[AppleTls]: API cleanups in preparation of the BTLS integration.

* Bump Mono to mono-4.8.0-branch commit 9437553e545f57443ccc33fe4129cbb6ac94f832. * Rename MobileCertificateHelper -> AppleCertificateHelper. All the non-Apple-specific functionality now lives in System.dll's MobileTlsContext, so it can be shared with BTLS. * Remove old src/Security/Tls sources which have been moved into System.dll a couple of weeks ago.
2016-09-29 00:57:25 +02:00 · 2016-09-29 00:57:25 +02:00 · 860704ddb4
--- a/external/mono
+++ b/external/mono
@ -1 +1 @@
-Subproject commit fc99fc4313e7afd75a4605a48b47e7d1273aefe4
+Subproject commit 9437553e545f57443ccc33fe4129cbb6ac94f832
--- a/external/watch-mono
+++ b/external/watch-mono
@ -1 +1 @@
-Subproject commit ddf9f2359da2bb0e3304f8c69b7cfc0b1d4b8d7d
+Subproject commit 9437553e545f57443ccc33fe4129cbb6ac94f832
--- a/src/Security/Tls/MobileCertificateHelper.cs
+++ b/src/Security/Tls/MobileCertificateHelper.cs
@ -1,6 +1,6 @@
 #if XAMARIN_APPLETLS
 //
-// MobileCertificateHelper.cs
+// AppleCertificateHelper.cs
 //
 // Author:
 //       Martin Baulig <martin.baulig@xamarin.com>
@ -23,7 +23,7 @@ using XamCore.Security;

 namespace XamCore.Security.Tls
 {
-	static class MobileCertificateHelper
+	static class AppleCertificateHelper
 	{
 		public static SecIdentity GetIdentity (X509Certificate certificate)
 		{
@ -65,33 +65,6 @@ namespace XamCore.Security.Tls
 			}
 		}

-		public static bool Validate (string targetHost, bool serverMode, ICertificateValidator2 validator, X509CertificateCollection certificates)
-		{
-			var result = validator.ValidateCertificate (targetHost, serverMode, certificates);
-
-			if (result != null && result.Trusted && !result.UserDenied)
-				return true;
-
-			return false;
-		}
-
-		public static X509Certificate SelectClientCertificate (string targetHost, ICertificateValidator2 validator, X509CertificateCollection clientCertificates, X509Certificate serverCertificate)
-		{
-			X509Certificate certificate;
-			var selected = validator.SelectClientCertificate (targetHost, clientCertificates, serverCertificate, null, out certificate);
-			if (selected)
-				return certificate;
-
-			if (clientCertificates == null || clientCertificates.Count == 0)
-				return null;
-
-			if (clientCertificates.Count == 1)
-				return clientCertificates [0];
-
-			// FIXME: select onne.
-			throw new NotImplementedException ();
-		}
-
 		public static bool InvokeSystemCertificateValidator (
 			ICertificateValidator2 validator, string targetHost, bool serverMode,
 			X509CertificateCollection certificates, out bool success,
--- a/src/Security/Tls/AppleTlsContext.cs
+++ b/src/Security/Tls/AppleTlsContext.cs
@ -41,8 +41,6 @@ namespace XamCore.Security.Tls
 		SslReadFunc readFunc;
 		SslWriteFunc writeFunc;

-		readonly ICertificateValidator2 certificateValidator;
-
 		SecIdentity serverIdentity;
 		SecIdentity clientIdentity;

@ -73,8 +71,6 @@ namespace XamCore.Security.Tls
 			readFunc = NativeReadCallback;
 			writeFunc = NativeWriteCallback;

-			certificateValidator = CertificateValidationHelper.GetDefaultValidator (Settings, Provider);
-
 			if (IsServer) {
 				if (serverCertificate == null)
 					throw new ArgumentNullException ("serverCertificate");
@ -175,7 +171,7 @@ namespace XamCore.Security.Tls

 			if (IsServer) {
 				SecCertificate[] intermediateCerts;
-				serverIdentity = MobileCertificateHelper.GetIdentity (LocalServerCertificate, out intermediateCerts);
+				serverIdentity = AppleCertificateHelper.GetIdentity (LocalServerCertificate, out intermediateCerts);
 				if (serverIdentity == null)
 					throw new SSA.AuthenticationException ("Unable to get server certificate from keychain.");

@ -214,10 +210,10 @@ namespace XamCore.Security.Tls
 					RequirePeerTrust ();
 					if (remoteCertificate == null)
 						throw new TlsException (AlertDescription.InternalError, "Cannot request client certificate before receiving one from the server.");
-					localClientCertificate = MobileCertificateHelper.SelectClientCertificate (TargetHost, certificateValidator, ClientCertificates, remoteCertificate);
+					localClientCertificate = SelectClientCertificate (remoteCertificate, null);
 					if (localClientCertificate == null)
 						continue;
-					clientIdentity = MobileCertificateHelper.GetIdentity (localClientCertificate);
+					clientIdentity = AppleCertificateHelper.GetIdentity (localClientCertificate);
 					if (clientIdentity == null)
 						throw new TlsException (AlertDescription.CertificateUnknown);
 					SetCertificate (clientIdentity, new SecCertificate [0]);
@ -276,7 +272,7 @@ namespace XamCore.Security.Tls

 			bool ok;
 			try {
-				ok = MobileCertificateHelper.Validate (TargetHost, IsServer, certificateValidator, certificates);
+				ok = ValidateCertificate (certificates);
 			} catch (Exception ex) {
 				Debug ("Certificate validation failed: {0}", ex);
 				throw new TlsException (AlertDescription.CertificateUnknown, "Certificate validation threw exception.");
--- a/src/Security/Tls/AppleTlsProvider.cs
+++ b/src/Security/Tls/AppleTlsProvider.cs
@ -78,7 +78,7 @@ namespace XamCore.Security.Tls
 		{
 			if (wantsChain)
 				chain = MNS.SystemCertificateValidator.CreateX509Chain (certificates);
-			return MobileCertificateHelper.InvokeSystemCertificateValidator (validator, targetHost, serverMode, certificates, out success, ref errors, ref status11);
+			return AppleCertificateHelper.InvokeSystemCertificateValidator (validator, targetHost, serverMode, certificates, out success, ref errors, ref status11);
 		}
 	}
 }
--- a/src/Security/Tls/MobileTlsProvider.cs
+++ b/src/Security/Tls/MobileTlsProvider.cs
@ -1,62 +0,0 @@
-#if XAMARIN_APPLETLS
-//
-// MobileTlsProvider.cs
-//
-// Author:
-//       Martin Baulig <martin.baulig@xamarin.com>
-//
-// Copyright (c) 2015 Xamarin, Inc.
-//
-using System;
-using System.IO;
-using System.Threading;
-using System.Threading.Tasks;
-using System.Security.Cryptography.X509Certificates;
-
-using SSA = System.Security.Authentication;
-using SslProtocols = System.Security.Authentication.SslProtocols;
-
-using Mono.Security.Interface;
-
-namespace XamCore.Security.Tls
-{
-	abstract class MobileTlsProvider : MonoTlsProvider
-	{
-		public override IMonoSslStream CreateSslStream (
-			Stream innerStream, bool leaveInnerStreamOpen,
-			MonoTlsSettings settings = null)
-		{
-			return new MobileAuthenticatedStream (innerStream, leaveInnerStreamOpen, settings, this);
-		}
-
-		internal override IMonoTlsContext CreateTlsContext (
-			string hostname, bool serverMode, TlsProtocols protocolFlags,
-			X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
-			bool remoteCertRequired, MonoEncryptionPolicy encryptionPolicy,
-			MonoTlsSettings settings)
-		{
-			throw new NotSupportedException ();
-		}
-
-		public override bool SupportsSslStream {
-			get { return true; }
-		}
-
-		public override bool SupportsMonoExtensions {
-			get { return true; }
-		}
-
-		public override bool SupportsConnectionInfo {
-			get { return true; }
-		}
-
-		public override SslProtocols SupportedProtocols {
-			get { return SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls; }
-		}
-
-		internal override bool SupportsTlsContext {
-			get { return false; }
-		}
-	}
-}
-#endif
--- a/src/Security/Tls/MobileTlsStream.cs
+++ b/src/Security/Tls/MobileTlsStream.cs
@ -1,119 +0,0 @@
-#if XAMARIN_APPLETLS
-#if XAMARIN_NO_TLS
-#error THIS SHOULD NEVER HAPPEN!!!
-#endif
-//
-// MobileTlsStream.cs
-//
-// Author:
-//       Martin Baulig <martin.baulig@xamarin.com>
-//
-// Copyright (c) 2015 Xamarin, Inc.
-//
-using System;
-using System.IO;
-using System.Linq;
-using SD = System.Diagnostics;
-using System.Collections;
-using System.Collections.Generic;
-using System.Threading;
-using System.Threading.Tasks;
-using System.Security.Cryptography.X509Certificates;
-
-using MX = Mono.Security.X509;
-using Mono.Security.Interface;
-
-namespace XamCore.Security.Tls
-{
-	abstract class MobileTlsStream : IDisposable
-	{
-		MonoTlsSettings settings;
-		MobileTlsProvider provider;
-		
-		public MobileTlsStream (MonoTlsSettings settings, MobileTlsProvider provider)
-		{
-			this.settings = settings;
-			this.provider = provider;
-		}
-
-		public MonoTlsSettings Settings {
-			get { return settings; }
-		}
-
-		public MobileTlsProvider Provider {
-			get { return provider; }
-		}
-
-		[SD.Conditional ("MARTIN_DEBUG")]
-		protected void Debug (string message, params object[] args)
-		{
-			Console.Error.WriteLine ("MobileTlsStream: {0}", string.Format (message, args));
-		}
-
-		public abstract bool HasContext {
-			get;
-		}
-
-		public abstract bool IsAuthenticated {
-			get;
-		}
-
-		public abstract bool IsServer {
-			get;
-		}
-
-		public abstract void StartHandshake ();
-
-		public abstract bool ProcessHandshake ();
-
-		public abstract void FinishHandshake ();
-
-		public abstract MonoTlsConnectionInfo ConnectionInfo {
-			get;
-		}
-
-		internal abstract X509Certificate LocalServerCertificate {
-			get;
-		}
-
-		internal abstract bool IsRemoteCertificateAvailable {
-			get;
-		}
-
-		internal abstract X509Certificate LocalClientCertificate {
-			get;
-		}
-
-		public abstract X509Certificate RemoteCertificate {
-			get;
-		}
-
-		public abstract TlsProtocols NegotiatedProtocol {
-			get;
-		}
-
-		public abstract void Flush ();
-
-		public abstract int Read (byte[] buffer, int offset, int count, out bool wantMore);
-
-		public abstract int Write (byte[] buffer, int offset, int count, out bool wantMore);
-
-		public abstract void Close ();
-
-		public void Dispose ()
-		{
-			Dispose (true);
-			GC.SuppressFinalize (this);
-		}
-
-		protected virtual void Dispose (bool disposing)
-		{
-		}
-
-		~MobileTlsStream ()
-		{
-			Dispose (false);
-		}
-	}
-}
-#endif
--- a/src/Security/Tls/MobileTlsStreamFactory.Apple.cs
+++ b/src/Security/Tls/MobileTlsStreamFactory.Apple.cs
@ -1,26 +0,0 @@
-#if XAMARIN_APPLETLS
-//
-// MobileAuthenticatedStream.cs
-//
-// Author:
-//       Martin Baulig <martin.baulig@xamarin.com>
-//
-// Copyright (c) 2015 Xamarin, Inc.
-//
-using System;
-using System.IO;
-using System.Security.Authentication;
-using System.Security.Cryptography.X509Certificates;
-using Mono.Security.Interface;
-
-namespace XamCore.Security.Tls
-{
-	static class MobileTlsStreamFactory
-	{
-		internal static MobileTlsStream CreateTlsStream (MobileAuthenticatedStream parent, MonoTlsSettings settings, MobileTlsProvider provider, bool serverMode, string targetHost, SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool clientCertRequired)
-		{
-			return new AppleTlsContext (parent, settings, provider, serverMode, targetHost, enabledProtocols, serverCertificate, clientCertificates, clientCertRequired);
-		}
-	}
-}
-#endif
--- a/src/frameworks.sources
+++ b/src/frameworks.sources
@ -1408,7 +1408,7 @@ APPLETLS_SOURCES = \
 	Security/Tls/AppleTlsContext.cs \
 	Security/Tls/AppleTlsProvider.cs \
 	Security/Tls/AppleTlsStream.cs \
-	Security/Tls/MobileCertificateHelper.cs \
+	Security/Tls/AppleCertificateHelper.cs \
 	Security/Tls/OldTlsProvider.cs \

 #