/
SslStream.cs
140 lines (114 loc) · 4.01 KB
/
SslStream.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
//
// Mono-specific additions to Microsoft's SslStream.cs
//
#if MONO_FEATURE_NEW_TLS && SECURITY_DEP
#if MONO_SECURITY_ALIAS
extern alias MonoSecurity;
using MonoSecurity::Mono.Security.Interface;
#else
using Mono.Security.Interface;
#endif
using System.Threading;
using System.Security.Cryptography.X509Certificates;
using Mono.Net.Security;
namespace System.Net.Security
{
using System.Net.Sockets;
using System.IO;
partial class SslStream : IMonoTlsEventSink
{
#if SECURITY_DEP
SSPIConfiguration _Configuration;
internal SslStream (Stream innerStream, bool leaveInnerStreamOpen, EncryptionPolicy encryptionPolicy, MonoTlsSettings settings)
: base (innerStream, leaveInnerStreamOpen)
{
#if MARTIN_FIXME
if (encryptionPolicy != EncryptionPolicy.RequireEncryption && encryptionPolicy != EncryptionPolicy.AllowNoEncryption && encryptionPolicy != EncryptionPolicy.NoEncryption)
throw new ArgumentException (SR.GetString (SR.net_invalid_enum, "EncryptionPolicy"), "encryptionPolicy");
var validationHelper = ChainValidationHelper.CloneWithCallbackWrapper (ref settings, myUserCertValidationCallbackWrapper);
LocalCertSelectionCallback selectionCallback = null;
if (validationHelper.HasCertificateSelectionCallback)
selectionCallback = validationHelper.SelectClientCertificate;
_Configuration = new MyConfiguration (settings, this);
_SslState = new SslState (innerStream, null, selectionCallback, encryptionPolicy, _Configuration);
#else
throw new NotImplementedException ();
#endif
}
#if MARTIN_FIXME
/*
* Mono-specific version of 'userCertValidationCallbackWrapper'; we're called from ChainValidationHelper.ValidateChain() here.
*
* Since we're built without the PrebuiltSystem alias, we can't use 'SslPolicyErrors' here. This prevents us from creating a subclass of 'ChainValidationHelper'
* as well as providing a custom 'ServerCertValidationCallback'.
*/
bool myUserCertValidationCallbackWrapper (ServerCertValidationCallback callback, X509Certificate certificate, X509Chain chain, MonoSslPolicyErrors sslPolicyErrors)
{
m_RemoteCertificateOrBytes = certificate == null ? null : certificate.GetRawCertData ();
if (callback == null) {
if (!_SslState.RemoteCertRequired)
sslPolicyErrors &= ~MonoSslPolicyErrors.RemoteCertificateNotAvailable;
return (sslPolicyErrors == MonoSslPolicyErrors.None);
}
return ChainValidationHelper.InvokeCallback (callback, this, certificate, chain, sslPolicyErrors);
}
#endif
class MyConfiguration : SSPIConfiguration
{
MonoTlsSettings settings;
IMonoTlsEventSink eventSink;
public MyConfiguration (MonoTlsSettings settings, IMonoTlsEventSink eventSink)
{
this.settings = settings;
this.eventSink = eventSink;
}
public MonoTlsSettings Settings {
get { return settings; }
}
public IMonoTlsEventSink EventSink {
get { return eventSink; }
}
}
#endif
internal bool IsClosed {
get { return _SslState.IsClosed; }
}
internal Exception LastError {
get { return lastError; }
}
#region IMonoTlsEventSink
Exception lastError;
void IMonoTlsEventSink.Error (Exception exception)
{
Interlocked.CompareExchange<Exception> (ref lastError, exception, null);
}
void IMonoTlsEventSink.ReceivedCloseNotify ()
{
}
#endregion
internal IAsyncResult BeginShutdown (AsyncCallback asyncCallback, object asyncState)
{
return _SslState.BeginShutdown (asyncCallback, asyncState);
}
internal void EndShutdown (IAsyncResult asyncResult)
{
_SslState.EndShutdown (asyncResult);
}
internal IAsyncResult BeginRenegotiate (AsyncCallback asyncCallback, object asyncState)
{
return _SslState.BeginRenegotiate (asyncCallback, asyncState);
}
internal void EndRenegotiate (IAsyncResult asyncResult)
{
_SslState.EndRenegotiate (asyncResult);
}
internal X509Certificate InternalLocalCertificate {
get { return _SslState.InternalLocalCertificate; }
}
internal MonoTlsConnectionInfo GetMonoConnectionInfo ()
{
return _SslState.GetMonoConnectionInfo ();
}
}
}
#endif