Пример #1
0
 private void ConnectCallback()
 {
     try
     {
         this.ResolveSSLAddress();
         byte[] certBundleBytes;
         if (FileUtil.LoadFromDrive(SslSocket.GetBundleStoragePath(), out certBundleBytes))
         {
             this.m_bundleSettings.bundle = new SslCertBundle(certBundleBytes);
         }
         RemoteCertificateValidationCallback userCertificateValidationCallback = new RemoteCertificateValidationCallback(SslSocket.OnValidateServerCertificate);
         this.m_sslStream = new SslStream(new NetworkStream(this.Socket, true), false, userCertificateValidationCallback);
         SslSocket.SslStreamValidateContext sslStreamValidateContext = new SslSocket.SslStreamValidateContext();
         sslStreamValidateContext.m_sslSocket = this;
         SslSocket.s_streamValidationContexts.Add(this.m_sslStream, sslStreamValidateContext);
         this.m_sslStream.BeginAuthenticateAsClient(this.m_address, new AsyncCallback(this.OnAuthenticateAsClient), null);
     }
     catch (Exception ex)
     {
         SslSocket.s_log.LogError("Exception while trying to authenticate. {0}", new object[]
         {
             ex
         });
         this.ExecuteBeginConnectDelegate(true);
     }
 }
        private static bool VerifySignedHash(RSAParameters key, byte[] hash, byte[] signature)
        {
            byte[] numArray  = new byte[(int)key.Modulus.Length];
            byte[] numArray1 = new byte[(int)key.Exponent.Length];
            byte[] numArray2 = new byte[(int)signature.Length];
            Array.Copy(key.Modulus, numArray, (int)key.Modulus.Length);
            Array.Copy(key.Exponent, numArray1, (int)key.Exponent.Length);
            Array.Copy(signature, numArray2, (int)signature.Length);
            Array.Reverse(numArray);
            Array.Reverse(numArray1);
            Array.Reverse(numArray2);
            BigInteger bigInteger  = new BigInteger(numArray);
            BigInteger bigInteger1 = new BigInteger(numArray1);
            BigInteger bigInteger2 = BigInteger.PowMod(new BigInteger(numArray2), bigInteger1, bigInteger);

            byte[] numArray3   = new byte[(int)key.Modulus.Length];
            byte[] fieldHandle = new byte[] { typeof(< PrivateImplementationDetails >).GetField("$field-2FFAC053D2D8FD53E1733DCE28216805289D3E35").FieldHandle };
            if (!SslSocket.MakePKCS1SignatureBlock(hash, (int)hash.Length, fieldHandle, (int)fieldHandle.Length, numArray3, (int)key.Modulus.Length))
            {
                return(false);
            }
            byte[] numArray4 = new byte[(int)numArray3.Length];
            Array.Copy(numArray3, numArray4, (int)numArray3.Length);
            Array.Reverse(numArray4);
            return((new BigInteger(numArray4)).CompareTo(bigInteger2) == 0);
        }
        private static bool VerifyBundleSignature(byte[] signedBundleData)
        {
            int length = (int)signedBundleData.Length - (SslSocket.s_magicBundleSignaturePreamble.Length + 256);

            if (length <= 0)
            {
                return(false);
            }
            byte[] bytes = Encoding.ASCII.GetBytes(SslSocket.s_magicBundleSignaturePreamble);
            for (int i = 0; i < (int)bytes.Length; i++)
            {
                if (signedBundleData[length + i] != bytes[i])
                {
                    return(false);
                }
            }
            SHA256 sHA256 = SHA256.Create();

            sHA256.Initialize();
            sHA256.TransformBlock(signedBundleData, 0, length, null, 0);
            byte[] numArray = Encoding.ASCII.GetBytes("Blizzard Certificate Bundle");
            sHA256.TransformBlock(numArray, 0, (int)numArray.Length, null, 0);
            sHA256.TransformFinalBlock(new byte[1], 0, 0);
            byte[] hash      = sHA256.Hash;
            byte[] numArray1 = new byte[256];
            Array.Copy(signedBundleData, length + SslSocket.s_magicBundleSignaturePreamble.Length, numArray1, 0, 256);
            List <RSAParameters> rSAParameters = new List <RSAParameters>();
            RSAParameters        rSAParameter  = new RSAParameters()
            {
                Modulus  = SslSocket.s_standardPublicModulus,
                Exponent = SslSocket.s_standardPublicExponent
            };

            rSAParameters.Add(rSAParameter);
            RSAParameters rSAParameter1 = new RSAParameters()
            {
                Modulus  = SslSocket.s_debugPublicModulus,
                Exponent = SslSocket.s_debugPublicExponent
            };

            rSAParameters.Add(rSAParameter1);
            bool flag = false;
            int  num  = 0;

            while (num < rSAParameters.Count)
            {
                if (!SslSocket.VerifySignedHash(rSAParameters[num], hash, numArray1))
                {
                    num++;
                }
                else
                {
                    flag = true;
                    break;
                }
            }
            return(flag);
        }
Пример #4
0
 public void Disconnect()
 {
     if (this.m_sslSocket != null)
     {
         this.m_sslSocket.Close();
         this.m_sslSocket = null;
     }
     this.m_connectionState = SslClientConnection.ConnectionState.Disconnected;
 }
Пример #5
0
        private static bool VerifyBundleSignature(byte[] signedBundleData)
        {
            int num = signedBundleData.Length - (SslSocket.s_magicBundleSignaturePreamble.Length + 256);

            if (num <= 0)
            {
                return(false);
            }
            byte[] bytes = Encoding.ASCII.GetBytes(SslSocket.s_magicBundleSignaturePreamble);
            for (int i = 0; i < bytes.Length; i++)
            {
                if (signedBundleData[num + i] != bytes[i])
                {
                    return(false);
                }
            }
            SHA256 sha = SHA256.Create();

            sha.Initialize();
            sha.TransformBlock(signedBundleData, 0, num, null, 0);
            string s = "Blizzard Certificate Bundle";

            byte[] bytes2 = Encoding.ASCII.GetBytes(s);
            sha.TransformBlock(bytes2, 0, bytes2.Length, null, 0);
            sha.TransformFinalBlock(new byte[1], 0, 0);
            byte[] hash  = sha.Hash;
            byte[] array = new byte[256];
            Array.Copy(signedBundleData, num + SslSocket.s_magicBundleSignaturePreamble.Length, array, 0, 256);
            List <RSAParameters> list = new List <RSAParameters>();

            list.Add(new RSAParameters
            {
                Modulus  = SslSocket.s_standardPublicModulus,
                Exponent = SslSocket.s_standardPublicExponent
            });
            list.Add(new RSAParameters
            {
                Modulus  = SslSocket.s_debugPublicModulus,
                Exponent = SslSocket.s_debugPublicExponent
            });
            bool result = false;

            for (int j = 0; j < list.Count; j++)
            {
                RSAParameters key = list[j];
                if (SslSocket.VerifySignedHash(key, hash, array))
                {
                    result = true;
                    break;
                }
            }
            return(result);
        }
Пример #6
0
        private static bool GetBundleInfo(byte[] unsignedBundleBytes, out SslSocket.BundleInfo info)
        {
            info.bundleKeyHashs = new List <byte[]>();
            info.bundleUris     = new List <string>();
            info.bundleCerts    = new List <X509Certificate2>();
            string text    = null;
            string @string = Encoding.ASCII.GetString(unsignedBundleBytes);

            try
            {
                JsonNode jsonNode = Json.Deserialize(@string) as JsonNode;
                JsonList jsonList = jsonNode["PublicKeys"] as JsonList;
                foreach (object obj in jsonList)
                {
                    JsonNode jsonNode2 = (JsonNode)obj;
                    string   item      = (string)jsonNode2["Uri"];
                    string   hex       = (string)jsonNode2["ShaHashPublicKeyInfo"];
                    byte[]   item2     = null;
                    SslSocket.HexStrToBytesError hexStrToBytesError = SslSocket.HexStrToBytes(hex, out item2);
                    if (hexStrToBytesError != SslSocket.HexStrToBytesError.OK)
                    {
                        text = EnumUtils.GetString <SslSocket.HexStrToBytesError>(hexStrToBytesError);
                        break;
                    }
                    info.bundleKeyHashs.Add(item2);
                    info.bundleUris.Add(item);
                }
                JsonList jsonList2 = jsonNode["SigningCertificates"] as JsonList;
                foreach (object obj2 in jsonList2)
                {
                    JsonNode         jsonNode3 = (JsonNode)obj2;
                    string           s         = (string)jsonNode3["RawData"];
                    byte[]           bytes     = Encoding.ASCII.GetBytes(s);
                    X509Certificate2 item3     = new X509Certificate2(bytes);
                    info.bundleCerts.Add(item3);
                }
            }
            catch (Exception ex)
            {
                text = ex.ToString();
            }
            if (text != null)
            {
                SslSocket.s_log.LogWarning("Exception while trying to parse certificate bundle. {0}", new object[]
                {
                    text
                });
                return(false);
            }
            return(true);
        }
Пример #7
0
        private static bool VerifySignedHash(RSAParameters key, byte[] hash, byte[] signature)
        {
            byte[] array  = new byte[key.Modulus.Length];
            byte[] array2 = new byte[key.Exponent.Length];
            byte[] array3 = new byte[signature.Length];
            Array.Copy(key.Modulus, array, key.Modulus.Length);
            Array.Copy(key.Exponent, array2, key.Exponent.Length);
            Array.Copy(signature, array3, signature.Length);
            Array.Reverse(array);
            Array.Reverse(array2);
            Array.Reverse(array3);
            BigInteger mod   = new BigInteger(array);
            BigInteger exp   = new BigInteger(array2);
            BigInteger b     = new BigInteger(array3);
            BigInteger value = BigInteger.PowMod(b, exp, mod);

            byte[] array4 = new byte[key.Modulus.Length];
            byte[] array5 = new byte[]
            {
                48,
                49,
                48,
                13,
                6,
                9,
                96,
                134,
                72,
                1,
                101,
                3,
                4,
                2,
                1,
                5,
                0,
                4,
                32
            };
            if (!SslSocket.MakePKCS1SignatureBlock(hash, hash.Length, array5, array5.Length, array4, key.Modulus.Length))
            {
                return(false);
            }
            byte[] array6 = new byte[array4.Length];
            Array.Copy(array4, array6, array4.Length);
            Array.Reverse(array6);
            BigInteger bigInteger = new BigInteger(array6);

            return(bigInteger.CompareTo(value) == 0);
        }
        private static bool GetBundleInfo(byte[] unsignedBundleBytes, out SslSocket.BundleInfo info)
        {
            info = new SslSocket.BundleInfo();
            info.bundleKeyHashs = new List <byte[]>();
            info.bundleUris     = new List <string>();
            info.bundleCerts    = new List <X509Certificate2>();
            string str  = null;
            string str1 = Encoding.ASCII.GetString(unsignedBundleBytes);

            try
            {
                JsonNode jsonNode = Json.Deserialize(str1) as JsonNode;
                foreach (JsonNode item in jsonNode["PublicKeys"] as JsonList)
                {
                    string item1    = (string)item["Uri"];
                    string item2    = (string)item["ShaHashPublicKeyInfo"];
                    byte[] numArray = null;
                    SslSocket.HexStrToBytesError bytes = SslSocket.HexStrToBytes(item2, out numArray);
                    if (bytes == SslSocket.HexStrToBytesError.OK)
                    {
                        info.bundleKeyHashs.Add(numArray);
                        info.bundleUris.Add(item1);
                    }
                    else
                    {
                        str = EnumUtils.GetString <SslSocket.HexStrToBytesError>(bytes);
                        break;
                    }
                }
                foreach (JsonNode jsonNode1 in jsonNode["SigningCertificates"] as JsonList)
                {
                    string           str2             = (string)jsonNode1["RawData"];
                    X509Certificate2 x509Certificate2 = new X509Certificate2(Encoding.ASCII.GetBytes(str2));
                    info.bundleCerts.Add(x509Certificate2);
                }
            }
            catch (Exception exception)
            {
                str = exception.ToString();
            }
            if (str == null)
            {
                return(true);
            }
            SslSocket.s_log.LogWarning("Exception while trying to parse certificate bundle. {0}", new object[] { str });
            return(false);
        }
Пример #9
0
 public void Connect(string host, int port)
 {
     this.m_hostAddress = host;
     this.m_hostPort    = port;
     this.Disconnect();
     this.m_sslSocket       = new SslSocket();
     this.m_connectionState = SslClientConnection.ConnectionState.Connecting;
     try
     {
         this.m_sslSocket.BeginConnect(host, port, this.m_bundleSettings, new SslSocket.BeginConnectDelegate(this.ConnectCallback));
     }
     catch (Exception ex)
     {
         string text = this.m_hostAddress + ":" + this.m_hostPort;
         LogAdapter.Log(LogLevel.Warning, "Could not connect to " + text + " -- " + ex.get_Message());
         this.m_connectionState = SslClientConnection.ConnectionState.ConnectionFailed;
         this.TriggerOnConnectHandler(BattleNetErrors.ERROR_RPC_PEER_UNKNOWN);
     }
     this.m_bundleSettings = null;
 }
Пример #10
0
 public void Connect(string host, int port)
 {
     this.m_hostAddress = host;
     this.m_hostPort    = port;
     this.Disconnect();
     this.m_sslSocket       = new SslSocket();
     this.m_connectionState = SslClientConnection.ConnectionState.Connecting;
     try
     {
         this.m_sslSocket.BeginConnect(host, port, this.m_bundleSettings, new SslSocket.BeginConnectDelegate(this.ConnectCallback));
     }
     catch (Exception exception1)
     {
         Exception exception = exception1;
         string    str       = string.Concat(this.m_hostAddress, ":", this.m_hostPort);
         LogAdapter.Log(LogLevel.Warning, string.Concat("Could not connect to ", str, " -- ", exception.Message));
         this.m_connectionState = SslClientConnection.ConnectionState.ConnectionFailed;
         this.TriggerOnConnectHandler(BattleNetErrors.ERROR_RPC_PEER_UNKNOWN);
     }
     this.m_bundleSettings = null;
 }
 private static bool OnValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
 {
     SslSocket.CertValidationResult certValidationResult = SslSocket.IsServerCertificateValid(sender, certificate, chain, sslPolicyErrors);
     if (certValidationResult == SslSocket.CertValidationResult.FAILED_CERT_BUNDLE)
     {
         SslStream sslStream  = (SslStream)sender;
         SslSocket mSslSocket = SslSocket.s_streamValidationContexts[sslStream].m_sslSocket;
         foreach (SslCertBundle sslCertBundle in SslSocket.DownloadCertBundles(mSslSocket.m_bundleSettings.bundleDownloadConfig))
         {
             mSslSocket.m_bundleSettings.bundle = sslCertBundle;
             certValidationResult = SslSocket.IsServerCertificateValid(sender, certificate, chain, sslPolicyErrors);
             if (certValidationResult != SslSocket.CertValidationResult.OK)
             {
                 continue;
             }
             FileUtil.StoreToDrive(sslCertBundle.CertBundleBytes, SslSocket.GetBundleStoragePath(), true, true);
             break;
         }
     }
     return(certValidationResult == SslSocket.CertValidationResult.OK);
 }
Пример #12
0
 private static bool OnValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
 {
     SslSocket.CertValidationResult certValidationResult = SslSocket.IsServerCertificateValid(sender, certificate, chain, sslPolicyErrors);
     if (certValidationResult == SslSocket.CertValidationResult.FAILED_CERT_BUNDLE)
     {
         SslStream key = (SslStream)sender;
         SslSocket.SslStreamValidateContext sslStreamValidateContext = SslSocket.s_streamValidationContexts[key];
         SslSocket            sslSocket            = sslStreamValidateContext.m_sslSocket;
         UrlDownloaderConfig  bundleDownloadConfig = sslSocket.m_bundleSettings.bundleDownloadConfig;
         List <SslCertBundle> list = SslSocket.DownloadCertBundles(bundleDownloadConfig);
         foreach (SslCertBundle sslCertBundle in list)
         {
             sslSocket.m_bundleSettings.bundle = sslCertBundle;
             certValidationResult = SslSocket.IsServerCertificateValid(sender, certificate, chain, sslPolicyErrors);
             if (certValidationResult == SslSocket.CertValidationResult.OK)
             {
                 FileUtil.StoreToDrive(sslCertBundle.CertBundleBytes, SslSocket.GetBundleStoragePath(), true, true);
                 break;
             }
         }
     }
     return(certValidationResult == SslSocket.CertValidationResult.OK);
 }
Пример #13
0
        public void Update()
        {
            SslSocket.Process();
            object connectionEvents = this.m_connectionEvents;

            lock (connectionEvents)
            {
                foreach (SslClientConnection.ConnectionEvent connectionEvent in this.m_connectionEvents)
                {
                    SslClientConnection.ConnectionEventTypes type = connectionEvent.Type;
                    if (type != SslClientConnection.ConnectionEventTypes.OnConnected)
                    {
                        if (type != SslClientConnection.ConnectionEventTypes.OnDisconnected)
                        {
                            if (type == SslClientConnection.ConnectionEventTypes.OnPacketCompleted)
                            {
                                for (int i = 0; i < this.m_listeners.Count; i++)
                                {
                                    IClientConnectionListener <BattleNetPacket> clientConnectionListener = this.m_listeners[i];
                                    object state = this.m_listenerStates[i];
                                    clientConnectionListener.PacketReceived(connectionEvent.Packet, state);
                                }
                            }
                        }
                        else
                        {
                            if (connectionEvent.Error != BattleNetErrors.ERROR_OK)
                            {
                                this.Disconnect();
                            }
                            foreach (DisconnectHandler disconnectHandler in this.m_disconnectHandlers.ToArray())
                            {
                                disconnectHandler(connectionEvent.Error);
                            }
                        }
                    }
                    else
                    {
                        if (connectionEvent.Error != BattleNetErrors.ERROR_OK)
                        {
                            this.Disconnect();
                            this.m_connectionState = SslClientConnection.ConnectionState.ConnectionFailed;
                        }
                        else
                        {
                            this.m_connectionState = SslClientConnection.ConnectionState.Connected;
                        }
                        foreach (ConnectHandler connectHandler in this.m_connectHandlers.ToArray())
                        {
                            connectHandler(connectionEvent.Error);
                        }
                    }
                }
                this.m_connectionEvents.Clear();
            }
            if (this.m_sslSocket == null || this.m_connectionState != SslClientConnection.ConnectionState.Connected)
            {
                return;
            }
            while (this.m_outQueue.Count > 0)
            {
                if (this.OnlyOneSend && !this.m_sslSocket.m_canSend)
                {
                    return;
                }
                BattleNetPacket packet = this.m_outQueue.Dequeue();
                this.SendPacket(packet);
            }
        }
Пример #14
0
        public void Update()
        {
            SslSocket.Process();
            List <SslClientConnection.ConnectionEvent> connectionEvents = this.m_connectionEvents;

            lock (connectionEvents)
            {
                using (List <SslClientConnection.ConnectionEvent> .Enumerator enumerator = this.m_connectionEvents.GetEnumerator())
                {
                    while (enumerator.MoveNext())
                    {
                        SslClientConnection.ConnectionEvent current = enumerator.get_Current();
                        switch (current.Type)
                        {
                        case SslClientConnection.ConnectionEventTypes.OnConnected:
                        {
                            if (current.Error != BattleNetErrors.ERROR_OK)
                            {
                                this.Disconnect();
                                this.m_connectionState = SslClientConnection.ConnectionState.ConnectionFailed;
                            }
                            else
                            {
                                this.m_connectionState = SslClientConnection.ConnectionState.Connected;
                            }
                            ConnectHandler[] array = this.m_connectHandlers.ToArray();
                            for (int i = 0; i < array.Length; i++)
                            {
                                ConnectHandler connectHandler = array[i];
                                connectHandler(current.Error);
                            }
                            break;
                        }

                        case SslClientConnection.ConnectionEventTypes.OnDisconnected:
                        {
                            if (current.Error != BattleNetErrors.ERROR_OK)
                            {
                                this.Disconnect();
                            }
                            DisconnectHandler[] array2 = this.m_disconnectHandlers.ToArray();
                            for (int j = 0; j < array2.Length; j++)
                            {
                                DisconnectHandler disconnectHandler = array2[j];
                                disconnectHandler(current.Error);
                            }
                            break;
                        }

                        case SslClientConnection.ConnectionEventTypes.OnPacketCompleted:
                            for (int k = 0; k < this.m_listeners.get_Count(); k++)
                            {
                                IClientConnectionListener <BattleNetPacket> clientConnectionListener = this.m_listeners.get_Item(k);
                                object state = this.m_listenerStates.get_Item(k);
                                clientConnectionListener.PacketReceived(current.Packet, state);
                            }
                            break;
                        }
                    }
                }
                this.m_connectionEvents.Clear();
            }
            if (this.m_sslSocket == null || this.m_connectionState != SslClientConnection.ConnectionState.Connected)
            {
                return;
            }
            while (this.m_outQueue.get_Count() > 0)
            {
                if (this.OnlyOneSend && !this.m_sslSocket.m_canSend)
                {
                    return;
                }
                BattleNetPacket packet = this.m_outQueue.Dequeue();
                this.SendPacket(packet);
            }
        }
        private static SslSocket.CertValidationResult IsServerCertificateValid(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
        {
            SslSocket.CertValidationResult certValidationResult;
            string                str;
            SslStream             sslStream       = (SslStream)sender;
            SslSocket             mSslSocket      = SslSocket.s_streamValidationContexts[sslStream].m_sslSocket;
            SslCertBundleSettings mBundleSettings = mSslSocket.m_bundleSettings;

            if (mBundleSettings.bundle == null || !mBundleSettings.bundle.IsUsingCertBundle)
            {
                return(SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
            }
            List <string> commonNamesFromCertSubject = SslSocket.GetCommonNamesFromCertSubject(certificate.Subject);

            SslSocket.BundleInfo bundleInfo = new SslSocket.BundleInfo();
            byte[] certBundleBytes          = mBundleSettings.bundle.CertBundleBytes;
            if (mBundleSettings.bundle.isCertBundleSigned)
            {
                if (!SslSocket.VerifyBundleSignature(mBundleSettings.bundle.CertBundleBytes))
                {
                    return(SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
                }
                certBundleBytes = SslSocket.GetUnsignedBundleBytes(mBundleSettings.bundle.CertBundleBytes);
            }
            if (!SslSocket.GetBundleInfo(certBundleBytes, out bundleInfo))
            {
                return(SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
            }
            bool flag = false;

            byte[] publicKey = certificate.GetPublicKey();
            foreach (string str1 in commonNamesFromCertSubject)
            {
                if (!SslSocket.IsWhitelistedInCertBundle(bundleInfo, str1, publicKey))
                {
                    continue;
                }
                flag = true;
                break;
            }
            if (!flag)
            {
                return(SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
            }
            bool flag1 = SslSocket.IsCertSignedByBlizzard(certificate);
            bool runtimeEnvironment = BattleNet.Client().GetRuntimeEnvironment() == constants.RuntimeEnvironment.Mono;
            bool flag2 = (flag1 || !runtimeEnvironment ? false : chain.ChainElements.Count == 1);

            try
            {
                if (sslPolicyErrors != SslPolicyErrors.None)
                {
                    SslPolicyErrors sslPolicyError = (flag1 || flag2 ? SslPolicyErrors.RemoteCertificateNotAvailable | SslPolicyErrors.RemoteCertificateChainErrors : SslPolicyErrors.None);
                    if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) != SslPolicyErrors.None && mSslSocket.m_connection.MatchSslCertName(commonNamesFromCertSubject))
                    {
                        sslPolicyError |= SslPolicyErrors.RemoteCertificateNameMismatch;
                    }
                    if ((sslPolicyErrors & ~sslPolicyError) != SslPolicyErrors.None)
                    {
                        SslSocket.s_log.LogWarning("Failed policy check. sslPolicyErrors: {0}, expectedPolicyErrors: {1}", new object[] { sslPolicyErrors, sslPolicyError });
                        certValidationResult = SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE;
                        return(certValidationResult);
                    }
                }
                if (chain.ChainElements != null)
                {
                    X509ChainElementEnumerator enumerator = chain.ChainElements.GetEnumerator();
                    while (enumerator.MoveNext())
                    {
                        X509ChainElement current = enumerator.Current;
                        SslSocket.s_log.LogDebug("Certificate Thumbprint: {0}", new object[] { current.Certificate.Thumbprint });
                        X509ChainStatus[] chainElementStatus = current.ChainElementStatus;
                        for (int i = 0; i < (int)chainElementStatus.Length; i++)
                        {
                            X509ChainStatus x509ChainStatu = chainElementStatus[i];
                            SslSocket.s_log.LogDebug("  Certificate Status: {0}", new object[] { x509ChainStatu.Status });
                        }
                    }
                    bool flag3 = false;
                    if (flag1)
                    {
                        if (chain.ChainElements.Count == 1)
                        {
                            chain.ChainPolicy.ExtraStore.Add(SslSocket.s_rootCertificate);
                            chain.Build(new X509Certificate2(certificate));
                            flag3 = true;
                        }
                    }
                    else if (flag2 && bundleInfo.bundleCerts != null)
                    {
                        foreach (X509Certificate2 bundleCert in bundleInfo.bundleCerts)
                        {
                            chain.ChainPolicy.ExtraStore.Add(bundleCert);
                        }
                        chain.Build(new X509Certificate2(certificate));
                        flag3 = true;
                    }
                    int num = 0;
                    while (num < chain.ChainElements.Count)
                    {
                        if (chain.ChainElements[num] != null)
                        {
                            num++;
                        }
                        else
                        {
                            SslSocket.s_log.LogWarning(string.Concat("ChainElements[", num, "] is null"));
                            certValidationResult = (!flag3 ? SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE : SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
                            return(certValidationResult);
                        }
                    }
                    if (flag1)
                    {
                        str = (BattleNet.Client().GetMobileEnvironment() != constants.MobileEnv.PRODUCTION ? "C0805E3CF51F1A56CE9E6E35CB4F4901B68128B7" : "673D9D1072B625CAD95CB47BF0F0F512233E39FD");
                        if (chain.ChainElements[1].Certificate.Thumbprint != str)
                        {
                            SslSocket.s_log.LogWarning("Root certificate thumb print check failure");
                            SslSocket.s_log.LogWarning("  expected: {0}", new object[] { str });
                            SslSocket.s_log.LogWarning("  received: {0}", new object[] { chain.ChainElements[1].Certificate.Thumbprint });
                            certValidationResult = (!flag3 ? SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE : SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
                            return(certValidationResult);
                        }
                    }
                    int num1 = 0;
                    while (num1 < chain.ChainElements.Count)
                    {
                        if (DateTime.Now <= chain.ChainElements[num1].Certificate.NotAfter)
                        {
                            num1++;
                        }
                        else
                        {
                            SslSocket.s_log.LogWarning(string.Concat("ChainElements[", num1, "] certificate is expired."));
                            certValidationResult = (!flag3 ? SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE : SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
                            return(certValidationResult);
                        }
                    }
                    X509ChainElementEnumerator x509ChainElementEnumerator = chain.ChainElements.GetEnumerator();
                    while (x509ChainElementEnumerator.MoveNext())
                    {
                        X509ChainStatus[] x509ChainStatusArray = x509ChainElementEnumerator.Current.ChainElementStatus;
                        int num2 = 0;
                        while (num2 < (int)x509ChainStatusArray.Length)
                        {
                            X509ChainStatus x509ChainStatu1 = x509ChainStatusArray[num2];
                            if ((flag1 || flag3) && x509ChainStatu1.Status == X509ChainStatusFlags.UntrustedRoot)
                            {
                                num2++;
                            }
                            else
                            {
                                SslSocket.s_log.LogWarning("Found unexpected chain error={0}.", new object[] { x509ChainStatu1.Status });
                                certValidationResult = (!flag3 ? SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE : SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
                                return(certValidationResult);
                            }
                        }
                    }
                    X509Certificate2 x509Certificate2 = new X509Certificate2(chain.ChainElements[0].Certificate);
                    SslSocket.s_log.LogDebug("Received valid certificate from FRONT >");
                    SslSocket.s_log.LogDebug("  Subject: {0}", new object[] { x509Certificate2.Subject });
                    SslSocket.s_log.LogDebug("  Issuer: {0}", new object[] { x509Certificate2.Issuer });
                    SslSocket.s_log.LogDebug("  Version: {0}", new object[] { x509Certificate2.Version });
                    SslSocket.s_log.LogDebug("  Valid Date: {0}", new object[] { x509Certificate2.NotBefore });
                    SslSocket.s_log.LogDebug("  Expiry Date: {0}", new object[] { x509Certificate2.NotAfter });
                    SslSocket.s_log.LogDebug("  Thumbprint: {0}", new object[] { x509Certificate2.Thumbprint });
                    SslSocket.s_log.LogDebug("  Serial Number: {0}", new object[] { x509Certificate2.SerialNumber });
                    SslSocket.s_log.LogDebug("  Friendly Name: {0}", new object[] { x509Certificate2.FriendlyName });
                    SslSocket.s_log.LogDebug("  Public Key Format: {0}", new object[] { x509Certificate2.PublicKey.EncodedKeyValue.Format(true) });
                    SslSocket.s_log.LogDebug("  Raw Data Length: {0}", new object[] { (int)x509Certificate2.RawData.Length });
                    SslSocket.s_log.LogDebug("  CN: {0}", new object[] { x509Certificate2.GetNameInfo(X509NameType.DnsName, false) });
                    return(SslSocket.CertValidationResult.OK);
                }
                else
                {
                    SslSocket.s_log.LogWarning("ChainElements is null");
                    certValidationResult = SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE;
                }
            }
            catch (Exception exception)
            {
                SslSocket.s_log.LogWarning("Exception while trying to validate certificate. {0}", new object[] { exception });
                certValidationResult = SslSocket.CertValidationResult.FAILED_CERT_BUNDLE;
            }
            return(certValidationResult);
        }
Пример #16
0
        public void Update()
        {
            SslSocket.Process();
            object mConnectionEvents = this.m_connectionEvents;

            Monitor.Enter(mConnectionEvents);
            try
            {
                foreach (SslClientConnection.ConnectionEvent mConnectionEvent in this.m_connectionEvents)
                {
                    SslClientConnection.ConnectionEventTypes type = mConnectionEvent.Type;
                    if (type == SslClientConnection.ConnectionEventTypes.OnConnected)
                    {
                        if (mConnectionEvent.Error == BattleNetErrors.ERROR_OK)
                        {
                            this.m_connectionState = SslClientConnection.ConnectionState.Connected;
                        }
                        else
                        {
                            this.Disconnect();
                            this.m_connectionState = SslClientConnection.ConnectionState.ConnectionFailed;
                        }
                        ConnectHandler[] array = this.m_connectHandlers.ToArray();
                        for (int i = 0; i < (int)array.Length; i++)
                        {
                            array[i](mConnectionEvent.Error);
                        }
                    }
                    else if (type == SslClientConnection.ConnectionEventTypes.OnDisconnected)
                    {
                        if (mConnectionEvent.Error != BattleNetErrors.ERROR_OK)
                        {
                            this.Disconnect();
                        }
                        DisconnectHandler[] disconnectHandlerArray = this.m_disconnectHandlers.ToArray();
                        for (int j = 0; j < (int)disconnectHandlerArray.Length; j++)
                        {
                            disconnectHandlerArray[j](mConnectionEvent.Error);
                        }
                    }
                    else if (type == SslClientConnection.ConnectionEventTypes.OnPacketCompleted)
                    {
                        for (int k = 0; k < this.m_listeners.Count; k++)
                        {
                            IClientConnectionListener <BattleNetPacket> item = this.m_listeners[k];
                            object obj = this.m_listenerStates[k];
                            item.PacketReceived(mConnectionEvent.Packet, obj);
                        }
                    }
                }
                this.m_connectionEvents.Clear();
            }
            finally
            {
                Monitor.Exit(mConnectionEvents);
            }
            if (this.m_sslSocket == null || this.m_connectionState != SslClientConnection.ConnectionState.Connected)
            {
                return;
            }
            while (this.m_outQueue.Count > 0)
            {
                if (this.OnlyOneSend && !this.m_sslSocket.m_canSend)
                {
                    return;
                }
                this.SendPacket(this.m_outQueue.Dequeue());
            }
        }
Пример #17
0
        private static SslSocket.CertValidationResult IsServerCertificateValid(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
        {
            SslStream key = (SslStream)sender;

            SslSocket.SslStreamValidateContext sslStreamValidateContext = SslSocket.s_streamValidationContexts[key];
            SslSocket             sslSocket      = sslStreamValidateContext.m_sslSocket;
            SslCertBundleSettings bundleSettings = sslSocket.m_bundleSettings;

            if (bundleSettings.bundle == null || !bundleSettings.bundle.IsUsingCertBundle)
            {
                return(SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
            }
            List <string> commonNamesFromCertSubject = SslSocket.GetCommonNamesFromCertSubject(certificate.Subject);

            SslSocket.BundleInfo bundleInfo = default(SslSocket.BundleInfo);
            byte[] unsignedBundleBytes      = bundleSettings.bundle.CertBundleBytes;
            if (bundleSettings.bundle.isCertBundleSigned)
            {
                if (!SslSocket.VerifyBundleSignature(bundleSettings.bundle.CertBundleBytes))
                {
                    return(SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
                }
                unsignedBundleBytes = SslSocket.GetUnsignedBundleBytes(bundleSettings.bundle.CertBundleBytes);
            }
            if (!SslSocket.GetBundleInfo(unsignedBundleBytes, out bundleInfo))
            {
                return(SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
            }
            bool flag = false;

            byte[] publicKey = certificate.GetPublicKey();
            foreach (string uri in commonNamesFromCertSubject)
            {
                if (SslSocket.IsWhitelistedInCertBundle(bundleInfo, uri, publicKey))
                {
                    flag = true;
                    break;
                }
            }
            if (!flag)
            {
                return(SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
            }
            bool flag2 = SslSocket.IsCertSignedByBlizzard(certificate);
            bool flag3 = BattleNet.Client().GetRuntimeEnvironment() == constants.RuntimeEnvironment.Mono;
            bool flag4 = !flag2 && flag3 && chain.ChainElements.Count == 1;

            try
            {
                if (sslPolicyErrors != SslPolicyErrors.None)
                {
                    SslPolicyErrors sslPolicyErrors2 = (!flag2 && !flag4) ? SslPolicyErrors.None : (SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNotAvailable);
                    if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) != SslPolicyErrors.None && sslSocket.m_connection.MatchSslCertName(commonNamesFromCertSubject))
                    {
                        sslPolicyErrors2 |= SslPolicyErrors.RemoteCertificateNameMismatch;
                    }
                    if ((sslPolicyErrors & ~(sslPolicyErrors2 != SslPolicyErrors.None)) != SslPolicyErrors.None)
                    {
                        SslSocket.s_log.LogWarning("Failed policy check. sslPolicyErrors: {0}, expectedPolicyErrors: {1}", new object[]
                        {
                            sslPolicyErrors,
                            sslPolicyErrors2
                        });
                        return(SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE);
                    }
                }
                if (chain.ChainElements == null)
                {
                    SslSocket.s_log.LogWarning("ChainElements is null");
                    return(SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE);
                }
                foreach (X509ChainElement x509ChainElement in chain.ChainElements)
                {
                    SslSocket.s_log.LogDebug("Certificate Thumbprint: {0}", new object[]
                    {
                        x509ChainElement.Certificate.Thumbprint
                    });
                    foreach (X509ChainStatus x509ChainStatus in x509ChainElement.ChainElementStatus)
                    {
                        SslSocket.s_log.LogDebug("  Certificate Status: {0}", new object[]
                        {
                            x509ChainStatus.Status
                        });
                    }
                }
                bool flag5 = false;
                if (flag2)
                {
                    if (chain.ChainElements.Count == 1)
                    {
                        chain.ChainPolicy.ExtraStore.Add(SslSocket.s_rootCertificate);
                        chain.Build(new X509Certificate2(certificate));
                        flag5 = true;
                    }
                }
                else if (flag4 && bundleInfo.bundleCerts != null)
                {
                    foreach (X509Certificate2 certificate2 in bundleInfo.bundleCerts)
                    {
                        chain.ChainPolicy.ExtraStore.Add(certificate2);
                    }
                    chain.Build(new X509Certificate2(certificate));
                    flag5 = true;
                }
                for (int j = 0; j < chain.ChainElements.Count; j++)
                {
                    if (chain.ChainElements[j] == null)
                    {
                        SslSocket.s_log.LogWarning("ChainElements[" + j + "] is null");
                        return((!flag5) ? SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE : SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
                    }
                }
                if (flag2)
                {
                    string text;
                    if (BattleNet.Client().GetMobileEnvironment() == constants.MobileEnv.PRODUCTION)
                    {
                        text = "673D9D1072B625CAD95CB47BF0F0F512233E39FD";
                    }
                    else
                    {
                        text = "C0805E3CF51F1A56CE9E6E35CB4F4901B68128B7";
                    }
                    if (chain.ChainElements[1].Certificate.Thumbprint != text)
                    {
                        SslSocket.s_log.LogWarning("Root certificate thumb print check failure");
                        SslSocket.s_log.LogWarning("  expected: {0}", new object[]
                        {
                            text
                        });
                        SslSocket.s_log.LogWarning("  received: {0}", new object[]
                        {
                            chain.ChainElements[1].Certificate.Thumbprint
                        });
                        return((!flag5) ? SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE : SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
                    }
                }
                for (int k = 0; k < chain.ChainElements.Count; k++)
                {
                    if (DateTime.Now > chain.ChainElements[k].Certificate.NotAfter)
                    {
                        SslSocket.s_log.LogWarning("ChainElements[" + k + "] certificate is expired.");
                        return((!flag5) ? SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE : SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
                    }
                }
                foreach (X509ChainElement x509ChainElement2 in chain.ChainElements)
                {
                    foreach (X509ChainStatus x509ChainStatus2 in x509ChainElement2.ChainElementStatus)
                    {
                        if ((!flag2 && !flag5) || x509ChainStatus2.Status != X509ChainStatusFlags.UntrustedRoot)
                        {
                            SslSocket.s_log.LogWarning("Found unexpected chain error={0}.", new object[]
                            {
                                x509ChainStatus2.Status
                            });
                            return((!flag5) ? SslSocket.CertValidationResult.FAILED_SERVER_RESPONSE : SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
                        }
                    }
                }
                X509Certificate2 x509Certificate = new X509Certificate2(chain.ChainElements[0].Certificate);
                SslSocket.s_log.LogDebug("Received valid certificate from FRONT >");
                SslSocket.s_log.LogDebug("  Subject: {0}", new object[]
                {
                    x509Certificate.Subject
                });
                SslSocket.s_log.LogDebug("  Issuer: {0}", new object[]
                {
                    x509Certificate.Issuer
                });
                SslSocket.s_log.LogDebug("  Version: {0}", new object[]
                {
                    x509Certificate.Version
                });
                SslSocket.s_log.LogDebug("  Valid Date: {0}", new object[]
                {
                    x509Certificate.NotBefore
                });
                SslSocket.s_log.LogDebug("  Expiry Date: {0}", new object[]
                {
                    x509Certificate.NotAfter
                });
                SslSocket.s_log.LogDebug("  Thumbprint: {0}", new object[]
                {
                    x509Certificate.Thumbprint
                });
                SslSocket.s_log.LogDebug("  Serial Number: {0}", new object[]
                {
                    x509Certificate.SerialNumber
                });
                SslSocket.s_log.LogDebug("  Friendly Name: {0}", new object[]
                {
                    x509Certificate.FriendlyName
                });
                SslSocket.s_log.LogDebug("  Public Key Format: {0}", new object[]
                {
                    x509Certificate.PublicKey.EncodedKeyValue.Format(true)
                });
                SslSocket.s_log.LogDebug("  Raw Data Length: {0}", new object[]
                {
                    x509Certificate.RawData.Length
                });
                SslSocket.s_log.LogDebug("  CN: {0}", new object[]
                {
                    x509Certificate.GetNameInfo(X509NameType.DnsName, false)
                });
            }
            catch (Exception ex)
            {
                SslSocket.s_log.LogWarning("Exception while trying to validate certificate. {0}", new object[]
                {
                    ex
                });
                return(SslSocket.CertValidationResult.FAILED_CERT_BUNDLE);
            }
            return(SslSocket.CertValidationResult.OK);
        }