mcs/class/Mono.Security/Mono.Security.Protocol.Tls/HttpsClientStream.cs

   1 //
   2 // HttpsClientStream.cs: Glue between HttpWebRequest and SslClientStream to
   3 //      reduce reflection usage.
   4 //
   5 // Author:
   6 //      Sebastien Pouliot  <sebastien@ximian.com>
   7 //
   8 // Copyright (C) 2004-2007 Novell, Inc. (http://www.novell.com)
   9 //
  10 // Permission is hereby granted, free of charge, to any person obtaining
  11 // a copy of this software and associated documentation files (the
  12 // "Software"), to deal in the Software without restriction, including
  13 // without limitation the rights to use, copy, modify, merge, publish,
  14 // distribute, sublicense, and/or sell copies of the Software, and to
  15 // permit persons to whom the Software is furnished to do so, subject to
  16 // the following conditions:
  17 //
  18 // The above copyright notice and this permission notice shall be
  19 // included in all copies or substantial portions of the Software.
  20 //
  21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  28 //
  29
  30 using System;
  31 using System.IO;
  32 using System.Net;
  33 using System.Security.Cryptography;
  34 using System.Security.Cryptography.X509Certificates;
  35 using SNS = System.Net.Security;
  36 using SNCX = System.Security.Cryptography.X509Certificates;
  37
  38 namespace Mono.Security.Protocol.Tls {
  39
  40         // Note: DO NOT REUSE this class - instead use SslClientStream
  41
  42         internal class HttpsClientStream : SslClientStream {
  43
  44                 private HttpWebRequest _request;
  45                 private int _status;
  46
  47                 public HttpsClientStream (Stream stream, X509CertificateCollection clientCertificates,
  48                                         HttpWebRequest request, byte [] buffer)
  49                         : base (stream, request.Address.Host, false, (Mono.Security.Protocol.Tls.SecurityProtocolType)
  50                                 ServicePointManager.SecurityProtocol, clientCertificates)
  51                 {
  52                         // this constructor permit access to the WebRequest to call
  53                         // ICertificatePolicy.CheckValidationResult
  54                         _request = request;
  55                         _status = 0;
  56                         if (buffer != null)
  57                                 InputBuffer.Write (buffer, 0, buffer.Length);
  58 #if !MOONLIGHT
  59                         // also saved from reflection
  60                         base.CheckCertRevocationStatus = ServicePointManager.CheckCertificateRevocationList;
  61
  62                         ClientCertSelection += delegate (X509CertificateCollection clientCerts, X509Certificate serverCertificate,
  63                                 string targetHost, X509CertificateCollection serverRequestedCertificates) {
  64                                 return ((clientCerts == null) || (clientCerts.Count == 0)) ? null : clientCerts [0];
  65                         };
  66                         PrivateKeySelection += delegate (X509Certificate certificate, string targetHost) {
  67                                 X509Certificate2 cert = (certificate as X509Certificate2);
  68                                 return (cert == null) ? null : cert.PrivateKey;
  69                         };
  70 #endif
  71                }
  72
  73                 public bool TrustFailure {
  74                         get {
  75                                 switch (_status) {
  76                                 case -2146762486: // CERT_E_CHAINING            0x800B010A
  77                                 case -2146762487: // CERT_E_UNTRUSTEDROOT       0x800B0109
  78                                         return true;
  79                                 default:
  80                                         return false;
  81                                 }
  82                         }
  83                 }
  84
  85 #if MOONLIGHT
  86                 internal override bool RaiseServerCertificateValidation (X509Certificate certificate, int[] certificateErrors)
  87                 {
  88                         return true;
  89                 }
  90 #else
  91                 internal override bool RaiseServerCertificateValidation (X509Certificate certificate, int[] certificateErrors)
  92                 {
  93                         bool failed = (certificateErrors.Length > 0);
  94                         // only one problem can be reported by this interface
  95                         _status = ((failed) ? certificateErrors [0] : 0);
  96
  97 #pragma warning disable 618
  98                         if (ServicePointManager.CertificatePolicy != null) {
  99                                 ServicePoint sp = _request.ServicePoint;
 100                                 bool res = ServicePointManager.CertificatePolicy.CheckValidationResult (sp, certificate, _request, _status);
 101                                 if (!res)
 102                                         return false;
 103                                 failed = true;
 104                         }
 105 #pragma warning restore 618
 106                         if (HaveRemoteValidation2Callback)
 107                                 return failed; // The validation already tried the 2.0 callback
 108
 109                         SNS.RemoteCertificateValidationCallback cb = ServicePointManager.ServerCertificateValidationCallback;
 110                         if (cb != null) {
 111                                 SNS.SslPolicyErrors ssl_errors = 0;
 112                                 foreach (int i in certificateErrors) {
 113                                         if (i == (int)-2146762490) // TODO: is this what happens when the purpose is wrong?
 114                                                 ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateNotAvailable;
 115                                         else if (i == (int) -2146762481)
 116                                                 ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateNameMismatch;
 117                                         else
 118                                                 ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateChainErrors;
 119                                 }
 120                                 SNCX.X509Certificate2 cert2 = new SNCX.X509Certificate2 (certificate.GetRawCertData ());
 121                                 SNCX.X509Chain chain = new SNCX.X509Chain ();
 122                                 if (!chain.Build (cert2))
 123                                         ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateChainErrors;
 124                                 return cb (_request, cert2, chain, ssl_errors);
 125                         }
 126                         return failed;
 127                 }
 128 #endif
 129         }
 130 }