internal SslCredKey(byte[] thumbPrint, SchProtocols allowedProtocols, EncryptionPolicy encryptionPolicy) { this._CertThumbPrint = (thumbPrint == null) ? s_EmptyArray : thumbPrint; this._HashCode = 0; if (thumbPrint != null) { this._HashCode ^= this._CertThumbPrint[0]; if (1 < this._CertThumbPrint.Length) { this._HashCode ^= this._CertThumbPrint[1] << 8; } if (2 < this._CertThumbPrint.Length) { this._HashCode ^= this._CertThumbPrint[2] << 0x10; } if (3 < this._CertThumbPrint.Length) { this._HashCode ^= this._CertThumbPrint[3] << 0x18; } } this._HashCode ^= allowedProtocols; this._HashCode ^= encryptionPolicy; this._AllowedProtocols = allowedProtocols; this._EncryptionPolicy = encryptionPolicy; }
internal SecureChannel(string hostname, bool serverMode, SchProtocols protocolFlags, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool remoteCertRequired, bool checkCertName, bool checkCertRevocationStatus, EncryptionPolicy encryptionPolicy, LocalCertSelectionCallback certSelectionDelegate) { if (Logging.On) { Logging.PrintInfo(Logging.Web, this, ".ctor", string.Concat(new object[] { "hostname=", hostname, ", #clientCertificates=", (clientCertificates == null) ? "0" : clientCertificates.Count.ToString(NumberFormatInfo.InvariantInfo), ", encryptionPolicy=", encryptionPolicy })); } SSPIWrapper.GetVerifyPackageInfo(GlobalSSPI.SSPISecureChannel, "Microsoft Unified Security Protocol Provider", true); if (ComNetOS.IsWin9x && (clientCertificates.Count > 0)) { this.m_Destination = hostname + "+" + clientCertificates.GetHashCode(); } else { this.m_Destination = hostname; } this.m_HostName = hostname; this.m_ServerMode = serverMode; if (serverMode) { this.m_ProtocolFlags = protocolFlags & SchProtocols.ServerMask; } else { this.m_ProtocolFlags = protocolFlags & SchProtocols.ClientMask; } this.m_ServerCertificate = serverCertificate; this.m_ClientCertificates = clientCertificates; this.m_RemoteCertRequired = remoteCertRequired; this.m_SecurityContext = null; this.m_CheckCertRevocation = checkCertRevocationStatus; this.m_CheckCertName = checkCertName; this.m_CertSelectionDelegate = certSelectionDelegate; this.m_RefreshCredentialNeeded = true; this.m_EncryptionPolicy = encryptionPolicy; }
public SecureCredential(int version, X509Certificate certificate, Flags flags, SchProtocols protocols, EncryptionPolicy policy) { this.rootStore = this.phMappers = this.palgSupportedAlgs = this.certContextArray = IntPtr.Zero; this.cCreds = this.cMappers = this.cSupportedAlgs = 0; if (policy == EncryptionPolicy.RequireEncryption) { this.dwMinimumCipherStrength = 0; this.dwMaximumCipherStrength = 0; } else if (policy == EncryptionPolicy.AllowNoEncryption) { this.dwMinimumCipherStrength = -1; this.dwMaximumCipherStrength = 0; } else { if (policy != EncryptionPolicy.NoEncryption) { throw new ArgumentException(SR.GetString("net_invalid_enum", new object[] { "EncryptionPolicy" }), "policy"); } this.dwMinimumCipherStrength = -1; this.dwMaximumCipherStrength = -1; } this.dwSessionLifespan = this.reserved = 0; this.version = version; this.dwFlags = flags; this.grbitEnabledProtocols = protocols; if (certificate != null) { this.certContextArray = certificate.Handle; this.cCreds = 1; } }
/// <summary> /// Client side ctor /// </summary> public TlsSspiNegotiation( string destination, SchProtocols protocolFlags, X509Certificate2 clientCertificate) : this(destination, false, protocolFlags, null, clientCertificate, false) { }
internal SecureChannel(string hostname, bool serverMode, SchProtocols protocolFlags, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool remoteCertRequired, bool checkCertName, bool checkCertRevocationStatus, EncryptionPolicy encryptionPolicy, LocalCertSelectionCallback certSelectionDelegate) { GlobalLog.Enter("SecureChannel#" + ValidationHelper.HashString(this) + "::.ctor", "hostname:" + hostname + " #clientCertificates=" + ((clientCertificates == null) ? "0" : clientCertificates.Count.ToString(NumberFormatInfo.InvariantInfo))); if (Logging.On) Logging.PrintInfo(Logging.Web, this, ".ctor", "hostname=" + hostname + ", #clientCertificates=" + ((clientCertificates == null) ? "0" : clientCertificates.Count.ToString(NumberFormatInfo.InvariantInfo)) + ", encryptionPolicy=" + encryptionPolicy); SSPIWrapper.GetVerifyPackageInfo(GlobalSSPI.SSPISecureChannel, SecurityPackage, true); m_Destination = hostname; GlobalLog.Assert(hostname != null, "SecureChannel#{0}::.ctor()|hostname == null", ValidationHelper.HashString(this)); m_HostName = hostname; m_ServerMode = serverMode; if (serverMode) m_ProtocolFlags = (protocolFlags & SchProtocols.ServerMask); else m_ProtocolFlags = (protocolFlags & SchProtocols.ClientMask); m_ServerCertificate = serverCertificate; m_ClientCertificates = clientCertificates; m_RemoteCertRequired = remoteCertRequired; m_SecurityContext = null; m_CheckCertRevocation = checkCertRevocationStatus; m_CheckCertName = checkCertName; m_CertSelectionDelegate = certSelectionDelegate; m_RefreshCredentialNeeded = true; m_EncryptionPolicy = encryptionPolicy; GlobalLog.Leave("SecureChannel#" + ValidationHelper.HashString(this) + "::.ctor"); }
public SecureCredential(int version, X509Certificate2 certificate, SecureCredential.Flags flags, SchProtocols protocols, EncryptionPolicy policy) { this.version = version; this.certificate = certificate; this.protocols = protocols; this.policy = policy; }
// // SECURITY: X509Certificate.GetCertHash() is virtual hence before going here // the caller of this ctor has to ensure that a user cert object was inspected and // optionally cloned. // internal SslCredKey(byte[] thumbPrint, SchProtocols allowedProtocols, EncryptionPolicy encryptionPolicy) { _CertThumbPrint = thumbPrint == null? s_EmptyArray: thumbPrint; _HashCode = 0; if (thumbPrint != null) { _HashCode ^= _CertThumbPrint[0]; if (1 < _CertThumbPrint.Length) { _HashCode ^= (_CertThumbPrint[1] << 8); } if (2 < _CertThumbPrint.Length) { _HashCode ^= (_CertThumbPrint[2] << 16); } if (3 < _CertThumbPrint.Length) { _HashCode ^= (_CertThumbPrint[3] << 24); } } _HashCode ^= (int)allowedProtocols; _HashCode ^= (int)encryptionPolicy; _AllowedProtocols = allowedProtocols; _EncryptionPolicy = encryptionPolicy; }
/// <summary> /// Server side ctor /// </summary> public TlsSspiNegotiation( SchProtocols protocolFlags, X509Certificate2 serverCertificate, bool clientCertRequired) : this(null, true, protocolFlags, serverCertificate, null, clientCertRequired) { }
internal static SSPIInterface Create (string hostname, bool serverMode, SchProtocols protocolFlags, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool remoteCertRequired, bool checkCertName, bool checkCertRevocationStatus, EncryptionPolicy encryptionPolicy, LocalCertSelectionCallback certSelectionDelegate, RemoteCertValidationCallback remoteValidationCallback, SSPIConfiguration userConfig) { if (userConfig.Settings != null && remoteValidationCallback != null) throw new InvalidOperationException (); var context = userConfig.Provider.CreateTlsContext ( hostname, serverMode, (TlsProtocols)protocolFlags, serverCertificate, clientCertificates, remoteCertRequired, checkCertName, checkCertRevocationStatus, (MonoEncryptionPolicy)encryptionPolicy, userConfig.Settings); return new SSPIInterface (context, userConfig.EventSink); }
internal static SafeFreeCredentials TryCachedCredential(byte[] thumbPrint, SchProtocols allowedProtocols, EncryptionPolicy encryptionPolicy) { if (s_CachedCreds.Count != 0) { object obj2 = new SslCredKey(thumbPrint, allowedProtocols, encryptionPolicy); SafeCredentialReference reference = s_CachedCreds[obj2] as SafeCredentialReference; if (((reference != null) && !reference.IsClosed) && !reference._Target.IsInvalid) { return(reference._Target); } } return(null); }
internal static SafeFreeCredentials TryCachedCredential(byte[] thumbPrint, SchProtocols allowedProtocols, EncryptionPolicy encryptionPolicy) { if (s_CachedCreds.Count != 0) { object obj2 = new SslCredKey(thumbPrint, allowedProtocols, encryptionPolicy); SafeCredentialReference reference = s_CachedCreds[obj2] as SafeCredentialReference; if (((reference != null) && !reference.IsClosed) && !reference._Target.IsInvalid) { return reference._Target; } } return null; }
private TlsSspiNegotiation( string destination, bool isServer, SchProtocols protocolFlags, X509Certificate2 serverCertificate, X509Certificate2 clientCertificate, bool clientCertRequired) { SspiWrapper.GetVerifyPackageInfo(SecurityPackage); this.destination = destination; this.isServer = isServer; this.protocolFlags = protocolFlags; this.serverCertificate = serverCertificate; this.clientCertificate = clientCertificate; this.clientCertRequired = clientCertRequired; this.securityContext = null; if (isServer) { ValidateServerCertificate(); } else { ValidateClientCertificate(); } if (this.isServer) { // This retry is to address intermittent failure when accessing private key (MB56153) try { AcquireServerCredentials(); } catch (Win32Exception ex) { if (ex.NativeErrorCode != (int)SecurityStatus.UnknownCredential) { throw; } DiagnosticUtility.TraceHandledException(ex, TraceEventType.Information); // Yield Thread.Sleep(0); AcquireServerCredentials(); } } else { // delay client credentials presenting till they are asked for AcquireDummyCredentials(); } }
public SecureCredential(int version, X509Certificate2 certificate, Flags flags, SchProtocols protocols) { this.rootStore = this.phMappers = this.palgSupportedAlgs = this.certContextArray = IntPtr.Zero; this.cCreds = this.cMappers = this.cSupportedAlgs = 0; this.dwMinimumCipherStrength = this.dwMaximumCipherStrength = 0; this.dwSessionLifespan = this.reserved = 0; this.version = version; this.dwFlags = flags; this.grbitEnabledProtocols = protocols; if (certificate != null) { this.certContextArray = certificate.Handle; this.cCreds = 1; } }
internal static SSPIInterface Create(string hostname, bool serverMode, SchProtocols protocolFlags, X509Certificate serverCertificate, XX509CertificateCollection clientCertificates, bool remoteCertRequired, bool checkCertName, bool checkCertRevocationStatus, EncryptionPolicy encryptionPolicy, LocalCertSelectionCallback certSelectionDelegate, RemoteCertValidationCallback remoteValidationCallback, SSPIConfiguration userConfig) { if (userConfig.Settings != null && remoteValidationCallback != null) { throw new InvalidOperationException(); } var context = userConfig.Provider.CreateTlsContext( hostname, serverMode, (TlsProtocols)protocolFlags, serverCertificate, clientCertificates, remoteCertRequired, checkCertName, checkCertRevocationStatus, (MonoEncryptionPolicy)encryptionPolicy, userConfig.Settings); return(new SSPIInterface(context, userConfig.EventSink)); }
public SchannelCred(int version1, X509Certificate certificate, SchannelCred.Flags flags, SchProtocols protocols) { this.paCreds1 = IntPtr.Zero; this.rootStore = (this.phMappers = (this.palgSupportedAlgs = IntPtr.Zero)); this.cCreds = (this.cMappers = (this.cSupportedAlgs = 0)); this.dwMinimumCipherStrength = (this.dwMaximumCipherStrength = 0); this.dwSessionLifespan = (this.reserved = 0); this.version = version1; this.dwFlags = flags; this.grbitEnabledProtocols = protocols; if (certificate != null) { this.paCreds1 = certificate.Handle; this.cCreds = 1; } }
public SchannelCred(int version1, X509Certificate certificate, Flags flags, SchProtocols protocols) { paCreds1 = IntPtr.Zero; rootStore = phMappers = palgSupportedAlgs = IntPtr.Zero; cCreds = cMappers = cSupportedAlgs = 0; dwMinimumCipherStrength = dwMaximumCipherStrength = 0; dwSessionLifespan = reserved = 0; version = version1; dwFlags = flags; grbitEnabledProtocols = protocols; if (certificate != null) { paCreds1 = certificate.Handle; cCreds = 1; } }
// // SECURITY: X509Certificate.GetCertHash() is virtual hence before going here // the caller of this ctor has to ensure that a user cert object was inspected and // optionally cloned. // internal SslCredKey(byte[] thumbPrint, SchProtocols allowedProtocols) { _CertThumbPrint = thumbPrint == null? s_EmptyArray: thumbPrint; _HashCode = 0; if (thumbPrint != null) { _HashCode ^= _CertThumbPrint[0]; if (1 < _CertThumbPrint.Length) _HashCode ^= (_CertThumbPrint[1] << 8); if (2 < _CertThumbPrint.Length) _HashCode ^= (_CertThumbPrint[2] << 16); if (3 < _CertThumbPrint.Length) _HashCode ^= (_CertThumbPrint[3] << 24); } _AllowedProtocols = allowedProtocols; _HashCode ^= (int)_AllowedProtocols; }
internal static void CacheCredential(SafeFreeCredentials creds, byte[] thumbPrint, SchProtocols allowedProtocols, EncryptionPolicy encryptionPolicy) { if (!creds.IsInvalid) { object obj2 = new SslCredKey(thumbPrint, allowedProtocols, encryptionPolicy); SafeCredentialReference reference = s_CachedCreds[obj2] as SafeCredentialReference; if (((reference == null) || reference.IsClosed) || reference._Target.IsInvalid) { lock (s_CachedCreds) { reference = s_CachedCreds[obj2] as SafeCredentialReference; if ((reference == null) || reference.IsClosed) { reference = SafeCredentialReference.CreateReference(creds); if (reference != null) { s_CachedCreds[obj2] = reference; if ((s_CachedCreds.Count % 0x20) == 0) { DictionaryEntry[] array = new DictionaryEntry[s_CachedCreds.Count]; s_CachedCreds.CopyTo(array, 0); for (int i = 0; i < array.Length; i++) { reference = array[i].Value as SafeCredentialReference; if (reference != null) { creds = reference._Target; reference.Close(); if ((!creds.IsClosed && !creds.IsInvalid) && ((reference = SafeCredentialReference.CreateReference(creds)) != null)) { s_CachedCreds[array[i].Key] = reference; } else { s_CachedCreds.Remove(array[i].Key); } } } } } } } } } }
public SecureCredential(int version, X509Certificate2 certificate, SecureCredential.Flags flags, SchProtocols protocols) { //Setting default values rootStore = phMappers = palgSupportedAlgs = certContextArray = IntPtr.Zero; cCreds = cMappers = cSupportedAlgs = 0; dwMinimumCipherStrength = dwMaximumCipherStrength = 0; dwSessionLifespan = reserved = 0; this.version = version; dwFlags = flags; grbitEnabledProtocols = protocols; if (certificate != null) { certContextArray = certificate.Handle; cCreds = 1; } }
private TlsSspiNegotiation(string destination, bool isServer, SchProtocols protocolFlags, X509Certificate2 serverCertificate, X509Certificate2 clientCertificate, bool clientCertRequired) { this.syncObject = new object(); SspiWrapper.GetVerifyPackageInfo("Microsoft Unified Security Protocol Provider"); this.destination = destination; this.isServer = isServer; this.protocolFlags = protocolFlags; this.serverCertificate = serverCertificate; this.clientCertificate = clientCertificate; this.clientCertRequired = clientCertRequired; this.securityContext = null; if (isServer) { this.ValidateServerCertificate(); } else { this.ValidateClientCertificate(); } if (this.isServer) { try { this.AcquireServerCredentials(); } catch (Win32Exception exception) { if (exception.NativeErrorCode != -2146893043) { throw; } if (System.ServiceModel.DiagnosticUtility.ShouldTraceInformation) { System.ServiceModel.DiagnosticUtility.ExceptionUtility.TraceHandledException(exception, TraceEventType.Information); } Thread.Sleep(0); this.AcquireServerCredentials(); } } else { this.AcquireDummyCredentials(); } }
// // Returns null or previously cached cred handle // // ATTN: The returned handle can be invalid, the callers of InitializeSecurityContext and AcceptSecurityContext // must be prepared to execute a backout code if the call fails. // // Note:thumbPrint is a cryptographicaly strong hash of a certificate // internal static SafeFreeCredentials TryCachedCredential(byte[] thumbPrint, SchProtocols allowedProtocols, EncryptionPolicy encryptionPolicy) { if (s_CachedCreds.Count == 0) { GlobalLog.Print("TryCachedCredential() Not Found, Current Cache Count = " + s_CachedCreds.Count); return(null); } object key = new SslCredKey(thumbPrint, allowedProtocols, encryptionPolicy); SafeCredentialReference cached = s_CachedCreds[key] as SafeCredentialReference; if (cached == null || cached.IsClosed || cached._Target.IsInvalid) { GlobalLog.Print("TryCachedCredential() Not Found, Current Cache Count = " + s_CachedCreds.Count); return(null); } GlobalLog.Print("TryCachedCredential() Found a cached Handle = " + cached._Target.ToString()); return(cached._Target); }
// // The app is calling this method after starting an SSL handshake. // // ATTN: The thumbPrint must be from inspected and possbly cloned user Cert object or we get a security hole in SslCredKey ctor. // internal static void CacheCredential(SafeFreeCredentials creds, byte[] thumbPrint, SchProtocols allowedProtocols, EncryptionPolicy encryptionPolicy) { GlobalLog.Assert(creds != null, "CacheCredential|creds == null"); if (creds.IsInvalid) { GlobalLog.Print("CacheCredential() Refused to cache an Invalid Handle = " + creds.ToString() + ", Current Cache Count = " + s_CachedCreds.Count); return; } object key = new SslCredKey(thumbPrint, allowedProtocols, encryptionPolicy); SafeCredentialReference cached = s_CachedCreds[key] as SafeCredentialReference; if (cached == null || cached.IsClosed || cached._Target.IsInvalid) { lock (s_CachedCreds) { cached = s_CachedCreds[key] as SafeCredentialReference; if (cached == null || cached.IsClosed) { cached = SafeCredentialReference.CreateReference(creds); if (cached == null) { // Means the handle got closed in between, return it back and let caller deal with the issue. return; } s_CachedCreds[key] = cached; GlobalLog.Print("CacheCredential() Caching New Handle = " + creds.ToString() + ", Current Cache Count = " + s_CachedCreds.Count); // // A simplest way of preventing infinite cache grows. // // Security relief (DoS): // A number of active creds is never greater than a number of _outstanding_ // security sessions, i.e. ssl connections. // So we will try to shrink cache to the number of active creds once in a while. // // Just to make clear we won't shrink cache in the case when NO new handles are coming to it. // if ((s_CachedCreds.Count % c_CheckExpiredModulo) == 0) { DictionaryEntry[] toRemoveAttempt = new DictionaryEntry[s_CachedCreds.Count]; s_CachedCreds.CopyTo(toRemoveAttempt, 0); for (int i = 0; i < toRemoveAttempt.Length; ++i) { cached = toRemoveAttempt[i].Value as SafeCredentialReference; if (cached != null) { creds = cached._Target; cached.Close(); if (!creds.IsClosed && !creds.IsInvalid && (cached = SafeCredentialReference.CreateReference(creds)) != null) { s_CachedCreds[toRemoveAttempt[i].Key] = cached; } else { s_CachedCreds.Remove(toRemoveAttempt[i].Key); } } } GlobalLog.Print("Scavenged cache, New Cache Count = " + s_CachedCreds.Count); } } else { GlobalLog.Print("CacheCredential() (locked retry) Found already cached Handle = " + cached._Target.ToString()); } } } else { GlobalLog.Print("CacheCredential() Ignoring incoming handle = " + creds.ToString() + " since found already cached Handle = " + cached._Target.ToString()); } }
public SecureCredential(int version, X509Certificate certificate, SecureCredential.Flags flags, SchProtocols protocols, EncryptionPolicy policy) { // default values required for a struct rootStore = phMappers = palgSupportedAlgs = certContextArray = IntPtr.Zero; cCreds = cMappers = cSupportedAlgs = 0; if (policy == EncryptionPolicy.RequireEncryption) { // Prohibit null encryption cipher dwMinimumCipherStrength = 0; dwMaximumCipherStrength = 0; } else if (policy == EncryptionPolicy.AllowNoEncryption) { // Allow null encryption cipher in addition to other ciphers dwMinimumCipherStrength = -1; dwMaximumCipherStrength = 0; } else if (policy == EncryptionPolicy.NoEncryption) { // Suppress all encryption and require null encryption cipher only dwMinimumCipherStrength = -1; dwMaximumCipherStrength = -1; } else { throw new ArgumentException(SR.GetString(SR.net_invalid_enum, "EncryptionPolicy"), "policy"); } dwSessionLifespan = reserved = 0; this.version = version; dwFlags = flags; grbitEnabledProtocols = protocols; if (certificate != null) { certContextArray = certificate.Handle; cCreds = 1; } }
public SchannelCred(X509Certificate certificate, SchProtocols protocols) : this(CurrentVersion, certificate, SchannelCred.Flags.Zero, protocols) { }
public SecureCredential (int version, X509Certificate2 certificate, SecureCredential.Flags flags, SchProtocols protocols, EncryptionPolicy policy) { this.version = version; this.certificate = certificate; this.protocols = protocols; this.policy = policy; }
// // The app is calling this method after starting an SSL handshake. // // ATTN: The thumbPrint must be from inspected and possbly cloned user Cert object or we get a security hole in SslCredKey ctor. // internal static void CacheCredential(SafeFreeCredentials creds, byte[] thumbPrint, SchProtocols allowedProtocols) { GlobalLog.Assert(creds != null, "CacheCredential|creds == null"); if (creds.IsInvalid) { GlobalLog.Print("CacheCredential() Refused to cache an Invalid Handle = " + creds.ToString() + ", Current Cache Count = " + s_CachedCreds.Count); return; } object key = new SslCredKey(thumbPrint, allowedProtocols); SafeCredentialReference cached = s_CachedCreds[key] as SafeCredentialReference; if (cached == null || cached.IsClosed || cached._Target.IsInvalid) { lock(s_CachedCreds) { cached = s_CachedCreds[key] as SafeCredentialReference; if (cached == null || cached.IsClosed) { cached = SafeCredentialReference.CreateReference(creds); if (cached == null) { // Means the handle got closed in between, return it back and let caller deal with the issue. return; } s_CachedCreds[key] = cached; GlobalLog.Print("CacheCredential() Caching New Handle = " + creds.ToString() + ", Current Cache Count = " + s_CachedCreds.Count); // // A simplest way of preventing infinite cache grows. // // Security relief (DoS): // A number of active creds is never greater than a number of _outstanding_ // security sessions, i.e. ssl connections. // So we will try to shrink cache to the number of active creds once in a while. // // Just to make clear we won't shrink cache in the case when NO new handles are coming to it. // if ((s_CachedCreds.Count%c_CheckExpiredModulo) == 0) { DictionaryEntry[] toRemoveAttempt = new DictionaryEntry[s_CachedCreds.Count]; s_CachedCreds.CopyTo(toRemoveAttempt, 0); for(int i = 0; i < toRemoveAttempt.Length; ++i) { cached = toRemoveAttempt[i].Value as SafeCredentialReference; if (cached != null) { creds = cached._Target; cached.Close(); if (!creds.IsClosed && !creds.IsInvalid && (cached = SafeCredentialReference.CreateReference(creds)) != null) s_CachedCreds[toRemoveAttempt[i].Key] = cached; else s_CachedCreds.Remove(toRemoveAttempt[i].Key); } } GlobalLog.Print("Scavenged cache, New Cache Count = " + s_CachedCreds.Count); } } else { GlobalLog.Print("CacheCredential() (locked retry) Found already cached Handle = " + cached._Target.ToString()); } } } else { GlobalLog.Print("CacheCredential() Ignoring incoming handle = " + creds.ToString() + " since found already cached Handle = " + cached._Target.ToString()); } }
// // Returns null or previously cached cred handle // // ATTN: The returned handle can be invalid, the callers of InitializeSecurityContext and AcceptSecurityContext // must be prepared to execute a backout code if the call fails. // // Note:thumbPrint is a cryptographicaly strong hash of a certificate // internal static SafeFreeCredentials TryCachedCredential(byte[] thumbPrint, SchProtocols allowedProtocols) { if (s_CachedCreds.Count == 0) { GlobalLog.Print("TryCachedCredential() Not Found, Current Cache Count = " + s_CachedCreds.Count); return null; } object key = new SslCredKey(thumbPrint, allowedProtocols); SafeCredentialReference cached = s_CachedCreds[key] as SafeCredentialReference; if (cached == null || cached.IsClosed || cached._Target.IsInvalid) { GlobalLog.Print("TryCachedCredential() Not Found, Current Cache Count = " + s_CachedCreds.Count); return null; } GlobalLog.Print("TryCachedCredential() Found a cached Handle = " + cached._Target.ToString()); return cached._Target; }
public SchannelCred(X509Certificate certificate, SchProtocols protocols) { this = new SchannelCred(4, certificate, SchannelCred.Flags.Zero, protocols); }