5 // Martin Baulig <martin.baulig@xamarin.com>
7 // Copyright (c) 2015 Xamarin, Inc.
9 // Permission is hereby granted, free of charge, to any person obtaining a copy
10 // of this software and associated documentation files (the "Software"), to deal
11 // in the Software without restriction, including without limitation the rights
12 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
13 // copies of the Software, and to permit persons to whom the Software is
14 // furnished to do so, subject to the following conditions:
16 // The above copyright notice and this permission notice shall be included in
17 // all copies or substantial portions of the Software.
19 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
22 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
23 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
24 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
28 #if MONO_SECURITY_ALIAS
29 extern alias MonoSecurity;
32 #if MONO_SECURITY_ALIAS
33 using MonoSecurity::Mono.Security.Interface;
35 using Mono.Security.Interface;
42 using System.Net.Sockets;
43 using System.Net.Security;
44 using System.Threading;
45 using System.Threading.Tasks;
46 using System.Security.Authentication;
47 using System.Security.Cryptography.X509Certificates;
48 using System.Security.Principal;
49 using System.Security.Cryptography;
51 namespace Mono.Net.Security
56 readonly MonoTlsProvider provider;
57 readonly NetworkStream networkStream;
58 readonly HttpWebRequest request;
60 readonly MonoTlsSettings settings;
62 internal HttpWebRequest Request {
63 get { return request; }
66 IMonoSslStream sslStream;
68 internal IMonoSslStream SslStream {
69 get { return sslStream; }
72 const string EXCEPTION_MESSAGE = "System.Net.Security.SslStream is not supported on the current platform.";
75 WebExceptionStatus status;
77 internal WebExceptionStatus ExceptionStatus {
78 get { return status; }
81 internal bool CertificateValidationFailed {
85 public MonoTlsStream (HttpWebRequest request, NetworkStream networkStream)
88 this.request = request;
89 this.networkStream = networkStream;
91 settings = request.TlsSettings;
92 provider = request.TlsProvider ?? MonoTlsProviderFactory.GetProviderInternal ();
93 status = WebExceptionStatus.SecureChannelFailure;
95 ChainValidationHelper.Create (provider, ref settings, this);
97 status = WebExceptionStatus.SecureChannelFailure;
98 throw new PlatformNotSupportedException (EXCEPTION_MESSAGE);
102 internal Stream CreateStream (byte[] buffer)
105 sslStream = provider.CreateSslStream (networkStream, false, settings);
108 var host = request.Host;
109 if (!string.IsNullOrEmpty (host)) {
110 var pos = host.IndexOf (':');
112 host = host.Substring (0, pos);
115 sslStream.AuthenticateAsClient (
116 host, request.ClientCertificates,
117 (SslProtocols)ServicePointManager.SecurityProtocol,
118 ServicePointManager.CheckCertificateRevocationList);
120 status = WebExceptionStatus.Success;
122 status = WebExceptionStatus.SecureChannelFailure;
125 if (CertificateValidationFailed)
126 status = WebExceptionStatus.TrustFailure;
128 if (status == WebExceptionStatus.Success)
129 request.ServicePoint.UpdateClientCertificate (sslStream.InternalLocalCertificate);
131 request.ServicePoint.UpdateClientCertificate (null);
138 sslStream.Write (buffer, 0, buffer.Length);
140 status = WebExceptionStatus.SendFailure;
145 return sslStream.AuthenticatedStream;
147 throw new PlatformNotSupportedException (EXCEPTION_MESSAGE);