public static bool InvokeSystemCertificateValidator( ICertificateValidator2 validator, string targetHost, bool serverMode, X509CertificateCollection certificates, out bool success, ref MonoSslPolicyErrors errors, ref int status11) { if (certificates == null) { errors |= MonoSslPolicyErrors.RemoteCertificateNotAvailable; success = false; return true; } var policy = SecPolicy.CreateSslPolicy (!serverMode, targetHost); var trust = new SecTrust (certificates, policy); if (validator.Settings.TrustAnchors != null) { var status = trust.SetAnchorCertificates (validator.Settings.TrustAnchors); if (status != SecStatusCode.Success) throw new InvalidOperationException (status.ToString ()); trust.SetAnchorCertificatesOnly (false); } var result = trust.Evaluate (); if (result == SecTrustResult.Unspecified) { success = true; return true; } errors |= MonoSslPolicyErrors.RemoteCertificateChainErrors; success = false; return true; }
/* * If @serverMode is true, then we're a server and want to validate a certificate * that we received from a client. * * On OS X and Mobile, the @chain will be initialized with the @certificates, but not actually built. * * Returns `true` if certificate validation has been performed and `false` to invoke the * default system validator. */ internal virtual bool InvokeSystemCertificateValidator( ICertificateValidator2 validator, string targetHost, bool serverMode, X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain, out bool success, ref MonoSslPolicyErrors errors, ref int status11) { throw new InvalidOperationException(); }
protected MobileTlsContext(MobileAuthenticatedStream parent, MonoSslAuthenticationOptions options) { Parent = parent; Options = options; IsServer = options.ServerMode; EnabledProtocols = options.EnabledSslProtocols; if (options.ServerMode) { LocalServerCertificate = options.ServerCertificate; AskForClientCertificate = options.ClientCertificateRequired; } else { ClientCertificates = options.ClientCertificates; TargetHost = options.TargetHost; ServerName = options.TargetHost; if (!string.IsNullOrEmpty(ServerName)) { var pos = ServerName.IndexOf(':'); if (pos > 0) { ServerName = ServerName.Substring(0, pos); } } } certificateValidator = (ICertificateValidator2)ChainValidationHelper.GetInternalValidator( parent.SslStream, parent.Provider, parent.Settings); }
public AppleTlsContext( MobileAuthenticatedStream parent, MonoTlsSettings settings, AppleTlsProvider provider, bool serverMode, string targetHost, SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool askForClientCert) { this.parent = parent; this.settings = settings; this.provider = provider; this.serverMode = serverMode; this.targetHost = targetHost; this.enabledProtocols = enabledProtocols; this.serverCertificate = serverCertificate; this.clientCertificates = clientCertificates; this.askForClientCert = askForClientCert; handle = GCHandle.Alloc(this); connectionId = GCHandle.ToIntPtr(handle); readFunc = NativeReadCallback; writeFunc = NativeWriteCallback; certificateValidator = CertificateValidationHelper.GetDefaultValidator(settings, provider); if (IsServer) { if (serverCertificate == null) { throw new ArgumentNullException("serverCertificate"); } } }
public MobileTlsContext( MobileAuthenticatedStream parent, bool serverMode, string targetHost, SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool askForClientCert) { this.parent = parent; this.serverMode = serverMode; this.targetHost = targetHost; this.enabledProtocols = enabledProtocols; this.serverCertificate = serverCertificate; this.clientCertificates = clientCertificates; this.askForClientCert = askForClientCert; serverName = targetHost; if (!string.IsNullOrEmpty(serverName)) { var pos = serverName.IndexOf(':'); if (pos > 0) { serverName = serverName.Substring(0, pos); } } certificateValidator = CertificateValidationHelper.GetInternalValidator( parent.Settings, parent.Provider); }
internal override bool ValidateCertificate( ICertificateValidator2 validator, string targetHost, bool serverMode, X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain, ref MonoSslPolicyErrors errors, ref int status11) { if (wantsChain) { chain = MNS.SystemCertificateValidator.CreateX509Chain(certificates); } return(AppleCertificateHelper.InvokeSystemCertificateValidator(validator, targetHost, serverMode, certificates, ref errors, ref status11)); }
public static bool Validate(string targetHost, bool serverMode, ICertificateValidator2 validator, X509CertificateCollection certificates) { var result = validator.ValidateCertificate(targetHost, serverMode, certificates); if (result != null && result.Trusted && !result.UserDenied) { return(true); } return(false); }
public static bool InvokeSystemCertificateValidator( ICertificateValidator2 validator, string targetHost, bool serverMode, X509CertificateCollection certificates, ref MonoSslPolicyErrors errors, ref int status11) { if (certificates == null) { errors |= MonoSslPolicyErrors.RemoteCertificateNotAvailable; return(false); } if (!string.IsNullOrEmpty(targetHost)) { var pos = targetHost.IndexOf(':'); if (pos > 0) { targetHost = targetHost.Substring(0, pos); } } var policy = SecPolicy.CreateSslPolicy(!serverMode, targetHost); var trust = new SecTrust(certificates, policy); if (validator.Settings.TrustAnchors != null) { var status = trust.SetAnchorCertificates(validator.Settings.TrustAnchors); if (status != SecStatusCode.Success) { throw new InvalidOperationException(status.ToString()); } trust.SetAnchorCertificatesOnly(false); } if (validator.Settings.CertificateValidationTime != null) { var status = trust.SetVerifyDate(validator.Settings.CertificateValidationTime.Value); if (status != SecStatusCode.Success) { throw new InvalidOperationException(status.ToString()); } } var result = trust.Evaluate(); if (result == SecTrustResult.Unspecified) { return(true); } errors |= MonoSslPolicyErrors.RemoteCertificateChainErrors; return(false); }
public MobileTlsContext( MobileAuthenticatedStream parent, bool serverMode, string targetHost, SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool askForClientCert) { this.parent = parent; this.serverMode = serverMode; this.targetHost = targetHost; this.enabledProtocols = enabledProtocols; this.serverCertificate = serverCertificate; this.clientCertificates = clientCertificates; this.askForClientCert = askForClientCert; certificateValidator = CertificateValidationHelper.GetDefaultValidator( parent.Settings, parent.Provider); }
public MobileTlsContext ( MobileAuthenticatedStream parent, bool serverMode, string targetHost, SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool askForClientCert) { this.parent = parent; this.serverMode = serverMode; this.targetHost = targetHost; this.enabledProtocols = enabledProtocols; this.serverCertificate = serverCertificate; this.clientCertificates = clientCertificates; this.askForClientCert = askForClientCert; certificateValidator = CertificateValidationHelper.GetInternalValidator ( parent.Settings, parent.Provider); }
public static X509Certificate SelectClientCertificate(string targetHost, ICertificateValidator2 validator, X509CertificateCollection clientCertificates, X509Certificate serverCertificate) { X509Certificate certificate; var selected = validator.SelectClientCertificate (targetHost, clientCertificates, serverCertificate, null, out certificate); if (selected) return certificate; if (clientCertificates == null || clientCertificates.Count == 0) return null; if (clientCertificates.Count == 1) return clientCertificates [0]; // FIXME: select onne. throw new NotImplementedException (); }
internal override bool ValidateCertificate( ICertificateValidator2 validator, string targetHost, bool serverMode, X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain, ref MonoSslPolicyErrors errors, ref int status11) { if (chain != null) { var chainImpl = (X509ChainImplBtls)chain.Impl; var success = chainImpl.StoreCtx.VerifyResult == 1; CheckValidationResult( validator, targetHost, serverMode, certificates, wantsChain, chain, chainImpl.StoreCtx, success, ref errors, ref status11); return(success); } using (var store = new MonoBtlsX509Store()) using (var nativeChain = MonoBtlsProvider.GetNativeChain(certificates)) using (var param = GetVerifyParam(validator.Settings, targetHost, serverMode)) using (var storeCtx = new MonoBtlsX509StoreCtx()) { SetupCertificateStore(store, validator.Settings, serverMode); storeCtx.Initialize(store, nativeChain); storeCtx.SetVerifyParam(param); var ret = storeCtx.Verify(); var success = ret == 1; if (wantsChain && chain == null) { chain = GetManagedChain(nativeChain); } CheckValidationResult( validator, targetHost, serverMode, certificates, wantsChain, null, storeCtx, success, ref errors, ref status11); return(success); } }
public AppleTlsContext( MobileAuthenticatedStream parent, bool serverMode, string targetHost, SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool askForClientCert) : base(parent, serverMode, targetHost, enabledProtocols, serverCertificate, clientCertificates, askForClientCert) { handle = GCHandle.Alloc(this); connectionId = GCHandle.ToIntPtr(handle); readFunc = NativeReadCallback; writeFunc = NativeWriteCallback; certificateValidator = CertificateValidationHelper.GetDefaultValidator(Settings, Provider); if (IsServer) { if (serverCertificate == null) { throw new ArgumentNullException("serverCertificate"); } } }
public static X509Certificate SelectClientCertificate(string targetHost, ICertificateValidator2 validator, X509CertificateCollection clientCertificates, X509Certificate serverCertificate) { X509Certificate certificate; var selected = validator.SelectClientCertificate(targetHost, clientCertificates, serverCertificate, null, out certificate); if (selected) { return(certificate); } if (clientCertificates == null || clientCertificates.Count == 0) { return(null); } if (clientCertificates.Count == 1) { return(clientCertificates [0]); } // FIXME: select onne. throw new NotImplementedException(); }
public MobileTlsContext ( MobileAuthenticatedStream parent, bool serverMode, string targetHost, SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool askForClientCert) { this.parent = parent; this.serverMode = serverMode; this.targetHost = targetHost; this.enabledProtocols = enabledProtocols; this.serverCertificate = serverCertificate; this.clientCertificates = clientCertificates; this.askForClientCert = askForClientCert; serverName = targetHost; if (!string.IsNullOrEmpty (serverName)) { var pos = serverName.IndexOf (':'); if (pos > 0) serverName = serverName.Substring (0, pos); } certificateValidator = CertificateValidationHelper.GetInternalValidator ( parent.Settings, parent.Provider); }
public static bool InvokeSystemCertificateValidator( ICertificateValidator2 validator, string targetHost, bool serverMode, X509CertificateCollection certificates, out bool success, ref MonoSslPolicyErrors errors, ref int status11) { if (certificates == null) { errors |= MonoSslPolicyErrors.RemoteCertificateNotAvailable; success = false; return(true); } var policy = SecPolicy.CreateSslPolicy(!serverMode, targetHost); var trust = new SecTrust(certificates, policy); if (validator.Settings.TrustAnchors != null) { var status = trust.SetAnchorCertificates(validator.Settings.TrustAnchors); if (status != SecStatusCode.Success) { throw new InvalidOperationException(status.ToString()); } trust.SetAnchorCertificatesOnly(false); } var result = trust.Evaluate(); if (result == SecTrustResult.Unspecified) { success = true; return(true); } errors |= MonoSslPolicyErrors.RemoteCertificateChainErrors; success = false; return(true); }
public AppleTlsContext( MobileAuthenticatedStream parent, MonoTlsSettings settings, AppleTlsProvider provider, bool serverMode, string targetHost, SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool askForClientCert) { this.parent = parent; this.settings = settings; this.provider = provider; this.serverMode = serverMode; this.targetHost = targetHost; this.enabledProtocols = enabledProtocols; this.serverCertificate = serverCertificate; this.clientCertificates = clientCertificates; this.askForClientCert = askForClientCert; handle = GCHandle.Alloc (this); connectionId = GCHandle.ToIntPtr (handle); readFunc = NativeReadCallback; writeFunc = NativeWriteCallback; // a bit higher than the default maximum fragment size readBuffer = new byte [16384]; writeBuffer = new byte [16384]; certificateValidator = CertificateValidationHelper.GetDefaultValidator (settings, provider); if (IsServer) { if (serverCertificate == null) throw new ArgumentNullException ("serverCertificate"); } }
public static bool Validate(string targetHost, bool serverMode, ICertificateValidator2 validator, X509CertificateCollection certificates) { var result = validator.ValidateCertificate (targetHost, serverMode, certificates); if (result != null && result.Trusted && !result.UserDenied) return true; return false; }
internal override bool InvokeSystemCertificateValidator( ICertificateValidator2 validator, string targetHost, bool serverMode, X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain, out bool success, ref MonoSslPolicyErrors errors, ref int status11) { if (wantsChain) chain = MSN.SystemCertificateValidator.CreateX509Chain (certificates); return MobileCertificateHelper.InvokeSystemCertificateValidator (validator, targetHost, serverMode, certificates, out success, ref errors, ref status11); }
/* * If @serverMode is true, then we're a server and want to validate a certificate * that we received from a client. * * On OS X and Mobile, the @chain will be initialized with the @certificates, but not actually built. * * Returns `true` if certificate validation has been performed and `false` to invoke the * default system validator. */ internal abstract bool ValidateCertificate ( ICertificateValidator2 validator, string targetHost, bool serverMode, X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain, ref MonoSslPolicyErrors errors, ref int status11);
/* * If @serverMode is true, then we're a server and want to validate a certificate * that we received from a client. * * On OS X and Mobile, the @chain will be initialized with the @certificates, but not actually built. * * Returns `true` if certificate validation has been performed and `false` to invoke the * default system validator. */ internal abstract bool ValidateCertificate( ICertificateValidator2 validator, string targetHost, bool serverMode, X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain, ref MonoSslPolicyErrors errors, ref int status11);
internal override bool ValidateCertificate ( ICertificateValidator2 validator, string targetHost, bool serverMode, X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain, ref MonoSslPolicyErrors errors, ref int status11) { if (chain != null) { var chainImpl = (X509ChainImplBtls)chain.Impl; var success = chainImpl.StoreCtx.VerifyResult == 1; CheckValidationResult ( validator, targetHost, serverMode, certificates, wantsChain, chain, chainImpl.StoreCtx, success, ref errors, ref status11); return success; } using (var store = new MonoBtlsX509Store ()) using (var nativeChain = MonoBtlsProvider.GetNativeChain (certificates)) using (var param = GetVerifyParam (targetHost, serverMode)) using (var storeCtx = new MonoBtlsX509StoreCtx ()) { SetupCertificateStore (store); storeCtx.Initialize (store, nativeChain); storeCtx.SetVerifyParam (param); var ret = storeCtx.Verify (); var success = ret == 1; if (wantsChain && chain == null) { chain = GetManagedChain (nativeChain); } CheckValidationResult ( validator, targetHost, serverMode, certificates, wantsChain, null, storeCtx, success, ref errors, ref status11); return success; } }
/* * If @serverMode is true, then we're a server and want to validate a certificate * that we received from a client. * * On OS X and Mobile, the @chain will be initialized with the @certificates, but not actually built. * * Returns `true` if certificate validation has been performed and `false` to invoke the * default system validator. */ internal virtual bool InvokeSystemCertificateValidator ( ICertificateValidator2 validator, string targetHost, bool serverMode, X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain, out bool success, ref MonoSslPolicyErrors errors, ref int status11) { throw new InvalidOperationException (); }