public static X509Certificate2 CreateCertificate2(byte[] data, string password, bool disallowFallback = false) { using (var impl = new X509CertificateImplBtls(disallowFallback)) { impl.Import(data, password, X509KeyStorageFlags.DefaultKeySet); return(new X509Certificate2(impl)); } }
int SelectCallback(string[] acceptableIssuers) { Debug("SELECT CALLBACK!"); /* * Make behavior consistent with AppleTls, which does not call the selection callback after a * certificate has been set. See the comment in AppleTlsContext for details. */ if (nativeClientCertificate != null) { return(1); } GetPeerCertificate(); var clientCert = SelectClientCertificate(acceptableIssuers); Debug($"SELECT CALLBACK #1: {clientCert}"); if (clientCert == null) { return(1); } nativeClientCertificate = GetPrivateCertificate(clientCert); Debug($"SELECT CALLBACK #2: {nativeClientCertificate}"); clientCertificate = new X509Certificate(nativeClientCertificate); SetPrivateCertificate(nativeClientCertificate); return(1); }
public MonoBtlsContext(MNS.MobileAuthenticatedStream parent, MNS.MonoSslAuthenticationOptions options) : base(parent, options) { if (IsServer) { nativeServerCertificate = GetPrivateCertificate(LocalServerCertificate); } }
internal X509Certificate2Impl GetNativeCertificate( byte[] data, SafePasswordHandle password, X509KeyStorageFlags flags) { var impl = new X509CertificateImplBtls(false); impl.Import(data, password, flags); return(impl); }
internal override X509Certificate2Impl GetNativeCertificate( byte[] data, string password, X509KeyStorageFlags flags) { var impl = new X509CertificateImplBtls(false); impl.Import(data, password, flags); return(impl); }
X509CertificateImplBtls (X509CertificateImplBtls other) { disallowFallback = other.disallowFallback; x509 = other.x509 != null ? other.x509.Copy () : null; privateKey = other.privateKey != null ? other.privateKey.Copy () : null; if (other.intermediateCerts != null) intermediateCerts = other.intermediateCerts.Clone (); }
X509CertificateImplBtls (X509CertificateImplBtls other) { disallowFallback = other.disallowFallback; x509 = other.x509 != null ? other.x509.Copy () : null; nativePrivateKey = other.nativePrivateKey != null ? other.nativePrivateKey.Copy () : null; fallback = other.fallback != null ? (X509Certificate2Impl)other.fallback.Clone () : null; if (other.intermediateCerts != null) intermediateCerts = other.intermediateCerts.Clone (); }
X509CertificateImplBtls(X509CertificateImplBtls other) { x509 = other.x509 != null?other.x509.Copy() : null; nativePrivateKey = other.nativePrivateKey != null?other.nativePrivateKey.Copy() : null; if (other.intermediateCerts != null) { intermediateCerts = other.intermediateCerts.Clone(); } }
X509CertificateImplBtls(X509CertificateImplBtls other) { disallowFallback = other.disallowFallback; x509 = other.x509 != null?other.x509.Copy() : null; privateKey = other.privateKey != null?other.privateKey.Copy() : null; if (other.intermediateCerts != null) { intermediateCerts = other.intermediateCerts.Clone(); } }
public MonoBtlsContext( MNS.MobileAuthenticatedStream parent, bool serverMode, string targetHost, SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool askForClientCert) : base(parent, serverMode, targetHost, enabledProtocols, serverCertificate, clientCertificates, askForClientCert) { if (serverMode) { nativeServerCertificate = GetPrivateCertificate(serverCertificate); } }
X509CertificateImplBtls(X509CertificateImplBtls other) { disallowFallback = other.disallowFallback; x509 = other.x509 != null?other.x509.Copy() : null; nativePrivateKey = other.nativePrivateKey != null?other.nativePrivateKey.Copy() : null; fallback = other.fallback != null ? (X509Certificate2Impl)other.fallback.Clone() : null; if (other.intermediateCerts != null) { intermediateCerts = other.intermediateCerts.Clone(); } }
static X509CertificateImplBtls GetPrivateCertificate(X509Certificate certificate) { var impl = certificate.Impl as X509CertificateImplBtls; if (impl != null) { return((X509CertificateImplBtls)impl.Clone()); } var password = Guid.NewGuid().ToString(); var buffer = certificate.Export(X509ContentType.Pfx, password); impl = new X509CertificateImplBtls(); impl.Import(buffer, password, X509KeyStorageFlags.DefaultKeySet); return(impl); }
void SetPrivateCertificate(X509CertificateImplBtls privateCert) { Debug("SetPrivateCertificate: {0}", privateCert); ssl.SetCertificate(privateCert.X509); ssl.SetPrivateKey(privateCert.NativePrivateKey); var intermediate = privateCert.IntermediateCertificates; if (intermediate == null) { return; } for (int i = 0; i < intermediate.Count; i++) { var impl = (X509CertificateImplBtls)intermediate [i]; Debug("SetPrivateCertificate - add intermediate: {0}", impl); ssl.AddIntermediateCertificate(impl.X509); } }
int ServerNameCallback() { Debug("SERVER NAME CALLBACK"); var name = ssl.GetServerName(); Debug($"SERVER NAME CALLBACK #1: {name}"); var certificate = SelectServerCertificate(name); if (certificate == null) { return(1); } nativeServerCertificate = GetPrivateCertificate(certificate); SetPrivateCertificate(nativeServerCertificate); return(1); }
internal X509ChainImplBtls (MonoBtlsX509StoreCtx storeCtx) { this.storeCtx = storeCtx.Copy (); this.chain = storeCtx.GetChain (); policy = new X509ChainPolicy (); untrustedChain = storeCtx.GetUntrusted (); if (untrustedChain != null) { untrusted = new X509Certificate2Collection (); policy.ExtraStore = untrusted; for (int i = 0; i < untrustedChain.Count; i++) { var cert = untrustedChain.GetCertificate (i); using (var impl = new X509CertificateImplBtls (cert)) untrusted.Add (new X509Certificate2 (impl)); } } }
void ImportPkcs12(byte[] data, SafePasswordHandle password) { using (var pkcs12 = new MonoBtlsPkcs12()) { if (password == null || password.IsInvalid) { try { // Support both unencrypted PKCS#12.. pkcs12.Import(data, null); } catch { // ..and PKCS#12 encrypted with an empty password using (var empty = new SafePasswordHandle(string.Empty)) pkcs12.Import(data, empty); } } else { pkcs12.Import(data, password); } x509 = pkcs12.GetCertificate(0); if (pkcs12.HasPrivateKey) { nativePrivateKey = pkcs12.GetPrivateKey(); } if (pkcs12.Count > 1) { intermediateCerts = new X509CertificateImplCollection(); for (int i = 0; i < pkcs12.Count; i++) { using (var ic = pkcs12.GetCertificate(i)) { if (MonoBtlsX509.Compare(ic, x509) == 0) { continue; } var impl = new X509CertificateImplBtls(ic); intermediateCerts.Add(impl, true); } } } } }
internal X509ChainImplBtls(MonoBtlsX509StoreCtx storeCtx) { this.storeCtx = storeCtx.Copy(); this.chain = storeCtx.GetChain(); policy = new X509ChainPolicy(); untrustedChain = storeCtx.GetUntrusted(); if (untrustedChain != null) { untrusted = new X509Certificate2Collection(); policy.ExtraStore = untrusted; for (int i = 0; i < untrustedChain.Count; i++) { var cert = untrustedChain.GetCertificate(i); using (var impl = new X509CertificateImplBtls(cert)) untrusted.Add(new X509Certificate2(impl)); } } }
int SelectCallback() { Debug("SELECT CALLBACK!"); GetPeerCertificate(); if (remoteCertificate == null) { throw new TlsException(AlertDescription.InternalError, "Cannot request client certificate before receiving one from the server."); } var clientCert = SelectClientCertificate(remoteCertificate, null); Debug("SELECT CALLBACK #1: {0}", clientCert); if (clientCert == null) { return(1); } nativeClientCertificate = GetPrivateCertificate(clientCert); Debug("SELECT CALLBACK #2: {0}", nativeClientCertificate); clientCertificate = new X509Certificate(nativeClientCertificate); SetPrivateCertificate(nativeClientCertificate); return(1); }
void SetPrivateCertificate(X509CertificateImplBtls privateCert) { Debug("SetPrivateCertificate: {0}", privateCert); ssl.SetCertificate(privateCert.X509); ssl.SetPrivateKey(privateCert.NativePrivateKey); var intermediate = privateCert.IntermediateCertificates; if (intermediate == null) { /* Intermediate certificates are lost in the translation from X509Certificate(2) to X509CertificateImplBtls, so we need to restore them somehow. */ var chain = new System.Security.Cryptography.X509Certificates.X509Chain(false); /* Let's try to recover as many as we can. */ chain.ChainPolicy.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck; chain.Build(new System.Security.Cryptography.X509Certificates.X509Certificate2(privateCert.X509.GetRawData(MonoBtlsX509Format.DER), "")); var elems = chain.ChainElements; for (int j = 1; j < elems.Count; j++) { var cert = elems[j].Certificate; /* If self-signed, it's a root and should not be sent. */ if (cert.SubjectName.RawData.SequenceEqual(cert.IssuerName.RawData)) { break; } ssl.AddIntermediateCertificate(MonoBtlsX509.LoadFromData(cert.RawData, MonoBtlsX509Format.DER)); } } else { for (int i = 0; i < intermediate.Count; i++) { var impl = (X509CertificateImplBtls)intermediate [i]; Debug("SetPrivateCertificate - add intermediate: {0}", impl); ssl.AddIntermediateCertificate(impl.X509); } } }
public static X509Certificate2 CreateCertificate2(byte[] data, MonoBtlsX509Format format, bool disallowFallback = false) { using (var impl = new X509CertificateImplBtls(data, format, disallowFallback)) { return(new X509Certificate2(impl)); } }
public static X509Certificate2 CreateCertificate2 (byte[] data, MonoBtlsX509Format format, bool disallowFallback = false) { using (var impl = new X509CertificateImplBtls (data, format, disallowFallback)) { return new X509Certificate2 (impl); } }
public static X509Certificate CreateCertificate(MonoBtlsX509 x509) { using (var impl = new X509CertificateImplBtls(x509)) return(new X509Certificate(impl)); }
void ImportPkcs12 (byte[] data, string password) { using (var pkcs12 = new MonoBtlsPkcs12 ()) { if (string.IsNullOrEmpty (password)) { try { // Support both unencrypted PKCS#12.. pkcs12.Import (data, null); } catch { // ..and PKCS#12 encrypted with an empty password pkcs12.Import (data, string.Empty); } } else { pkcs12.Import (data, password); } x509 = pkcs12.GetCertificate (0); if (pkcs12.HasPrivateKey) nativePrivateKey = pkcs12.GetPrivateKey (); if (pkcs12.Count > 1) { intermediateCerts = new X509CertificateImplCollection (); for (int i = 0; i < pkcs12.Count; i++) { using (var ic = pkcs12.GetCertificate (i)) { if (MonoBtlsX509.Compare (ic, x509) == 0) continue; var impl = new X509CertificateImplBtls (ic, true); intermediateCerts.Add (impl, true); } } } } }
public static X509Certificate2 CreateCertificate2(byte[] data, string password, bool disallowFallback = false) { using (var handle = new SafePasswordHandle(password)) using (var impl = new X509CertificateImplBtls(data, handle, X509KeyStorageFlags.DefaultKeySet)) return(new X509Certificate2(impl)); }
public static X509Certificate2 CreateCertificate2(byte[] data, MonoBtlsX509Format format) { using (var impl = new X509CertificateImplBtls(data, format)) { return(new X509Certificate2(impl)); } }
public static X509Certificate2 CreateCertificate2 (byte[] data, string password, bool disallowFallback = false) { using (var impl = new X509CertificateImplBtls (disallowFallback)) { impl.Import (data, password, X509KeyStorageFlags.DefaultKeySet); return new X509Certificate2 (impl); } }
public static X509Certificate CreateCertificate (MonoBtlsX509 x509) { using (var impl = new X509CertificateImplBtls (x509, true)) return new X509Certificate (impl); }
internal override X509Certificate2Impl GetNativeCertificate ( byte[] data, string password, X509KeyStorageFlags flags) { var impl = new X509CertificateImplBtls (false); impl.Import (data, password, flags); return impl; }