public static NSUrlCredential FromTrust(SecTrust trust)
{
if (trust == null)
throw new ArgumentNullException ("trust");
return FromTrust (trust.Handle);
}
public static bool InvokeSystemCertificateValidator(
ICertificateValidator2 validator, string targetHost, bool serverMode,
X509CertificateCollection certificates, out bool success,
ref MonoSslPolicyErrors errors, ref int status11)
{
if (certificates == null) {
errors |= MonoSslPolicyErrors.RemoteCertificateNotAvailable;
success = false;
return true;
}
var policy = SecPolicy.CreateSslPolicy (!serverMode, targetHost);
var trust = new SecTrust (certificates, policy);
if (validator.Settings.TrustAnchors != null) {
var status = trust.SetAnchorCertificates (validator.Settings.TrustAnchors);
if (status != SecStatusCode.Success)
throw new InvalidOperationException (status.ToString ());
trust.SetAnchorCertificatesOnly (false);
}
var result = trust.Evaluate ();
if (result == SecTrustResult.Unspecified) {
success = true;
return true;
}
errors |= MonoSslPolicyErrors.RemoteCertificateChainErrors;
success = false;
return true;
}
//
// EXPERIMENTAL
// Needs some more testing before we can make this public.
// AppleTls does not actually use this API, so it may be removed again.
//
internal NSData GetPublicKey()
{
if (handle == IntPtr.Zero)
{
throw new ObjectDisposedException("SecCertificate");
}
var policy = SecPolicy.CreateBasicX509Policy();
var trust = new SecTrust(this, policy);
trust.Evaluate();
SecStatusCode status;
using (var key = trust.GetPublicKey())
using (var query = new SecRecord(SecKind.Key)) {
query.SetValueRef(key);
status = SecKeyChain.Add(query);
if (status != SecStatusCode.Success && status != SecStatusCode.DuplicateItem)
{
throw new InvalidOperationException(status.ToString());
}
bool added = status == SecStatusCode.Success;
try {
var data = SecKeyChain.QueryAsData(query, false, out status);
if (status != SecStatusCode.Success)
{
throw new InvalidOperationException(status.ToString());
}
return(data);
} finally {
if (added)
{
status = SecKeyChain.Remove(query);
if (status != SecStatusCode.Success)
{
throw new InvalidOperationException(status.ToString());
}
}
}
}
}
//
// EXPERIMENTAL
// Needs some more testing before we can make this public.
// AppleTls does not actually use this API, so it may be removed again.
//
internal NSData GetPublicKey ()
{
if (handle == IntPtr.Zero)
throw new ObjectDisposedException ("SecCertificate");
var policy = SecPolicy.CreateBasicX509Policy ();
var trust = new SecTrust (this, policy);
trust.Evaluate ();
SecStatusCode status;
using (var key = trust.GetPublicKey ())
using (var query = new SecRecord (SecKind.Key)) {
query.SetValueRef (key);
status = SecKeyChain.Add (query);
if (status != SecStatusCode.Success && status != SecStatusCode.DuplicateItem)
throw new InvalidOperationException (status.ToString ());
bool added = status == SecStatusCode.Success;
try {
var data = SecKeyChain.QueryAsData (query, false, out status);
if (status != SecStatusCode.Success)
throw new InvalidOperationException (status.ToString ());
return data;
} finally {
if (added) {
status = SecKeyChain.Remove (query);
if (status != SecStatusCode.Success)
throw new InvalidOperationException (status.ToString ());
}
}
}
}
