Merge pull request #2185 from akoeplinger/json-move
[mono.git] / mcs / class / System / System.Security.Cryptography.X509Certificates / OSX509Certificates.cs
1 // Copyright (C) 2010 Novell, Inc (http://www.novell.com)
2 // Copyright 2012-2014 Xamarin Inc.
3 //
4 // Permission is hereby granted, free of charge, to any person obtaining
5 // a copy of this software and associated documentation files (the
6 // "Software"), to deal in the Software without restriction, including
7 // without limitation the rights to use, copy, modify, merge, publish,
8 // distribute, sublicense, and/or sell copies of the Software, and to
9 // permit persons to whom the Software is furnished to do so, subject to
10 // the following conditions:
11 // 
12 // The above copyright notice and this permission notice shall be
13 // included in all copies or substantial portions of the Software.
14 // 
15 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
19 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
20 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
21 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
22 //
23 #if SECURITY_DEP
24 #if MONO_X509_ALIAS
25 extern alias PrebuiltSystem;
26 #endif
27
28 #if MONO_X509_ALIAS
29 using XX509CertificateCollection = PrebuiltSystem::System.Security.Cryptography.X509Certificates.X509CertificateCollection;
30 #else
31 using XX509CertificateCollection = System.Security.Cryptography.X509Certificates.X509CertificateCollection;
32 #endif
33
34 using System;
35 using System.Runtime.InteropServices;
36
37 namespace System.Security.Cryptography.X509Certificates {
38
39         static class OSX509Certificates {
40                 public const string SecurityLibrary = "/System/Library/Frameworks/Security.framework/Security";
41                 public const string CoreFoundationLibrary = "/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation";
42         
43                 [DllImport (SecurityLibrary)]
44                 extern static IntPtr SecCertificateCreateWithData (IntPtr allocator, IntPtr nsdataRef);
45                 
46                 [DllImport (SecurityLibrary)]
47                 extern static /* OSStatus */ int SecTrustCreateWithCertificates (IntPtr certOrCertArray, IntPtr policies, out IntPtr sectrustref);
48                 
49                 [DllImport (SecurityLibrary)]
50                 extern static /* OSStatus */ int SecTrustSetAnchorCertificates (IntPtr /* SecTrustRef */ trust, IntPtr /* CFArrayRef */ anchorCertificates);
51
52                 [DllImport (SecurityLibrary)]
53                 extern static IntPtr SecPolicyCreateSSL ([MarshalAs (UnmanagedType.I1)] bool server, IntPtr cfStringHostname);
54                 
55                 [DllImport (SecurityLibrary)]
56                 extern static /* OSStatus */ int SecTrustEvaluate (IntPtr secTrustRef, out SecTrustResult secTrustResultTime);
57
58                 [DllImport (CoreFoundationLibrary, CharSet=CharSet.Unicode)]
59                 extern static IntPtr CFStringCreateWithCharacters (IntPtr allocator, string str, /* CFIndex */ IntPtr count);
60
61                 [DllImport (CoreFoundationLibrary)]
62                 unsafe extern static IntPtr CFDataCreate (IntPtr allocator, byte *bytes, /* CFIndex */ IntPtr length);
63
64                 [DllImport (CoreFoundationLibrary)]
65                 extern static void CFRelease (IntPtr handle);
66
67                 [DllImport (CoreFoundationLibrary)]
68                 extern static IntPtr CFArrayCreate (IntPtr allocator, IntPtr values, /* CFIndex */ IntPtr numValues, IntPtr callbacks);
69
70                 // uint32_t
71                 public enum SecTrustResult {
72                         Invalid,
73                         Proceed,
74                         Confirm,
75                         Deny,
76                         Unspecified,
77                         RecoverableTrustFailure,
78                         FatalTrustFailure,
79                         ResultOtherError,
80                 }
81
82                 static IntPtr MakeCFData (byte [] data)
83                 {
84                         unsafe {
85                                 fixed (byte *ptr = &data [0])
86                                         return CFDataCreate (IntPtr.Zero, ptr, (IntPtr) data.Length);
87                         }
88                 }
89
90                 static unsafe IntPtr FromIntPtrs (IntPtr [] values)
91                 {
92                         fixed (IntPtr* pv = values) {
93                                 return CFArrayCreate (
94                                         IntPtr.Zero, 
95                                         (IntPtr) pv,
96                                         (IntPtr) values.Length,
97                                         IntPtr.Zero);
98                         }
99                 }
100                 
101                 public static SecTrustResult TrustEvaluateSsl (XX509CertificateCollection certificates, XX509CertificateCollection anchors, string host)
102                 {
103                         if (certificates == null)
104                                 return SecTrustResult.Deny;
105
106                         try {
107                                 return _TrustEvaluateSsl (certificates, anchors, host);
108                         } catch {
109                                 return SecTrustResult.Deny;
110                         }
111                 }
112
113                 static SecTrustResult _TrustEvaluateSsl (XX509CertificateCollection certificates, XX509CertificateCollection anchors, string hostName)
114                 {
115                         int certCount = certificates.Count;
116                         int anchorCount = anchors != null ? anchors.Count : 0;
117                         IntPtr [] cfDataPtrs = new IntPtr [certCount];
118                         IntPtr [] secCerts = new IntPtr [certCount];
119                         IntPtr [] cfDataAnchorPtrs = new IntPtr [anchorCount];
120                         IntPtr [] secCertAnchors = new IntPtr [anchorCount];
121                         IntPtr certArray = IntPtr.Zero;
122                         IntPtr anchorArray = IntPtr.Zero;
123                         IntPtr sslsecpolicy = IntPtr.Zero;
124                         IntPtr host = IntPtr.Zero;
125                         IntPtr sectrust = IntPtr.Zero;
126                         SecTrustResult result = SecTrustResult.Deny;
127
128                         try {
129                                 for (int i = 0; i < certCount; i++)
130                                         cfDataPtrs [i] = MakeCFData (certificates [i].GetRawCertData ());
131                                 for (int i = 0; i < anchorCount; i++)
132                                         cfDataAnchorPtrs [i] = MakeCFData (anchors [i].GetRawCertData ());
133                                 
134                                 for (int i = 0; i < certCount; i++){
135                                         secCerts [i] = SecCertificateCreateWithData (IntPtr.Zero, cfDataPtrs [i]);
136                                         if (secCerts [i] == IntPtr.Zero)
137                                                 return SecTrustResult.Deny;
138                                 }
139
140                                 for (int i = 0; i < anchorCount; i++) {
141                                         secCertAnchors [i] = SecCertificateCreateWithData (IntPtr.Zero, cfDataAnchorPtrs [i]);
142                                         if (secCertAnchors [i] == IntPtr.Zero)
143                                                 return SecTrustResult.Deny;
144                                 }
145
146                                 certArray = FromIntPtrs (secCerts);
147
148                                 host = CFStringCreateWithCharacters (IntPtr.Zero, hostName, (IntPtr) hostName.Length);
149                                 sslsecpolicy = SecPolicyCreateSSL (true, host);
150
151                                 int code = SecTrustCreateWithCertificates (certArray, sslsecpolicy, out sectrust);
152                                 if (code != 0)
153                                         return SecTrustResult.Deny;
154
155                                 if (anchorCount > 0) {
156                                         anchorArray = FromIntPtrs (secCertAnchors);
157                                         SecTrustSetAnchorCertificates (sectrust, anchorArray);
158                                 }
159
160                                 code = SecTrustEvaluate (sectrust, out result);
161                                 return result;
162                         } finally {
163                                 for (int i = 0; i < certCount; i++)
164                                         if (cfDataPtrs [i] != IntPtr.Zero)
165                                                 CFRelease (cfDataPtrs [i]);
166
167                                 for (int i = 0; i < anchorCount; i++)
168                                         if (cfDataAnchorPtrs [i] != IntPtr.Zero)
169                                                 CFRelease (cfDataAnchorPtrs [i]);
170
171                                 if (certArray != IntPtr.Zero)
172                                         CFRelease (certArray);
173
174                                 if (anchorArray != IntPtr.Zero)
175                                         CFRelease (anchorArray);
176                                 
177                                 for (int i = 0; i < certCount; i++)
178                                         if (secCerts [i] != IntPtr.Zero)
179                                                 CFRelease (secCerts [i]);
180
181                                 for (int i = 0; i < anchorCount; i++)
182                                         if (secCertAnchors [i] != IntPtr.Zero)
183                                                 CFRelease (secCertAnchors [i]);
184
185                                 if (sslsecpolicy != IntPtr.Zero)
186                                         CFRelease (sslsecpolicy);
187                                 if (host != IntPtr.Zero)
188                                         CFRelease (host);
189                                 if (sectrust != IntPtr.Zero)
190                                         CFRelease (sectrust);
191                         }
192                 }
193         }
194 }
195 #endif