projects / mono.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[Mono.Security]: Cleanup the internal ICertificateValidator2.
[mono.git] / mcs / class / System / Mono.Net.Security / ChainValidationHelper.cs
diff --git a/mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs b/mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs
index 5d2812d2738e4c51c72af55564a3e3c95356e0c4..024b86a0f72e01ff27ff37c6543b606b0bdb8fc7 100644 (file)
--- a/mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs
+++ b/mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs
@@ -44,8 +44,6 @@ using Mono.Security.Interface;
 using MSX = Mono.Security.X509;
 using Mono.Security.X509.Extensions;
 #endif
-using XX509CertificateCollection = System.Security.Cryptography.X509Certificates.X509CertificateCollection;
-using XX509Chain = System.Security.Cryptography.X509Certificates.X509Chain;
 
 using System;
 using System.Net;
@@ -77,7 +75,7 @@ namespace Mono.Net.Security
                readonly MonoTlsStream tlsStream;
                readonly HttpWebRequest request;
 
-               internal static ICertificateValidator GetDefaultValidator (MonoTlsProvider provider, MonoTlsSettings settings)
+               internal static ICertificateValidator GetInternalValidator (MonoTlsProvider provider, MonoTlsSettings settings)
                {
                        if (settings == null)
                                return new ChainValidationHelper (provider, null, false, null, null);
@@ -86,6 +84,16 @@ namespace Mono.Net.Security
                        return new ChainValidationHelper (provider, settings, false, null, null);
                }
 
+               internal static ICertificateValidator GetDefaultValidator (MonoTlsSettings settings)
+               {
+                       var provider = MonoTlsProviderFactory.GetProvider ();
+                       if (settings == null)
+                               return new ChainValidationHelper (provider, null, false, null, null);
+                       if (settings.CertificateValidator != null)
+                               throw new NotSupportedException ();
+                       return new ChainValidationHelper (provider, settings, false, null, null);
+               }
+
 #region SslStream support
 
                /*
@@ -138,6 +146,8 @@ namespace Mono.Net.Security
                                settings = MonoTlsSettings.CopyDefaultSettings ();
                        if (cloneSettings)
                                settings = settings.CloneWithValidator (this);
+                       if (provider == null)
+                               provider = MonoTlsProviderFactory.GetProvider ();
 
                        this.provider = provider;
                        this.settings = settings;
@@ -172,7 +182,7 @@ namespace Mono.Net.Security
                                certValidationCallback = ServicePointManager.ServerCertValidationCallback;
                }
 
-               static X509Certificate DefaultSelectionCallback (string targetHost, XX509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers)
+               static X509Certificate DefaultSelectionCallback (string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers)
                {
                        X509Certificate clientCertificate;
                        if (localCertificates == null || localCertificates.Count == 0)
@@ -195,7 +205,7 @@ namespace Mono.Net.Security
                }
 
                public bool SelectClientCertificate (
-                       string targetHost, XX509CertificateCollection localCertificates, X509Certificate remoteCertificate,
+                       string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate,
                        string[] acceptableIssuers, out X509Certificate clientCertificate)
                {
                        if (certSelectionCallback == null) {
@@ -207,7 +217,7 @@ namespace Mono.Net.Security
                }
 
                internal X509Certificate SelectClientCertificate (
-                       string targetHost, XX509CertificateCollection localCertificates, X509Certificate remoteCertificate,
+                       string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate,
                        string[] acceptableIssuers)
                {
                        if (certSelectionCallback == null)
@@ -217,7 +227,7 @@ namespace Mono.Net.Security
 
                internal bool ValidateClientCertificate (X509Certificate certificate, MonoSslPolicyErrors errors)
                {
-                       var certs = new XX509CertificateCollection ();
+                       var certs = new X509CertificateCollection ();
                        certs.Add (new X509Certificate2 (certificate.GetRawCertData ()));
 
                        var result = ValidateChain (string.Empty, true, certificate, null, certs, (SslPolicyErrors)errors);
@@ -227,7 +237,7 @@ namespace Mono.Net.Security
                        return result.Trusted && !result.UserDenied;
                }
 
-               public ValidationResult ValidateCertificate (string host, bool serverMode, XX509CertificateCollection certs)
+               public ValidationResult ValidateCertificate (string host, bool serverMode, X509CertificateCollection certs)
                {
                        try {
                                X509Certificate leaf;
@@ -246,10 +256,9 @@ namespace Mono.Net.Security
                        }
                }
 
-               public ValidationResult ValidateCertificate (string host, bool serverMode, X509Certificate leaf, XX509Chain xchain)
+               public ValidationResult ValidateCertificate (string host, bool serverMode, X509Certificate leaf, X509Chain chain)
                {
                        try {
-                               var chain = xchain;
                                var result = ValidateChain (host, serverMode, leaf, chain, null, 0);
                                if (tlsStream != null)
                                        tlsStream.CertificateValidationFailed = result == null || !result.Trusted || result.UserDenied;
@@ -262,7 +271,7 @@ namespace Mono.Net.Security
                }
 
                ValidationResult ValidateChain (string host, bool server, X509Certificate leaf,
-                                               X509Chain chain, XX509CertificateCollection certs,
+                                               X509Chain chain, X509CertificateCollection certs,
                                                SslPolicyErrors errors)
                {
                        var oldChain = chain;
@@ -281,7 +290,7 @@ namespace Mono.Net.Security
                }
 
                ValidationResult ValidateChain (string host, bool server, X509Certificate leaf,
-                                               ref X509Chain chain, XX509CertificateCollection certs,
+                                               ref X509Chain chain, X509CertificateCollection certs,
                                                SslPolicyErrors errors)
                {
                        // user_denied is true if the user callback is called and returns false
@@ -318,9 +327,7 @@ namespace Mono.Net.Security
                        bool providerValidated = false;
                        if (provider != null && provider.HasCustomSystemCertificateValidator) {
                                var xerrors = (MonoSslPolicyErrors)errors;
-                               var xchain = chain;
-                               providerValidated = provider.InvokeSystemCertificateValidator (this, host, server, certs, wantsChain, ref xchain, out result, ref xerrors, ref status11);
-                               chain = xchain;
+                               providerValidated = provider.InvokeSystemCertificateValidator (this, host, server, certs, wantsChain, ref chain, out result, ref xerrors, ref status11);
                                errors = (SslPolicyErrors)xerrors;
                        } else if (wantsChain) {
                                chain = SystemCertificateValidator.CreateX509Chain (certs);
@@ -353,9 +360,8 @@ namespace Mono.Net.Security
                        return new ValidationResult (result, user_denied, status11, (MonoSslPolicyErrors)errors);
                }
 
-               public bool InvokeSystemValidator (string targetHost, bool serverMode, XX509CertificateCollection certificates, XX509Chain xchain, ref MonoSslPolicyErrors xerrors, ref int status11)
+               bool InvokeSystemValidator (string targetHost, bool serverMode, X509CertificateCollection certificates, X509Chain chain, ref MonoSslPolicyErrors xerrors, ref int status11)
                {
-                       X509Chain chain = xchain;
                        var errors = (SslPolicyErrors)xerrors;
                        var result = SystemCertificateValidator.Evaluate (settings, targetHost, certificates, chain, ref errors, ref status11);
                        xerrors = (MonoSslPolicyErrors)errors;
my mono mirror. check out Moved to http://github.com/mono/mono