public MonoConnectionProvider (MonoConnectionProviderFactory factory, ConnectionProviderType type, MSI.MonoTlsProvider tlsProvider, bool enableMonoExtensions)
: base (factory, type, GetFlags (tlsProvider, enableMonoExtensions))
{
this.tlsProvider = tlsProvider;
this.httpProvider = new MonoHttpProvider (this);
this.enableMonoExtensions = enableMonoExtensions;
}
internal static MonoSslStream CreateSslStream (
Stream innerStream, bool leaveInnerStreamOpen,
MonoTlsProvider provider, MonoTlsSettings settings = null)
{
var stream = new MonoNewTlsStream (innerStream, leaveInnerStreamOpen, provider, settings);
return new MonoSslStreamImpl (stream);
}
public MonoConnectionProvider(MonoConnectionProviderFactory factory, ConnectionProviderType type, MSI.MonoTlsProvider tlsProvider, bool enableMonoExtensions)
: base(factory, type, GetFlags(tlsProvider, enableMonoExtensions))
{
this.tlsProvider = tlsProvider;
this.httpProvider = new MonoHttpProvider(this);
this.enableMonoExtensions = enableMonoExtensions;
}
internal MonoConnectionProviderFactoryImpl ()
{
dotNetStreamProvider = new DotNetSslStreamProvider ();
dotNetHttpProvider = new DefaultHttpProvider (dotNetStreamProvider);
dotNetConnectionProvider = new DotNetConnectionProvider (this, ConnectionProviderType.DotNet, dotNetStreamProvider, dotNetHttpProvider);
Install (dotNetConnectionProvider);
newTlsProvider = DependencyInjector.Get<NewTlsProvider> ();
newTlsConnectionProvider = new MonoConnectionProviderImpl (this, ConnectionProviderType.NewTLS, newTlsProvider, false);
Install (newTlsConnectionProvider);
legacyTlsProvider = MSI.MonoTlsProviderFactory.GetDefaultProvider ();
legacyConnectionProvider = new MonoConnectionProviderImpl (this, ConnectionProviderType.OldTLS, legacyTlsProvider, false);
Install (legacyConnectionProvider);
monoWithNewTlsConnectionProvider = new MonoConnectionProviderImpl (this, ConnectionProviderType.MonoWithNewTLS, newTlsProvider, true);
Install (monoWithNewTlsConnectionProvider);
monoWithOldTlsConnectionProvider = new MonoConnectionProviderImpl (this, ConnectionProviderType.MonoWithOldTLS, legacyTlsProvider, true);
Install (monoWithOldTlsConnectionProvider);
openSslConnectionProvider = new OpenSslConnectionProvider (this);
Install (openSslConnectionProvider);
manualConnectionProvider = new ManualConnectionProvider (this, ConnectionProviderFlags.None);
Install (manualConnectionProvider);
}
internal MonoConnectionProvider(ConnectionProviderFactory factory, ConnectionProviderType type, ConnectionProviderFlags flags,
string name, MSI.MonoTlsProvider tlsProvider)
: base(factory, type, GetFlags(flags, tlsProvider))
{
this.name = name;
this.tlsProvider = tlsProvider;
}
static MSI.MonoTlsProvider CreateDefaultProviderImpl()
{
MSI.MonoTlsProvider provider = null;
var type = Environment.GetEnvironmentVariable("XA_TLS_PROVIDER");
switch (type)
{
case null:
case "default":
case "legacy":
return(new Private.MonoLegacyTlsProvider());
case "btls":
#if HAVE_BTLS
if (!MonoBtlsProvider.IsSupported())
{
throw new NotSupportedException("BTLS in not supported!");
}
return(new MonoBtlsProvider());
#else
throw new NotSupportedException("BTLS in not supported!");
#endif
default:
throw new NotSupportedException(string.Format("Invalid TLS Provider: `{0}'.", provider));
}
}
#pragma warning disable 618
internal static ICertificateValidator GetInternalValidator (MonoTlsProvider provider, MonoTlsSettings settings)
{
if (settings == null)
return new ChainValidationHelper (provider, null, false, null, null);
if (settings.CertificateValidator != null)
return settings.CertificateValidator;
return new ChainValidationHelper (provider, settings, false, null, null);
}
static MSI.MonoTlsProvider CreateDefaultProviderImpl()
{
MSI.MonoTlsProvider provider = null;
if (MSI.MonoTlsProviderFactory._PrivateFactoryDelegate != null)
{
provider = MSI.MonoTlsProviderFactory._PrivateFactoryDelegate();
}
return(provider);
}
static ConnectionProviderFlags GetFlags(MSI.MonoTlsProvider tlsProvider, bool enableMonoExtensions)
{
var flags = ConnectionProviderFlags.SupportsSslStream | ConnectionProviderFlags.SupportsHttp;
if (tlsProvider is NewTlsProvider)
{
flags |= ConnectionProviderFlags.SupportsTls12 | ConnectionProviderFlags.SupportsAeadCiphers | ConnectionProviderFlags.SupportsEcDheCiphers;
}
return(flags);
}
static ConnectionProviderFlags GetFlags(ConnectionProviderFlags flags, MSI.MonoTlsProvider tlsProvider)
{
if (((flags & ConnectionProviderFlags.DisableMonoExtensions) == 0) && tlsProvider.SupportsMonoExtensions)
{
flags |= ConnectionProviderFlags.SupportsMonoExtensions | ConnectionProviderFlags.SupportsHttpListener;
if (DependencyInjector.Get <IMonoConnectionFrameworkSetup> ().ProviderSupportsCleanShutdown(tlsProvider))
{
flags |= ConnectionProviderFlags.SupportsCleanShutdown;
}
}
return(flags);
}
static IMonoTlsProvider CreateDefaultProvider()
{
#if SECURITY_DEP
MSI.MonoTlsProvider provider = null;
if (MSI.MonoTlsProviderFactory._PrivateFactoryDelegate != null)
{
provider = MSI.MonoTlsProviderFactory._PrivateFactoryDelegate();
}
if (provider != null)
{
return(new Private.MonoTlsProviderWrapper(provider));
}
#endif
return(null);
}
public static MonoNewTlsStream CreateClient (
Stream innerStream, bool leaveOpen, MonoTlsProvider provider, MonoTlsSettings settings,
string targetHost, PSSCX.X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
var stream = new MonoNewTlsStream (innerStream, leaveOpen, provider, settings);
try {
stream.AuthenticateAsClient (targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation);
} catch (Exception ex) {
var tlsEx = stream.LastError;
if (tlsEx != null)
throw new AggregateException (ex, tlsEx);
throw;
}
return stream;
}
static ConnectionProviderFlags GetFlags(ConnectionProviderFlags flags, MSI.MonoTlsProvider tlsProvider)
{
if (tlsProvider.SupportsMonoExtensions)
{
flags |= ConnectionProviderFlags.SupportsMonoExtensions | ConnectionProviderFlags.SupportsHttpListener;
// Legacy TLS does not support the clean shutdown.
if ((flags & ConnectionProviderFlags.SupportsTls12) != 0)
{
if (DependencyInjector.Get <IConnectionFrameworkSetup> ().SupportsCleanShutdown)
{
flags |= ConnectionProviderFlags.SupportsCleanShutdown;
}
}
}
return(flags);
}
internal SslStream (Stream innerStream, bool leaveInnerStreamOpen, EncryptionPolicy encryptionPolicy, MonoTlsProvider provider, MonoTlsSettings settings)
: base (innerStream, leaveInnerStreamOpen)
{
if (encryptionPolicy != EncryptionPolicy.RequireEncryption && encryptionPolicy != EncryptionPolicy.AllowNoEncryption && encryptionPolicy != EncryptionPolicy.NoEncryption)
throw new ArgumentException (SR.GetString (SR.net_invalid_enum, "EncryptionPolicy"), "encryptionPolicy");
var validationHelper = MNS.ChainValidationHelper.CloneWithCallbackWrapper (provider, ref settings, myUserCertValidationCallbackWrapper);
LocalCertSelectionCallback selectionCallback = null;
if (validationHelper.HasCertificateSelectionCallback)
selectionCallback = validationHelper.SelectClientCertificate;
var internalProvider = new MNS.Private.MonoTlsProviderWrapper (provider);
_Configuration = new MyConfiguration (internalProvider, settings, this);
_SslState = new SslState (innerStream, null, selectionCallback, encryptionPolicy, _Configuration);
}
internal MonoConnectionProviderFactory()
{
dotNetStreamProvider = new DotNetSslStreamProvider();
dotNetHttpProvider = new DefaultHttpProvider(dotNetStreamProvider);
dotNetConnectionProvider = new DotNetConnectionProvider(this, ConnectionProviderType.DotNet, dotNetStreamProvider, dotNetHttpProvider);
Install(dotNetConnectionProvider);
newTlsProvider = DependencyInjector.Get <NewTlsProvider> ();
newTlsConnectionProvider = new MonoConnectionProvider(this, ConnectionProviderType.NewTLS, newTlsProvider, false);
Install(newTlsConnectionProvider);
monoWithNewTlsConnectionProvider = new MonoConnectionProvider(this, ConnectionProviderType.MonoWithNewTLS, newTlsProvider, true);
Install(monoWithNewTlsConnectionProvider);
#if !__MOBILE__
openSslConnectionProvider = new OpenSslConnectionProvider(this);
Install(openSslConnectionProvider);
#endif
manualConnectionProvider = new ManualConnectionProvider(this, ConnectionProviderFlags.IsExplicit);
Install(manualConnectionProvider);
}
internal MonoConnectionProviderFactory ()
{
dotNetStreamProvider = new DotNetSslStreamProvider ();
dotNetHttpProvider = new DefaultHttpProvider (dotNetStreamProvider);
dotNetConnectionProvider = new DotNetConnectionProvider (this, ConnectionProviderType.DotNet, dotNetStreamProvider, dotNetHttpProvider);
Install (dotNetConnectionProvider);
newTlsProvider = DependencyInjector.Get<NewTlsProvider> ();
newTlsConnectionProvider = new MonoConnectionProvider (this, ConnectionProviderType.NewTLS, newTlsProvider, false);
Install (newTlsConnectionProvider);
monoWithNewTlsConnectionProvider = new MonoConnectionProvider (this, ConnectionProviderType.MonoWithNewTLS, newTlsProvider, true);
Install (monoWithNewTlsConnectionProvider);
#if !__MOBILE__
openSslConnectionProvider = new OpenSslConnectionProvider (this);
Install (openSslConnectionProvider);
#endif
manualConnectionProvider = new ManualConnectionProvider (this, ConnectionProviderFlags.IsExplicit);
Install (manualConnectionProvider);
}
ChainValidationHelper (ChainValidationHelper other, MonoTlsProvider provider, MonoTlsSettings settings, ServerCertValidationCallbackWrapper callbackWrapper = null)
{
sender = other.sender;
certValidationCallback = other.certValidationCallback;
certSelectionCallback = other.certSelectionCallback;
tlsStream = other.tlsStream;
request = other.request;
if (settings == null)
settings = MonoTlsSettings.DefaultSettings;
this.provider = provider;
this.settings = settings.CloneWithValidator (this);
this.callbackWrapper = callbackWrapper;
}
/*
* This is a hack which is used in SslStream - see ReferenceSources/SslStream.cs for details.
*/
internal static ChainValidationHelper CloneWithCallbackWrapper (MonoTlsProvider provider, ref MonoTlsSettings settings, ServerCertValidationCallbackWrapper wrapper)
{
var helper = (ChainValidationHelper)settings.CertificateValidator;
if (helper == null)
helper = new ChainValidationHelper (provider, settings, true, null, wrapper);
else
helper = new ChainValidationHelper (helper, provider, settings, wrapper);
settings = helper.settings;
return helper;
}
/*
* Use this overloaded version in user code.
*/
public static ICertificateValidator GetValidator (MonoTlsSettings settings, MonoTlsProvider provider = null)
{
return GetDefaultValidator (settings, provider);
}
internal static ICertificateValidator2 GetDefaultValidator (MonoTlsSettings settings, MonoTlsProvider provider)
{
return GetInternalValidator (settings, provider);
}
/*
* Create @HttpWebRequest with the specified @provider (may be null to use the default one).
*
* NOTE: This needs to be written as "System.Uri" to avoid ambiguity with Mono.Security.Uri in the
* mobile build.
*
*/
public static HttpWebRequest CreateHttpsRequest (System.Uri requestUri, MonoTlsProvider provider, MonoTlsSettings settings = null)
{
return NoReflectionHelper.CreateHttpsRequest (requestUri, provider, settings);
}
public MonoConnectionProvider(ConnectionProviderFactory factory, ConnectionProviderType type, ConnectionProviderFlags flags, string name, MSI.MonoTlsProvider tlsProvider)
: base(factory, type, flags)
{
this.name = name;
this.tlsProvider = tlsProvider;
}
/*
* Installs a custom TLS Provider.
*
* May only be called at application startup and will throw
* @InvalidOperationException if a provider has already been installed.
*/
public static void InstallProvider (MonoTlsProvider provider)
{
installProviderMethod.Invoke (null, new object[] { provider });
}
/*
* Create @HttpWebRequest with the specified @provider (may be null to use the default one).
*
* NOTE: This needs to be written as "System.Uri" to avoid ambiguity with Mono.Security.Uri in the
* mobile build.
*
*/
public static HttpWebRequest CreateHttpsRequest (System.Uri requestUri, MonoTlsProvider provider, MonoTlsSettings settings = null)
{
return (HttpWebRequest)createHttpsRequestMethod.Invoke (null, new object[] { requestUri, provider, settings });
}
public static HttpListener CreateHttpListener(X509Certificate certificate, MonoTlsProvider provider = null, MonoTlsSettings settings = null)
{
return((HttpListener)NoReflectionHelper.CreateHttpListener(certificate, provider, settings));
}
internal MonoNewTlsStream (Stream innerStream, bool leaveOpen, MSI.MonoTlsProvider provider, MSI.MonoTlsSettings settings)
: base (innerStream, leaveOpen, EncryptionPolicy.RequireEncryption, provider, settings)
{
this.provider = provider;
}
internal MonoNewTlsStream(Stream innerStream, bool leaveOpen, MSI.MonoTlsProvider provider, MSI.MonoTlsSettings settings)
: base(innerStream, leaveOpen, EncryptionPolicy.RequireEncryption, provider, settings)
{
this.provider = provider;
}
internal MonoNewTlsStream(Stream innerStream, MSI.MonoTlsProvider provider, MSI.MonoTlsSettings settings)
: this(innerStream, false, provider, settings)
{
}
internal static ChainValidationHelper Create (MonoTlsProvider provider, ref MonoTlsSettings settings, MonoTlsStream stream)
{
var helper = new ChainValidationHelper (provider, settings, true, stream, null);
settings = helper.settings;
return helper;
}
/*
* Installs a custom TLS Provider.
*
* May only be called at application startup and will throw
* @InvalidOperationException if a provider has already been installed.
*/
public static void InstallProvider (MonoTlsProvider provider)
{
NoReflectionHelper.InstallProvider (provider);
}
ChainValidationHelper (MonoTlsProvider provider, MonoTlsSettings settings, bool cloneSettings, MonoTlsStream stream, ServerCertValidationCallbackWrapper callbackWrapper)
{
if (settings == null)
settings = MonoTlsSettings.CopyDefaultSettings ();
if (cloneSettings)
settings = settings.CloneWithValidator (this);
if (provider == null)
provider = MonoTlsProviderFactory.GetProvider ();
this.provider = provider;
this.settings = settings;
this.tlsStream = stream;
this.callbackWrapper = callbackWrapper;
var fallbackToSPM = false;
if (settings != null) {
if (settings.RemoteCertificateValidationCallback != null) {
var callback = Private.CallbackHelpers.MonoToPublic (settings.RemoteCertificateValidationCallback);
certValidationCallback = new ServerCertValidationCallback (callback);
}
certSelectionCallback = Private.CallbackHelpers.MonoToInternal (settings.ClientCertificateSelectionCallback);
fallbackToSPM = settings.UseServicePointManagerCallback ?? stream != null;
}
if (stream != null) {
this.request = stream.Request;
this.sender = request;
if (certValidationCallback == null)
certValidationCallback = request.ServerCertValidationCallback;
if (certSelectionCallback == null)
certSelectionCallback = new LocalCertSelectionCallback (DefaultSelectionCallback);
if (settings == null)
fallbackToSPM = true;
}
if (fallbackToSPM && certValidationCallback == null)
certValidationCallback = ServicePointManager.ServerCertValidationCallback;
}
public SslStream (Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback)
: base (innerStream, leaveInnerStreamOpen)
{
provider = GetProvider ();
var settings = MonoTlsSettings.CopyDefaultSettings ();
settings.RemoteCertificateValidationCallback = MNS.Private.CallbackHelpers.PublicToMono (userCertificateValidationCallback);
settings.ClientCertificateSelectionCallback = MNS.Private.CallbackHelpers.PublicToMono (userCertificateSelectionCallback);
impl = provider.CreateSslStream (innerStream, leaveInnerStreamOpen, settings);
}
public LegacySslStream (Stream innerStream, bool leaveInnerStreamOpen, MonoTlsProvider provider, MonoTlsSettings settings)
: base (innerStream, leaveInnerStreamOpen)
{
this.provider = provider;
this.settings = settings;
this.certificateValidator = ChainValidationHelper.GetDefaultValidator (provider, settings);
}
public MonoBtlsStream (Stream innerStream, bool leaveInnerStreamOpen, MonoTlsSettings settings, MonoTlsProvider provider)
: base (innerStream, leaveInnerStreamOpen, settings, provider)
{
}
public SslStream (Stream innerStream, bool leaveInnerStreamOpen)
: base (innerStream, leaveInnerStreamOpen)
{
provider = GetProvider ();
impl = provider.CreateSslStream (innerStream, leaveInnerStreamOpen);
}
static ICertificateValidator GetDefaultValidator (MonoTlsProvider provider, MonoTlsSettings settings)
{
return (ICertificateValidator)NoReflectionHelper.GetDefaultCertificateValidator (provider, settings);
}
public static HttpListener CreateHttpListener (X509Certificate certificate, MonoTlsProvider provider = null, MonoTlsSettings settings = null)
{
return (HttpListener)NoReflectionHelper.CreateHttpListener (certificate, provider, settings);
}
/*
* Internal API, intended to be used by MonoTlsProvider implementations.
*/
public static ICertificateValidator GetValidator (MonoTlsProvider provider, MonoTlsSettings settings)
{
return GetDefaultValidator (provider, settings);
}
/*
* Create @HttpWebRequest with the specified @provider (may be null to use the default one).
*
* NOTE: This needs to be written as "System.Uri" to avoid ambiguity with Mono.Security.Uri in the
* mobile build.
*
*/
public static HttpWebRequest CreateHttpsRequest(System.Uri requestUri, MonoTlsProvider provider, MonoTlsSettings settings = null)
{
return(NoReflectionHelper.CreateHttpsRequest(requestUri, provider, settings));
}
/*
* Internal API, intended to be used by MonoTlsProvider implementations.
*/
internal static ICertificateValidator2 GetInternalValidator (MonoTlsSettings settings, MonoTlsProvider provider)
{
return (ICertificateValidator2)NoReflectionHelper.GetInternalValidator (provider, settings);
}
