コード例 #1
0
        void SetupCertificateStore()
        {
            MonoBtlsProvider.SetupCertificateStore(ctx.CertificateStore);

            if (Settings != null && Settings.TrustAnchors != null)
            {
                var trust = IsServer ? MonoBtlsX509TrustKind.TRUST_CLIENT : MonoBtlsX509TrustKind.TRUST_SERVER;
                ctx.CertificateStore.AddCollection(Settings.TrustAnchors, trust);
            }
        }
コード例 #2
0
        void InitializeConnection()
        {
            ctx = new MonoBtlsSslCtx();

#if MARTIN_DEBUG
            errbio = MonoBtlsBio.CreateMonoStream(Console.OpenStandardError());
            ctx.SetDebugBio(errbio);
#endif

            MonoBtlsProvider.SetupCertificateStore(ctx.CertificateStore, Settings, IsServer);

            if (!IsServer || AskForClientCertificate)
            {
                ctx.SetVerifyCallback(VerifyCallback, false);
            }
            if (!IsServer)
            {
                ctx.SetSelectCallback(SelectCallback);
            }

            if (IsServer && (Options.ServerCertSelectionDelegate != null || Settings.ClientCertificateSelectionCallback != null))
            {
                ctx.SetServerNameCallback(ServerNameCallback);
            }

            ctx.SetVerifyParam(MonoBtlsProvider.GetVerifyParam(Settings, ServerName, IsServer));

            TlsProtocolCode?minProtocol, maxProtocol;
            GetProtocolVersions(out minProtocol, out maxProtocol);

            if (minProtocol != null)
            {
                ctx.SetMinVersion((int)minProtocol.Value);
            }
            if (maxProtocol != null)
            {
                ctx.SetMaxVersion((int)maxProtocol.Value);
            }

            if (Settings != null && Settings.EnabledCiphers != null)
            {
                var ciphers = new short [Settings.EnabledCiphers.Length];
                for (int i = 0; i < ciphers.Length; i++)
                {
                    ciphers [i] = (short)Settings.EnabledCiphers [i];
                }
                ctx.SetCiphers(ciphers, true);
            }

            if (IsServer && Settings?.ClientCertificateIssuers != null)
            {
                ctx.SetClientCertificateIssuers(Settings.ClientCertificateIssuers);
            }
        }
コード例 #3
0
 void GetPeerCertificate()
 {
     if (remoteCertificate != null)
     {
         return;
     }
     using (var remoteCert = ssl.GetPeerCertificate()) {
         if (remoteCert != null)
         {
             remoteCertificate = MonoBtlsProvider.CreateCertificate(remoteCert);
         }
     }
 }
コード例 #4
0
 public override bool Verify(X509Certificate2 thisCertificate)
 {
     using (var chain = new MonoBtlsX509Chain()) {
         chain.AddCertificate(x509.Copy());
         if (intermediateCerts != null)
         {
             for (int i = 0; i < intermediateCerts.Count; i++)
             {
                 var intermediate = (X509CertificateImplBtls)intermediateCerts [i];
                 chain.AddCertificate(intermediate.x509.Copy());
             }
         }
         return(MonoBtlsProvider.ValidateCertificate(chain, null));
     }
 }
コード例 #5
0
ファイル: MonoBtlsContext.cs プロジェクト: tdctaz/mono 
        void InitializeConnection()
        {
            ctx = new MonoBtlsSslCtx();

#if MARTIN_DEBUG
            errbio = MonoBtlsBio.CreateMonoStream(Console.OpenStandardError());
            ctx.SetDebugBio(errbio);
#endif

            SetupCertificateStore();

            if (!IsServer || AskForClientCertificate)
            {
                ctx.SetVerifyCallback(VerifyCallback, false);
            }
            if (!IsServer)
            {
                ctx.SetSelectCallback(SelectCallback);
            }

            var host = TargetHost;
            if (!string.IsNullOrEmpty(host))
            {
                var pos = TargetHost.IndexOf(':');
                if (pos > 0)
                {
                    host = host.Substring(0, pos);
                }
            }

            ctx.SetVerifyParam(MonoBtlsProvider.GetVerifyParam(host, IsServer));

            TlsProtocolCode minProtocol, maxProtocol;
            GetProtocolVersions(out minProtocol, out maxProtocol);

            ctx.SetMinVersion((int)minProtocol);
            ctx.SetMaxVersion((int)maxProtocol);

            if (Settings != null && Settings.EnabledCiphers != null)
            {
                var ciphers = new short [Settings.EnabledCiphers.Length];
                for (int i = 0; i < ciphers.Length; i++)
                {
                    ciphers [i] = (short)Settings.EnabledCiphers [i];
                }
                ctx.SetCiphers(ciphers, true);
            }
        }
コード例 #6
0
ファイル: MonoBtlsProvider.cs プロジェクト: marcinm100/mono 
        internal override bool ValidateCertificate(
            ICertificateValidator2 validator, string targetHost, bool serverMode,
            X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain,
            ref MonoSslPolicyErrors errors, ref int status11)
        {
            if (chain != null)
            {
                var chainImpl = (X509ChainImplBtls)chain.Impl;
                var success   = chainImpl.StoreCtx.VerifyResult == 1;
                CheckValidationResult(
                    validator, targetHost, serverMode, certificates,
                    wantsChain, chain, chainImpl.StoreCtx,
                    success, ref errors, ref status11);
                return(success);
            }

            using (var store = new MonoBtlsX509Store())
                using (var nativeChain = MonoBtlsProvider.GetNativeChain(certificates))
                    using (var param = GetVerifyParam(validator.Settings, targetHost, serverMode))
                        using (var storeCtx = new MonoBtlsX509StoreCtx()) {
                            SetupCertificateStore(store, validator.Settings, serverMode);

                            storeCtx.Initialize(store, nativeChain);

                            storeCtx.SetVerifyParam(param);

                            var ret = storeCtx.Verify();

                            var success = ret == 1;

                            if (wantsChain && chain == null)
                            {
                                chain = GetManagedChain(nativeChain);
                            }

                            CheckValidationResult(
                                validator, targetHost, serverMode, certificates,
                                wantsChain, null, storeCtx,
                                success, ref errors, ref status11);
                            return(success);
                        }
        }
コード例 #7
0
ファイル: btls-cert-sync.cs プロジェクト: tdctaz/mono 
        static void Main(string[] args)
        {
            if (!MonoBtlsProvider.IsSupported())
            {
                Console.Error.WriteLine("BTLS is not supported in this runtime!");
                Environment.Exit(255);
            }

            var configPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);

            configPath = Path.Combine(configPath, ".mono");

            var oldStorePath = Path.Combine(configPath, "certs", "Trust");
            var newStorePath = MonoBtlsX509StoreManager.GetStorePath(MonoBtlsX509StoreType.UserTrustedRoots);

            if (!Directory.Exists(oldStorePath))
            {
                Console.WriteLine("Old trust store {0} does not exist.");
                Environment.Exit(255);
            }

            if (Directory.Exists(newStorePath))
            {
                Directory.Delete(newStorePath, true);
            }
            Directory.CreateDirectory(newStorePath);

            var oldfiles = Directory.GetFiles(oldStorePath, "*.cer");

            Console.WriteLine("Found {0} files in the old store.", oldfiles.Length);

            foreach (var file in oldfiles)
            {
                Console.WriteLine("Converting {0}.", file);
                var data = File.ReadAllBytes(file);
                using (var x509 = MonoBtlsX509.LoadFromData(data, MonoBtlsX509Format.DER)) {
                    ConvertToNewFormat(newStorePath, x509);
                }
            }
        }
コード例 #8
0
 internal void AddTrustedRoots()
 {
     MonoBtlsProvider.SetupCertificateStore(this);
 }
コード例 #9
0
 internal void AddTrustedRoots()
 {
     MonoBtlsProvider.SetupCertificateStore(this, MonoTlsSettings.DefaultSettings, false);
 }
コード例 #10
0
        internal void AddTrustedRoots()
        {
            var systemRoot = MonoBtlsProvider.GetSystemStoreLocation();

            LoadLocations(null, systemRoot);
        }