[Security] Add Support for DotNet Attributes Part 3 (#12521)

2021-08-31 16:33:18 -05:00 · 2021-08-31 16:33:18 -05:00 · ef0667dcb0
--- a/src/Security/SecStatusCodeExtensions.cs
+++ b/src/Security/SecStatusCodeExtensions.cs
@ -11,17 +11,28 @@ using System;
 using System.Runtime.InteropServices;
 using ObjCRuntime;
 using Foundation;
+using System.Runtime.Versioning;

 namespace Security {
 	public static class SecStatusCodeExtensions {

+#if !NET
 		[iOS (11,3), TV (11,3), Watch (4,3)]
+#else
+		[SupportedOSPlatform ("ios11.3")]
+		[SupportedOSPlatform ("tvos11.3")]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		extern static /* CFStringRef */ IntPtr SecCopyErrorMessageString (
 			/* OSStatus */ SecStatusCode status,
 			/* void * */ IntPtr reserved); /* always null */

+#if !NET
 		[iOS (11,3), TV (11,3), Watch (4,3)] // Since Mac 10,3
+#else
+		[SupportedOSPlatform ("ios11.3")]
+		[SupportedOSPlatform ("tvos11.3")]
+#endif
 		public static string GetStatusDescription (this SecStatusCode status)
 		{
 			var ret = SecCopyErrorMessageString (status, IntPtr.Zero);
--- a/src/Security/SecTrust.cs
+++ b/src/Security/SecTrust.cs
@ -12,6 +12,7 @@ using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Runtime.InteropServices;
+using System.Runtime.Versioning;
 using System.Security;
 using System.Security.Cryptography.X509Certificates;
 using ObjCRuntime;
@ -33,11 +34,15 @@ namespace Security {
 			Initialize (certificate.Handle, policy);
 		}

+#if !NET
 		[iOS (7,0)]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		extern static SecStatusCode /* OSStatus */ SecTrustCopyPolicies (IntPtr /* SecTrustRef */ trust, ref IntPtr /* CFArrayRef* */ policies);

+#if !NET
 		[iOS (7,0)]
+#endif
 		public SecPolicy[] GetPolicies ()
 		{
 			IntPtr p = IntPtr.Zero;
@ -83,15 +88,21 @@ namespace Security {
 			SetPolicies (policies.Handle);
 		}

+#if !NET
 		[iOS (7,0)][Mac (10,9)]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		extern static SecStatusCode /* OSStatus */ SecTrustGetNetworkFetchAllowed (IntPtr /* SecTrustRef */ trust, [MarshalAs (UnmanagedType.I1)] out bool /* Boolean* */ allowFetch);

+#if !NET
 		[iOS (7,0)][Mac (10,9)]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		extern static SecStatusCode /* OSStatus */ SecTrustSetNetworkFetchAllowed (IntPtr /* SecTrustRef */ trust, [MarshalAs (UnmanagedType.I1)] bool /* Boolean */ allowFetch);

+#if !NET
 		[iOS (7,0)][Mac (10,9)]
+#endif
 		public bool NetworkFetchAllowed {
 			get {
 				bool value;
@ -107,11 +118,15 @@ namespace Security {
 			}
 		}

+#if !NET
 		[iOS (7,0)]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		extern static SecStatusCode /* OSStatus */ SecTrustCopyCustomAnchorCertificates (IntPtr /* SecTrustRef */ trust, out IntPtr /* CFArrayRef* */ anchors);

+#if !NET
 		[iOS (7,0)]
+#endif
 		public SecCertificate[] GetCustomAnchorCertificates  ()
 		{
 			IntPtr p;
@ -121,11 +136,26 @@ namespace Security {
 			return NSArray.ArrayFromHandle<SecCertificate> (p);
 		}

+#if !NET
 		[iOS (7,0)]
+#endif
+#if !NET
 		[Deprecated (PlatformName.MacOSX, 10,15, message: "Use 'Evaluate (DispatchQueue, SecTrustWithErrorCallback)' instead.")]
 		[Deprecated (PlatformName.iOS, 13,0, message: "Use 'Evaluate (DispatchQueue, SecTrustWithErrorCallback)' instead.")]
 		[Deprecated (PlatformName.WatchOS, 6,0, message: "Use 'Evaluate (DispatchQueue, SecTrustWithErrorCallback)' instead.")]
 		[Deprecated (PlatformName.TvOS, 13,0, message: "Use 'Evaluate (DispatchQueue, SecTrustWithErrorCallback)' instead.")]
+#else
+		[UnsupportedOSPlatform ("ios13.0")]
+		[UnsupportedOSPlatform ("tvos13.0")]
+		[UnsupportedOSPlatform ("macos10.15")]
+#if IOS
+		[Obsolete ("Starting with ios13.0 use 'Evaluate (DispatchQueue, SecTrustWithErrorCallback)' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#elif TVOS
+		[Obsolete ("Starting with tvos13.0 use 'Evaluate (DispatchQueue, SecTrustWithErrorCallback)' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#elif MONOMAC
+		[Obsolete ("Starting with macos10.15 use 'Evaluate (DispatchQueue, SecTrustWithErrorCallback)' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#endif
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		extern static SecStatusCode /* OSStatus */ SecTrustEvaluateAsync (IntPtr /* SecTrustRef */ trust, IntPtr /* dispatch_queue_t */ queue, ref BlockLiteral block);

@ -142,11 +172,26 @@ namespace Security {
 			}
 		}

+#if !NET
 		[iOS (7,0)]
+#endif
+#if !NET
 		[Deprecated (PlatformName.MacOSX, 10,15, message: "Use 'Evaluate (DispatchQueue, SecTrustWithErrorCallback)' instead.")]
 		[Deprecated (PlatformName.iOS, 13,0, message: "Use 'Evaluate (DispatchQueue, SecTrustWithErrorCallback)' instead.")]
 		[Deprecated (PlatformName.WatchOS, 6,0, message: "Use 'Evaluate (DispatchQueue, SecTrustWithErrorCallback)' instead.")]
 		[Deprecated (PlatformName.TvOS, 13,0, message: "Use 'Evaluate (DispatchQueue, SecTrustWithErrorCallback)' instead.")]
+#else
+		[UnsupportedOSPlatform ("ios13.0")]
+		[UnsupportedOSPlatform ("tvos13.0")]
+		[UnsupportedOSPlatform ("macos10.15")]
+#if IOS
+		[Obsolete ("Starting with ios13.0 use 'Evaluate (DispatchQueue, SecTrustWithErrorCallback)' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#elif TVOS
+		[Obsolete ("Starting with tvos13.0 use 'Evaluate (DispatchQueue, SecTrustWithErrorCallback)' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#elif MONOMAC
+		[Obsolete ("Starting with macos10.15 use 'Evaluate (DispatchQueue, SecTrustWithErrorCallback)' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#endif
+#endif
 		// not always async (so suffix is removed)
 		[BindingImpl (BindingImplOptions.Optimizable)]
 		public SecStatusCode Evaluate (DispatchQueue queue, SecTrustCallback handler)
@ -167,7 +212,13 @@ namespace Security {
 			}
 		}

+#if !NET
 		[Watch (6,0), TV (13,0), Mac (10,15), iOS (13,0)]
+#else
+		[SupportedOSPlatform ("ios13.0")]
+		[SupportedOSPlatform ("tvos13.0")]
+		[SupportedOSPlatform ("macos10.15")]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		static extern SecStatusCode SecTrustEvaluateAsyncWithError (IntPtr /* SecTrustRef */ trust, IntPtr /* dispatch_queue_t */ queue, ref BlockLiteral block);

@ -185,7 +236,13 @@ namespace Security {
 			}
 		}

+#if !NET
 		[Watch (6,0), TV (13,0), Mac (10,15), iOS (13,0)]
+#else
+		[SupportedOSPlatform ("ios13.0")]
+		[SupportedOSPlatform ("tvos13.0")]
+		[SupportedOSPlatform ("macos10.15")]
+#endif
 		// not always async (so suffix is removed)
 		[BindingImpl (BindingImplOptions.Optimizable)]
 		public SecStatusCode Evaluate (DispatchQueue queue, SecTrustWithErrorCallback handler)
@ -205,11 +262,15 @@ namespace Security {
 			}
 		}

+#if !NET
 		[iOS (7,0)]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		extern static SecStatusCode /* OSStatus */ SecTrustGetTrustResult (IntPtr /* SecTrustRef */ trust, out SecTrustResult /* SecTrustResultType */ result);

+#if !NET
 		[iOS (7,0)]
+#endif
 		public SecTrustResult GetTrustResult ()
 		{
 			SecTrustResult trust_result;
@ -219,12 +280,24 @@ namespace Security {
 			return trust_result;
 		}

+#if !NET
 		[Watch (5,0)][TV (12,0)][Mac (10,14)][iOS (12,0)]
+#else
+		[SupportedOSPlatform ("ios12.0")]
+		[SupportedOSPlatform ("tvos12.0")]
+		[SupportedOSPlatform ("macos10.14")]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		[return: MarshalAs (UnmanagedType.U1)]
 		static extern bool SecTrustEvaluateWithError (/* SecTrustRef */ IntPtr trust, out /* CFErrorRef** */ IntPtr error);

+#if !NET
 		[Watch (5,0)][TV (12,0)][Mac (10,14)][iOS (12,0)]
+#else
+		[SupportedOSPlatform ("ios12.0")]
+		[SupportedOSPlatform ("tvos12.0")]
+		[SupportedOSPlatform ("macos10.14")]
+#endif
 		public bool Evaluate (out NSError error)
 		{
 			var result = SecTrustEvaluateWithError (handle, out var err);
@ -232,22 +305,30 @@ namespace Security {
 			return result;
 		}

+#if !NET
 		[iOS (7,0)][Mac (10,9)]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		extern static IntPtr /* CFDictionaryRef */ SecTrustCopyResult (IntPtr /* SecTrustRef */ trust);

+#if !NET
 		[iOS (7,0)][Mac (10,9)]
+#endif
 		public NSDictionary GetResult ()
 		{
 			return new NSDictionary (SecTrustCopyResult (handle), true);
 		}

+#if !NET
 		[iOS (7,0)][Mac (10,9)]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		extern static SecStatusCode /* OSStatus */ SecTrustSetOCSPResponse (IntPtr /* SecTrustRef */ trust, IntPtr /* CFTypeRef */ responseData);

 		// the API accept the handle for a single policy or an array of them
+#if !NET
 		[Mac (10,9)]
+#endif
 		void SetOCSPResponse (IntPtr ocsp)
 		{
 			SecStatusCode result = SecTrustSetOCSPResponse (handle, ocsp);
@ -255,7 +336,9 @@ namespace Security {
 				throw new InvalidOperationException (result.ToString ());
 		}

+#if !NET
 		[iOS (7,0)]
+#endif
 		public void SetOCSPResponse (NSData ocspResponse)
 		{
 			if (ocspResponse == null)
@ -264,7 +347,9 @@ namespace Security {
 			SetOCSPResponse (ocspResponse.Handle);
 		}

+#if !NET
 		[iOS (7,0)]
+#endif
 		public void SetOCSPResponse (IEnumerable<NSData> ocspResponses)
 		{
 			if (ocspResponses == null)
@ -274,7 +359,9 @@ namespace Security {
 				SetOCSPResponse (array.Handle);
 		}

+#if !NET
 		[iOS (7,0)]
+#endif
 		public void SetOCSPResponse (NSArray ocspResponses)
 		{
 			if (ocspResponses == null)
@ -283,17 +370,29 @@ namespace Security {
 			SetOCSPResponse (ocspResponses.Handle);
 		}

+#if !NET
 		[iOS (12,1,1)]
 		[Watch (5,1,1)]
 		[TV (12,1,1)]
 		[Mac (10,14,2)]
+#else
+		[SupportedOSPlatform ("ios12.1.1")]
+		[SupportedOSPlatform ("tvos12.1.1")]
+		[SupportedOSPlatform ("macos10.14.2")]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		static extern SecStatusCode /* OSStatus */ SecTrustSetSignedCertificateTimestamps (/* SecTrustRef* */ IntPtr trust, /* CFArrayRef* */ IntPtr sctArray);

+#if !NET
 		[iOS (12,1,1)]
 		[Watch (5,1,1)]
 		[TV (12,1,1)]
 		[Mac (10,14,2)]
+#else
+		[SupportedOSPlatform ("ios12.1.1")]
+		[SupportedOSPlatform ("tvos12.1.1")]
+		[SupportedOSPlatform ("macos10.14.2")]
+#endif
 		public SecStatusCode SetSignedCertificateTimestamps (IEnumerable<NSData> sct)
 		{
 			if (sct == null)
@ -303,10 +402,16 @@ namespace Security {
 				return SecTrustSetSignedCertificateTimestamps (handle, array.Handle);
 		}

+#if !NET
 		[iOS (12,1,1)]
 		[Watch (5,1,1)]
 		[TV (12,1,1)]
 		[Mac (10,14,2)]
+#else
+		[SupportedOSPlatform ("ios12.1.1")]
+		[SupportedOSPlatform ("tvos12.1.1")]
+		[SupportedOSPlatform ("macos10.14.2")]
+#endif
 		public SecStatusCode SetSignedCertificateTimestamps (NSArray<NSData> sct)
 		{
 			return SecTrustSetSignedCertificateTimestamps (handle, sct.GetHandle ());
--- a/src/Security/SecTrust2.cs
+++ b/src/Security/SecTrust2.cs
@ -14,13 +14,20 @@
 using System;
 using System.Runtime.InteropServices;
 using System.Runtime.CompilerServices;
+using System.Runtime.Versioning;
 using ObjCRuntime;
 using Foundation;
 using CoreFoundation;

 namespace Security {

+#if !NET
 	[TV (12,0), Mac (10,14), iOS (12,0), Watch (5,0)]
+#else
+	[SupportedOSPlatform ("ios12.0")]
+	[SupportedOSPlatform ("tvos12.0")]
+	[SupportedOSPlatform ("macos10.14")]
+#endif
 	public class SecTrust2 : NativeObject {
 		internal SecTrust2 (IntPtr handle) : base (handle, false) {}
 		public SecTrust2 (IntPtr handle, bool owns) : base (handle, owns) {}
--- a/src/Security/SslConnection.cs
+++ b/src/Security/SslConnection.cs
@ -11,6 +11,7 @@ using System;
 using System.IO;
 using System.Net.Sockets;
 using System.Runtime.InteropServices;
+using System.Runtime.Versioning;

 using ObjCRuntime;

@ -20,10 +21,23 @@ namespace Security {

 	delegate SslStatus SslWriteFunc (IntPtr connection, IntPtr data, /* size_t* */ ref nint dataLength);

+#if !NET
 	[Deprecated (PlatformName.MacOSX, 10,15, message: Constants.UseNetworkInstead)]
 	[Deprecated (PlatformName.iOS, 13,0, message: Constants.UseNetworkInstead)]
 	[Deprecated (PlatformName.TvOS, 13,0, message: Constants.UseNetworkInstead)]
 	[Deprecated (PlatformName.WatchOS, 6,0, message: Constants.UseNetworkInstead)]
+#else
+	[UnsupportedOSPlatform ("ios13.0")]
+	[UnsupportedOSPlatform ("tvos13.0")]
+	[UnsupportedOSPlatform ("macos10.15")]
+#if IOS
+	[Obsolete ("Starting with ios13.0 use 'Network.framework' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#elif TVOS
+	[Obsolete ("Starting with tvos13.0 use 'Network.framework' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#elif MONOMAC
+	[Obsolete ("Starting with macos10.15 use 'Network.framework' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#endif
+#endif
 	public abstract class SslConnection : IDisposable {

 		GCHandle handle;
--- a/src/Security/SslContext.cs
+++ b/src/Security/SslContext.cs
@ -12,6 +12,7 @@ using System.Collections.Generic;
 using System.ComponentModel;
 using System.Linq;
 using System.Runtime.InteropServices;
+using System.Runtime.Versioning;
 using System.Text;

 using CoreFoundation;
@ -19,10 +20,23 @@ using Foundation;
 using ObjCRuntime;

 namespace Security {
+#if !NET
 	[Deprecated (PlatformName.MacOSX, 10,15, message: "Use 'Network.framework' instead.")]
 	[Deprecated (PlatformName.iOS, 13,0, message: "Use 'Network.framework' instead.")]
 	[Deprecated (PlatformName.TvOS, 13,0, message: "Use 'Network.framework' instead.")]
 	[Deprecated (PlatformName.WatchOS, 6,0, message: "Use 'Network.framework' instead.")]
+#else
+	[UnsupportedOSPlatform ("ios13.0")]
+	[UnsupportedOSPlatform ("tvos13.0")]
+	[UnsupportedOSPlatform ("macos10.15")]
+#if IOS
+	[Obsolete ("Starting with ios13.0 use 'Network.framework' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#elif TVOS
+	[Obsolete ("Starting with tvos13.0 use 'Network.framework' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#elif MONOMAC
+	[Obsolete ("Starting with macos10.15 use 'Network.framework' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#endif
+#endif
 	public class SslContext : INativeObject, IDisposable {

 		SslConnection connection;
@ -498,12 +512,32 @@ namespace Security {
 		}

 		[DllImport (Constants.SecurityLibrary)]
-		[Deprecated (PlatformName.iOS, 9, 0)]
+#if !NET
+		[Deprecated (PlatformName.iOS, 9, 0, message: "The use of different RSA certificates for signing and encryption is no longer allowed.")]
 		[Deprecated (PlatformName.MacOSX, 10, 11)]
+#else
+		[UnsupportedOSPlatform ("ios9.0")]
+		[UnsupportedOSPlatform ("macos10.11")]
+#if IOS
+		[Obsolete ("Starting with ios9.0 the use of different RSA certificates for signing and encryption is no longer allowed.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#elif MONOMAC
+		[Obsolete ("Starting with macos10.11 the use of different RSA certificates for signing and encryption is no longer allowed.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#endif
+#endif
 		extern unsafe static /* OSStatus */ SslStatus SSLSetEncryptionCertificate (/* SSLContextRef */ IntPtr context, /* CFArrayRef */ IntPtr certRefs);

+#if !NET
 		[Deprecated (PlatformName.iOS, 9, 0, message : "Export ciphers are not available anymore.")]
 		[Deprecated (PlatformName.MacOSX, 10, 11, message : "Export ciphers are not available anymore.")]
+#else
+		[UnsupportedOSPlatform ("ios9.0")]
+		[UnsupportedOSPlatform ("macos10.11")]
+#if IOS
+		[Obsolete ("Starting with ios9.0 export ciphers are not available anymore.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#elif MONOMAC
+		[Obsolete ("Starting with macos10.11 export ciphers are not available anymore.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#endif
+#endif
 		public SslStatus SetEncryptionCertificate (SecIdentity identify, IEnumerable<SecCertificate> certificates)
 		{
 			using (var array = Bundle (identify, certificates)) {
@ -535,9 +569,19 @@ namespace Security {
 		// TODO: Headers say /* Deprecated, does nothing */ but we are not completly sure about it since there is no deprecation macro
 		// Plus they added new members to SslSessionStrengthPolicy enum opened radar://23379052 https://trello.com/c/NbdTLVD3
 		// Xcode 8 beta 1: the P/Invoke was removed completely.
+
+#if !NET
 		[Unavailable (PlatformName.iOS, message : "'SetSessionStrengthPolicy' is not available anymore.")]
 		[Unavailable (PlatformName.MacOSX, message : "'SetSessionStrengthPolicy' is not available anymore.")]
+#else
+		[UnsupportedOSPlatform ("ios")]
+		[UnsupportedOSPlatform ("macos")]
+#endif
+#if !NET
 		[Obsolete ("'SetSessionStrengthPolicy' is not available anymore.")]
+#else
+		[Obsolete ("'SetSessionStrengthPolicy' is not available anymore.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#endif
 		public SslStatus SetSessionStrengthPolicy (SslSessionStrengthPolicy policyStrength)
 		{
 			Runtime.NSLog ("SetSessionStrengthPolicy is not available anymore.");
@ -621,31 +665,61 @@ namespace Security {
 			return result;
 		}

+#if !NET
 		[iOS (11,0)][TV (11,0)][Watch (4,0)][Mac (10,13)]
+#else
+		[SupportedOSPlatform ("ios11.0")]
+		[SupportedOSPlatform ("tvos11.0")]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		static extern /* OSStatus */ int SSLSetSessionTicketsEnabled (IntPtr /* SSLContextRef */ context, [MarshalAs (UnmanagedType.I1)] bool /* Boolean */ enabled);

+#if !NET
 		[iOS (11,0)][TV (11,0)][Watch (4,0)][Mac (10,13)]
+#else
+		[SupportedOSPlatform ("ios11.0")]
+		[SupportedOSPlatform ("tvos11.0")]
+#endif
 		public int SetSessionTickets (bool enabled)
 		{
 			return SSLSetSessionTicketsEnabled (Handle, enabled);
 		}

+#if !NET
 		[iOS (11,0)][TV (11,0)][Watch (4,0)][Mac (10,13)]
+#else
+		[SupportedOSPlatform ("ios11.0")]
+		[SupportedOSPlatform ("tvos11.0")]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		static extern /* OSStatus */ int SSLSetError (IntPtr /* SSLContextRef */ context, SecStatusCode /* OSStatus */ status);

+#if !NET
 		[iOS (11,0)][TV (11,0)][Watch (4,0)][Mac (10,13)]
+#else
+		[SupportedOSPlatform ("ios11.0")]
+		[SupportedOSPlatform ("tvos11.0")]
+#endif
 		public int SetError (SecStatusCode status)
 		{
 			return SSLSetError (Handle, status);
 		}

+#if !NET
 		[iOS (11,0)][TV (11,0)][Watch (4,0)][Mac (10,13)]
+#else
+		[SupportedOSPlatform ("ios11.0")]
+		[SupportedOSPlatform ("tvos11.0")]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		static extern /* OSStatus */ int SSLSetOCSPResponse (IntPtr /* SSLContextRef */ context, IntPtr /* CFDataRef __nonnull */ response);

+#if !NET
 		[iOS (11,0)][TV (11,0)][Watch (4,0)][Mac (10,13)]
+#else
+		[SupportedOSPlatform ("ios11.0")]
+		[SupportedOSPlatform ("tvos11.0")]
+#endif
 		public int SetOcspResponse (NSData response)
 		{
 			if (response == null)
@ -653,26 +727,47 @@ namespace Security {
 			return SSLSetOCSPResponse (Handle, response.Handle);
 		}

+#if !NET
 		[iOS (11,0)][TV (11,0)][Watch (4,0)]
 		[Mac (10,13,4)]
+#else
+		[SupportedOSPlatform ("ios11.0")]
+		[SupportedOSPlatform ("tvos11.0")]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		static extern /* OSStatus */ int SSLSetALPNProtocols (IntPtr /* SSLContextRef */ context, IntPtr /* CFArrayRef */ protocols);

+#if !NET
 		[iOS (11,0)][TV (11,0)][Watch (4,0)]
 		[Mac (10,13,4)]
+#else
+		[SupportedOSPlatform ("ios11.0")]
+		[SupportedOSPlatform ("tvos11.0")]
+#endif
 		public int SetAlpnProtocols (string[] protocols)
 		{
 			using (var array = NSArray.FromStrings (protocols))
 				return SSLSetALPNProtocols (Handle, array.Handle);
 		}

+#if !NET
 		[iOS (11,0)][TV (11,0)][Watch (4,0)]
 		[Mac (10,13,4)]
+#else
+		[SupportedOSPlatform ("ios11.0")]
+		[SupportedOSPlatform ("tvos11.0")]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		static extern /* OSStatus */ int SSLCopyALPNProtocols (IntPtr /* SSLContextRef */ context, ref IntPtr /* CFArrayRef* */ protocols);

+#if !NET
 		[iOS (11,0)][TV (11,0)][Watch (4,0)]
 		[Mac (10,13,4)]
+#else
+		[SupportedOSPlatform ("ios11.0")]
+		[SupportedOSPlatform ("tvos11.0")]
+#endif
+
 		public string[] GetAlpnProtocols (out int error)
 		{
 			IntPtr protocols = IntPtr.Zero; // must be null, CFArray allocated by SSLCopyALPNProtocols
@ -684,8 +779,13 @@ namespace Security {
 			return result;
 		}

+#if !NET
 		[iOS (11,0)][TV (11,0)][Watch (4,0)]
 		[Mac (10,13,4)]
+#else
+		[SupportedOSPlatform ("ios11.0")]
+		[SupportedOSPlatform ("tvos11.0")]
+#endif
 		public string[] GetAlpnProtocols ()
 		{
 			int error;
--- a/src/Security/Trust.cs
+++ b/src/Security/Trust.cs
@ -128,17 +128,43 @@ namespace Security {
 				throw new ArgumentException (result.ToString ());
 		}

-		[Deprecated (PlatformName.iOS, 12,1)]
-		[Deprecated (PlatformName.TvOS, 12,1)]
-		[Deprecated (PlatformName.WatchOS, 5,1)]
-		[Deprecated (PlatformName.MacOSX, 10,14,1)]
+#if !NET
+		[Deprecated (PlatformName.iOS, 12,1, message: "Use 'SecTrust.Evaluate (out NSError)' instead.")]
+		[Deprecated (PlatformName.TvOS, 12,1, message: "Use 'SecTrust.Evaluate (out NSError)' instead.")]
+		[Deprecated (PlatformName.WatchOS, 5,1, message: "Use 'SecTrust.Evaluate (out NSError)' instead.")]
+		[Deprecated (PlatformName.MacOSX, 10,14,1, message: "Use 'SecTrust.Evaluate (out NSError)' instead.")]
+#else
+		[UnsupportedOSPlatform ("ios12.1")]
+		[UnsupportedOSPlatform ("tvos12.1")]
+		[UnsupportedOSPlatform ("macos10.14.1")]
+#if IOS
+		[Obsolete ("Starting with ios12.1 use 'SecTrust.Evaluate (out NSError)' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#elif TVOS
+		[Obsolete ("Starting with tvos12.1 use 'SecTrust.Evaluate (out NSError)' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#elif MONOMAC
+		[Obsolete ("Starting with macos10.14.1 use 'SecTrust.Evaluate (out NSError)' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#endif
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		extern static SecStatusCode /* OSStatus */ SecTrustEvaluate (IntPtr /* SecTrustRef */ trust, out /* SecTrustResultType */ SecTrustResult result);

+#if !NET
 		[Deprecated (PlatformName.iOS, 12, 1, message : "Use 'SecTrust.Evaluate (out NSError)' instead.")]
 		[Deprecated (PlatformName.TvOS, 12, 1, message : "Use 'SecTrust.Evaluate (out NSError)' instead.")]
 		[Deprecated (PlatformName.WatchOS, 5, 1, message : "Use 'SecTrust.Evaluate (out NSError)' instead.")]
 		[Deprecated (PlatformName.MacOSX, 10, 14, 1, message : "Use 'SecTrust.Evaluate (out NSError)' instead.")]
+#else
+		[UnsupportedOSPlatform ("ios12.1")]
+		[UnsupportedOSPlatform ("tvos12.1")]
+		[UnsupportedOSPlatform ("macos10.14.1")]
+#if IOS
+		[Obsolete ("Starting with ios12.1 use 'SecTrust.Evaluate (out NSError)' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#elif TVOS
+		[Obsolete ("Starting with tvos12.1 use 'SecTrust.Evaluate (out NSError)' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#elif MONOMAC
+		[Obsolete ("Starting with macos10.14.1 use 'SecTrust.Evaluate (out NSError)' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#endif
+#endif
 		public SecTrustResult Evaluate ()
 		{
 			if (handle == IntPtr.Zero)
@ -241,17 +267,36 @@ namespace Security {
 		public SecCertificate[] GetCertificateChain ()
 			=> NSArray.ArrayFromHandle<SecCertificate> (SecTrustCopyCertificateChain (handle));

+#if !NET
 		[Deprecated (PlatformName.iOS, 14,0)]
 		[Deprecated (PlatformName.MacOSX, 11,0)]
 		[Deprecated (PlatformName.TvOS, 14,0)]
 		[Deprecated (PlatformName.WatchOS, 7,0)]
+#else
+		[UnsupportedOSPlatform ("ios14.0")]
+		[UnsupportedOSPlatform ("tvos14.0")]
+		[UnsupportedOSPlatform ("macos11.0")]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		extern static IntPtr /* SecKeyRef */ SecTrustCopyPublicKey (IntPtr /* SecTrustRef */ trust);

+#if !NET
 		[Deprecated (PlatformName.iOS, 14,0, message: "Use 'GetKey' instead.")]
 		[Deprecated (PlatformName.MacOSX, 11,0, message: "Use 'GetKey' instead.")]
 		[Deprecated (PlatformName.TvOS, 14,0, message: "Use 'GetKey' instead.")]
 		[Deprecated (PlatformName.WatchOS, 7,0, message: "Use 'GetKey' instead.")]
+#else
+		[UnsupportedOSPlatform ("ios14.0")]
+		[UnsupportedOSPlatform ("tvos14.0")]
+		[UnsupportedOSPlatform ("macos11.0")]
+#if IOS
+		[Obsolete ("Starting with ios14.0 use 'GetKey' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#elif TVOS
+		[Obsolete ("Starting with tvos14.0 use 'GetKey' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#elif MONOMAC
+		[Obsolete ("Starting with macos11.0 use 'GetKey' instead.", DiagnosticId = "BI1234", UrlFormat = "https://github.com/xamarin/xamarin-macios/wiki/Obsolete")]
+#endif
+#endif
 		public SecKey GetPublicKey ()
 		{
 			if (handle == IntPtr.Zero)
@ -260,19 +305,33 @@ namespace Security {
 			return new SecKey (SecTrustCopyPublicKey (handle), true);
 		}

+#if !NET
 		[iOS (14,0)]
 		[TV (14,0)]
 		[Watch (7,0)]
 		[Mac (11,0)]
 		[MacCatalyst (14,0)]
+#else
+		[SupportedOSPlatform ("ios14.0")]
+		[SupportedOSPlatform ("tvos14.0")]
+		[SupportedOSPlatform ("maccatalyst14.0")]
+		[SupportedOSPlatform ("macos11.0")]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		extern static IntPtr /* SecKeyRef */ SecTrustCopyKey (IntPtr /* SecTrustRef */ trust);

+#if !NET
 		[iOS (14,0)]
 		[TV (14,0)]
 		[Watch (7,0)]
 		[Mac (11,0)]
 		[MacCatalyst (14,0)]
+#else
+		[SupportedOSPlatform ("ios14.0")]
+		[SupportedOSPlatform ("tvos14.0")]
+		[SupportedOSPlatform ("maccatalyst14.0")]
+		[SupportedOSPlatform ("macos11.0")]
+#endif
 		public SecKey GetKey ()
 		{
 			if (handle == IntPtr.Zero)
@ -281,11 +340,15 @@ namespace Security {
 			return new SecKey (SecTrustCopyKey (handle), true);
 		}

+#if !NET
 		[Mac (10,9)]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		extern static IntPtr /* CFDataRef */ SecTrustCopyExceptions (IntPtr /* SecTrustRef */ trust);

+#if !NET
 		[Mac (10,9)]
+#endif
 		public NSData GetExceptions ()
 		{
 			if (handle == IntPtr.Zero)
@ -294,12 +357,16 @@ namespace Security {
 			return new NSData (SecTrustCopyExceptions (handle), false); // inverted boolean?
 		}

+#if !NET
 		[Mac (10,9)]
+#endif
 		[DllImport (Constants.SecurityLibrary)]
 		[return: MarshalAs (UnmanagedType.U1)]
 		extern static bool SecTrustSetExceptions (IntPtr /* SecTrustRef */ trust, IntPtr /* __nullable CFDataRef */ exceptions);

+#if !NET
 		[Mac (10,9)]
+#endif
 		public bool SetExceptions (NSData data)
 		{
 			if (handle == IntPtr.Zero)