internal static bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
{
log.Debug("SslPolicyErrors is set to None, exiting validation");
return(true);
}
lock (CertificateValidationLock)
{
bool AcceptCertificate = false;
HttpWebRequest webreq = (HttpWebRequest)sender;
if (webreq.Address.Host == InvisibleMessages.ACTIVATION_SERVER)
{
// Strict checking on the activation server certificate.
// Also, this ensures that it doesn't get added to the user settings
// through Settings.AddCertificate or Settings.ReplaceCertificate below.
log.Debug("SslPolicyErrors is set to None, exiting validation");
return(sslPolicyErrors == SslPolicyErrors.None);
}
//This allows to run tests without MainWindow
if (Program.MainWindow == null)
{
return(true);
}
foreach (KeyValuePair <string, string> kvp in Settings.KnownServers)
{
if (kvp.Key != webreq.Address.Host)
{
continue;
}
if (kvp.Value == certificate.GetCertHashString())
{
return(true);
}
else if (!XenAdmin.Properties.Settings.Default.WarnChangedCertificate && Registry.AlwaysShowSSLCertificates == SSLCertificateTypes.None)
{
Settings.ReplaceCertificate(kvp.Key, certificate);
log.Debug("Updating cert silently");
return(true);
}
else
{
Program.Invoke(Program.MainWindow, delegate
{
CertificateChangedDialog dialog = new CertificateChangedDialog(certificate, webreq.Address.Host);
AcceptCertificate = dialog.ShowDialog(Program.MainWindow) == DialogResult.OK;
});
if (AcceptCertificate)
{
log.Debug("Updating cert after confirmation");
}
else
{
log.Debug("User rejected changed cert");
}
return(AcceptCertificate);
}
}
if (!XenAdmin.Properties.Settings.Default.WarnUnrecognizedCertificate && Registry.AlwaysShowSSLCertificates != SSLCertificateTypes.All)
{
// user has chosen to ignore new certificates
Settings.AddCertificate(certificate, webreq.Address.Host);
log.Debug("Adding new cert silently");
return(true);
}
Program.Invoke(Program.MainWindow, delegate
{
UnknownCertificateDialog dialog = new UnknownCertificateDialog(certificate, webreq.Address.Host);
AcceptCertificate = dialog.ShowDialog(Program.MainWindow) == DialogResult.OK;
});
if (AcceptCertificate)
{
log.Debug("Adding cert after confirmation");
}
else
{
log.Debug("User rejected new cert");
}
return(AcceptCertificate);
}
}
internal static bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
{
log.Debug("SslPolicyErrors is set to None, exiting validation");
return(true);
}
lock (CertificateValidationLock)
{
bool AcceptCertificate = false;
HttpWebRequest webreq = (HttpWebRequest)sender;
//This allows to run tests without MainWindow
if (Program.MainWindow == null)
{
return(true);
}
foreach (KeyValuePair <string, string> kvp in Settings.KnownServers)
{
if (kvp.Key != webreq.Address.Host)
{
continue;
}
if (kvp.Value == certificate.GetCertHashString())
{
return(true);
}
else if (!Properties.Settings.Default.WarnChangedCertificate && Registry.SSLCertificateTypes == SSLCertificateTypes.None)
{
Settings.ReplaceCertificate(kvp.Key, certificate);
log.Debug("Updating cert silently");
return(true);
}
else
{
Program.Invoke(Program.MainWindow, () =>
{
using (var dialog = new CertificateChangedDialog(certificate, webreq.Address.Host))
AcceptCertificate = dialog.ShowDialog(Program.MainWindow) == DialogResult.OK;
});
if (AcceptCertificate)
{
log.Debug("Updating cert after confirmation");
}
else
{
log.Debug("User rejected changed cert");
}
return(AcceptCertificate);
}
}
if (!Properties.Settings.Default.WarnUnrecognizedCertificate && Registry.SSLCertificateTypes != SSLCertificateTypes.All)
{
// user has chosen to ignore new certificates
Settings.AddCertificate(certificate, webreq.Address.Host);
log.Debug("Adding new cert silently");
return(true);
}
Program.Invoke(Program.MainWindow, () =>
{
using (var dialog = new UnknownCertificateDialog(certificate, webreq.Address.Host))
AcceptCertificate = dialog.ShowDialog(Program.MainWindow) == DialogResult.OK;
});
if (AcceptCertificate)
{
log.Debug("Adding cert after confirmation");
}
else
{
log.Debug("User rejected new cert");
}
return(AcceptCertificate);
}
}
