[AppleTls]: Send server certificate and all intermediates.
(cherry picked from commit 5f063a6a2e603ea9e4384f5f2d3f22628115b014) (cherry picked from commit bf9b64e6ec8a3b07c346db8909058ddb5e7eff81)
This commit is contained in:
Родитель
18284e9e20
Коммит
6ef1390a5c
|
@ -93,7 +93,7 @@ namespace XamCore.Security {
|
|||
* Using 'XAMARIN_APPLETLS' as a conditional because 'XAMCORE_2_0' is
|
||||
* defined for tvos and watch, which have a recent-enough runtime.
|
||||
*/
|
||||
handle = certificate.Handle;
|
||||
handle = certificate.Impl.GetNativeAppleCertificate ();
|
||||
if (handle != IntPtr.Zero) {
|
||||
CFObject.CFRetain (handle);
|
||||
return;
|
||||
|
@ -105,13 +105,28 @@ namespace XamCore.Security {
|
|||
}
|
||||
}
|
||||
|
||||
#if XAMARIN_APPLETLS
|
||||
internal SecCertificate (X509CertificateImpl impl)
|
||||
{
|
||||
handle = impl.GetNativeAppleCertificate ();
|
||||
if (handle != IntPtr.Zero) {
|
||||
CFObject.CFRetain (handle);
|
||||
return;
|
||||
}
|
||||
|
||||
using (NSData cert = NSData.FromArray (impl.GetRawCertData ())) {
|
||||
Initialize (cert);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
public SecCertificate (X509Certificate2 certificate)
|
||||
{
|
||||
if (certificate == null)
|
||||
throw new ArgumentNullException ("certificate");
|
||||
|
||||
#if XAMARIN_APPLETLS
|
||||
handle = certificate.Handle;
|
||||
handle = certificate.Impl.GetNativeAppleCertificate ();
|
||||
if (handle != IntPtr.Zero) {
|
||||
CFObject.CFRetain (handle);
|
||||
return;
|
||||
|
|
|
@ -173,10 +173,14 @@ namespace XamCore.Security.Tls
|
|||
SetSessionOption (SslSessionOption.BreakOnServerAuth, true);
|
||||
|
||||
if (IsServer) {
|
||||
serverIdentity = MobileCertificateHelper.GetIdentity (LocalServerCertificate);
|
||||
SecCertificate[] intermediateCerts;
|
||||
serverIdentity = MobileCertificateHelper.GetIdentity (LocalServerCertificate, out intermediateCerts);
|
||||
if (serverIdentity == null)
|
||||
throw new SSA.AuthenticationException ("Unable to get server certificate from keychain.");
|
||||
SetCertificate (serverIdentity, new SecCertificate [0]);
|
||||
|
||||
SetCertificate (serverIdentity, intermediateCerts);
|
||||
for (int i = 0; i < intermediateCerts.Length; i++)
|
||||
intermediateCerts [i].Dispose ();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -43,6 +43,28 @@ namespace XamCore.Security.Tls
|
|||
}
|
||||
}
|
||||
|
||||
public static SecIdentity GetIdentity (X509Certificate certificate, out SecCertificate[] intermediateCerts)
|
||||
{
|
||||
var identity = GetIdentity (certificate);
|
||||
|
||||
var impl2 = certificate.Impl as X509Certificate2Impl;
|
||||
if (impl2 == null || impl2.IntermediateCertificates == null) {
|
||||
intermediateCerts = new SecCertificate [0];
|
||||
return identity;
|
||||
}
|
||||
|
||||
try {
|
||||
intermediateCerts = new SecCertificate [impl2.IntermediateCertificates.Count];
|
||||
for (int i = 0; i < intermediateCerts.Length; i++)
|
||||
intermediateCerts [i] = new SecCertificate (impl2.IntermediateCertificates [i]);
|
||||
|
||||
return identity;
|
||||
} catch {
|
||||
identity.Dispose ();
|
||||
throw;
|
||||
}
|
||||
}
|
||||
|
||||
public static bool Validate (string targetHost, bool serverMode, ICertificateValidator2 validator, X509CertificateCollection certificates)
|
||||
{
|
||||
var result = validator.ValidateCertificate (targetHost, serverMode, certificates);
|
||||
|
|
Загрузка…
Ссылка в новой задаче