diff options
| author | Martin Baulig <mabaul@microsoft.com> | 2018-05-15 14:06:17 +0300 |
|---|---|---|
| committer | Alexander Köplinger <alex.koeplinger@outlook.com> | 2018-05-15 14:06:17 +0300 |
| commit | dc93f55a0e7af970c9d10db4674e5152850c75ba (patch) | |
| tree | 755212c0701bb38cc59223ddf061c57fb17b7db4 /mcs/class/Mono.Security | |
| parent | 5dabf277f835f74bba822959e6c5d76f68d201fd (diff) | |
[System]: New SslStream APIs from CoreFX. (#8665)
* Bring `SslClientAuthenticationOptions`, `SslServerAuthenticationOptions`
and `SslApplicationProtocol` from CoreFX.
* SslStream: Added new public overloads from CoreFX:
- All authentication methods have a new overload without the `SslProtocols` argument.
- New `AuthenticateAsClientAsync(SslClientAuthenticationOptions,CancellationToken)`.
- New `AuthenticateAsServerAsync(SslServerAuthenticationOptions,CancellationToken)`.
- We now use `SecurityProtocol.SystemDefaultSecurityProtocols` (which is zero) as
default value everywhere.
Everything below is internal:
* `Mono.Security.Interface`: Add internal `MonoServerCertificateSelectionCallback`,
`IMonoAuthenticationOptions`, `IMonoSslClientAuthenticationOptions` and
`IMonoSslServerAuthenticationOptions`.
* `Mono.Security.Interface.IMonoSslStream`: Add new overloads without the
`SslProtocols` argument.
* `Mono.Security.Interface.IMonoSslStream2`: New internal interface, extending
`IMonoSslStream` with the new internal APIs.
* `Mono.Net.Security`: New internal `MonoSslAuthenticationOptions`,
`MonoSslClientAuthenticationOptions` and `MonoSslServerAuthenticationOptions`
classes; these are just proxies for `SslClientAuthenticationOptions` and
`SslServerAuthenticationOptions` (which unfortunately don't share a common
base class).
* `Mono.Net.Security.MobileAuthenticatedStream`:
- Implement `IMonoSslStream2`.
- `ProcessAuthentication()` now takes `MonoSslAuthenticationOptions` instead
of the old argument list, added `CancellationToken`.
- All `IMonoSslStream` facing APIs now construct `MonoSslAuthenticationOptions`
to pass it to `ProcessAuthentication()`.
* `Mono.Net.Security`: `MobileTlsContext` and `MobileTlsStream` now use
`MonoSslAuthenticationOptions` to store all options.
Tests for the new APIs are in https://github.com/xamarin/web-tests/commit/fe347589326206f36d3cd42b59d305ff3c291857.
Diffstat (limited to 'mcs/class/Mono.Security')
4 files changed, 98 insertions, 0 deletions
diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/IMonoAuthenticationOptions.cs b/mcs/class/Mono.Security/Mono.Security.Interface/IMonoAuthenticationOptions.cs new file mode 100644 index 00000000000..49d208a62b9 --- /dev/null +++ b/mcs/class/Mono.Security/Mono.Security.Interface/IMonoAuthenticationOptions.cs @@ -0,0 +1,77 @@ +// +// IMonoAuthenticationOptions.cs +// +// Author: +// Martin Baulig <mabaul@microsoft.com> +// +// Copyright (c) 2018 Xamarin Inc. (http://www.xamarin.com) +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. +using System; +using System.IO; +using System.Net; +using System.Net.Security; +using System.Security.Authentication; +using System.Security.Cryptography.X509Certificates; +using System.Security.Principal; +using System.Security.Cryptography; + +namespace Mono.Security.Interface +{ + delegate X509Certificate MonoServerCertificateSelectionCallback (object sender, string hostName); + + interface IMonoAuthenticationOptions + { + bool AllowRenegotiation { + get; set; + } + + RemoteCertificateValidationCallback RemoteCertificateValidationCallback { get; set; } + + SslProtocols EnabledSslProtocols { + get; set; + } + + EncryptionPolicy EncryptionPolicy { + get; set; + } + + X509RevocationMode CertificateRevocationCheckMode { + get; set; + } + } + + interface IMonoSslClientAuthenticationOptions : IMonoAuthenticationOptions + { + LocalCertificateSelectionCallback LocalCertificateSelectionCallback { get; set; } + + string TargetHost { get; set; } + + X509CertificateCollection ClientCertificates { get; set; } + } + + interface IMonoSslServerAuthenticationOptions : IMonoAuthenticationOptions + { + bool ClientCertificateRequired { get; set; } + + MonoServerCertificateSelectionCallback ServerCertificateSelectionCallback { get; set; } + + X509Certificate ServerCertificate { get; set; } + } +} diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/IMonoSslStream.cs b/mcs/class/Mono.Security/Mono.Security.Interface/IMonoSslStream.cs index ac03e7daa76..bd459711040 100644 --- a/mcs/class/Mono.Security/Mono.Security.Interface/IMonoSslStream.cs +++ b/mcs/class/Mono.Security/Mono.Security.Interface/IMonoSslStream.cs @@ -44,30 +44,42 @@ namespace Mono.Security.Interface void AuthenticateAsClient (string targetHost); + void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation); + void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation); IAsyncResult BeginAuthenticateAsClient (string targetHost, AsyncCallback asyncCallback, object asyncState); + IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState); + IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState); void EndAuthenticateAsClient (IAsyncResult asyncResult); void AuthenticateAsServer (X509Certificate serverCertificate); + void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation); + void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation); IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, AsyncCallback asyncCallback, object asyncState); + IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState); + IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState); void EndAuthenticateAsServer (IAsyncResult asyncResult); Task AuthenticateAsClientAsync (string targetHost); + Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation); + Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation); Task AuthenticateAsServerAsync (X509Certificate serverCertificate); + Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation); + Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation); int Read (byte[] buffer, int offset, int count); @@ -197,5 +209,12 @@ namespace Mono.Security.Interface MonoTlsConnectionInfo GetConnectionInfo (); } + + interface IMonoSslStream2 : IMonoSslStream + { + Task AuthenticateAsClientAsync (IMonoSslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken); + + Task AuthenticateAsServerAsync (IMonoSslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken); + } } diff --git a/mcs/class/Mono.Security/Mono.Security.csproj b/mcs/class/Mono.Security/Mono.Security.csproj index f908dabb4ee..3e7bd67307a 100644 --- a/mcs/class/Mono.Security/Mono.Security.csproj +++ b/mcs/class/Mono.Security/Mono.Security.csproj @@ -152,6 +152,7 @@ <Compile Include=".\Mono.Security.Interface\CipherSuiteCode.cs" />
<Compile Include=".\Mono.Security.Interface\ExchangeAlgorithmType.cs" />
<Compile Include=".\Mono.Security.Interface\HashAlgorithmType.cs" />
+ <Compile Include=".\Mono.Security.Interface\IMonoAuthenticationOptions.cs" />
<Compile Include=".\Mono.Security.Interface\IMonoSslStream.cs" />
<Compile Include=".\Mono.Security.Interface\MonoTlsConnectionInfo.cs" />
<Compile Include=".\Mono.Security.Interface\MonoTlsProvider.cs" />
diff --git a/mcs/class/Mono.Security/Mono.Security.dll.sources b/mcs/class/Mono.Security/Mono.Security.dll.sources index a3572f49478..76f5e4a442c 100644 --- a/mcs/class/Mono.Security/Mono.Security.dll.sources +++ b/mcs/class/Mono.Security/Mono.Security.dll.sources @@ -142,6 +142,7 @@ ./Mono.Security.Interface/CipherSuiteCode.cs ./Mono.Security.Interface/ExchangeAlgorithmType.cs ./Mono.Security.Interface/HashAlgorithmType.cs +./Mono.Security.Interface/IMonoAuthenticationOptions.cs ./Mono.Security.Interface/IMonoSslStream.cs ./Mono.Security.Interface/MonoTlsConnectionInfo.cs ./Mono.Security.Interface/MonoTlsProvider.cs |