public override IMonoSslStream CreateSslStream (
Stream innerStream, bool leaveInnerStreamOpen,
MonoTlsSettings settings = null)
{
var impl = new MNS.Private.LegacySslStream (innerStream, leaveInnerStreamOpen, this, settings);
return new MNS.Private.MonoSslStreamImpl (impl);
}
MSI.MonoTlsSettings GetSettings(ConnectionParameters parameters, bool requireSettings)
{
MSI.MonoTlsSettings settings = null;
if (requireSettings)
{
settings = MSI.MonoTlsSettings.CopyDefaultSettings();
}
if (parameters.ValidationParameters != null && parameters.ValidationParameters.TrustedRoots != null)
{
if (settings == null)
{
settings = MSI.MonoTlsSettings.CopyDefaultSettings();
}
settings.TrustAnchors = new X509CertificateCollection();
foreach (var trustedRoot in parameters.ValidationParameters.TrustedRoots)
{
var trustedRootCert = ResourceManager.GetCertificate(trustedRoot);
settings.TrustAnchors.Add(trustedRootCert);
}
}
if ((parameters.SslStreamFlags & SslStreamFlags.CleanShutdown) != 0)
{
if (settings == null)
{
settings = MSI.MonoTlsSettings.CopyDefaultSettings();
}
var setup = DependencyInjector.Get <IMonoConnectionFrameworkSetup> ();
setup.SendCloseNotify(settings, true);
}
return(settings);
}
protected sealed override async Task <ISslStream> Start(TestContext ctx, Stream stream, CancellationToken cancellationToken)
{
UserSettings userSettings = new UserSettings();
if (SupportsInstrumentation && InstrumentationProvider != null)
{
var instrumentation = InstrumentationProvider.CreateInstrument(ctx);
if (instrumentation != null && instrumentation.HasSettingsInstrument)
{
userSettings = instrumentation.SettingsInstrument.UserSettings;
}
userSettings.Instrumentation = instrumentation;
}
GetSettings(userSettings);
if (ConnectionProvider.IsNewTls)
{
settings = new MSI.MonoTlsSettings();
settings.UserSettings = userSettings;
}
monoSslStream = await Start(ctx, stream, settings, cancellationToken);
return(monoSslStream);
}
public AppleTlsContext(
MobileAuthenticatedStream parent, MonoTlsSettings settings,
AppleTlsProvider provider, bool serverMode, string targetHost,
SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate,
X509CertificateCollection clientCertificates, bool askForClientCert)
{
this.parent = parent;
this.settings = settings;
this.provider = provider;
this.serverMode = serverMode;
this.targetHost = targetHost;
this.enabledProtocols = enabledProtocols;
this.serverCertificate = serverCertificate;
this.clientCertificates = clientCertificates;
this.askForClientCert = askForClientCert;
handle = GCHandle.Alloc (this);
connectionId = GCHandle.ToIntPtr (handle);
readFunc = NativeReadCallback;
writeFunc = NativeWriteCallback;
// a bit higher than the default maximum fragment size
readBuffer = new byte [16384];
writeBuffer = new byte [16384];
certificateValidator = CertificateValidationHelper.GetDefaultValidator (settings, provider);
if (IsServer) {
if (serverCertificate == null)
throw new ArgumentNullException ("serverCertificate");
}
}
public SslStream CreateSslStream(TestContext ctx, Stream stream, ConnectionParameters parameters, bool server)
{
var settings = new MSI.MonoTlsSettings();
if (parameters is MonoConnectionParameters monoParams)
{
if (monoParams.ClientCiphers != null)
{
settings.EnabledCiphers = monoParams.ClientCiphers.ToArray();
}
if (!server && monoParams.ClientCertificateIssuers != null)
{
if (clientCertIssuersProp == null)
{
ctx.AssertFail("MonoTlsSettings.ClientCertificateIssuers is not supported!");
}
clientCertIssuersProp.SetValue(settings, monoParams.ClientCertificateIssuers);
}
}
if (server)
{
CallbackHelpers.AddCertificateValidator(settings, parameters.ServerCertificateValidator);
}
else
{
CallbackHelpers.AddCertificateValidator(settings, parameters.ClientCertificateValidator);
CallbackHelpers.AddCertificateSelector(settings, parameters.ClientCertificateSelector);
}
return(tlsProvider.CreateSslStream(stream, false, settings).SslStream);
}
public override IMonoSslStream CreateSslStream (
Stream innerStream, bool leaveInnerStreamOpen,
MonoTlsSettings settings = null)
{
return new MonoBtlsStream (
innerStream, leaveInnerStreamOpen, settings, this);
}
internal static MonoSslStream CreateSslStream (
Stream innerStream, bool leaveInnerStreamOpen,
MonoTlsProvider provider, MonoTlsSettings settings = null)
{
var stream = new MonoNewTlsStream (innerStream, leaveInnerStreamOpen, provider, settings);
return new MonoSslStreamImpl (stream);
}
internal static MonoSslStream CreateSslStream (
Stream innerStream, bool leaveInnerStreamOpen,
ICertificateValidator certificateValidator,
MonoTlsSettings settings = null)
{
var stream = new MonoNewTlsStream (innerStream, leaveInnerStreamOpen, certificateValidator, settings);
return new MonoSslStreamImpl (stream);
}
#pragma warning disable 618
internal static ICertificateValidator GetInternalValidator (MonoTlsProvider provider, MonoTlsSettings settings)
{
if (settings == null)
return new ChainValidationHelper (provider, null, false, null, null);
if (settings.CertificateValidator != null)
return settings.CertificateValidator;
return new ChainValidationHelper (provider, settings, false, null, null);
}
public override IMonoTlsContext CreateTlsContext (
string hostname, bool serverMode, TlsProtocols protocolFlags,
X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
bool remoteCertRequired, MonoEncryptionPolicy encryptionPolicy,
MonoTlsSettings settings)
{
throw new NotSupportedException ();
}
public MobileAuthenticatedStream(Stream innerStream, bool leaveInnerStreamOpen, MonoTlsSettings settings, AppleTlsProvider provider)
: base(innerStream, leaveInnerStreamOpen)
{
Settings = settings;
Provider = provider;
readBuffer = new BufferOffsetSize (new byte [16384], 0, 0);
writeBuffer = new BufferOffsetSize (new byte [16384], 0, 0);
}
internal static void AddCertificateValidator(MSI.MonoTlsSettings settings, CertificateValidator validator)
{
if (validator == null)
{
return;
}
settings.RemoteCertificateValidationCallback = (s, c, ch, e) => {
return(validator.ValidationCallback(s, c, ch, (SslPolicyErrors)e));
};
}
internal static void AddCertificateSelector(MSI.MonoTlsSettings settings, CertificateSelector selector)
{
if (selector == null)
{
return;
}
settings.ClientCertificateSelectionCallback = (t, lc, rc, ai) => {
return(selector.SelectionCallback(null, t, lc, rc, ai));
};
}
public MonoTlsStream (HttpWebRequest request, NetworkStream networkStream)
{
this.request = request;
this.networkStream = networkStream;
settings = request.TlsSettings;
provider = request.TlsProvider ?? MonoTlsProviderFactory.GetProviderInternal ();
status = WebExceptionStatus.SecureChannelFailure;
/*validationHelper =*/ ChainValidationHelper.Create (provider.Provider, ref settings, this);
}
internal static MSI.ICertificateValidator GetCertificateValidator (ICertificateValidator validator)
{
if (validator == null)
return null;
var settings = new MSI.MonoTlsSettings ();
settings.ServerCertificateValidationCallback = (s, c, ch, e) => {
return ((CertificateValidator)validator).ValidationCallback (s, c, ch, (SslPolicyErrors)e);
};
return MSI.CertificateValidationHelper.CreateDefaultValidator (settings);
}
protected sealed override async Task <ISslStream> Start(TestContext ctx, Stream stream, CancellationToken cancellationToken)
{
if (ConnectionProvider.SupportsMonoExtensions)
{
settings = new MSI.MonoTlsSettings();
GetSettings(ctx, settings);
}
monoSslStream = await Start(ctx, stream, settings, cancellationToken);
return(monoSslStream);
}
internal override MSI.IMonoTlsContext CreateTlsContext(
string hostname, bool serverMode, MSI.TlsProtocols protocolFlags,
SSCX.X509Certificate serverCertificate, PSSCX.X509CertificateCollection clientCertificates,
bool remoteCertRequired, MSI.MonoEncryptionPolicy encryptionPolicy,
MSI.MonoTlsSettings settings)
{
var config = TlsProviderFactory.CreateTlsConfiguration(
hostname, serverMode, protocolFlags, serverCertificate,
remoteCertRequired, settings);
return(new TlsContextWrapper(config, serverMode));
}
public TlsConfiguration (TlsProtocols protocols, MonoTlsSettings settings, string targetHost)
{
supportedProtocols = protocols;
requestedProtocol = CheckProtocol (settings, ref supportedProtocols, false);
TlsSettings = settings;
TargetHost = targetHost;
if (settings != null)
UserSettings = (UserSettings)settings.UserSettings;
if (UserSettings == null)
UserSettings = new UserSettings ();
RenegotiationFlags = DefaultRenegotiationFlags;
}
protected override void GetSettings(TestContext ctx, MSI.MonoTlsSettings settings)
{
if (MonoParameters != null && MonoParameters.ClientCiphers != null)
{
settings.EnabledCiphers = MonoParameters.ClientCiphers.ToArray();
}
if (MonoParameters != null)
{
#if FIXME
settings.RequestCipherSuites = MonoParameters.ClientCiphers;
settings.NamedCurve = MonoParameters.ClientNamedCurve;
#endif
}
}
public TlsConfiguration (TlsProtocols protocols, MonoTlsSettings settings, MX.X509Certificate certificate, AsymmetricAlgorithm privateKey)
{
supportedProtocols = protocols;
requestedProtocol = CheckProtocol (settings, ref supportedProtocols, true);
TlsSettings = settings;
Certificate = certificate;
PrivateKey = privateKey;
if (settings != null)
UserSettings = (UserSettings)settings.UserSettings;
if (UserSettings == null)
UserSettings = new UserSettings ();
RenegotiationFlags = DefaultRenegotiationFlags;
}
internal SslStream (Stream innerStream, bool leaveInnerStreamOpen, EncryptionPolicy encryptionPolicy, MonoTlsProvider provider, MonoTlsSettings settings)
: base (innerStream, leaveInnerStreamOpen)
{
if (encryptionPolicy != EncryptionPolicy.RequireEncryption && encryptionPolicy != EncryptionPolicy.AllowNoEncryption && encryptionPolicy != EncryptionPolicy.NoEncryption)
throw new ArgumentException (SR.GetString (SR.net_invalid_enum, "EncryptionPolicy"), "encryptionPolicy");
var validationHelper = MNS.ChainValidationHelper.CloneWithCallbackWrapper (provider, ref settings, myUserCertValidationCallbackWrapper);
LocalCertSelectionCallback selectionCallback = null;
if (validationHelper.HasCertificateSelectionCallback)
selectionCallback = validationHelper.SelectClientCertificate;
var internalProvider = new MNS.Private.MonoTlsProviderWrapper (provider);
_Configuration = new MyConfiguration (internalProvider, settings, this);
_SslState = new SslState (innerStream, null, selectionCallback, encryptionPolicy, _Configuration);
}
public static MonoNewTlsStream CreateClient (
Stream innerStream, bool leaveOpen, MonoTlsProvider provider, MonoTlsSettings settings,
string targetHost, PSSCX.X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
var stream = new MonoNewTlsStream (innerStream, leaveOpen, provider, settings);
try {
stream.AuthenticateAsClient (targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation);
} catch (Exception ex) {
var tlsEx = stream.LastError;
if (tlsEx != null)
throw new AggregateException (ex, tlsEx);
throw;
}
return stream;
}
MSI.MonoTlsSettings GetSettings(ConnectionParameters parameters)
{
MSI.MonoTlsSettings settings = null;
if (parameters.ValidationParameters != null && parameters.ValidationParameters.TrustedRoots != null)
{
settings = MSI.MonoTlsSettings.CopyDefaultSettings();
settings.TrustAnchors = new X509CertificateCollection();
foreach (var trustedRoot in parameters.ValidationParameters.TrustedRoots)
{
var trustedRootCert = ResourceManager.GetCertificate(trustedRoot);
settings.TrustAnchors.Add(trustedRootCert);
}
}
return(settings);
}
public override MonoSslStream CreateSslStream (
Stream innerStream, bool leaveInnerStreamOpen,
MonoTlsSettings settings = null)
{
if (settings != null)
throw new NotSupportedException ("Mono-specific API Extensions not available.");
RemoteCertificateValidationCallback validation_callback = null;
LocalCertificateSelectionCallback selection_callback = null;
if (settings != null) {
validation_callback = ConvertCallback (settings.RemoteCertificateValidationCallback);
selection_callback = ConvertCallback (settings.ClientCertificateSelectionCallback);
}
return new DotNetSslStreamImpl (innerStream, leaveInnerStreamOpen, validation_callback, selection_callback);
}
public MonoSslStream CreateServerStream(Stream stream, ConnectionParameters parameters)
{
var settings = new MSI.MonoTlsSettings();
var certificate = parameters.ServerCertificate;
var protocol = GetProtocol(parameters, true);
CallbackHelpers.AddCertificateValidator(settings, parameters.ServerCertificateValidator);
var askForCert = parameters.AskForClientCertificate || parameters.RequireClientCertificate;
var sslStream = tlsProvider.CreateSslStream(stream, false, settings);
sslStream.AuthenticateAsServer(certificate, askForCert, protocol, false);
return(new MonoSslStream(sslStream));
}
public HttpWebRequest CreateWebRequest(Uri uri, ConnectionParameters parameters)
{
MSI.MonoTlsSettings settings = null;
if (parameters.ValidationParameters != null && parameters.ValidationParameters.TrustedRoots != null)
{
settings = MSI.MonoTlsSettings.CopyDefaultSettings();
settings.TrustAnchors = new X509CertificateCollection();
foreach (var trustedRoot in parameters.ValidationParameters.TrustedRoots)
{
var trustedRootCert = ResourceManager.GetCertificate(trustedRoot);
settings.TrustAnchors.Add(trustedRootCert);
}
}
var setup = DependencyInjector.Get <IMonoConnectionFrameworkSetup> ();
return(setup.CreateHttpsRequest(uri, tlsProvider, settings));
}
public TlsConfiguration(MSI.TlsProtocols protocols, MSI.MonoTlsSettings settings, string targetHost)
{
supportedProtocols = protocols;
requestedProtocol = CheckProtocol(settings, ref supportedProtocols, false);
TlsSettings = settings;
TargetHost = targetHost;
if (settings != null)
{
UserSettings = (UserSettings)settings.UserSettings;
}
if (UserSettings == null)
{
UserSettings = new UserSettings(settings);
}
RenegotiationFlags = DefaultRenegotiationFlags;
}
public TlsConfiguration(MSI.TlsProtocols protocols, MSI.MonoTlsSettings settings, MX.X509Certificate certificate, AsymmetricAlgorithm privateKey)
{
supportedProtocols = protocols;
requestedProtocol = CheckProtocol(settings, ref supportedProtocols, true);
TlsSettings = settings;
Certificate = certificate;
PrivateKey = privateKey;
if (settings != null)
{
UserSettings = (UserSettings)settings.UserSettings;
}
if (UserSettings == null)
{
UserSettings = new UserSettings(settings);
}
RenegotiationFlags = DefaultRenegotiationFlags;
}
internal SslStream (Stream innerStream, bool leaveInnerStreamOpen, EncryptionPolicy encryptionPolicy, MonoTlsSettings settings)
: base (innerStream, leaveInnerStreamOpen)
{
#if MARTIN_FIXME
if (encryptionPolicy != EncryptionPolicy.RequireEncryption && encryptionPolicy != EncryptionPolicy.AllowNoEncryption && encryptionPolicy != EncryptionPolicy.NoEncryption)
throw new ArgumentException (SR.GetString (SR.net_invalid_enum, "EncryptionPolicy"), "encryptionPolicy");
var validationHelper = ChainValidationHelper.CloneWithCallbackWrapper (ref settings, myUserCertValidationCallbackWrapper);
LocalCertSelectionCallback selectionCallback = null;
if (validationHelper.HasCertificateSelectionCallback)
selectionCallback = validationHelper.SelectClientCertificate;
_Configuration = new MyConfiguration (settings, this);
_SslState = new SslState (innerStream, null, selectionCallback, encryptionPolicy, _Configuration);
#else
throw new NotImplementedException ();
#endif
}
protected override void GetSettings(TestContext ctx, MSI.MonoTlsSettings settings)
{
#if FIXME
if (Parameters.RequireClientCertificate)
{
settings.RequireClientCertificate = settings.AskForClientCertificate = true;
}
else if (Parameters.AskForClientCertificate)
{
settings.AskForClientCertificate = true;
}
#endif
if (MonoParameters == null)
{
return;
}
if (MonoParameters.ServerCiphers != null)
{
settings.EnabledCiphers = MonoParameters.ServerCiphers.ToArray();
}
if (MonoParameters.ClientCertificateIssuers != null)
{
if (clientCertIssuersProp == null)
{
ctx.AssertFail("MonoTlsSettings.ClientCertificateIssuers is not supported!");
}
clientCertIssuersProp.SetValue(settings, MonoParameters.ClientCertificateIssuers);
}
if (MonoParameters != null)
{
#if FIXME
settings.RequestCipherSuites = MonoParameters.ServerCiphers;
settings.NamedCurve = MonoParameters.ServerNamedCurve;
#endif
}
}
internal static ITlsConfiguration CreateTlsConfiguration(
string hostname, bool serverMode, MSI.TlsProtocols protocolFlags,
SSCX.X509Certificate serverCertificate, bool remoteCertRequired,
MSI.MonoTlsSettings settings)
{
object[] args;
ITlsConfiguration config;
if (serverMode)
{
var cert = (PSSCX.X509Certificate2)serverCertificate;
var monoCert = new MX.X509Certificate(cert.RawData);
args = new object[] {
(MSI.TlsProtocols)protocolFlags,
(MSI.MonoTlsSettings)settings,
monoCert,
cert.PrivateKey
};
}
else
{
args = new object[] {
(MSI.TlsProtocols)protocolFlags,
(MSI.MonoTlsSettings)settings,
hostname
};
}
config = (ITlsConfiguration)CreateInstance(tlsConfigTypeName, args);
if (serverMode && remoteCertRequired)
{
config.AskForClientCertificate = true;
}
return(config);
}
static MSI.TlsProtocolCode CheckProtocol(MSI.MonoTlsSettings settings, ref MSI.TlsProtocols protocols, bool isServer)
{
if (settings != null && settings.EnabledProtocols != null)
{
protocols = (MSI.TlsProtocols)settings.EnabledProtocols.Value;
}
if (isServer)
{
protocols &= MSI.TlsProtocols.ServerMask;
}
else
{
protocols &= MSI.TlsProtocols.ClientMask;
}
if (protocols == 0)
{
throw new MSI.TlsException(MSI.AlertDescription.ProtocolVersion);
}
if ((protocols & MSI.TlsProtocols.Tls12) != 0)
{
return(MSI.TlsProtocolCode.Tls12);
}
if ((protocols & MSI.TlsProtocols.Tls11) != 0)
{
return(MSI.TlsProtocolCode.Tls11);
}
if ((protocols & MSI.TlsProtocols.Tls10) != 0)
{
return(MSI.TlsProtocolCode.Tls10);
}
throw new MSI.TlsException(MSI.AlertDescription.ProtocolVersion);
}
ChainValidationHelper (MonoTlsProvider provider, MonoTlsSettings settings, bool cloneSettings, MonoTlsStream stream, ServerCertValidationCallbackWrapper callbackWrapper)
{
if (settings == null)
settings = MonoTlsSettings.CopyDefaultSettings ();
if (cloneSettings)
settings = settings.CloneWithValidator (this);
if (provider == null)
provider = MonoTlsProviderFactory.GetProvider ();
this.provider = provider;
this.settings = settings;
this.tlsStream = stream;
this.callbackWrapper = callbackWrapper;
var fallbackToSPM = false;
if (settings != null) {
if (settings.RemoteCertificateValidationCallback != null) {
var callback = Private.CallbackHelpers.MonoToPublic (settings.RemoteCertificateValidationCallback);
certValidationCallback = new ServerCertValidationCallback (callback);
}
certSelectionCallback = Private.CallbackHelpers.MonoToInternal (settings.ClientCertificateSelectionCallback);
fallbackToSPM = settings.UseServicePointManagerCallback ?? stream != null;
}
if (stream != null) {
this.request = stream.Request;
this.sender = request;
if (certValidationCallback == null)
certValidationCallback = request.ServerCertValidationCallback;
if (certSelectionCallback == null)
certSelectionCallback = new LocalCertSelectionCallback (DefaultSelectionCallback);
if (settings == null)
fallbackToSPM = true;
}
if (fallbackToSPM && certValidationCallback == null)
certValidationCallback = ServicePointManager.ServerCertValidationCallback;
}
/*
* Create @HttpWebRequest with the specified @provider (may be null to use the default one).
*
* NOTE: This needs to be written as "System.Uri" to avoid ambiguity with Mono.Security.Uri in the
* mobile build.
*
*/
public static HttpWebRequest CreateHttpsRequest (System.Uri requestUri, MonoTlsProvider provider, MonoTlsSettings settings = null)
{
return NoReflectionHelper.CreateHttpsRequest (requestUri, provider, settings);
}
internal abstract IMonoTlsContext CreateTlsContext(
string hostname, bool serverMode, TlsProtocols protocolFlags,
X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
bool remoteCertRequired, MonoEncryptionPolicy encryptionPolicy,
MonoTlsSettings settings);
protected abstract void GetSettings(TestContext ctx, MSI.MonoTlsSettings settings);
public abstract IMonoTlsContext CreateTlsContext ( string hostname, bool serverMode, TlsProtocols protocolFlags, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool remoteCertRequired, MonoEncryptionPolicy encryptionPolicy, MonoTlsSettings settings);
internal MonoNewTlsStream (Stream innerStream, bool leaveOpen, ICertificateValidator certificateValidator, MonoTlsSettings settings)
: base (innerStream, leaveOpen, certificateValidator, EncryptionPolicy.RequireEncryption, settings)
{
}
MonoTlsSettings (MonoTlsSettings other)
{
RemoteCertificateValidationCallback = other.RemoteCertificateValidationCallback;
ClientCertificateSelectionCallback = other.ClientCertificateSelectionCallback;
checkCertName = other.checkCertName;
checkCertRevocationStatus = other.checkCertRevocationStatus;
UseServicePointManagerCallback = other.useServicePointManagerCallback;
skipSystemValidators = other.skipSystemValidators;
callbackNeedsChain = other.callbackNeedsChain;
UserSettings = other.UserSettings;
EnabledProtocols = other.EnabledProtocols;
TrustAnchors = other.TrustAnchors;
cloned = true;
}
/*
* Use this overloaded version in user code.
*/
public static ICertificateValidator GetValidator(MonoTlsSettings settings)
{
return(GetDefaultValidator(null, settings));
}
public LegacySslStream (Stream innerStream, bool leaveInnerStreamOpen, MonoTlsProvider provider, MonoTlsSettings settings)
: base (innerStream, leaveInnerStreamOpen)
{
this.provider = provider;
this.settings = settings;
this.certificateValidator = ChainValidationHelper.GetDefaultValidator (provider, settings);
}
public static System.Net.HttpListener CreateHttpListener(System.Security.Cryptography.X509Certificates.X509Certificate certificate, MonoTlsProvider provider, MonoTlsSettings settings)
{
throw new NotImplementedException();
}
internal MonoNewTlsStream(Stream innerStream, bool leaveOpen, MSI.MonoTlsProvider provider, MSI.MonoTlsSettings settings)
: base(innerStream, leaveOpen, EncryptionPolicy.RequireEncryption, provider, settings)
{
this.provider = provider;
}
/*
* Obtain a @IMonoSslStream instance.
*
*/
public abstract IMonoSslStream CreateSslStream(
Stream innerStream, bool leaveInnerStreamOpen,
MonoTlsSettings settings = null);
protected abstract Task <MonoSslStream> Start(TestContext ctx, Stream stream, MSI.MonoTlsSettings settings, CancellationToken cancellationToken);
protected override async Task <MonoSslStream> Start(TestContext ctx, Stream stream, MSI.MonoTlsSettings settings, CancellationToken cancellationToken)
{
var server = await ConnectionProvider.CreateServerStreamAsync(stream, Parameters, settings, cancellationToken);
ctx.LogMessage("Successfully authenticated server.");
return(server);
}
internal static ICertificateValidator GetDefaultValidator (MonoTlsSettings settings)
{
var provider = MonoTlsProviderFactory.GetProvider ();
if (settings == null)
return new ChainValidationHelper (provider, null, false, null, null);
if (settings.CertificateValidator != null)
throw new NotSupportedException ();
return new ChainValidationHelper (provider, settings, false, null, null);
}
internal MonoNewTlsStream(Stream innerStream, MSI.MonoTlsProvider provider, MSI.MonoTlsSettings settings)
: this(innerStream, false, provider, settings)
{
}
public async Task <MonoSslStream> CreateServerStreamAsync(Stream stream, ConnectionParameters parameters, MSI.MonoTlsSettings settings, CancellationToken cancellationToken)
{
var certificate = parameters.ServerCertificate;
var protocol = GetProtocol(parameters, true);
CallbackHelpers.AddCertificateValidator(settings, parameters.ServerCertificateValidator);
var askForCert = parameters.AskForClientCertificate || parameters.RequireClientCertificate;
var sslStream = tlsProvider.CreateSslStream(stream, false, settings);
var monoSslStream = new MonoSslStream(sslStream);
await sslStream.AuthenticateAsServerAsync(certificate, askForCert, protocol, false).ConfigureAwait(false);
return(monoSslStream);
}
public MobileTlsStream (MonoTlsSettings settings, MobileTlsProvider provider)
{
this.settings = settings;
this.provider = provider;
}
public MonoTlsSettings CloneWithValidator (ICertificateValidator validator)
{
if (cloned) {
this.certificateValidator = validator;
return this;
}
var copy = new MonoTlsSettings (this);
copy.certificateValidator = validator;
return copy;
}
public static System.Net.HttpWebRequest CreateHttpsRequest(Uri requestUri, MonoTlsProvider provider, MonoTlsSettings settings)
{
throw new NotImplementedException();
}
public async Task <MonoSslStream> CreateClientStreamAsync(Stream stream, string targetHost, ConnectionParameters parameters, MSI.MonoTlsSettings settings, CancellationToken cancellationToken)
{
var protocol = GetProtocol(parameters, false);
CallbackHelpers.AddCertificateValidator(settings, parameters.ClientCertificateValidator);
CallbackHelpers.AddCertificateSelector(settings, parameters.ClientCertificateSelector);
var clientCertificates = CallbackHelpers.GetClientCertificates(parameters);
var sslStream = tlsProvider.CreateSslStream(stream, false, settings);
var monoSslStream = new MonoSslStream(sslStream);
await sslStream.AuthenticateAsClientAsync(targetHost, clientCertificates, protocol, false).ConfigureAwait(false);
return(monoSslStream);
}
/*
* This is a hack which is used in SslStream - see ReferenceSources/SslStream.cs for details.
*/
internal static ChainValidationHelper CloneWithCallbackWrapper (MonoTlsProvider provider, ref MonoTlsSettings settings, ServerCertValidationCallbackWrapper wrapper)
{
var helper = (ChainValidationHelper)settings.CertificateValidator;
if (helper == null)
helper = new ChainValidationHelper (provider, settings, true, null, wrapper);
else
helper = new ChainValidationHelper (helper, provider, settings, wrapper);
settings = helper.settings;
return helper;
}
/* * Obtain a @MonoSslStream instance. * */ public abstract MonoSslStream CreateSslStream ( Stream innerStream, bool leaveInnerStreamOpen, MonoTlsSettings settings = null);
ChainValidationHelper (ChainValidationHelper other, MonoTlsProvider provider, MonoTlsSettings settings, ServerCertValidationCallbackWrapper callbackWrapper = null)
{
sender = other.sender;
certValidationCallback = other.certValidationCallback;
certSelectionCallback = other.certSelectionCallback;
tlsStream = other.tlsStream;
request = other.request;
if (settings == null)
settings = MonoTlsSettings.DefaultSettings;
this.provider = provider;
this.settings = settings.CloneWithValidator (this);
this.callbackWrapper = callbackWrapper;
}
public static HttpListener CreateHttpListener (X509Certificate certificate, MonoTlsProvider provider = null, MonoTlsSettings settings = null)
{
return (HttpListener)NoReflectionHelper.CreateHttpListener (certificate, provider, settings);
}
internal static ChainValidationHelper Create (MonoTlsProvider provider, ref MonoTlsSettings settings, MonoTlsStream stream)
{
var helper = new ChainValidationHelper (provider, settings, true, stream, null);
settings = helper.settings;
return helper;
}
protected override async Task <MonoSslStream> Start(TestContext ctx, Stream stream, MSI.MonoTlsSettings settings, CancellationToken cancellationToken)
{
ctx.LogMessage("Connected.");
var targetHost = Parameters.TargetHost ?? EndPoint.HostName ?? EndPoint.Address;
ctx.LogDebug(1, "Using '{0}' as target host.", targetHost);
var client = await ConnectionProvider.CreateClientStreamAsync(stream, targetHost, Parameters, settings, cancellationToken);
ctx.LogMessage("Successfully authenticated client.");
return(client);
}
/*
* Internal API, intended to be used by MonoTlsProvider implementations.
*/
internal static ICertificateValidator2 GetInternalValidator(MonoTlsSettings settings, MonoTlsProvider provider)
{
return((ICertificateValidator2)NoReflectionHelper.GetInternalValidator(provider, settings));
}
