mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Imported Upstream version 5.16.0.100

Browse Source 
Former-commit-id: 38faa55fb9669e35e7d8448b15c25dc447f25767
This commit is contained in:
Xamarin Public Jenkins (auto-signing)
2018-08-07 15:19:03 +00:00
parent 0a9828183b
commit 7d7f676260
4419 changed files with 170950 additions and 90273 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs
View File

@ -280,7 +280,7 @@ namespace Mono.Net.Security
protected override AsyncOperationStatus Run (AsyncOperationStatus status)
{
return Parent.ProcessHandshake (status);
return Parent.ProcessHandshake (status, false);
}
}
@ -390,5 +390,17 @@ namespace Mono.Net.Security
}
}
class AsyncRenegotiateRequest : AsyncProtocolRequest
{
public AsyncRenegotiateRequest (MobileAuthenticatedStream parent)
: base (parent, false)
{
}
protected override AsyncOperationStatus Run (AsyncOperationStatus status)
{
return Parent.ProcessHandshake (status, true);
}
}
}
#endif

31
mcs/class/System/Mono.Net.Security/CallbackHelpers.cs
View File

@ -57,14 +57,6 @@ namespace Mono.Net.Security.Private
return (h, c, ch, e) => callback (h, c, ch, (SslPolicyErrors)e);
}
internal static MSI.MonoLocalCertificateSelectionCallback PublicToMono (LocalCertificateSelectionCallback callback)
{
if (callback == null)
return null;
return (t, lc, rc, ai) => callback (null, t, lc, rc, ai);
}
internal static MSI.MonoRemoteCertificateValidationCallback InternalToMono (RemoteCertValidationCallback callback)
{
if (callback == null)
@ -89,14 +81,6 @@ namespace Mono.Net.Security.Private
return (t, lc, rc, ai) => callback (t, lc, rc, ai);
}
internal static RemoteCertificateValidationCallback MonoToPublic (MSI.MonoRemoteCertificateValidationCallback callback)
{
if (callback == null)
return null;
return (t, c, ch, e) => callback (null, c, ch, (MSI.MonoSslPolicyErrors)e);
}
internal static LocalCertificateSelectionCallback MonoToPublic (MSI.MonoLocalCertificateSelectionCallback callback)
{
if (callback == null)
@ -121,6 +105,21 @@ namespace Mono.Net.Security.Private
return (t, lc, rc, ai) => callback (t, lc, rc, ai);
}
internal static ServerCertificateSelectionCallback MonoToPublic (MSI.MonoServerCertificateSelectionCallback callback)
{
if (callback == null)
return null;
return (s, h) => callback (s, h);
}
internal static MSI.MonoServerCertificateSelectionCallback PublicToMono (ServerCertificateSelectionCallback callback)
{
if (callback == null)
return null;
return (s, h) => callback (s, h);
}
}
}

116
mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs
View File

@ -66,83 +66,43 @@ namespace Mono.Net.Security
internal class ChainValidationHelper : ICertificateValidator2
{
readonly object sender;
readonly WeakReference<SslStream> owner;
readonly MonoTlsSettings settings;
readonly MonoTlsProvider provider;
readonly ServerCertValidationCallback certValidationCallback;
readonly LocalCertSelectionCallback certSelectionCallback;
readonly ServerCertValidationCallbackWrapper callbackWrapper;
readonly MonoTlsStream tlsStream;
readonly HttpWebRequest request;
#pragma warning disable 618
internal static ICertificateValidator GetInternalValidator (MonoTlsProvider provider, MonoTlsSettings settings)
internal static ICertificateValidator GetInternalValidator (SslStream owner, MonoTlsProvider provider, MonoTlsSettings settings)
{
if (settings == null)
return new ChainValidationHelper (provider, null, false, null, null);
return new ChainValidationHelper (owner, provider, null, false, null);
if (settings.CertificateValidator != null)
return settings.CertificateValidator;
return new ChainValidationHelper (provider, settings, false, null, null);
return new ChainValidationHelper (owner, provider, settings, false, null);
}
internal static ICertificateValidator GetDefaultValidator (MonoTlsSettings settings)
{
var provider = MonoTlsProviderFactory.GetProvider ();
if (settings == null)
return new ChainValidationHelper (provider, null, false, null, null);
return new ChainValidationHelper (null, provider, null, false, null);
if (settings.CertificateValidator != null)
throw new NotSupportedException ();
return new ChainValidationHelper (provider, settings, false, null, null);
}
#region SslStream support
/*
* This is a hack which is used in SslStream - see ReferenceSources/SslStream.cs for details.
*/
internal static ChainValidationHelper CloneWithCallbackWrapper (MonoTlsProvider provider, ref MonoTlsSettings settings, ServerCertValidationCallbackWrapper wrapper)
{
var helper = (ChainValidationHelper)settings.CertificateValidator;
if (helper == null)
helper = new ChainValidationHelper (provider, settings, true, null, wrapper);
else
helper = new ChainValidationHelper (helper, provider, settings, wrapper);
settings = helper.settings;
return helper;
}
internal static bool InvokeCallback (ServerCertValidationCallback callback, object sender, X509Certificate certificate, X509Chain chain, MonoSslPolicyErrors sslPolicyErrors)
{
return callback.Invoke (sender, certificate, chain, (SslPolicyErrors)sslPolicyErrors);
}
#endregion
ChainValidationHelper (ChainValidationHelper other, MonoTlsProvider provider, MonoTlsSettings settings, ServerCertValidationCallbackWrapper callbackWrapper = null)
{
sender = other.sender;
certValidationCallback = other.certValidationCallback;
certSelectionCallback = other.certSelectionCallback;
tlsStream = other.tlsStream;
request = other.request;
if (settings == null)
settings = MonoTlsSettings.DefaultSettings;
this.provider = provider;
this.settings = settings.CloneWithValidator (this);
this.callbackWrapper = callbackWrapper;
return new ChainValidationHelper (null, provider, settings, false, null);
}
internal static ChainValidationHelper Create (MonoTlsProvider provider, ref MonoTlsSettings settings, MonoTlsStream stream)
{
var helper = new ChainValidationHelper (provider, settings, true, stream, null);
var helper = new ChainValidationHelper (null, provider, settings, true, stream);
settings = helper.settings;
return helper;
}
ChainValidationHelper (MonoTlsProvider provider, MonoTlsSettings settings, bool cloneSettings, MonoTlsStream stream, ServerCertValidationCallbackWrapper callbackWrapper)
ChainValidationHelper (SslStream owner, MonoTlsProvider provider, MonoTlsSettings settings, bool cloneSettings, MonoTlsStream stream)
{
if (settings == null)
settings = MonoTlsSettings.CopyDefaultSettings ();
@ -154,22 +114,20 @@ namespace Mono.Net.Security
this.provider = provider;
this.settings = settings;
this.tlsStream = stream;
this.callbackWrapper = callbackWrapper;
if (owner != null)
this.owner = new WeakReference<SslStream> (owner);
var fallbackToSPM = false;
if (settings != null) {
if (settings.RemoteCertificateValidationCallback != null) {
var callback = Private.CallbackHelpers.MonoToPublic (settings.RemoteCertificateValidationCallback);
certValidationCallback = new ServerCertValidationCallback (callback);
}
certValidationCallback = GetValidationCallback (settings);
certSelectionCallback = Private.CallbackHelpers.MonoToInternal (settings.ClientCertificateSelectionCallback);
fallbackToSPM = settings.UseServicePointManagerCallback ?? stream != null;
}
if (stream != null) {
this.request = stream.Request;
this.sender = request;
if (certValidationCallback == null)
certValidationCallback = request.ServerCertValidationCallback;
@ -186,6 +144,27 @@ namespace Mono.Net.Security
#pragma warning restore 618
static ServerCertValidationCallback GetValidationCallback (MonoTlsSettings settings)
{
if (settings.RemoteCertificateValidationCallback == null)
return null;
return new ServerCertValidationCallback ((s, c, ch, e) => {
string targetHost = null;
if (s is SslStream sslStream)
targetHost = ((MobileAuthenticatedStream)sslStream.Impl).TargetHost;
else if (s is HttpWebRequest request) {
targetHost = request.Host;
if (!string.IsNullOrEmpty (targetHost)) {
var pos = targetHost.IndexOf (':');
if (pos > 0)
targetHost = targetHost.Substring (0, pos);
}
}
return settings.RemoteCertificateValidationCallback (targetHost, c, ch, (MonoSslPolicyErrors)e);
});
}
static X509Certificate DefaultSelectionCallback (string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers)
{
X509Certificate clientCertificate;
@ -301,18 +280,13 @@ namespace Mono.Net.Security
bool user_denied = false;
bool result = false;
var hasCallback = certValidationCallback != null || callbackWrapper != null;
if (tlsStream != null)
request.ServicePoint.UpdateServerCertificate (leaf);
if (leaf == null) {
errors |= SslPolicyErrors.RemoteCertificateNotAvailable;
if (hasCallback) {
if (callbackWrapper != null)
result = callbackWrapper.Invoke (certValidationCallback, leaf, null, (MonoSslPolicyErrors)errors);
else
result = certValidationCallback.Invoke (sender, leaf, null, errors);
if (certValidationCallback != null) {
result = InvokeCallback (leaf, null, errors);
user_denied = !result;
}
return new ValidationResult (result, user_denied, 0, (MonoSslPolicyErrors)errors);
@ -330,7 +304,7 @@ namespace Mono.Net.Security
int status11 = 0; // Error code passed to the obsolete ICertificatePolicy callback
bool wantsChain = SystemCertificateValidator.NeedsChain (settings);
if (!wantsChain && hasCallback) {
if (!wantsChain && certValidationCallback != null) {
if (settings == null || settings.CallbackNeedsCertificateChain)
wantsChain = true;
}
@ -354,16 +328,24 @@ namespace Mono.Net.Security
user_denied = !result && !(policy is DefaultCertificatePolicy);
}
// If there's a 2.0 callback, it takes precedence
if (hasCallback) {
if (callbackWrapper != null)
result = callbackWrapper.Invoke (certValidationCallback, leaf, chain, (MonoSslPolicyErrors)errors);
else
result = certValidationCallback.Invoke (sender, leaf, chain, errors);
if (certValidationCallback != null) {
result = InvokeCallback (leaf, chain, errors);
user_denied = !result;
}
return new ValidationResult (result, user_denied, status11, (MonoSslPolicyErrors)errors);
}
bool InvokeCallback (X509Certificate leaf, X509Chain chain, SslPolicyErrors errors)
{
object sender = null;
if (request != null)
sender = request;
else if (owner != null && owner.TryGetTarget (out var sslStream))
sender = sslStream;
return certValidationCallback.Invoke (sender, leaf, chain, errors);
}
bool InvokeSystemValidator (string targetHost, bool serverMode, X509CertificateCollection certificates, X509Chain chain, ref MonoSslPolicyErrors xerrors, ref int status11)
{
var errors = (SslPolicyErrors)xerrors;

43
mcs/class/System/Mono.Net.Security/LegacySslStream.cs
View File

@ -62,13 +62,13 @@ using System;
using System.IO;
using System.Net;
using System.Net.Security;
using System.Threading;
using System.Threading.Tasks;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Security.Principal;
using System.Security.Cryptography;
using System.Threading.Tasks;
namespace Mono.Net.Security.Private
{
/*
@ -91,7 +91,7 @@ namespace Mono.Net.Security.Private
{
SslStream = owner;
Provider = provider;
certificateValidator = ChainValidationHelper.GetInternalValidator (provider, settings);
certificateValidator = ChainValidationHelper.GetInternalValidator (owner, provider, settings);
}
#endregion // Constructors
@ -331,6 +331,11 @@ namespace Mono.Net.Security.Private
return BeginAuthenticateAsClient (targetHost, new X509CertificateCollection (), SslProtocols.Tls, false, asyncCallback, asyncState);
}
public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
{
return BeginAuthenticateAsClient (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState);
}
public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
{
if (IsAuthenticated)
@ -388,6 +393,11 @@ namespace Mono.Net.Security.Private
return BeginAuthenticateAsServer (serverCertificate, false, SslProtocols.Tls, false, asyncCallback, asyncState);
}
public virtual IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
{
return BeginAuthenticateAsServer (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState);
}
public virtual IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
{
if (IsAuthenticated)
@ -442,6 +452,11 @@ namespace Mono.Net.Security.Private
AuthenticateAsClient (targetHost, new X509CertificateCollection (), SslProtocols.Tls, false);
}
public virtual void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation)
{
AuthenticateAsClient (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
}
public virtual void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
EndAuthenticateAsClient (BeginAuthenticateAsClient (
@ -453,6 +468,11 @@ namespace Mono.Net.Security.Private
AuthenticateAsServer (serverCertificate, false, SslProtocols.Tls, false);
}
public virtual void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation)
{
AuthenticateAsServer (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
}
public virtual void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
EndAuthenticateAsServer (BeginAuthenticateAsServer (
@ -546,6 +566,11 @@ namespace Mono.Net.Security.Private
return Task.Factory.FromAsync (BeginAuthenticateAsClient, EndAuthenticateAsClient, targetHost, null);
}
public virtual Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation)
{
return AuthenticateAsClientAsync (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
}
public virtual Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
var t = Tuple.Create (targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation, this);
@ -561,6 +586,11 @@ namespace Mono.Net.Security.Private
return Task.Factory.FromAsync (BeginAuthenticateAsServer, EndAuthenticateAsServer, serverCertificate, null);
}
public virtual Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation)
{
return AuthenticateAsServerAsync (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
}
public virtual Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
var t = Tuple.Create (serverCertificate, clientCertificateRequired, enabledSslProtocols, checkCertificateRevocation, this);
@ -601,6 +631,13 @@ namespace Mono.Net.Security.Private
return null;
}
public bool CanRenegotiate => false;
public Task RenegotiateAsync (CancellationToken cancellationToken)
{
throw new NotSupportedException ();
}
#endregion
}
}

324
mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs
View File

File diff suppressed because it is too large Load Diff

179
mcs/class/System/Mono.Net.Security/MobileTlsContext.cs
View File

@ -32,56 +32,49 @@ namespace Mono.Net.Security
{
abstract class MobileTlsContext : IDisposable
{
MobileAuthenticatedStream parent;
bool serverMode;
string targetHost;
string serverName;
SslProtocols enabledProtocols;
X509Certificate serverCertificate;
X509CertificateCollection clientCertificates;
bool askForClientCert;
ICertificateValidator2 certificateValidator;
public MobileTlsContext (
MobileAuthenticatedStream parent, bool serverMode, string targetHost,
SslProtocols enabledProtocols, X509Certificate serverCertificate,
X509CertificateCollection clientCertificates, bool askForClientCert)
protected MobileTlsContext (MobileAuthenticatedStream parent, MonoSslAuthenticationOptions options)
{
this.parent = parent;
this.serverMode = serverMode;
this.targetHost = targetHost;
this.enabledProtocols = enabledProtocols;
this.serverCertificate = serverCertificate;
this.clientCertificates = clientCertificates;
this.askForClientCert = askForClientCert;
Parent = parent;
Options = options;
IsServer = options.ServerMode;
EnabledProtocols = options.EnabledSslProtocols;
serverName = targetHost;
if (!string.IsNullOrEmpty (serverName)) {
var pos = serverName.IndexOf (':');
if (pos > 0)
serverName = serverName.Substring (0, pos);
if (options.ServerMode) {
LocalServerCertificate = options.ServerCertificate;
AskForClientCertificate = options.ClientCertificateRequired;
} else {
ClientCertificates = options.ClientCertificates;
TargetHost = options.TargetHost;
ServerName = options.TargetHost;
if (!string.IsNullOrEmpty (ServerName)) {
var pos = ServerName.IndexOf (':');
if (pos > 0)
ServerName = ServerName.Substring (0, pos);
}
}
certificateValidator = CertificateValidationHelper.GetInternalValidator (
parent.Settings, parent.Provider);
certificateValidator = (ICertificateValidator2)ChainValidationHelper.GetInternalValidator (
parent.SslStream, parent.Provider, parent.Settings);
}
internal MonoSslAuthenticationOptions Options {
get;
}
internal MobileAuthenticatedStream Parent {
get { return parent; }
get;
}
public MonoTlsSettings Settings {
get { return parent.Settings; }
}
public MonoTlsSettings Settings => Parent.Settings;
public MonoTlsProvider Provider {
get { return parent.Provider; }
}
public MonoTlsProvider Provider => Parent.Provider;
[SD.Conditional ("MONO_TLS_DEBUG")]
protected void Debug (string message, params object[] args)
{
parent.Debug ("{0}: {1}", GetType ().Name, string.Format (message, args));
Parent.Debug ("{0}: {1}", GetType ().Name, string.Format (message, args));
}
public abstract bool HasContext {
@ -93,44 +86,52 @@ namespace Mono.Net.Security
}
public bool IsServer {
get { return serverMode; }
get;
}
protected string TargetHost {
get { return targetHost; }
internal string TargetHost {
get;
}
protected string ServerName {
get { return serverName; }
get;
}
protected bool AskForClientCertificate {
get { return askForClientCert; }
get;
}
protected SslProtocols EnabledProtocols {
get { return enabledProtocols; }
get;
}
protected X509CertificateCollection ClientCertificates {
get { return clientCertificates; }
get;
}
protected void GetProtocolVersions (out TlsProtocolCode min, out TlsProtocolCode max)
{
if ((enabledProtocols & SslProtocols.Tls) != 0)
min = TlsProtocolCode.Tls10;
else if ((enabledProtocols & SslProtocols.Tls11) != 0)
min = TlsProtocolCode.Tls11;
else
min = TlsProtocolCode.Tls12;
internal bool AllowRenegotiation {
get { return false; }
}
if ((enabledProtocols & SslProtocols.Tls12) != 0)
max = TlsProtocolCode.Tls12;
else if ((enabledProtocols & SslProtocols.Tls11) != 0)
max = TlsProtocolCode.Tls11;
protected void GetProtocolVersions (out TlsProtocolCode? min, out TlsProtocolCode? max)
{
if ((EnabledProtocols & SslProtocols.Tls) != 0)
min = TlsProtocolCode.Tls10;
else if ((EnabledProtocols & SslProtocols.Tls11) != 0)
min = TlsProtocolCode.Tls11;
else if ((EnabledProtocols & SslProtocols.Tls12) != 0)
min = TlsProtocolCode.Tls12;
else
min = null;
if ((EnabledProtocols & SslProtocols.Tls12) != 0)
max = TlsProtocolCode.Tls12;
else if ((EnabledProtocols & SslProtocols.Tls11) != 0)
max = TlsProtocolCode.Tls11;
else if ((EnabledProtocols & SslProtocols.Tls) != 0)
max = TlsProtocolCode.Tls10;
else
max = null;
}
public abstract void StartHandshake ();
@ -144,7 +145,7 @@ namespace Mono.Net.Security
}
internal X509Certificate LocalServerCertificate {
get { return serverCertificate; }
get;
}
internal abstract bool IsRemoteCertificateAvailable {
@ -171,6 +172,8 @@ namespace Mono.Net.Security
public abstract void Shutdown ();
public abstract bool PendingRenegotiation ();
protected bool ValidateCertificate (X509Certificate leaf, X509Chain chain)
{
var result = certificateValidator.ValidateCertificate (TargetHost, IsServer, leaf, chain);
@ -183,24 +186,78 @@ namespace Mono.Net.Security
return result != null && result.Trusted && !result.UserDenied;
}
protected X509Certificate SelectClientCertificate (X509Certificate serverCertificate, string[] acceptableIssuers)
protected X509Certificate SelectClientCertificate (string[] acceptableIssuers)
{
if (Settings.DisallowUnauthenticatedCertificateRequest && !IsAuthenticated)
return null;
if (RemoteCertificate == null)
throw new TlsException (AlertDescription.InternalError, "Cannot request client certificate before receiving one from the server.");
/*
* We need to pass null to the user selection callback during the initial handshake, to allow the callback to distinguish
* between an authenticated and unauthenticated session.
*/
X509Certificate certificate;
var selected = certificateValidator.SelectClientCertificate (
TargetHost, ClientCertificates, serverCertificate, acceptableIssuers, out certificate);
TargetHost, ClientCertificates, IsAuthenticated ? RemoteCertificate : null, acceptableIssuers, out certificate);
if (selected)
return certificate;
if (clientCertificates == null || clientCertificates.Count == 0)
if (ClientCertificates == null || ClientCertificates.Count == 0)
return null;
if (clientCertificates.Count == 1)
return clientCertificates [0];
/*
* .NET actually scans the entire collection to ensure the selected certificate has a private key in it.
*
* However, since we do not support private key retrieval from the key store, we require all certificates
* to have a private key in them (explicitly or implicitly via OS X keychain lookup).
*/
if (acceptableIssuers == null || acceptableIssuers.Length == 0)
return ClientCertificates [0];
// FIXME: select onne.
throw new NotImplementedException ();
// Copied from the referencesource implementation in referencesource/System/net/System/Net/_SecureChannel.cs.
for (int i = 0; i < ClientCertificates.Count; i++) {
var certificate2 = ClientCertificates[i] as X509Certificate2;
if (certificate2 == null)
continue;
X509Chain chain = null;
try {
chain = new X509Chain ();
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.IgnoreInvalidName;
chain.Build (certificate2);
//
// We ignore any errors happened with chain.
// Consider: try to locate the "best" client cert that has no errors and the lognest validity internal
//
if (chain.ChainElements.Count == 0)
continue;
for (int ii=0; ii< chain.ChainElements.Count; ++ii) {
var issuer = chain.ChainElements[ii].Certificate.Issuer;
if (Array.IndexOf (acceptableIssuers, issuer) != -1)
return certificate2;
}
} catch {
; // ignore errors
} finally {
if (chain != null)
chain.Reset ();
}
}
// No certificate matches.
return null;
}
public abstract bool CanRenegotiate {
get;
}
public abstract void Renegotiate ();
public void Dispose ()
{
Dispose (true);

87
mcs/class/System/Mono.Net.Security/MonoSslAuthenticationOptions.cs Normal file
View File

@ -0,0 +1,87 @@
//
// MonoSslAuthenticationOptions.cs
//
// Author:
// Martin Baulig <mabaul@microsoft.com>
//
// Copyright (c) 2018 Xamarin Inc. (http://www.xamarin.com)
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
#if SECURITY_DEP
#if MONO_SECURITY_ALIAS
extern alias MonoSecurity;
#endif
#if MONO_SECURITY_ALIAS
using MonoSecurity::Mono.Security.Interface;
#else
using Mono.Security.Interface;
#endif
#endif
using System;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Security.Authentication;
namespace Mono.Net.Security
{
abstract class MonoSslAuthenticationOptions : IMonoAuthenticationOptions
{
public abstract bool ServerMode {
get;
}
public abstract bool AllowRenegotiation {
get; set;
}
public abstract RemoteCertificateValidationCallback RemoteCertificateValidationCallback { get; set; }
public abstract SslProtocols EnabledSslProtocols {
get; set;
}
public abstract EncryptionPolicy EncryptionPolicy {
get; set;
}
public abstract X509RevocationMode CertificateRevocationCheckMode {
get; set;
}
public abstract string TargetHost {
get; set;
}
public abstract X509Certificate ServerCertificate {
get; set;
}
public abstract X509CertificateCollection ClientCertificates {
get; set;
}
public abstract bool ClientCertificateRequired {
get; set;
}
}
}

116
mcs/class/System/Mono.Net.Security/MonoSslClientAuthenticationOptions.cs Normal file
View File

@ -0,0 +1,116 @@
//
// MonoSslClientAuthenticationOptions.cs
//
// Author:
// Martin Baulig <mabaul@microsoft.com>
//
// Copyright (c) 2018 Xamarin Inc. (http://www.xamarin.com)
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
#if SECURITY_DEP
#if MONO_SECURITY_ALIAS
extern alias MonoSecurity;
#endif
#if MONO_SECURITY_ALIAS
using MonoSecurity::Mono.Security.Interface;
#else
using Mono.Security.Interface;
#endif
#endif
using System;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Security.Authentication;
namespace Mono.Net.Security
{
sealed class MonoSslClientAuthenticationOptions : MonoSslAuthenticationOptions, IMonoSslClientAuthenticationOptions
{
public SslClientAuthenticationOptions Options {
get;
}
public override bool ServerMode => false;
public MonoSslClientAuthenticationOptions (SslClientAuthenticationOptions options)
{
Options = options;
}
public MonoSslClientAuthenticationOptions ()
{
Options = new SslClientAuthenticationOptions ();
}
public override bool AllowRenegotiation {
get => Options.AllowRenegotiation;
set => Options.AllowRenegotiation = value;
}
public override RemoteCertificateValidationCallback RemoteCertificateValidationCallback {
get => Options.RemoteCertificateValidationCallback;
set => Options.RemoteCertificateValidationCallback = value;
}
public override X509RevocationMode CertificateRevocationCheckMode {
get => Options.CertificateRevocationCheckMode;
set => Options.CertificateRevocationCheckMode = value;
}
public override EncryptionPolicy EncryptionPolicy {
get => Options.EncryptionPolicy;
set => Options.EncryptionPolicy = value;
}
public override SslProtocols EnabledSslProtocols {
get => Options.EnabledSslProtocols;
set => Options.EnabledSslProtocols = value;
}
public LocalCertificateSelectionCallback LocalCertificateSelectionCallback {
get => Options.LocalCertificateSelectionCallback;
set => Options.LocalCertificateSelectionCallback = value;
}
public override string TargetHost {
get => Options.TargetHost;
set => Options.TargetHost = value;
}
public override bool ClientCertificateRequired {
get => throw new NotSupportedException ();
set => throw new NotSupportedException ();
}
public override X509CertificateCollection ClientCertificates {
get => Options.ClientCertificates;
set => Options.ClientCertificates = value;
}
public override X509Certificate ServerCertificate {
get => throw new NotSupportedException ();
set => throw new NotSupportedException ();
}
}
}

121
mcs/class/System/Mono.Net.Security/MonoSslServerAuthenticationOptions.cs Normal file
View File

@ -0,0 +1,121 @@
//
// MonoSslServerAuthenticationOptions.cs
//
// Author:
// Martin Baulig <mabaul@microsoft.com>
//
// Copyright (c) 2018 Xamarin Inc. (http://www.xamarin.com)
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
#if SECURITY_DEP
#if MONO_SECURITY_ALIAS
extern alias MonoSecurity;
#endif
#if MONO_SECURITY_ALIAS
using MonoSecurity::Mono.Security.Interface;
#else
using Mono.Security.Interface;
#endif
#endif
using System;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Security.Authentication;
namespace Mono.Net.Security
{
sealed class MonoSslServerAuthenticationOptions : MonoSslAuthenticationOptions, IMonoSslServerAuthenticationOptions
{
public SslServerAuthenticationOptions Options {
get;
}
public override bool ServerMode => true;
public MonoSslServerAuthenticationOptions (SslServerAuthenticationOptions options)
{
Options = options;
}
public MonoSslServerAuthenticationOptions ()
{
Options = new SslServerAuthenticationOptions ();
}
public override bool AllowRenegotiation {
get => Options.AllowRenegotiation;
set => Options.AllowRenegotiation = value;
}
public override RemoteCertificateValidationCallback RemoteCertificateValidationCallback {
get => Options.RemoteCertificateValidationCallback;
set => Options.RemoteCertificateValidationCallback = value;
}
public override X509RevocationMode CertificateRevocationCheckMode {
get => Options.CertificateRevocationCheckMode;
set => Options.CertificateRevocationCheckMode = value;
}
public override EncryptionPolicy EncryptionPolicy {
get => Options.EncryptionPolicy;
set => Options.EncryptionPolicy = value;
}
public override SslProtocols EnabledSslProtocols {
get => Options.EnabledSslProtocols;
set => Options.EnabledSslProtocols = value;
}
public override bool ClientCertificateRequired {
get => Options.ClientCertificateRequired;
set => Options.ClientCertificateRequired = value;
}
public ServerCertificateSelectionCallback ServerCertificateSelectionCallback {
get => Options.ServerCertificateSelectionCallback;
set => Options.ServerCertificateSelectionCallback = value;
}
MonoServerCertificateSelectionCallback IMonoSslServerAuthenticationOptions.ServerCertificateSelectionCallback {
get => Private.CallbackHelpers.PublicToMono (ServerCertificateSelectionCallback);
set => ServerCertificateSelectionCallback = Private.CallbackHelpers.MonoToPublic (value);
}
public override string TargetHost {
get => throw new NotSupportedException ();
set => throw new NotSupportedException ();
}
public override X509Certificate ServerCertificate {
get => Options.ServerCertificate;
set => Options.ServerCertificate = value;
}
public override X509CertificateCollection ClientCertificates {
get => throw new NotSupportedException ();
set => throw new NotSupportedException ();
}
}
}

9
mcs/class/System/Mono.Net.Security/NoReflectionHelper.cs
View File

@ -47,15 +47,6 @@ namespace Mono.Net.Security
//
internal static class NoReflectionHelper
{
internal static object GetInternalValidator (object provider, object settings)
{
#if SECURITY_DEP
return ChainValidationHelper.GetInternalValidator ((MSI.MonoTlsProvider)provider, (MSI.MonoTlsSettings)settings);
#else
throw new NotSupportedException ();
#endif
}
internal static object GetDefaultValidator (object settings)
{
#if SECURITY_DEP