1 #if SECURITY_DEP && MONO_FEATURE_APPLETLS
3 // Trust.cs: Implements the managed SecTrust wrapper.
7 // Sebastien Pouliot <sebastien@xamarin.com>
9 // Copyright 2010 Novell, Inc
10 // Copyright 2012-2014 Xamarin Inc.
12 // Permission is hereby granted, free of charge, to any person obtaining
13 // a copy of this software and associated documentation files (the
14 // "Software"), to deal in the Software without restriction, including
15 // without limitation the rights to use, copy, modify, merge, publish,
16 // distribute, sublicense, and/or sell copies of the Software, and to
17 // permit persons to whom the Software is furnished to do so, subject to
18 // the following conditions:
20 // The above copyright notice and this permission notice shall be
21 // included in all copies or substantial portions of the Software.
23 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
27 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
28 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 using System.Runtime.InteropServices;
33 using System.Security;
34 using System.Security.Cryptography.X509Certificates;
35 using ObjCRuntimeInternal;
38 namespace Mono.AppleTls {
39 partial class SecTrust : INativeObject, IDisposable {
42 internal SecTrust (IntPtr handle, bool owns = false)
44 if (handle == IntPtr.Zero)
45 throw new Exception ("Invalid handle");
49 CFObject.CFRetain (handle);
52 [DllImport (AppleTlsContext.SecurityLibrary)]
53 extern static SecStatusCode SecTrustCreateWithCertificates (
54 /* CFTypeRef */ IntPtr certOrCertArray,
55 /* CFTypeRef __nullable */ IntPtr policies,
56 /* SecTrustRef *__nonull */ out IntPtr sectrustref);
59 public SecTrust (X509CertificateCollection certificates, SecPolicy policy)
61 if (certificates == null)
62 throw new ArgumentNullException ("certificates");
64 SecCertificate[] array = new SecCertificate [certificates.Count];
66 foreach (var certificate in certificates)
67 array [i++] = new SecCertificate (certificate);
68 Initialize (array, policy);
69 for (i = 0; i < array.Length; i++)
73 void Initialize (SecCertificate[] array, SecPolicy policy)
75 using (var certs = CFArray.CreateArray (array)) {
76 Initialize (certs.Handle, policy);
80 void Initialize (IntPtr certHandle, SecPolicy policy)
82 SecStatusCode result = SecTrustCreateWithCertificates (certHandle, policy == null ? IntPtr.Zero : policy.Handle, out handle);
83 if (result != SecStatusCode.Success)
84 throw new ArgumentException (result.ToString ());
87 [DllImport (AppleTlsContext.SecurityLibrary)]
88 extern static SecStatusCode /* OSStatus */ SecTrustEvaluate (IntPtr /* SecTrustRef */ trust, out /* SecTrustResultType */ SecTrustResult result);
90 public SecTrustResult Evaluate ()
92 if (handle == IntPtr.Zero)
93 throw new ObjectDisposedException ("SecTrust");
96 SecStatusCode result = SecTrustEvaluate (handle, out trust);
97 if (result != SecStatusCode.Success)
98 throw new InvalidOperationException (result.ToString ());
102 [DllImport (AppleTlsContext.SecurityLibrary)]
103 extern static IntPtr /* CFIndex */ SecTrustGetCertificateCount (IntPtr /* SecTrustRef */ trust);
107 if (handle == IntPtr.Zero)
109 return (int) SecTrustGetCertificateCount (handle);
113 [DllImport (AppleTlsContext.SecurityLibrary)]
114 extern static IntPtr /* SecCertificateRef */ SecTrustGetCertificateAtIndex (IntPtr /* SecTrustRef */ trust, IntPtr /* CFIndex */ ix);
116 public SecCertificate this [IntPtr index] {
118 if (handle == IntPtr.Zero)
119 throw new ObjectDisposedException ("SecTrust");
120 if (((long)index < 0) || ((long)index >= Count))
121 throw new ArgumentOutOfRangeException ("index");
123 return new SecCertificate (SecTrustGetCertificateAtIndex (handle, index));
127 internal X509Certificate GetCertificate (int index)
129 if (handle == IntPtr.Zero)
130 throw new ObjectDisposedException ("SecTrust");
131 if (((long)index < 0) || ((long)index >= Count))
132 throw new ArgumentOutOfRangeException ("index");
134 var ptr = SecTrustGetCertificateAtIndex (handle, (IntPtr)index);
135 return new X509Certificate (ptr);
138 [DllImport (AppleTlsContext.SecurityLibrary)]
139 extern static SecStatusCode /* OSStatus */ SecTrustSetAnchorCertificates (IntPtr /* SecTrustRef */ trust, IntPtr /* CFArrayRef */ anchorCertificates);
141 public SecStatusCode SetAnchorCertificates (X509CertificateCollection certificates)
143 if (handle == IntPtr.Zero)
144 throw new ObjectDisposedException ("SecTrust");
145 if (certificates == null)
146 return SecTrustSetAnchorCertificates (handle, IntPtr.Zero);
148 SecCertificate[] array = new SecCertificate [certificates.Count];
150 foreach (var certificate in certificates)
151 array [i++] = new SecCertificate (certificate);
152 return SetAnchorCertificates (array);
155 public SecStatusCode SetAnchorCertificates (SecCertificate[] array)
158 return SecTrustSetAnchorCertificates (handle, IntPtr.Zero);
159 using (var certs = CFArray.FromNativeObjects (array)) {
160 return SecTrustSetAnchorCertificates (handle, certs.Handle);
164 [DllImport (AppleTlsContext.SecurityLibrary)]
165 extern static SecStatusCode /* OSStatus */ SecTrustSetAnchorCertificatesOnly (IntPtr /* SecTrustRef */ trust, bool anchorCertificatesOnly);
167 public SecStatusCode SetAnchorCertificatesOnly (bool anchorCertificatesOnly)
169 if (handle == IntPtr.Zero)
170 throw new ObjectDisposedException ("SecTrust");
172 return SecTrustSetAnchorCertificatesOnly (handle, anchorCertificatesOnly);
175 [DllImport (AppleTlsContext.SecurityLibrary)]
176 extern static SecStatusCode /* OSStatus */ SecTrustSetVerifyDate (IntPtr /* SecTrustRef */ trust, IntPtr /* CFDateRef */ date);
178 public SecStatusCode SetVerifyDate (DateTime date)
180 using (var nativeDate = CFDate.Create (date))
181 return SecTrustSetVerifyDate (handle, nativeDate.Handle);
189 protected virtual void Dispose (bool disposing)
191 if (handle != IntPtr.Zero) {
192 CFObject.CFRelease (handle);
193 handle = IntPtr.Zero;
197 public void Dispose ()
200 GC.SuppressFinalize (this);
203 public IntPtr Handle {
204 get { return handle; }