + ", #clientCertificates=" + ((clientCertificates == null) ? "0" : clientCertificates.Count.ToString(NumberFormatInfo.InvariantInfo)) + ", encryptionPolicy=" + encryptionPolicy); SSPIWrapper.GetVerifyPackageInfo(GlobalSSPI.SSPISecureChannel, SecurityPackage, true); m_Destination = hostname; GlobalLog.Assert(hostname != null, "SecureChannel#{0}::.ctor()|hostname == null", ValidationHelper.HashString(this)); m_HostName = hostname; m_ServerMode = serverMode; if (serverMode) m_ProtocolFlags = (protocolFlags & SchProtocols.ServerMask); else m_ProtocolFlags = (protocolFlags & SchProtocols.ClientMask); m_ServerCertificate = serverCertificate; m_ClientCertificates = clientCertificates; m_RemoteCertRequired = remoteCertRequired; m_SecurityContext = null; m_CheckCertRevocation = checkCertRevocationStatus; m_CheckCertName = checkCertName; m_CertSelectionDelegate = certSelectionDelegate; m_RefreshCredentialNeeded = true; m_EncryptionPolicy = encryptionPolicy; GlobalLog.Leave("SecureChannel#" + ValidationHelper.HashString(this) + "::.ctor"); }
// Establishes SSL connection iff ssl is not null. public TcpConnection(string host, int port, SslOptions ssl) { _log.Info("Connecting to {0}:{1}...", host, port); _client = new TcpClient(host, port); if (ssl == null) { _strm = _client.GetStream(); } else { try { RemoteCertificateValidationCallback cb = (object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors errors) => { if (errors == SslPolicyErrors.None) return true; if (errors != SslPolicyErrors.RemoteCertificateChainErrors) { _log.Error("SSL handshake error: {0}", errors); return ssl.AllowAllErrors; } foreach (X509ChainStatus ch in chain.ChainStatus) { if (ch.Status == X509ChainStatusFlags.NotTimeValid && ssl.AllowExpiredCertificate) { _log.Warn("Ignoring NotTimeValid error in SSL handshake."); continue; } if (ch.Status == X509ChainStatusFlags.PartialChain) { _log.Warn("Ignoring PartialChain error in SSL handshake."); continue; } _log.Error("SSL handshake error: {0} {1}", ch.Status, ch.StatusInformation); return ssl.AllowAllErrors; } return true; }; var sslStrm = new SslStream(_client.GetStream(), leaveInnerStreamOpen: false, userCertificateValidationCallback: cb); var certs = new X509CertificateCollection(); if (ssl.CertificateFilename != null) certs.Add(new X509Certificate(ssl.CertificateFilename, ssl.CertificateFilePassword)); sslStrm.AuthenticateAsClient(ssl.CertificateName ?? host, certs, System.Security.Authentication.SslProtocols.Default, checkCertificateRevocation: false); _strm = sslStrm; } catch { Dispose(); throw; } } var protocols = new Dictionary<string, Mantle.IMessageFactory>() { { Mantle.Fix44.Protocol.Value, new Mantle.Fix44.MessageFactory() } }; _receiver = new Mantle.Receiver(_strm, 1 << 20, protocols); }
static bool BuildX509Chain (XX509CertificateCollection certs, X509Chain chain, ref SslPolicyErrors errors, ref int status11) { #if MOBILE return false; #else if (is_macosx) return false; var leaf = (X509Certificate2)certs [0]; bool ok; try { ok = chain.Build (leaf); if (!ok) errors |= GetErrorsFromChain (chain); } catch (Exception e) { Console.Error.WriteLine ("ERROR building certificate chain: {0}", e); Console.Error.WriteLine ("Please, report this problem to the Mono team"); errors |= SslPolicyErrors.RemoteCertificateChainErrors; ok = false; } try { status11 = GetStatusFromChain (chain); } catch { status11 = -2146762485; // TRUST_E_FAIL - generic } return ok; #endif }
public Http2ConnectionSettings (string host, uint port = 80, bool useTls = false, X509CertificateCollection certificates = null) { Host = host; Port = port; UseTls = useTls; Certificates = certificates; }
public PushNotification(bool useSandbox, string p12File, string p12FilePassword) { if (useSandbox) { _host = SandboxHost; _feedbackHost = SandboxFeedbackHost; } else { _host = ProductionHost; _feedbackHost = ProductionFeedbackHost; } //Load Certificates in to collection. _certificate = string.IsNullOrEmpty(p12FilePassword)? new X509Certificate2(File.ReadAllBytes(p12File)): new X509Certificate2(File.ReadAllBytes(p12File), p12FilePassword); _certificates = new X509CertificateCollection {_certificate}; // Loading Apple error response list. _errorList.Add(0, "No errors encountered"); _errorList.Add(1, "Processing error"); _errorList.Add(2, "Missing device token"); _errorList.Add(3, "Missing topic"); _errorList.Add(4, "Missing payload"); _errorList.Add(5, "Invalid token size"); _errorList.Add(6, "Invalid topic size"); _errorList.Add(7, "Invalid payload size"); _errorList.Add(8, "Invalid token"); _errorList.Add(255, "None (unknown)"); }
public virtual IAsyncResult BeginAuthenticateAsClient(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState) { this._SslState.ValidateCreateContext(false, targetHost, enabledSslProtocols, null, clientCertificates, true, checkCertificateRevocation); LazyAsyncResult lazyResult = new LazyAsyncResult(this._SslState, asyncState, asyncCallback); this._SslState.ProcessAuthentication(lazyResult); return lazyResult; }
public HttpsClientStream(Stream stream, SNCX.X509CertificateCollection clientCertificates, HttpWebRequest request, byte[] buffer) : base(stream, request.Address.Host, false, (SecurityProtocolType) ServicePointManager.SecurityProtocol, clientCertificates) { // this constructor permit access to the WebRequest to call // ICertificatePolicy.CheckValidationResult _request = request; _status = 0; if (buffer != null) { InputBuffer.Write(buffer, 0, buffer.Length); } // also saved from reflection CheckCertRevocationStatus = ServicePointManager.CheckCertificateRevocationList; ClientCertSelection += delegate(SNCX.X509CertificateCollection clientCerts, SNCX.X509Certificate serverCertificate, string targetHost, SNCX.X509CertificateCollection serverRequestedCertificates) { return(clientCerts == null || clientCerts.Count == 0 ? null : clientCerts[0]); }; PrivateKeySelection += delegate(SNCX.X509Certificate certificate, string targetHost) { var cert = certificate as SNCX.X509Certificate2; return(cert == null ? null : cert.PrivateKey); }; }
internal SecureChannel(string hostname, bool serverMode, SslProtocols sslProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool remoteCertRequired, bool checkCertName, bool checkCertRevocationStatus, EncryptionPolicy encryptionPolicy, LocalCertSelectionCallback certSelectionDelegate) { if (NetEventSource.IsEnabled) { NetEventSource.Enter(this, hostname, clientCertificates); NetEventSource.Log.SecureChannelCtor(this, hostname, clientCertificates, encryptionPolicy); } SslStreamPal.VerifyPackageInfo(); _destination = hostname; if (hostname == null) { NetEventSource.Fail(this, "hostname == null"); } _hostName = hostname; _serverMode = serverMode; _sslProtocols = sslProtocols; _serverCertificate = serverCertificate; _clientCertificates = clientCertificates; _remoteCertRequired = remoteCertRequired; _securityContext = null; _checkCertRevocation = checkCertRevocationStatus; _checkCertName = checkCertName; _certSelectionDelegate = certSelectionDelegate; _refreshCredentialNeeded = true; _encryptionPolicy = encryptionPolicy; if (NetEventSource.IsEnabled) NetEventSource.Exit(this); }
public void AddRange(X509CertificateCollection value) { if (value == null) { throw new ArgumentNullException("value"); } for (int i = 0; (i < value.Count); i = (i + 1)) { this.Add(value[i]); } }
public void AddRange (X509CertificateCollection value) { if (value == null) throw new ArgumentNullException ("value"); for (int i = 0; i < value.InnerList.Count; i++) InnerList.Add (value [i]); }
public CanGetSetClientCertificates() { _x509Certificate = new X509Certificate(); _x509CertificateCollection = new X509CertificateCollection(){ _x509Certificate }; Client.ClientCertificates.ShouldBeNull(); Client.ClientCertificates = _x509CertificateCollection; }
protected HttpWebClientProtocol () { allowAutoRedirect = false; clientCertificates = null; cookieContainer = null; proxy = null; // FIXME userAgent = String.Format ("Mono Web Services Client Protocol {0}", Environment.Version); }
/// <summary> /// Constructor /// </summary> /// <param name="hostname">Hostname to connect to.</param> /// <param name="port">Port</param> public SimpleMLLPClient(string hostname, int port) { serverHostname = hostname; cCollection = new X509CertificateCollection(); tcpClient = new TcpClient(hostname, port); clientStream = tcpClient.GetStream(); streamToUse = clientStream; }
public override IMonoTlsContext CreateTlsContext ( string hostname, bool serverMode, TlsProtocols protocolFlags, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool remoteCertRequired, MonoEncryptionPolicy encryptionPolicy, MonoTlsSettings settings) { throw new NotSupportedException (); }
private X509CertificateCollection GetCertCollection() { X509CertificateCollection certCollection = new X509CertificateCollection(); string certLocation = TestContext.GetValue("certLocation"); X509Certificate cert = X509Certificate.CreateFromCertFile(certLocation); certCollection.Add(cert); return certCollection; }
public bool InvokeSystemValidator(string targetHost, bool serverMode, XX509CertificateCollection certificates, XX509Chain xchain, ref MonoSslPolicyErrors xerrors, ref int status11) { X509Chain chain = xchain; var errors = (SslPolicyErrors)xerrors; var result = SystemCertificateValidator.Evaluate(settings, targetHost, certificates, chain, ref errors, ref status11); xerrors = (MonoSslPolicyErrors)errors; return(result); }
internal X509Certificate SelectClientCertificate( string targetHost, XX509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers) { if (certSelectionCallback == null) { return(null); } return(certSelectionCallback(targetHost, localCertificates, remoteCertificate, acceptableIssuers)); }
static bool EvaluateSystem(XX509CertificateCollection certs, XX509CertificateCollection anchors, string host, X509Chain chain, ref SslPolicyErrors errors, ref int status11) { var leaf = certs [0]; bool result; #if MONODROID result = AndroidPlatform.TrustEvaluateSsl(certs); if (result) { // chain.Build() + GetErrorsFromChain() (above) will ALWAYS fail on // Android (there are no mozroots or preinstalled root certificates), // thus `errors` will ALWAYS have RemoteCertificateChainErrors. // Android just verified the chain; clear RemoteCertificateChainErrors. errors &= ~SslPolicyErrors.RemoteCertificateChainErrors; } #else if (is_macosx) { // Attempt to use OSX certificates // Ideally we should return the SecTrustResult OSX509Certificates.SecTrustResult trustResult = OSX509Certificates.SecTrustResult.Deny; try { trustResult = OSX509Certificates.TrustEvaluateSsl(certs, anchors, host); // We could use the other values of trustResult to pass this extra information // to the .NET 2 callback for values like SecTrustResult.Confirm result = (trustResult == OSX509Certificates.SecTrustResult.Proceed || trustResult == OSX509Certificates.SecTrustResult.Unspecified); } catch { result = false; errors |= SslPolicyErrors.RemoteCertificateChainErrors; // Ignore } if (result) { // TrustEvaluateSsl was successful so there's no trust error // IOW we discard our own chain (since we trust OSX one instead) errors = 0; } else { // callback and DefaultCertificatePolicy needs this since 'result' is not specified status11 = (int)trustResult; errors |= SslPolicyErrors.RemoteCertificateChainErrors; } } else { result = BuildX509Chain(certs, chain, ref errors, ref status11); } #endif return(result); }
public static X509Chain CreateX509Chain(XX509CertificateCollection certs) { var chain = new X509Chain(); chain.ChainPolicy = new X509ChainPolicy((X509CertificateCollection)(object)certs); #if !MOBILE chain.ChainPolicy.RevocationMode = revocation_mode; #endif return(chain); }
public bool SelectClientCertificate( string targetHost, XX509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers, out X509Certificate clientCertificate) { if (certSelectionCallback == null) { clientCertificate = null; return(false); } clientCertificate = certSelectionCallback(targetHost, localCertificates, remoteCertificate, acceptableIssuers); return(true); }
/// <summary> /// Initialize the dialog box used to select certificates. /// </summary> public FormSelectCertificate() { // This is needed for the designer. InitializeComponent(); // Place an image of the icon in the dialog (I've found no way to do this from the designer). this.label2.Image = SystemIcons.Exclamation.ToBitmap(); // This collection contains the certificates in the 'My' certificate store. When a selection is made from the // list box, the corresponding certificate in this selection is made available to the caller. this.x509CertificateCollection = new X509CertificateCollection(); }
internal override MSI.IMonoTlsContext CreateTlsContext( string hostname, bool serverMode, MSI.TlsProtocols protocolFlags, SSCX.X509Certificate serverCertificate, PSSCX.X509CertificateCollection clientCertificates, bool remoteCertRequired, MSI.MonoEncryptionPolicy encryptionPolicy, MSI.MonoTlsSettings settings) { var config = TlsProviderFactory.CreateTlsConfiguration( hostname, serverMode, protocolFlags, serverCertificate, remoteCertRequired, settings); return(new TlsContextWrapper(config, serverMode)); }
static X509Certificate DefaultSelectionCallback(string targetHost, XX509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers) { X509Certificate clientCertificate; if (localCertificates == null || localCertificates.Count == 0) { clientCertificate = null; } else { clientCertificate = localCertificates [0]; } return(clientCertificate); }
internal bool ValidateClientCertificate(X509Certificate certificate, MonoSslPolicyErrors errors) { var certs = new XX509CertificateCollection(); certs.Add(new X509Certificate2(certificate.GetRawCertData())); var result = ValidateChain(string.Empty, true, certificate, null, certs, (SslPolicyErrors)errors); if (result == null) { return(false); } return(result.Trusted && !result.UserDenied); }
public static X509Chain CreateX509Chain(XX509CertificateCollection certs) { var chain = new X509Chain(); chain.ChainPolicy = new X509ChainPolicy(); #if !MOBILE chain.ChainPolicy.RevocationMode = revocation_mode; #endif for (int i = 1; i < certs.Count; i++) { chain.ChainPolicy.ExtraStore.Add(certs [i]); } return(chain); }
public SSCX.X509Certificate GetRemoteCertificate(out PSSCX.X509CertificateCollection remoteCertificateStore) { MX.X509CertificateCollection monoCollection; var remoteCert = Context.GetRemoteCertificate(out monoCollection); if (remoteCert == null) { remoteCertificateStore = null; return(null); } remoteCertificateStore = new PSSCX.X509CertificateCollection(); foreach (var cert in monoCollection) { remoteCertificateStore.Add(new PSSCX.X509Certificate2(cert.RawData)); } return(new PSSCX.X509Certificate2(remoteCert.RawData)); }
public static bool Evaluate( MonoTlsSettings settings, string host, XX509CertificateCollection certs, X509Chain chain, ref SslPolicyErrors errors, ref int status11) { if (!CheckUsage(certs, host, ref errors, ref status11)) { return(false); } if (settings != null && settings.SkipSystemValidators) { return(false); } var anchors = settings != null ? settings.TrustAnchors : null; return(EvaluateSystem(certs, anchors, host, chain, ref errors, ref status11)); }
public static MonoNewTlsStream CreateClient( Stream innerStream, bool leaveOpen, MonoTlsProvider provider, MonoTlsSettings settings, string targetHost, PSSCX.X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation) { var stream = new MonoNewTlsStream(innerStream, leaveOpen, provider, settings); try { stream.AuthenticateAsClient(targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation); } catch (Exception ex) { var tlsEx = stream.LastError; if (tlsEx != null) { throw new AggregateException(ex, tlsEx); } throw; } return(stream); }
ValidationResult ValidateChain(string host, bool server, X509Certificate leaf, X509Chain chain, XX509CertificateCollection certs, SslPolicyErrors errors) { var oldChain = chain; var ownsChain = chain == null; try { var result = ValidateChain(host, server, leaf, ref chain, certs, errors); if (chain != oldChain) { ownsChain = true; } return(result); } finally { // If ValidateChain() changed the chain, then we need to free it. if (ownsChain && chain != null) { chain.Dispose(); } } }
public virtual System.Threading.Tasks.Task AuthenticateAsClientAsync(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, bool checkCertificateRevocation) { throw null; }
public virtual void AuthenticateAsClient(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, bool checkCertificateRevocation) { }
public SslClientStream(Stream stream, string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates) : this(stream, targetHost, false, SecurityProtocolType.Default, clientCertificates) { }
public virtual void AuthenticateAsClient(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, bool checkCertificateRevocation) { throw new PlatformNotSupportedException(); }
internal override System.Security.Cryptography.X509Certificates.X509Certificate OnLocalCertificateSelection(System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection serverRequestedCertificates) { throw new NotSupportedException(); }
private void validateCertificates(X509CertificateCollection certificates) { ServerContext context = (ServerContext)this.Context; AlertDescription description = AlertDescription.BadCertificate; SSCX.X509CertificateMono client = null; int[] certificateErrors = null; // note: certificate may be null is no certificate is sent // (e.g. optional mutual authentication) if (certificates.Count > 0) { X509Certificate leaf = certificates[0]; ArrayList errors = new ArrayList(); // SSL specific check - not all certificates can be // used to server-side SSL some rules applies after // all ;-) if (!checkCertificateUsage(leaf)) { // WinError.h CERT_E_PURPOSE 0x800B0106 errors.Add((int)-2146762490); } X509Chain verify; // was a chain supplied ? if so use it, if not if (certificates.Count > 1) { // if so use it (and don't build our own) X509CertificateCollection chain = new X509CertificateCollection(certificates); chain.Remove(leaf); verify = new X509Chain(chain); } else { // if not, then let's build our own (based on what's available in the stores) verify = new X509Chain(); } bool result = false; try { result = verify.Build(leaf); } catch (Exception) { result = false; } if (!result) { switch (verify.Status) { case X509ChainStatusFlags.InvalidBasicConstraints: // WinError.h TRUST_E_BASIC_CONSTRAINTS 0x80096019 errors.Add((int)-2146869223); break; case X509ChainStatusFlags.NotSignatureValid: // WinError.h TRUST_E_BAD_DIGEST 0x80096010 errors.Add((int)-2146869232); break; case X509ChainStatusFlags.NotTimeNested: // WinError.h CERT_E_VALIDITYPERIODNESTING 0x800B0102 errors.Add((int)-2146762494); break; case X509ChainStatusFlags.NotTimeValid: // WinError.h CERT_E_EXPIRED 0x800B0101 description = AlertDescription.CertificateExpired; errors.Add((int)-2146762495); break; case X509ChainStatusFlags.PartialChain: // WinError.h CERT_E_CHAINING 0x800B010A description = AlertDescription.UnknownCA; errors.Add((int)-2146762486); break; case X509ChainStatusFlags.UntrustedRoot: // WinError.h CERT_E_UNTRUSTEDROOT 0x800B0109 description = AlertDescription.UnknownCA; errors.Add((int)-2146762487); break; default: // unknown error description = AlertDescription.CertificateUnknown; errors.Add((int)verify.Status); break; } } client = new SSCX.X509CertificateMono(leaf.RawData); certificateErrors = (int[])errors.ToArray(typeof(int)); } else { certificateErrors = new int[0]; } SSCX.X509CertificateCollection certCollection = new SSCX.X509CertificateCollection(); foreach (X509Certificate certificate in certificates) { certCollection.Add(new SSCX.X509Certificate(certificate.RawData)); } if (!context.SslStream.RaiseClientCertificateValidation(client, certificateErrors)) { throw new TlsException( description, "Invalid certificate received from client."); } this.Context.ClientSettings.ClientCertificate = client; }
public virtual System.Threading.Tasks.Task AuthenticateAsClientAsync(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation) { throw new PlatformNotSupportedException(); }
internal System.Security.Cryptography.X509Certificates.X509Certificate RaiseClientCertificateSelection(System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection serverRequestedCertificates) { return(base.RaiseLocalCertificateSelection(clientCertificates, serverCertificate, targetHost, serverRequestedCertificates)); }
public virtual System.IAsyncResult BeginAuthenticateAsClient(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, bool checkCertificateRevocation, System.AsyncCallback asyncCallback, object asyncState) { throw null; }
public SslClientStream(Stream stream, string targetHost, bool ownsStream, SecurityProtocolType securityProtocolType, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates) : base(stream, ownsStream) { if (targetHost == null || targetHost.Length == 0) { throw new ArgumentNullException("targetHost is null or an empty string."); } this.context = new ClientContext(this, securityProtocolType, targetHost, clientCertificates); this.protocol = new ClientRecordProtocol(this.innerStream, (ClientContext)this.context); }
public virtual System.IAsyncResult BeginAuthenticateAsClient(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation, System.AsyncCallback asyncCallback, object asyncState) { throw new PlatformNotSupportedException(); }