[AppleTls]: API cleanups in preparation of the BTLS integration.
* Bump Mono to mono-4.8.0-branch commit 9437553e545f57443ccc33fe4129cbb6ac94f832. * Rename MobileCertificateHelper -> AppleCertificateHelper. All the non-Apple-specific functionality now lives in System.dll's MobileTlsContext, so it can be shared with BTLS. * Remove old src/Security/Tls sources which have been moved into System.dll a couple of weeks ago.
This commit is contained in:
Родитель
6f37730293
Коммит
860704ddb4
|
@ -1 +1 @@
|
|||
Subproject commit fc99fc4313e7afd75a4605a48b47e7d1273aefe4
|
||||
Subproject commit 9437553e545f57443ccc33fe4129cbb6ac94f832
|
|
@ -1 +1 @@
|
|||
Subproject commit ddf9f2359da2bb0e3304f8c69b7cfc0b1d4b8d7d
|
||||
Subproject commit 9437553e545f57443ccc33fe4129cbb6ac94f832
|
|
@ -1,6 +1,6 @@
|
|||
#if XAMARIN_APPLETLS
|
||||
//
|
||||
// MobileCertificateHelper.cs
|
||||
// AppleCertificateHelper.cs
|
||||
//
|
||||
// Author:
|
||||
// Martin Baulig <martin.baulig@xamarin.com>
|
||||
|
@ -23,7 +23,7 @@ using XamCore.Security;
|
|||
|
||||
namespace XamCore.Security.Tls
|
||||
{
|
||||
static class MobileCertificateHelper
|
||||
static class AppleCertificateHelper
|
||||
{
|
||||
public static SecIdentity GetIdentity (X509Certificate certificate)
|
||||
{
|
||||
|
@ -65,33 +65,6 @@ namespace XamCore.Security.Tls
|
|||
}
|
||||
}
|
||||
|
||||
public static bool Validate (string targetHost, bool serverMode, ICertificateValidator2 validator, X509CertificateCollection certificates)
|
||||
{
|
||||
var result = validator.ValidateCertificate (targetHost, serverMode, certificates);
|
||||
|
||||
if (result != null && result.Trusted && !result.UserDenied)
|
||||
return true;
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public static X509Certificate SelectClientCertificate (string targetHost, ICertificateValidator2 validator, X509CertificateCollection clientCertificates, X509Certificate serverCertificate)
|
||||
{
|
||||
X509Certificate certificate;
|
||||
var selected = validator.SelectClientCertificate (targetHost, clientCertificates, serverCertificate, null, out certificate);
|
||||
if (selected)
|
||||
return certificate;
|
||||
|
||||
if (clientCertificates == null || clientCertificates.Count == 0)
|
||||
return null;
|
||||
|
||||
if (clientCertificates.Count == 1)
|
||||
return clientCertificates [0];
|
||||
|
||||
// FIXME: select onne.
|
||||
throw new NotImplementedException ();
|
||||
}
|
||||
|
||||
public static bool InvokeSystemCertificateValidator (
|
||||
ICertificateValidator2 validator, string targetHost, bool serverMode,
|
||||
X509CertificateCollection certificates, out bool success,
|
|
@ -41,8 +41,6 @@ namespace XamCore.Security.Tls
|
|||
SslReadFunc readFunc;
|
||||
SslWriteFunc writeFunc;
|
||||
|
||||
readonly ICertificateValidator2 certificateValidator;
|
||||
|
||||
SecIdentity serverIdentity;
|
||||
SecIdentity clientIdentity;
|
||||
|
||||
|
@ -73,8 +71,6 @@ namespace XamCore.Security.Tls
|
|||
readFunc = NativeReadCallback;
|
||||
writeFunc = NativeWriteCallback;
|
||||
|
||||
certificateValidator = CertificateValidationHelper.GetDefaultValidator (Settings, Provider);
|
||||
|
||||
if (IsServer) {
|
||||
if (serverCertificate == null)
|
||||
throw new ArgumentNullException ("serverCertificate");
|
||||
|
@ -175,7 +171,7 @@ namespace XamCore.Security.Tls
|
|||
|
||||
if (IsServer) {
|
||||
SecCertificate[] intermediateCerts;
|
||||
serverIdentity = MobileCertificateHelper.GetIdentity (LocalServerCertificate, out intermediateCerts);
|
||||
serverIdentity = AppleCertificateHelper.GetIdentity (LocalServerCertificate, out intermediateCerts);
|
||||
if (serverIdentity == null)
|
||||
throw new SSA.AuthenticationException ("Unable to get server certificate from keychain.");
|
||||
|
||||
|
@ -214,10 +210,10 @@ namespace XamCore.Security.Tls
|
|||
RequirePeerTrust ();
|
||||
if (remoteCertificate == null)
|
||||
throw new TlsException (AlertDescription.InternalError, "Cannot request client certificate before receiving one from the server.");
|
||||
localClientCertificate = MobileCertificateHelper.SelectClientCertificate (TargetHost, certificateValidator, ClientCertificates, remoteCertificate);
|
||||
localClientCertificate = SelectClientCertificate (remoteCertificate, null);
|
||||
if (localClientCertificate == null)
|
||||
continue;
|
||||
clientIdentity = MobileCertificateHelper.GetIdentity (localClientCertificate);
|
||||
clientIdentity = AppleCertificateHelper.GetIdentity (localClientCertificate);
|
||||
if (clientIdentity == null)
|
||||
throw new TlsException (AlertDescription.CertificateUnknown);
|
||||
SetCertificate (clientIdentity, new SecCertificate [0]);
|
||||
|
@ -276,7 +272,7 @@ namespace XamCore.Security.Tls
|
|||
|
||||
bool ok;
|
||||
try {
|
||||
ok = MobileCertificateHelper.Validate (TargetHost, IsServer, certificateValidator, certificates);
|
||||
ok = ValidateCertificate (certificates);
|
||||
} catch (Exception ex) {
|
||||
Debug ("Certificate validation failed: {0}", ex);
|
||||
throw new TlsException (AlertDescription.CertificateUnknown, "Certificate validation threw exception.");
|
||||
|
|
|
@ -78,7 +78,7 @@ namespace XamCore.Security.Tls
|
|||
{
|
||||
if (wantsChain)
|
||||
chain = MNS.SystemCertificateValidator.CreateX509Chain (certificates);
|
||||
return MobileCertificateHelper.InvokeSystemCertificateValidator (validator, targetHost, serverMode, certificates, out success, ref errors, ref status11);
|
||||
return AppleCertificateHelper.InvokeSystemCertificateValidator (validator, targetHost, serverMode, certificates, out success, ref errors, ref status11);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,62 +0,0 @@
|
|||
#if XAMARIN_APPLETLS
|
||||
//
|
||||
// MobileTlsProvider.cs
|
||||
//
|
||||
// Author:
|
||||
// Martin Baulig <martin.baulig@xamarin.com>
|
||||
//
|
||||
// Copyright (c) 2015 Xamarin, Inc.
|
||||
//
|
||||
using System;
|
||||
using System.IO;
|
||||
using System.Threading;
|
||||
using System.Threading.Tasks;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
|
||||
using SSA = System.Security.Authentication;
|
||||
using SslProtocols = System.Security.Authentication.SslProtocols;
|
||||
|
||||
using Mono.Security.Interface;
|
||||
|
||||
namespace XamCore.Security.Tls
|
||||
{
|
||||
abstract class MobileTlsProvider : MonoTlsProvider
|
||||
{
|
||||
public override IMonoSslStream CreateSslStream (
|
||||
Stream innerStream, bool leaveInnerStreamOpen,
|
||||
MonoTlsSettings settings = null)
|
||||
{
|
||||
return new MobileAuthenticatedStream (innerStream, leaveInnerStreamOpen, settings, this);
|
||||
}
|
||||
|
||||
internal override IMonoTlsContext CreateTlsContext (
|
||||
string hostname, bool serverMode, TlsProtocols protocolFlags,
|
||||
X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
|
||||
bool remoteCertRequired, MonoEncryptionPolicy encryptionPolicy,
|
||||
MonoTlsSettings settings)
|
||||
{
|
||||
throw new NotSupportedException ();
|
||||
}
|
||||
|
||||
public override bool SupportsSslStream {
|
||||
get { return true; }
|
||||
}
|
||||
|
||||
public override bool SupportsMonoExtensions {
|
||||
get { return true; }
|
||||
}
|
||||
|
||||
public override bool SupportsConnectionInfo {
|
||||
get { return true; }
|
||||
}
|
||||
|
||||
public override SslProtocols SupportedProtocols {
|
||||
get { return SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls; }
|
||||
}
|
||||
|
||||
internal override bool SupportsTlsContext {
|
||||
get { return false; }
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
|
@ -1,119 +0,0 @@
|
|||
#if XAMARIN_APPLETLS
|
||||
#if XAMARIN_NO_TLS
|
||||
#error THIS SHOULD NEVER HAPPEN!!!
|
||||
#endif
|
||||
//
|
||||
// MobileTlsStream.cs
|
||||
//
|
||||
// Author:
|
||||
// Martin Baulig <martin.baulig@xamarin.com>
|
||||
//
|
||||
// Copyright (c) 2015 Xamarin, Inc.
|
||||
//
|
||||
using System;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using SD = System.Diagnostics;
|
||||
using System.Collections;
|
||||
using System.Collections.Generic;
|
||||
using System.Threading;
|
||||
using System.Threading.Tasks;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
|
||||
using MX = Mono.Security.X509;
|
||||
using Mono.Security.Interface;
|
||||
|
||||
namespace XamCore.Security.Tls
|
||||
{
|
||||
abstract class MobileTlsStream : IDisposable
|
||||
{
|
||||
MonoTlsSettings settings;
|
||||
MobileTlsProvider provider;
|
||||
|
||||
public MobileTlsStream (MonoTlsSettings settings, MobileTlsProvider provider)
|
||||
{
|
||||
this.settings = settings;
|
||||
this.provider = provider;
|
||||
}
|
||||
|
||||
public MonoTlsSettings Settings {
|
||||
get { return settings; }
|
||||
}
|
||||
|
||||
public MobileTlsProvider Provider {
|
||||
get { return provider; }
|
||||
}
|
||||
|
||||
[SD.Conditional ("MARTIN_DEBUG")]
|
||||
protected void Debug (string message, params object[] args)
|
||||
{
|
||||
Console.Error.WriteLine ("MobileTlsStream: {0}", string.Format (message, args));
|
||||
}
|
||||
|
||||
public abstract bool HasContext {
|
||||
get;
|
||||
}
|
||||
|
||||
public abstract bool IsAuthenticated {
|
||||
get;
|
||||
}
|
||||
|
||||
public abstract bool IsServer {
|
||||
get;
|
||||
}
|
||||
|
||||
public abstract void StartHandshake ();
|
||||
|
||||
public abstract bool ProcessHandshake ();
|
||||
|
||||
public abstract void FinishHandshake ();
|
||||
|
||||
public abstract MonoTlsConnectionInfo ConnectionInfo {
|
||||
get;
|
||||
}
|
||||
|
||||
internal abstract X509Certificate LocalServerCertificate {
|
||||
get;
|
||||
}
|
||||
|
||||
internal abstract bool IsRemoteCertificateAvailable {
|
||||
get;
|
||||
}
|
||||
|
||||
internal abstract X509Certificate LocalClientCertificate {
|
||||
get;
|
||||
}
|
||||
|
||||
public abstract X509Certificate RemoteCertificate {
|
||||
get;
|
||||
}
|
||||
|
||||
public abstract TlsProtocols NegotiatedProtocol {
|
||||
get;
|
||||
}
|
||||
|
||||
public abstract void Flush ();
|
||||
|
||||
public abstract int Read (byte[] buffer, int offset, int count, out bool wantMore);
|
||||
|
||||
public abstract int Write (byte[] buffer, int offset, int count, out bool wantMore);
|
||||
|
||||
public abstract void Close ();
|
||||
|
||||
public void Dispose ()
|
||||
{
|
||||
Dispose (true);
|
||||
GC.SuppressFinalize (this);
|
||||
}
|
||||
|
||||
protected virtual void Dispose (bool disposing)
|
||||
{
|
||||
}
|
||||
|
||||
~MobileTlsStream ()
|
||||
{
|
||||
Dispose (false);
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
|
@ -1,26 +0,0 @@
|
|||
#if XAMARIN_APPLETLS
|
||||
//
|
||||
// MobileAuthenticatedStream.cs
|
||||
//
|
||||
// Author:
|
||||
// Martin Baulig <martin.baulig@xamarin.com>
|
||||
//
|
||||
// Copyright (c) 2015 Xamarin, Inc.
|
||||
//
|
||||
using System;
|
||||
using System.IO;
|
||||
using System.Security.Authentication;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
using Mono.Security.Interface;
|
||||
|
||||
namespace XamCore.Security.Tls
|
||||
{
|
||||
static class MobileTlsStreamFactory
|
||||
{
|
||||
internal static MobileTlsStream CreateTlsStream (MobileAuthenticatedStream parent, MonoTlsSettings settings, MobileTlsProvider provider, bool serverMode, string targetHost, SslProtocols enabledProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool clientCertRequired)
|
||||
{
|
||||
return new AppleTlsContext (parent, settings, provider, serverMode, targetHost, enabledProtocols, serverCertificate, clientCertificates, clientCertRequired);
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
|
@ -1408,7 +1408,7 @@ APPLETLS_SOURCES = \
|
|||
Security/Tls/AppleTlsContext.cs \
|
||||
Security/Tls/AppleTlsProvider.cs \
|
||||
Security/Tls/AppleTlsStream.cs \
|
||||
Security/Tls/MobileCertificateHelper.cs \
|
||||
Security/Tls/AppleCertificateHelper.cs \
|
||||
Security/Tls/OldTlsProvider.cs \
|
||||
|
||||
#
|
||||
|
|
Загрузка…
Ссылка в новой задаче