Пример #1
0
        public TlsContext(TlsConfiguration configuration, bool isServer)
        {
            this.configuration = configuration;
            this.isServer      = isServer;

                        #if INSTRUMENTATION
            SetupInstrumentation();
                        #endif

            session = new Session(configuration);
            Session.RandomNumberGenerator = RandomNumberGenerator.Create();

            if (IsServer)
            {
                negotiationHandler = CreateNegotiationHandler(NegotiationState.InitialServerConnection);
            }
            else
            {
                negotiationHandler = CreateNegotiationHandler(NegotiationState.InitialClientConnection);
            }

            if (Configuration.UserSettings != null && Configuration.UserSettings.EnableDebugging)
            {
                EnableDebugging = true;
            }
        }
Пример #2
0
        internal static void CheckRemoteCertificate(TlsConfiguration config, MX.X509CertificateCollection certificates)
        {
            if (certificates == null || certificates.Count < 1)
            {
                throw new TlsException(AlertDescription.CertificateUnknown);
            }

            var helper = CertificateValidationHelper.GetValidator(config.TlsSettings);

            X509Certificate2Collection scerts = null;

            if (certificates != null)
            {
                scerts = new X509Certificate2Collection();
                for (int i = 0; i < certificates.Count; i++)
                {
                    scerts.Add(new X509Certificate2(certificates [i].RawData));
                }
            }

            var result = helper.ValidateChain(config.TargetHost, scerts);

            if (result != null && result.Trusted && !result.UserDenied)
            {
                return;
            }

            // FIXME: check other values to report correct error type.
            throw new TlsException(AlertDescription.CertificateUnknown);
        }
Пример #3
0
		public TlsContext (TlsConfiguration configuration, bool isServer)
		{
			this.configuration = configuration;
			this.isServer = isServer;

			#if INSTRUMENTATION
			if (configuration.HasInstrumentation) {
				if (configuration.Instrumentation.HasSignatureInstrument)
					signatureProvider = configuration.Instrumentation.SignatureInstrument;
				if (configuration.Instrumentation.HasSettingsInstrument)
					settingsProvider = configuration.Instrumentation.SettingsInstrument;
				handshakeInstruments = configuration.Instrumentation.HandshakeInstruments;
			}
			#endif

			if (signatureProvider == null)
				signatureProvider = new SignatureProvider ();
			if (settingsProvider == null)
				settingsProvider = new SettingsProvider (configuration.TlsSettings.UserSettings);

			session = new Session (configuration);
			Session.RandomNumberGenerator = RandomNumberGenerator.Create ();

			if (IsServer)
				negotiationHandler = CreateNegotiationHandler (NegotiationState.InitialServerConnection);
			else
				negotiationHandler = CreateNegotiationHandler (NegotiationState.InitialClientConnection);

			if (settingsProvider.EnableDebugging ?? false)
				EnableDebugging = true;

			settingsProvider.Initialize (this);
		}
Пример #4
0
        public TlsContext(TlsConfiguration configuration, bool isServer, IMonoTlsEventSink eventSink)
        {
            this.configuration = configuration;
            this.isServer      = isServer;
            this.eventSink     = eventSink;

                        #if INSTRUMENTATION
            var instrumentation = configuration.UserSettings.Instrumentation;
            if (instrumentation != null)
            {
                if (instrumentation.HasSignatureInstrument)
                {
                    signatureProvider = instrumentation.SignatureInstrument;
                }
                if (instrumentation.HasSettingsInstrument)
                {
                    settingsProvider = instrumentation.SettingsInstrument;
                }
                handshakeInstruments     = instrumentation.HandshakeInstruments;
                instrumentationEventSink = instrumentation.EventSink;
            }
                        #endif

            if (signatureProvider == null)
            {
                signatureProvider = new SignatureProvider();
            }
            if (settingsProvider == null)
            {
                settingsProvider = new SettingsProvider(configuration.UserSettings);
            }

            session = new Session(configuration);
            Session.RandomNumberGenerator = RandomNumberGenerator.Create();

            if (IsServer)
            {
                negotiationHandler = CreateNegotiationHandler(NegotiationState.InitialServerConnection);
            }
            else
            {
                negotiationHandler = CreateNegotiationHandler(NegotiationState.InitialClientConnection);
            }

            if (settingsProvider.EnableDebugging)
            {
                EnableDebugging = true;
            }

            settingsProvider.Initialize(this);
        }
Пример #5
0
		internal static void CheckRemoteCertificate (TlsConfiguration config, MX.X509CertificateCollection certificates)
		{
			if (certificates == null || certificates.Count < 1)
				throw new TlsException (AlertDescription.CertificateUnknown);

			var helper = config.CertificateValidator;
			if (helper == null)
				helper = CertificateValidationHelper.CreateDefaultValidator (config.TlsSettings);

			var result = helper.ValidateChain (config.TargetHost, certificates);
			if (result != null && result.Trusted && !result.UserDenied)
				return;

			// FIXME: check other values to report correct error type.
			throw new TlsException (AlertDescription.CertificateUnknown);
		}
Пример #6
0
		internal static void CheckRemoteCertificate (TlsConfiguration config, MX.X509CertificateCollection certificates)
		{
			if (certificates == null || certificates.Count < 1)
				throw new TlsException (AlertDescription.CertificateUnknown);

			var helper = CertificateValidationHelper.GetValidator (config.TlsSettings);

			X509Certificate2Collection scerts = null;
			if (certificates != null) {
				scerts = new X509Certificate2Collection ();
				for (int i = 0; i < certificates.Count; i++)
					scerts.Add (new X509Certificate2 (certificates [i].RawData));
			}

			var result = helper.ValidateChain (config.TargetHost, scerts);
			if (result != null && result.Trusted && !result.UserDenied)
				return;

			// FIXME: check other values to report correct error type.
			throw new TlsException (AlertDescription.CertificateUnknown);
		}
Пример #7
0
        internal static bool CheckClientCertificate(TlsConfiguration config, MX.X509CertificateCollection certificates)
        {
            if (certificates == null || certificates.Count < 1)
            {
                if (!config.UserSettings.RequireClientCertificate)
                {
                    return(false);
                }
                throw new TlsException(AlertDescription.CertificateUnknown);
            }

            var leaf  = certificates [0];
            var chain = new MX.X509Chain();

            chain.LoadCertificates(certificates);
            var ok     = chain.Build(leaf);
            var errors = GetStatus(chain.Status);

            var certParams = config.UserSettings.ClientCertificateParameters;

            if (certParams.CertificateAuthorities.Count > 0)
            {
                if (!certParams.CertificateAuthorities.Contains(leaf.IssuerName))
                {
                    throw new TlsException(AlertDescription.BadCertificate);
                }
            }

            if (config.UserSettings.ClientCertValidationCallback != null)
            {
                ok = config.UserSettings.ClientCertValidationCallback(certParams, leaf, chain, errors);
            }

            if (!ok)
            {
                throw new TlsException(AlertDescription.CertificateUnknown);
            }
            return(true);
        }
Пример #8
0
        internal static void CheckRemoteCertificate(TlsConfiguration config, MX.X509CertificateCollection certificates)
        {
            if (certificates == null || certificates.Count < 1)
            {
                throw new TlsException(AlertDescription.CertificateUnknown);
            }

            var leaf  = certificates [0];
            var chain = new MX.X509Chain();

            chain.LoadCertificates(certificates);
            var ok     = chain.Build(leaf);
            var errors = GetStatus(chain.Status);

            if (config.RemoteCertValidationCallback != null)
            {
                ok = config.RemoteCertValidationCallback(null, leaf, chain, errors);
            }

            if (!ok)
            {
                throw new TlsException(AlertDescription.CertificateUnknown);
            }
        }
Пример #9
0
		public Session (TlsConfiguration configuration)
		{
			Configuration = configuration;
		}
Пример #10
0
 public Session(TlsConfiguration configuration)
 {
     Configuration = configuration;
 }
Пример #11
0
		public TlsContextWrapper (TlsConfiguration config, bool serverMode)
		{
			this.config = config;
			this.serverMode = serverMode;
		}
Пример #12
0
		public override MSI.IMonoTlsContext CreateTlsContext (
			string hostname, bool serverMode, MSI.TlsProtocols protocolFlags,
			SSCX.X509Certificate serverCertificate, PSSCX.X509CertificateCollection clientCertificates,
			bool remoteCertRequired, MSI.MonoEncryptionPolicy encryptionPolicy,
			MSI.MonoTlsSettings settings)
		{
			TlsConfiguration config;
			if (serverMode) {
				var cert = (PSSCX.X509Certificate2)serverCertificate;
				var monoCert = new MX.X509Certificate (cert.RawData);
				config = new TlsConfiguration ((TlsProtocols)protocolFlags, (MSI.MonoTlsSettings)settings, monoCert, cert.PrivateKey);
				if (remoteCertRequired)
					config.AskForClientCertificate = true;
			} else {
				config = new TlsConfiguration ((TlsProtocols)protocolFlags, (MSI.MonoTlsSettings)settings, hostname);
			}

			return new TlsContextWrapper (config, serverMode);
		}