return new X509CertificateImplBtls (data, MonoBtlsX509Format.DER, false);
}
- internal static MonoBtlsX509VerifyParam GetVerifyParam (string targetHost, bool serverMode)
+ internal static MonoBtlsX509VerifyParam GetVerifyParam (MonoTlsSettings settings, string targetHost, bool serverMode)
{
MonoBtlsX509VerifyParam param;
if (serverMode)
else
param = MonoBtlsX509VerifyParam.GetSslServer ();
- if (targetHost == null)
+ if (targetHost == null && settings?.CertificateValidationTime == null)
return param;
try {
var copy = param.Copy ();
- copy.SetHost (targetHost);
+ if (targetHost != null)
+ copy.SetHost (targetHost);
+ if (settings?.CertificateValidationTime != null)
+ copy.SetTime (settings.CertificateValidationTime.Value);
return copy;
} finally {
param.Dispose ();
using (var store = new MonoBtlsX509Store ())
using (var nativeChain = MonoBtlsProvider.GetNativeChain (certificates))
- using (var param = GetVerifyParam (targetHost, serverMode))
+ using (var param = GetVerifyParam (validator.Settings, targetHost, serverMode))
using (var storeCtx = new MonoBtlsX509StoreCtx ()) {
SetupCertificateStore (store, validator.Settings, serverMode);
{
using (var store = new MonoBtlsX509Store ())
using (var storeCtx = new MonoBtlsX509StoreCtx ()) {
- SetupCertificateStore (store);
+ /*
+ * We're called from X509Certificate2.Verify() via X509CertificateImplBtls.Verify().
+ *
+ * Use the default settings and assume client-mode.
+ */
+ SetupCertificateStore (store, MonoTlsSettings.DefaultSettings, false);
storeCtx.Initialize (store, chain);
internal static void SetupCertificateStore (MonoBtlsX509Store store, MonoTlsSettings settings, bool server)
{
- if (settings?.CertificateSearchPaths == null)
- AddTrustedRoots (store, settings, server);
+ /*
+ * In server-mode, we only add certificates which are explicitly trusted via
+ * MonoTlsSettings.TrustAnchors.
+ *
+ * MonoTlsSettings.CertificateSearchPaths is ignored on Android.
+ *
+ */
#if MONODROID
- SetupCertificateStore (store);
+ AddTrustedRoots (store, settings, server);
+ if (!server)
+ SetupDefaultCertificateStore (store);
return;
#else
- if (settings?.CertificateSearchPaths == null) {
- SetupCertificateStore (store);
+ if (server || settings?.CertificateSearchPaths == null) {
+ AddTrustedRoots (store, settings, server);
+ if (!server)
+ SetupDefaultCertificateStore (store);
return;
}
foreach (var path in settings.CertificateSearchPaths) {
- if (string.Equals (path, "@default", StringComparison.Ordinal)) {
+ switch (path) {
+ case "@default":
AddTrustedRoots (store, settings, server);
AddUserStore (store);
AddMachineStore (store);
- } else if (string.Equals (path, "@user", StringComparison.Ordinal))
+ break;
+ case "@trusted":
+ AddTrustedRoots (store, settings, server);
+ break;
+ case "@user":
AddUserStore (store);
- else if (string.Equals (path, "@machine", StringComparison.Ordinal))
+ break;
+ case "@machine":
AddMachineStore (store);
- else if (string.Equals (path, "@trusted", StringComparison.Ordinal))
- AddTrustedRoots (store, settings, server);
- else if (path.StartsWith ("@pem:", StringComparison.Ordinal)) {
- var realPath = path.Substring (5);
- if (Directory.Exists (realPath))
- store.AddDirectoryLookup (realPath, MonoBtlsX509FileType.PEM);
- } else if (path.StartsWith ("@der:", StringComparison.Ordinal)) {
- var realPath = path.Substring (5);
- if (Directory.Exists (realPath))
- store.AddDirectoryLookup (realPath, MonoBtlsX509FileType.ASN1);
- } else {
- if (Directory.Exists (path))
- store.AddDirectoryLookup (path, MonoBtlsX509FileType.PEM);
+ break;
+ default:
+ if (path.StartsWith ("@pem:")) {
+ var realPath = path.Substring (5);
+ if (Directory.Exists (realPath))
+ store.AddDirectoryLookup (realPath, MonoBtlsX509FileType.PEM);
+ break;
+ } else if (path.StartsWith ("@der:")) {
+ var realPath = path.Substring (5);
+ if (Directory.Exists (realPath))
+ store.AddDirectoryLookup (realPath, MonoBtlsX509FileType.ASN1);
+ break;
+ }
+ throw new NotSupportedException (string.Format ("Invalid item `{0}' in MonoTlsSettings.CertificateSearchPaths.", path));
}
}
#endif
}
- internal static void SetupCertificateStore (MonoBtlsX509Store store)
+ static void SetupDefaultCertificateStore (MonoBtlsX509Store store)
{
#if MONODROID
store.SetDefaultPaths ();
}
}
+ internal class CFDate : INativeObject, IDisposable {
+ IntPtr handle;
+
+ internal CFDate (IntPtr handle, bool owns)
+ {
+ this.handle = handle;
+ if (!owns)
+ CFObject.CFRetain (handle);
+ }
+
+ ~CFDate ()
+ {
+ Dispose (false);
+ }
+
+ [DllImport (CFObject.CoreFoundationLibrary)]
+ extern static IntPtr CFDateCreate (IntPtr allocator, /* CFAbsoluteTime */ double at);
+
+ public static CFDate Create (DateTime date)
+ {
+ var referenceTime = new DateTime (2001, 1, 1);
+ var difference = (date - referenceTime).TotalSeconds;
+ var handle = CFDateCreate (IntPtr.Zero, difference);
+ if (handle == IntPtr.Zero)
+ throw new NotSupportedException ();
+ return new CFDate (handle, true);
+ }
+
+ public IntPtr Handle {
+ get {
+ return handle;
+ }
+ }
+
+ public void Dispose ()
+ {
+ Dispose (true);
+ GC.SuppressFinalize (this);
+ }
+
+ protected virtual void Dispose (bool disposing)
+ {
+ if (handle != IntPtr.Zero) {
+ CFObject.CFRelease (handle);
+ handle = IntPtr.Zero;
+ }
+ }
+
+ }
+
}