Imported Upstream version 4.4.0.122

Former-commit-id: a99f46acaeba3ab496c7afc02c29b839e30a0d0b

mcs/class/Mono.Security/Mono.Security.Interface/CertificateValidationHelper.cs

@@ -95,6 +95,14 @@ namespace Mono.Security.Interface
 		 * If @serverMode is true, then we're a server and want to validate a certificate that we received from a client.
 		 */
 		ValidationResult ValidateCertificate (string targetHost, bool serverMode, X509CertificateCollection certificates);
+	}
+
+	internal interface ICertificateValidator2 : ICertificateValidator
+	{
+		/*
+		 * Internal use only.
+		 */
+		ValidationResult ValidateCertificate (string targetHost, bool serverMode, X509Certificate leaf, X509Chain chain);
 
 		/*
 		 * On OS X and Mobile, the @chain will be initialized with the @certificates, but not actually built.
@@ -137,25 +145,20 @@ namespace Mono.Security.Interface
 			get { return supportsTrustAnchors; }
 		}
 
-		static ICertificateValidator GetDefaultValidator (MonoTlsProvider provider, MonoTlsSettings settings)
-		{
-			return (ICertificateValidator)NoReflectionHelper.GetDefaultCertificateValidator (provider, settings);
-		}
-
 		/*
 		 * Internal API, intended to be used by MonoTlsProvider implementations.
 		 */
-		public static ICertificateValidator GetValidator (MonoTlsProvider provider, MonoTlsSettings settings)
+		internal static ICertificateValidator2 GetDefaultValidator (MonoTlsSettings settings, MonoTlsProvider provider)
 		{
-			return GetDefaultValidator (provider, settings);
+			return (ICertificateValidator2)NoReflectionHelper.GetDefaultCertificateValidator (provider, settings);
 		}
 
 		/*
 		 * Use this overloaded version in user code.
 		 */
-		public static ICertificateValidator GetValidator (MonoTlsSettings settings)
+		public static ICertificateValidator GetValidator (MonoTlsSettings settings, MonoTlsProvider provider = null)
 		{
-			return GetDefaultValidator (null, settings);
+			return GetDefaultValidator (settings, provider);
 		}
 	}
 }

mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsProvider.cs

@@ -124,12 +124,32 @@ namespace Mono.Security.Interface
 
 #endregion
 
+#region Native Certificate Implementation
+
+		internal virtual bool HasNativeCertificates {
+			get { return false; }
+		}
+
+		internal virtual X509Certificate2Impl GetNativeCertificate (
+			byte[] data, string password, X509KeyStorageFlags flags)
+		{
+			throw new InvalidOperationException ();
+		}
+
+		internal virtual X509Certificate2Impl GetNativeCertificate (
+			X509Certificate certificate)
+		{
+			throw new InvalidOperationException ();
+		}
+
+#endregion
+
 #region Certificate Validation
 
 		/*
 		 * Allows a TLS provider to provide a custom system certificiate validator.
 		 */
-		public virtual bool HasCustomSystemCertificateValidator {
+		internal virtual bool HasCustomSystemCertificateValidator {
 			get { return false; }
 		}
 
@@ -142,13 +162,12 @@ namespace Mono.Security.Interface
 		 * Returns `true` if certificate validation has been performed and `false` to invoke the
 		 * default system validator.
 		 */
-		public virtual bool InvokeSystemCertificateValidator (
-			ICertificateValidator validator, string targetHost, bool serverMode,
-			X509CertificateCollection certificates, X509Chain chain, out bool success,
-			ref MonoSslPolicyErrors errors, ref int status11)
+		internal virtual bool InvokeSystemCertificateValidator (
+			ICertificateValidator2 validator, string targetHost, bool serverMode,
+			X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain,
+			out bool success, ref MonoSslPolicyErrors errors, ref int status11)
 		{
-			success = false;
-			return false;
+			throw new InvalidOperationException ();
 		}
 
 #endregion