Imported Upstream version 4.8.0.309

Former-commit-id: 5f9c6ae75f295e057a7d2971f3a6df4656fa8850

mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs

@@ -44,8 +44,6 @@ using Mono.Security.Interface;
 using MSX = Mono.Security.X509;
 using Mono.Security.X509.Extensions;
 #endif
-using XX509CertificateCollection = System.Security.Cryptography.X509Certificates.X509CertificateCollection;
-using XX509Chain = System.Security.Cryptography.X509Certificates.X509Chain;
 
 using System;
 using System.Net;
@@ -77,7 +75,7 @@ namespace Mono.Net.Security
 		readonly MonoTlsStream tlsStream;
 		readonly HttpWebRequest request;
 
-		internal static ICertificateValidator GetDefaultValidator (MonoTlsProvider provider, MonoTlsSettings settings)
+		internal static ICertificateValidator GetInternalValidator (MonoTlsProvider provider, MonoTlsSettings settings)
 		{
 			if (settings == null)
 				return new ChainValidationHelper (provider, null, false, null, null);
@@ -86,6 +84,16 @@ namespace Mono.Net.Security
 			return new ChainValidationHelper (provider, settings, false, null, null);
 		}
 
+		internal static ICertificateValidator GetDefaultValidator (MonoTlsSettings settings)
+		{
+			var provider = MonoTlsProviderFactory.GetProvider ();
+			if (settings == null)
+				return new ChainValidationHelper (provider, null, false, null, null);
+			if (settings.CertificateValidator != null)
+				throw new NotSupportedException ();
+			return new ChainValidationHelper (provider, settings, false, null, null);
+		}
+
 #region SslStream support
 
 		/*
@@ -138,6 +146,8 @@ namespace Mono.Net.Security
 				settings = MonoTlsSettings.CopyDefaultSettings ();
 			if (cloneSettings)
 				settings = settings.CloneWithValidator (this);
+			if (provider == null)
+				provider = MonoTlsProviderFactory.GetProvider ();
 
 			this.provider = provider;
 			this.settings = settings;
@@ -172,7 +182,7 @@ namespace Mono.Net.Security
 				certValidationCallback = ServicePointManager.ServerCertValidationCallback;
 		}
 
-		static X509Certificate DefaultSelectionCallback (string targetHost, XX509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers)
+		static X509Certificate DefaultSelectionCallback (string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers)
 		{
 			X509Certificate clientCertificate;
 			if (localCertificates == null || localCertificates.Count == 0)
@@ -195,7 +205,7 @@ namespace Mono.Net.Security
 		}
 
 		public bool SelectClientCertificate (
-			string targetHost, XX509CertificateCollection localCertificates, X509Certificate remoteCertificate,
+			string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate,
 			string[] acceptableIssuers, out X509Certificate clientCertificate)
 		{
 			if (certSelectionCallback == null) {
@@ -207,7 +217,7 @@ namespace Mono.Net.Security
 		}
 
 		internal X509Certificate SelectClientCertificate (
-			string targetHost, XX509CertificateCollection localCertificates, X509Certificate remoteCertificate,
+			string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate,
 			string[] acceptableIssuers)
 		{
 			if (certSelectionCallback == null)
@@ -217,7 +227,7 @@ namespace Mono.Net.Security
 
 		internal bool ValidateClientCertificate (X509Certificate certificate, MonoSslPolicyErrors errors)
 		{
-			var certs = new XX509CertificateCollection ();
+			var certs = new X509CertificateCollection ();
 			certs.Add (new X509Certificate2 (certificate.GetRawCertData ()));
 
 			var result = ValidateChain (string.Empty, true, certificate, null, certs, (SslPolicyErrors)errors);
@@ -227,7 +237,7 @@ namespace Mono.Net.Security
 			return result.Trusted && !result.UserDenied;
 		}
 
-		public ValidationResult ValidateCertificate (string host, bool serverMode, XX509CertificateCollection certs)
+		public ValidationResult ValidateCertificate (string host, bool serverMode, X509CertificateCollection certs)
 		{
 			try {
 				X509Certificate leaf;
@@ -246,10 +256,9 @@ namespace Mono.Net.Security
 			}
 		}
 
-		public ValidationResult ValidateCertificate (string host, bool serverMode, X509Certificate leaf, XX509Chain xchain)
+		public ValidationResult ValidateCertificate (string host, bool serverMode, X509Certificate leaf, X509Chain chain)
 		{
 			try {
-				var chain = xchain;
 				var result = ValidateChain (host, serverMode, leaf, chain, null, 0);
 				if (tlsStream != null)
 					tlsStream.CertificateValidationFailed = result == null || !result.Trusted || result.UserDenied;
@@ -262,7 +271,7 @@ namespace Mono.Net.Security
 		}
 
 		ValidationResult ValidateChain (string host, bool server, X509Certificate leaf,
-		                                X509Chain chain, XX509CertificateCollection certs,
+		                                X509Chain chain, X509CertificateCollection certs,
 		                                SslPolicyErrors errors)
 		{
 			var oldChain = chain;
@@ -281,7 +290,7 @@ namespace Mono.Net.Security
 		}
 
 		ValidationResult ValidateChain (string host, bool server, X509Certificate leaf,
-		                                ref X509Chain chain, XX509CertificateCollection certs,
+		                                ref X509Chain chain, X509CertificateCollection certs,
 		                                SslPolicyErrors errors)
 		{
 			// user_denied is true if the user callback is called and returns false
@@ -322,28 +331,19 @@ namespace Mono.Net.Security
 					wantsChain = true;
 			}
 
-			bool providerValidated = false;
-			if (provider != null && provider.HasCustomSystemCertificateValidator) {
-				var xerrors = (MonoSslPolicyErrors)errors;
-				var xchain = chain;
-				providerValidated = provider.InvokeSystemCertificateValidator (this, host, server, certs, wantsChain, ref xchain, out result, ref xerrors, ref status11);
-				chain = xchain;
-				errors = (SslPolicyErrors)xerrors;
-			} else if (wantsChain) {
-				chain = SystemCertificateValidator.CreateX509Chain (certs);
-			}
+			var xerrors = (MonoSslPolicyErrors)errors;
+			result = provider.ValidateCertificate (this, host, server, certs, wantsChain, ref chain, ref xerrors, ref status11);
+			errors = (SslPolicyErrors)xerrors;
 
-			if (!providerValidated)
-				result = SystemCertificateValidator.Evaluate (settings, host, certs, chain, ref errors, ref status11);
+			if (status11 == 0 && errors != 0) {
+				// TRUST_E_FAIL
+				status11 = unchecked ((int)0x800B010B);
+			}
 
 			if (policy != null && (!(policy is DefaultCertificatePolicy) || certValidationCallback == null)) {
 				ServicePoint sp = null;
 				if (request != null)
 					sp = request.ServicePointNoLock;
-				if (status11 == 0 && errors != 0) {
-					// TRUST_E_FAIL
-					status11 = unchecked ((int)0x800B010B);
-				}
 
 				// pre 2.0 callback
 				result = policy.CheckValidationResult (sp, leaf, request, status11);
@@ -360,9 +360,8 @@ namespace Mono.Net.Security
 			return new ValidationResult (result, user_denied, status11, (MonoSslPolicyErrors)errors);
 		}
 
-		public bool InvokeSystemValidator (string targetHost, bool serverMode, XX509CertificateCollection certificates, XX509Chain xchain, ref MonoSslPolicyErrors xerrors, ref int status11)
+		bool InvokeSystemValidator (string targetHost, bool serverMode, X509CertificateCollection certificates, X509Chain chain, ref MonoSslPolicyErrors xerrors, ref int status11)
 		{
-			X509Chain chain = xchain;
 			var errors = (SslPolicyErrors)xerrors;
 			var result = SystemCertificateValidator.Evaluate (settings, targetHost, certificates, chain, ref errors, ref status11);
 			xerrors = (MonoSslPolicyErrors)errors;

mcs/class/System/Mono.Net.Security/IMonoTlsProvider.cs

@@ -34,7 +34,6 @@ using MonoSecurity::Mono.Security.Interface;
 #else
 using Mono.Security.Interface;
 #endif
-using XX509CertificateCollection = System.Security.Cryptography.X509Certificates.X509CertificateCollection;
 #endif
 
 using System;
@@ -70,12 +69,6 @@ namespace Mono.Net.Security
 		IMonoSslStream CreateSslStream (
 			Stream innerStream, bool leaveInnerStreamOpen,
 			MonoTlsSettings settings);
-
-		IMonoTlsContext CreateTlsContext (
-			string hostname, bool serverMode, TlsProtocols protocolFlags,
-			X509Certificate serverCertificate, XX509CertificateCollection clientCertificates,
-			bool remoteCertRequired, bool checkCertName, bool checkCertRevocationStatus,
-			MonoEncryptionPolicy encryptionPolicy, MonoTlsSettings settings);
 #endif
 	}
 }

mcs/class/System/Mono.Net.Security/LegacySslStream.cs

@@ -91,7 +91,7 @@ namespace Mono.Net.Security.Private
 			: base (innerStream, leaveInnerStreamOpen)
 		{
 			this.provider = provider;
-			certificateValidator = ChainValidationHelper.GetDefaultValidator (provider, settings);
+			certificateValidator = ChainValidationHelper.GetInternalValidator (provider, settings);
 		}
 		#endregion // Constructors
 

mcs/class/System/Mono.Net.Security/LegacyTlsProvider.cs

@@ -1,5 +1,5 @@
 //
-// MonoLegacyTlsProvider.cs
+// LegacyTlsProvider.cs
 //
 // Author:
 //       Martin Baulig <martin.baulig@xamarin.com>
@@ -28,14 +28,10 @@
 extern alias MonoSecurity;
 #endif
 
-using XHttpWebRequest = System.Net.HttpWebRequest;
-using XSslProtocols = System.Security.Authentication.SslProtocols;
-using XX509CertificateCollection = System.Security.Cryptography.X509Certificates.X509CertificateCollection;
-
 #if MONO_SECURITY_ALIAS
-using MonoSecurity::Mono.Security.Interface;
+using MSI = MonoSecurity::Mono.Security.Interface;
 #else
-using Mono.Security.Interface;
+using MSI = Mono.Security.Interface;
 #endif
 
 using System;
@@ -43,13 +39,14 @@ using System.IO;
 using System.Net;
 using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
+using System.Security.Authentication;
 
-namespace Mono.Net.Security.Private
+namespace Mono.Net.Security
 {
 	/*
 	 * Strictly private - do not use outside the Mono.Net.Security directory.
 	 */
-	class MonoLegacyTlsProvider : MonoTlsProviderImpl
+	class LegacyTlsProvider : MSI.MonoTlsProvider
 	{
 		static readonly Guid id = new Guid ("809e77d5-56cc-4da8-b9f0-45e65ba9cceb");
 
@@ -61,10 +58,6 @@ namespace Mono.Net.Security.Private
 			get { return "legacy"; }
 		}
 
-		public MonoTlsProvider Provider {
-			get { return this; }
-		}
-
 		public override bool SupportsSslStream {
 			get { return true; }
 		}
@@ -77,28 +70,29 @@ namespace Mono.Net.Security.Private
 			get { return false; }
 		}
 
-		internal override bool SupportsTlsContext {
-			get { return false; }
+		public override SslProtocols SupportedProtocols {
+			get { return SslProtocols.Tls; }
 		}
 
-		public override XSslProtocols SupportedProtocols {
-			get { return XSslProtocols.Ssl3 | XSslProtocols.Tls; }
-		}
-
-		protected override IMonoSslStream CreateSslStreamImpl (
+		public override MSI.IMonoSslStream CreateSslStream (
 			Stream innerStream, bool leaveInnerStreamOpen,
-			MonoTlsSettings settings)
+			MSI.MonoTlsSettings settings = null)
 		{
-			return new LegacySslStream (innerStream, leaveInnerStreamOpen, this, settings);
+			var impl = new Private.LegacySslStream (innerStream, leaveInnerStreamOpen, this, settings);
+			return new Private.MonoSslStreamImpl (impl);
 		}
 
-		protected override IMonoTlsContext CreateTlsContextImpl (
-			string hostname, bool serverMode, TlsProtocols protocolFlags,
-			X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
-			bool remoteCertRequired, MonoEncryptionPolicy encryptionPolicy,
-			MonoTlsSettings settings)
+		internal override bool ValidateCertificate (
+			MSI.ICertificateValidator2 validator, string targetHost, bool serverMode,
+			X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain,
+			ref MSI.MonoSslPolicyErrors errors, ref int status11)
 		{
-			throw new NotSupportedException ();
+			if (wantsChain)
+				chain = SystemCertificateValidator.CreateX509Chain (certificates);
+			var xerrors = (SslPolicyErrors)errors;
+			var result = SystemCertificateValidator.Evaluate (validator.Settings, targetHost, certificates, chain, ref xerrors, ref status11);
+			errors = (MSI.MonoSslPolicyErrors)xerrors;
+			return result;
 		}
 	}
 }

mcs/class/System/Mono.Net.Security/MobileTlsContext.cs

@@ -54,7 +54,7 @@ namespace Mono.Net.Security
 			this.clientCertificates = clientCertificates;
 			this.askForClientCert = askForClientCert;
 
-			certificateValidator = CertificateValidationHelper.GetDefaultValidator (
+			certificateValidator = CertificateValidationHelper.GetInternalValidator (
 				parent.Settings, parent.Provider);
 		}
 
@@ -159,30 +159,35 @@ namespace Mono.Net.Security
 
 		public abstract void Close ();
 
-		protected ValidationResult ValidateCertificate (X509Certificate leaf, X509Chain chain)
+		protected bool ValidateCertificate (X509Certificate leaf, X509Chain chain)
 		{
-			return certificateValidator.ValidateCertificate (
-				targetHost, serverMode, leaf, chain);
+			var result = certificateValidator.ValidateCertificate (TargetHost, IsServer, leaf, chain);
+			return result != null && result.Trusted && !result.UserDenied;
 		}
 
-		protected X509Certificate SelectClientCertificate (string[] acceptableIssuers)
-                {
-                        X509Certificate certificate;
-                        var selected = certificateValidator.SelectClientCertificate (
-				targetHost, clientCertificates, serverCertificate,
-				null, out certificate);
-                        if (selected)
-                                return certificate;
+		protected bool ValidateCertificate (X509CertificateCollection certificates)
+		{
+			var result = certificateValidator.ValidateCertificate (TargetHost, IsServer, certificates);
+			return result != null && result.Trusted && !result.UserDenied;
+		}
 
-                        if (clientCertificates == null || clientCertificates.Count == 0)
-                                return null;
+		protected X509Certificate SelectClientCertificate (X509Certificate serverCertificate, string[] acceptableIssuers)
+		{
+			X509Certificate certificate;
+			var selected = certificateValidator.SelectClientCertificate (
+				TargetHost, ClientCertificates, serverCertificate, acceptableIssuers, out certificate);
+			if (selected)
+				return certificate;
 
-                        if (clientCertificates.Count == 1)
-                                return clientCertificates [0];
+			if (clientCertificates == null || clientCertificates.Count == 0)
+				return null;
 
-                        // FIXME: select one.
-                        throw new NotImplementedException ();
-                }
+			if (clientCertificates.Count == 1)
+				return clientCertificates [0];
+
+			// FIXME: select onne.
+			throw new NotImplementedException ();
+		}
 
 		public void Dispose ()
 		{

mcs/class/System/Mono.Net.Security/MonoTlsProviderFactory.Droid.cs

@@ -2,7 +2,7 @@
 #if SECURITY_DEP
 using System;
 using MSI = Mono.Security.Interface;
-#if HAVE_BTLS
+#if MONO_FEATURE_BTLS
 using Mono.Btls;
 #endif
 
@@ -18,14 +18,12 @@ namespace Mono.Net.Security
 			case null:
 			case "default":
 			case "legacy":
-				return new Private.MonoLegacyTlsProvider ();
+				return new LegacyTlsProvider ();
+#if MONO_FEATURE_BTLS
 			case "btls":
-#if HAVE_BTLS
-				if (!MonoBtlsProvider.IsSupported ())
+				if (!IsBtlsSupported ())
 					throw new NotSupportedException ("BTLS in not supported!");
 				return new MonoBtlsProvider ();
-#else
-				throw new NotSupportedException ("BTLS in not supported!");
 #endif
 			default:
 				throw new NotSupportedException (string.Format ("Invalid TLS Provider: `{0}'.", provider));

mcs/class/System/Mono.Net.Security/MonoTlsProviderFactory.cs

@@ -39,6 +39,7 @@ using System.Security.Cryptography.X509Certificates;
 using System;
 using System.Net;
 using System.Collections.Generic;
+using System.Runtime.CompilerServices;
 
 #if !MOBILE
 using System.Reflection;
@@ -64,74 +65,61 @@ namespace Mono.Net.Security
 
 		internal static IMonoTlsProvider GetProviderInternal ()
 		{
+			#if SECURITY_DEP
 			lock (locker) {
-				if (currentProvider != null)
-					return currentProvider;
-
-				try {
-					defaultProvider = GetDefaultProviderInternal ();
-				} catch (Exception ex) {
-					throw new NotSupportedException ("TLS Support not available.", ex);
-				}
-
-				if (defaultProvider == null)
-					throw new NotSupportedException ("TLS Support not available.");
-
-				currentProvider = defaultProvider;
-				return currentProvider;
-			}
-		}
-
-		internal static IMonoTlsProvider GetDefaultProviderInternal ()
-		{
-			lock (locker) {
-				if (defaultProvider != null)
-					return defaultProvider;
-
-				try {
-					defaultProvider = CreateDefaultProvider ();
-				} catch (Exception ex) {
-					throw new NotSupportedException ("TLS Support not available.", ex);
-				}
-
-				if (defaultProvider == null)
-					throw new NotSupportedException ("TLS Support not available.");
-
+				InitializeInternal ();
 				return defaultProvider;
 			}
+			#else
+			throw new NotSupportedException ("TLS Support not available.");
+			#endif
 		}
 
-		static IMonoTlsProvider CreateDefaultProvider ()
-		{
 #if SECURITY_DEP
-			MSI.MonoTlsProvider provider = null;
-#if MONO_FEATURE_NEW_SYSTEM_SOURCE
-			/*
-			 * This is a hack, which is used in the Mono.Security.Providers.NewSystemSource
-			 * assembly, which will provide a "fake" System.dll.  Use the public Mono.Security
-			 * API to get the "real" System.dll's provider via reflection, then wrap it with
-			 * the "fake" version's perceived view.
-			 *
-			 * NewSystemSource needs to compile MonoTlsProviderFactory.cs, IMonoTlsProvider.cs,
-			 * MonoTlsProviderWrapper.cs and CallbackHelpers.cs from this directory and only these.
-			 */
-			provider = MSI.MonoTlsProviderFactory.GetProvider ();
-#else
-			provider = CreateDefaultProviderImpl ();
-#endif
-			if (provider != null)
-				return new Private.MonoTlsProviderWrapper (provider);
-#endif
-			return null;
+		internal static void InitializeInternal ()
+		{
+			lock (locker) {
+				if (initialized)
+					return;
+
+				MSI.MonoTlsProvider provider;
+				try {
+					provider = CreateDefaultProviderImpl ();
+				} catch (Exception ex) {
+					throw new NotSupportedException ("TLS Support not available.", ex);
+				}
+
+				if (provider == null)
+					throw new NotSupportedException ("TLS Support not available.");
+
+				defaultProvider = new Private.MonoTlsProviderWrapper (provider);
+				initialized = true;
+			}
 		}
 
+		internal static void InitializeInternal (string provider) 
+		{
+			lock (locker) {
+				if (initialized)
+					throw new NotSupportedException ("TLS Subsystem already initialized.");
+
+				var msiProvider = LookupProvider (provider, true);
+				defaultProvider = new Private.MonoTlsProviderWrapper (msiProvider);
+				initialized = true;
+			}
+		}
+
+		[MethodImpl (MethodImplOptions.InternalCall)]
+		internal extern static bool IsBtlsSupported ();
+#endif
+
 		static object locker = new object ();
+		static bool initialized;
 		static IMonoTlsProvider defaultProvider;
-		static IMonoTlsProvider currentProvider;
 
 		#endregion
 
-#if SECURITY_DEP && !MONO_FEATURE_NEW_SYSTEM_SOURCE
+#if SECURITY_DEP
 
 		static Dictionary<string,string> providerRegistration;
 
@@ -171,13 +159,10 @@ namespace Mono.Net.Security
 				if (providerRegistration != null)
 					return;
 				providerRegistration = new Dictionary<string,string> ();
-				providerRegistration.Add ("legacy", "Mono.Net.Security.Private.MonoLegacyTlsProvider");
-				providerRegistration.Add ("newtls", "Mono.Security.Providers.NewTls.NewTlsProvider, Mono.Security.Providers.NewTls, Version=4.0.0.0, Culture=neutral, PublicKeyToken=0738eb9f132ed756");
-				providerRegistration.Add ("oldtls", "Mono.Security.Providers.OldTls.OldTlsProvider, Mono.Security.Providers.OldTls, Version=4.0.0.0, Culture=neutral, PublicKeyToken=0738eb9f132ed756");
-#if HAVE_BTLS
-				if (Mono.Btls.MonoBtlsProvider.IsSupported ())
+				providerRegistration.Add ("legacy", "Mono.Net.Security.LegacyTlsProvider");
+				providerRegistration.Add ("default", "Mono.Net.Security.LegacyTlsProvider");
+				if (IsBtlsSupported ())
 					providerRegistration.Add ("btls", "Mono.Btls.MonoBtlsProvider");
-#endif
 				X509Helper2.Initialize ();
 			}
 		}
@@ -186,11 +171,8 @@ namespace Mono.Net.Security
 		static MSI.MonoTlsProvider TryDynamicLoad ()
 		{
 			var variable = Environment.GetEnvironmentVariable ("MONO_TLS_PROVIDER");
-			if (variable == null)
-				return null;
-
-			if (string.Equals (variable, "default", StringComparison.OrdinalIgnoreCase))
-				return null;
+			if (string.IsNullOrEmpty (variable))
+				variable = "default";
 
 			return LookupProvider (variable, true);
 		}
@@ -201,7 +183,7 @@ namespace Mono.Net.Security
 			if (provider != null)
 				return provider;
 
-			return new Private.MonoLegacyTlsProvider ();
+			return new LegacyTlsProvider ();
 		}
 #endif
 
@@ -222,13 +204,9 @@ namespace Mono.Net.Security
 			return provider.Provider;
 		}
 
-		internal static MSI.MonoTlsProvider GetDefaultProvider ()
+		internal static bool IsProviderSupported (string name)
 		{
-			var provider = GetDefaultProviderInternal ();
-			if (provider == null)
-				throw new NotSupportedException ("No TLS Provider available.");
-
-			return provider.Provider;
+			return LookupProvider (name, false) != null;
 		}
 
 		internal static MSI.MonoTlsProvider GetProvider (string name)
@@ -236,20 +214,30 @@ namespace Mono.Net.Security
 			return LookupProvider (name, false);
 		}
 
-		internal static bool HasProvider {
+		internal static bool IsInitialized {
 			get {
 				lock (locker) {
-					return currentProvider != null;
+					return initialized;
 				}
 			}
 		}
 
-		internal static void SetDefaultProvider (string name)
+		internal static void Initialize ()
 		{
-			lock (locker) {
-				var provider = LookupProvider (name, true);
-				currentProvider = new Private.MonoTlsProviderWrapper (provider);
-			}
+			#if SECURITY_DEP
+			InitializeInternal ();
+			#else
+			throw new NotSupportedException ("TLS Support not available.");
+			#endif
+		}
+
+		internal static void Initialize (string provider)
+		{
+			#if SECURITY_DEP
+			InitializeInternal (provider);
+			#else
+			throw new NotSupportedException ("TLS Support not available.");
+			#endif
 		}
 
 		internal static HttpWebRequest CreateHttpsRequest (Uri requestUri, MSI.MonoTlsProvider provider, MSI.MonoTlsSettings settings)

mcs/class/System/Mono.Net.Security/MonoTlsProviderImpl.cs

@@ -1,108 +0,0 @@
-//
-// MonoTlsProviderImpl.cs
-//
-// Author:
-//       Martin Baulig <martin.baulig@xamarin.com>
-//
-// Copyright (c) 2015 Xamarin, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-#if SECURITY_DEP
-
-#if MONO_SECURITY_ALIAS
-extern alias MonoSecurity;
-#endif
-
-#if MONO_SECURITY_ALIAS
-using MSI = MonoSecurity::Mono.Security.Interface;
-#else
-using MSI = Mono.Security.Interface;
-#endif
-
-using System;
-using System.IO;
-using System.Net;
-using System.Net.Security;
-using System.Security.Cryptography.X509Certificates;
-
-namespace Mono.Net.Security.Private
-{
-	/*
-	 * Strictly private - do not use outside the Mono.Net.Security directory.
-	 */
-	abstract class MonoTlsProviderImpl : MSI.MonoTlsProvider, IMonoTlsProvider
-	{
-		MSI.MonoTlsProvider IMonoTlsProvider.Provider {
-			get { return this; }
-		}
-
-		IMonoSslStream IMonoTlsProvider.CreateSslStream (
-			Stream innerStream, bool leaveInnerStreamOpen,
-			MSI.MonoTlsSettings settings)
-		{
-			return CreateSslStreamImpl (innerStream, leaveInnerStreamOpen, settings);
-		}
-
-		protected abstract IMonoSslStream CreateSslStreamImpl (
-			Stream innerStream, bool leaveInnerStreamOpen,
-			MSI.MonoTlsSettings settings);
-
-		public override MSI.IMonoSslStream CreateSslStream (
-			Stream innerStream, bool leaveInnerStreamOpen,
-			MSI.MonoTlsSettings settings = null)
-		{
-			var sslStream = CreateSslStreamImpl (innerStream, leaveInnerStreamOpen, settings);
-			return new MonoSslStreamImpl (sslStream);
-		}
-
-		MSI.IMonoTlsContext IMonoTlsProvider.CreateTlsContext (
-			string hostname, bool serverMode, MSI.TlsProtocols protocolFlags,
-			X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
-			bool remoteCertRequired, bool checkCertName, bool checkCertRevocationStatus,
-			MSI.MonoEncryptionPolicy encryptionPolicy, MSI.MonoTlsSettings settings)
-		{
-			return CreateTlsContextImpl (
-				hostname, serverMode, protocolFlags,
-				serverCertificate, clientCertificates,
-				remoteCertRequired, encryptionPolicy, settings);
-		}
-
-		protected abstract MSI.IMonoTlsContext CreateTlsContextImpl (
-			string hostname, bool serverMode, MSI.TlsProtocols protocolFlags,
-			X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
-			bool remoteCertRequired, MSI.MonoEncryptionPolicy encryptionPolicy,
-			MSI.MonoTlsSettings settings);
-
-		internal override MSI.IMonoTlsContext CreateTlsContext (
-			string hostname, bool serverMode, MSI.TlsProtocols protocolFlags,
-			X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
-			bool remoteCertRequired, MSI.MonoEncryptionPolicy encryptionPolicy,
-			MSI.MonoTlsSettings settings)
-		{
-			return CreateTlsContextImpl (
-				hostname, serverMode, (MSI.TlsProtocols)protocolFlags,
-				serverCertificate, clientCertificates,
-				remoteCertRequired, (MSI.MonoEncryptionPolicy)encryptionPolicy,
-				settings);
-		}
-	}
-}
-
-#endif

mcs/class/System/Mono.Net.Security/MonoTlsProviderWrapper.cs

@@ -73,19 +73,6 @@ namespace Mono.Net.Security.Private
 				return monoSslStreamImpl.Impl;
 			return new MonoSslStreamWrapper (sslStream);
 		}
-
-		public MSI.IMonoTlsContext CreateTlsContext (
-			string hostname, bool serverMode, MSI.TlsProtocols protocolFlags,
-			X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
-			bool remoteCertRequired, bool checkCertName, bool checkCertRevocationStatus,
-			MSI.MonoEncryptionPolicy encryptionPolicy, MSI.MonoTlsSettings settings)
-		{
-			return provider.CreateTlsContext (
-				hostname, serverMode, protocolFlags,
-				serverCertificate, clientCertificates,
-				remoteCertRequired, (MSI.MonoEncryptionPolicy)encryptionPolicy,
-				settings);
-		}
 	}
 }
 

mcs/class/System/Mono.Net.Security/MonoTlsStream.cs

@@ -34,7 +34,6 @@ using MonoSecurity::Mono.Security.Interface;
 #else
 using Mono.Security.Interface;
 #endif
-using XX509CertificateCollection = System.Security.Cryptography.X509Certificates.X509CertificateCollection;
 #endif
 
 using System;

mcs/class/System/Mono.Net.Security/NoReflectionHelper.cs

@@ -47,10 +47,19 @@ namespace Mono.Net.Security
 	//
 	internal static class NoReflectionHelper
 	{
-		internal static object GetDefaultCertificateValidator (object provider, object settings)
+		internal static object GetInternalValidator (object provider, object settings)
 		{
 			#if SECURITY_DEP
-			return ChainValidationHelper.GetDefaultValidator ((MSI.MonoTlsProvider)provider, (MSI.MonoTlsSettings)settings);
+			return ChainValidationHelper.GetInternalValidator ((MSI.MonoTlsProvider)provider, (MSI.MonoTlsSettings)settings);
+			#else
+			throw new NotSupportedException ();
+			#endif
+		}
+
+		internal static object GetDefaultValidator (object settings)
+		{
+			#if SECURITY_DEP
+			return ChainValidationHelper.GetDefaultValidator ((MSI.MonoTlsSettings)settings);
 			#else
 			throw new NotSupportedException ();
 			#endif
@@ -65,29 +74,29 @@ namespace Mono.Net.Security
 			#endif
 		}
 
-		internal static object GetDefaultProvider ()
-		{
-			#if SECURITY_DEP
-			return MonoTlsProviderFactory.GetDefaultProvider ();
-			#else
-			throw new NotSupportedException ();
-			#endif
-		}
-
-		internal static bool HasProvider {
+		internal static bool IsInitialized {
 			get {
 				#if SECURITY_DEP
-				return MonoTlsProviderFactory.HasProvider;
+				return MonoTlsProviderFactory.IsInitialized;
 				#else
 				throw new NotSupportedException ();
 				#endif
 			}
 		}
 
-		internal static void SetDefaultProvider (string name)
+		internal static void Initialize ()
 		{
 			#if SECURITY_DEP
-			MonoTlsProviderFactory.SetDefaultProvider (name);
+			MonoTlsProviderFactory.Initialize ();
+			#else
+			throw new NotSupportedException ();
+			#endif
+		}
+
+		internal static void Initialize (string provider)
+		{
+			#if SECURITY_DEP
+			MonoTlsProviderFactory.Initialize (provider);
 			#else
 			throw new NotSupportedException ();
 			#endif
@@ -120,6 +129,15 @@ namespace Mono.Net.Security
 			#endif
 		}
 
+		internal static bool IsProviderSupported (string name)
+		{
+			#if SECURITY_DEP
+			return MonoTlsProviderFactory.IsProviderSupported (name);
+			#else
+			throw new NotSupportedException ();
+			#endif
+		}
+
 		internal static object GetProvider (string name)
 		{
 			#if SECURITY_DEP

mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs

@@ -13,8 +13,6 @@ using Mono.Security.Interface;
 using MSX = Mono.Security.X509;
 using Mono.Security.X509.Extensions;
 #endif
-using XX509CertificateCollection = System.Security.Cryptography.X509Certificates.X509CertificateCollection;
-using XX509Chain = System.Security.Cryptography.X509Certificates.X509Chain;
 
 using System;
 using System.Net;
@@ -62,7 +60,7 @@ namespace Mono.Net.Security
 #endif
 		}
 
-		public static X509Chain CreateX509Chain (XX509CertificateCollection certs)
+		public static X509Chain CreateX509Chain (X509CertificateCollection certs)
 		{
 			var chain = new X509Chain ();
 			chain.ChainPolicy = new X509ChainPolicy ((X509CertificateCollection)(object)certs);
@@ -74,7 +72,7 @@ namespace Mono.Net.Security
 			return chain;
 		}
 
-		static bool BuildX509Chain (XX509CertificateCollection certs, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
+		static bool BuildX509Chain (X509CertificateCollection certs, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
 		{
 #if MOBILE
 			return false;
@@ -106,7 +104,7 @@ namespace Mono.Net.Security
 #endif
 		}
 
-		static bool CheckUsage (XX509CertificateCollection certs, string host, ref SslPolicyErrors errors, ref int status11)
+		static bool CheckUsage (X509CertificateCollection certs, string host, ref SslPolicyErrors errors, ref int status11)
 		{
 #if !MONOTOUCH
 			var leaf = certs[0] as X509Certificate2;
@@ -130,7 +128,7 @@ namespace Mono.Net.Security
 			return true;
 		}
 
-		static bool EvaluateSystem (XX509CertificateCollection certs, XX509CertificateCollection anchors, string host, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
+		static bool EvaluateSystem (X509CertificateCollection certs, X509CertificateCollection anchors, string host, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
 		{
 			var leaf = certs [0];
 			bool result;
@@ -191,7 +189,7 @@ namespace Mono.Net.Security
 		}
 
 		public static bool Evaluate (
-			MonoTlsSettings settings, string host, XX509CertificateCollection certs,
+			MonoTlsSettings settings, string host, X509CertificateCollection certs,
 			X509Chain chain, ref SslPolicyErrors errors, ref int status11)
 		{
 			if (!CheckUsage (certs, host, ref errors, ref status11))