void Initialize(IntPtr certHandle, SecPolicy policy)
{
SecStatusCode result = SecTrustCreateWithCertificates(certHandle, policy == null ? IntPtr.Zero : policy.Handle, out handle);
if (result != SecStatusCode.Success)
{
throw new ArgumentException(result.ToString());
}
}
static public SecPolicy CreateSslPolicy(bool server, string hostName)
{
CFString host = hostName == null ? null : CFString.Create(hostName);
IntPtr handle = host == null ? IntPtr.Zero : host.Handle;
SecPolicy policy = new SecPolicy(SecPolicyCreateSSL(server, handle), true);
if (host != null)
{
host.Dispose();
}
return(policy);
}
void Initialize(SafeSecCertificateHandle[] array, SecPolicy policy)
{
var handles = new IntPtr [array.Length];
for (int i = 0; i < array.Length; i++)
{
handles [i] = array [i].DangerousGetHandle();
}
using (var certs = CFArray.CreateArray(handles)) {
Initialize(certs.Handle, policy);
}
}
public static bool InvokeSystemCertificateValidator(
ICertificateValidator2 validator, string targetHost, bool serverMode,
X509CertificateCollection certificates,
ref MonoSslPolicyErrors errors, ref int status11)
{
if (certificates == null)
{
errors |= MonoSslPolicyErrors.RemoteCertificateNotAvailable;
return(false);
}
if (!string.IsNullOrEmpty(targetHost))
{
var pos = targetHost.IndexOf(':');
if (pos > 0)
{
targetHost = targetHost.Substring(0, pos);
}
}
var policy = SecPolicy.CreateSslPolicy(!serverMode, targetHost);
var trust = new SecTrust(certificates, policy);
if (validator.Settings.TrustAnchors != null)
{
var status = trust.SetAnchorCertificates(validator.Settings.TrustAnchors);
if (status != SecStatusCode.Success)
{
throw new InvalidOperationException(status.ToString());
}
trust.SetAnchorCertificatesOnly(false);
}
if (validator.Settings.CertificateValidationTime != null)
{
var status = trust.SetVerifyDate(validator.Settings.CertificateValidationTime.Value);
if (status != SecStatusCode.Success)
{
throw new InvalidOperationException(status.ToString());
}
}
var result = trust.Evaluate();
if (result == SecTrustResult.Unspecified)
{
return(true);
}
errors |= MonoSslPolicyErrors.RemoteCertificateChainErrors;
return(false);
}
public SecTrust(X509CertificateCollection certificates, SecPolicy policy)
{
if (certificates == null)
{
throw new ArgumentNullException("certificates");
}
SecCertificate[] array = new SecCertificate [certificates.Count];
int i = 0;
foreach (var certificate in certificates)
{
array [i++] = new SecCertificate(certificate);
}
Initialize(array, policy);
}
public SecTrust(X509CertificateCollection certificates, SecPolicy policy)
{
if (certificates == null)
{
throw new ArgumentNullException("certificates");
}
var array = new SafeSecCertificateHandle [certificates.Count];
int i = 0;
foreach (var certificate in certificates)
{
array [i++] = MonoCertificatePal.FromOtherCertificate(certificate);
}
Initialize(array, policy);
for (i = 0; i < array.Length; i++)
{
array [i].Dispose();
}
}
void Initialize(SecCertificate[] array, SecPolicy policy)
{
using (var certs = CFArray.CreateArray(array)) {
Initialize(certs.Handle, policy);
}
}