Esempio n. 1
        public void StartHandshake()
            Debug("StartHandshake: {0}", IsServer);

            if (Interlocked.CompareExchange(ref handshakeStarted, 1, 1) != 0)
                throw new InvalidOperationException();


            SetSessionOption(SslSessionOption.BreakOnCertRequested, true);
            SetSessionOption(SslSessionOption.BreakOnClientAuth, true);
            SetSessionOption(SslSessionOption.BreakOnServerAuth, true);

            if (IsServer)
                serverIdentity = MobileCertificateHelper.GetIdentity(serverCertificate);
                if (serverIdentity == null)
                    throw new SSA.AuthenticationException("Unable to get server certificate from keychain.");
                SetCertificate(serverIdentity, new SecCertificate [0]);
Esempio n. 2
        public override void StartHandshake()
            Debug("StartHandshake: {0}", IsServer);

            if (Interlocked.CompareExchange(ref handshakeStarted, 1, 1) != 0)
                throw new InvalidOperationException();


            SetSessionOption(SslSessionOption.BreakOnCertRequested, true);
            SetSessionOption(SslSessionOption.BreakOnClientAuth, true);
            SetSessionOption(SslSessionOption.BreakOnServerAuth, true);

            if (IsServer)
                SecCertificate[] intermediateCerts;
                serverIdentity = MobileCertificateHelper.GetIdentity(LocalServerCertificate, out intermediateCerts);
                if (serverIdentity == null)
                    throw new SSA.AuthenticationException("Unable to get server certificate from keychain.");

                SetCertificate(serverIdentity, intermediateCerts);
                for (int i = 0; i < intermediateCerts.Length; i++)
                    intermediateCerts [i].Dispose();
Esempio n. 3
        void EvaluateTrust()

             * We're using .NET's SslStream semantics here.
             * A server must always provide a valid certificate.
             * However, in server mode, "ask for client certificate" means that
             * we ask the client to provide a certificate, then invoke the client
             * certificate validator - passing 'null' if the client didn't provide
             * any.

            var trust = GetPeerTrust(!IsServer);
            X509CertificateCollection certificates;

            if (trust == null || trust.Count == 0)
                remoteCertificate = null;
                if (!IsServer)
                    throw new TlsException(AlertDescription.CertificateUnknown);
                certificates = null;
                if (trust.Count > 1)
                    Debug("WARNING: Got multiple certificates in SecTrust!");

                certificates = new X509CertificateCollection();
                for (int i = 0; i < trust.Count; i++)
                    certificates.Add(trust [i].ToX509Certificate());

                remoteCertificate = certificates [0];
                Debug("Got peer trust: {0}", remoteCertificate);

            bool ok;

            try {
                ok = MobileCertificateHelper.Validate(TargetHost, IsServer, certificateValidator, certificates);
            } catch (Exception ex) {
                Debug("Certificate validation failed: {0}", ex);
                throw new TlsException(AlertDescription.CertificateUnknown, "Certificate validation threw exception.");

            if (!ok)
                throw new TlsException(AlertDescription.CertificateUnknown);
Esempio n. 4
 internal override bool InvokeSystemCertificateValidator(
     ICertificateValidator2 validator, string targetHost, bool serverMode,
     X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain,
     out bool success, ref MonoSslPolicyErrors errors, ref int status11)
     if (wantsChain)
         chain = MNS.SystemCertificateValidator.CreateX509Chain(certificates);
     return(MobileCertificateHelper.InvokeSystemCertificateValidator(validator, targetHost, serverMode, certificates, out success, ref errors, ref status11));
Esempio n. 5
        public override bool ProcessHandshake()
            SslStatus status;

                lastException = null;
                status        = SSLHandshake(Handle);
                Debug("Handshake: {0} - {0:x}", status);

                CheckStatusAndThrow(status, SslStatus.WouldBlock, SslStatus.PeerAuthCompleted, SslStatus.PeerClientCertRequested);

                if (status == SslStatus.PeerAuthCompleted)
                else if (status == SslStatus.PeerClientCertRequested)
                    if (remoteCertificate == null)
                        throw new TlsException(AlertDescription.InternalError, "Cannot request client certificate before receiving one from the server.");
                    localClientCertificate = MobileCertificateHelper.SelectClientCertificate(TargetHost, certificateValidator, ClientCertificates, remoteCertificate);
                    if (localClientCertificate == null)
                    clientIdentity = MobileCertificateHelper.GetIdentity(localClientCertificate);
                    if (clientIdentity == null)
                        throw new TlsException(AlertDescription.CertificateUnknown);
                    SetCertificate(clientIdentity, new SecCertificate [0]);
                else if (status == SslStatus.WouldBlock)
            } while (status != SslStatus.Success);
