5 // Martin Baulig <martin.baulig@xamarin.com>
7 // Copyright (c) 2015 Xamarin, Inc.
11 #if MONO_SECURITY_ALIAS
12 extern alias MonoSecurity;
15 #if MONO_SECURITY_ALIAS
16 using MonoSecurity::Mono.Security.Interface;
18 using Mono.Security.Interface;
23 using SD = System.Diagnostics;
24 using System.Collections;
25 using System.Collections.Generic;
26 using System.Threading;
27 using System.Threading.Tasks;
28 using System.Security.Authentication;
29 using System.Security.Cryptography.X509Certificates;
31 namespace Mono.Net.Security
33 abstract class MobileTlsContext : IDisposable
35 MobileAuthenticatedStream parent;
38 SslProtocols enabledProtocols;
39 X509Certificate serverCertificate;
40 X509CertificateCollection clientCertificates;
41 bool askForClientCert;
42 ICertificateValidator2 certificateValidator;
44 public MobileTlsContext (
45 MobileAuthenticatedStream parent, bool serverMode, string targetHost,
46 SslProtocols enabledProtocols, X509Certificate serverCertificate,
47 X509CertificateCollection clientCertificates, bool askForClientCert)
50 this.serverMode = serverMode;
51 this.targetHost = targetHost;
52 this.enabledProtocols = enabledProtocols;
53 this.serverCertificate = serverCertificate;
54 this.clientCertificates = clientCertificates;
55 this.askForClientCert = askForClientCert;
57 certificateValidator = CertificateValidationHelper.GetInternalValidator (
58 parent.Settings, parent.Provider);
61 internal MobileAuthenticatedStream Parent {
62 get { return parent; }
65 public MonoTlsSettings Settings {
66 get { return parent.Settings; }
69 public MonoTlsProvider Provider {
70 get { return parent.Provider; }
73 [SD.Conditional ("MARTIN_DEBUG")]
74 protected void Debug (string message, params object[] args)
76 Console.Error.WriteLine ("{0}: {1}", GetType ().Name, string.Format (message, args));
79 public abstract bool HasContext {
83 public abstract bool IsAuthenticated {
87 public bool IsServer {
88 get { return serverMode; }
91 protected string TargetHost {
92 get { return targetHost; }
95 protected bool AskForClientCertificate {
96 get { return askForClientCert; }
99 protected SslProtocols EnabledProtocols {
100 get { return enabledProtocols; }
103 protected X509CertificateCollection ClientCertificates {
104 get { return clientCertificates; }
107 protected void GetProtocolVersions (out TlsProtocolCode min, out TlsProtocolCode max)
109 if ((enabledProtocols & SslProtocols.Tls) != 0)
110 min = TlsProtocolCode.Tls10;
111 else if ((enabledProtocols & SslProtocols.Tls11) != 0)
112 min = TlsProtocolCode.Tls11;
114 min = TlsProtocolCode.Tls12;
116 if ((enabledProtocols & SslProtocols.Tls12) != 0)
117 max = TlsProtocolCode.Tls12;
118 else if ((enabledProtocols & SslProtocols.Tls11) != 0)
119 max = TlsProtocolCode.Tls11;
121 max = TlsProtocolCode.Tls10;
124 public abstract void StartHandshake ();
126 public abstract bool ProcessHandshake ();
128 public abstract void FinishHandshake ();
130 public abstract MonoTlsConnectionInfo ConnectionInfo {
134 internal X509Certificate LocalServerCertificate {
135 get { return serverCertificate; }
138 internal abstract bool IsRemoteCertificateAvailable {
142 internal abstract X509Certificate LocalClientCertificate {
146 public abstract X509Certificate RemoteCertificate {
150 public abstract TlsProtocols NegotiatedProtocol {
154 public abstract void Flush ();
156 public abstract int Read (byte[] buffer, int offset, int count, out bool wantMore);
158 public abstract int Write (byte[] buffer, int offset, int count, out bool wantMore);
160 public abstract void Close ();
162 protected bool ValidateCertificate (X509Certificate leaf, X509Chain chain)
164 var result = certificateValidator.ValidateCertificate (TargetHost, IsServer, leaf, chain);
165 return result != null && result.Trusted && !result.UserDenied;
168 protected bool ValidateCertificate (X509CertificateCollection certificates)
170 var result = certificateValidator.ValidateCertificate (TargetHost, IsServer, certificates);
171 return result != null && result.Trusted && !result.UserDenied;
174 protected X509Certificate SelectClientCertificate (X509Certificate serverCertificate, string[] acceptableIssuers)
176 X509Certificate certificate;
177 var selected = certificateValidator.SelectClientCertificate (
178 TargetHost, ClientCertificates, serverCertificate, acceptableIssuers, out certificate);
182 if (clientCertificates == null || clientCertificates.Count == 0)
185 if (clientCertificates.Count == 1)
186 return clientCertificates [0];
188 // FIXME: select onne.
189 throw new NotImplementedException ();
192 public void Dispose ()
195 GC.SuppressFinalize (this);
198 protected virtual void Dispose (bool disposing)