Example #1
0
 public static X509Certificate2 CreateCertificate2(byte[] data, string password, bool disallowFallback = false)
 {
     using (var impl = new X509CertificateImplBtls(disallowFallback)) {
         impl.Import(data, password, X509KeyStorageFlags.DefaultKeySet);
         return(new X509Certificate2(impl));
     }
 }
Example #2
0
        int SelectCallback(string[] acceptableIssuers)
        {
            Debug("SELECT CALLBACK!");

            /*
             * Make behavior consistent with AppleTls, which does not call the selection callback after a
             * certificate has been set.  See the comment in AppleTlsContext for details.
             */
            if (nativeClientCertificate != null)
            {
                return(1);
            }

            GetPeerCertificate();

            var clientCert = SelectClientCertificate(acceptableIssuers);

            Debug($"SELECT CALLBACK #1: {clientCert}");
            if (clientCert == null)
            {
                return(1);
            }

            nativeClientCertificate = GetPrivateCertificate(clientCert);
            Debug($"SELECT CALLBACK #2: {nativeClientCertificate}");
            clientCertificate = new X509Certificate(nativeClientCertificate);
            SetPrivateCertificate(nativeClientCertificate);
            return(1);
        }
Example #3
0
 public MonoBtlsContext(MNS.MobileAuthenticatedStream parent, MNS.MonoSslAuthenticationOptions options)
     : base(parent, options)
 {
     if (IsServer)
     {
         nativeServerCertificate = GetPrivateCertificate(LocalServerCertificate);
     }
 }
Example #4
0
        internal X509Certificate2Impl GetNativeCertificate(
            byte[] data, SafePasswordHandle password, X509KeyStorageFlags flags)
        {
            var impl = new X509CertificateImplBtls(false);

            impl.Import(data, password, flags);
            return(impl);
        }
Example #5
0
        internal override X509Certificate2Impl GetNativeCertificate(
            byte[] data, string password, X509KeyStorageFlags flags)
        {
            var impl = new X509CertificateImplBtls(false);

            impl.Import(data, password, flags);
            return(impl);
        }
		X509CertificateImplBtls (X509CertificateImplBtls other)
		{
			disallowFallback = other.disallowFallback;
			x509 = other.x509 != null ? other.x509.Copy () : null;
			privateKey = other.privateKey != null ? other.privateKey.Copy () : null;
			if (other.intermediateCerts != null)
				intermediateCerts = other.intermediateCerts.Clone ();
		}
Example #7
0
		X509CertificateImplBtls (X509CertificateImplBtls other)
		{
			disallowFallback = other.disallowFallback;
			x509 = other.x509 != null ? other.x509.Copy () : null;
			nativePrivateKey = other.nativePrivateKey != null ? other.nativePrivateKey.Copy () : null;
			fallback = other.fallback != null ? (X509Certificate2Impl)other.fallback.Clone () : null;
			if (other.intermediateCerts != null)
				intermediateCerts = other.intermediateCerts.Clone ();
		}
        X509CertificateImplBtls(X509CertificateImplBtls other)
        {
            x509 = other.x509 != null?other.x509.Copy() : null;

            nativePrivateKey = other.nativePrivateKey != null?other.nativePrivateKey.Copy() : null;

            if (other.intermediateCerts != null)
            {
                intermediateCerts = other.intermediateCerts.Clone();
            }
        }
Example #9
0
        X509CertificateImplBtls(X509CertificateImplBtls other)
        {
            disallowFallback = other.disallowFallback;
            x509             = other.x509 != null?other.x509.Copy() : null;

            privateKey = other.privateKey != null?other.privateKey.Copy() : null;

            if (other.intermediateCerts != null)
            {
                intermediateCerts = other.intermediateCerts.Clone();
            }
        }
Example #10
0
 public MonoBtlsContext(
     MNS.MobileAuthenticatedStream parent,
     bool serverMode, string targetHost,
     SslProtocols enabledProtocols, X509Certificate serverCertificate,
     X509CertificateCollection clientCertificates, bool askForClientCert)
     : base(parent, serverMode, targetHost, enabledProtocols,
            serverCertificate, clientCertificates, askForClientCert)
 {
     if (serverMode)
     {
         nativeServerCertificate = GetPrivateCertificate(serverCertificate);
     }
 }
Example #11
0
        X509CertificateImplBtls(X509CertificateImplBtls other)
        {
            disallowFallback = other.disallowFallback;
            x509             = other.x509 != null?other.x509.Copy() : null;

            nativePrivateKey = other.nativePrivateKey != null?other.nativePrivateKey.Copy() : null;

            fallback = other.fallback != null ? (X509Certificate2Impl)other.fallback.Clone() : null;
            if (other.intermediateCerts != null)
            {
                intermediateCerts = other.intermediateCerts.Clone();
            }
        }
Example #12
0
        static X509CertificateImplBtls GetPrivateCertificate(X509Certificate certificate)
        {
            var impl = certificate.Impl as X509CertificateImplBtls;

            if (impl != null)
            {
                return((X509CertificateImplBtls)impl.Clone());
            }

            var password = Guid.NewGuid().ToString();
            var buffer   = certificate.Export(X509ContentType.Pfx, password);

            impl = new X509CertificateImplBtls();
            impl.Import(buffer, password, X509KeyStorageFlags.DefaultKeySet);
            return(impl);
        }
Example #13
0
        void SetPrivateCertificate(X509CertificateImplBtls privateCert)
        {
            Debug("SetPrivateCertificate: {0}", privateCert);
            ssl.SetCertificate(privateCert.X509);
            ssl.SetPrivateKey(privateCert.NativePrivateKey);
            var intermediate = privateCert.IntermediateCertificates;

            if (intermediate == null)
            {
                return;
            }
            for (int i = 0; i < intermediate.Count; i++)
            {
                var impl = (X509CertificateImplBtls)intermediate [i];
                Debug("SetPrivateCertificate - add intermediate: {0}", impl);
                ssl.AddIntermediateCertificate(impl.X509);
            }
        }
Example #14
0
        int ServerNameCallback()
        {
            Debug("SERVER NAME CALLBACK");
            var name = ssl.GetServerName();

            Debug($"SERVER NAME CALLBACK #1: {name}");

            var certificate = SelectServerCertificate(name);

            if (certificate == null)
            {
                return(1);
            }

            nativeServerCertificate = GetPrivateCertificate(certificate);
            SetPrivateCertificate(nativeServerCertificate);

            return(1);
        }
		internal X509ChainImplBtls (MonoBtlsX509StoreCtx storeCtx)
		{
			this.storeCtx = storeCtx.Copy ();
			this.chain = storeCtx.GetChain ();

			policy = new X509ChainPolicy ();

			untrustedChain = storeCtx.GetUntrusted ();

			if (untrustedChain != null) {
				untrusted = new X509Certificate2Collection ();
				policy.ExtraStore = untrusted;
				for (int i = 0; i < untrustedChain.Count; i++) {
					var cert = untrustedChain.GetCertificate (i);
					using (var impl = new X509CertificateImplBtls (cert))
						untrusted.Add (new X509Certificate2 (impl));
				}
			}
		}
        void ImportPkcs12(byte[] data, SafePasswordHandle password)
        {
            using (var pkcs12 = new MonoBtlsPkcs12()) {
                if (password == null || password.IsInvalid)
                {
                    try {
                        // Support both unencrypted PKCS#12..
                        pkcs12.Import(data, null);
                    } catch {
                        // ..and PKCS#12 encrypted with an empty password
                        using (var empty = new SafePasswordHandle(string.Empty))
                            pkcs12.Import(data, empty);
                    }
                }
                else
                {
                    pkcs12.Import(data, password);
                }

                x509 = pkcs12.GetCertificate(0);
                if (pkcs12.HasPrivateKey)
                {
                    nativePrivateKey = pkcs12.GetPrivateKey();
                }
                if (pkcs12.Count > 1)
                {
                    intermediateCerts = new X509CertificateImplCollection();
                    for (int i = 0; i < pkcs12.Count; i++)
                    {
                        using (var ic = pkcs12.GetCertificate(i)) {
                            if (MonoBtlsX509.Compare(ic, x509) == 0)
                            {
                                continue;
                            }
                            var impl = new X509CertificateImplBtls(ic);
                            intermediateCerts.Add(impl, true);
                        }
                    }
                }
            }
        }
Example #17
0
        internal X509ChainImplBtls(MonoBtlsX509StoreCtx storeCtx)
        {
            this.storeCtx = storeCtx.Copy();
            this.chain    = storeCtx.GetChain();

            policy = new X509ChainPolicy();

            untrustedChain = storeCtx.GetUntrusted();

            if (untrustedChain != null)
            {
                untrusted         = new X509Certificate2Collection();
                policy.ExtraStore = untrusted;
                for (int i = 0; i < untrustedChain.Count; i++)
                {
                    var cert = untrustedChain.GetCertificate(i);
                    using (var impl = new X509CertificateImplBtls(cert))
                        untrusted.Add(new X509Certificate2(impl));
                }
            }
        }
Example #18
0
        int SelectCallback()
        {
            Debug("SELECT CALLBACK!");

            GetPeerCertificate();
            if (remoteCertificate == null)
            {
                throw new TlsException(AlertDescription.InternalError, "Cannot request client certificate before receiving one from the server.");
            }

            var clientCert = SelectClientCertificate(remoteCertificate, null);

            Debug("SELECT CALLBACK #1: {0}", clientCert);
            if (clientCert == null)
            {
                return(1);
            }

            nativeClientCertificate = GetPrivateCertificate(clientCert);
            Debug("SELECT CALLBACK #2: {0}", nativeClientCertificate);
            clientCertificate = new X509Certificate(nativeClientCertificate);
            SetPrivateCertificate(nativeClientCertificate);
            return(1);
        }
Example #19
0
        void SetPrivateCertificate(X509CertificateImplBtls privateCert)
        {
            Debug("SetPrivateCertificate: {0}", privateCert);
            ssl.SetCertificate(privateCert.X509);
            ssl.SetPrivateKey(privateCert.NativePrivateKey);
            var intermediate = privateCert.IntermediateCertificates;

            if (intermediate == null)
            {
                /* Intermediate certificates are lost in the translation from X509Certificate(2) to X509CertificateImplBtls, so we need to restore them somehow. */
                var chain = new System.Security.Cryptography.X509Certificates.X509Chain(false);
                /* Let's try to recover as many as we can. */
                chain.ChainPolicy.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
                chain.Build(new System.Security.Cryptography.X509Certificates.X509Certificate2(privateCert.X509.GetRawData(MonoBtlsX509Format.DER), ""));
                var elems = chain.ChainElements;
                for (int j = 1; j < elems.Count; j++)
                {
                    var cert = elems[j].Certificate;
                    /* If self-signed, it's a root and should not be sent. */
                    if (cert.SubjectName.RawData.SequenceEqual(cert.IssuerName.RawData))
                    {
                        break;
                    }
                    ssl.AddIntermediateCertificate(MonoBtlsX509.LoadFromData(cert.RawData, MonoBtlsX509Format.DER));
                }
            }
            else
            {
                for (int i = 0; i < intermediate.Count; i++)
                {
                    var impl = (X509CertificateImplBtls)intermediate [i];
                    Debug("SetPrivateCertificate - add intermediate: {0}", impl);
                    ssl.AddIntermediateCertificate(impl.X509);
                }
            }
        }
Example #20
0
 public static X509Certificate2 CreateCertificate2(byte[] data, MonoBtlsX509Format format, bool disallowFallback = false)
 {
     using (var impl = new X509CertificateImplBtls(data, format, disallowFallback)) {
         return(new X509Certificate2(impl));
     }
 }
		public static X509Certificate2 CreateCertificate2 (byte[] data, MonoBtlsX509Format format, bool disallowFallback = false)
		{
			using (var impl = new X509CertificateImplBtls (data, format, disallowFallback)) {
				return new X509Certificate2 (impl);
			}
		}
Example #22
0
 public static X509Certificate CreateCertificate(MonoBtlsX509 x509)
 {
     using (var impl = new X509CertificateImplBtls(x509))
         return(new X509Certificate(impl));
 }
Example #23
0
		void ImportPkcs12 (byte[] data, string password)
		{
			using (var pkcs12 = new MonoBtlsPkcs12 ()) {
				if (string.IsNullOrEmpty (password)) {
					try {
						// Support both unencrypted PKCS#12..
						pkcs12.Import (data, null);
					} catch {
						// ..and PKCS#12 encrypted with an empty password
						pkcs12.Import (data, string.Empty);
					}
				} else {
					pkcs12.Import (data, password);
				}

				x509 = pkcs12.GetCertificate (0);
				if (pkcs12.HasPrivateKey)
					nativePrivateKey = pkcs12.GetPrivateKey ();
				if (pkcs12.Count > 1) {
					intermediateCerts = new X509CertificateImplCollection ();
					for (int i = 0; i < pkcs12.Count; i++) {
						using (var ic = pkcs12.GetCertificate (i)) {
							if (MonoBtlsX509.Compare (ic, x509) == 0)
								continue;
							var impl = new X509CertificateImplBtls (ic, true);
							intermediateCerts.Add (impl, true);
						}
					}
				}
			}
		}
Example #24
0
 public static X509Certificate2 CreateCertificate2(byte[] data, string password, bool disallowFallback = false)
 {
     using (var handle = new SafePasswordHandle(password))
         using (var impl = new X509CertificateImplBtls(data, handle, X509KeyStorageFlags.DefaultKeySet))
             return(new X509Certificate2(impl));
 }
Example #25
0
 public static X509Certificate2 CreateCertificate2(byte[] data, MonoBtlsX509Format format)
 {
     using (var impl = new X509CertificateImplBtls(data, format)) {
         return(new X509Certificate2(impl));
     }
 }
		public static X509Certificate2 CreateCertificate2 (byte[] data, string password, bool disallowFallback = false)
		{
			using (var impl = new X509CertificateImplBtls (disallowFallback)) {
				impl.Import (data, password, X509KeyStorageFlags.DefaultKeySet);
				return new X509Certificate2 (impl);
			}
		}
		public static X509Certificate CreateCertificate (MonoBtlsX509 x509)
		{
			using (var impl = new X509CertificateImplBtls (x509, true))
				return new X509Certificate (impl);
		}
		internal override X509Certificate2Impl GetNativeCertificate (
			byte[] data, string password, X509KeyStorageFlags flags)
		{
			var impl = new X509CertificateImplBtls (false);
			impl.Import (data, password, flags);
			return impl;
		}