public AppleTlsContext(
MobileAuthenticatedStream parent, MonoTlsSettings settings,
AppleTlsProvider provider, bool serverMode, string targetHost,
SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate,
X509CertificateCollection clientCertificates, bool askForClientCert)
{
this.parent = parent;
this.settings = settings;
this.provider = provider;
this.serverMode = serverMode;
this.targetHost = targetHost;
this.enabledProtocols = enabledProtocols;
this.serverCertificate = serverCertificate;
this.clientCertificates = clientCertificates;
this.askForClientCert = askForClientCert;
handle = GCHandle.Alloc(this);
connectionId = GCHandle.ToIntPtr(handle);
readFunc = NativeReadCallback;
writeFunc = NativeWriteCallback;
certificateValidator = CertificateValidationHelper.GetDefaultValidator(settings, provider);
if (IsServer)
{
if (serverCertificate == null)
{
throw new ArgumentNullException("serverCertificate");
}
}
}
public MobileTlsContext(
MobileAuthenticatedStream parent, bool serverMode, string targetHost,
SslProtocols enabledProtocols, X509Certificate serverCertificate,
X509CertificateCollection clientCertificates, bool askForClientCert)
{
this.parent = parent;
this.serverMode = serverMode;
this.targetHost = targetHost;
this.enabledProtocols = enabledProtocols;
this.serverCertificate = serverCertificate;
this.clientCertificates = clientCertificates;
this.askForClientCert = askForClientCert;
serverName = targetHost;
if (!string.IsNullOrEmpty(serverName))
{
var pos = serverName.IndexOf(':');
if (pos > 0)
{
serverName = serverName.Substring(0, pos);
}
}
certificateValidator = CertificateValidationHelper.GetInternalValidator(
parent.Settings, parent.Provider);
}
internal static void CheckClientCertificate(TlsContext context, MX.X509CertificateCollection certificates)
{
if (context.SettingsProvider.HasClientCertificateParameters)
{
var certParams = context.SettingsProvider.ClientCertificateParameters;
if (certParams.CertificateAuthorities.Count > 0)
{
if (!certParams.CertificateAuthorities.Contains(certificates [0].IssuerName))
{
throw new TlsException(AlertDescription.BadCertificate);
}
}
}
var helper = CertificateValidationHelper.GetValidator(context.Configuration.TlsSettings);
X509Certificate2Collection scerts = null;
if (certificates != null)
{
scerts = new X509Certificate2Collection();
for (int i = 0; i < certificates.Count; i++)
{
scerts.Add(new X509Certificate2(certificates [i].RawData));
}
}
var result = helper.ValidateClientCertificate(scerts);
if (result == null || !result.Trusted || result.UserDenied)
{
throw new TlsException(AlertDescription.CertificateUnknown);
}
}
internal static void CheckRemoteCertificate(TlsConfiguration config, MX.X509CertificateCollection certificates)
{
if (certificates == null || certificates.Count < 1)
{
throw new TlsException(AlertDescription.CertificateUnknown);
}
var helper = CertificateValidationHelper.GetValidator(config.TlsSettings);
X509Certificate2Collection scerts = null;
if (certificates != null)
{
scerts = new X509Certificate2Collection();
for (int i = 0; i < certificates.Count; i++)
{
scerts.Add(new X509Certificate2(certificates [i].RawData));
}
}
var result = helper.ValidateChain(config.TargetHost, scerts);
if (result != null && result.Trusted && !result.UserDenied)
{
return;
}
// FIXME: check other values to report correct error type.
throw new TlsException(AlertDescription.CertificateUnknown);
}
protected MobileTlsContext(MobileAuthenticatedStream parent, MonoSslAuthenticationOptions options)
{
Parent = parent;
IsServer = options.ServerMode;
EnabledProtocols = options.EnabledSslProtocols;
if (options.ServerMode)
{
LocalServerCertificate = options.ServerCertificate;
AskForClientCertificate = options.ClientCertificateRequired;
}
else
{
ClientCertificates = options.ClientCertificates;
TargetHost = options.TargetHost;
ServerName = options.TargetHost;
if (!string.IsNullOrEmpty(ServerName))
{
var pos = ServerName.IndexOf(':');
if (pos > 0)
{
ServerName = ServerName.Substring(0, pos);
}
}
}
certificateValidator = CertificateValidationHelper.GetInternalValidator(
parent.Settings, parent.Provider);
}
public void Dispose()
{
_connection.Dispose();
if (_ignoreSslPolicyErrors)
{
CertificateValidationHelper.RestoreCertificateValidation();
}
}
ICertificateValidator GetValidator(TestContext ctx)
{
MonoTlsSettings settings = null;
if (Parameters.UseTestRunnerCallback)
{
settings = MonoTlsSettings.CopyDefaultSettings();
settings.CallbackNeedsCertificateChain = true;
settings.UseServicePointManagerCallback = false;
settings.RemoteCertificateValidationCallback = (t, c, ch, e) => ValidationCallback(ctx, t, c, ch, e);
}
return(CertificateValidationHelper.GetValidator(settings));
}
public ICertificateValidator GetCertificateValidator(MonoTlsSettings settings)
{
#if !__MOBILE__
var type = typeof(CertificateValidationHelper);
var getValidator = type.GetMethod("GetValidator", new Type[] { typeof(MonoTlsSettings) });
if (getValidator != null)
{
return((ICertificateValidator)getValidator.Invoke(null, new object[] { settings }));
}
getValidator = type.GetMethod("GetValidator", new Type[] { typeof(MonoTlsSettings), typeof(MonoTlsProvider) });
return((ICertificateValidator)getValidator.Invoke(null, new object[] { settings, null }));
#else
return(CertificateValidationHelper.GetValidator(settings));
#endif
}
public MobileTlsContext(
MobileAuthenticatedStream parent, bool serverMode, string targetHost,
SslProtocols enabledProtocols, X509Certificate serverCertificate,
X509CertificateCollection clientCertificates, bool askForClientCert)
{
this.parent = parent;
this.serverMode = serverMode;
this.targetHost = targetHost;
this.enabledProtocols = enabledProtocols;
this.serverCertificate = serverCertificate;
this.clientCertificates = clientCertificates;
this.askForClientCert = askForClientCert;
certificateValidator = CertificateValidationHelper.GetDefaultValidator(
parent.Settings, parent.Provider);
}
/// <summary>
/// Creates a session object holding contracts and proxies to the web services API. Takes care of username/password and 'Active Directory' authentication (NetworkCredential) to the Secure Token Service.
/// </summary>
/// <param name="logger">Instance of the ILogger interface to allow some logging although Write-* is not very thread-friendly.</param>
/// <param name="webServicesBaseUrl">The url to the web service API. For example 'https://example.com/ISHWS/'</param>
/// <param name="ishUserName">InfoShare user name. For example 'Admin'</param>
/// <param name="ishSecurePassword">Matching password as SecureString of the incoming user name. When null is provided, a NetworkCredential() is created instead.</param>
/// <param name="timeout">Timeout to control Send/Receive timeouts of HttpClient when downloading content like connectionconfiguration.xml</param>
/// <param name="timeoutIssue">Timeout to control Send/Receive timeouts of WCF when issuing a token</param>
/// <param name="timeoutService">Timeout to control Send/Receive timeouts of WCF for InfoShareWS proxies</param>
/// <param name="ignoreSslPolicyErrors">IgnoreSslPolicyErrors presence indicates that a custom callback will be assigned to ServicePointManager.ServerCertificateValidationCallback. Defaults false of course, as this is creates security holes! But very handy for Fiddler usage though.</param>
public IshSession(ILogger logger, string webServicesBaseUrl, string ishUserName, SecureString ishSecurePassword, TimeSpan timeout, TimeSpan timeoutIssue, TimeSpan timeoutService, bool ignoreSslPolicyErrors)
{
_logger = logger;
_explicitIssuer = false;
_ignoreSslPolicyErrors = ignoreSslPolicyErrors;
if (_ignoreSslPolicyErrors)
{
CertificateValidationHelper.OverrideCertificateValidation();
}
ServicePointManagerHelper.RestoreCertificateValidation();
// webServicesBaseUrl should have trailing slash, otherwise .NET throws unhandy "Reference to undeclared entity 'raquo'." error
_webServicesBaseUri = (webServicesBaseUrl.EndsWith("/")) ? new Uri(webServicesBaseUrl) : new Uri(webServicesBaseUrl + "/");
_ishUserName = ishUserName == null ? Environment.UserName : ishUserName;
_ishSecurePassword = ishSecurePassword;
_timeout = timeout;
_timeoutIssue = timeoutIssue;
_timeoutService = timeoutService;
CreateConnection();
}
public AppleTlsContext(
MobileAuthenticatedStream parent, bool serverMode, string targetHost,
SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate,
X509CertificateCollection clientCertificates, bool askForClientCert)
: base(parent, serverMode, targetHost, enabledProtocols,
serverCertificate, clientCertificates, askForClientCert)
{
handle = GCHandle.Alloc(this);
connectionId = GCHandle.ToIntPtr(handle);
readFunc = NativeReadCallback;
writeFunc = NativeWriteCallback;
certificateValidator = CertificateValidationHelper.GetDefaultValidator(Settings, Provider);
if (IsServer)
{
if (serverCertificate == null)
{
throw new ArgumentNullException("serverCertificate");
}
}
}
