5 // Martin Baulig <martin.baulig@xamarin.com>
7 // Copyright (c) 2015 Xamarin, Inc.
11 #if MONO_SECURITY_ALIAS
12 extern alias MonoSecurity;
15 #if MONO_SECURITY_ALIAS
16 using MonoSecurity::Mono.Security.Interface;
18 using Mono.Security.Interface;
23 using SD = System.Diagnostics;
24 using System.Collections;
25 using System.Collections.Generic;
26 using System.Threading;
27 using System.Threading.Tasks;
28 using System.Security.Authentication;
29 using System.Security.Cryptography.X509Certificates;
31 namespace Mono.Net.Security
33 abstract class MobileTlsContext : IDisposable
35 MobileAuthenticatedStream parent;
38 SslProtocols enabledProtocols;
39 X509Certificate serverCertificate;
40 X509CertificateCollection clientCertificates;
41 bool askForClientCert;
42 ICertificateValidator2 certificateValidator;
44 public MobileTlsContext (
45 MobileAuthenticatedStream parent, bool serverMode, string targetHost,
46 SslProtocols enabledProtocols, X509Certificate serverCertificate,
47 X509CertificateCollection clientCertificates, bool askForClientCert)
50 this.serverMode = serverMode;
51 this.targetHost = targetHost;
52 this.enabledProtocols = enabledProtocols;
53 this.serverCertificate = serverCertificate;
54 this.clientCertificates = clientCertificates;
55 this.askForClientCert = askForClientCert;
57 certificateValidator = CertificateValidationHelper.GetDefaultValidator (
58 parent.Settings, parent.Provider);
61 internal MobileAuthenticatedStream Parent {
62 get { return parent; }
65 public MonoTlsSettings Settings {
66 get { return parent.Settings; }
69 public MonoTlsProvider Provider {
70 get { return parent.Provider; }
73 [SD.Conditional ("MARTIN_DEBUG")]
74 protected void Debug (string message, params object[] args)
76 Console.Error.WriteLine ("{0}: {1}", GetType ().Name, string.Format (message, args));
79 public abstract bool HasContext {
83 public abstract bool IsAuthenticated {
87 public bool IsServer {
88 get { return serverMode; }
91 protected string TargetHost {
92 get { return targetHost; }
95 protected bool AskForClientCertificate {
96 get { return askForClientCert; }
99 protected SslProtocols EnabledProtocols {
100 get { return enabledProtocols; }
103 protected X509CertificateCollection ClientCertificates {
104 get { return clientCertificates; }
107 protected void GetProtocolVersions (out TlsProtocolCode min, out TlsProtocolCode max)
109 if ((enabledProtocols & SslProtocols.Tls) != 0)
110 min = TlsProtocolCode.Tls10;
111 else if ((enabledProtocols & SslProtocols.Tls11) != 0)
112 min = TlsProtocolCode.Tls11;
114 min = TlsProtocolCode.Tls12;
116 if ((enabledProtocols & SslProtocols.Tls12) != 0)
117 max = TlsProtocolCode.Tls12;
118 else if ((enabledProtocols & SslProtocols.Tls11) != 0)
119 max = TlsProtocolCode.Tls11;
121 max = TlsProtocolCode.Tls10;
124 public abstract void StartHandshake ();
126 public abstract bool ProcessHandshake ();
128 public abstract void FinishHandshake ();
130 public abstract MonoTlsConnectionInfo ConnectionInfo {
134 internal X509Certificate LocalServerCertificate {
135 get { return serverCertificate; }
138 internal abstract bool IsRemoteCertificateAvailable {
142 internal abstract X509Certificate LocalClientCertificate {
146 public abstract X509Certificate RemoteCertificate {
150 public abstract TlsProtocols NegotiatedProtocol {
154 public abstract void Flush ();
156 public abstract int Read (byte[] buffer, int offset, int count, out bool wantMore);
158 public abstract int Write (byte[] buffer, int offset, int count, out bool wantMore);
160 public abstract void Close ();
162 protected ValidationResult ValidateCertificate (X509Certificate leaf, X509Chain chain)
164 return certificateValidator.ValidateCertificate (
165 targetHost, serverMode, leaf, chain);
168 protected X509Certificate SelectClientCertificate (string[] acceptableIssuers)
170 X509Certificate certificate;
171 var selected = certificateValidator.SelectClientCertificate (
172 targetHost, clientCertificates, serverCertificate,
173 null, out certificate);
177 if (clientCertificates == null || clientCertificates.Count == 0)
180 if (clientCertificates.Count == 1)
181 return clientCertificates [0];
183 // FIXME: select one.
184 throw new NotImplementedException ();
187 public void Dispose ()
190 GC.SuppressFinalize (this);
193 protected virtual void Dispose (bool disposing)