public abstract class MonoTlsProvider
{
+ internal MonoTlsProvider ()
+ {
+ }
+
+ public abstract Guid ID {
+ get;
+ }
+
+ public abstract string Name {
+ get;
+ }
+
#region SslStream
/*
get;
}
+ /*
+ * Does this provider support IMonoSslStream.GetConnectionInfo() ?
+ */
+ public abstract bool SupportsConnectionInfo {
+ get;
+ }
+
/*
* Whether or not this TLS Provider supports Mono-specific extensions
* (via @MonoTlsSettings).
}
/*
- * Obtain a @MonoSslStream instance.
+ * Obtain a @IMonoSslStream instance.
*
*/
- public abstract MonoSslStream CreateSslStream (
+ public abstract IMonoSslStream CreateSslStream (
Stream innerStream, bool leaveInnerStreamOpen,
MonoTlsSettings settings = null);
#endregion
+#region Native Certificate Implementation
+
+ internal virtual bool HasNativeCertificates {
+ get { return false; }
+ }
+
+ internal virtual X509Certificate2Impl GetNativeCertificate (
+ byte[] data, string password, X509KeyStorageFlags flags)
+ {
+ throw new InvalidOperationException ();
+ }
+
+ internal virtual X509Certificate2Impl GetNativeCertificate (
+ X509Certificate certificate)
+ {
+ throw new InvalidOperationException ();
+ }
+
+#endregion
+
+#region Certificate Validation
+
+ /*
+ * Allows a TLS provider to provide a custom system certificiate validator.
+ */
+ internal virtual bool HasCustomSystemCertificateValidator {
+ get { return false; }
+ }
+
+ /*
+ * If @serverMode is true, then we're a server and want to validate a certificate
+ * that we received from a client.
+ *
+ * On OS X and Mobile, the @chain will be initialized with the @certificates, but not actually built.
+ *
+ * Returns `true` if certificate validation has been performed and `false` to invoke the
+ * default system validator.
+ */
+ internal virtual bool InvokeSystemCertificateValidator (
+ ICertificateValidator2 validator, string targetHost, bool serverMode,
+ X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain,
+ out bool success, ref MonoSslPolicyErrors errors, ref int status11)
+ {
+ throw new InvalidOperationException ();
+ }
+
+#endregion
+
#region Manged SSPI
/*
* The managed SSPI implementation from the new TLS code.
*/
- public abstract bool SupportsTlsContext {
+ internal abstract bool SupportsTlsContext {
get;
}
- public abstract IMonoTlsContext CreateTlsContext (
+ internal abstract IMonoTlsContext CreateTlsContext (
string hostname, bool serverMode, TlsProtocols protocolFlags,
X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
bool remoteCertRequired, MonoEncryptionPolicy encryptionPolicy,