internal static byte[] X509ExportPfx(IntPtr[] certHandles, SafePasswordHandle exportPassword)
{
SafeCreateHandle cfPassphrase = s_emptyExportString;
bool releasePassword = false;
try
{
if (!exportPassword.IsInvalid)
{
exportPassword.DangerousAddRef(ref releasePassword);
IntPtr passwordHandle = exportPassword.DangerousGetHandle();
if (passwordHandle != IntPtr.Zero)
{
cfPassphrase = CoreFoundation.CFStringCreateWithCString(passwordHandle);
}
}
return(X509Export(X509ContentType.Pkcs12, cfPassphrase, certHandles));
}
finally
{
if (releasePassword)
{
exportPassword.DangerousRelease();
}
if (cfPassphrase != s_emptyExportString)
{
cfPassphrase.Dispose();
}
}
}
private static partial int AppleCryptoNative_X509ImportCertificate(
ref byte pbKeyBlob,
int cbKeyBlob,
X509ContentType contentType,
SafeCreateHandle cfPfxPassphrase,
out SafeSecCertificateHandle pCertOut,
out SafeSecIdentityHandle pPrivateKeyOut);
private SafeCreateHandle GetCertsArray(IList <SafeHandle> safeHandles)
{
int idx = 0;
try
{
int handlesCount = safeHandles.Count;
IntPtr[] ptrs = new IntPtr[handlesCount];
for (; idx < handlesCount; idx++)
{
SafeHandle handle = safeHandles[idx];
bool addedRef = false;
handle.DangerousAddRef(ref addedRef);
ptrs[idx] = handle.DangerousGetHandle();
}
// Creating the array has the effect of calling CFRetain() on all of the pointers, so the native
// resource is safe even if we DangerousRelease=>ReleaseHandle them.
SafeCreateHandle certsArray = Interop.CoreFoundation.CFArrayCreate(ptrs, (UIntPtr)ptrs.Length);
_extraHandles.Push(certsArray);
return(certsArray);
}
finally
{
for (idx--; idx >= 0; idx--)
{
safeHandles[idx].DangerousRelease();
}
}
}
internal void OpenTrustHandle(
ICertificatePal leafCert,
X509Certificate2Collection extraStore,
bool checkRevocation)
{
SafeCreateHandle policiesArray = PreparePoliciesArray(checkRevocation);
SafeCreateHandle certsArray = PrepareCertsArray(leafCert, extraStore);
int osStatus;
SafeX509ChainHandle chain;
int ret = Interop.AppleCrypto.AppleCryptoNative_X509ChainCreate(
certsArray,
policiesArray,
out chain,
out osStatus);
if (ret == 1)
{
_chainHandle = chain;
return;
}
chain.Dispose();
if (ret == 0)
{
throw Interop.AppleCrypto.CreateExceptionForOSStatus(osStatus);
}
Debug.Fail($"AppleCryptoNative_X509ChainCreate returned unexpected return value {ret}");
throw new CryptographicException();
}
private static SafeSecCertificateHandle X509ImportCertificate(
ReadOnlySpan <byte> bytes,
X509ContentType contentType,
SafeCreateHandle?importPassword,
out SafeSecIdentityHandle identityHandle)
{
SafeSecCertificateHandle certHandle;
SafeCreateHandle cfPassphrase = importPassword ?? s_emptyExportString;
int osStatus = AppleCryptoNative_X509ImportCertificate(
bytes,
contentType,
cfPassphrase,
out certHandle,
out identityHandle);
if (osStatus == 0)
{
return(certHandle);
}
certHandle.Dispose();
identityHandle.Dispose();
throw CreateExceptionForOSStatus(osStatus);
}
private SafeCreateHandle PreparePoliciesArray(bool checkRevocation)
{
IntPtr[] policies = new IntPtr[checkRevocation ? 2 : 1];
SafeHandle defaultPolicy = Interop.AppleCrypto.X509ChainCreateDefaultPolicy();
if (defaultPolicy.IsInvalid)
{
defaultPolicy.Dispose();
throw new PlatformNotSupportedException(nameof(X509Chain));
}
_extraHandles.Push(defaultPolicy);
policies[0] = defaultPolicy.DangerousGetHandle();
if (checkRevocation)
{
SafeHandle revPolicy = Interop.AppleCrypto.X509ChainCreateRevocationPolicy();
_extraHandles.Push(revPolicy);
policies[1] = revPolicy.DangerousGetHandle();
}
SafeCreateHandle policiesArray =
Interop.CoreFoundation.CFArrayCreate(policies, (UIntPtr)policies.Length);
_extraHandles.Push(policiesArray);
return(policiesArray);
}
public Uri?GetProxy(Uri targetUri)
{
using (SafeCFDictionaryHandle systemProxySettings = CFNetworkCopySystemProxySettings())
using (SafeCreateHandle cfurl = CFURLCreateWithString(targetUri.AbsoluteUri))
using (SafeCFArrayHandle proxies = CFNetworkCopyProxiesForURL(cfurl, systemProxySettings))
{
long proxyCount = CFArrayGetCount(proxies);
for (int i = 0; i < proxyCount; i++)
{
IntPtr proxyValue = CFArrayGetValueAtIndex(proxies, i);
using (SafeCFDictionaryHandle proxyDict = new SafeCFDictionaryHandle(proxyValue, false))
{
CFProxy proxy = new CFProxy(proxyDict);
if (proxy.ProxyType == CFProxy.kCFProxyTypeAutoConfigurationURL || proxy.ProxyType == CFProxy.kCFProxyTypeAutoConfigurationJavaScript)
{
Uri?result = ExecuteProxyAutoConfiguration(cfurl, proxy);
if (result != null)
{
return(result);
}
}
else if (proxy.ProxyType == CFProxy.kCFProxyTypeHTTP || proxy.ProxyType == CFProxy.kCFProxyTypeHTTPS)
{
return(GetProxyUri("http", proxy));
}
}
}
}
return(null);
}
private static void RunLoopThreadStart()
{
Debug.Assert(s_runLoop == IntPtr.Zero);
s_runLoop = Interop.RunLoop.CFRunLoopGetCurrent();
Interop.RunLoop.CFRunLoopAddSource(
s_runLoop,
s_runLoopSource.DangerousGetHandle(),
Interop.RunLoop.kCFRunLoopDefaultMode.DangerousGetHandle());
s_runLoopStartedEvent.Set();
Interop.RunLoop.CFRunLoopRun();
Interop.RunLoop.CFRunLoopRemoveSource(
s_runLoop,
s_runLoopSource.DangerousGetHandle(),
Interop.RunLoop.kCFRunLoopDefaultMode.DangerousGetHandle());
s_runLoop = IntPtr.Zero;
s_runLoopSource.Dispose();
s_runLoopSource = null;
s_dynamicStoreRef.Dispose();
s_dynamicStoreRef = null;
s_runLoopEndedEvent.Set();
}
private static byte[] X509Export(X509ContentType contentType, SafeCreateHandle cfPassphrase, IntPtr[] certHandles)
{
Debug.Assert(contentType == X509ContentType.Pkcs7 || contentType == X509ContentType.Pkcs12);
using (SafeCreateHandle handlesArray = CoreFoundation.CFArrayCreate(certHandles, (UIntPtr)certHandles.Length))
{
SafeCFDataHandle exportData;
int osStatus;
int result = AppleCryptoNative_X509ExportData(
handlesArray,
contentType,
cfPassphrase,
out exportData,
out osStatus);
using (exportData)
{
if (result != 1)
{
if (result == 0)
{
throw CreateExceptionForOSStatus(osStatus);
}
Debug.Fail($"Unexpected result from AppleCryptoNative_X509ExportData: {result}");
throw new CryptographicException();
}
Debug.Assert(!exportData.IsInvalid, "Successful export yielded no data");
return(CoreFoundation.CFGetData(exportData));
}
}
}
public static bool SslCheckHostnameMatch(SafeSslHandle handle, string hostName, DateTime notBefore)
{
int result;
// The IdnMapping converts Unicode input into the IDNA punycode sequence.
// It also does host case normalization. The bypass logic would be something
// like "all characters being within [a-z0-9.-]+"
//
// The SSL Policy (SecPolicyCreateSSL) has been verified as not inherently supporting
// IDNA as of macOS 10.12.1 (Sierra). If it supports low-level IDNA at a later date,
// this code could be removed.
//
// It was verified as supporting case invariant match as of 10.12.1 (Sierra).
string matchName = s_idnMapping.GetAscii(hostName);
using (SafeCFDateHandle cfNotBefore = CoreFoundation.CFDateCreate(notBefore))
using (SafeCreateHandle cfHostname = CoreFoundation.CFStringCreateWithCString(matchName))
{
result = AppleCryptoNative_SslIsHostnameMatch(handle, cfHostname, cfNotBefore);
}
switch (result)
{
case 0:
return(false);
case 1:
return(true);
default:
Debug.Fail($"AppleCryptoNative_SslIsHostnameMatch returned {result}");
throw new SslException();
}
}
internal static SafeCreateHandle CFURLCreateWithString(string url)
{
Debug.Assert(url != null);
using (SafeCreateHandle stringHandle = CFStringCreateWithCString(url))
{
return(CFURLCreateWithString(IntPtr.Zero, stringHandle, IntPtr.Zero));
}
}
private static extern SafeEventStreamHandle FSEventStreamCreate(
IntPtr allocator,
FSEventStreamCallback cb,
IntPtr context,
SafeCreateHandle pathsToWatch,
FSEventStreamEventId sinceWhen,
CFTimeInterval latency,
FSEventStreamCreateFlags flags);
/// <summary>
/// Creates a new EventStream to listen to events from the core OS (such as File System events).
/// </summary>
/// <param name="cb">A callback instance that will be called for every event batch.</param>
/// <param name="pathsToWatch">A CFArray of the path(s) to watch for events.</param>
/// <param name="sinceWhen">
/// The start point to receive events from. This can be to retrieve historical events or only new events.
/// To get historical events, pass in the corresponding ID of the event you want to start from.
/// To get only new events, pass in kFSEventStreamEventIdSinceNow.
/// </param>
/// <param name="latency">Coalescing period to wait before sending events.</param>
/// <param name="flags">Flags to say what kind of events should be sent through this stream.</param>
/// <returns>On success, returns a valid SafeCreateHandle to an FSEventStream object; otherwise, returns an invalid SafeCreateHandle</returns>
internal static SafeEventStreamHandle FSEventStreamCreate(
FSEventStreamCallback cb,
SafeCreateHandle pathsToWatch,
FSEventStreamEventId sinceWhen,
CFTimeInterval latency,
FSEventStreamCreateFlags flags)
{
return(FSEventStreamCreate(IntPtr.Zero, cb, IntPtr.Zero, pathsToWatch, sinceWhen, latency, flags));
}
private void CreateStreamAndStartWatcher()
{
Debug.Assert(_eventStream.IsInvalid);
Debug.Assert(_watcherRunLoop == IntPtr.Zero);
Debug.Assert(_callback == null);
// Make sure we only do this if there is a valid directory
if (String.IsNullOrEmpty(_directory) == false)
{
_fullDirectory = System.IO.Path.GetFullPath(_directory);
// Get the path to watch and verify we created the CFStringRef
SafeCreateHandle path = Interop.CoreFoundation.CFStringCreateWithCString(_fullDirectory);
if (path.IsInvalid)
{
throw Interop.GetExceptionForIoErrno(Interop.Sys.GetLastErrorInfo(), _fullDirectory, true);
}
// Take the CFStringRef and put it into an array to pass to the EventStream
SafeCreateHandle arrPaths = Interop.CoreFoundation.CFArrayCreate(new CFStringRef[1] {
path.DangerousGetHandle()
}, 1);
if (arrPaths.IsInvalid)
{
path.Dispose();
throw Interop.GetExceptionForIoErrno(Interop.Sys.GetLastErrorInfo(), _fullDirectory, true);
}
// Create the callback for the EventStream
_callback = new Interop.EventStream.FSEventStreamCallback(FileSystemEventCallback);
// Make sure the OS file buffer(s) are fully flushed so we don't get events from cached I/O
Interop.libc.sync();
// Create the event stream for the path and tell the stream to watch for file system events.
_eventStream = Interop.EventStream.FSEventStreamCreate(
_callback,
arrPaths,
Interop.EventStream.kFSEventStreamEventIdSinceNow,
0.0f,
EventStreamFlags);
if (_eventStream.IsInvalid)
{
arrPaths.Dispose();
path.Dispose();
throw Interop.GetExceptionForIoErrno(Interop.Sys.GetLastErrorInfo(), _fullDirectory, true);
}
// Create and start our watcher thread then wait for the thread to initialize and start
// the RunLoop. We wait for that to prevent this function from returning before the RunLoop
// has a chance to start so that any callers won't race with the background thread's initialization
// and calling Stop, which would attempt to stop a RunLoop that hasn't started yet.
_watcherThread = new Thread(new ThreadStart(WatchForFileSystemEventsThreadStart));
_watcherThread.Start();
_runLoopStartedEvent.WaitOne();
}
}
private static extern int AppleCryptoNative_X509ImportCollection(
byte[] pbKeyBlob,
int cbKeyBlob,
X509ContentType contentType,
SafeCreateHandle cfPfxPassphrase,
SafeKeychainHandle tmpKeychain,
int exportable,
out SafeCFArrayHandle pCollectionOut,
out int pOSStatus);
internal void Start()
{
// Get the path to watch and verify we created the CFStringRef
SafeCreateHandle path = Interop.CoreFoundation.CFStringCreateWithCString(_fullDirectory);
if (path.IsInvalid)
{
throw Interop.GetExceptionForIoErrno(Interop.Sys.GetLastErrorInfo(), _fullDirectory, true);
}
// Take the CFStringRef and put it into an array to pass to the EventStream
SafeCreateHandle arrPaths = Interop.CoreFoundation.CFArrayCreate(new CFStringRef[1] {
path.DangerousGetHandle()
}, 1);
if (arrPaths.IsInvalid)
{
path.Dispose();
throw Interop.GetExceptionForIoErrno(Interop.Sys.GetLastErrorInfo(), _fullDirectory, true);
}
// Create the callback for the EventStream if it wasn't previously created for this instance.
if (_callback == null)
{
_callback = new Interop.EventStream.FSEventStreamCallback(FileSystemEventCallback);
}
// Make sure the OS file buffer(s) are fully flushed so we don't get events from cached I/O
Interop.Sys.Sync();
// Create the event stream for the path and tell the stream to watch for file system events.
_eventStream = Interop.EventStream.FSEventStreamCreate(
_callback,
arrPaths,
Interop.EventStream.kFSEventStreamEventIdSinceNow,
0.0f,
EventStreamFlags);
if (_eventStream.IsInvalid)
{
arrPaths.Dispose();
path.Dispose();
throw Interop.GetExceptionForIoErrno(Interop.Sys.GetLastErrorInfo(), _fullDirectory, true);
}
// Create and start our watcher thread then wait for the thread to initialize and start
// the RunLoop. We wait for that to prevent this function from returning before the RunLoop
// has a chance to start so that any callers won't race with the background thread's initialization
// and calling Stop, which would attempt to stop a RunLoop that hasn't started yet.
var runLoopStarted = new ManualResetEventSlim();
new Thread(WatchForFileSystemEventsThreadStart)
{
IsBackground = true
}.Start(runLoopStarted);
runLoopStarted.Wait();
}
private SafeCreateHandle PrepareCertsArray(ICertificatePal cert, X509Certificate2Collection extraStore)
{
IntPtr[] ptrs = new IntPtr[1 + (extraStore?.Count ?? 0)];
SafeHandle[] safeHandles = new SafeHandle[ptrs.Length];
AppleCertificatePal applePal = (AppleCertificatePal)cert;
safeHandles[0] = applePal.CertificateHandle;
if (extraStore != null)
{
for (int i = 0; i < extraStore.Count; i++)
{
AppleCertificatePal extraCertPal = (AppleCertificatePal)extraStore[i].Pal;
safeHandles[i + 1] = extraCertPal.CertificateHandle;
}
}
int idx = 0;
bool addedRef = false;
try
{
for (idx = 0; idx < safeHandles.Length; idx++)
{
SafeHandle handle = safeHandles[idx];
handle.DangerousAddRef(ref addedRef);
ptrs[idx] = handle.DangerousGetHandle();
}
}
catch
{
// If any DangerousAddRef failed, idx will be on the one that failed, so we'll start off
// by subtracing one.
for (idx--; idx >= 0; idx--)
{
safeHandles[idx].DangerousRelease();
}
throw;
}
// Creating the array has the effect of calling CFRetain() on all of the pointers, so the native
// resource is safe even if we DangerousRelease=>ReleaseHandle them.
SafeCreateHandle certsArray = Interop.CoreFoundation.CFArrayCreate(ptrs, (UIntPtr)ptrs.Length);
_extraHandles.Push(certsArray);
for (idx = 0; idx < safeHandles.Length; idx++)
{
safeHandles[idx].DangerousRelease();
}
return(certsArray);
}
private static extern int AppleCryptoNative_X509ImportCertificate(
byte[] pbKeyBlob,
int cbKeyBlob,
X509ContentType contentType,
SafeCreateHandle cfPfxPassphrase,
SafeKeychainHandle tmpKeychain,
int exportable,
out SafeSecCertificateHandle pCertOut,
out SafeSecIdentityHandle pPrivateKeyOut,
out int pOSStatus);
internal static unsafe void SslCtxSetAlpnProtos(SafeSslHandle ctx, List <SslApplicationProtocol> protocols)
{
SafeCreateHandle cfProtocolsRefs = null;
SafeCreateHandle[] cfProtocolsArrayRef = null;
try
{
if (protocols.Count == 1 && protocols[0] == SslApplicationProtocol.Http2)
{
cfProtocolsRefs = s_cfAlpnHttp211Protocols;
}
else if (protocols.Count == 1 && protocols[0] == SslApplicationProtocol.Http11)
{
cfProtocolsRefs = s_cfAlpnHttp11Protocols;
}
else if (protocols.Count == 2 && protocols[0] == SslApplicationProtocol.Http2 && protocols[1] == SslApplicationProtocol.Http11)
{
cfProtocolsRefs = s_cfAlpnHttp211Protocols;
}
else
{
// we did not match common case. This is more expensive path allocating Core Foundation objects.
cfProtocolsArrayRef = new SafeCreateHandle[protocols.Count];
IntPtr[] protocolsPtr = new System.IntPtr[protocols.Count];
for (int i = 0; i < protocols.Count; i++)
{
cfProtocolsArrayRef[i] = CoreFoundation.CFStringCreateWithCString(protocols[i].ToString());
protocolsPtr[i] = cfProtocolsArrayRef[i].DangerousGetHandle();
}
cfProtocolsRefs = CoreFoundation.CFArrayCreate(protocolsPtr, (UIntPtr)protocols.Count);
}
int osStatus;
int result = SSLSetALPNProtocols(ctx, cfProtocolsRefs, out osStatus);
if (result != 1)
{
throw CreateExceptionForOSStatus(osStatus);
}
}
finally
{
if (cfProtocolsArrayRef != null)
{
for (int i = 0; i < cfProtocolsArrayRef.Length; i++)
{
cfProtocolsArrayRef[i]?.Dispose();
}
cfProtocolsRefs?.Dispose();
}
}
}
internal static void SslSetCertificate(SafeSslHandle sslHandle, IntPtr[] certChainPtrs)
{
using (SafeCreateHandle cfCertRefs = CoreFoundation.CFArrayCreate(certChainPtrs, (UIntPtr)certChainPtrs.Length))
{
int osStatus = AppleCryptoNative_SslSetCertificate(sslHandle, cfCertRefs);
if (osStatus != 0)
{
throw CreateExceptionForOSStatus(osStatus);
}
}
}
internal static SafeSecCertificateHandle X509ImportCertificate(
byte[] bytes,
X509ContentType contentType,
SafeCreateHandle importPassword,
SafeKeychainHandle keychain,
bool exportable,
out SafeSecIdentityHandle identityHandle)
{
SafeSecCertificateHandle certHandle;
int osStatus;
SafeCreateHandle cfPassphrase = importPassword ?? s_nullExportString;
int ret = AppleCryptoNative_X509ImportCertificate(
bytes,
bytes.Length,
contentType,
cfPassphrase,
keychain,
exportable ? 1 : 0,
out certHandle,
out identityHandle,
out osStatus);
SafeTemporaryKeychainHandle.TrackItem(certHandle);
SafeTemporaryKeychainHandle.TrackItem(identityHandle);
if (ret == 1)
{
return(certHandle);
}
certHandle.Dispose();
identityHandle.Dispose();
const int SeeOSStatus = 0;
const int ImportReturnedEmpty = -2;
const int ImportReturnedNull = -3;
switch (ret)
{
case SeeOSStatus:
throw CreateExceptionForOSStatus(osStatus);
case ImportReturnedNull:
case ImportReturnedEmpty:
throw new CryptographicException();
default:
Debug.Fail($"Unexpected return value {ret}");
throw new CryptographicException();
}
}
internal static unsafe void SslSetCertificateAuthorities(SafeSslHandle sslHandle, Span <IntPtr> certificates, bool replaceExisting)
{
using (SafeCreateHandle cfCertRefs = CoreFoundation.CFArrayCreate(certificates))
{
int osStatus = SslSetCertificateAuthorities(sslHandle, cfCertRefs, replaceExisting ? 1 : 0);
if (osStatus != 0)
{
throw CreateExceptionForOSStatus(osStatus);
}
}
}
internal static SafeCFArrayHandle X509ImportCollection(
ReadOnlySpan <byte> bytes,
X509ContentType contentType,
SafePasswordHandle importPassword)
{
SafeCreateHandle cfPassphrase = s_emptyExportString;
bool releasePassword = false;
SafeCFArrayHandle collectionHandle;
int osStatus;
try
{
if (!importPassword.IsInvalid)
{
importPassword.DangerousAddRef(ref releasePassword);
IntPtr passwordHandle = importPassword.DangerousGetHandle();
if (passwordHandle != IntPtr.Zero)
{
cfPassphrase = CoreFoundation.CFStringCreateWithCString(passwordHandle);
}
}
osStatus = AppleCryptoNative_X509ImportCollection(
ref MemoryMarshal.GetReference(bytes),
bytes.Length,
contentType,
cfPassphrase,
out collectionHandle);
if (osStatus == 0)
{
return(collectionHandle);
}
}
finally
{
if (releasePassword)
{
importPassword.DangerousRelease();
}
if (cfPassphrase != s_emptyExportString)
{
cfPassphrase.Dispose();
}
}
collectionHandle.Dispose();
throw CreateExceptionForOSStatus(osStatus);
}
internal static byte[] SecKeyExport(
SafeSecKeyRefHandle key,
bool exportPrivate,
string password)
{
SafeCreateHandle exportPassword = exportPrivate
? CoreFoundation.CFStringCreateWithCString(password)
: s_nullExportString;
int ret;
SafeCFDataHandle cfData;
int osStatus;
try
{
ret = AppleCryptoNative_SecKeyExport(
key,
exportPrivate ? 1 : 0,
exportPassword,
out cfData,
out osStatus);
}
finally
{
if (exportPassword != s_nullExportString)
{
exportPassword.Dispose();
}
}
byte[] exportedData;
using (cfData)
{
if (ret == 0)
{
throw CreateExceptionForOSStatus(osStatus);
}
if (ret != 1)
{
Debug.Fail($"AppleCryptoNative_SecKeyExport returned {ret}");
throw new CryptographicException();
}
exportedData = CoreFoundation.CFGetData(cfData);
}
return(exportedData);
}
public Uri?ExecuteProxyAutoConfiguration(SafeCreateHandle cfurl, CFProxy proxy)
{
Uri? result = null;
CFRunLoopRef runLoop = CFRunLoopGetCurrent();
// Callback that will be called after executing the configuration script
CFProxyAutoConfigurationResultCallback cb = (IntPtr client, IntPtr proxyListHandle, IntPtr error) =>
{
if (proxyListHandle != IntPtr.Zero)
{
using (var proxyList = new SafeCFArrayHandle(proxyListHandle, false))
{
long proxyCount = CFArrayGetCount(proxyList);
for (int i = 0; i < proxyCount; i++)
{
IntPtr proxyValue = CFArrayGetValueAtIndex(proxyList, i);
using (SafeCFDictionaryHandle proxyDict = new SafeCFDictionaryHandle(proxyValue, false))
{
CFProxy proxy = new CFProxy(proxyDict);
if (proxy.ProxyType == CFProxy.kCFProxyTypeHTTP || proxy.ProxyType == CFProxy.kCFProxyTypeHTTPS)
{
result = GetProxyUri("http", proxy);
break;
}
}
}
}
}
CFRunLoopStop(runLoop);
};
CFStreamClientContext clientContext = default;
CFRunLoopSourceRef loopSource =
proxy.ProxyType == CFProxy.kCFProxyTypeAutoConfigurationURL ?
CFNetworkExecuteProxyAutoConfigurationURL(proxy.AutoConfigurationURL, cfurl, cb, ref clientContext) :
CFNetworkExecuteProxyAutoConfigurationScript(proxy.AutoConfigurationJavaScript, cfurl, cb, ref clientContext);
using (var mode = CFStringCreateWithCString(typeof(MacProxy).FullName !))
{
IntPtr modeHandle = mode.DangerousGetHandle();
CFRunLoopAddSource(runLoop, loopSource, modeHandle);
CFRunLoopRunInMode(modeHandle, double.MaxValue, 0);
CFRunLoopSourceInvalidate(loopSource);
}
GC.KeepAlive(cb);
return(result);
}
private static int AppleCryptoNative_X509ImportCertificate(
ReadOnlySpan <byte> keyBlob,
X509ContentType contentType,
SafeCreateHandle cfPfxPassphrase,
out SafeSecCertificateHandle pCertOut,
out SafeSecIdentityHandle pPrivateKeyOut)
{
return(AppleCryptoNative_X509ImportCertificate(
ref MemoryMarshal.GetReference(keyBlob),
keyBlob.Length,
contentType,
cfPfxPassphrase,
out pCertOut,
out pPrivateKeyOut));
}
internal static SafeCFDataHandle SecKeyExportData(
SafeSecKeyRefHandle?key,
bool exportPrivate,
ReadOnlySpan <char> password)
{
SafeCreateHandle exportPassword = exportPrivate
? CoreFoundation.CFStringCreateFromSpan(password)
: s_nullExportString;
int ret;
SafeCFDataHandle cfData;
int osStatus;
try
{
ret = AppleCryptoNative_SecKeyExport(
key,
exportPrivate ? 1 : 0,
exportPassword,
out cfData,
out osStatus);
}
finally
{
if (exportPassword != s_nullExportString)
{
exportPassword.Dispose();
}
}
if (ret == 1)
{
return(cfData);
}
cfData.Dispose();
if (ret == 0)
{
throw CreateExceptionForOSStatus(osStatus);
}
Debug.Fail($"AppleCryptoNative_SecKeyExport returned {ret}");
throw new CryptographicException();
}
internal static SafeSecCertificateHandle X509ImportCertificate(
byte[] bytes,
X509ContentType contentType,
SafePasswordHandle importPassword,
SafeKeychainHandle keychain,
bool exportable,
out SafeSecIdentityHandle identityHandle)
{
SafeCreateHandle cfPassphrase = null;
bool releasePassword = false;
try
{
if (!importPassword.IsInvalid)
{
importPassword.DangerousAddRef(ref releasePassword);
cfPassphrase = CoreFoundation.CFStringCreateFromSpan(importPassword.DangerousGetSpan());
}
return(X509ImportCertificate(
bytes,
contentType,
cfPassphrase,
keychain,
exportable,
out identityHandle));
}
finally
{
if (releasePassword)
{
importPassword.DangerousRelease();
}
cfPassphrase?.Dispose();
}
}
private static extern int AppleCryptoNative_SslIsHostnameMatch(
SafeSslHandle handle,
SafeCreateHandle cfHostname,
SafeCFDateHandle cfValidTime);
internal static extern int SSLSetALPNProtocols(SafeSslHandle ctx, SafeCreateHandle cfProtocolsRefs, out int osStatus);
