Beispiel #1
0
        public AppleTlsContext(
            MobileAuthenticatedStream parent, MonoTlsSettings settings,
            AppleTlsProvider provider, bool serverMode, string targetHost,
            SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate,
            X509CertificateCollection clientCertificates, bool askForClientCert)
        {
            this.parent             = parent;
            this.settings           = settings;
            this.provider           = provider;
            this.serverMode         = serverMode;
            this.targetHost         = targetHost;
            this.enabledProtocols   = enabledProtocols;
            this.serverCertificate  = serverCertificate;
            this.clientCertificates = clientCertificates;
            this.askForClientCert   = askForClientCert;

            handle       = GCHandle.Alloc(this);
            connectionId = GCHandle.ToIntPtr(handle);
            readFunc     = NativeReadCallback;
            writeFunc    = NativeWriteCallback;

            certificateValidator = CertificateValidationHelper.GetDefaultValidator(settings, provider);

            if (IsServer)
            {
                if (serverCertificate == null)
                {
                    throw new ArgumentNullException("serverCertificate");
                }
            }
        }
Beispiel #2
0
        public MobileTlsContext(
            MobileAuthenticatedStream parent, bool serverMode, string targetHost,
            SslProtocols enabledProtocols, X509Certificate serverCertificate,
            X509CertificateCollection clientCertificates, bool askForClientCert)
        {
            this.parent             = parent;
            this.serverMode         = serverMode;
            this.targetHost         = targetHost;
            this.enabledProtocols   = enabledProtocols;
            this.serverCertificate  = serverCertificate;
            this.clientCertificates = clientCertificates;
            this.askForClientCert   = askForClientCert;

            serverName = targetHost;
            if (!string.IsNullOrEmpty(serverName))
            {
                var pos = serverName.IndexOf(':');
                if (pos > 0)
                {
                    serverName = serverName.Substring(0, pos);
                }
            }

            certificateValidator = CertificateValidationHelper.GetInternalValidator(
                parent.Settings, parent.Provider);
        }
Beispiel #3
0
        internal static void CheckClientCertificate(TlsContext context, MX.X509CertificateCollection certificates)
        {
            if (context.SettingsProvider.HasClientCertificateParameters)
            {
                var certParams = context.SettingsProvider.ClientCertificateParameters;
                if (certParams.CertificateAuthorities.Count > 0)
                {
                    if (!certParams.CertificateAuthorities.Contains(certificates [0].IssuerName))
                    {
                        throw new TlsException(AlertDescription.BadCertificate);
                    }
                }
            }

            var helper = CertificateValidationHelper.GetValidator(context.Configuration.TlsSettings);

            X509Certificate2Collection scerts = null;

            if (certificates != null)
            {
                scerts = new X509Certificate2Collection();
                for (int i = 0; i < certificates.Count; i++)
                {
                    scerts.Add(new X509Certificate2(certificates [i].RawData));
                }
            }

            var result = helper.ValidateClientCertificate(scerts);

            if (result == null || !result.Trusted || result.UserDenied)
            {
                throw new TlsException(AlertDescription.CertificateUnknown);
            }
        }
Beispiel #4
0
        internal static void CheckRemoteCertificate(TlsConfiguration config, MX.X509CertificateCollection certificates)
        {
            if (certificates == null || certificates.Count < 1)
            {
                throw new TlsException(AlertDescription.CertificateUnknown);
            }

            var helper = CertificateValidationHelper.GetValidator(config.TlsSettings);

            X509Certificate2Collection scerts = null;

            if (certificates != null)
            {
                scerts = new X509Certificate2Collection();
                for (int i = 0; i < certificates.Count; i++)
                {
                    scerts.Add(new X509Certificate2(certificates [i].RawData));
                }
            }

            var result = helper.ValidateChain(config.TargetHost, scerts);

            if (result != null && result.Trusted && !result.UserDenied)
            {
                return;
            }

            // FIXME: check other values to report correct error type.
            throw new TlsException(AlertDescription.CertificateUnknown);
        }
Beispiel #5
0
        protected MobileTlsContext(MobileAuthenticatedStream parent, MonoSslAuthenticationOptions options)
        {
            Parent           = parent;
            IsServer         = options.ServerMode;
            EnabledProtocols = options.EnabledSslProtocols;

            if (options.ServerMode)
            {
                LocalServerCertificate  = options.ServerCertificate;
                AskForClientCertificate = options.ClientCertificateRequired;
            }
            else
            {
                ClientCertificates = options.ClientCertificates;
                TargetHost         = options.TargetHost;
                ServerName         = options.TargetHost;
                if (!string.IsNullOrEmpty(ServerName))
                {
                    var pos = ServerName.IndexOf(':');
                    if (pos > 0)
                    {
                        ServerName = ServerName.Substring(0, pos);
                    }
                }
            }

            certificateValidator = CertificateValidationHelper.GetInternalValidator(
                parent.Settings, parent.Provider);
        }
Beispiel #6
0
 public void Dispose()
 {
     _connection.Dispose();
     if (_ignoreSslPolicyErrors)
     {
         CertificateValidationHelper.RestoreCertificateValidation();
     }
 }
        ICertificateValidator GetValidator(TestContext ctx)
        {
            MonoTlsSettings settings = null;

            if (Parameters.UseTestRunnerCallback)
            {
                settings = MonoTlsSettings.CopyDefaultSettings();
                settings.CallbackNeedsCertificateChain       = true;
                settings.UseServicePointManagerCallback      = false;
                settings.RemoteCertificateValidationCallback = (t, c, ch, e) => ValidationCallback(ctx, t, c, ch, e);
            }

            return(CertificateValidationHelper.GetValidator(settings));
        }
Beispiel #8
0
        public ICertificateValidator GetCertificateValidator(MonoTlsSettings settings)
        {
#if !__MOBILE__
            var type         = typeof(CertificateValidationHelper);
            var getValidator = type.GetMethod("GetValidator", new Type[] { typeof(MonoTlsSettings) });
            if (getValidator != null)
            {
                return((ICertificateValidator)getValidator.Invoke(null, new object[] { settings }));
            }
            getValidator = type.GetMethod("GetValidator", new Type[] { typeof(MonoTlsSettings), typeof(MonoTlsProvider) });
            return((ICertificateValidator)getValidator.Invoke(null, new object[] { settings, null }));
#else
            return(CertificateValidationHelper.GetValidator(settings));
#endif
        }
Beispiel #9
0
        public MobileTlsContext(
            MobileAuthenticatedStream parent, bool serverMode, string targetHost,
            SslProtocols enabledProtocols, X509Certificate serverCertificate,
            X509CertificateCollection clientCertificates, bool askForClientCert)
        {
            this.parent             = parent;
            this.serverMode         = serverMode;
            this.targetHost         = targetHost;
            this.enabledProtocols   = enabledProtocols;
            this.serverCertificate  = serverCertificate;
            this.clientCertificates = clientCertificates;
            this.askForClientCert   = askForClientCert;

            certificateValidator = CertificateValidationHelper.GetDefaultValidator(
                parent.Settings, parent.Provider);
        }
Beispiel #10
0
 /// <summary>
 /// Creates a session object holding contracts and proxies to the web services API. Takes care of username/password and 'Active Directory' authentication (NetworkCredential) to the Secure Token Service.
 /// </summary>
 /// <param name="logger">Instance of the ILogger interface to allow some logging although Write-* is not very thread-friendly.</param>
 /// <param name="webServicesBaseUrl">The url to the web service API. For example 'https://example.com/ISHWS/'</param>
 /// <param name="ishUserName">InfoShare user name. For example 'Admin'</param>
 /// <param name="ishSecurePassword">Matching password as SecureString of the incoming user name. When null is provided, a NetworkCredential() is created instead.</param>
 /// <param name="timeout">Timeout to control Send/Receive timeouts of HttpClient when downloading content like connectionconfiguration.xml</param>
 /// <param name="timeoutIssue">Timeout to control Send/Receive timeouts of WCF when issuing a token</param>
 /// <param name="timeoutService">Timeout to control Send/Receive timeouts of WCF for InfoShareWS proxies</param>
 /// <param name="ignoreSslPolicyErrors">IgnoreSslPolicyErrors presence indicates that a custom callback will be assigned to ServicePointManager.ServerCertificateValidationCallback. Defaults false of course, as this is creates security holes! But very handy for Fiddler usage though.</param>
 public IshSession(ILogger logger, string webServicesBaseUrl, string ishUserName, SecureString ishSecurePassword, TimeSpan timeout, TimeSpan timeoutIssue, TimeSpan timeoutService, bool ignoreSslPolicyErrors)
 {
     _logger                = logger;
     _explicitIssuer        = false;
     _ignoreSslPolicyErrors = ignoreSslPolicyErrors;
     if (_ignoreSslPolicyErrors)
     {
         CertificateValidationHelper.OverrideCertificateValidation();
     }
     ServicePointManagerHelper.RestoreCertificateValidation();
     // webServicesBaseUrl should have trailing slash, otherwise .NET throws unhandy "Reference to undeclared entity 'raquo'." error
     _webServicesBaseUri = (webServicesBaseUrl.EndsWith("/")) ? new Uri(webServicesBaseUrl) : new Uri(webServicesBaseUrl + "/");
     _ishUserName        = ishUserName == null ? Environment.UserName : ishUserName;
     _ishSecurePassword  = ishSecurePassword;
     _timeout            = timeout;
     _timeoutIssue       = timeoutIssue;
     _timeoutService     = timeoutService;
     CreateConnection();
 }
Beispiel #11
0
        public AppleTlsContext(
            MobileAuthenticatedStream parent, bool serverMode, string targetHost,
            SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate,
            X509CertificateCollection clientCertificates, bool askForClientCert)
            : base(parent, serverMode, targetHost, enabledProtocols,
                   serverCertificate, clientCertificates, askForClientCert)
        {
            handle       = GCHandle.Alloc(this);
            connectionId = GCHandle.ToIntPtr(handle);
            readFunc     = NativeReadCallback;
            writeFunc    = NativeWriteCallback;

            certificateValidator = CertificateValidationHelper.GetDefaultValidator(Settings, Provider);

            if (IsServer)
            {
                if (serverCertificate == null)
                {
                    throw new ArgumentNullException("serverCertificate");
                }
            }
        }