private bool AcquireServerCredentials(ref byte[] thumbPrint)
{
if (NetEventSource.IsEnabled) NetEventSource.Enter(this);
X509Certificate localCertificate = null;
bool cachedCred = false;
if (_certSelectionDelegate != null)
{
X509CertificateCollection tempCollection = new X509CertificateCollection();
tempCollection.Add(_serverCertificate);
localCertificate = _certSelectionDelegate(string.Empty, tempCollection, null, Array.Empty<string>());
if (NetEventSource.IsEnabled) NetEventSource.Info(this, "Use delegate selected Cert");
}
else
{
localCertificate = _serverCertificate;
}
if (localCertificate == null)
{
throw new NotSupportedException(SR.net_ssl_io_no_server_cert);
}
// SECURITY: Accessing X509 cert Credential is disabled for semitrust.
// We no longer need to demand for unmanaged code permissions.
// EnsurePrivateKey should do the right demand for us.
X509Certificate2 selectedCert = EnsurePrivateKey(localCertificate);
if (selectedCert == null)
{
throw new NotSupportedException(SR.net_ssl_io_no_server_cert);
}
if (!localCertificate.Equals(selectedCert))
{
NetEventSource.Fail(this, "'selectedCert' does not match 'localCertificate'.");
}
//
// Note selectedCert is a safe ref possibly cloned from the user passed Cert object
//
byte[] guessedThumbPrint = selectedCert.GetCertHash();
try
{
SafeFreeCredentials cachedCredentialHandle = SslSessionsCache.TryCachedCredential(guessedThumbPrint, _sslProtocols, _serverMode, _encryptionPolicy);
if (cachedCredentialHandle != null)
{
_credentialsHandle = cachedCredentialHandle;
_serverCertificate = localCertificate;
cachedCred = true;
}
else
{
_credentialsHandle = SslStreamPal.AcquireCredentialsHandle(selectedCert, _sslProtocols, _encryptionPolicy, _serverMode);
thumbPrint = guessedThumbPrint;
_serverCertificate = localCertificate;
}
}
finally
{
// An extra cert could have been created, dispose it now.
if ((object)localCertificate != (object)selectedCert)
{
selectedCert.Dispose();
}
}
if (NetEventSource.IsEnabled) NetEventSource.Exit(this, cachedCred, _credentialsHandle);
return cachedCred;
}