mcs/class/System/Mono.Net.Security/MobileTlsContext.cs

   1 //
   2 // MobileTlsContext.cs
   3 //
   4 // Author:
   5 //       Martin Baulig <martin.baulig@xamarin.com>
   6 //
   7 // Copyright (c) 2015 Xamarin, Inc.
   8 //
   9
  10 #if SECURITY_DEP
  11 #if MONO_SECURITY_ALIAS
  12 extern alias MonoSecurity;
  13 #endif
  14
  15 #if MONO_SECURITY_ALIAS
  16 using MonoSecurity::Mono.Security.Interface;
  17 #else
  18 using Mono.Security.Interface;
  19 #endif
  20
  21 using System;
  22 using System.IO;
  23 using SD = System.Diagnostics;
  24 using System.Collections;
  25 using System.Collections.Generic;
  26 using System.Threading;
  27 using System.Threading.Tasks;
  28 using System.Security.Authentication;
  29 using System.Security.Cryptography.X509Certificates;
  30
  31 namespace Mono.Net.Security
  32 {
  33         abstract class MobileTlsContext : IDisposable
  34         {
  35                 MobileAuthenticatedStream parent;
  36                 bool serverMode;
  37                 string targetHost;
  38                 SslProtocols enabledProtocols;
  39                 X509Certificate serverCertificate;
  40                 X509CertificateCollection clientCertificates;
  41                 bool askForClientCert;
  42                 ICertificateValidator2 certificateValidator;
  43
  44                 public MobileTlsContext (
  45                         MobileAuthenticatedStream parent, bool serverMode, string targetHost,
  46                         SslProtocols enabledProtocols, X509Certificate serverCertificate,
  47                         X509CertificateCollection clientCertificates, bool askForClientCert)
  48                 {
  49                         this.parent = parent;
  50                         this.serverMode = serverMode;
  51                         this.targetHost = targetHost;
  52                         this.enabledProtocols = enabledProtocols;
  53                         this.serverCertificate = serverCertificate;
  54                         this.clientCertificates = clientCertificates;
  55                         this.askForClientCert = askForClientCert;
  56
  57                         certificateValidator = CertificateValidationHelper.GetDefaultValidator (
  58                                 parent.Settings, parent.Provider);
  59                 }
  60
  61                 internal MobileAuthenticatedStream Parent {
  62                         get { return parent; }
  63                 }
  64
  65                 public MonoTlsSettings Settings {
  66                         get { return parent.Settings; }
  67                 }
  68
  69                 public MonoTlsProvider Provider {
  70                         get { return parent.Provider; }
  71                 }
  72
  73                 [SD.Conditional ("MARTIN_DEBUG")]
  74                 protected void Debug (string message, params object[] args)
  75                 {
  76                         Console.Error.WriteLine ("{0}: {1}", GetType ().Name, string.Format (message, args));
  77                 }
  78
  79                 public abstract bool HasContext {
  80                         get;
  81                 }
  82
  83                 public abstract bool IsAuthenticated {
  84                         get;
  85                 }
  86
  87                 public bool IsServer {
  88                         get { return serverMode; }
  89                 }
  90
  91                 protected string TargetHost {
  92                         get { return targetHost; }
  93                 }
  94
  95                 protected bool AskForClientCertificate {
  96                         get { return askForClientCert; }
  97                 }
  98
  99                 protected SslProtocols EnabledProtocols {
 100                         get { return enabledProtocols; }
 101                 }
 102
 103                 protected X509CertificateCollection ClientCertificates {
 104                         get { return clientCertificates; }
 105                 }
 106
 107                 protected void GetProtocolVersions (out TlsProtocolCode min, out TlsProtocolCode max)
 108                 {
 109                         if ((enabledProtocols & SslProtocols.Tls) != 0)
 110                                 min = TlsProtocolCode.Tls10;
 111                         else if ((enabledProtocols & SslProtocols.Tls11) != 0)
 112                                 min = TlsProtocolCode.Tls11;
 113                         else
 114                                 min = TlsProtocolCode.Tls12;
 115
 116                         if ((enabledProtocols & SslProtocols.Tls12) != 0)
 117                                 max = TlsProtocolCode.Tls12;
 118                         else if ((enabledProtocols & SslProtocols.Tls11) != 0)
 119                                 max = TlsProtocolCode.Tls11;
 120                         else
 121                                 max = TlsProtocolCode.Tls10;
 122                 }
 123
 124                 public abstract void StartHandshake ();
 125
 126                 public abstract bool ProcessHandshake ();
 127
 128                 public abstract void FinishHandshake ();
 129
 130                 public abstract MonoTlsConnectionInfo ConnectionInfo {
 131                         get;
 132                 }
 133
 134                 internal X509Certificate LocalServerCertificate {
 135                         get { return serverCertificate; }
 136                 }
 137
 138                 internal abstract bool IsRemoteCertificateAvailable {
 139                         get;
 140                 }
 141
 142                 internal abstract X509Certificate LocalClientCertificate {
 143                         get;
 144                 }
 145
 146                 public abstract X509Certificate RemoteCertificate {
 147                         get;
 148                 }
 149
 150                 public abstract TlsProtocols NegotiatedProtocol {
 151                         get;
 152                 }
 153
 154                 public abstract void Flush ();
 155
 156                 public abstract int Read (byte[] buffer, int offset, int count, out bool wantMore);
 157
 158                 public abstract int Write (byte[] buffer, int offset, int count, out bool wantMore);
 159
 160                 public abstract void Close ();
 161
 162                 protected ValidationResult ValidateCertificate (X509Certificate leaf, X509Chain chain)
 163                 {
 164                         return certificateValidator.ValidateCertificate (
 165                                 targetHost, serverMode, leaf, chain);
 166                 }
 167
 168                 protected X509Certificate SelectClientCertificate (string[] acceptableIssuers)
 169                 {
 170                         X509Certificate certificate;
 171                         var selected = certificateValidator.SelectClientCertificate (
 172                                 targetHost, clientCertificates, serverCertificate,
 173                                 null, out certificate);
 174                         if (selected)
 175                                 return certificate;
 176
 177                         if (clientCertificates == null || clientCertificates.Count == 0)
 178                                 return null;
 179
 180                         if (clientCertificates.Count == 1)
 181                                 return clientCertificates [0];
 182
 183                         // FIXME: select one.
 184                         throw new NotImplementedException ();
 185                 }
 186
 187                 public void Dispose ()
 188                 {
 189                         Dispose (true);
 190                         GC.SuppressFinalize (this);
 191                 }
 192
 193                 protected virtual void Dispose (bool disposing)
 194                 {
 195                 }
 196
 197                 ~MobileTlsContext ()
 198                 {
 199                         Dispose (false);
 200                 }
 201         }
 202 }
 203
 204 #endif