public TlsContext(TlsConfiguration configuration, bool isServer) { this.configuration = configuration; this.isServer = isServer; #if INSTRUMENTATION SetupInstrumentation(); #endif session = new Session(configuration); Session.RandomNumberGenerator = RandomNumberGenerator.Create(); if (IsServer) { negotiationHandler = CreateNegotiationHandler(NegotiationState.InitialServerConnection); } else { negotiationHandler = CreateNegotiationHandler(NegotiationState.InitialClientConnection); } if (Configuration.UserSettings != null && Configuration.UserSettings.EnableDebugging) { EnableDebugging = true; } }
internal static void CheckRemoteCertificate(TlsConfiguration config, MX.X509CertificateCollection certificates) { if (certificates == null || certificates.Count < 1) { throw new TlsException(AlertDescription.CertificateUnknown); } var helper = CertificateValidationHelper.GetValidator(config.TlsSettings); X509Certificate2Collection scerts = null; if (certificates != null) { scerts = new X509Certificate2Collection(); for (int i = 0; i < certificates.Count; i++) { scerts.Add(new X509Certificate2(certificates [i].RawData)); } } var result = helper.ValidateChain(config.TargetHost, scerts); if (result != null && result.Trusted && !result.UserDenied) { return; } // FIXME: check other values to report correct error type. throw new TlsException(AlertDescription.CertificateUnknown); }
public TlsContext (TlsConfiguration configuration, bool isServer) { this.configuration = configuration; this.isServer = isServer; #if INSTRUMENTATION if (configuration.HasInstrumentation) { if (configuration.Instrumentation.HasSignatureInstrument) signatureProvider = configuration.Instrumentation.SignatureInstrument; if (configuration.Instrumentation.HasSettingsInstrument) settingsProvider = configuration.Instrumentation.SettingsInstrument; handshakeInstruments = configuration.Instrumentation.HandshakeInstruments; } #endif if (signatureProvider == null) signatureProvider = new SignatureProvider (); if (settingsProvider == null) settingsProvider = new SettingsProvider (configuration.TlsSettings.UserSettings); session = new Session (configuration); Session.RandomNumberGenerator = RandomNumberGenerator.Create (); if (IsServer) negotiationHandler = CreateNegotiationHandler (NegotiationState.InitialServerConnection); else negotiationHandler = CreateNegotiationHandler (NegotiationState.InitialClientConnection); if (settingsProvider.EnableDebugging ?? false) EnableDebugging = true; settingsProvider.Initialize (this); }
public TlsContext(TlsConfiguration configuration, bool isServer, IMonoTlsEventSink eventSink) { this.configuration = configuration; this.isServer = isServer; this.eventSink = eventSink; #if INSTRUMENTATION var instrumentation = configuration.UserSettings.Instrumentation; if (instrumentation != null) { if (instrumentation.HasSignatureInstrument) { signatureProvider = instrumentation.SignatureInstrument; } if (instrumentation.HasSettingsInstrument) { settingsProvider = instrumentation.SettingsInstrument; } handshakeInstruments = instrumentation.HandshakeInstruments; instrumentationEventSink = instrumentation.EventSink; } #endif if (signatureProvider == null) { signatureProvider = new SignatureProvider(); } if (settingsProvider == null) { settingsProvider = new SettingsProvider(configuration.UserSettings); } session = new Session(configuration); Session.RandomNumberGenerator = RandomNumberGenerator.Create(); if (IsServer) { negotiationHandler = CreateNegotiationHandler(NegotiationState.InitialServerConnection); } else { negotiationHandler = CreateNegotiationHandler(NegotiationState.InitialClientConnection); } if (settingsProvider.EnableDebugging) { EnableDebugging = true; } settingsProvider.Initialize(this); }
internal static void CheckRemoteCertificate (TlsConfiguration config, MX.X509CertificateCollection certificates) { if (certificates == null || certificates.Count < 1) throw new TlsException (AlertDescription.CertificateUnknown); var helper = config.CertificateValidator; if (helper == null) helper = CertificateValidationHelper.CreateDefaultValidator (config.TlsSettings); var result = helper.ValidateChain (config.TargetHost, certificates); if (result != null && result.Trusted && !result.UserDenied) return; // FIXME: check other values to report correct error type. throw new TlsException (AlertDescription.CertificateUnknown); }
internal static void CheckRemoteCertificate (TlsConfiguration config, MX.X509CertificateCollection certificates) { if (certificates == null || certificates.Count < 1) throw new TlsException (AlertDescription.CertificateUnknown); var helper = CertificateValidationHelper.GetValidator (config.TlsSettings); X509Certificate2Collection scerts = null; if (certificates != null) { scerts = new X509Certificate2Collection (); for (int i = 0; i < certificates.Count; i++) scerts.Add (new X509Certificate2 (certificates [i].RawData)); } var result = helper.ValidateChain (config.TargetHost, scerts); if (result != null && result.Trusted && !result.UserDenied) return; // FIXME: check other values to report correct error type. throw new TlsException (AlertDescription.CertificateUnknown); }
internal static bool CheckClientCertificate(TlsConfiguration config, MX.X509CertificateCollection certificates) { if (certificates == null || certificates.Count < 1) { if (!config.UserSettings.RequireClientCertificate) { return(false); } throw new TlsException(AlertDescription.CertificateUnknown); } var leaf = certificates [0]; var chain = new MX.X509Chain(); chain.LoadCertificates(certificates); var ok = chain.Build(leaf); var errors = GetStatus(chain.Status); var certParams = config.UserSettings.ClientCertificateParameters; if (certParams.CertificateAuthorities.Count > 0) { if (!certParams.CertificateAuthorities.Contains(leaf.IssuerName)) { throw new TlsException(AlertDescription.BadCertificate); } } if (config.UserSettings.ClientCertValidationCallback != null) { ok = config.UserSettings.ClientCertValidationCallback(certParams, leaf, chain, errors); } if (!ok) { throw new TlsException(AlertDescription.CertificateUnknown); } return(true); }
internal static void CheckRemoteCertificate(TlsConfiguration config, MX.X509CertificateCollection certificates) { if (certificates == null || certificates.Count < 1) { throw new TlsException(AlertDescription.CertificateUnknown); } var leaf = certificates [0]; var chain = new MX.X509Chain(); chain.LoadCertificates(certificates); var ok = chain.Build(leaf); var errors = GetStatus(chain.Status); if (config.RemoteCertValidationCallback != null) { ok = config.RemoteCertValidationCallback(null, leaf, chain, errors); } if (!ok) { throw new TlsException(AlertDescription.CertificateUnknown); } }
public Session (TlsConfiguration configuration) { Configuration = configuration; }
public Session(TlsConfiguration configuration) { Configuration = configuration; }
public TlsContextWrapper (TlsConfiguration config, bool serverMode) { this.config = config; this.serverMode = serverMode; }
public override MSI.IMonoTlsContext CreateTlsContext ( string hostname, bool serverMode, MSI.TlsProtocols protocolFlags, SSCX.X509Certificate serverCertificate, PSSCX.X509CertificateCollection clientCertificates, bool remoteCertRequired, MSI.MonoEncryptionPolicy encryptionPolicy, MSI.MonoTlsSettings settings) { TlsConfiguration config; if (serverMode) { var cert = (PSSCX.X509Certificate2)serverCertificate; var monoCert = new MX.X509Certificate (cert.RawData); config = new TlsConfiguration ((TlsProtocols)protocolFlags, (MSI.MonoTlsSettings)settings, monoCert, cert.PrivateKey); if (remoteCertRequired) config.AskForClientCertificate = true; } else { config = new TlsConfiguration ((TlsProtocols)protocolFlags, (MSI.MonoTlsSettings)settings, hostname); } return new TlsContextWrapper (config, serverMode); }