[Mono.Security]: Cleanup the MonoTlsProvider's certificate validation code. (#3674)

[mono.git] / mcs / class / Mono.Security / Mono.Security.Interface / MonoTlsProvider.cs

diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsProvider.cs b/mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsProvider.cs
index 14dc1d440990e198e4f625fccceb8a450636f113..0d7a7512d6a758659c5d10268874eaae2e726b02 100644 (file)
--- a/mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsProvider.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsProvider.cs
@@ -72,6 +72,18 @@ namespace Mono.Security.Interface
 
        public abstract class MonoTlsProvider
        {
+               internal MonoTlsProvider ()
+               {
+               }
+
+               public abstract Guid ID {
+                       get;
+               }
+
+               public abstract string Name {
+                       get;
+               }
+
 #region SslStream
 
                /*
@@ -83,6 +95,13 @@ namespace Mono.Security.Interface
                        get;
                }
 
+               /*
+                * Does this provider support IMonoSslStream.GetConnectionInfo() ?
+                */
+               public abstract bool SupportsConnectionInfo {
+                       get;
+               }
+
                /*
                 * Whether or not this TLS Provider supports Mono-specific extensions
                 * (via @MonoTlsSettings).
@@ -96,31 +115,49 @@ namespace Mono.Security.Interface
                }
 
                /*
-                * Obtain a @MonoSslStream instance.
+                * Obtain a @IMonoSslStream instance.
                 *
                 */
-               public abstract MonoSslStream CreateSslStream (
+               public abstract IMonoSslStream CreateSslStream (
                        Stream innerStream, bool leaveInnerStreamOpen,
                        MonoTlsSettings settings = null);
 
 #endregion
 
-#region Manged SSPI
+#region Native Certificate Implementation
 
-               /*
-                * The managed SSPI implementation from the new TLS code.
-                */
+               internal virtual bool HasNativeCertificates {
+                       get { return false; }
+               }
 
-               public abstract bool SupportsTlsContext {
-                       get;
+               internal virtual X509Certificate2Impl GetNativeCertificate (
+                       byte[] data, string password, X509KeyStorageFlags flags)
+               {
+                       throw new InvalidOperationException ();
+               }
+
+               internal virtual X509Certificate2Impl GetNativeCertificate (
+                       X509Certificate certificate)
+               {
+                       throw new InvalidOperationException ();
                }
 
-               public abstract IMonoTlsContext CreateTlsContext (
-                       string hostname, bool serverMode, TlsProtocols protocolFlags,
-                       X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
-                       bool remoteCertRequired, MonoEncryptionPolicy encryptionPolicy,
-                       MonoTlsSettings settings);
+#endregion
 
+#region Certificate Validation
+               /*
+                * If @serverMode is true, then we're a server and want to validate a certificate
+                * that we received from a client.
+                *
+                * On OS X and Mobile, the @chain will be initialized with the @certificates, but not actually built.
+                *
+                * Returns `true` if certificate validation has been performed and `false` to invoke the
+                * default system validator.
+                */
+               internal abstract bool ValidateCertificate (
+                       ICertificateValidator2 validator, string targetHost, bool serverMode,
+                       X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain,
+                       ref MonoSslPolicyErrors errors, ref int status11);
 #endregion
        }
 }