protected override void Dispose(bool disposing)
{
if (disposing)
{
if (chain != null)
{
chain.Dispose();
chain = null;
}
if (storeCtx != null)
{
storeCtx.Dispose();
storeCtx = null;
}
if (untrustedChain != null)
{
untrustedChain.Dispose();
untrustedChain = null;
}
if (untrusted != null)
{
foreach (var cert in untrusted)
{
cert.Dispose();
}
}
}
base.Dispose(disposing);
}
void CheckValidationResult(
ICertificateValidator validator, string targetHost, bool serverMode,
X509CertificateCollection certificates, bool wantsChain,
X509Chain chain, MonoBtlsX509StoreCtx storeCtx,
bool success, ref MonoSslPolicyErrors errors, ref int status11)
{
status11 = unchecked ((int)0);
if (success)
{
return;
}
errors = MonoSslPolicyErrors.RemoteCertificateChainErrors;
if (!wantsChain || storeCtx == null || chain == null)
{
status11 = unchecked ((int)0x800B010B);
return;
}
var error = storeCtx.GetError();
if (error != Mono.Btls.MonoBtlsX509Error.OK &
error != Mono.Btls.MonoBtlsX509Error.CRL_NOT_YET_VALID)
{
chain.Impl.AddStatus(MapVerifyErrorToChainStatus(error));
status11 = unchecked ((int)0x800B010B);
}
}
int VerifyCallback(bool preverify_ok, MonoBtlsX509StoreCtx ctx)
{
if (verifyCallback != null)
{
return(verifyCallback(ctx));
}
return(0);
}
int VerifyCallback(MonoBtlsX509StoreCtx storeCtx)
{
using (var chainImpl = new X509ChainImplBtls(storeCtx))
using (var managedChain = new X509Chain(chainImpl)) {
var leaf = managedChain.ChainElements[0].Certificate;
var result = ValidateCertificate(leaf, managedChain);
certificateValidated = true;
return(result ? 1 : 0);
}
}
void CheckValidationResult(
ICertificateValidator validator, string targetHost, bool serverMode,
X509CertificateCollection certificates, bool wantsChain,
X509Chain chain, MonoBtlsX509StoreCtx storeCtx,
bool success, ref MonoSslPolicyErrors errors, ref int status11)
{
if (!success)
{
errors = MonoSslPolicyErrors.RemoteCertificateChainErrors;
status11 = unchecked ((int)0x800B010B);
}
}
static int NativeVerifyCallback (IntPtr instance, int preverify_ok, IntPtr store_ctx)
{
var c = (MonoBtlsSslCtx)GCHandle.FromIntPtr (instance).Target;
using (var ctx = new MonoBtlsX509StoreCtx (preverify_ok, store_ctx)) {
try {
return c.VerifyCallback (preverify_ok != 0, ctx);
} catch (Exception ex) {
c.SetException (ex);
}
}
return 0;
}
internal static bool ValidateCertificate(MonoBtlsX509Chain chain, MonoBtlsX509VerifyParam param)
{
using (var store = new MonoBtlsX509Store())
using (var storeCtx = new MonoBtlsX509StoreCtx()) {
SetupCertificateStore(store);
storeCtx.Initialize(store, chain);
if (param != null)
{
storeCtx.SetVerifyParam(param);
}
var ret = storeCtx.Verify();
return(ret == 1);
}
}
internal X509ChainImplBtls (MonoBtlsX509StoreCtx storeCtx)
{
this.storeCtx = storeCtx.Copy ();
this.chain = storeCtx.GetChain ();
policy = new X509ChainPolicy ();
untrustedChain = storeCtx.GetUntrusted ();
if (untrustedChain != null) {
untrusted = new X509Certificate2Collection ();
policy.ExtraStore = untrusted;
for (int i = 0; i < untrustedChain.Count; i++) {
var cert = untrustedChain.GetCertificate (i);
using (var impl = new X509CertificateImplBtls (cert))
untrusted.Add (new X509Certificate2 (impl));
}
}
}
internal override bool ValidateCertificate(
ICertificateValidator2 validator, string targetHost, bool serverMode,
X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain,
ref MonoSslPolicyErrors errors, ref int status11)
{
if (chain != null)
{
var chainImpl = (X509ChainImplBtls)chain.Impl;
var success = chainImpl.StoreCtx.VerifyResult == 1;
CheckValidationResult(
validator, targetHost, serverMode, certificates,
wantsChain, chain, chainImpl.StoreCtx,
success, ref errors, ref status11);
return(success);
}
using (var store = new MonoBtlsX509Store())
using (var nativeChain = MonoBtlsProvider.GetNativeChain(certificates))
using (var param = GetVerifyParam(validator.Settings, targetHost, serverMode))
using (var storeCtx = new MonoBtlsX509StoreCtx()) {
SetupCertificateStore(store, validator.Settings, serverMode);
storeCtx.Initialize(store, nativeChain);
storeCtx.SetVerifyParam(param);
var ret = storeCtx.Verify();
var success = ret == 1;
if (wantsChain && chain == null)
{
chain = GetManagedChain(nativeChain);
}
CheckValidationResult(
validator, targetHost, serverMode, certificates,
wantsChain, null, storeCtx,
success, ref errors, ref status11);
return(success);
}
}
internal X509ChainImplBtls(MonoBtlsX509StoreCtx storeCtx)
{
this.storeCtx = storeCtx.Copy();
this.chain = storeCtx.GetChain();
policy = new X509ChainPolicy();
untrustedChain = storeCtx.GetUntrusted();
if (untrustedChain != null)
{
untrusted = new X509Certificate2Collection();
policy.ExtraStore = untrusted;
for (int i = 0; i < untrustedChain.Count; i++)
{
var cert = untrustedChain.GetCertificate(i);
using (var impl = new X509CertificateImplBtls(cert))
untrusted.Add(new X509Certificate2(impl));
}
}
}
void CheckValidationResult(
ICertificateValidator validator, string targetHost, bool serverMode,
X509CertificateCollection certificates, bool wantsChain,
X509Chain chain, MonoBtlsX509StoreCtx storeCtx,
bool success, ref MonoSslPolicyErrors errors, ref int status11)
{
status11 = unchecked ((int)0);
if (success)
{
return;
}
errors = MonoSslPolicyErrors.RemoteCertificateChainErrors;
if (!wantsChain || storeCtx == null || chain == null)
{
status11 = unchecked ((int)0x800B010B);
return;
}
var error = storeCtx.GetError();
switch (error)
{
case Mono.Btls.MonoBtlsX509Error.OK:
errors = MonoSslPolicyErrors.None;
break;
case Mono.Btls.MonoBtlsX509Error.CRL_NOT_YET_VALID:
break;
case MonoBtlsX509Error.HOSTNAME_MISMATCH:
errors = MonoSslPolicyErrors.RemoteCertificateNameMismatch;
chain.Impl.AddStatus(X509ChainStatusFlags.UntrustedRoot);
status11 = unchecked ((int)0x800B010B);
break;
default:
chain.Impl.AddStatus(MapVerifyErrorToChainStatus(error));
status11 = unchecked ((int)0x800B010B);
break;
}
}
internal static bool ValidateCertificate(MonoBtlsX509Chain chain, MonoBtlsX509VerifyParam param)
{
using (var store = new MonoBtlsX509Store())
using (var storeCtx = new MonoBtlsX509StoreCtx()) {
/*
* We're called from X509Certificate2.Verify() via X509CertificateImplBtls.Verify().
*
* Use the default settings and assume client-mode.
*/
SetupCertificateStore(store, MonoTlsSettings.DefaultSettings, false);
storeCtx.Initialize(store, chain);
if (param != null)
{
storeCtx.SetVerifyParam(param);
}
var ret = storeCtx.Verify();
return(ret == 1);
}
}
internal static bool ValidateCertificate (MonoBtlsX509Chain chain, MonoBtlsX509VerifyParam param)
{
using (var store = new MonoBtlsX509Store ())
using (var storeCtx = new MonoBtlsX509StoreCtx ()) {
SetupCertificateStore (store);
storeCtx.Initialize (store, chain);
if (param != null)
storeCtx.SetVerifyParam (param);
var ret = storeCtx.Verify ();
return ret == 1;
}
}
protected override void Dispose (bool disposing)
{
if (disposing) {
if (chain != null) {
chain.Dispose ();
chain = null;
}
if (storeCtx != null) {
storeCtx.Dispose ();
storeCtx = null;
}
if (untrustedChain != null) {
untrustedChain.Dispose ();
untrustedChain = null;
}
if (untrusted != null) {
foreach (var cert in untrusted)
cert.Dispose ();
untrusted = null;
}
if (certificates != null) {
foreach (var cert in certificates)
cert.Dispose ();
certificates = null;
}
}
base.Dispose (disposing);
}
int VerifyCallback (bool preverify_ok, MonoBtlsX509StoreCtx ctx)
{
if (verifyCallback != null)
return verifyCallback (ctx);
return 0;
}
int VerifyCallback (bool preverify_ok, MonoBtlsX509StoreCtx ctx)
{
if (verifyCallback != null)
return verifyCallback (ctx);
return 0;
}
internal override bool ValidateCertificate (
ICertificateValidator2 validator, string targetHost, bool serverMode,
X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain,
ref MonoSslPolicyErrors errors, ref int status11)
{
if (chain != null) {
var chainImpl = (X509ChainImplBtls)chain.Impl;
var success = chainImpl.StoreCtx.VerifyResult == 1;
CheckValidationResult (
validator, targetHost, serverMode, certificates,
wantsChain, chain, chainImpl.StoreCtx,
success, ref errors, ref status11);
return success;
}
using (var store = new MonoBtlsX509Store ())
using (var nativeChain = MonoBtlsProvider.GetNativeChain (certificates))
using (var param = GetVerifyParam (targetHost, serverMode))
using (var storeCtx = new MonoBtlsX509StoreCtx ()) {
SetupCertificateStore (store);
storeCtx.Initialize (store, nativeChain);
storeCtx.SetVerifyParam (param);
var ret = storeCtx.Verify ();
var success = ret == 1;
if (wantsChain && chain == null) {
chain = GetManagedChain (nativeChain);
}
CheckValidationResult (
validator, targetHost, serverMode, certificates,
wantsChain, null, storeCtx,
success, ref errors, ref status11);
return success;
}
}
static int NativeVerifyCallback (IntPtr instance, int preverify_ok, IntPtr store_ctx)
{
var c = (MonoBtlsSslCtx)GCHandle.FromIntPtr (instance).Target;
using (var ctx = new MonoBtlsX509StoreCtx (preverify_ok, store_ctx)) {
try {
return c.VerifyCallback (preverify_ok != 0, ctx);
} catch (Exception ex) {
c.SetException (ex);
}
}
return 0;
}
void CheckValidationResult (
ICertificateValidator validator, string targetHost, bool serverMode,
X509CertificateCollection certificates, bool wantsChain,
X509Chain chain, MonoBtlsX509StoreCtx storeCtx,
bool success, ref MonoSslPolicyErrors errors, ref int status11)
{
if (!success) {
errors = MonoSslPolicyErrors.RemoteCertificateChainErrors;
status11 = unchecked((int)0x800B010B);
}
}