5 // Martin Baulig <martin.baulig@xamarin.com>
7 // Copyright (c) 2015 Xamarin, Inc.
11 #if MONO_SECURITY_ALIAS
12 extern alias MonoSecurity;
15 #if MONO_SECURITY_ALIAS
16 using MonoSecurity::Mono.Security.Interface;
18 using Mono.Security.Interface;
23 using SD = System.Diagnostics;
24 using System.Collections;
25 using System.Collections.Generic;
26 using System.Threading;
27 using System.Threading.Tasks;
28 using System.Security.Authentication;
29 using System.Security.Cryptography.X509Certificates;
31 namespace Mono.Net.Security
33 abstract class MobileTlsContext : IDisposable
35 MobileAuthenticatedStream parent;
39 SslProtocols enabledProtocols;
40 X509Certificate serverCertificate;
41 X509CertificateCollection clientCertificates;
42 bool askForClientCert;
43 ICertificateValidator2 certificateValidator;
45 public MobileTlsContext (
46 MobileAuthenticatedStream parent, bool serverMode, string targetHost,
47 SslProtocols enabledProtocols, X509Certificate serverCertificate,
48 X509CertificateCollection clientCertificates, bool askForClientCert)
51 this.serverMode = serverMode;
52 this.targetHost = targetHost;
53 this.enabledProtocols = enabledProtocols;
54 this.serverCertificate = serverCertificate;
55 this.clientCertificates = clientCertificates;
56 this.askForClientCert = askForClientCert;
58 serverName = targetHost;
59 if (!string.IsNullOrEmpty (serverName)) {
60 var pos = serverName.IndexOf (':');
62 serverName = serverName.Substring (0, pos);
65 certificateValidator = CertificateValidationHelper.GetInternalValidator (
66 parent.Settings, parent.Provider);
69 internal MobileAuthenticatedStream Parent {
70 get { return parent; }
73 public MonoTlsSettings Settings {
74 get { return parent.Settings; }
77 public MonoTlsProvider Provider {
78 get { return parent.Provider; }
81 [SD.Conditional ("MARTIN_DEBUG")]
82 protected void Debug (string message, params object[] args)
84 Console.Error.WriteLine ("{0}: {1}", GetType ().Name, string.Format (message, args));
87 public abstract bool HasContext {
91 public abstract bool IsAuthenticated {
95 public bool IsServer {
96 get { return serverMode; }
99 protected string TargetHost {
100 get { return targetHost; }
103 protected string ServerName {
104 get { return serverName; }
107 protected bool AskForClientCertificate {
108 get { return askForClientCert; }
111 protected SslProtocols EnabledProtocols {
112 get { return enabledProtocols; }
115 protected X509CertificateCollection ClientCertificates {
116 get { return clientCertificates; }
119 protected void GetProtocolVersions (out TlsProtocolCode min, out TlsProtocolCode max)
121 if ((enabledProtocols & SslProtocols.Tls) != 0)
122 min = TlsProtocolCode.Tls10;
123 else if ((enabledProtocols & SslProtocols.Tls11) != 0)
124 min = TlsProtocolCode.Tls11;
126 min = TlsProtocolCode.Tls12;
128 if ((enabledProtocols & SslProtocols.Tls12) != 0)
129 max = TlsProtocolCode.Tls12;
130 else if ((enabledProtocols & SslProtocols.Tls11) != 0)
131 max = TlsProtocolCode.Tls11;
133 max = TlsProtocolCode.Tls10;
136 public abstract void StartHandshake ();
138 public abstract bool ProcessHandshake ();
140 public abstract void FinishHandshake ();
142 public abstract MonoTlsConnectionInfo ConnectionInfo {
146 internal X509Certificate LocalServerCertificate {
147 get { return serverCertificate; }
150 internal abstract bool IsRemoteCertificateAvailable {
154 internal abstract X509Certificate LocalClientCertificate {
158 public abstract X509Certificate RemoteCertificate {
162 public abstract TlsProtocols NegotiatedProtocol {
166 public abstract void Flush ();
168 public abstract int Read (byte[] buffer, int offset, int count, out bool wantMore);
170 public abstract int Write (byte[] buffer, int offset, int count, out bool wantMore);
172 public abstract void Shutdown ();
174 protected bool ValidateCertificate (X509Certificate leaf, X509Chain chain)
176 var result = certificateValidator.ValidateCertificate (TargetHost, IsServer, leaf, chain);
177 return result != null && result.Trusted && !result.UserDenied;
180 protected bool ValidateCertificate (X509CertificateCollection certificates)
182 var result = certificateValidator.ValidateCertificate (TargetHost, IsServer, certificates);
183 return result != null && result.Trusted && !result.UserDenied;
186 protected X509Certificate SelectClientCertificate (X509Certificate serverCertificate, string[] acceptableIssuers)
188 X509Certificate certificate;
189 var selected = certificateValidator.SelectClientCertificate (
190 TargetHost, ClientCertificates, serverCertificate, acceptableIssuers, out certificate);
194 if (clientCertificates == null || clientCertificates.Count == 0)
197 if (clientCertificates.Count == 1)
198 return clientCertificates [0];
200 // FIXME: select onne.
201 throw new NotImplementedException ();
204 public void Dispose ()
207 GC.SuppressFinalize (this);
210 protected virtual void Dispose (bool disposing)