5 // Martin Baulig <martin.baulig@xamarin.com>
7 // Copyright (c) 2015 Xamarin, Inc.
9 // Permission is hereby granted, free of charge, to any person obtaining a copy
10 // of this software and associated documentation files (the "Software"), to deal
11 // in the Software without restriction, including without limitation the rights
12 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
13 // copies of the Software, and to permit persons to whom the Software is
14 // furnished to do so, subject to the following conditions:
16 // The above copyright notice and this permission notice shall be included in
17 // all copies or substantial portions of the Software.
19 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
22 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
23 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
24 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 using System.Threading;
28 using System.Security.Cryptography.X509Certificates;
30 namespace Mono.Security.Interface
32 public sealed class MonoTlsSettings
34 public MonoRemoteCertificateValidationCallback RemoteCertificateValidationCallback {
38 public MonoLocalCertificateSelectionCallback ClientCertificateSelectionCallback {
42 public bool CheckCertificateName {
43 get { return checkCertName; }
44 set { checkCertName = value; }
47 public bool CheckCertificateRevocationStatus {
48 get { return checkCertRevocationStatus; }
49 set { checkCertRevocationStatus = value; }
52 public bool? UseServicePointManagerCallback {
53 get { return useServicePointManagerCallback; }
54 set { useServicePointManagerCallback = value; }
57 public bool SkipSystemValidators {
58 get { return skipSystemValidators; }
59 set { skipSystemValidators = value; }
62 public bool CallbackNeedsCertificateChain {
63 get { return callbackNeedsChain; }
64 set { callbackNeedsChain = value; }
68 * Use custom time for certificate expiration checks
70 public DateTime? CertificateValidationTime {
75 * This is only supported if CertificateValidationHelper.SupportsTrustAnchors is true.
77 public X509CertificateCollection TrustAnchors {
81 public object UserSettings {
85 internal string[] CertificateSearchPaths {
90 * If you set this here, then it will override 'ServicePointManager.SecurityProtocol'.
92 public TlsProtocols? EnabledProtocols {
96 [CLSCompliant (false)]
97 public CipherSuiteCode[] EnabledCiphers {
102 bool checkCertName = true;
103 bool checkCertRevocationStatus = false;
104 bool? useServicePointManagerCallback = null;
105 bool skipSystemValidators = false;
106 bool callbackNeedsChain = true;
107 ICertificateValidator certificateValidator;
109 public MonoTlsSettings ()
113 static MonoTlsSettings defaultSettings;
115 public static MonoTlsSettings DefaultSettings {
117 if (defaultSettings == null)
118 Interlocked.CompareExchange (ref defaultSettings, new MonoTlsSettings (), null);
119 return defaultSettings;
122 defaultSettings = value ?? new MonoTlsSettings ();
126 public static MonoTlsSettings CopyDefaultSettings ()
128 return DefaultSettings.Clone ();
134 * Private APIs - do not use!
136 * This is only public to avoid making our internals visible to System.dll.
140 [Obsolete ("Do not use outside System.dll!")]
141 public ICertificateValidator CertificateValidator {
142 get { return certificateValidator; }
145 [Obsolete ("Do not use outside System.dll!")]
146 public MonoTlsSettings CloneWithValidator (ICertificateValidator validator)
149 this.certificateValidator = validator;
153 var copy = new MonoTlsSettings (this);
154 copy.certificateValidator = validator;
158 public MonoTlsSettings Clone ()
160 return new MonoTlsSettings (this);
163 MonoTlsSettings (MonoTlsSettings other)
165 RemoteCertificateValidationCallback = other.RemoteCertificateValidationCallback;
166 ClientCertificateSelectionCallback = other.ClientCertificateSelectionCallback;
167 checkCertName = other.checkCertName;
168 checkCertRevocationStatus = other.checkCertRevocationStatus;
169 UseServicePointManagerCallback = other.useServicePointManagerCallback;
170 skipSystemValidators = other.skipSystemValidators;
171 callbackNeedsChain = other.callbackNeedsChain;
172 UserSettings = other.UserSettings;
173 EnabledProtocols = other.EnabledProtocols;
174 EnabledCiphers = other.EnabledCiphers;
175 CertificateValidationTime = other.CertificateValidationTime;
176 if (other.TrustAnchors != null)
177 TrustAnchors = new X509CertificateCollection (other.TrustAnchors);
178 if (other.CertificateSearchPaths != null) {
179 CertificateSearchPaths = new string [other.CertificateSearchPaths.Length];
180 other.CertificateSearchPaths.CopyTo (CertificateSearchPaths, 0);