ChainValidationHelper(MonoTlsProvider provider, MonoTlsSettings settings, bool cloneSettings, MonoTlsStream stream, ServerCertValidationCallbackWrapper callbackWrapper)
{
if (settings == null)
{
settings = MonoTlsSettings.CopyDefaultSettings();
}
if (cloneSettings)
{
settings = settings.CloneWithValidator(this);
}
if (provider == null)
{
provider = MonoTlsProviderFactory.GetProvider();
}
this.provider = provider;
this.settings = settings;
this.tlsStream = stream;
this.callbackWrapper = callbackWrapper;
var fallbackToSPM = false;
if (settings != null)
{
if (settings.RemoteCertificateValidationCallback != null)
{
var callback = Private.CallbackHelpers.MonoToPublic(settings.RemoteCertificateValidationCallback);
certValidationCallback = new ServerCertValidationCallback(callback);
}
certSelectionCallback = Private.CallbackHelpers.MonoToInternal(settings.ClientCertificateSelectionCallback);
fallbackToSPM = settings.UseServicePointManagerCallback ?? stream != null;
}
if (stream != null)
{
this.request = stream.Request;
this.sender = request;
if (certValidationCallback == null)
{
certValidationCallback = request.ServerCertValidationCallback;
}
if (certSelectionCallback == null)
{
certSelectionCallback = new LocalCertSelectionCallback(DefaultSelectionCallback);
}
if (settings == null)
{
fallbackToSPM = true;
}
}
if (fallbackToSPM && certValidationCallback == null)
{
certValidationCallback = ServicePointManager.ServerCertValidationCallback;
}
}
ChainValidationHelper(SslStream owner, MonoTlsProvider provider, MonoTlsSettings settings, bool cloneSettings, MonoTlsStream stream)
{
if (settings == null)
{
settings = MonoTlsSettings.CopyDefaultSettings();
}
if (cloneSettings)
{
settings = settings.CloneWithValidator(this);
}
if (provider == null)
{
provider = MonoTlsProviderFactory.GetProvider();
}
this.provider = provider;
this.settings = settings;
this.tlsStream = stream;
if (owner != null)
{
this.owner = new WeakReference <SslStream> (owner);
}
var fallbackToSPM = false;
if (settings != null)
{
certValidationCallback = GetValidationCallback(settings);
certSelectionCallback = Private.CallbackHelpers.MonoToInternal(settings.ClientCertificateSelectionCallback);
fallbackToSPM = settings.UseServicePointManagerCallback ?? stream != null;
}
if (stream != null)
{
this.request = stream.Request;
if (certValidationCallback == null)
{
certValidationCallback = request.ServerCertValidationCallback;
}
if (certSelectionCallback == null)
{
certSelectionCallback = new LocalCertSelectionCallback(DefaultSelectionCallback);
}
if (settings == null)
{
fallbackToSPM = true;
}
}
if (fallbackToSPM && certValidationCallback == null)
{
certValidationCallback = ServicePointManager.ServerCertValidationCallback;
}
}
ChainValidationHelper(ChainValidationHelper other, MonoTlsSettings settings, ServerCertValidationCallbackWrapper callbackWrapper = null)
{
sender = other.sender;
certValidationCallback = other.certValidationCallback;
certSelectionCallback = other.certSelectionCallback;
tlsStream = other.tlsStream;
request = other.request;
this.settings = settings = settings.CloneWithValidator(this);
this.callbackWrapper = callbackWrapper;
}
/*
* Mono-specific version of 'userCertValidationCallbackWrapper'; we're called from ChainValidationHelper.ValidateChain() here.
*
* Since we're built without the PrebuiltSystem alias, we can't use 'SslPolicyErrors' here. This prevents us from creating a subclass of 'ChainValidationHelper'
* as well as providing a custom 'ServerCertValidationCallback'.
*/
bool myUserCertValidationCallbackWrapper (ServerCertValidationCallback callback, X509Certificate certificate, X509Chain chain, MonoSslPolicyErrors sslPolicyErrors)
{
m_RemoteCertificateOrBytes = certificate == null ? null : certificate.GetRawCertData ();
if (callback == null) {
if (!_SslState.RemoteCertRequired)
sslPolicyErrors &= ~MonoSslPolicyErrors.RemoteCertificateNotAvailable;
return (sslPolicyErrors == MonoSslPolicyErrors.None);
}
return MNS.ChainValidationHelper.InvokeCallback (callback, this, certificate, chain, sslPolicyErrors);
}
/*
* Mono-specific version of 'userCertValidationCallbackWrapper'; we're called from ChainValidationHelper.ValidateChain() here.
*
* Since we're built without the PrebuiltSystem alias, we can't use 'SslPolicyErrors' here. This prevents us from creating a subclass of 'ChainValidationHelper'
* as well as providing a custom 'ServerCertValidationCallback'.
*/
bool myUserCertValidationCallbackWrapper(ServerCertValidationCallback callback, X509Certificate certificate, X509Chain chain, MonoSslPolicyErrors sslPolicyErrors)
{
m_RemoteCertificateOrBytes = certificate == null ? null : certificate.GetRawCertData();
if (callback == null)
{
if (!_SslState.RemoteCertRequired)
{
sslPolicyErrors &= ~MonoSslPolicyErrors.RemoteCertificateNotAvailable;
}
return(sslPolicyErrors == MonoSslPolicyErrors.None);
}
return(ChainValidationHelper.InvokeCallback(callback, this, certificate, chain, sslPolicyErrors));
}
internal static bool InvokeCallback(ServerCertValidationCallback callback, object sender, X509Certificate certificate, X509Chain chain, MonoSslPolicyErrors sslPolicyErrors)
{
return(callback.Invoke(sender, certificate, chain, (SslPolicyErrors)sslPolicyErrors));
}
