namespace Mono.Security.Interface
{
- #if (!MONOTOUCH && !MONODROID) || INSIDE_SYSTEM
public class ValidationResult
{
bool trusted;
this.policy_errors = policy_errors;
}
- internal ValidationResult (bool trusted, bool user_defined, int error_code)
+ internal ValidationResult (bool trusted, bool user_denied, int error_code)
{
this.trusted = trusted;
this.user_denied = user_denied;
this.error_code = error_code;
- this.policy_errors = policy_errors;
}
public bool Trusted {
get;
}
- X509Certificate SelectClientCertificate (
+ /*
+ * Returns `true` if a client certificate has been selected (which could be `null`).
+ */
+ bool SelectClientCertificate (
string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate,
- string[] acceptableIssuers);
+ string[] acceptableIssuers, out X509Certificate clientCertificate);
- ValidationResult ValidateChain (string targetHost, X509CertificateCollection certificates);
+ /*
+ * If @serverMode is true, then we're a server and want to validate a certificate that we received from a client.
+ */
+ ValidationResult ValidateCertificate (string targetHost, bool serverMode, X509CertificateCollection certificates);
+ }
- ValidationResult ValidateClientCertificate (X509CertificateCollection certificates);
+ internal interface ICertificateValidator2 : ICertificateValidator
+ {
+ /*
+ * Internal use only.
+ */
+ ValidationResult ValidateCertificate (string targetHost, bool serverMode, X509Certificate leaf, X509Chain chain);
+
+ /*
+ * On OS X and Mobile, the @chain will be initialized with the @certificates, but not actually built.
+ */
+ bool InvokeSystemValidator (
+ string targetHost, bool serverMode, X509CertificateCollection certificates,
+ X509Chain chain, ref MonoSslPolicyErrors errors, ref int status11);
}
public static class CertificateValidationHelper
get { return supportsTrustAnchors; }
}
- internal static ICertificateValidator GetDefaultValidator (MonoTlsSettings settings)
+ /*
+ * Internal API, intended to be used by MonoTlsProvider implementations.
+ */
+ internal static ICertificateValidator2 GetDefaultValidator (MonoTlsSettings settings, MonoTlsProvider provider)
{
- return (ICertificateValidator)NoReflectionHelper.GetDefaultCertificateValidator (settings);
+ return (ICertificateValidator2)NoReflectionHelper.GetDefaultCertificateValidator (provider, settings);
}
- public static ICertificateValidator GetValidator (MonoTlsSettings settings)
+ /*
+ * Use this overloaded version in user code.
+ */
+ public static ICertificateValidator GetValidator (MonoTlsSettings settings, MonoTlsProvider provider = null)
{
- return GetDefaultValidator (settings);
+ return GetDefaultValidator (settings, provider);
}
}
-#endif
}