个人中心
gpt4 book ai didi

c# - 覆盖 ServicePointManager.ServerCertificateValidationCallback 时执行默认证书验证

转载 作者:太空狗 更新时间:2023-10-29 21:27:36 26 4
gpt4 key购买 nike

我使用 SmtpClient 使用 SSL 通过 SMTP 服务器发送电子邮件。此 SMTP 服务器配置为使用自签名证书。

由于我无法在所有客户端计算机上安装证书,因此我添加了 ServicePointManager.ServerCertificateValidationCallback 来为我们的自签名证书实现自定义验证。

但是,我只想在使用 SmtpClient 时执行自定义验证,并在其他地方执行证书验证时恢复为默认行为。

由于回调是一个静态属性,我还应该确保回调不会被我用来发送电子邮件的线程以外的另一个线程调用。

我想出了以下代码:

Private Shared _defaultServerCertificateValidationCallback As System.Net.Security.RemoteCertificateValidationCallback
Private Shared _overrideSmtpCertificateValidation As Boolean = False
Private Shared _callbackLocker As New Object()

Private Shared Function OurCertificateValidation(s As Object, certificate As Security.Cryptography.X509Certificates.X509Certificate, chain As Security.Cryptography.X509Certificates.X509Chain, sslPolicyErrors As Net.Security.SslPolicyErrors) As Boolean

    SyncLock _callbackLocker

        If _overrideSmtpCertificateValidation Then
            _overrideSmtpCertificateValidation = False
            Dim actualCertificate = Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile("selfSignedSmtp.cert")
            Return certificate.Equals(actualCertificate)
        Else
            'Should execute the default certificate validation.
            Return _defaultServerCertificateValidationCallback(s, certificate, chain, sslPolicyErrors)
        End If

    End SyncLock

End Function

Public Sub SendMail()
    _defaultServerCertificateValidationCallback = System.Net.ServicePointManager.ServerCertificateValidationCallback
    System.Net.ServicePointManager.ServerCertificateValidationCallback = New System.Net.Security.RemoteCertificateValidationCallback(AddressOf OurCertificateValidation)
    _overrideSmtpCertificateValidation = True
    'Send mail using SMTP client here...
End Sub

发送电子邮件时这段代码应该做的是将默认的 ServerCertificateValidationCallback 保留在变量中,标记要执行的自定义验证,在与 相同的线程上执行自定义验证SmtpClient,使用 SyncLock 阻止其他线程执行自定义验证,然后恢复为默认行为并允许其他线程继续进行默认证书验证。

但是,ServerCertificateValidationCallback 默认设置为 Nothing,因此我无法显式调用默认验证回调。

有什么我可以调用而不是 Return _defaultServerCertificateValidationCallback(s, certificate, chain, sslPolicyErrors) 可以在需要时执行默认证书验证的东西吗?

最佳答案

我发现默认证书验证是在 ServerCertificateValidationCallback 之前完成的。如果sslPolicyErrors设置为None,则表示验证成功。

我认为这段代码满足了我的需求,并且对于我的情况来说似乎足够安全:

Private Shared _customCertificateLocker As New Object()
Private Shared _customCertificateThreadId As Integer
Private Shared _customCertificatePath As String

'Returns True if the certificate is valid according to the default certificate validation algorithm,
'or else if the certificate is the same as the specified custom certificate.
Private Shared Function CustomCertificateValidation(s As Object, certificate As Security.Cryptography.X509Certificates.X509Certificate, chain As Security.Cryptography.X509Certificates.X509Chain, sslPolicyErrors As Net.Security.SslPolicyErrors) As Boolean

    If sslPolicyErrors = System.Net.Security.SslPolicyErrors.None Then
        'The certificate is valid according to the default certificate validation algorithm
        Return True
    Else

        'Validates only for the thread that called UseCustomCertificate.
        If System.Threading.Thread.CurrentThread.ManagedThreadId = _customCertificateThreadId Then

            If Not File.Exists(_customCertificatePath) Then
                Throw New FileNotFoundException("Certificate not found at path : '" & _customCertificatePath & "'.")
            End If

            Try
                'Validates the specified custom certificate against the server certificate.
                Dim actualCertificate = Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile(_customCertificatePath)
                Return certificate.Equals(actualCertificate)
            Catch
                Return False
            End Try

        End If

    End If

    Return False

End Function

'Performs an Action that needs the custom certificate validation, on one thread at a time.
Public Shared Sub UseCustomCertificate(customCertificatePath As String, action As Action)

    'Used to make sure that the ServerCertificateValidationCallback stays the same during the Action, even if multiple threads call this method.
    SyncLock _customCertificateLocker

        _customCertificateThreadId = System.Threading.Thread.CurrentThread.ManagedThreadId
        _customCertificatePath = customCertificatePath
        System.Net.ServicePointManager.ServerCertificateValidationCallback = New System.Net.Security.RemoteCertificateValidationCallback(AddressOf CustomCertificateValidation)

        Try
            action()

        Finally
            _customCertificateThreadId = 0
            _customCertificatePath = String.Empty
            System.Net.ServicePointManager.ServerCertificateValidationCallback = Nothing
        End Try

    End SyncLock

End Sub

使用示例:

UseCustomCertificate("C:\example.cert",
                     Sub()
                        'Send email with SmtpClient...
                     End Sub)

只有在几天内没有得到更安全/更好的答案时,我才会接受这个答案。

关于c# - 覆盖 ServicePointManager.ServerCertificateValidationCallback 时执行默认证书验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/24698982/

26 4 0
文章推荐: c++ - 这种情况下合适的设计模式是什么?
文章推荐: Python:消除库代码中的堆栈跟踪?
文章推荐: c++ - Ubuntu 上 C/C++ 的 Eclipse 库错误
文章推荐: python - 如何反转具有重复值的字典
太空狗
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com