2 // HttpsClientStream.cs: Glue between HttpWebRequest and SslClientStream to
3 // reduce reflection usage.
6 // Sebastien Pouliot <sebastien@ximian.com>
8 // Copyright (C) 2004-2007 Novell, Inc. (http://www.novell.com)
10 // Permission is hereby granted, free of charge, to any person obtaining
11 // a copy of this software and associated documentation files (the
12 // "Software"), to deal in the Software without restriction, including
13 // without limitation the rights to use, copy, modify, merge, publish,
14 // distribute, sublicense, and/or sell copies of the Software, and to
15 // permit persons to whom the Software is furnished to do so, subject to
16 // the following conditions:
18 // The above copyright notice and this permission notice shall be
19 // included in all copies or substantial portions of the Software.
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
33 using System.Security.Cryptography;
34 using System.Security.Cryptography.X509Certificates;
35 using SNS = System.Net.Security;
36 using SNCX = System.Security.Cryptography.X509Certificates;
38 namespace Mono.Security.Protocol.Tls {
40 // Note: DO NOT REUSE this class - instead use SslClientStream
42 internal class HttpsClientStream : SslClientStream {
44 private HttpWebRequest _request;
47 public HttpsClientStream (Stream stream, X509CertificateCollection clientCertificates,
48 HttpWebRequest request, byte [] buffer)
49 : base (stream, request.Address.Host, false, (Mono.Security.Protocol.Tls.SecurityProtocolType)
50 ServicePointManager.SecurityProtocol, clientCertificates)
52 // this constructor permit access to the WebRequest to call
53 // ICertificatePolicy.CheckValidationResult
57 InputBuffer.Write (buffer, 0, buffer.Length);
59 // also saved from reflection
60 base.CheckCertRevocationStatus = ServicePointManager.CheckCertificateRevocationList;
62 ClientCertSelection += delegate (X509CertificateCollection clientCerts, X509Certificate serverCertificate,
63 string targetHost, X509CertificateCollection serverRequestedCertificates) {
64 return ((clientCerts == null) || (clientCerts.Count == 0)) ? null : clientCerts [0];
66 PrivateKeySelection += delegate (X509Certificate certificate, string targetHost) {
67 X509Certificate2 cert = (certificate as X509Certificate2);
68 return (cert == null) ? null : cert.PrivateKey;
72 public bool TrustFailure {
75 case -2146762486: // CERT_E_CHAINING 0x800B010A
76 case -2146762487: // CERT_E_UNTRUSTEDROOT 0x800B0109
84 internal override bool RaiseServerCertificateValidation (X509Certificate certificate, int[] certificateErrors)
86 bool failed = (certificateErrors.Length > 0);
87 // only one problem can be reported by this interface
88 _status = ((failed) ? certificateErrors [0] : 0);
90 #pragma warning disable 618
91 if (ServicePointManager.CertificatePolicy != null) {
92 ServicePoint sp = _request.ServicePoint;
93 bool res = ServicePointManager.CertificatePolicy.CheckValidationResult (sp, certificate, _request, _status);
98 #pragma warning restore 618
99 if (HaveRemoteValidation2Callback)
100 return failed; // The validation already tried the 2.0 callback
102 SNS.RemoteCertificateValidationCallback cb = ServicePointManager.ServerCertificateValidationCallback;
104 SNS.SslPolicyErrors ssl_errors = 0;
105 foreach (int i in certificateErrors) {
106 if (i == (int)-2146762490) // TODO: is this what happens when the purpose is wrong?
107 ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateNotAvailable;
108 else if (i == (int) -2146762481)
109 ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateNameMismatch;
111 ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateChainErrors;
113 SNCX.X509Certificate2 cert2 = new SNCX.X509Certificate2 (certificate.GetRawCertData ());
114 SNCX.X509Chain chain = new SNCX.X509Chain ();
115 if (!chain.Build (cert2))
116 ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateChainErrors;
117 return cb (_request, cert2, chain, ssl_errors);