public async Task Validate(BackchannelCertificateValidationContext context, Func <BackchannelCertificateValidationContext, Task> next) { var validationResult = this.ValidateInternal(context); if (!validationResult) { return; } await next(context); }
public bool Validate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { var context = new BackchannelCertificateValidationContext(certificate, chain, sslPolicyErrors); Func <BackchannelCertificateValidationContext, Task> seed = x => Task.CompletedTask; var rules = this.GetBackchannelCertificateValidationRules(); var validationDelegate = rules.Aggregate(seed, (f, next) => new Func <BackchannelCertificateValidationContext, Task>(c => next.Validate(c, f))); var task = validationDelegate(context); task.Wait(); return(context.IsValid); }
public async Task Validate(object sender, BackchannelCertificateValidationContext context, Func <object, BackchannelCertificateValidationContext, Task> next) { var isValid = base.Validate(sender, context.Certificate, context.Chain, context.SslPolicyErrors); if (isValid) { context.Validated(); } else { await next(sender, context); } }
public bool Validate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { var httpMessage = sender as HttpWebRequest; this._logProvider.LogMessage(String.Format("Validating backhannel certificate. sslPolicyErrors was: {0}", sslPolicyErrors)); var configiration = this._configurationProvider.GeBackchannelConfiguration(httpMessage.RequestUri); var context = new BackchannelCertificateValidationContext(certificate, chain, sslPolicyErrors); //if pinning validation is enabled it take precedence if (configiration.UsePinningValidation && configiration.BackchannelValidatorResolver != null) { _logProvider.LogMessage(String.Format("Pinning validation entered. Validator type: {0}", configiration.BackchannelValidatorResolver.Type)); var type = configiration.BackchannelValidatorResolver.Type; var instance = BackchannelCertificateValidationRulesFactory.CertificateValidatorResolverFactory(type); if (instance != null) { var validators = instance.Resolve(configiration) .Where(x => x != null) .ToList(); Func <object, BackchannelCertificateValidationContext, Task> seed1 = (o, c) => Task.CompletedTask; var del = validators.Aggregate(seed1, (next, validator) => new Func <object, BackchannelCertificateValidationContext, Task>((o, c) => validator.Validate(o, c, next))); var backChannelValidationTask = del(sender, context); backChannelValidationTask.Wait(); return(context.IsValid); } } //if pinning validation is disabled run validation rules if any //default rule. SslPolicyErrors no error vaidation. To ve reviewed Func <BackchannelCertificateValidationContext, Task> seed = x => { var isLocal = Utility.IsLocalIpAddress(httpMessage.RequestUri.Host); if (isLocal || (!x.IsValid && x.SslPolicyErrors == SslPolicyErrors.None)) { x.Validated(); } return(Task.CompletedTask); }; var rules = BackchannelCertificateValidationRulesFactory.GetRules(configiration); var validationDelegate = rules.Aggregate(seed, (f, next) => new Func <BackchannelCertificateValidationContext, Task>(c => next.Validate(c, f))); var task = validationDelegate(context); task.Wait(); return(context.IsValid); }
public bool Validate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { var federationPartyId = FederationPartyIdentifierHelper.GetFederationPartyIdFromRequestOrDefault(sender as HttpWebRequest); var configiration = this.GetConfiguration(federationPartyId); //ToDo: complete pinning validation. Moved to back log on 27/09/2017 if (configiration.UsePinningValidation && configiration.BackchannelValidatorResolver != null) { try { var type = configiration.BackchannelValidatorResolver.Type; var instace = Activator.CreateInstance(type) as ICertificateValidatorResolver; if (instace != null) { var validators = instace.Resolve(); return(true); } } catch (Exception) { return(true); } } var context = new BackchannelCertificateValidationContext(certificate, chain, sslPolicyErrors); //default rule. No validation Func <BackchannelCertificateValidationContext, Task> seed = x => { x.Validated(); return(Task.CompletedTask); }; var rules = BackchannelCertificateValidationRulesFactory.GetRules(configiration); var validationDelegate = rules.Aggregate(seed, (f, next) => new Func <BackchannelCertificateValidationContext, Task>(c => next.Validate(c, f))); var task = validationDelegate(context); task.Wait(); return(context.IsValid); }
public async Task Validate(object sender, BackchannelCertificateValidationContext context, Func <object, BackchannelCertificateValidationContext, Task> next) { //ToDo: Review bool backchannelLocalValidatorEnabled = true; var found = true;//AppSettingsConfigurationManager.TryGetSettingAndParse<bool>("backchannelLocalValidatorEnabled", false, out backchannelLocalValidatorEnabled); if (!backchannelLocalValidatorEnabled) { return; } #if (DEBUG) var webRequest = sender as HttpWebRequest; if (webRequest == null) { return; } var isLocal = Utility.IsLocalIpAddress(webRequest.Host); if (webRequest != null && isLocal) { foreach (X509ChainElement chainElement in context.Chain.ChainElements) { string thumbprint = chainElement.Certificate.Thumbprint; if (thumbprint != null && this._validThumbprints.Contains(thumbprint)) { context.Validated(); break; } } } else { await next(sender, context); } #endif }
protected abstract bool ValidateInternal(BackchannelCertificateValidationContext context);
public Task Validate(object sender, BackchannelCertificateValidationContext context, Func <object, BackchannelCertificateValidationContext, Task> next) { throw new NotImplementedException(); }
protected override bool ValidateInternal(BackchannelCertificateValidationContext context) { context.Validated(); return(true); }