public MonoConnectionProvider (MonoConnectionProviderFactory factory, ConnectionProviderType type, MSI.MonoTlsProvider tlsProvider, bool enableMonoExtensions) : base (factory, type, GetFlags (tlsProvider, enableMonoExtensions)) { this.tlsProvider = tlsProvider; this.httpProvider = new MonoHttpProvider (this); this.enableMonoExtensions = enableMonoExtensions; }
static ConnectionProviderFlags GetFlags (MSI.MonoTlsProvider tlsProvider, bool enableMonoExtensions) { var flags = ConnectionProviderFlags.SupportsSslStream | ConnectionProviderFlags.SupportsHttp; if (tlsProvider is NewTlsProvider) flags |= ConnectionProviderFlags.SupportsTls12 | ConnectionProviderFlags.SupportsAeadCiphers | ConnectionProviderFlags.SupportsEcDheCiphers; return flags; }
internal static ITlsConfiguration CreateTlsConfiguration ( string hostname, bool serverMode, MSI.TlsProtocols protocolFlags, SSCX.X509Certificate serverCertificate, bool remoteCertRequired, MSI.MonoTlsSettings settings) { object[] args; ITlsConfiguration config; if (serverMode) { var cert = (PSSCX.X509Certificate2)serverCertificate; var monoCert = new MX.X509Certificate (cert.RawData); args = new object[] { (MSI.TlsProtocols)protocolFlags, (MSI.MonoTlsSettings)settings, monoCert, cert.PrivateKey }; } else { args = new object[] { (MSI.TlsProtocols)protocolFlags, (MSI.MonoTlsSettings)settings, hostname }; } config = (ITlsConfiguration)CreateInstance (tlsConfigTypeName, args); if (serverMode && remoteCertRequired) config.AskForClientCertificate = true; return config; }
public MonoSslStream (MSI.MonoSslStream stream) { this.stream = stream; if (NewTlsProvider.IsNewTlsStream (stream)) monoNewTlsStream = NewTlsProvider.GetNewTlsStream (stream); }
protected override async Task<MonoSslStream> Start (TestContext ctx, Stream stream, MSI.MonoTlsSettings settings, CancellationToken cancellationToken) { var server = await ConnectionProvider.CreateServerStreamAsync (stream, Parameters, settings, cancellationToken); ctx.LogMessage ("Successfully authenticated server."); return server; }
internal static void AddCertificateValidator (MSI.MonoTlsSettings settings, ICertificateValidator validator) { if (validator == null) return; settings.RemoteCertificateValidationCallback = (s, c, ch, e) => { return ((CertificateValidator)validator).ValidationCallback (s, c, ch, (SslPolicyErrors)e); }; }
internal override MSI.IMonoTlsContext CreateTlsContext ( string hostname, bool serverMode, MSI.TlsProtocols protocolFlags, SSCX.X509Certificate serverCertificate, PSSCX.X509CertificateCollection clientCertificates, bool remoteCertRequired, MSI.MonoEncryptionPolicy encryptionPolicy, MSI.MonoTlsSettings settings) { var config = TlsProviderFactory.CreateTlsConfiguration ( hostname, serverMode, protocolFlags, serverCertificate, remoteCertRequired, settings); return new TlsContextWrapper (config, serverMode); }
protected override async Task<MonoSslStream> Start (TestContext ctx, Socket socket, MSI.MonoTlsSettings settings, CancellationToken cancellationToken) { ctx.LogMessage ("Accepted connection from {0}.", socket.RemoteEndPoint); var stream = new NetworkStream (socket); var server = await ConnectionProvider.CreateServerStreamAsync (stream, Parameters, settings, cancellationToken); ctx.LogMessage ("Successfully authenticated server."); return server; }
static ConnectionProviderFlags GetFlags (MSI.MonoTlsProvider tlsProvider, bool enableMonoExtensions) { var flags = ConnectionProviderFlags.SupportsSslStream | ConnectionProviderFlags.SupportsHttp; if (tlsProvider is NewTlsProvider) flags |= ConnectionProviderFlags.IsNewTls | ConnectionProviderFlags.SupportsTls12 | ConnectionProviderFlags.SupportsInstrumentation; if (!enableMonoExtensions) return flags; flags |= ConnectionProviderFlags.SupportsMonoExtensions; if (tlsProvider is NewTlsProvider) flags |= ConnectionProviderFlags.CanSelectCiphers; return flags; }
protected override async Task<MonoSslStream> Start (TestContext ctx, Stream stream, MSI.MonoTlsSettings settings, CancellationToken cancellationToken) { ctx.LogMessage ("Connected."); var targetHost = Parameters.TargetHost ?? EndPoint.HostName ?? EndPoint.Address; ctx.LogDebug (1, "Using '{0}' as target host.", targetHost); var client = await ConnectionProvider.CreateClientStreamAsync (stream, targetHost, Parameters, settings, cancellationToken); ctx.LogMessage ("Successfully authenticated client."); return client; }
internal static ITlsContext CreateTlsContext ( ITlsConfiguration config, bool serverMode, MSI.IMonoTlsEventSink eventSink) { return (ITlsContext)CreateInstance ( tlsContextTypeName, new object[] { config, serverMode, eventSink }); }
public static BOSWrapper Wrap (MSI.IBufferOffsetSize bos) { return bos != null ? new BOSWrapper (bos.Buffer, bos.Offset, bos.Size) : null; }
public void Initialize (MSI.IMonoTlsEventSink eventSink) { if (context != null) throw new InvalidOperationException (); context = TlsProviderFactory.CreateTlsContext (config, serverMode, eventSink); }
public override MSI.IMonoSslStream CreateSslStream ( Stream innerStream, bool leaveInnerStreamOpen, MSI.MonoTlsSettings settings = null) { return MonoNewTlsStreamFactory.CreateSslStream (innerStream, leaveInnerStreamOpen, this, settings); }
protected abstract Task<MonoSslStream> Start (TestContext ctx, Socket socket, MSI.MonoTlsSettings settings, CancellationToken cancellationToken);
internal static void AddCertificateSelector (MSI.MonoTlsSettings settings, ICertificateSelector selector) { if (selector == null) return; settings.ClientCertificateSelectionCallback = (t, lc, rc, ai) => { return ((CertificateSelector)selector).SelectionCallback (null, t, lc, rc, ai); }; }
public int DecryptMessage (ref MSI.IBufferOffsetSize incoming) { var buffer = new MSI.TlsBuffer (BOSWrapper.Wrap (incoming)); var retval = Context.DecryptMessage (ref buffer); incoming = buffer != null ? BOSWrapper.Wrap (buffer.GetRemaining ()) : null; return (int)retval; }
public async Task<MonoSslStream> CreateClientStreamAsync (Stream stream, string targetHost, ClientParameters parameters, MSI.MonoTlsSettings settings, CancellationToken cancellationToken) { var protocol = GetProtocol (parameters, false); MSI.ICertificateValidator validator = null; if (settings != null) CallbackHelpers.AddCertificateValidator (settings, parameters.ClientCertificateValidator); else validator = CallbackHelpers.GetCertificateValidator (parameters.ClientCertificateValidator); var clientCertificates = CallbackHelpers.GetClientCertificates (parameters); var sslStream = tlsProvider.CreateSslStream (stream, false, validator, settings); var monoSslStream = new MonoSslStream (sslStream); try { await sslStream.AuthenticateAsClientAsync (targetHost, clientCertificates, protocol, false).ConfigureAwait (false); } catch (Exception ex) { var lastError = monoSslStream.LastError; if (lastError != null) throw new AggregateException (ex, lastError); throw; } return monoSslStream; }
public async Task<MonoSslStream> CreateServerStreamAsync (Stream stream, ServerParameters parameters, MSI.MonoTlsSettings settings, CancellationToken cancellationToken) { var certificate = CertificateProvider.GetCertificate (parameters.ServerCertificate); var protocol = GetProtocol (parameters, true); MSI.ICertificateValidator validator = null; if (settings != null) CallbackHelpers.AddCertificateValidator (settings, parameters.ServerCertificateValidator); else validator = CallbackHelpers.GetCertificateValidator (parameters.ServerCertificateValidator); var askForCert = (parameters.Flags & (ServerFlags.AskForClientCertificate|ServerFlags.RequireClientCertificate)) != 0; var sslStream = tlsProvider.CreateSslStream (stream, false, validator, settings); var monoSslStream = new MonoSslStream (sslStream); try { await sslStream.AuthenticateAsServerAsync (certificate, askForCert, protocol, false).ConfigureAwait (false); } catch (Exception ex) { var lastError = monoSslStream.LastError; if (lastError != null) throw new AggregateException (ex, lastError); throw; } return monoSslStream; }
internal MonoNewTlsStream (Stream innerStream, MSI.MonoTlsProvider provider, MSI.MonoTlsSettings settings) : this (innerStream, false, provider, settings) { }
internal MonoNewTlsStream (Stream innerStream, bool leaveOpen, MSI.MonoTlsProvider provider, MSI.MonoTlsSettings settings) : base (innerStream, leaveOpen, EncryptionPolicy.RequireEncryption, provider, settings) { this.provider = provider; }
public int GenerateNextToken (MSI.IBufferOffsetSize incoming, out MSI.IBufferOffsetSize outgoing) { var input = incoming != null ? new MSI.TlsBuffer (BOSWrapper.Wrap (incoming)) : null; var output = new MSI.TlsMultiBuffer (); var retval = Context.GenerateNextToken (input, output); if (output.IsEmpty) outgoing = null; outgoing = BOSWrapper.Wrap (output.StealBuffer ()); return (int)retval; }