Exemple #1
0
        public void HostName_Leaf_Only()
        {
            X509Certificate x = new X509Certificate(CertificateTest.mail_google_com);

            // a bad hostname (mismatched) is recoverable (e.g. if you change policy)
            using (var policy = SecPolicy.CreateSslPolicy(true, "mail.xamarin.com"))
                using (var trust = new SecTrust(x, policy)) {
                    // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    Assert.That(Evaluate(trust, true), Is.EqualTo(SecTrustResult.RecoverableTrustFailure), "Evaluate");

                    if (TestRuntime.CheckXcodeVersion(5, 0))
                    {
                        Assert.That(trust.GetTrustResult(), Is.EqualTo(SecTrustResult.RecoverableTrustFailure), "GetTrustResult");

                        using (var a = NSArray.FromNSObjects(policy))
                            trust.SetPolicies(a);

                        var policies = trust.GetPolicies();
                        Assert.That(policies.Length, Is.EqualTo(1), "Policies.Length");
                        Assert.That(policies [0].Handle, Is.EqualTo(policy.Handle), "Handle");

                        var trust_result = SecTrustResult.Invalid;
                        if (TestRuntime.CheckXcodeVersion(9, 0))
                        {
                            trust_result = SecTrustResult.RecoverableTrustFailure;                     // Result not invalidated starting with Xcode 9 beta 3.
                        }
                        // since we modified the `trust` instance it's result was invalidated
                        Assert.That(trust.GetTrustResult(), Is.EqualTo(trust_result), "GetTrustResult-2");
                    }
                }
        }
Exemple #2
0
        public void Timestamps()
        {
            TestRuntime.AssertXcodeVersion(10, 1);             // old API exposed publicly

            X509Certificate2Collection certs = new X509Certificate2Collection();

            certs.Add(new X509Certificate2(CertificateTest.mail_google_com));
            certs.Add(new X509Certificate2(CertificateTest.thawte_sgc_ca));
            certs.Add(new X509Certificate2(CertificateTest.verisign_class3_root));
            using (var policy = SecPolicy.CreateSslPolicy(true, "mail.google.com"))
                using (var trust = new SecTrust(certs, policy)) {
                    var a = new NSArray <NSData> ();
                    var e = trust.SetSignedCertificateTimestamps(a);
                    Assert.That(e, Is.EqualTo(SecStatusCode.Success), "1");
                    a = null;
                    e = trust.SetSignedCertificateTimestamps(null);
                    Assert.That(e, Is.EqualTo(SecStatusCode.Success), "2");

                    var i = new NSData [0];
                    e = trust.SetSignedCertificateTimestamps(i);
                    Assert.That(e, Is.EqualTo(SecStatusCode.Success), "3");
                    i = null;
                    e = trust.SetSignedCertificateTimestamps(i);
                    Assert.That(e, Is.EqualTo(SecStatusCode.Success), "4");
                }
        }
Exemple #3
0
        public void NoHostName()
        {
            X509Certificate x = new X509Certificate(CertificateTest.mail_google_com);

            // a null host name means "*" (accept any name) which is not stated in Apple documentation
            using (var policy = SecPolicy.CreateSslPolicy(true, null))
                using (var trust = new SecTrust(x, policy)) {
                    // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    Assert.That(Evaluate(trust, true), Is.EqualTo(SecTrustResult.RecoverableTrustFailure), "Evaluate");

                    if (TestRuntime.CheckXcodeVersion(5, 0))
                    {
                        using (var rev = SecPolicy.CreateRevocationPolicy(SecRevocation.UseAnyAvailableMethod)) {
                            List <SecPolicy> list = new List <SecPolicy> ()
                            {
                                policy, rev
                            };
                            trust.SetPolicies(list);

                            var policies = trust.GetPolicies();
                            Assert.That(policies.Length, Is.EqualTo(2), "Policies.Length");
                        }
                    }
                }
        }
Exemple #4
0
        public void Client_Leaf_Only()
        {
            X509Certificate x = new X509Certificate(CertificateTest.mail_google_com);

            using (var policy = SecPolicy.CreateSslPolicy(false, null))
                using (var trust = new SecTrust(x, policy)) {
                    // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    // a host name is not meaningful for client certificates
                    Assert.That(Evaluate(trust, true), Is.EqualTo(SecTrustResult.RecoverableTrustFailure), "Evaluate");

                    if (TestRuntime.CheckXcodeVersion(5, 0))
                    {
                        // by default there's no *custom* anchors
                        Assert.Null(trust.GetCustomAnchorCertificates(), "GetCustomAnchorCertificates");

                        using (var results = trust.GetResult()) {
                            Assert.That(CFGetRetainCount(results.Handle), Is.EqualTo((nint)1), "RetainCount");

                            SecTrustResult value = (SecTrustResult)(int)(NSNumber)results [SecTrustResultKey.ResultValue];
                            Assert.That(value, Is.EqualTo(SecTrustResult.RecoverableTrustFailure), "ResultValue");
                        }
                    }
                }
        }
Exemple #5
0
        public void Trust2_Leaf_Only()
        {
            X509Certificate2 x = new X509Certificate2(CertificateTest.api_imgur_com);

            using (var policy = SecPolicy.CreateSslPolicy(true, "api.imgur.com"))
                using (var trust = new SecTrust(x, policy)) {
                    // that certificate stopped being valid on August 3rd, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    Assert.That(CFGetRetainCount(trust.Handle), Is.EqualTo((nint)1), "RetainCount(trust)");
                    Assert.That(CFGetRetainCount(policy.Handle), Is.EqualTo((nint)2), "RetainCount(policy)");
                    // the system was able to construct the chain based on the single certificate
#if __WATCHOS__
                    Assert.That(Evaluate(trust), Is.EqualTo(SecTrustResult.RecoverableTrustFailure), "Evaluate");
                    // Evalute must be called prior to Count (Apple documentation)
                    Assert.That(trust.Count, Is.EqualTo(1), "Count");
#else
                    Assert.That(Evaluate(trust), Is.EqualTo(SecTrustResult.Unspecified), "Evaluate");
                    // Evalute must be called prior to Count (Apple documentation)
                    Assert.That(trust.Count, Is.EqualTo(3), "Count");
#endif

                    using (NSData data = trust.GetExceptions()) {
                        Assert.That(CFGetRetainCount(data.Handle), Is.EqualTo((nint)1), "RetainCount(data)");
                        Assert.False(trust.SetExceptions(null), "SetExceptions(null)");
                        Assert.True(trust.SetExceptions(data), "SetExceptions");
                    }
                }
        }
Exemple #6
0
        public void Trust2_FullChain()
        {
            X509Certificate2Collection certs = new X509Certificate2Collection();

            certs.Add(new X509Certificate2(CertificateTest.api_imgur_com));
            certs.Add(new X509Certificate2(CertificateTest.geotrust_dv_ssl_ca));
            certs.Add(new X509Certificate2(CertificateTest.geotrust_global_root));
            using (var policy = SecPolicy.CreateSslPolicy(true, "api.imgur.com"))
                using (var trust = new SecTrust(certs, policy)) {
                    // that certificate stopped being valid on August 3rd, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    Assert.That(Evaluate(trust), Is.EqualTo(SecTrustResult.Unspecified), "Evaluate");
                    // Evalute must be called prior to Count (Apple documentation)
                    Assert.That(trust.Count, Is.EqualTo(3), "Count");

                    using (SecCertificate sc1 = trust [0]) {
                        // seems the leaf gets an extra one
                        Assert.That(CFGetRetainCount(sc1.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc1)");
                        Assert.That(sc1.SubjectSummary, Is.EqualTo("api.imgur.com"), "SubjectSummary(sc1)");
                    }
                    using (SecCertificate sc2 = trust [1]) {
                        Assert.That(CFGetRetainCount(sc2.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc2)");
                        Assert.That(sc2.SubjectSummary, Is.EqualTo("GeoTrust DV SSL CA"), "SubjectSummary(sc2)");
                    }
                    using (SecCertificate sc3 = trust [2]) {
                        Assert.That(CFGetRetainCount(sc3.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc3)");
                        Assert.That(sc3.SubjectSummary, Is.EqualTo("GeoTrust Global CA"), "SubjectSummary(sc3)");
                    }
                }
        }
Exemple #7
0
        public void InstallCertificate(string certificate)
        {
            if (certificate.StartsWith("http", StringComparison.CurrentCulture))
            {
                OpenUrlExternally(certificate);
            }

            //THIS CASE DOESN"T WORK YET, WE CAN ONLY ADD THE CERT TO THE KEYCHAIN BUT NOT PROMPT FOR TRUST
            else
            {
                NSData certData = NSData.FromUrl(new NSUrl(certificate));

                SecCertificate secCertificate = new SecCertificate(certData);

                SecRecord secRecord = new SecRecord(SecKind.Certificate);

                secRecord.SetValueRef(secCertificate);


                SecPolicy policy   = SecPolicy.CreateSslPolicy(true, "applocker.navy.mil");
                SecTrust  secTrust = new SecTrust(secCertificate, policy);
                //SecTrustResult results = secTrust.GetTrustResult();

                SecStatusCode code = SecKeyChain.Add(secRecord);
                Console.WriteLine(code);
            }
        }
Exemple #8
0
        public void Trust_Leaf_Only()
        {
            X509Certificate x = new X509Certificate(CertificateTest.mail_google_com);

            using (var policy = SecPolicy.CreateSslPolicy(true, "mail.google.com"))
                using (var trust = new SecTrust(x, policy)) {
                    Assert.That(CFGetRetainCount(trust.Handle), Is.EqualTo((nint)1), "RetainCount(trust)");
                    Assert.That(CFGetRetainCount(policy.Handle), Is.EqualTo((nint)2), "RetainCount(policy)");
                    // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    // the system was able to construct the chain based on the single certificate
                    Assert.That(Evaluate(trust, true), Is.EqualTo(SecTrustResult.RecoverableTrustFailure), "Evaluate");

                    if (TestRuntime.CheckXcodeVersion(5, 0))
                    {
                        Assert.True(trust.NetworkFetchAllowed, "NetworkFetchAllowed-1");
                        trust.NetworkFetchAllowed = false;
                        Assert.False(trust.NetworkFetchAllowed, "NetworkFetchAllowed-2");

                        trust.SetPolicy(policy);

                        var policies = trust.GetPolicies();
                        Assert.That(policies.Length, Is.EqualTo(1), "Policies.Length");
                        Assert.That(policies [0].Handle, Is.EqualTo(policy.Handle), "Handle");
                    }
                }
        }
Exemple #9
0
        public void Trust_Leaf_Only()
        {
            X509Certificate x = new X509Certificate(CertificateTest.mail_google_com);

            using (var policy = SecPolicy.CreateSslPolicy(true, "mail.google.com"))
                using (var trust = new SecTrust(x, policy)) {
                    Trust_Leaf_Only(trust, policy);
                }
        }
Exemple #10
0
 public void INativeObjects()
 {
     using (var policy = SecPolicy.CreateSslPolicy(true, "mail.xamarin.com")) {
         using (var a = NSArray.FromObjects(policy)) {
             var b = NSArray.ArrayFromHandle <SecPolicy> (a.Handle);
             Assert.AreNotSame(a, b);
         }
     }
 }
Exemple #11
0
        public void Trust_FullChain()
        {
            X509CertificateCollection certs = new X509CertificateCollection();

            certs.Add(new X509Certificate(CertificateTest.mail_google_com));
            certs.Add(new X509Certificate(CertificateTest.thawte_sgc_ca));
            certs.Add(new X509Certificate(CertificateTest.verisign_class3_root));
            using (var policy = SecPolicy.CreateSslPolicy(true, "mail.google.com"))
                using (var trust = new SecTrust(certs, policy)) {
                    // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));

                    SecTrustResult trust_result = SecTrustResult.Unspecified;
                    var            ios9         = TestRuntime.CheckXcodeVersion(7, 0);
                    var            ios10        = TestRuntime.CheckXcodeVersion(8, 0);
                    if (ios10)
                    {
                        trust_result = SecTrustResult.FatalTrustFailure;
                    }
                    // iOS9 is not fully happy with the basic constraints: `SecTrustEvaluate  [root AnchorTrusted BasicContraints]`
                    else if (ios9)
                    {
                        trust_result = SecTrustResult.RecoverableTrustFailure;
                    }
                    var result = Evaluate(trust, true);
                    Assert.That(result, Is.EqualTo(trust_result), "Evaluate");

                    // Evalute must be called prior to Count (Apple documentation)
                    Assert.That(trust.Count, Is.EqualTo(3), "Count");

                    using (SecCertificate sc1 = trust [0]) {
                        // seems the leaf gets an extra one
                        Assert.That(CFGetRetainCount(sc1.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc1)");
                        Assert.That(sc1.SubjectSummary, Is.EqualTo("mail.google.com"), "SubjectSummary(sc1)");
                    }
                    using (SecCertificate sc2 = trust [1]) {
                        Assert.That(CFGetRetainCount(sc2.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc2)");
                        Assert.That(sc2.SubjectSummary, Is.EqualTo("Thawte SGC CA"), "SubjectSummary(sc2)");
                    }
                    using (SecCertificate sc3 = trust [2]) {
                        Assert.That(CFGetRetainCount(sc3.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc3)");
                        Assert.That(sc3.SubjectSummary, Is.EqualTo("Class 3 Public Primary Certification Authority"), "SubjectSummary(sc3)");
                    }

                    if (TestRuntime.CheckXcodeVersion(5, 0))
                    {
                        Assert.That(trust.GetTrustResult(), Is.EqualTo(trust_result), "GetTrustResult");

                        trust.SetAnchorCertificates(certs);
                        Assert.That(trust.GetCustomAnchorCertificates().Length, Is.EqualTo(certs.Count), "GetCustomAnchorCertificates");

                        // since we modified the `trust` instance it's result was invalidated
                        Assert.That(trust.GetTrustResult(), Is.EqualTo(SecTrustResult.Invalid), "GetTrustResult");
                    }
                }
        }
Exemple #12
0
        public void Trust2_NoRoot()
        {
            X509Certificate2Collection certs = new X509Certificate2Collection();

            certs.Add(new X509Certificate2(CertificateTest.mail_google_com));
            certs.Add(new X509Certificate2(CertificateTest.thawte_sgc_ca));
            using (var policy = SecPolicy.CreateSslPolicy(true, "mail.google.com"))
                using (var trust = new SecTrust(certs, policy)) {
                    Trust_NoRoot(trust, policy);
                }
        }
Exemple #13
0
        public void Trust2_FullChain()
        {
            X509Certificate2Collection certs = new X509Certificate2Collection();

            certs.Add(new X509Certificate2(CertificateTest.mail_google_com));
            certs.Add(new X509Certificate2(CertificateTest.thawte_sgc_ca));
            certs.Add(new X509Certificate2(CertificateTest.verisign_class3_root));
            using (var policy = SecPolicy.CreateSslPolicy(true, "mail.google.com"))
                using (var trust = new SecTrust(certs, policy)) {
                    Trust_FullChain(trust, policy, certs);
                }
        }
Exemple #14
0
		public void SslServerNoHost ()
		{
			using (var policy = SecPolicy.CreateSslPolicy (true, null)) {
				Assert.That (policy.Handle, Is.Not.EqualTo (IntPtr.Zero), "Handle");
				Assert.That (CFGetRetainCount (policy.Handle), Is.EqualTo ((nint) 1), "RetainCount");

				if (TestRuntime.CheckXcodeVersion (5, 0)) {
					using (var properties = policy.GetProperties ()) {
						Assert.That (properties.Handle, Is.Not.EqualTo (IntPtr.Zero), "Properties.Handle");
						Assert.That (CFGetRetainCount (properties.Handle), Is.EqualTo ((nint) 1), "Properties.RetainCount");
						Assert.That (properties.Count, Is.EqualTo ((nuint) 1), "Count");
						Assert.That (properties [SecPolicyPropertyKey.Oid].ToString (), Is.EqualTo ("1.2.840.113635.100.1.3"), "SecPolicyOid");
					}
				}
			}
		}
Exemple #15
0
        public void SslClient()
        {
            using (var policy = SecPolicy.CreateSslPolicy(false, null)) {
                Assert.That(policy.Handle, Is.Not.EqualTo(IntPtr.Zero), "Handle");
                Assert.That(CFGetRetainCount(policy.Handle), Is.EqualTo((nint)1), "RetainCount");

                if (TestRuntime.CheckSystemAndSDKVersion(7, 0))
                {
                    using (var properties = policy.GetProperties()) {
                        Assert.That(properties.Handle, Is.Not.EqualTo(IntPtr.Zero), "Properties.Handle");
                        Assert.That(CFGetRetainCount(properties.Handle), Is.EqualTo((nint)1), "Properties.RetainCount");
                        Assert.That(properties.Count, Is.EqualTo((nuint)2), "Count");
                        Assert.That(properties [SecPolicyPropertyKey.Oid].ToString(), Is.EqualTo("1.2.840.113635.100.1.3"), "SecPolicyOid");
                        Assert.That(properties [SecPolicyPropertyKey.Client].ToString(), Is.EqualTo("1"), "SecPolicyClient");
                    }
                }
            }
        }
Exemple #16
0
        public void Trust2_NoRoot()
        {
            X509Certificate2Collection certs = new X509Certificate2Collection();

            certs.Add(new X509Certificate2(CertificateTest.api_imgur_com));
            certs.Add(new X509Certificate2(CertificateTest.geotrust_dv_ssl_ca));
            using (var policy = SecPolicy.CreateSslPolicy(true, "api.imgur.com"))
                using (var trust = new SecTrust(certs, policy)) {
                    // that certificate stopped being valid on August 3rd, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    Assert.That(Evaluate(trust), Is.EqualTo(SecTrustResult.Unspecified), "Evaluate");
                    // Evalute must be called prior to Count (Apple documentation)
                    Assert.That(trust.Count, Is.EqualTo(3), "Count");

                    using (SecKey pkey = trust.GetPublicKey()) {
                        Assert.That(CFGetRetainCount(pkey.Handle), Is.GreaterThanOrEqualTo((nint)1), "RetainCount(pkey)");
                    }
                }
        }
        public static bool InvokeSystemCertificateValidator(
            ICertificateValidator2 validator, string targetHost, bool serverMode,
            X509CertificateCollection certificates,
            ref MonoSslPolicyErrors errors, ref int status11)
        {
            if (certificates == null)
            {
                errors |= MonoSslPolicyErrors.RemoteCertificateNotAvailable;
                return(false);
            }

            if (!string.IsNullOrEmpty(targetHost))
            {
                var pos = targetHost.IndexOf(':');
                if (pos > 0)
                {
                    targetHost = targetHost.Substring(0, pos);
                }
            }

            var policy = SecPolicy.CreateSslPolicy(!serverMode, targetHost);
            var trust  = new SecTrust(certificates, policy);

            if (validator.Settings.TrustAnchors != null)
            {
                var status = trust.SetAnchorCertificates(validator.Settings.TrustAnchors);
                if (status != SecStatusCode.Success)
                {
                    throw new InvalidOperationException(status.ToString());
                }
                trust.SetAnchorCertificatesOnly(false);
            }

            var result = trust.Evaluate();

            if (result == SecTrustResult.Unspecified || result == SecTrustResult.Proceed)
            {
                return(true);
            }

            errors |= MonoSslPolicyErrors.RemoteCertificateChainErrors;
            return(false);
        }
Exemple #18
0
        public void Trust_NoRoot()
        {
            X509CertificateCollection certs = new X509CertificateCollection();

            certs.Add(new X509Certificate(CertificateTest.mail_google_com));
            certs.Add(new X509Certificate(CertificateTest.thawte_sgc_ca));
            using (var policy = SecPolicy.CreateSslPolicy(true, "mail.google.com"))
                using (var trust = new SecTrust(certs, policy)) {
                    // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    // iOS9 is not fully happy with the basic constraints: `SecTrustEvaluate  [root AnchorTrusted BasicContraints]`
                    // so it returns RecoverableTrustFailure and that affects the Count of trust later (it does not add to what we provided)
                    var ios9   = TestRuntime.CheckXcodeVersion(7, 0);
                    var result = Evaluate(trust, ios9);
                    Assert.That(result, Is.EqualTo(ios9 ? SecTrustResult.RecoverableTrustFailure : SecTrustResult.Unspecified), "Evaluate");
                    // Evalute must be called prior to Count (Apple documentation)
                    Assert.That(trust.Count, Is.EqualTo(ios9 ? 2 : 3), "Count");

                    using (SecKey pkey = trust.GetPublicKey()) {
                        Assert.That(CFGetRetainCount(pkey.Handle), Is.GreaterThanOrEqualTo((nint)1), "RetainCount(pkey)");
                    }
                }
        }
Exemple #19
0
        protected INativeObject GetINativeInstance(Type t)
        {
            var ctor = t.GetConstructor(Type.EmptyTypes);

            if ((ctor != null) && !ctor.IsAbstract)
            {
                return(ctor.Invoke(null) as INativeObject);
            }

            if (!NativeObjectInterfaceType.IsAssignableFrom(t))
            {
                throw new ArgumentException("t");
            }
            switch (t.Name)
            {
            case "CFAllocator":
                return(CFAllocator.SystemDefault);

            case "CFBundle":
                var bundles = CFBundle.GetAll();
                if (bundles.Length > 0)
                {
                    return(bundles [0]);
                }
                else
                {
                    throw new InvalidOperationException(string.Format("Could not create the new instance for type {0}.", t.Name));
                }

            case "CFNotificationCenter":
                return(CFNotificationCenter.Darwin);

            case "CFReadStream":
            case "CFStream":
                CFReadStream  readStream;
                CFWriteStream writeStream;
                CFStream.CreatePairWithSocketToHost("www.google.com", 80, out readStream, out writeStream);
                return(readStream);

            case "CFWriteStream":
                CFStream.CreatePairWithSocketToHost("www.google.com", 80, out readStream, out writeStream);
                return(writeStream);

            case "CFUrl":
                return(CFUrl.FromFile("/etc"));

            case "CFPropertyList":
                return(CFPropertyList.FromData(NSData.FromString("<string>data</string>")).PropertyList);

            case "DispatchData":
                return(DispatchData.FromByteBuffer(new byte [] { 1, 2, 3, 4 }));

            case "AudioFile":
                var path = Path.GetFullPath("1.caf");
                var af   = AudioFile.Open(CFUrl.FromFile(path), AudioFilePermission.Read, AudioFileType.CAF);
                return(af);

            case "CFHTTPMessage":
                return(CFHTTPMessage.CreateEmpty(false));

            case "CFMutableString":
                return(new CFMutableString("xamarin"));

            case "CGBitmapContext":
                byte[] data = new byte [400];
                using (CGColorSpace space = CGColorSpace.CreateDeviceRGB()) {
                    return(new CGBitmapContext(data, 10, 10, 8, 40, space, CGBitmapFlags.PremultipliedLast));
                }

            case "CGContextPDF":
                var filename = Environment.GetFolderPath(Environment.SpecialFolder.CommonDocuments) + "/t.pdf";
                using (var url = new NSUrl(filename))
                    return(new CGContextPDF(url));

            case "CGColorConversionInfo":
                var cci = new GColorConversionInfoTriple()
                {
                    Space     = CGColorSpace.CreateGenericRgb(),
                    Intent    = CGColorRenderingIntent.Default,
                    Transform = CGColorConversionInfoTransformType.ApplySpace
                };
                return(new CGColorConversionInfo((NSDictionary)null, cci, cci, cci));

            case "CGDataConsumer":
                using (NSMutableData destData = new NSMutableData()) {
                    return(new CGDataConsumer(destData));
                }

            case "CGDataProvider":
                filename = "xamarin1.png";
                return(new CGDataProvider(filename));

            case "CGFont":
                return(CGFont.CreateWithFontName("Courier New"));

            case "CGPattern":
                return(new CGPattern(
                           new RectangleF(0, 0, 16, 16),
                           CGAffineTransform.MakeIdentity(),
                           16, 16,
                           CGPatternTiling.NoDistortion,
                           true,
                           (cgc) => {}));

            case "CMBufferQueue":
                return(CMBufferQueue.CreateUnsorted(2));

            case "CTFont":
                CTFontDescriptorAttributes fda = new CTFontDescriptorAttributes()
                {
                    FamilyName = "Courier",
                    StyleName  = "Bold",
                    Size       = 16.0f
                };
                using (var fd = new CTFontDescriptor(fda))
                    return(new CTFont(fd, 10));

            case "CTFontCollection":
                return(new CTFontCollection(new CTFontCollectionOptions()));

            case "CTFontDescriptor":
                fda = new CTFontDescriptorAttributes();
                return(new CTFontDescriptor(fda));

            case "CTTextTab":
                return(new CTTextTab(CTTextAlignment.Left, 2));

            case "CTTypesetter":
                return(new CTTypesetter(new NSAttributedString("Hello, world",
                                                               new CTStringAttributes()
                {
                    ForegroundColorFromContext = true,
                    Font = new CTFont("ArialMT", 24)
                })));

            case "CTFrame":
                var framesetter = new CTFramesetter(new NSAttributedString("Hello, world",
                                                                           new CTStringAttributes()
                {
                    ForegroundColorFromContext = true,
                    Font = new CTFont("ArialMT", 24)
                }));
                var bPath = UIBezierPath.FromRect(new RectangleF(0, 0, 3, 3));
                return(framesetter.GetFrame(new NSRange(0, 0), bPath.CGPath, null));

            case "CTFramesetter":
                return(new CTFramesetter(new NSAttributedString("Hello, world",
                                                                new CTStringAttributes()
                {
                    ForegroundColorFromContext = true,
                    Font = new CTFont("ArialMT", 24)
                })));

            case "CTGlyphInfo":
                return(new CTGlyphInfo("copyright", new CTFont("ArialMY", 24), "Foo"));

            case "CTLine":
                return(new CTLine(new NSAttributedString("Hello, world",
                                                         new CTStringAttributes()
                {
                    ForegroundColorFromContext = true,
                    Font = new CTFont("ArialMT", 24)
                })));

            case "CGImageDestination":
                var storage = new NSMutableData();
                return(CGImageDestination.Create(new CGDataConsumer(storage), "public.png", 1));

            case "CGImageMetadataTag":
                using (NSString name = new NSString("tagName"))
                    using (var value = new NSString("value"))
                        return(new CGImageMetadataTag(CGImageMetadataTagNamespaces.Exif, CGImageMetadataTagPrefixes.Exif, name, CGImageMetadataType.Default, value));

            case "CGImageSource":
                filename = "xamarin1.png";
                return(CGImageSource.FromUrl(NSUrl.FromFilename(filename)));

            case "SecPolicy":
                return(SecPolicy.CreateSslPolicy(false, null));

            case "SecIdentity":
                using (var options = NSDictionary.FromObjectAndKey(new NSString("farscape"), SecImportExport.Passphrase)) {
                    NSDictionary[] array;
                    var            result = SecImportExport.ImportPkcs12(farscape_pfx, options, out array);
                    if (result != SecStatusCode.Success)
                    {
                        throw new InvalidOperationException(string.Format("Could not create the new instance for type {0} due to {1}.", t.Name, result));
                    }
                    return(new SecIdentity(array [0].LowlevelObjectForKey(SecImportExport.Identity.Handle)));
                }

            case "SecTrust":
                X509Certificate x = new X509Certificate(mail_google_com);
                using (var policy = SecPolicy.CreateSslPolicy(true, "mail.google.com"))
                    return(new SecTrust(x, policy));

            case "SslContext":
                return(new SslContext(SslProtocolSide.Client, SslConnectionType.Stream));

            case "UIFontFeature":
                return(new UIFontFeature(CTFontFeatureNumberSpacing.Selector.ProportionalNumbers));

            case "NetworkReachability":
                return(new NetworkReachability(IPAddress.Loopback, null));

            case "VTCompressionSession":
            case "VTSession":
                return(VTCompressionSession.Create(1024, 768, CMVideoCodecType.H264, (sourceFrame, status, flags, buffer) => { }, null, (CVPixelBufferAttributes)null));

            case "VTFrameSilo":
                return(VTFrameSilo.Create());

            case "VTMultiPassStorage":
                return(VTMultiPassStorage.Create());

            case "CFString":
                return(new CFString("test"));

            case "DispatchBlock":
                return(new DispatchBlock(() => { }));

            case "DispatchQueue":
                return(new DispatchQueue("com.example.subsystem.taskXYZ"));

            case "DispatchGroup":
                return(DispatchGroup.Create());

            case "CGColorSpace":
                return(CGColorSpace.CreateDeviceCmyk());

            case "CGGradient":
                CGColor[] cArray = { UIColor.Black.CGColor, UIColor.Clear.CGColor, UIColor.Blue.CGColor };
                return(new CGGradient(null, cArray));

            case "CGImage":
                filename = "xamarin1.png";
                using (var dp = new CGDataProvider(filename))
                    return(CGImage.FromPNG(dp, null, false, CGColorRenderingIntent.Default));

            case "CGColor":
                return(UIColor.Black.CGColor);

            case "CMClock":
                return(CMClock.HostTimeClock);

            case "CMTimebase":
                return(new CMTimebase(CMClock.HostTimeClock));

            case "CVPixelBufferPool":
                return(new CVPixelBufferPool(
                           new CVPixelBufferPoolSettings(),
                           new CVPixelBufferAttributes(CVPixelFormatType.CV24RGB, 100, 50)
                           ));

            case "SecCertificate":
                using (var cdata = NSData.FromArray(mail_google_com))
                    return(new SecCertificate(cdata));

            case "SecCertificate2":
                using (var cdata = NSData.FromArray(mail_google_com))
                    return(new SecCertificate2(new SecCertificate(cdata)));

            case "SecTrust2":
                X509Certificate x2 = new X509Certificate(mail_google_com);
                using (var policy = SecPolicy.CreateSslPolicy(true, "mail.google.com"))
                    return(new SecTrust2(new SecTrust(x2, policy)));

            case "SecIdentity2":
                using (var options = NSDictionary.FromObjectAndKey(new NSString("farscape"), SecImportExport.Passphrase)) {
                    NSDictionary[] array;
                    var            result = SecImportExport.ImportPkcs12(farscape_pfx, options, out array);
                    if (result != SecStatusCode.Success)
                    {
                        throw new InvalidOperationException(string.Format("Could not create the new instance for type {0} due to {1}.", t.Name, result));
                    }
                    return(new SecIdentity2(new SecIdentity(array [0].LowlevelObjectForKey(SecImportExport.Identity.Handle))));
                }

            case "SecKey":
                SecKey private_key;
                SecKey public_key;
                using (var record = new SecRecord(SecKind.Key)) {
                    record.KeyType       = SecKeyType.RSA;
                    record.KeySizeInBits = 512;                     // it's not a performance test :)
                    SecKey.GenerateKeyPair(record.ToDictionary(), out public_key, out private_key);
                    return(private_key);
                }

            case "SecAccessControl":
                return(new SecAccessControl(SecAccessible.WhenPasscodeSetThisDeviceOnly));

            default:
                throw new InvalidOperationException(string.Format("Could not create the new instance for type {0}.", t.Name));
            }
        }