Imported Upstream version 5.16.0.100

Former-commit-id: 38faa55fb9669e35e7d8448b15c25dc447f25767
This commit is contained in:
Xamarin Public Jenkins (auto-signing)
2018-08-07 15:19:03 +00:00
parent 0a9828183b
commit 7d7f676260
4419 changed files with 170950 additions and 90273 deletions

View File

@@ -138,20 +138,6 @@ namespace Mono.Security.Interface
get { return supportsTrustAnchors; }
}
/*
* Internal API, intended to be used by MonoTlsProvider implementations.
*/
internal static ICertificateValidator2 GetInternalValidator (MonoTlsSettings settings, MonoTlsProvider provider)
{
return (ICertificateValidator2)NoReflectionHelper.GetInternalValidator (provider, settings);
}
[Obsolete ("Use GetInternalValidator")]
internal static ICertificateValidator2 GetDefaultValidator (MonoTlsSettings settings, MonoTlsProvider provider)
{
return GetInternalValidator (settings, provider);
}
/*
* Use this overloaded version in user code.
*/

View File

@@ -0,0 +1,77 @@
//
// IMonoAuthenticationOptions.cs
//
// Author:
// Martin Baulig <mabaul@microsoft.com>
//
// Copyright (c) 2018 Xamarin Inc. (http://www.xamarin.com)
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.IO;
using System.Net;
using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Security.Principal;
using System.Security.Cryptography;
namespace Mono.Security.Interface
{
delegate X509Certificate MonoServerCertificateSelectionCallback (object sender, string hostName);
interface IMonoAuthenticationOptions
{
bool AllowRenegotiation {
get; set;
}
RemoteCertificateValidationCallback RemoteCertificateValidationCallback { get; set; }
SslProtocols EnabledSslProtocols {
get; set;
}
EncryptionPolicy EncryptionPolicy {
get; set;
}
X509RevocationMode CertificateRevocationCheckMode {
get; set;
}
}
interface IMonoSslClientAuthenticationOptions : IMonoAuthenticationOptions
{
LocalCertificateSelectionCallback LocalCertificateSelectionCallback { get; set; }
string TargetHost { get; set; }
X509CertificateCollection ClientCertificates { get; set; }
}
interface IMonoSslServerAuthenticationOptions : IMonoAuthenticationOptions
{
bool ClientCertificateRequired { get; set; }
MonoServerCertificateSelectionCallback ServerCertificateSelectionCallback { get; set; }
X509Certificate ServerCertificate { get; set; }
}
}

View File

@@ -44,30 +44,42 @@ namespace Mono.Security.Interface
void AuthenticateAsClient (string targetHost);
void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation);
void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
IAsyncResult BeginAuthenticateAsClient (string targetHost, AsyncCallback asyncCallback, object asyncState);
IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState);
IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState);
void EndAuthenticateAsClient (IAsyncResult asyncResult);
void AuthenticateAsServer (X509Certificate serverCertificate);
void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation);
void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, AsyncCallback asyncCallback, object asyncState);
IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState);
IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState);
void EndAuthenticateAsServer (IAsyncResult asyncResult);
Task AuthenticateAsClientAsync (string targetHost);
Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation);
Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
Task AuthenticateAsServerAsync (X509Certificate serverCertificate);
Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation);
Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
int Read (byte[] buffer, int offset, int count);
@@ -196,6 +208,19 @@ namespace Mono.Security.Interface
MonoTlsConnectionInfo GetConnectionInfo ();
bool CanRenegotiate {
get;
}
Task RenegotiateAsync (CancellationToken cancellationToken);
}
interface IMonoSslStream2 : IMonoSslStream
{
Task AuthenticateAsClientAsync (IMonoSslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken);
Task AuthenticateAsServerAsync (IMonoSslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken);
}
}

View File

@@ -178,8 +178,14 @@ namespace Mono.Security.Interface
*
* Negative version numbers are reserved for martin work branches.
*
* Version History:
*
* - 1: everything up until May 2018
* - 2: the new ServicePointScheduler changes have landed
* - 3: full support for Client Certificates
*
*/
internal const int InternalVersion = 1;
internal const int InternalVersion = 3;
#endregion
}

View File

@@ -93,6 +93,17 @@ namespace Mono.Security.Interface
get; set;
}
/*
* Client Certificate Support.
*/
public string[] ClientCertificateIssuers {
get; set;
}
public bool DisallowUnauthenticatedCertificateRequest {
get; set;
}
/*
* If you set this here, then it will override 'ServicePointManager.SecurityProtocol'.
*/
@@ -181,6 +192,8 @@ namespace Mono.Security.Interface
EnabledCiphers = other.EnabledCiphers;
CertificateValidationTime = other.CertificateValidationTime;
SendCloseNotify = other.SendCloseNotify;
ClientCertificateIssuers = other.ClientCertificateIssuers;
DisallowUnauthenticatedCertificateRequest = other.DisallowUnauthenticatedCertificateRequest;
if (other.TrustAnchors != null)
TrustAnchors = new X509CertificateCollection (other.TrustAnchors);
if (other.CertificateSearchPaths != null) {