internal static unsafe void SSLStreamSetApplicationProtocols(SafeSslHandle sslHandle, List <SslApplicationProtocol> protocols)
{
int count = protocols.Count;
MemoryHandle[] memHandles = new MemoryHandle[count];
ApplicationProtocolData[] protocolData = new ApplicationProtocolData[count];
try
{
for (int i = 0; i < count; i++)
{
ReadOnlyMemory <byte> protocol = protocols[i].Protocol;
memHandles[i] = protocol.Pin();
protocolData[i] = new ApplicationProtocolData
{
Data = (byte *)memHandles[i].Pointer,
Length = protocol.Length
};
}
int ret = SSLStreamSetApplicationProtocols(sslHandle, protocolData, count);
if (ret != SUCCESS)
{
throw new SslException();
}
}
finally
{
foreach (MemoryHandle memHandle in memHandles)
{
memHandle.Dispose();
}
}
}
public static bool SslCheckHostnameMatch(SafeSslHandle handle, string hostName, DateTime notBefore)
{
int result;
// The IdnMapping converts Unicode input into the IDNA punycode sequence.
// It also does host case normalization. The bypass logic would be something
// like "all characters being within [a-z0-9.-]+"
//
// The SSL Policy (SecPolicyCreateSSL) has been verified as not inherently supporting
// IDNA as of macOS 10.12.1 (Sierra). If it supports low-level IDNA at a later date,
// this code could be removed.
//
// It was verified as supporting case invariant match as of 10.12.1 (Sierra).
string matchName = s_idnMapping.GetAscii(hostName);
using (SafeCFDateHandle cfNotBefore = CoreFoundation.CFDateCreate(notBefore))
using (SafeCreateHandle cfHostname = CoreFoundation.CFStringCreateWithCString(matchName))
{
result = AppleCryptoNative_SslIsHostnameMatch(handle, cfHostname, cfNotBefore);
}
switch (result)
{
case 0:
return(false);
case 1:
return(true);
default:
Debug.Fail($"AppleCryptoNative_SslIsHostnameMatch returned {result}");
throw new SslException();
}
}
internal static IntPtr[]? SSLStreamGetPeerCertificates(SafeSslHandle ssl)
{
IntPtr[]? ptrs;
int count;
Interop.AndroidCrypto.SSLStreamGetPeerCertificates(ssl, out ptrs, out count);
return(ptrs);
}
internal static unsafe PAL_SSLStreamStatus SSLStreamWrite(
SafeSslHandle sslHandle,
ReadOnlyMemory <byte> buffer)
{
using (MemoryHandle memHandle = buffer.Pin())
{
return(SSLStreamWrite(sslHandle, (byte *)memHandle.Pointer, buffer.Length));
}
}
internal static void SslSetAcceptClientCert(SafeSslHandle sslHandle)
{
int osStatus = AppleCryptoNative_SslSetAcceptClientCert(sslHandle);
if (osStatus != 0)
{
throw CreateExceptionForOSStatus(osStatus);
}
}
internal static void SslSetMaxProtocolVersion(SafeSslHandle sslHandle, SslProtocols maxProtocolId)
{
int osStatus = AppleCryptoNative_SslSetMaxProtocolVersion(sslHandle, maxProtocolId);
if (osStatus != 0)
{
throw CreateExceptionForOSStatus(osStatus);
}
}
internal static void SSLStreamSetEnabledProtocols(SafeSslHandle sslHandle, ReadOnlySpan <SslProtocols> protocols)
{
int ret = SSLStreamSetEnabledProtocols(sslHandle, ref MemoryMarshal.GetReference(protocols), protocols.Length);
if (ret != SUCCESS)
{
throw new SslException();
}
}
internal static unsafe PAL_SSLStreamStatus SSLStreamRead(
SafeSslHandle sslHandle,
Span <byte> buffer,
out int bytesRead)
{
fixed(byte *bufferPtr = buffer)
{
return(SSLStreamRead(sslHandle, bufferPtr, buffer.Length, out bytesRead));
}
}
internal static void SSLStreamSetTargetHost(
SafeSslHandle sslHandle,
string targetHost)
{
int ret = SSLStreamSetTargetHostImpl(sslHandle, targetHost);
if (ret != SUCCESS)
{
throw new SslException();
}
}
internal static void SSLStreamConfigureParameters(
SafeSslHandle sslHandle,
string targetHost)
{
int ret = SSLStreamConfigureParametersImpl(sslHandle, targetHost);
if (ret != SUCCESS)
{
throw new SslException();
}
}
internal static unsafe void SslCtxSetAlpnProtos(SafeSslHandle ctx, List <SslApplicationProtocol> protocols)
{
SafeCreateHandle cfProtocolsRefs = null;
SafeCreateHandle[] cfProtocolsArrayRef = null;
try
{
if (protocols.Count == 1 && protocols[0] == SslApplicationProtocol.Http2)
{
cfProtocolsRefs = s_cfAlpnHttp211Protocols;
}
else if (protocols.Count == 1 && protocols[0] == SslApplicationProtocol.Http11)
{
cfProtocolsRefs = s_cfAlpnHttp11Protocols;
}
else if (protocols.Count == 2 && protocols[0] == SslApplicationProtocol.Http2 && protocols[1] == SslApplicationProtocol.Http11)
{
cfProtocolsRefs = s_cfAlpnHttp211Protocols;
}
else
{
// we did not match common case. This is more expensive path allocating Core Foundation objects.
cfProtocolsArrayRef = new SafeCreateHandle[protocols.Count];
IntPtr[] protocolsPtr = new System.IntPtr[protocols.Count];
for (int i = 0; i < protocols.Count; i++)
{
cfProtocolsArrayRef[i] = CoreFoundation.CFStringCreateWithCString(protocols[i].ToString());
protocolsPtr[i] = cfProtocolsArrayRef[i].DangerousGetHandle();
}
cfProtocolsRefs = CoreFoundation.CFArrayCreate(protocolsPtr, (UIntPtr)protocols.Count);
}
int osStatus;
int result = SSLSetALPNProtocols(ctx, cfProtocolsRefs, out osStatus);
if (result != 1)
{
throw CreateExceptionForOSStatus(osStatus);
}
}
finally
{
if (cfProtocolsArrayRef != null)
{
for (int i = 0; i < cfProtocolsArrayRef.Length; i++)
{
cfProtocolsArrayRef[i]?.Dispose();
}
cfProtocolsRefs?.Dispose();
}
}
}
internal static void SslSetCertificate(SafeSslHandle sslHandle, IntPtr[] certChainPtrs)
{
using (SafeCreateHandle cfCertRefs = CoreFoundation.CFArrayCreate(certChainPtrs, (UIntPtr)certChainPtrs.Length))
{
int osStatus = AppleCryptoNative_SslSetCertificate(sslHandle, cfCertRefs);
if (osStatus != 0)
{
throw CreateExceptionForOSStatus(osStatus);
}
}
}
internal static SafeX509Handle SSLStreamGetPeerCertificate(SafeSslHandle ssl)
{
SafeX509Handle cert;
int ret = Interop.AndroidCrypto.SSLStreamGetPeerCertificate(ssl, out cert);
if (ret != SUCCESS)
{
throw new SslException();
}
return(cert);
}
internal static IntPtr[] SSLStreamGetPeerCertificates(SafeSslHandle ssl)
{
IntPtr[] ptrs;
int count;
int ret = Interop.AndroidCrypto.SSLStreamGetPeerCertificates(ssl, out ptrs, out count);
if (ret != SUCCESS)
{
throw new SslException();
}
return(ptrs);
}
internal static void SSLStreamInitialize(
SafeSslHandle sslHandle,
bool isServer,
SSLReadCallback streamRead,
SSLWriteCallback streamWrite,
int appBufferSize)
{
int ret = SSLStreamInitializeImpl(sslHandle, isServer, streamRead, streamWrite, appBufferSize);
if (ret != SUCCESS)
{
throw new SslException();
}
}
internal static void SSLStreamSetTargetHost(
SafeSslHandle sslHandle,
string targetHost)
{
int ret = SSLStreamSetTargetHostImpl(sslHandle, targetHost);
if (ret == UNSUPPORTED_API_LEVEL)
{
throw new PlatformNotSupportedException(SR.net_android_ssl_api_level_unsupported);
}
else if (ret != SUCCESS)
{
throw new SslException();
}
}
internal static void SslBreakOnClientAuth(SafeSslHandle sslHandle, bool setBreak)
{
int osStatus;
int result = AppleCryptoNative_SslSetBreakOnClientAuth(sslHandle, setBreak ? 1 : 0, out osStatus);
if (result == 1)
{
return;
}
if (result == 0)
{
throw CreateExceptionForOSStatus(osStatus);
}
Debug.Fail($"AppleCryptoNative_SslSetBreakOnClientAuth returned {result}");
throw new SslException();
}
internal static byte[] SslGetAlpnSelected(SafeSslHandle ssl)
{
SafeCFDataHandle protocol;
if (SslGetAlpnSelected(ssl, out protocol) != 1 || protocol == null)
{
return(null);
}
try
{
byte[] result = Interop.CoreFoundation.CFGetData(protocol);
return(result);
}
finally
{
protocol.Dispose();
}
}
internal static byte[]? SSLStreamGetApplicationProtocol(SafeSslHandle ssl)
{
int len = 0;
int ret = SSLStreamGetApplicationProtocol(ssl, null, ref len);
if (ret != INSUFFICIENT_BUFFER)
{
return(null);
}
byte[] bytes = new byte[len];
ret = SSLStreamGetApplicationProtocol(ssl, bytes, ref len);
if (ret != SUCCESS)
{
return(null);
}
return(bytes);
}
internal static string SSLStreamGetCipherSuite(SafeSslHandle ssl)
{
IntPtr cipherSuitePtr;
int ret = SSLStreamGetCipherSuite(ssl, out cipherSuitePtr);
if (ret != SUCCESS)
{
throw new SslException();
}
if (cipherSuitePtr == IntPtr.Zero)
{
return(string.Empty);
}
string cipherSuite = Marshal.PtrToStringUni(cipherSuitePtr) !;
Marshal.FreeHGlobal(cipherSuitePtr);
return(cipherSuite);
}
internal static string SSLStreamGetProtocol(SafeSslHandle ssl)
{
IntPtr protocolPtr;
int ret = SSLStreamGetProtocol(ssl, out protocolPtr);
if (ret != SUCCESS)
{
throw new SslException();
}
if (protocolPtr == IntPtr.Zero)
{
return(string.Empty);
}
string protocol = Marshal.PtrToStringUni(protocolPtr) !;
Marshal.FreeHGlobal(protocolPtr);
return(protocol);
}
internal static SafeCFArrayHandle SslCopyCADistinguishedNames(SafeSslHandle sslHandle)
{
SafeCFArrayHandle dnArray;
int osStatus;
int result = AppleCryptoNative_SslCopyCADistinguishedNames(sslHandle, out dnArray, out osStatus);
if (result == 1)
{
return(dnArray);
}
dnArray.Dispose();
if (result == 0)
{
throw CreateExceptionForOSStatus(osStatus);
}
Debug.Fail($"AppleCryptoNative_SslCopyCADistinguishedNames returned {result}");
throw new SslException();
}
internal static SafeX509ChainHandle SslCopyCertChain(SafeSslHandle sslHandle)
{
SafeX509ChainHandle chainHandle;
int osStatus;
int result = AppleCryptoNative_SslCopyCertChain(sslHandle, out chainHandle, out osStatus);
if (result == 1)
{
return(chainHandle);
}
chainHandle.Dispose();
if (result == 0)
{
throw CreateExceptionForOSStatus(osStatus);
}
Debug.Fail($"AppleCryptoNative_SslCopyCertChain returned {result}");
throw new SslException();
}
internal static void SslSetTargetName(SafeSslHandle sslHandle, string targetName)
{
Debug.Assert(!string.IsNullOrEmpty(targetName));
int osStatus;
int cbTargetName = System.Text.Encoding.UTF8.GetByteCount(targetName);
int result = AppleCryptoNative_SslSetTargetName(sslHandle, targetName, cbTargetName, out osStatus);
if (result == 1)
{
return;
}
if (result == 0)
{
throw CreateExceptionForOSStatus(osStatus);
}
Debug.Fail($"AppleCryptoNative_SslSetTargetName returned {result}");
throw new SslException();
}
internal static extern int SslGetCipherSuite(SafeSslHandle sslHandle, out TlsCipherSuite cipherSuite);
internal static extern int SslShutdown(SafeSslHandle sslHandle);
private static extern int AppleCryptoNative_SslIsHostnameMatch(
SafeSslHandle handle,
SafeCreateHandle cfHostname,
SafeCFDateHandle cfValidTime);
internal static extern int SslSetIoCallbacks(
SafeSslHandle sslHandle,
SSLReadFunc readCallback,
SSLWriteFunc writeCallback);
internal static extern unsafe PAL_TlsIo SslRead(SafeSslHandle sslHandle, byte *writeFrom, int count, out int bytesWritten);
internal static extern int SslGetProtocolVersion(SafeSslHandle sslHandle, out SslProtocols protocol);