protected bool ContextServerCertificateValidation()

in src/NMS.AMQP/Transport/SecureTransportContext.cs [332:411]

• 75 lines of code
• 13 McCabe index (conditional complexity)

        protected bool ContextServerCertificateValidation(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
        {

            if (Tracer.IsDebugEnabled)
            {
                string name = null;
                if (certificate is X509Certificate2)
                {
                    X509Certificate2 cert = certificate as X509Certificate2;
                    name = cert.SubjectName.Name;


                }
                Tracer.DebugFormat("Cert DN {0}; Cert Subject {1}; Cert Issuer {2}; SSLPolicyErrors [{3}]", name, certificate?.Subject ?? "null", certificate?.Issuer ?? "null", sslPolicyErrors.ToString());
                try
                {
                    X509VerificationFlags verFlags = chain.ChainPolicy.VerificationFlags;
                    X509RevocationMode revMode = chain.ChainPolicy.RevocationMode;
                    X509RevocationFlag revFlags = chain.ChainPolicy.RevocationFlag;
                    StringBuilder sb = new StringBuilder();
                    sb.Append("ChainStatus={");
                    int size = sb.Length;
                    foreach (X509ChainStatus status in chain.ChainStatus)
                    {
                        X509ChainStatusFlags csflags = status.Status;
                        sb.AppendFormat("Info={0}; flags=0x{1:X}; flagNames=[{2}]", status.StatusInformation, csflags, csflags.ToString());
                        sb.Append(", ");
                    }
                    if (size != sb.Length)
                    {
                        sb.Remove(sb.Length - 2, 2);
                    }
                    sb.Append("}");

                    Tracer.DebugFormat("X.509 Cert Chain, Verification Flags {0:X} {1}, Revocation Mode {2}, Revocation Flags {3}, Status {4} ",
                        verFlags, verFlags.ToString(), revMode.ToString(), revFlags.ToString(), sb.ToString());
                }
                catch (Exception ex)
                {
                    Tracer.ErrorFormat("Error displaying Remote Cert fields. Cause: {0}", ex);
                }
            }

            bool? valid = null;
            if (ServerCertificateValidateCallback != null)
            {
                try
                {
                    if (Tracer.IsDebugEnabled) Tracer.DebugFormat("Calling application callback for Remote Certificate Validation.");
                    valid = ServerCertificateValidateCallback(sender, certificate, chain, sslPolicyErrors);
                }
                catch (Exception ex)
                {
                    Tracer.InfoFormat("Caught Exception from application callback for Remote Certificate Validation. Exception : {0}", ex);
                    throw ex;
                }
            }
            else 
            {
                if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) == SslPolicyErrors.RemoteCertificateNameMismatch
                   && !String.IsNullOrWhiteSpace(this.ServerName))
                {
                    if (certificate.Subject.IndexOf(string.Format("CN={0}",
                    this.ServerName), StringComparison.InvariantCultureIgnoreCase) > -1)
                    {
                        sslPolicyErrors &= ~(SslPolicyErrors.RemoteCertificateNameMismatch);
                    }
                }
                if (sslPolicyErrors == SslPolicyErrors.None)
                {
                    valid = true;
                }
                else
                {
                    Tracer.WarnFormat("SSL certificate {0} validation error : {1}", certificate.Subject, sslPolicyErrors.ToString());
                    valid = this.AcceptInvalidBrokerCert;
                }
            }
            return valid ?? this.AcceptInvalidBrokerCert;
        }