private unsafe void InitializeSslContext(
SafeSslHandle handle,
SafeFreeSslCredentials credential,
SslAuthenticationOptions authOptions)
{
switch (credential.Policy)
{
case EncryptionPolicy.RequireEncryption:
#pragma warning disable SYSLIB0040 // NoEncryption and AllowNoEncryption are obsolete
case EncryptionPolicy.AllowNoEncryption:
break;
#pragma warning restore SYSLIB0040
default:
throw new PlatformNotSupportedException(SR.Format(SR.net_encryptionpolicy_notsupported, credential.Policy));
}
bool isServer = authOptions.IsServer;
if (authOptions.CipherSuitesPolicy != null)
{
// TODO: [AndroidCrypto] Handle non-system-default options
throw new NotImplementedException(nameof(SafeDeleteSslContext));
}
// Make sure the class instance is associated to the session and is provided
// in the Read/Write callback connection parameter
IntPtr managedContextHandle = GCHandle.ToIntPtr(GCHandle.Alloc(this, GCHandleType.Weak));
Interop.AndroidCrypto.SSLStreamInitialize(handle, isServer, managedContextHandle, &ReadFromConnection, &WriteToConnection, InitialBufferSize);
if (credential.Protocols != SslProtocols.None)
{
SslProtocols protocolsToEnable = credential.Protocols & s_supportedSslProtocols.Value;
if (protocolsToEnable == 0)
{
throw new PlatformNotSupportedException(SR.Format(SR.net_security_sslprotocol_notsupported, credential.Protocols));
}
(int minIndex, int maxIndex) = protocolsToEnable.ValidateContiguous(s_orderedSslProtocols);
Interop.AndroidCrypto.SSLStreamSetEnabledProtocols(handle, s_orderedSslProtocols.AsSpan(minIndex, maxIndex - minIndex + 1));
}
if (authOptions.ApplicationProtocols != null && authOptions.ApplicationProtocols.Count != 0 &&
Interop.AndroidCrypto.SSLSupportsApplicationProtocolsConfiguration())
{
// Set application protocols if the platform supports it. Otherwise, we will silently ignore the option.
Interop.AndroidCrypto.SSLStreamSetApplicationProtocols(handle, authOptions.ApplicationProtocols);
}
if (isServer && authOptions.RemoteCertRequired)
{
Interop.AndroidCrypto.SSLStreamRequestClientAuthentication(handle);
}
if (!isServer && !string.IsNullOrEmpty(authOptions.TargetHost))
{
Interop.AndroidCrypto.SSLStreamSetTargetHost(handle, authOptions.TargetHost);
}
}
private static void InitializeSslContext(
SafeSslHandle handle,
Interop.AndroidCrypto.SSLReadCallback readCallback,
Interop.AndroidCrypto.SSLWriteCallback writeCallback,
SafeFreeSslCredentials credential,
SslAuthenticationOptions authOptions)
{
switch (credential.Policy)
{
case EncryptionPolicy.RequireEncryption:
case EncryptionPolicy.AllowNoEncryption:
break;
default:
throw new PlatformNotSupportedException(SR.Format(SR.net_encryptionpolicy_notsupported, credential.Policy));
}
bool isServer = authOptions.IsServer;
if (authOptions.CipherSuitesPolicy != null)
{
// TODO: [AndroidCrypto] Handle non-system-default options
throw new NotImplementedException(nameof(SafeDeleteSslContext));
}
Interop.AndroidCrypto.SSLStreamInitialize(handle, isServer, readCallback, writeCallback, InitialBufferSize);
if (credential.Protocols != SslProtocols.None)
{
;
SslProtocols protocolsToEnable = credential.Protocols & s_supportedSslProtocols.Value;
if (protocolsToEnable == 0)
{
throw new PlatformNotSupportedException(SR.Format(SR.net_security_sslprotocol_notsupported, credential.Protocols));
}
(int minIndex, int maxIndex) = protocolsToEnable.ValidateContiguous(s_orderedSslProtocols);
Interop.AndroidCrypto.SSLStreamSetEnabledProtocols(handle, s_orderedSslProtocols.AsSpan(minIndex, maxIndex - minIndex + 1));
}
if (authOptions.ApplicationProtocols != null && authOptions.ApplicationProtocols.Count != 0 &&
Interop.AndroidCrypto.SSLSupportsApplicationProtocolsConfiguration())
{
// Set application protocols if the platform supports it. Otherwise, we will silently ignore the option.
Interop.AndroidCrypto.SSLStreamSetApplicationProtocols(handle, authOptions.ApplicationProtocols);
}
if (isServer && authOptions.RemoteCertRequired)
{
Interop.AndroidCrypto.SSLStreamRequestClientAuthentication(handle);
}
if (!isServer && !string.IsNullOrEmpty(authOptions.TargetHost))
{
Interop.AndroidCrypto.SSLStreamSetTargetHost(handle, authOptions.TargetHost);
}
}
private static void SetProtocols(SafeSslHandle sslContext, SslProtocols protocols)
{
(int minIndex, int maxIndex) = protocols.ValidateContiguous(s_orderedSslProtocols);
SslProtocols minProtocolId = s_orderedSslProtocols[minIndex];
SslProtocols maxProtocolId = s_orderedSslProtocols[maxIndex];
// Set the min and max.
Interop.AppleCrypto.SslSetMinProtocolVersion(sslContext, minProtocolId);
Interop.AppleCrypto.SslSetMaxProtocolVersion(sslContext, maxProtocolId);
}