public override bool CheckAccess(EndpointIdentity identity, AuthorizationContext authContext)
{
List <Claim> claims = new List <Claim>();
X509Extension item = null;
foreach (ClaimSet claimSet in authContext.ClaimSets)
{
if (item == null)
{
X509CertificateClaimSet x509CertificateClaimSet = claimSet as X509CertificateClaimSet;
if (x509CertificateClaimSet != null && x509CertificateClaimSet.X509Certificate != null)
{
item = x509CertificateClaimSet.X509Certificate.Extensions["2.5.29.17"];
}
}
foreach (Claim claim in claimSet)
{
if (ClaimTypes.Dns != claim.ClaimType)
{
continue;
}
claims.Add(claim);
}
}
if (1 != claims.Count)
{
throw new InvalidOperationException(SRClient.InvalidDNSClaims(claims.Count));
}
if (LenientDnsIdentityVerifier.CheckTopLevelDomainCompatibleness(claims[0].Resource.ToString(), identity.IdentityClaim.Resource.ToString()))
{
return(true);
}
return(SecureSocketUtil.CertificateCheckSubjectAlternativeNames(item, identity.IdentityClaim.Resource.ToString()));
}
public static bool CertificateCheckSubjectAlternativeNames(X509Extension extensions, string hostName)
{
if (extensions != null)
{
string[] strArrays = Regex.Split(extensions.Format(true), Environment.NewLine);
string[] strArrays1 = strArrays;
for (int i = 0; i < (int)strArrays1.Length; i++)
{
string str = strArrays1[i];
if (!string.IsNullOrEmpty(str))
{
string[] strArrays2 = str.Trim().Split(new char[] { '=' });
if (strArrays2[0].Trim().Equals("DNS Name") && LenientDnsIdentityVerifier.CheckTopLevelDomainCompatibleness(strArrays2[1].Trim(), hostName))
{
return(true);
}
}
}
}
return(false);
}
public override bool TryGetIdentity(EndpointAddress reference, out EndpointIdentity identity)
{
if (this.expectedIdentity != null)
{
identity = this.expectedIdentity;
return(true);
}
if (reference == null)
{
throw new ArgumentNullException("reference");
}
identity = reference.Identity;
if (identity == null)
{
identity = LenientDnsIdentityVerifier.TryCreateDnsIdentity(reference);
}
if (identity == null)
{
return(false);
}
return(true);
}
public static bool CustomizedCertificateValidator(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors, string hostName)
{
bool flag;
if (sslPolicyErrors == SslPolicyErrors.None)
{
return(true);
}
if (sslPolicyErrors != SslPolicyErrors.RemoteCertificateNameMismatch)
{
return(false);
}
X509Certificate2 x509Certificate2 = certificate as X509Certificate2;
Fx.AssertAndThrow(x509Certificate2 != null, "CustomizedCertificateValidator received an invalid certificate");
try
{
foreach (Claim claim in new X509CertificateClaimSet(x509Certificate2))
{
if (!(claim.ClaimType == ClaimTypes.Dns) || !LenientDnsIdentityVerifier.CheckTopLevelDomainCompatibleness(claim.Resource.ToString(), hostName))
{
continue;
}
flag = true;
return(flag);
}
flag = SecureSocketUtil.CertificateCheckSubjectAlternativeNames(x509Certificate2.Extensions["2.5.29.17"], hostName);
}
catch (Exception exception)
{
if (Fx.IsFatal(exception))
{
throw;
}
return(false);
}
return(flag);
}
