public TlsContext(TlsConfiguration configuration, bool isServer)
{
this.configuration = configuration;
this.isServer = isServer;
#if INSTRUMENTATION
SetupInstrumentation();
#endif
session = new Session(configuration);
Session.RandomNumberGenerator = RandomNumberGenerator.Create();
if (IsServer)
{
negotiationHandler = CreateNegotiationHandler(NegotiationState.InitialServerConnection);
}
else
{
negotiationHandler = CreateNegotiationHandler(NegotiationState.InitialClientConnection);
}
if (Configuration.UserSettings != null && Configuration.UserSettings.EnableDebugging)
{
EnableDebugging = true;
}
}
internal static void CheckRemoteCertificate(TlsConfiguration config, MX.X509CertificateCollection certificates)
{
if (certificates == null || certificates.Count < 1)
{
throw new TlsException(AlertDescription.CertificateUnknown);
}
var helper = CertificateValidationHelper.GetValidator(config.TlsSettings);
X509Certificate2Collection scerts = null;
if (certificates != null)
{
scerts = new X509Certificate2Collection();
for (int i = 0; i < certificates.Count; i++)
{
scerts.Add(new X509Certificate2(certificates [i].RawData));
}
}
var result = helper.ValidateChain(config.TargetHost, scerts);
if (result != null && result.Trusted && !result.UserDenied)
{
return;
}
// FIXME: check other values to report correct error type.
throw new TlsException(AlertDescription.CertificateUnknown);
}
public TlsContext (TlsConfiguration configuration, bool isServer)
{
this.configuration = configuration;
this.isServer = isServer;
#if INSTRUMENTATION
if (configuration.HasInstrumentation) {
if (configuration.Instrumentation.HasSignatureInstrument)
signatureProvider = configuration.Instrumentation.SignatureInstrument;
if (configuration.Instrumentation.HasSettingsInstrument)
settingsProvider = configuration.Instrumentation.SettingsInstrument;
handshakeInstruments = configuration.Instrumentation.HandshakeInstruments;
}
#endif
if (signatureProvider == null)
signatureProvider = new SignatureProvider ();
if (settingsProvider == null)
settingsProvider = new SettingsProvider (configuration.TlsSettings.UserSettings);
session = new Session (configuration);
Session.RandomNumberGenerator = RandomNumberGenerator.Create ();
if (IsServer)
negotiationHandler = CreateNegotiationHandler (NegotiationState.InitialServerConnection);
else
negotiationHandler = CreateNegotiationHandler (NegotiationState.InitialClientConnection);
if (settingsProvider.EnableDebugging ?? false)
EnableDebugging = true;
settingsProvider.Initialize (this);
}
public TlsContext(TlsConfiguration configuration, bool isServer, IMonoTlsEventSink eventSink)
{
this.configuration = configuration;
this.isServer = isServer;
this.eventSink = eventSink;
#if INSTRUMENTATION
var instrumentation = configuration.UserSettings.Instrumentation;
if (instrumentation != null)
{
if (instrumentation.HasSignatureInstrument)
{
signatureProvider = instrumentation.SignatureInstrument;
}
if (instrumentation.HasSettingsInstrument)
{
settingsProvider = instrumentation.SettingsInstrument;
}
handshakeInstruments = instrumentation.HandshakeInstruments;
instrumentationEventSink = instrumentation.EventSink;
}
#endif
if (signatureProvider == null)
{
signatureProvider = new SignatureProvider();
}
if (settingsProvider == null)
{
settingsProvider = new SettingsProvider(configuration.UserSettings);
}
session = new Session(configuration);
Session.RandomNumberGenerator = RandomNumberGenerator.Create();
if (IsServer)
{
negotiationHandler = CreateNegotiationHandler(NegotiationState.InitialServerConnection);
}
else
{
negotiationHandler = CreateNegotiationHandler(NegotiationState.InitialClientConnection);
}
if (settingsProvider.EnableDebugging)
{
EnableDebugging = true;
}
settingsProvider.Initialize(this);
}
internal static void CheckRemoteCertificate (TlsConfiguration config, MX.X509CertificateCollection certificates)
{
if (certificates == null || certificates.Count < 1)
throw new TlsException (AlertDescription.CertificateUnknown);
var helper = config.CertificateValidator;
if (helper == null)
helper = CertificateValidationHelper.CreateDefaultValidator (config.TlsSettings);
var result = helper.ValidateChain (config.TargetHost, certificates);
if (result != null && result.Trusted && !result.UserDenied)
return;
// FIXME: check other values to report correct error type.
throw new TlsException (AlertDescription.CertificateUnknown);
}
internal static void CheckRemoteCertificate (TlsConfiguration config, MX.X509CertificateCollection certificates)
{
if (certificates == null || certificates.Count < 1)
throw new TlsException (AlertDescription.CertificateUnknown);
var helper = CertificateValidationHelper.GetValidator (config.TlsSettings);
X509Certificate2Collection scerts = null;
if (certificates != null) {
scerts = new X509Certificate2Collection ();
for (int i = 0; i < certificates.Count; i++)
scerts.Add (new X509Certificate2 (certificates [i].RawData));
}
var result = helper.ValidateChain (config.TargetHost, scerts);
if (result != null && result.Trusted && !result.UserDenied)
return;
// FIXME: check other values to report correct error type.
throw new TlsException (AlertDescription.CertificateUnknown);
}
internal static bool CheckClientCertificate(TlsConfiguration config, MX.X509CertificateCollection certificates)
{
if (certificates == null || certificates.Count < 1)
{
if (!config.UserSettings.RequireClientCertificate)
{
return(false);
}
throw new TlsException(AlertDescription.CertificateUnknown);
}
var leaf = certificates [0];
var chain = new MX.X509Chain();
chain.LoadCertificates(certificates);
var ok = chain.Build(leaf);
var errors = GetStatus(chain.Status);
var certParams = config.UserSettings.ClientCertificateParameters;
if (certParams.CertificateAuthorities.Count > 0)
{
if (!certParams.CertificateAuthorities.Contains(leaf.IssuerName))
{
throw new TlsException(AlertDescription.BadCertificate);
}
}
if (config.UserSettings.ClientCertValidationCallback != null)
{
ok = config.UserSettings.ClientCertValidationCallback(certParams, leaf, chain, errors);
}
if (!ok)
{
throw new TlsException(AlertDescription.CertificateUnknown);
}
return(true);
}
internal static void CheckRemoteCertificate(TlsConfiguration config, MX.X509CertificateCollection certificates)
{
if (certificates == null || certificates.Count < 1)
{
throw new TlsException(AlertDescription.CertificateUnknown);
}
var leaf = certificates [0];
var chain = new MX.X509Chain();
chain.LoadCertificates(certificates);
var ok = chain.Build(leaf);
var errors = GetStatus(chain.Status);
if (config.RemoteCertValidationCallback != null)
{
ok = config.RemoteCertValidationCallback(null, leaf, chain, errors);
}
if (!ok)
{
throw new TlsException(AlertDescription.CertificateUnknown);
}
}
public Session (TlsConfiguration configuration)
{
Configuration = configuration;
}
public Session(TlsConfiguration configuration)
{
Configuration = configuration;
}
public TlsContextWrapper (TlsConfiguration config, bool serverMode)
{
this.config = config;
this.serverMode = serverMode;
}
public override MSI.IMonoTlsContext CreateTlsContext (
string hostname, bool serverMode, MSI.TlsProtocols protocolFlags,
SSCX.X509Certificate serverCertificate, PSSCX.X509CertificateCollection clientCertificates,
bool remoteCertRequired, MSI.MonoEncryptionPolicy encryptionPolicy,
MSI.MonoTlsSettings settings)
{
TlsConfiguration config;
if (serverMode) {
var cert = (PSSCX.X509Certificate2)serverCertificate;
var monoCert = new MX.X509Certificate (cert.RawData);
config = new TlsConfiguration ((TlsProtocols)protocolFlags, (MSI.MonoTlsSettings)settings, monoCert, cert.PrivateKey);
if (remoteCertRequired)
config.AskForClientCertificate = true;
} else {
config = new TlsConfiguration ((TlsProtocols)protocolFlags, (MSI.MonoTlsSettings)settings, hostname);
}
return new TlsContextWrapper (config, serverMode);
}
