public MonoConnectionProvider (MonoConnectionProviderFactory factory, ConnectionProviderType type, MSI.MonoTlsProvider tlsProvider, bool enableMonoExtensions)
: base (factory, type, GetFlags (tlsProvider, enableMonoExtensions))
{
this.tlsProvider = tlsProvider;
this.httpProvider = new MonoHttpProvider (this);
this.enableMonoExtensions = enableMonoExtensions;
}
static ConnectionProviderFlags GetFlags (MSI.MonoTlsProvider tlsProvider, bool enableMonoExtensions)
{
var flags = ConnectionProviderFlags.SupportsSslStream | ConnectionProviderFlags.SupportsHttp;
if (tlsProvider is NewTlsProvider)
flags |= ConnectionProviderFlags.SupportsTls12 | ConnectionProviderFlags.SupportsAeadCiphers | ConnectionProviderFlags.SupportsEcDheCiphers;
return flags;
}
internal static ITlsConfiguration CreateTlsConfiguration (
string hostname, bool serverMode, MSI.TlsProtocols protocolFlags,
SSCX.X509Certificate serverCertificate, bool remoteCertRequired,
MSI.MonoTlsSettings settings)
{
object[] args;
ITlsConfiguration config;
if (serverMode) {
var cert = (PSSCX.X509Certificate2)serverCertificate;
var monoCert = new MX.X509Certificate (cert.RawData);
args = new object[] {
(MSI.TlsProtocols)protocolFlags,
(MSI.MonoTlsSettings)settings,
monoCert,
cert.PrivateKey
};
} else {
args = new object[] {
(MSI.TlsProtocols)protocolFlags,
(MSI.MonoTlsSettings)settings,
hostname
};
}
config = (ITlsConfiguration)CreateInstance (tlsConfigTypeName, args);
if (serverMode && remoteCertRequired)
config.AskForClientCertificate = true;
return config;
}
public MonoSslStream (MSI.MonoSslStream stream)
{
this.stream = stream;
if (NewTlsProvider.IsNewTlsStream (stream))
monoNewTlsStream = NewTlsProvider.GetNewTlsStream (stream);
}
protected override async Task<MonoSslStream> Start (TestContext ctx, Stream stream, MSI.MonoTlsSettings settings, CancellationToken cancellationToken)
{
var server = await ConnectionProvider.CreateServerStreamAsync (stream, Parameters, settings, cancellationToken);
ctx.LogMessage ("Successfully authenticated server.");
return server;
}
internal static void AddCertificateValidator (MSI.MonoTlsSettings settings, ICertificateValidator validator)
{
if (validator == null)
return;
settings.RemoteCertificateValidationCallback = (s, c, ch, e) => {
return ((CertificateValidator)validator).ValidationCallback (s, c, ch, (SslPolicyErrors)e);
};
}
internal override MSI.IMonoTlsContext CreateTlsContext (
string hostname, bool serverMode, MSI.TlsProtocols protocolFlags,
SSCX.X509Certificate serverCertificate, PSSCX.X509CertificateCollection clientCertificates,
bool remoteCertRequired, MSI.MonoEncryptionPolicy encryptionPolicy,
MSI.MonoTlsSettings settings)
{
var config = TlsProviderFactory.CreateTlsConfiguration (
hostname, serverMode, protocolFlags, serverCertificate,
remoteCertRequired, settings);
return new TlsContextWrapper (config, serverMode);
}
protected override async Task<MonoSslStream> Start (TestContext ctx, Socket socket, MSI.MonoTlsSettings settings, CancellationToken cancellationToken)
{
ctx.LogMessage ("Accepted connection from {0}.", socket.RemoteEndPoint);
var stream = new NetworkStream (socket);
var server = await ConnectionProvider.CreateServerStreamAsync (stream, Parameters, settings, cancellationToken);
ctx.LogMessage ("Successfully authenticated server.");
return server;
}
static ConnectionProviderFlags GetFlags (MSI.MonoTlsProvider tlsProvider, bool enableMonoExtensions)
{
var flags = ConnectionProviderFlags.SupportsSslStream | ConnectionProviderFlags.SupportsHttp;
if (tlsProvider is NewTlsProvider)
flags |= ConnectionProviderFlags.IsNewTls | ConnectionProviderFlags.SupportsTls12 | ConnectionProviderFlags.SupportsInstrumentation;
if (!enableMonoExtensions)
return flags;
flags |= ConnectionProviderFlags.SupportsMonoExtensions;
if (tlsProvider is NewTlsProvider)
flags |= ConnectionProviderFlags.CanSelectCiphers;
return flags;
}
protected override async Task<MonoSslStream> Start (TestContext ctx, Stream stream, MSI.MonoTlsSettings settings, CancellationToken cancellationToken)
{
ctx.LogMessage ("Connected.");
var targetHost = Parameters.TargetHost ?? EndPoint.HostName ?? EndPoint.Address;
ctx.LogDebug (1, "Using '{0}' as target host.", targetHost);
var client = await ConnectionProvider.CreateClientStreamAsync (stream, targetHost, Parameters, settings, cancellationToken);
ctx.LogMessage ("Successfully authenticated client.");
return client;
}
internal static ITlsContext CreateTlsContext (
ITlsConfiguration config, bool serverMode,
MSI.IMonoTlsEventSink eventSink)
{
return (ITlsContext)CreateInstance (
tlsContextTypeName,
new object[] { config, serverMode, eventSink });
}
public static BOSWrapper Wrap (MSI.IBufferOffsetSize bos)
{
return bos != null ? new BOSWrapper (bos.Buffer, bos.Offset, bos.Size) : null;
}
public void Initialize (MSI.IMonoTlsEventSink eventSink)
{
if (context != null)
throw new InvalidOperationException ();
context = TlsProviderFactory.CreateTlsContext (config, serverMode, eventSink);
}
public override MSI.IMonoSslStream CreateSslStream (
Stream innerStream, bool leaveInnerStreamOpen,
MSI.MonoTlsSettings settings = null)
{
return MonoNewTlsStreamFactory.CreateSslStream (innerStream, leaveInnerStreamOpen, this, settings);
}
protected abstract Task<MonoSslStream> Start (TestContext ctx, Socket socket, MSI.MonoTlsSettings settings, CancellationToken cancellationToken);
internal static void AddCertificateSelector (MSI.MonoTlsSettings settings, ICertificateSelector selector)
{
if (selector == null)
return;
settings.ClientCertificateSelectionCallback = (t, lc, rc, ai) => {
return ((CertificateSelector)selector).SelectionCallback (null, t, lc, rc, ai);
};
}
public int DecryptMessage (ref MSI.IBufferOffsetSize incoming)
{
var buffer = new MSI.TlsBuffer (BOSWrapper.Wrap (incoming));
var retval = Context.DecryptMessage (ref buffer);
incoming = buffer != null ? BOSWrapper.Wrap (buffer.GetRemaining ()) : null;
return (int)retval;
}
public async Task<MonoSslStream> CreateClientStreamAsync (Stream stream, string targetHost, ClientParameters parameters, MSI.MonoTlsSettings settings, CancellationToken cancellationToken)
{
var protocol = GetProtocol (parameters, false);
MSI.ICertificateValidator validator = null;
if (settings != null)
CallbackHelpers.AddCertificateValidator (settings, parameters.ClientCertificateValidator);
else
validator = CallbackHelpers.GetCertificateValidator (parameters.ClientCertificateValidator);
var clientCertificates = CallbackHelpers.GetClientCertificates (parameters);
var sslStream = tlsProvider.CreateSslStream (stream, false, validator, settings);
var monoSslStream = new MonoSslStream (sslStream);
try {
await sslStream.AuthenticateAsClientAsync (targetHost, clientCertificates, protocol, false).ConfigureAwait (false);
} catch (Exception ex) {
var lastError = monoSslStream.LastError;
if (lastError != null)
throw new AggregateException (ex, lastError);
throw;
}
return monoSslStream;
}
public async Task<MonoSslStream> CreateServerStreamAsync (Stream stream, ServerParameters parameters, MSI.MonoTlsSettings settings, CancellationToken cancellationToken)
{
var certificate = CertificateProvider.GetCertificate (parameters.ServerCertificate);
var protocol = GetProtocol (parameters, true);
MSI.ICertificateValidator validator = null;
if (settings != null)
CallbackHelpers.AddCertificateValidator (settings, parameters.ServerCertificateValidator);
else
validator = CallbackHelpers.GetCertificateValidator (parameters.ServerCertificateValidator);
var askForCert = (parameters.Flags & (ServerFlags.AskForClientCertificate|ServerFlags.RequireClientCertificate)) != 0;
var sslStream = tlsProvider.CreateSslStream (stream, false, validator, settings);
var monoSslStream = new MonoSslStream (sslStream);
try {
await sslStream.AuthenticateAsServerAsync (certificate, askForCert, protocol, false).ConfigureAwait (false);
} catch (Exception ex) {
var lastError = monoSslStream.LastError;
if (lastError != null)
throw new AggregateException (ex, lastError);
throw;
}
return monoSslStream;
}
internal MonoNewTlsStream (Stream innerStream, MSI.MonoTlsProvider provider, MSI.MonoTlsSettings settings)
: this (innerStream, false, provider, settings)
{
}
internal MonoNewTlsStream (Stream innerStream, bool leaveOpen, MSI.MonoTlsProvider provider, MSI.MonoTlsSettings settings)
: base (innerStream, leaveOpen, EncryptionPolicy.RequireEncryption, provider, settings)
{
this.provider = provider;
}
public int GenerateNextToken (MSI.IBufferOffsetSize incoming, out MSI.IBufferOffsetSize outgoing)
{
var input = incoming != null ? new MSI.TlsBuffer (BOSWrapper.Wrap (incoming)) : null;
var output = new MSI.TlsMultiBuffer ();
var retval = Context.GenerateNextToken (input, output);
if (output.IsEmpty)
outgoing = null;
outgoing = BOSWrapper.Wrap (output.StealBuffer ());
return (int)retval;
}
