[Mono.Security]: Cleanup the MonoTlsProvider's certificate validation code. (#3674)

[mono.git] / mcs / class / Mono.Security / Mono.Security.Interface / MonoTlsProvider.cs

diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsProvider.cs b/mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsProvider.cs
index b1daa60e1fc4fc0fc50fd763d440386c0aaa9252..0d7a7512d6a758659c5d10268874eaae2e726b02 100644 (file)
--- a/mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsProvider.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsProvider.cs
@@ -72,6 +72,10 @@ namespace Mono.Security.Interface
 
        public abstract class MonoTlsProvider
        {
+               internal MonoTlsProvider ()
+               {
+               }
+
                public abstract Guid ID {
                        get;
                }
@@ -91,6 +95,13 @@ namespace Mono.Security.Interface
                        get;
                }
 
+               /*
+                * Does this provider support IMonoSslStream.GetConnectionInfo() ?
+                */
+               public abstract bool SupportsConnectionInfo {
+                       get;
+               }
+
                /*
                 * Whether or not this TLS Provider supports Mono-specific extensions
                 * (via @MonoTlsSettings).
@@ -113,15 +124,27 @@ namespace Mono.Security.Interface
 
 #endregion
 
-#region Certificate Validation
+#region Native Certificate Implementation
 
-               /*
-                * Allows a TLS provider to provide a custom system certificiate validator.
-                */
-               public virtual bool HasCustomSystemCertificateValidator {
+               internal virtual bool HasNativeCertificates {
                        get { return false; }
                }
 
+               internal virtual X509Certificate2Impl GetNativeCertificate (
+                       byte[] data, string password, X509KeyStorageFlags flags)
+               {
+                       throw new InvalidOperationException ();
+               }
+
+               internal virtual X509Certificate2Impl GetNativeCertificate (
+                       X509Certificate certificate)
+               {
+                       throw new InvalidOperationException ();
+               }
+
+#endregion
+
+#region Certificate Validation
                /*
                 * If @serverMode is true, then we're a server and want to validate a certificate
                 * that we received from a client.
@@ -131,33 +154,10 @@ namespace Mono.Security.Interface
                 * Returns `true` if certificate validation has been performed and `false` to invoke the
                 * default system validator.
                 */
-               public virtual bool InvokeSystemCertificateValidator (
-                       ICertificateValidator validator, string targetHost, bool serverMode,
-                       X509CertificateCollection certificates, X509Chain chain, out bool success,
-                       ref MonoSslPolicyErrors errors, ref int status11)
-               {
-                       success = false;
-                       return false;
-               }
-
-#endregion
-
-#region Manged SSPI
-
-               /*
-                * The managed SSPI implementation from the new TLS code.
-                */
-
-               public abstract bool SupportsTlsContext {
-                       get;
-               }
-
-               public abstract IMonoTlsContext CreateTlsContext (
-                       string hostname, bool serverMode, TlsProtocols protocolFlags,
-                       X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
-                       bool remoteCertRequired, MonoEncryptionPolicy encryptionPolicy,
-                       MonoTlsSettings settings);
-
+               internal abstract bool ValidateCertificate (
+                       ICertificateValidator2 validator, string targetHost, bool serverMode,
+                       X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain,
+                       ref MonoSslPolicyErrors errors, ref int status11);
 #endregion
        }
 }