mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Imported Upstream version 5.16.0.100

Browse Source 
Former-commit-id: 38faa55fb9669e35e7d8448b15c25dc447f25767
This commit is contained in:
Xamarin Public Jenkins (auto-signing)
2018-08-07 15:19:03 +00:00
parent 0a9828183b
commit 7d7f676260
4419 changed files with 170950 additions and 90273 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
mcs/class/System/Makefile
View File

@@ -14,6 +14,10 @@ RESOURCE_FILES = \
resources/Question.wav
endif
RESX_EXTRA_ARGUMENTS = \
--in=ReferenceSources/SR.cs \
--in=ReferenceSources/SR2.cs
RESX_RESOURCE_STRING = \
../../../external/corefx/src/System.Collections.Concurrent/src/Resources/Strings.resx \
../../../external/corefx/src/System.Collections/src/Resources/Strings.resx \
@@ -21,7 +25,11 @@ RESX_RESOURCE_STRING = \
../../../external/corefx/src/System.Private.Uri/src/Resources/Strings.resx \
../../../external/corefx/src/System.IO.Ports/src/Resources/Strings.resx \
../../../external/corefx/src/System.Net.HttpListener/src/Resources/Strings.resx \
../../../external/corefx/src/System.Net.Requests/src/Resources/Strings.resx
../../../external/corefx/src/System.Net.Requests/src/Resources/Strings.resx \
../../../external/corefx/src/System.Net.Http/src/Resources/Strings.resx \
../../../external/corefx/src/System.Text.RegularExpressions/src/Resources/Strings.resx \
../../../external/corefx/src/System.IO.FileSystem.Watcher/src/Resources/Strings.resx \
../../../external/corefx/src/System.ComponentModel.TypeConverter/src/Resources/Strings.resx
TEST_RESOURCES = \
Test/System/test-uri-props.txt \

198
mcs/class/System/Mono.AppleTls/AppleTlsContext.cs
View File

@@ -54,9 +54,9 @@ namespace Mono.AppleTls
X509Certificate remoteCertificate;
X509Certificate localClientCertificate;
MonoTlsConnectionInfo connectionInfo;
bool havePeerTrust;
bool isAuthenticated;
bool handshakeFinished;
bool renegotiating;
int handshakeStarted;
bool closed;
@@ -66,20 +66,16 @@ namespace Mono.AppleTls
Exception lastException;
public AppleTlsContext (
MobileAuthenticatedStream parent, bool serverMode, string targetHost,
SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate,
X509CertificateCollection clientCertificates, bool askForClientCert)
: base (parent, serverMode, targetHost, enabledProtocols,
serverCertificate, clientCertificates, askForClientCert)
public AppleTlsContext (MobileAuthenticatedStream parent, MonoSslAuthenticationOptions options)
: base (parent, options)
{
handle = GCHandle.Alloc (this, GCHandleType.Weak);
readFunc = NativeReadCallback;
writeFunc = NativeWriteCallback;
if (IsServer) {
if (serverCertificate == null)
throw new ArgumentNullException ("serverCertificate");
if (LocalServerCertificate == null)
throw new ArgumentNullException (nameof (LocalServerCertificate));
}
}
@@ -123,6 +119,12 @@ namespace Mono.AppleTls
case SslStatus.Protocol:
throw new TlsException (AlertDescription.ProtocolVersion);
case SslStatus.PeerNoRenegotiation:
throw new TlsException (AlertDescription.NoRenegotiation);
case SslStatus.PeerUnexpectedMsg:
throw new TlsException (AlertDescription.UnexpectedMessage);
default:
throw new TlsException (AlertDescription.InternalError, "Unknown Secure Transport error `{0}'.", status);
}
@@ -143,6 +145,24 @@ namespace Mono.AppleTls
InitializeConnection ();
/*
* SecureTransport is bugged OS X 10.5.8+ - renegotiation after
* calling SetCertificate() will not work.
*
* We also cannot change options after the handshake has started,
* so if you want to request a client certificate, it will happen
* both during the initial handshake and during renegotiation.
*
* You may check 'SslStream.IsAuthenticated' (which will be false
* during the initial handshake) from within your
* 'LocalCertificateSelectionCallback' and return null to have the
* callback invoked again during renegotiation.
*
* However, the first time your selection callback returns a client
* certificate, that certificate will be used for the rest of the
* session.
*/
SetSessionOption (SslSessionOption.BreakOnCertRequested, true);
SetSessionOption (SslSessionOption.BreakOnClientAuth, true);
SetSessionOption (SslSessionOption.BreakOnServerAuth, true);
@@ -172,7 +192,7 @@ namespace Mono.AppleTls
public override bool ProcessHandshake ()
{
if (handshakeFinished)
if (handshakeFinished && !renegotiating)
throw new NotSupportedException ("Handshake already finished.");
while (true) {
@@ -183,33 +203,31 @@ namespace Mono.AppleTls
CheckStatusAndThrow (status, SslStatus.WouldBlock, SslStatus.PeerAuthCompleted, SslStatus.PeerClientCertRequested);
if (status == SslStatus.PeerAuthCompleted) {
RequirePeerTrust ();
EvaluateTrust ();
} else if (status == SslStatus.PeerClientCertRequested) {
RequirePeerTrust ();
if (remoteCertificate == null)
throw new TlsException (AlertDescription.InternalError, "Cannot request client certificate before receiving one from the server.");
localClientCertificate = SelectClientCertificate (remoteCertificate, null);
if (localClientCertificate == null)
continue;
clientIdentity = AppleCertificateHelper.GetIdentity (localClientCertificate);
if (clientIdentity == null)
throw new TlsException (AlertDescription.CertificateUnknown);
SetCertificate (clientIdentity, new SecCertificate [0]);
ClientCertificateRequested ();
} else if (status == SslStatus.WouldBlock) {
return false;
} else if (status == SslStatus.Success) {
Debug ("Handshake complete!");
handshakeFinished = true;
renegotiating = false;
return true;
}
}
}
void RequirePeerTrust ()
void ClientCertificateRequested ()
{
if (!havePeerTrust) {
EvaluateTrust ();
havePeerTrust = true;
}
EvaluateTrust ();
var acceptableIssuers = CopyDistinguishedNames ();
localClientCertificate = SelectClientCertificate (acceptableIssuers);
if (localClientCertificate == null)
return;
clientIdentity = AppleCertificateHelper.GetIdentity (localClientCertificate);
if (clientIdentity == null)
throw new TlsException (AlertDescription.CertificateUnknown);
SetCertificate (clientIdentity, new SecCertificate [0]);
}
void EvaluateTrust ()
@@ -279,18 +297,25 @@ namespace Mono.AppleTls
result = SSLSetConnection (Handle, GCHandle.ToIntPtr (handle));
CheckStatusAndThrow (result);
/*
* If 'EnabledProtocols' is zero, then we use the system default values.
*
* In CoreFX, 'ServicePointManager.SecurityProtocol' defaults to
* 'SecurityProtocolType.SystemDefault', which is zero.
*/
if ((EnabledProtocols & SSA.SslProtocols.Tls) != 0)
MinProtocol = SslProtocol.Tls_1_0;
else if ((EnabledProtocols & SSA.SslProtocols.Tls11) != 0)
MinProtocol = SslProtocol.Tls_1_1;
else
else if ((EnabledProtocols & SSA.SslProtocols.Tls12) != 0)
MinProtocol = SslProtocol.Tls_1_2;
if ((EnabledProtocols & SSA.SslProtocols.Tls12) != 0)
MaxProtocol = SslProtocol.Tls_1_2;
else if ((EnabledProtocols & SSA.SslProtocols.Tls11) != 0)
MaxProtocol = SslProtocol.Tls_1_1;
else
else if ((EnabledProtocols & SSA.SslProtocols.Tls) != 0)
MaxProtocol = SslProtocol.Tls_1_0;
if (Settings != null && Settings.EnabledCiphers != null) {
@@ -300,14 +325,33 @@ namespace Mono.AppleTls
SetEnabledCiphers (ciphers);
}
if (AskForClientCertificate)
if (IsServer && AskForClientCertificate)
SetClientSideAuthenticate (SslAuthenticate.Try);
if (IsServer && Settings?.ClientCertificateIssuers != null) {
Debug ("Set client certificate issuers.");
foreach (var issuer in Settings.ClientCertificateIssuers) {
AddDistinguishedName (issuer);
}
}
IPAddress address;
if (!IsServer && !string.IsNullOrEmpty (TargetHost) &&
!IPAddress.TryParse (TargetHost, out address)) {
PeerDomainName = ServerName;
}
if (Options.AllowRenegotiation && IsRenegotiationSupported ())
SetSessionOption (SslSessionOption.AllowRenegotiation, true);
}
static bool IsRenegotiationSupported ()
{
#if MONOTOUCH
return false;
#else
return Environment.OSVersion.Version >= new Version (16, 6);
#endif
}
void InitializeSession ()
@@ -457,6 +501,13 @@ namespace Mono.AppleTls
}
}
SslSessionState GetSessionState ()
{
var value = SslSessionState.Invalid;
var result = SSLGetSessionState (Handle, ref value);
return result == SslStatus.Success ? value : SslSessionState.Invalid;
}
[DllImport (SecurityLibrary)]
extern unsafe static /* OSStatus */ SslStatus SSLGetPeerID (/* SSLContextRef */ IntPtr context, /* const void** */ out IntPtr peerID, /* size_t* */ out IntPtr peerIDLen);
@@ -665,6 +716,43 @@ namespace Mono.AppleTls
return (value == IntPtr.Zero) ? null : new SecTrust (value, true);
}
[DllImport (SecurityLibrary)]
extern static /* OSStatus */ SslStatus SSLAddDistinguishedName (/* SSLContextRef */ IntPtr context, /* const void * */ byte[] derDN, /* size_t */ IntPtr derDNLen);
void AddDistinguishedName (string name)
{
var dn = new X500DistinguishedName (name);
var bytes = dn.RawData;
var result = SSLAddDistinguishedName (Handle, bytes, (IntPtr)bytes.Length);
CheckStatusAndThrow (result);
}
[DllImport (SecurityLibrary)]
extern static /* OSStatus */ SslStatus SSLCopyDistinguishedNames (/* SSLContextRef */ IntPtr context, /* CFArrayRef _Nullable * */ out IntPtr names);
string[] CopyDistinguishedNames ()
{
IntPtr arrayPtr;
var result = SSLCopyDistinguishedNames (Handle, out arrayPtr);
CheckStatusAndThrow (result);
if (arrayPtr == IntPtr.Zero)
return new string[0];
using (var array = new CFArray (arrayPtr, true)) {
var names = new string [array.Count];
for (int i = 0; i < array.Count; i++) {
using (var data = new CFData (array[i], false)) {
var buffer = new byte [(int)data.Length];
Marshal.Copy (data.Bytes, buffer, 0, buffer.Length);
var dn = new X500DistinguishedName (buffer);
names[i] = dn.Name;
}
}
return names;
}
}
#endregion
#region IO Functions
@@ -802,7 +890,19 @@ namespace Mono.AppleTls
return (0, false);
}
CheckStatusAndThrow (status, SslStatus.WouldBlock, SslStatus.ClosedGraceful);
CheckStatusAndThrow (status, SslStatus.WouldBlock, SslStatus.ClosedGraceful,
SslStatus.PeerAuthCompleted, SslStatus.PeerClientCertRequested);
if (status == SslStatus.PeerAuthCompleted) {
Debug ($"Renegotiation complete: {GetSessionState ()}");
EvaluateTrust ();
return (0, true);
} else if (status == SslStatus.PeerClientCertRequested) {
Debug ($"Renegotiation asked for client certificate: {GetSessionState ()}");
ClientCertificateRequested ();
return (0, true);
}
var wantMore = status == SslStatus.WouldBlock;
return ((int)processed, wantMore);
} catch (Exception ex) {
@@ -834,7 +934,16 @@ namespace Mono.AppleTls
Debug ("Write done: {0} {1}", status, processed);
CheckStatusAndThrow (status, SslStatus.WouldBlock);
CheckStatusAndThrow (status, SslStatus.WouldBlock,
SslStatus.PeerAuthCompleted, SslStatus.PeerClientCertRequested);
if (status == SslStatus.PeerAuthCompleted) {
Debug ($"Renegotiation complete: {GetSessionState ()}");
EvaluateTrust ();
} else if (status == SslStatus.PeerClientCertRequested) {
Debug ($"Renegotiation asked for client certificate: {GetSessionState ()}");
ClientCertificateRequested ();
}
var wantMore = status == SslStatus.WouldBlock;
return ((int)processed, wantMore);
@@ -843,6 +952,28 @@ namespace Mono.AppleTls
}
}
#if !MONOTOUCH
// Available on macOS 10.12+ and iOS 10.0+.
[DllImport (SecurityLibrary)]
extern static /* OSStatus */ SslStatus SSLReHandshake (/* SSLContextRef */ IntPtr context);
#endif
public override bool CanRenegotiate => IsServer && IsRenegotiationSupported ();
public override void Renegotiate ()
{
#if MONOTOUCH
throw new NotSupportedException ();
#else
if (!CanRenegotiate)
throw new NotSupportedException ();
var status = SSLReHandshake (Handle);
CheckStatusAndThrow (status);
renegotiating = true;
#endif
}
[DllImport (SecurityLibrary)]
extern static /* OSStatus */ SslStatus SSLClose (/* SSLContextRef */ IntPtr context);
@@ -851,6 +982,11 @@ namespace Mono.AppleTls
closed = true;
}
public override bool PendingRenegotiation ()
{
return GetSessionState () == SslSessionState.Handshake;
}
#endregion
protected override void Dispose (bool disposing)

10
mcs/class/System/Mono.AppleTls/AppleTlsStream.cs
View File

@@ -37,15 +37,9 @@ namespace Mono.AppleTls
{
}
protected override MNS.MobileTlsContext CreateContext (
bool serverMode, string targetHost, SslProtocols enabledProtocols,
X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
bool askForClientCert)
protected override MNS.MobileTlsContext CreateContext (MNS.MonoSslAuthenticationOptions options)
{
return new AppleTlsContext (
this, serverMode, targetHost,
enabledProtocols, serverCertificate,
clientCertificates, askForClientCert);
return new AppleTlsContext (this, options);
}
}
}

16
mcs/class/System/Mono.AppleTls/SecureTransport.cs
View File

@@ -94,14 +94,14 @@ namespace Mono.AppleTls {
// BreakOnClientHello = 7,
// AllowRenegotiation = 8,
AllowRenegotiation = 8,
}
// Security.framework/Headers/SecureTransport.h
// untyped enum
enum SslAuthenticate {
// Never,
// Always,
Never,
Always,
Try = 2,
}
@@ -123,11 +123,11 @@ namespace Mono.AppleTls {
// untyped enum
enum SslSessionState {
Invalid = -1,
// Idle,
// Handshake,
// Connected,
// Closed,
// Aborted
Idle,
Handshake,
Connected,
Closed,
Aborted
}
// Security.framework/Headers/SecureTransport.h

66
mcs/class/System/Mono.Btls/MonoBtlsContext.cs
View File

@@ -62,16 +62,11 @@ namespace Mono.Btls
bool isAuthenticated;
bool connected;
public MonoBtlsContext (
MNS.MobileAuthenticatedStream parent,
bool serverMode, string targetHost,
SslProtocols enabledProtocols, X509Certificate serverCertificate,
X509CertificateCollection clientCertificates, bool askForClientCert)
: base (parent, serverMode, targetHost, enabledProtocols,
serverCertificate, clientCertificates, askForClientCert)
public MonoBtlsContext (MNS.MobileAuthenticatedStream parent, MNS.MonoSslAuthenticationOptions options)
: base (parent, options)
{
if (serverMode)
nativeServerCertificate = GetPrivateCertificate (serverCertificate);
if (IsServer)
nativeServerCertificate = GetPrivateCertificate (LocalServerCertificate);
}
static X509CertificateImplBtls GetPrivateCertificate (X509Certificate certificate)
@@ -103,21 +98,26 @@ namespace Mono.Btls
}
}
int SelectCallback ()
int SelectCallback (string[] acceptableIssuers)
{
Debug ("SELECT CALLBACK!");
GetPeerCertificate ();
if (remoteCertificate == null)
throw new TlsException (AlertDescription.InternalError, "Cannot request client certificate before receiving one from the server.");
/*
* Make behavior consistent with AppleTls, which does not call the selection callback after a
* certificate has been set. See the comment in AppleTlsContext for details.
*/
if (nativeClientCertificate != null)
return 1;
var clientCert = SelectClientCertificate (remoteCertificate, null);
Debug ("SELECT CALLBACK #1: {0}", clientCert);
GetPeerCertificate ();
var clientCert = SelectClientCertificate (acceptableIssuers);
Debug ($"SELECT CALLBACK #1: {clientCert}");
if (clientCert == null)
return 1;
nativeClientCertificate = GetPrivateCertificate (clientCert);
Debug ("SELECT CALLBACK #2: {0}", nativeClientCertificate);
Debug ($"SELECT CALLBACK #2: {nativeClientCertificate}");
clientCertificate = new X509Certificate (nativeClientCertificate);
SetPrivateCertificate (nativeClientCertificate);
return 1;
@@ -137,6 +137,9 @@ namespace Mono.Btls
} else {
ssl.SetServerName (ServerName);
}
if (Options.AllowRenegotiation)
ssl.SetRenegotiateMode (MonoBtlsSslRenegotiateMode.FREELY);
}
void SetPrivateCertificate (X509CertificateImplBtls privateCert)
@@ -162,6 +165,10 @@ namespace Mono.Btls
if (error == 0)
return new MonoBtlsException (status);
var reason = MonoBtlsError.GetErrorReason (error);
if (reason > 0)
return new TlsException ((AlertDescription)reason);
var text = MonoBtlsError.GetErrorString (error);
string message;
@@ -236,11 +243,13 @@ namespace Mono.Btls
ctx.SetVerifyParam (MonoBtlsProvider.GetVerifyParam (Settings, ServerName, IsServer));
TlsProtocolCode minProtocol, maxProtocol;
TlsProtocolCode? minProtocol, maxProtocol;
GetProtocolVersions (out minProtocol, out maxProtocol);
ctx.SetMinVersion ((int)minProtocol);
ctx.SetMaxVersion ((int)maxProtocol);
if (minProtocol != null)
ctx.SetMinVersion ((int)minProtocol.Value);
if (maxProtocol != null)
ctx.SetMaxVersion ((int)maxProtocol.Value);
if (Settings != null && Settings.EnabledCiphers != null) {
var ciphers = new short [Settings.EnabledCiphers.Length];
@@ -248,6 +257,9 @@ namespace Mono.Btls
ciphers [i] = (short)Settings.EnabledCiphers [i];
ctx.SetCiphers (ciphers, true);
}
if (IsServer && Settings?.ClientCertificateIssuers != null)
ctx.SetClientCertificateIssuers (Settings.ClientCertificateIssuers);
}
void GetPeerCertificate ()
@@ -354,6 +366,17 @@ namespace Mono.Btls
}
}
public override bool CanRenegotiate {
get {
return false;
}
}
public override void Renegotiate ()
{
throw new NotSupportedException ();
}
public override void Shutdown ()
{
Debug ("Shutdown!");
@@ -362,6 +385,11 @@ namespace Mono.Btls
ssl.Shutdown ();
}
public override bool PendingRenegotiation ()
{
return ssl.RenegotiatePending ();
}
void Dispose<T> (ref T disposable)
where T : class, IDisposable
{

8
mcs/class/System/Mono.Btls/MonoBtlsError.cs
View File

@@ -56,6 +56,9 @@ namespace Mono.Btls
[DllImport (MonoBtlsObject.BTLS_DYLIB)]
extern static void mono_btls_error_get_error_string_n (int error, IntPtr buf, int len);
[DllImport (MonoBtlsObject.BTLS_DYLIB)]
extern static int mono_btls_error_get_reason (int error);
public static int PeekError ()
{
return mono_btls_error_peek_error ();
@@ -106,6 +109,11 @@ namespace Mono.Btls
file = null;
return error;
}
public static int GetErrorReason (int error)
{
return mono_btls_error_get_reason (error);
}
}
}
#endif

2
mcs/class/System/Mono.Btls/MonoBtlsSsl.cs
View File

@@ -33,7 +33,7 @@ using System.Runtime.CompilerServices;
namespace Mono.Btls
{
delegate int MonoBtlsVerifyCallback (MonoBtlsX509StoreCtx ctx);
delegate int MonoBtlsSelectCallback ();
delegate int MonoBtlsSelectCallback (string[] acceptableIssuers);
class MonoBtlsSsl : MonoBtlsObject
{

83
mcs/class/System/Mono.Btls/MonoBtlsSslCtx.cs
View File

@@ -25,6 +25,7 @@
// THE SOFTWARE.
#if SECURITY_DEP && MONO_FEATURE_BTLS
using System;
using System.Security.Cryptography.X509Certificates;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
@@ -86,8 +87,11 @@ namespace Mono.Btls
[DllImport (BTLS_DYLIB)]
extern static int mono_btls_ssl_ctx_set_verify_param (IntPtr handle, IntPtr param);
[DllImport (BTLS_DYLIB)]
extern static int mono_btls_ssl_ctx_set_client_ca_list (IntPtr handle, int count, IntPtr sizes, IntPtr data);
delegate int NativeVerifyFunc (IntPtr instance, int preverify_ok, IntPtr ctx);
delegate int NativeSelectFunc (IntPtr instance);
delegate int NativeSelectFunc (IntPtr instance, int count, IntPtr sizes, IntPtr data);
NativeVerifyFunc verifyFunc;
NativeSelectFunc selectFunc;
@@ -151,25 +155,42 @@ namespace Mono.Btls
return 0;
}
int SelectCallback ()
{
if (selectCallback != null)
return selectCallback ();
return 1;
}
[Mono.Util.MonoPInvokeCallback (typeof (NativeSelectFunc))]
static int NativeSelectCallback (IntPtr instance)
static int NativeSelectCallback (IntPtr instance, int count, IntPtr sizes, IntPtr data)
{
var c = (MonoBtlsSslCtx)GCHandle.FromIntPtr (instance).Target;
try {
return c.SelectCallback ();
var acceptableIssuers = CopyIssuers (count, sizes, data);
if (c.selectCallback != null)
return c.selectCallback (acceptableIssuers);
return 1;
} catch (Exception ex) {
c.SetException (ex);
return 0;
}
}
static string[] CopyIssuers (int count, IntPtr sizesPtr, IntPtr dataPtr)
{
if (count == 0 || sizesPtr == IntPtr.Zero || dataPtr == IntPtr.Zero)
return null;
var sizes = new int [count];
Marshal.Copy (sizesPtr, sizes, 0, count);
var data = new IntPtr [count];
Marshal.Copy (dataPtr, data, 0, count);
var issuers = new string [count];
for (int i = 0; i < count; i++) {
var buffer = new byte [sizes [i]];
Marshal.Copy (data[i], buffer, 0, buffer.Length);
using (var xname = MonoBtlsX509Name.CreateFromData (buffer, false))
issuers[i] = MonoBtlsUtils.FormatName (xname, true, ", ", true);
}
return issuers;
}
public void SetDebugBio (MonoBtlsBio bio)
{
CheckThrow ();
@@ -237,6 +258,48 @@ namespace Mono.Btls
CheckError (ret);
}
public void SetClientCertificateIssuers (string[] acceptableIssuers)
{
CheckThrow ();
if (acceptableIssuers == null || acceptableIssuers.Length == 0)
return;
var count = acceptableIssuers.Length;
var buffers = new byte[count][];
var sizes = new int[count];
var pointers = new IntPtr[count];
var sizeData = IntPtr.Zero;
var pointerData = IntPtr.Zero;
try {
for (int i = 0; i < count; i++) {
var data = new X500DistinguishedName (acceptableIssuers[i]).RawData;
sizes[i] = data.Length;
pointers[i] = Marshal.AllocHGlobal (data.Length);
Marshal.Copy (data, 0, pointers[i], data.Length);
}
sizeData = Marshal.AllocHGlobal (count * 4);
Marshal.Copy (sizes, 0, sizeData, count);
pointerData = Marshal.AllocHGlobal (count * 8);
Marshal.Copy (pointers, 0, pointerData, count);
var ret = mono_btls_ssl_ctx_set_client_ca_list (Handle.DangerousGetHandle (), count, sizeData, pointerData);
CheckError (ret);
} finally {
for (int i = 0; i < count; i++) {
if (pointers[i] != IntPtr.Zero)
Marshal.FreeHGlobal (pointers [i]);
}
if (sizeData != IntPtr.Zero)
Marshal.FreeHGlobal (sizeData);
if (pointerData != IntPtr.Zero)
Marshal.FreeHGlobal (pointerData);
}
}
protected override void Close ()
{
if (store != null) {

10
mcs/class/System/Mono.Btls/MonoBtlsStream.cs
View File

@@ -52,15 +52,9 @@ namespace Mono.Btls
{
}
protected override MNS.MobileTlsContext CreateContext (
bool serverMode, string targetHost, SslProtocols enabledProtocols,
X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
bool askForClientCert)
protected override MNS.MobileTlsContext CreateContext (MNS.MonoSslAuthenticationOptions options)
{
return new MonoBtlsContext (
this, serverMode, targetHost,
enabledProtocols, serverCertificate,
clientCertificates, askForClientCert);
return new MonoBtlsContext (this, options);
}
}
}

14
mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs
View File

@@ -280,7 +280,7 @@ namespace Mono.Net.Security
protected override AsyncOperationStatus Run (AsyncOperationStatus status)
{
return Parent.ProcessHandshake (status);
return Parent.ProcessHandshake (status, false);
}
}
@@ -390,5 +390,17 @@ namespace Mono.Net.Security
}
}
class AsyncRenegotiateRequest : AsyncProtocolRequest
{
public AsyncRenegotiateRequest (MobileAuthenticatedStream parent)
: base (parent, false)
{
}
protected override AsyncOperationStatus Run (AsyncOperationStatus status)
{
return Parent.ProcessHandshake (status, true);
}
}
}
#endif

31
mcs/class/System/Mono.Net.Security/CallbackHelpers.cs
View File

@@ -57,14 +57,6 @@ namespace Mono.Net.Security.Private
return (h, c, ch, e) => callback (h, c, ch, (SslPolicyErrors)e);
}
internal static MSI.MonoLocalCertificateSelectionCallback PublicToMono (LocalCertificateSelectionCallback callback)
{
if (callback == null)
return null;
return (t, lc, rc, ai) => callback (null, t, lc, rc, ai);
}
internal static MSI.MonoRemoteCertificateValidationCallback InternalToMono (RemoteCertValidationCallback callback)
{
if (callback == null)
@@ -89,14 +81,6 @@ namespace Mono.Net.Security.Private
return (t, lc, rc, ai) => callback (t, lc, rc, ai);
}
internal static RemoteCertificateValidationCallback MonoToPublic (MSI.MonoRemoteCertificateValidationCallback callback)
{
if (callback == null)
return null;
return (t, c, ch, e) => callback (null, c, ch, (MSI.MonoSslPolicyErrors)e);
}
internal static LocalCertificateSelectionCallback MonoToPublic (MSI.MonoLocalCertificateSelectionCallback callback)
{
if (callback == null)
@@ -121,6 +105,21 @@ namespace Mono.Net.Security.Private
return (t, lc, rc, ai) => callback (t, lc, rc, ai);
}
internal static ServerCertificateSelectionCallback MonoToPublic (MSI.MonoServerCertificateSelectionCallback callback)
{
if (callback == null)
return null;
return (s, h) => callback (s, h);
}
internal static MSI.MonoServerCertificateSelectionCallback PublicToMono (ServerCertificateSelectionCallback callback)
{
if (callback == null)
return null;
return (s, h) => callback (s, h);
}
}
}

116
mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs
View File

@@ -66,83 +66,43 @@ namespace Mono.Net.Security
internal class ChainValidationHelper : ICertificateValidator2
{
readonly object sender;
readonly WeakReference<SslStream> owner;
readonly MonoTlsSettings settings;
readonly MonoTlsProvider provider;
readonly ServerCertValidationCallback certValidationCallback;
readonly LocalCertSelectionCallback certSelectionCallback;
readonly ServerCertValidationCallbackWrapper callbackWrapper;
readonly MonoTlsStream tlsStream;
readonly HttpWebRequest request;
#pragma warning disable 618
internal static ICertificateValidator GetInternalValidator (MonoTlsProvider provider, MonoTlsSettings settings)
internal static ICertificateValidator GetInternalValidator (SslStream owner, MonoTlsProvider provider, MonoTlsSettings settings)
{
if (settings == null)
return new ChainValidationHelper (provider, null, false, null, null);
return new ChainValidationHelper (owner, provider, null, false, null);
if (settings.CertificateValidator != null)
return settings.CertificateValidator;
return new ChainValidationHelper (provider, settings, false, null, null);
return new ChainValidationHelper (owner, provider, settings, false, null);
}
internal static ICertificateValidator GetDefaultValidator (MonoTlsSettings settings)
{
var provider = MonoTlsProviderFactory.GetProvider ();
if (settings == null)
return new ChainValidationHelper (provider, null, false, null, null);
return new ChainValidationHelper (null, provider, null, false, null);
if (settings.CertificateValidator != null)
throw new NotSupportedException ();
return new ChainValidationHelper (provider, settings, false, null, null);
}
#region SslStream support
/*
* This is a hack which is used in SslStream - see ReferenceSources/SslStream.cs for details.
*/
internal static ChainValidationHelper CloneWithCallbackWrapper (MonoTlsProvider provider, ref MonoTlsSettings settings, ServerCertValidationCallbackWrapper wrapper)
{
var helper = (ChainValidationHelper)settings.CertificateValidator;
if (helper == null)
helper = new ChainValidationHelper (provider, settings, true, null, wrapper);
else
helper = new ChainValidationHelper (helper, provider, settings, wrapper);
settings = helper.settings;
return helper;
}
internal static bool InvokeCallback (ServerCertValidationCallback callback, object sender, X509Certificate certificate, X509Chain chain, MonoSslPolicyErrors sslPolicyErrors)
{
return callback.Invoke (sender, certificate, chain, (SslPolicyErrors)sslPolicyErrors);
}
#endregion
ChainValidationHelper (ChainValidationHelper other, MonoTlsProvider provider, MonoTlsSettings settings, ServerCertValidationCallbackWrapper callbackWrapper = null)
{
sender = other.sender;
certValidationCallback = other.certValidationCallback;
certSelectionCallback = other.certSelectionCallback;
tlsStream = other.tlsStream;
request = other.request;
if (settings == null)
settings = MonoTlsSettings.DefaultSettings;
this.provider = provider;
this.settings = settings.CloneWithValidator (this);
this.callbackWrapper = callbackWrapper;
return new ChainValidationHelper (null, provider, settings, false, null);
}
internal static ChainValidationHelper Create (MonoTlsProvider provider, ref MonoTlsSettings settings, MonoTlsStream stream)
{
var helper = new ChainValidationHelper (provider, settings, true, stream, null);
var helper = new ChainValidationHelper (null, provider, settings, true, stream);
settings = helper.settings;
return helper;
}
ChainValidationHelper (MonoTlsProvider provider, MonoTlsSettings settings, bool cloneSettings, MonoTlsStream stream, ServerCertValidationCallbackWrapper callbackWrapper)
ChainValidationHelper (SslStream owner, MonoTlsProvider provider, MonoTlsSettings settings, bool cloneSettings, MonoTlsStream stream)
{
if (settings == null)
settings = MonoTlsSettings.CopyDefaultSettings ();
@@ -154,22 +114,20 @@ namespace Mono.Net.Security
this.provider = provider;
this.settings = settings;
this.tlsStream = stream;
this.callbackWrapper = callbackWrapper;
if (owner != null)
this.owner = new WeakReference<SslStream> (owner);
var fallbackToSPM = false;
if (settings != null) {
if (settings.RemoteCertificateValidationCallback != null) {
var callback = Private.CallbackHelpers.MonoToPublic (settings.RemoteCertificateValidationCallback);
certValidationCallback = new ServerCertValidationCallback (callback);
}
certValidationCallback = GetValidationCallback (settings);
certSelectionCallback = Private.CallbackHelpers.MonoToInternal (settings.ClientCertificateSelectionCallback);
fallbackToSPM = settings.UseServicePointManagerCallback ?? stream != null;
}
if (stream != null) {
this.request = stream.Request;
this.sender = request;
if (certValidationCallback == null)
certValidationCallback = request.ServerCertValidationCallback;
@@ -186,6 +144,27 @@ namespace Mono.Net.Security
#pragma warning restore 618
static ServerCertValidationCallback GetValidationCallback (MonoTlsSettings settings)
{
if (settings.RemoteCertificateValidationCallback == null)
return null;
return new ServerCertValidationCallback ((s, c, ch, e) => {
string targetHost = null;
if (s is SslStream sslStream)
targetHost = ((MobileAuthenticatedStream)sslStream.Impl).TargetHost;
else if (s is HttpWebRequest request) {
targetHost = request.Host;
if (!string.IsNullOrEmpty (targetHost)) {
var pos = targetHost.IndexOf (':');
if (pos > 0)
targetHost = targetHost.Substring (0, pos);
}
}
return settings.RemoteCertificateValidationCallback (targetHost, c, ch, (MonoSslPolicyErrors)e);
});
}
static X509Certificate DefaultSelectionCallback (string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers)
{
X509Certificate clientCertificate;
@@ -301,18 +280,13 @@ namespace Mono.Net.Security
bool user_denied = false;
bool result = false;
var hasCallback = certValidationCallback != null || callbackWrapper != null;
if (tlsStream != null)
request.ServicePoint.UpdateServerCertificate (leaf);
if (leaf == null) {
errors |= SslPolicyErrors.RemoteCertificateNotAvailable;
if (hasCallback) {
if (callbackWrapper != null)
result = callbackWrapper.Invoke (certValidationCallback, leaf, null, (MonoSslPolicyErrors)errors);
else
result = certValidationCallback.Invoke (sender, leaf, null, errors);
if (certValidationCallback != null) {
result = InvokeCallback (leaf, null, errors);
user_denied = !result;
}
return new ValidationResult (result, user_denied, 0, (MonoSslPolicyErrors)errors);
@@ -330,7 +304,7 @@ namespace Mono.Net.Security
int status11 = 0; // Error code passed to the obsolete ICertificatePolicy callback
bool wantsChain = SystemCertificateValidator.NeedsChain (settings);
if (!wantsChain && hasCallback) {
if (!wantsChain && certValidationCallback != null) {
if (settings == null || settings.CallbackNeedsCertificateChain)
wantsChain = true;
}
@@ -354,16 +328,24 @@ namespace Mono.Net.Security
user_denied = !result && !(policy is DefaultCertificatePolicy);
}
// If there's a 2.0 callback, it takes precedence
if (hasCallback) {
if (callbackWrapper != null)
result = callbackWrapper.Invoke (certValidationCallback, leaf, chain, (MonoSslPolicyErrors)errors);
else
result = certValidationCallback.Invoke (sender, leaf, chain, errors);
if (certValidationCallback != null) {
result = InvokeCallback (leaf, chain, errors);
user_denied = !result;
}
return new ValidationResult (result, user_denied, status11, (MonoSslPolicyErrors)errors);
}
bool InvokeCallback (X509Certificate leaf, X509Chain chain, SslPolicyErrors errors)
{
object sender = null;
if (request != null)
sender = request;
else if (owner != null && owner.TryGetTarget (out var sslStream))
sender = sslStream;
return certValidationCallback.Invoke (sender, leaf, chain, errors);
}
bool InvokeSystemValidator (string targetHost, bool serverMode, X509CertificateCollection certificates, X509Chain chain, ref MonoSslPolicyErrors xerrors, ref int status11)
{
var errors = (SslPolicyErrors)xerrors;

43
mcs/class/System/Mono.Net.Security/LegacySslStream.cs
View File

@@ -62,13 +62,13 @@ using System;
using System.IO;
using System.Net;
using System.Net.Security;
using System.Threading;
using System.Threading.Tasks;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Security.Principal;
using System.Security.Cryptography;
using System.Threading.Tasks;
namespace Mono.Net.Security.Private
{
/*
@@ -91,7 +91,7 @@ namespace Mono.Net.Security.Private
{
SslStream = owner;
Provider = provider;
certificateValidator = ChainValidationHelper.GetInternalValidator (provider, settings);
certificateValidator = ChainValidationHelper.GetInternalValidator (owner, provider, settings);
}
#endregion // Constructors
@@ -331,6 +331,11 @@ namespace Mono.Net.Security.Private
return BeginAuthenticateAsClient (targetHost, new X509CertificateCollection (), SslProtocols.Tls, false, asyncCallback, asyncState);
}
public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
{
return BeginAuthenticateAsClient (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState);
}
public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
{
if (IsAuthenticated)
@@ -388,6 +393,11 @@ namespace Mono.Net.Security.Private
return BeginAuthenticateAsServer (serverCertificate, false, SslProtocols.Tls, false, asyncCallback, asyncState);
}
public virtual IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
{
return BeginAuthenticateAsServer (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState);
}
public virtual IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
{
if (IsAuthenticated)
@@ -442,6 +452,11 @@ namespace Mono.Net.Security.Private
AuthenticateAsClient (targetHost, new X509CertificateCollection (), SslProtocols.Tls, false);
}
public virtual void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation)
{
AuthenticateAsClient (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
}
public virtual void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
EndAuthenticateAsClient (BeginAuthenticateAsClient (
@@ -453,6 +468,11 @@ namespace Mono.Net.Security.Private
AuthenticateAsServer (serverCertificate, false, SslProtocols.Tls, false);
}
public virtual void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation)
{
AuthenticateAsServer (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
}
public virtual void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
EndAuthenticateAsServer (BeginAuthenticateAsServer (
@@ -546,6 +566,11 @@ namespace Mono.Net.Security.Private
return Task.Factory.FromAsync (BeginAuthenticateAsClient, EndAuthenticateAsClient, targetHost, null);
}
public virtual Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation)
{
return AuthenticateAsClientAsync (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
}
public virtual Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
var t = Tuple.Create (targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation, this);
@@ -561,6 +586,11 @@ namespace Mono.Net.Security.Private
return Task.Factory.FromAsync (BeginAuthenticateAsServer, EndAuthenticateAsServer, serverCertificate, null);
}
public virtual Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation)
{
return AuthenticateAsServerAsync (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
}
public virtual Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
var t = Tuple.Create (serverCertificate, clientCertificateRequired, enabledSslProtocols, checkCertificateRevocation, this);
@@ -601,6 +631,13 @@ namespace Mono.Net.Security.Private
return null;
}
public bool CanRenegotiate => false;
public Task RenegotiateAsync (CancellationToken cancellationToken)
{
throw new NotSupportedException ();
}
#endregion
}
}

324
mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs
View File

File diff suppressed because it is too large Load Diff

179
mcs/class/System/Mono.Net.Security/MobileTlsContext.cs
View File

@@ -32,56 +32,49 @@ namespace Mono.Net.Security
{
abstract class MobileTlsContext : IDisposable
{
MobileAuthenticatedStream parent;
bool serverMode;
string targetHost;
string serverName;
SslProtocols enabledProtocols;
X509Certificate serverCertificate;
X509CertificateCollection clientCertificates;
bool askForClientCert;
ICertificateValidator2 certificateValidator;
public MobileTlsContext (
MobileAuthenticatedStream parent, bool serverMode, string targetHost,
SslProtocols enabledProtocols, X509Certificate serverCertificate,
X509CertificateCollection clientCertificates, bool askForClientCert)
protected MobileTlsContext (MobileAuthenticatedStream parent, MonoSslAuthenticationOptions options)
{
this.parent = parent;
this.serverMode = serverMode;
this.targetHost = targetHost;
this.enabledProtocols = enabledProtocols;
this.serverCertificate = serverCertificate;
this.clientCertificates = clientCertificates;
this.askForClientCert = askForClientCert;
Parent = parent;
Options = options;
IsServer = options.ServerMode;
EnabledProtocols = options.EnabledSslProtocols;
serverName = targetHost;
if (!string.IsNullOrEmpty (serverName)) {
var pos = serverName.IndexOf (':');
if (pos > 0)
serverName = serverName.Substring (0, pos);
if (options.ServerMode) {
LocalServerCertificate = options.ServerCertificate;
AskForClientCertificate = options.ClientCertificateRequired;
} else {
ClientCertificates = options.ClientCertificates;
TargetHost = options.TargetHost;
ServerName = options.TargetHost;
if (!string.IsNullOrEmpty (ServerName)) {
var pos = ServerName.IndexOf (':');
if (pos > 0)
ServerName = ServerName.Substring (0, pos);
}
}
certificateValidator = CertificateValidationHelper.GetInternalValidator (
parent.Settings, parent.Provider);
certificateValidator = (ICertificateValidator2)ChainValidationHelper.GetInternalValidator (
parent.SslStream, parent.Provider, parent.Settings);
}
internal MonoSslAuthenticationOptions Options {
get;
}
internal MobileAuthenticatedStream Parent {
get { return parent; }
get;
}
public MonoTlsSettings Settings {
get { return parent.Settings; }
}
public MonoTlsSettings Settings => Parent.Settings;
public MonoTlsProvider Provider {
get { return parent.Provider; }
}
public MonoTlsProvider Provider => Parent.Provider;
[SD.Conditional ("MONO_TLS_DEBUG")]
protected void Debug (string message, params object[] args)
{
parent.Debug ("{0}: {1}", GetType ().Name, string.Format (message, args));
Parent.Debug ("{0}: {1}", GetType ().Name, string.Format (message, args));
}
public abstract bool HasContext {
@@ -93,44 +86,52 @@ namespace Mono.Net.Security
}
public bool IsServer {
get { return serverMode; }
get;
}
protected string TargetHost {
get { return targetHost; }
internal string TargetHost {
get;
}
protected string ServerName {
get { return serverName; }
get;
}
protected bool AskForClientCertificate {
get { return askForClientCert; }
get;
}
protected SslProtocols EnabledProtocols {
get { return enabledProtocols; }
get;
}
protected X509CertificateCollection ClientCertificates {
get { return clientCertificates; }
get;
}
protected void GetProtocolVersions (out TlsProtocolCode min, out TlsProtocolCode max)
{
if ((enabledProtocols & SslProtocols.Tls) != 0)
min = TlsProtocolCode.Tls10;
else if ((enabledProtocols & SslProtocols.Tls11) != 0)
min = TlsProtocolCode.Tls11;
else
min = TlsProtocolCode.Tls12;
internal bool AllowRenegotiation {
get { return false; }
}
if ((enabledProtocols & SslProtocols.Tls12) != 0)
max = TlsProtocolCode.Tls12;
else if ((enabledProtocols & SslProtocols.Tls11) != 0)
max = TlsProtocolCode.Tls11;
protected void GetProtocolVersions (out TlsProtocolCode? min, out TlsProtocolCode? max)
{
if ((EnabledProtocols & SslProtocols.Tls) != 0)
min = TlsProtocolCode.Tls10;
else if ((EnabledProtocols & SslProtocols.Tls11) != 0)
min = TlsProtocolCode.Tls11;
else if ((EnabledProtocols & SslProtocols.Tls12) != 0)
min = TlsProtocolCode.Tls12;
else
min = null;
if ((EnabledProtocols & SslProtocols.Tls12) != 0)
max = TlsProtocolCode.Tls12;
else if ((EnabledProtocols & SslProtocols.Tls11) != 0)
max = TlsProtocolCode.Tls11;
else if ((EnabledProtocols & SslProtocols.Tls) != 0)
max = TlsProtocolCode.Tls10;
else
max = null;
}
public abstract void StartHandshake ();
@@ -144,7 +145,7 @@ namespace Mono.Net.Security
}
internal X509Certificate LocalServerCertificate {
get { return serverCertificate; }
get;
}
internal abstract bool IsRemoteCertificateAvailable {
@@ -171,6 +172,8 @@ namespace Mono.Net.Security
public abstract void Shutdown ();
public abstract bool PendingRenegotiation ();
protected bool ValidateCertificate (X509Certificate leaf, X509Chain chain)
{
var result = certificateValidator.ValidateCertificate (TargetHost, IsServer, leaf, chain);
@@ -183,24 +186,78 @@ namespace Mono.Net.Security
return result != null && result.Trusted && !result.UserDenied;
}
protected X509Certificate SelectClientCertificate (X509Certificate serverCertificate, string[] acceptableIssuers)
protected X509Certificate SelectClientCertificate (string[] acceptableIssuers)
{
if (Settings.DisallowUnauthenticatedCertificateRequest && !IsAuthenticated)
return null;
if (RemoteCertificate == null)
throw new TlsException (AlertDescription.InternalError, "Cannot request client certificate before receiving one from the server.");
/*
* We need to pass null to the user selection callback during the initial handshake, to allow the callback to distinguish
* between an authenticated and unauthenticated session.
*/
X509Certificate certificate;
var selected = certificateValidator.SelectClientCertificate (
TargetHost, ClientCertificates, serverCertificate, acceptableIssuers, out certificate);
TargetHost, ClientCertificates, IsAuthenticated ? RemoteCertificate : null, acceptableIssuers, out certificate);
if (selected)
return certificate;
if (clientCertificates == null || clientCertificates.Count == 0)
if (ClientCertificates == null || ClientCertificates.Count == 0)
return null;
if (clientCertificates.Count == 1)
return clientCertificates [0];
/*
* .NET actually scans the entire collection to ensure the selected certificate has a private key in it.
*
* However, since we do not support private key retrieval from the key store, we require all certificates
* to have a private key in them (explicitly or implicitly via OS X keychain lookup).
*/
if (acceptableIssuers == null || acceptableIssuers.Length == 0)
return ClientCertificates [0];
// FIXME: select onne.
throw new NotImplementedException ();
// Copied from the referencesource implementation in referencesource/System/net/System/Net/_SecureChannel.cs.
for (int i = 0; i < ClientCertificates.Count; i++) {
var certificate2 = ClientCertificates[i] as X509Certificate2;
if (certificate2 == null)
continue;
X509Chain chain = null;
try {
chain = new X509Chain ();
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.IgnoreInvalidName;
chain.Build (certificate2);
//
// We ignore any errors happened with chain.
// Consider: try to locate the "best" client cert that has no errors and the lognest validity internal
//
if (chain.ChainElements.Count == 0)
continue;
for (int ii=0; ii< chain.ChainElements.Count; ++ii) {
var issuer = chain.ChainElements[ii].Certificate.Issuer;
if (Array.IndexOf (acceptableIssuers, issuer) != -1)
return certificate2;
}
} catch {
; // ignore errors
} finally {
if (chain != null)
chain.Reset ();
}
}
// No certificate matches.
return null;
}
public abstract bool CanRenegotiate {
get;
}
public abstract void Renegotiate ();
public void Dispose ()
{
Dispose (true);

87
mcs/class/System/Mono.Net.Security/MonoSslAuthenticationOptions.cs Normal file
View File

@@ -0,0 +1,87 @@
//
// MonoSslAuthenticationOptions.cs
//
// Author:
// Martin Baulig <mabaul@microsoft.com>
//
// Copyright (c) 2018 Xamarin Inc. (http://www.xamarin.com)
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
#if SECURITY_DEP
#if MONO_SECURITY_ALIAS
extern alias MonoSecurity;
#endif
#if MONO_SECURITY_ALIAS
using MonoSecurity::Mono.Security.Interface;
#else
using Mono.Security.Interface;
#endif
#endif
using System;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Security.Authentication;
namespace Mono.Net.Security
{
abstract class MonoSslAuthenticationOptions : IMonoAuthenticationOptions
{
public abstract bool ServerMode {
get;
}
public abstract bool AllowRenegotiation {
get; set;
}
public abstract RemoteCertificateValidationCallback RemoteCertificateValidationCallback { get; set; }
public abstract SslProtocols EnabledSslProtocols {
get; set;
}
public abstract EncryptionPolicy EncryptionPolicy {
get; set;
}
public abstract X509RevocationMode CertificateRevocationCheckMode {
get; set;
}
public abstract string TargetHost {
get; set;
}
public abstract X509Certificate ServerCertificate {
get; set;
}
public abstract X509CertificateCollection ClientCertificates {
get; set;
}
public abstract bool ClientCertificateRequired {
get; set;
}
}
}

116
mcs/class/System/Mono.Net.Security/MonoSslClientAuthenticationOptions.cs Normal file
View File

@@ -0,0 +1,116 @@
//
// MonoSslClientAuthenticationOptions.cs
//
// Author:
// Martin Baulig <mabaul@microsoft.com>
//
// Copyright (c) 2018 Xamarin Inc. (http://www.xamarin.com)
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
#if SECURITY_DEP
#if MONO_SECURITY_ALIAS
extern alias MonoSecurity;
#endif
#if MONO_SECURITY_ALIAS
using MonoSecurity::Mono.Security.Interface;
#else
using Mono.Security.Interface;
#endif
#endif
using System;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Security.Authentication;
namespace Mono.Net.Security
{
sealed class MonoSslClientAuthenticationOptions : MonoSslAuthenticationOptions, IMonoSslClientAuthenticationOptions
{
public SslClientAuthenticationOptions Options {
get;
}
public override bool ServerMode => false;
public MonoSslClientAuthenticationOptions (SslClientAuthenticationOptions options)
{
Options = options;
}
public MonoSslClientAuthenticationOptions ()
{
Options = new SslClientAuthenticationOptions ();
}
public override bool AllowRenegotiation {
get => Options.AllowRenegotiation;
set => Options.AllowRenegotiation = value;
}
public override RemoteCertificateValidationCallback RemoteCertificateValidationCallback {
get => Options.RemoteCertificateValidationCallback;
set => Options.RemoteCertificateValidationCallback = value;
}
public override X509RevocationMode CertificateRevocationCheckMode {
get => Options.CertificateRevocationCheckMode;
set => Options.CertificateRevocationCheckMode = value;
}
public override EncryptionPolicy EncryptionPolicy {
get => Options.EncryptionPolicy;
set => Options.EncryptionPolicy = value;
}
public override SslProtocols EnabledSslProtocols {
get => Options.EnabledSslProtocols;
set => Options.EnabledSslProtocols = value;
}
public LocalCertificateSelectionCallback LocalCertificateSelectionCallback {
get => Options.LocalCertificateSelectionCallback;
set => Options.LocalCertificateSelectionCallback = value;
}
public override string TargetHost {
get => Options.TargetHost;
set => Options.TargetHost = value;
}
public override bool ClientCertificateRequired {
get => throw new NotSupportedException ();
set => throw new NotSupportedException ();
}
public override X509CertificateCollection ClientCertificates {
get => Options.ClientCertificates;
set => Options.ClientCertificates = value;
}
public override X509Certificate ServerCertificate {
get => throw new NotSupportedException ();
set => throw new NotSupportedException ();
}
}
}

121
mcs/class/System/Mono.Net.Security/MonoSslServerAuthenticationOptions.cs Normal file
View File

@@ -0,0 +1,121 @@
//
// MonoSslServerAuthenticationOptions.cs
//
// Author:
// Martin Baulig <mabaul@microsoft.com>
//
// Copyright (c) 2018 Xamarin Inc. (http://www.xamarin.com)
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
#if SECURITY_DEP
#if MONO_SECURITY_ALIAS
extern alias MonoSecurity;
#endif
#if MONO_SECURITY_ALIAS
using MonoSecurity::Mono.Security.Interface;
#else
using Mono.Security.Interface;
#endif
#endif
using System;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Security.Authentication;
namespace Mono.Net.Security
{
sealed class MonoSslServerAuthenticationOptions : MonoSslAuthenticationOptions, IMonoSslServerAuthenticationOptions
{
public SslServerAuthenticationOptions Options {
get;
}
public override bool ServerMode => true;
public MonoSslServerAuthenticationOptions (SslServerAuthenticationOptions options)
{
Options = options;
}
public MonoSslServerAuthenticationOptions ()
{
Options = new SslServerAuthenticationOptions ();
}
public override bool AllowRenegotiation {
get => Options.AllowRenegotiation;
set => Options.AllowRenegotiation = value;
}
public override RemoteCertificateValidationCallback RemoteCertificateValidationCallback {
get => Options.RemoteCertificateValidationCallback;
set => Options.RemoteCertificateValidationCallback = value;
}
public override X509RevocationMode CertificateRevocationCheckMode {
get => Options.CertificateRevocationCheckMode;
set => Options.CertificateRevocationCheckMode = value;
}
public override EncryptionPolicy EncryptionPolicy {
get => Options.EncryptionPolicy;
set => Options.EncryptionPolicy = value;
}
public override SslProtocols EnabledSslProtocols {
get => Options.EnabledSslProtocols;
set => Options.EnabledSslProtocols = value;
}
public override bool ClientCertificateRequired {
get => Options.ClientCertificateRequired;
set => Options.ClientCertificateRequired = value;
}
public ServerCertificateSelectionCallback ServerCertificateSelectionCallback {
get => Options.ServerCertificateSelectionCallback;
set => Options.ServerCertificateSelectionCallback = value;
}
MonoServerCertificateSelectionCallback IMonoSslServerAuthenticationOptions.ServerCertificateSelectionCallback {
get => Private.CallbackHelpers.PublicToMono (ServerCertificateSelectionCallback);
set => ServerCertificateSelectionCallback = Private.CallbackHelpers.MonoToPublic (value);
}
public override string TargetHost {
get => throw new NotSupportedException ();
set => throw new NotSupportedException ();
}
public override X509Certificate ServerCertificate {
get => Options.ServerCertificate;
set => Options.ServerCertificate = value;
}
public override X509CertificateCollection ClientCertificates {
get => throw new NotSupportedException ();
set => throw new NotSupportedException ();
}
}
}

9
mcs/class/System/Mono.Net.Security/NoReflectionHelper.cs
View File

@@ -47,15 +47,6 @@ namespace Mono.Net.Security
//
internal static class NoReflectionHelper
{
internal static object GetInternalValidator (object provider, object settings)
{
#if SECURITY_DEP
return ChainValidationHelper.GetInternalValidator ((MSI.MonoTlsProvider)provider, (MSI.MonoTlsSettings)settings);
#else
throw new NotSupportedException ();
#endif
}
internal static object GetDefaultValidator (object settings)
{
#if SECURITY_DEP

7
mcs/class/System/ReferenceSources/Logging.cs
View File

@@ -3,7 +3,12 @@ using System.Diagnostics;
namespace System.Net {
static class Logging
{
internal static readonly bool On = false;
internal static bool On {
get {
return false;
}
}
internal static TraceSource Web {
get {

Some files were not shown because too many files have changed in this diff Show More