5 // Martin Baulig <martin.baulig@xamarin.com>
7 // Copyright (c) 2015 Xamarin, Inc.
9 // Permission is hereby granted, free of charge, to any person obtaining a copy
10 // of this software and associated documentation files (the "Software"), to deal
11 // in the Software without restriction, including without limitation the rights
12 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
13 // copies of the Software, and to permit persons to whom the Software is
14 // furnished to do so, subject to the following conditions:
16 // The above copyright notice and this permission notice shall be included in
17 // all copies or substantial portions of the Software.
19 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
22 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
23 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
24 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 #if !MONO_FEATURE_NEW_TLS
30 #if MONO_SECURITY_ALIAS
31 extern alias MonoSecurity;
34 #if MONO_SECURITY_ALIAS
35 using MonoSecurity::Mono.Security.Interface;
37 using Mono.Security.Interface;
40 using CipherAlgorithmType = System.Security.Authentication.CipherAlgorithmType;
41 using HashAlgorithmType = System.Security.Authentication.HashAlgorithmType;
42 using ExchangeAlgorithmType = System.Security.Authentication.ExchangeAlgorithmType;
47 using System.Net.Security;
48 using System.Security.Authentication;
49 using System.Security.Cryptography.X509Certificates;
50 using System.Security.Permissions;
51 using System.Security.Principal;
52 using System.Security.Cryptography;
54 using System.Threading.Tasks;
56 using MNS = Mono.Net.Security;
58 namespace System.Net.Security
61 * These two are defined by the referencesource; add them heere to make
62 * it easy to switch between the two implementations.
65 internal delegate bool RemoteCertValidationCallback (
67 X509Certificate certificate,
69 SslPolicyErrors sslPolicyErrors);
71 internal delegate X509Certificate LocalCertSelectionCallback (
73 X509CertificateCollection localCertificates,
74 X509Certificate remoteCertificate,
75 string[] acceptableIssuers);
77 public class SslStream : AuthenticatedStream, MNS.IMonoSslStream
79 MonoTlsProvider provider;
82 internal IMonoSslStream Impl {
89 internal MonoTlsProvider Provider {
96 static MonoTlsProvider GetProvider ()
98 return MonoTlsProviderFactory.GetDefaultProvider ();
101 public SslStream (Stream innerStream)
102 : this (innerStream, false)
106 public SslStream (Stream innerStream, bool leaveInnerStreamOpen)
107 : base (innerStream, leaveInnerStreamOpen)
109 provider = GetProvider ();
110 impl = provider.CreateSslStream (innerStream, leaveInnerStreamOpen);
113 public SslStream (Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback)
114 : this (innerStream, leaveInnerStreamOpen, userCertificateValidationCallback, null)
118 public SslStream (Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback)
119 : base (innerStream, leaveInnerStreamOpen)
121 provider = GetProvider ();
122 var settings = MonoTlsSettings.CopyDefaultSettings ();
123 settings.RemoteCertificateValidationCallback = MNS.Private.CallbackHelpers.PublicToMono (userCertificateValidationCallback);
124 settings.ClientCertificateSelectionCallback = MNS.Private.CallbackHelpers.PublicToMono (userCertificateSelectionCallback);
125 impl = provider.CreateSslStream (innerStream, leaveInnerStreamOpen, settings);
128 [MonoLimitation ("encryptionPolicy is ignored")]
129 public SslStream (Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback, EncryptionPolicy encryptionPolicy)
130 : this (innerStream, leaveInnerStreamOpen, userCertificateValidationCallback, userCertificateSelectionCallback)
134 internal SslStream (Stream innerStream, bool leaveInnerStreamOpen, IMonoSslStream impl)
135 : base (innerStream, leaveInnerStreamOpen)
140 public virtual void AuthenticateAsClient (string targetHost)
142 Impl.AuthenticateAsClient (targetHost);
145 public virtual void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
147 Impl.AuthenticateAsClient (targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation);
150 // [HostProtection (ExternalThreading=true)]
151 public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, AsyncCallback asyncCallback, object asyncState)
153 return Impl.BeginAuthenticateAsClient (targetHost, asyncCallback, asyncState);
156 // [HostProtection (ExternalThreading=true)]
157 public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
159 return Impl.BeginAuthenticateAsClient (targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation, asyncCallback, asyncState);
162 public virtual void EndAuthenticateAsClient (IAsyncResult asyncResult)
164 Impl.EndAuthenticateAsClient (asyncResult);
167 public virtual void AuthenticateAsServer (X509Certificate serverCertificate)
169 Impl.AuthenticateAsServer (serverCertificate);
172 public virtual void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
174 Impl.AuthenticateAsServer (serverCertificate, clientCertificateRequired, enabledSslProtocols, checkCertificateRevocation);
177 // [HostProtection (ExternalThreading=true)]
178 public virtual IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, AsyncCallback asyncCallback, object asyncState)
180 return Impl.BeginAuthenticateAsServer (serverCertificate, asyncCallback, asyncState);
183 public virtual IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
185 return Impl.BeginAuthenticateAsServer (serverCertificate, clientCertificateRequired, enabledSslProtocols, checkCertificateRevocation, asyncCallback, asyncState);
188 public virtual void EndAuthenticateAsServer (IAsyncResult asyncResult)
190 Impl.EndAuthenticateAsServer (asyncResult);
193 public TransportContext TransportContext {
195 throw new NotSupportedException();
199 // [HostProtection (ExternalThreading=true)]
200 public virtual Task AuthenticateAsClientAsync (string targetHost)
202 return Impl.AuthenticateAsClientAsync (targetHost);
205 public virtual Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
207 return Impl.AuthenticateAsClientAsync (targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation);
210 public virtual Task AuthenticateAsServerAsync (X509Certificate serverCertificate)
212 return Impl.AuthenticateAsServerAsync (serverCertificate);
215 public virtual Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
217 return Impl.AuthenticateAsServerAsync (serverCertificate, clientCertificateRequired, enabledSslProtocols, checkCertificateRevocation);
220 public override bool IsAuthenticated {
221 get { return Impl.IsAuthenticated; }
224 public override bool IsMutuallyAuthenticated {
225 get { return Impl.IsMutuallyAuthenticated; }
228 public override bool IsEncrypted {
229 get { return Impl.IsEncrypted; }
232 public override bool IsSigned {
233 get { return Impl.IsSigned; }
236 public override bool IsServer {
237 get { return Impl.IsServer; }
240 public virtual SslProtocols SslProtocol {
241 get { return (SslProtocols)Impl.SslProtocol; }
244 public virtual bool CheckCertRevocationStatus {
245 get { return Impl.CheckCertRevocationStatus; }
248 X509Certificate MNS.IMonoSslStream.InternalLocalCertificate {
249 get { return Impl.InternalLocalCertificate; }
252 public virtual X509Certificate LocalCertificate {
253 get { return Impl.LocalCertificate; }
256 public virtual X509Certificate RemoteCertificate {
257 get { return Impl.RemoteCertificate; }
260 public virtual CipherAlgorithmType CipherAlgorithm {
261 get { return (CipherAlgorithmType)Impl.CipherAlgorithm; }
264 public virtual int CipherStrength {
265 get { return Impl.CipherStrength; }
268 public virtual HashAlgorithmType HashAlgorithm {
269 get { return (HashAlgorithmType)Impl.HashAlgorithm; }
272 public virtual int HashStrength {
273 get { return Impl.HashStrength; }
276 public virtual ExchangeAlgorithmType KeyExchangeAlgorithm {
277 get { return (ExchangeAlgorithmType)Impl.KeyExchangeAlgorithm; }
280 public virtual int KeyExchangeStrength {
281 get { return Impl.KeyExchangeStrength; }
284 public override bool CanSeek {
285 get { return false; }
288 public override bool CanRead {
289 get { return Impl.CanRead; }
292 public override bool CanTimeout {
293 get { return Impl.CanTimeout; }
296 public override bool CanWrite {
297 get { return Impl.CanWrite; }
300 public override int ReadTimeout {
301 get { return Impl.ReadTimeout; }
302 set { Impl.ReadTimeout = value; }
305 public override int WriteTimeout {
306 get { return Impl.WriteTimeout; }
307 set { Impl.WriteTimeout = value; }
310 public override long Length {
311 get { return Impl.Length; }
314 public override long Position {
315 get { return Impl.Position; }
317 throw new NotSupportedException (SR.GetString (SR.net_noseek));
321 public override void SetLength (long value)
323 Impl.SetLength (value);
326 public override long Seek (long offset, SeekOrigin origin)
328 throw new NotSupportedException (SR.GetString (SR.net_noseek));
331 public override void Flush ()
336 void CheckDisposed ()
339 throw new ObjectDisposedException ("SslStream");
342 protected override void Dispose (bool disposing)
345 if (impl != null && disposing) {
350 base.Dispose (disposing);
354 public override int Read (byte[] buffer, int offset, int count)
356 return Impl.Read (buffer, offset, count);
359 public void Write (byte[] buffer)
364 public override void Write (byte[] buffer, int offset, int count)
366 Impl.Write (buffer, offset, count);
369 // [HostProtection (ExternalThreading=true)]
370 public override IAsyncResult BeginRead (byte[] buffer, int offset, int count, AsyncCallback asyncCallback, object asyncState)
372 return Impl.BeginRead (buffer, offset, count, asyncCallback, asyncState);
375 public override int EndRead (IAsyncResult asyncResult)
377 return Impl.EndRead (asyncResult);
380 // [HostProtection (ExternalThreading=true)]
381 public override IAsyncResult BeginWrite (byte[] buffer, int offset, int count, AsyncCallback asyncCallback, object asyncState)
383 return Impl.BeginWrite (buffer, offset, count, asyncCallback, asyncState);
386 public override void EndWrite (IAsyncResult asyncResult)
388 Impl.EndWrite (asyncResult);
391 AuthenticatedStream MNS.IMonoSslStream.AuthenticatedStream {
395 MonoTlsProvider MNS.IMonoSslStream.Provider {
396 get { return provider; }
399 MonoTlsConnectionInfo MNS.IMonoSslStream.GetConnectionInfo ()
401 return Impl.GetConnectionInfo ();
405 #else // !SECURITY_DEP
406 namespace System.Net.Security
408 public class SslStream