internal static void CheckClientCertificate(TlsContext context, MX.X509CertificateCollection certificates)
{
if (context.SettingsProvider.HasClientCertificateParameters)
{
var certParams = context.SettingsProvider.ClientCertificateParameters;
if (certParams.CertificateAuthorities.Count > 0)
{
if (!certParams.CertificateAuthorities.Contains(certificates [0].IssuerName))
{
throw new TlsException(AlertDescription.BadCertificate);
}
}
}
var helper = CertificateValidationHelper.GetValidator(context.Configuration.TlsSettings);
X509Certificate2Collection scerts = null;
if (certificates != null)
{
scerts = new X509Certificate2Collection();
for (int i = 0; i < certificates.Count; i++)
{
scerts.Add(new X509Certificate2(certificates [i].RawData));
}
}
var result = helper.ValidateClientCertificate(scerts);
if (result == null || !result.Trusted || result.UserDenied)
{
throw new TlsException(AlertDescription.CertificateUnknown);
}
}
internal static void CheckRemoteCertificate(TlsConfiguration config, MX.X509CertificateCollection certificates)
{
if (certificates == null || certificates.Count < 1)
{
throw new TlsException(AlertDescription.CertificateUnknown);
}
var helper = CertificateValidationHelper.GetValidator(config.TlsSettings);
X509Certificate2Collection scerts = null;
if (certificates != null)
{
scerts = new X509Certificate2Collection();
for (int i = 0; i < certificates.Count; i++)
{
scerts.Add(new X509Certificate2(certificates [i].RawData));
}
}
var result = helper.ValidateChain(config.TargetHost, scerts);
if (result != null && result.Trusted && !result.UserDenied)
{
return;
}
// FIXME: check other values to report correct error type.
throw new TlsException(AlertDescription.CertificateUnknown);
}
ICertificateValidator GetValidator(TestContext ctx)
{
MonoTlsSettings settings = null;
if (Parameters.UseTestRunnerCallback)
{
settings = MonoTlsSettings.CopyDefaultSettings();
settings.CallbackNeedsCertificateChain = true;
settings.UseServicePointManagerCallback = false;
settings.RemoteCertificateValidationCallback = (t, c, ch, e) => ValidationCallback(ctx, t, c, ch, e);
}
return(CertificateValidationHelper.GetValidator(settings));
}
public ICertificateValidator GetCertificateValidator(MonoTlsSettings settings)
{
#if !__MOBILE__
var type = typeof(CertificateValidationHelper);
var getValidator = type.GetMethod("GetValidator", new Type[] { typeof(MonoTlsSettings) });
if (getValidator != null)
{
return((ICertificateValidator)getValidator.Invoke(null, new object[] { settings }));
}
getValidator = type.GetMethod("GetValidator", new Type[] { typeof(MonoTlsSettings), typeof(MonoTlsProvider) });
return((ICertificateValidator)getValidator.Invoke(null, new object[] { settings, null }));
#else
return(CertificateValidationHelper.GetValidator(settings));
#endif
}
