projects / mono.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[Mono.Security]: Add ICertificateValidator.InvokeSystemValidator().
[mono.git] / mcs / class / System / Mono.Net.Security / LegacySslStream.cs
diff --git a/mcs/class/System/Mono.Net.Security/LegacySslStream.cs b/mcs/class/System/Mono.Net.Security/LegacySslStream.cs
index c5eff6948511472d57fcc9bd43cec37dbeb9597f..5978317fc16a04ccf21b5492e100f4827d75a20e 100644 (file)
--- a/mcs/class/System/Mono.Net.Security/LegacySslStream.cs
+++ b/mcs/class/System/Mono.Net.Security/LegacySslStream.cs
@@ -83,6 +83,7 @@ namespace Mono.Net.Security
                #region Fields
 
                SslStreamBase ssl_stream;
+               MonoTlsProvider provider;
                MonoTlsSettings settings;
                ICertificateValidator certificateValidator;
 
@@ -90,21 +91,12 @@ namespace Mono.Net.Security
 
                #region Constructors
 
-               public LegacySslStream (Stream innerStream)
-                       : this (innerStream, false)
-               {
-               }
-
-               public LegacySslStream (Stream innerStream, bool leaveInnerStreamOpen)
-                       : base (innerStream, leaveInnerStreamOpen)
-               {
-               }
-
-               public LegacySslStream (Stream innerStream, bool leaveInnerStreamOpen, MonoTlsSettings settings)
+               public LegacySslStream (Stream innerStream, bool leaveInnerStreamOpen, MonoTlsProvider provider, MonoTlsSettings settings)
                        : base (innerStream, leaveInnerStreamOpen)
                {
+                       this.provider = provider;
                        this.settings = settings;
-                       this.certificateValidator = settings.CertificateValidator;
+                       this.certificateValidator = ChainValidationHelper.GetDefaultValidator (provider, settings);
                }
                #endregion // Constructors
 
@@ -366,15 +358,19 @@ namespace Mono.Net.Security
                                return null;
                        };
 
-#if MARTIN_FIXME
                        // Even if validation_callback is null this allows us to verify requests where the user
                        // does not provide a verification callback but attempts to authenticate with the website
                        // as a client (see https://bugzilla.xamarin.com/show_bug.cgi?id=18962 for an example)
-                       s.ServerCertValidation2 += (certs) => ((ChainValidationHelper)certificateValidator).ValidateChain (targetHost, certs);
+                       s.ServerCertValidation2 += (mcerts) => {
+                               X509CertificateCollection certs = null;
+                               if (mcerts != null) {
+                                       certs = new X509CertificateCollection ();
+                                       for (int i = 0; i < mcerts.Count; i++)
+                                               certs.Add (new X509Certificate2 (mcerts [i].RawData));
+                               }
+                               return ((ChainValidationHelper)certificateValidator).ValidateChain (targetHost, certs);
+                       };
                        s.ClientCertSelectionDelegate = OnCertificateSelection;
-#else
-                       throw new NotImplementedException ();
-#endif
 
                        ssl_stream = s;
 
@@ -398,7 +394,7 @@ namespace Mono.Net.Security
                        if (IsAuthenticated)
                                throw new InvalidOperationException ("This SslStream is already authenticated");
 
-                       SslServerStream s = new SslServerStream (InnerStream, serverCertificate, clientCertificateRequired, !LeaveInnerStreamOpen, GetMonoSslProtocol (enabledSslProtocols));
+                       SslServerStream s = new SslServerStream (InnerStream, serverCertificate, false, clientCertificateRequired, !LeaveInnerStreamOpen, GetMonoSslProtocol (enabledSslProtocols));
                        s.CheckCertRevocationStatus = checkCertificateRevocation;
                        // Due to the Mono.Security internal, it cannot reuse
                        // the delegated argument, as Mono.Security creates 
@@ -411,14 +407,10 @@ namespace Mono.Net.Security
                                return cert2 != null ? cert2.PrivateKey : null;
                        };
 
-#if MARTIN_FIXME
                        s.ClientCertValidationDelegate = delegate (X509Certificate cert, int[] certErrors) {
                                var errors = certErrors.Length > 0 ? MonoSslPolicyErrors.RemoteCertificateChainErrors : MonoSslPolicyErrors.None;
                                return ((ChainValidationHelper)certificateValidator).ValidateClientCertificate (cert, errors);
                        };
-#else
-                       throw new NotImplementedException ();
-#endif
 
                        ssl_stream = s;
 
my mono mirror. check out Moved to http://github.com/mono/mono