projects / mono.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #2802 from BrzVlad/feature-evacuation-opt2
[mono.git] / mcs / class / Mono.Security / Mono.Security.Interface / CertificateValidationHelper.cs
diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/CertificateValidationHelper.cs b/mcs/class/Mono.Security/Mono.Security.Interface/CertificateValidationHelper.cs
index e167286ae693ed55b9903f8f04485d613624b420..fd392b409e5a4bef6de68f174911b79f638997be 100644 (file)
--- a/mcs/class/Mono.Security/Mono.Security.Interface/CertificateValidationHelper.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Interface/CertificateValidationHelper.cs
@@ -36,7 +36,6 @@ using Mono.Net.Security;
 
 namespace Mono.Security.Interface
 {
-       #if (!MONOTOUCH && !MONODROID) || INSIDE_SYSTEM
        public class ValidationResult
        {
                bool trusted;
@@ -52,12 +51,11 @@ namespace Mono.Security.Interface
                        this.policy_errors = policy_errors;
                }
 
-               internal ValidationResult (bool trusted, bool user_defined, int error_code)
+               internal ValidationResult (bool trusted, bool user_denied, int error_code)
                {
                        this.trusted = trusted;
                        this.user_denied = user_denied;
                        this.error_code = error_code;
-                       this.policy_errors = policy_errors;
                }
 
                public bool Trusted {
@@ -86,17 +84,32 @@ namespace Mono.Security.Interface
                        get;
                }
 
-               X509Certificate SelectClientCertificate (
+               /*
+                * Returns `true` if a client certificate has been selected (which could be `null`).
+                */
+               bool SelectClientCertificate (
                        string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate,
-                       string[] acceptableIssuers);
+                       string[] acceptableIssuers, out X509Certificate clientCertificate);
 
-               ValidationResult ValidateChain (string targetHost, X509CertificateCollection certificates);
+               /*
+                * If @serverMode is true, then we're a server and want to validate a certificate that we received from a client.
+                */
+               ValidationResult ValidateCertificate (string targetHost, bool serverMode, X509CertificateCollection certificates);
+       }
 
-               ValidationResult ValidateClientCertificate (X509CertificateCollection certificates);
+       internal interface ICertificateValidator2 : ICertificateValidator
+       {
+               /*
+                * Internal use only.
+                */
+               ValidationResult ValidateCertificate (string targetHost, bool serverMode, X509Certificate leaf, X509Chain chain);
 
+               /*
+                * On OS X and Mobile, the @chain will be initialized with the @certificates, but not actually built.
+                */
                bool InvokeSystemValidator (
                        string targetHost, bool serverMode, X509CertificateCollection certificates,
-                       ref MonoSslPolicyErrors errors, ref int status11);
+                       X509Chain chain, ref MonoSslPolicyErrors errors, ref int status11);
        }
 
        public static class CertificateValidationHelper
@@ -132,26 +145,20 @@ namespace Mono.Security.Interface
                        get { return supportsTrustAnchors; }
                }
 
-               static ICertificateValidator GetDefaultValidator (MonoTlsProvider provider, MonoTlsSettings settings)
-               {
-                       return (ICertificateValidator)NoReflectionHelper.GetDefaultCertificateValidator (provider, settings);
-               }
-
                /*
                 * Internal API, intended to be used by MonoTlsProvider implementations.
                 */
-               public static ICertificateValidator GetValidator (MonoTlsProvider provider, MonoTlsSettings settings)
+               internal static ICertificateValidator2 GetDefaultValidator (MonoTlsSettings settings, MonoTlsProvider provider)
                {
-                       return GetDefaultValidator (provider, settings);
+                       return (ICertificateValidator2)NoReflectionHelper.GetDefaultCertificateValidator (provider, settings);
                }
 
                /*
                 * Use this overloaded version in user code.
                 */
-               public static ICertificateValidator GetValidator (MonoTlsSettings settings)
+               public static ICertificateValidator GetValidator (MonoTlsSettings settings, MonoTlsProvider provider = null)
                {
-                       return GetDefaultValidator (null, settings);
+                       return GetDefaultValidator (settings, provider);
                }
        }
-#endif
 }
my mono mirror. check out Moved to http://github.com/mono/mono