mcs/class/System/System.Security.Cryptography.X509Certificates/OSX509Certificates.cs

   1 // Copyright (C) 2010 Novell, Inc (http://www.novell.com)
   2 // Copyright 2012-2014 Xamarin Inc.
   3 //
   4 // Permission is hereby granted, free of charge, to any person obtaining
   5 // a copy of this software and associated documentation files (the
   6 // "Software"), to deal in the Software without restriction, including
   7 // without limitation the rights to use, copy, modify, merge, publish,
   8 // distribute, sublicense, and/or sell copies of the Software, and to
   9 // permit persons to whom the Software is furnished to do so, subject to
  10 // the following conditions:
  11 //
  12 // The above copyright notice and this permission notice shall be
  13 // included in all copies or substantial portions of the Software.
  14 //
  15 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  16 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  17 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  18 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  19 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  20 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  21 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  22 //
  23 #if SECURITY_DEP
  24 #if MONO_X509_ALIAS
  25 extern alias PrebuiltSystem;
  26 #endif
  27
  28 #if MONO_X509_ALIAS
  29 using XX509CertificateCollection = PrebuiltSystem::System.Security.Cryptography.X509Certificates.X509CertificateCollection;
  30 #else
  31 using XX509CertificateCollection = System.Security.Cryptography.X509Certificates.X509CertificateCollection;
  32 #endif
  33
  34 using System;
  35 using System.Runtime.InteropServices;
  36
  37 namespace System.Security.Cryptography.X509Certificates {
  38
  39         static class OSX509Certificates {
  40                 public const string SecurityLibrary = "/System/Library/Frameworks/Security.framework/Security";
  41                 public const string CoreFoundationLibrary = "/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation";
  42
  43                 [DllImport (SecurityLibrary)]
  44                 extern static IntPtr SecCertificateCreateWithData (IntPtr allocator, IntPtr nsdataRef);
  45
  46                 [DllImport (SecurityLibrary)]
  47                 extern static /* OSStatus */ int SecTrustCreateWithCertificates (IntPtr certOrCertArray, IntPtr policies, out IntPtr sectrustref);
  48
  49                 [DllImport (SecurityLibrary)]
  50                 extern static /* OSStatus */ int SecTrustSetAnchorCertificates (IntPtr /* SecTrustRef */ trust, IntPtr /* CFArrayRef */ anchorCertificates);
  51
  52                 [DllImport (SecurityLibrary)]
  53                 extern static IntPtr SecPolicyCreateSSL ([MarshalAs (UnmanagedType.I1)] bool server, IntPtr cfStringHostname);
  54
  55                 [DllImport (SecurityLibrary)]
  56                 extern static /* OSStatus */ int SecTrustEvaluate (IntPtr secTrustRef, out SecTrustResult secTrustResultTime);
  57
  58                 [DllImport (CoreFoundationLibrary, CharSet=CharSet.Unicode)]
  59                 extern static IntPtr CFStringCreateWithCharacters (IntPtr allocator, string str, /* CFIndex */ IntPtr count);
  60
  61                 [DllImport (CoreFoundationLibrary)]
  62                 unsafe extern static IntPtr CFDataCreate (IntPtr allocator, byte *bytes, /* CFIndex */ IntPtr length);
  63
  64                 [DllImport (CoreFoundationLibrary)]
  65                 extern static void CFRelease (IntPtr handle);
  66
  67                 [DllImport (CoreFoundationLibrary)]
  68                 extern static IntPtr CFArrayCreate (IntPtr allocator, IntPtr values, /* CFIndex */ IntPtr numValues, IntPtr callbacks);
  69
  70                 // uint32_t
  71                 public enum SecTrustResult {
  72                         Invalid,
  73                         Proceed,
  74                         Confirm,
  75                         Deny,
  76                         Unspecified,
  77                         RecoverableTrustFailure,
  78                         FatalTrustFailure,
  79                         ResultOtherError,
  80                 }
  81
  82                 static IntPtr MakeCFData (byte [] data)
  83                 {
  84                         unsafe {
  85                                 fixed (byte *ptr = &data [0])
  86                                         return CFDataCreate (IntPtr.Zero, ptr, (IntPtr) data.Length);
  87                         }
  88                 }
  89
  90                 static unsafe IntPtr FromIntPtrs (IntPtr [] values)
  91                 {
  92                         fixed (IntPtr* pv = values) {
  93                                 return CFArrayCreate (
  94                                         IntPtr.Zero,
  95                                         (IntPtr) pv,
  96                                         (IntPtr) values.Length,
  97                                         IntPtr.Zero);
  98                         }
  99                 }
 100
 101                 public static SecTrustResult TrustEvaluateSsl (XX509CertificateCollection certificates, XX509CertificateCollection anchors, string host)
 102                 {
 103                         if (certificates == null)
 104                                 return SecTrustResult.Deny;
 105
 106                         try {
 107                                 return _TrustEvaluateSsl (certificates, anchors, host);
 108                         } catch {
 109                                 return SecTrustResult.Deny;
 110                         }
 111                 }
 112
 113                 static SecTrustResult _TrustEvaluateSsl (XX509CertificateCollection certificates, XX509CertificateCollection anchors, string hostName)
 114                 {
 115                         int certCount = certificates.Count;
 116                         int anchorCount = anchors != null ? anchors.Count : 0;
 117                         IntPtr [] cfDataPtrs = new IntPtr [certCount];
 118                         IntPtr [] secCerts = new IntPtr [certCount];
 119                         IntPtr [] cfDataAnchorPtrs = new IntPtr [anchorCount];
 120                         IntPtr [] secCertAnchors = new IntPtr [anchorCount];
 121                         IntPtr certArray = IntPtr.Zero;
 122                         IntPtr anchorArray = IntPtr.Zero;
 123                         IntPtr sslsecpolicy = IntPtr.Zero;
 124                         IntPtr host = IntPtr.Zero;
 125                         IntPtr sectrust = IntPtr.Zero;
 126                         SecTrustResult result = SecTrustResult.Deny;
 127
 128                         try {
 129                                 for (int i = 0; i < certCount; i++)
 130                                         cfDataPtrs [i] = MakeCFData (certificates [i].GetRawCertData ());
 131                                 for (int i = 0; i < anchorCount; i++)
 132                                         cfDataAnchorPtrs [i] = MakeCFData (anchors [i].GetRawCertData ());
 133
 134                                 for (int i = 0; i < certCount; i++){
 135                                         secCerts [i] = SecCertificateCreateWithData (IntPtr.Zero, cfDataPtrs [i]);
 136                                         if (secCerts [i] == IntPtr.Zero)
 137                                                 return SecTrustResult.Deny;
 138                                 }
 139
 140                                 for (int i = 0; i < anchorCount; i++) {
 141                                         secCertAnchors [i] = SecCertificateCreateWithData (IntPtr.Zero, cfDataAnchorPtrs [i]);
 142                                         if (secCertAnchors [i] == IntPtr.Zero)
 143                                                 return SecTrustResult.Deny;
 144                                 }
 145
 146                                 certArray = FromIntPtrs (secCerts);
 147
 148                                 host = CFStringCreateWithCharacters (IntPtr.Zero, hostName, (IntPtr) hostName.Length);
 149                                 sslsecpolicy = SecPolicyCreateSSL (true, host);
 150
 151                                 int code = SecTrustCreateWithCertificates (certArray, sslsecpolicy, out sectrust);
 152                                 if (code != 0)
 153                                         return SecTrustResult.Deny;
 154
 155                                 if (anchorCount > 0) {
 156                                         anchorArray = FromIntPtrs (secCertAnchors);
 157                                         SecTrustSetAnchorCertificates (sectrust, anchorArray);
 158                                 }
 159
 160                                 code = SecTrustEvaluate (sectrust, out result);
 161                                 return result;
 162                         } finally {
 163                                 for (int i = 0; i < certCount; i++)
 164                                         if (cfDataPtrs [i] != IntPtr.Zero)
 165                                                 CFRelease (cfDataPtrs [i]);
 166
 167                                 for (int i = 0; i < anchorCount; i++)
 168                                         if (cfDataAnchorPtrs [i] != IntPtr.Zero)
 169                                                 CFRelease (cfDataAnchorPtrs [i]);
 170
 171                                 if (certArray != IntPtr.Zero)
 172                                         CFRelease (certArray);
 173
 174                                 if (anchorArray != IntPtr.Zero)
 175                                         CFRelease (anchorArray);
 176
 177                                 for (int i = 0; i < certCount; i++)
 178                                         if (secCerts [i] != IntPtr.Zero)
 179                                                 CFRelease (secCerts [i]);
 180
 181                                 for (int i = 0; i < anchorCount; i++)
 182                                         if (secCertAnchors [i] != IntPtr.Zero)
 183                                                 CFRelease (secCertAnchors [i]);
 184
 185                                 if (sslsecpolicy != IntPtr.Zero)
 186                                         CFRelease (sslsecpolicy);
 187                                 if (host != IntPtr.Zero)
 188                                         CFRelease (host);
 189                                 if (sectrust != IntPtr.Zero)
 190                                         CFRelease (sectrust);
 191                         }
 192                 }
 193         }
 194 }
 195 #endif