summaryrefslogtreecommitdiff
path: root/csharp
diff options
context:
space:
mode:
Diffstat (limited to 'csharp')
-rw-r--r--csharp/src/IceSSL/Instance.cs2
-rw-r--r--csharp/src/IceSSL/Plugin.cs2
-rw-r--r--csharp/src/IceSSL/SSLEngine.cs6
-rw-r--r--csharp/src/IceSSL/TransceiverI.cs20
-rw-r--r--csharp/src/IceSSL/TrustManager.cs6
-rw-r--r--csharp/src/IceSSL/Util.cs15
-rw-r--r--csharp/test/IceSSL/configuration/AllTests.cs37
-rw-r--r--csharp/test/IceSSL/configuration/CertificateVerifierI.cs4
-rw-r--r--csharp/test/IceSSL/configuration/TestI.cs14
9 files changed, 40 insertions, 66 deletions
diff --git a/csharp/src/IceSSL/Instance.cs b/csharp/src/IceSSL/Instance.cs
index de4804443d2..d3de34f4ff1 100644
--- a/csharp/src/IceSSL/Instance.cs
+++ b/csharp/src/IceSSL/Instance.cs
@@ -60,7 +60,7 @@ namespace IceSSL
_engine.traceStream(stream, connInfo);
}
- internal void verifyPeer(string address, NativeConnectionInfo info, string desc)
+ internal void verifyPeer(string address, IceSSL.ConnectionInfo info, string desc)
{
_engine.verifyPeer(address, info, desc);
}
diff --git a/csharp/src/IceSSL/Plugin.cs b/csharp/src/IceSSL/Plugin.cs
index 6340f71df5c..63647d31a63 100644
--- a/csharp/src/IceSSL/Plugin.cs
+++ b/csharp/src/IceSSL/Plugin.cs
@@ -22,7 +22,7 @@ namespace IceSSL
// Return true to allow a connection using the provided certificate
// information, or false to reject the connection.
//
- bool verify(NativeConnectionInfo info);
+ bool verify(IceSSL.ConnectionInfo info);
}
/// <summary>
diff --git a/csharp/src/IceSSL/SSLEngine.cs b/csharp/src/IceSSL/SSLEngine.cs
index a958d117ec6..4b7288808bc 100644
--- a/csharp/src/IceSSL/SSLEngine.cs
+++ b/csharp/src/IceSSL/SSLEngine.cs
@@ -477,14 +477,14 @@ namespace IceSSL
_logger.trace(_securityTraceCategory, s.ToString());
}
- internal void verifyPeer(string address, NativeConnectionInfo info, string desc)
+ internal void verifyPeer(string address, IceSSL.ConnectionInfo info, string desc)
{
- if(_verifyDepthMax > 0 && info.nativeCerts != null && info.nativeCerts.Length > _verifyDepthMax)
+ if(_verifyDepthMax > 0 && info.certs != null && info.certs.Length > _verifyDepthMax)
{
string msg = (info.incoming ? "incoming" : "outgoing") + " connection rejected:\n" +
- "length of peer's certificate chain (" + info.nativeCerts.Length + ") exceeds maximum of " +
+ "length of peer's certificate chain (" + info.certs.Length + ") exceeds maximum of " +
_verifyDepthMax + "\n" + desc;
if(_securityTraceLevel >= 1)
{
diff --git a/csharp/src/IceSSL/TransceiverI.cs b/csharp/src/IceSSL/TransceiverI.cs
index ea026ef098a..a10f62abf45 100644
--- a/csharp/src/IceSSL/TransceiverI.cs
+++ b/csharp/src/IceSSL/TransceiverI.cs
@@ -66,22 +66,14 @@ namespace IceSSL
List<string> certs = new List<string>();
if(_chain.ChainElements != null && _chain.ChainElements.Count > 0)
{
- _nativeCerts = new X509Certificate2[_chain.ChainElements.Count];
+ _certs = new X509Certificate2[_chain.ChainElements.Count];
for(int i = 0; i < _chain.ChainElements.Count; ++i)
{
- X509Certificate2 cert = _chain.ChainElements[i].Certificate;
- _nativeCerts[i] = cert;
-
- StringBuilder s = new StringBuilder();
- s.Append("-----BEGIN CERTIFICATE-----\n");
- s.Append(Convert.ToBase64String(cert.Export(X509ContentType.Cert)));
- s.Append("\n-----END CERTIFICATE-----");
- certs.Add(s.ToString());
+ _certs[i] = _chain.ChainElements[i].Certificate;
}
}
- _certs = certs.ToArray();
- _instance.verifyPeer(_host, (NativeConnectionInfo)getInfo(), ToString());
+ _instance.verifyPeer(_host, (ConnectionInfo)getInfo(), ToString());
if(_instance.securityTraceLevel() >= 1)
{
@@ -331,14 +323,13 @@ namespace IceSSL
public Ice.ConnectionInfo getInfo()
{
- NativeConnectionInfo info = new NativeConnectionInfo();
+ ConnectionInfo info = new ConnectionInfo();
info.underlying = _delegate.getInfo();
info.incoming = _incoming;
info.adapterName = _adapterName;
info.cipher = _cipher;
info.certs = _certs;
info.verified = _verified;
- info.nativeCerts = _nativeCerts;
return info;
}
@@ -771,8 +762,7 @@ namespace IceSSL
private int _maxSendPacketSize;
private int _maxRecvPacketSize;
private string _cipher;
- private string[] _certs;
+ private X509Certificate2[] _certs;
private bool _verified;
- private X509Certificate2[] _nativeCerts;
}
}
diff --git a/csharp/src/IceSSL/TrustManager.cs b/csharp/src/IceSSL/TrustManager.cs
index 98697dd0942..e5f69a474c7 100644
--- a/csharp/src/IceSSL/TrustManager.cs
+++ b/csharp/src/IceSSL/TrustManager.cs
@@ -57,7 +57,7 @@ namespace IceSSL
}
}
- internal bool verify(NativeConnectionInfo info, string desc)
+ internal bool verify(IceSSL.ConnectionInfo info, string desc)
{
List<List<List<RFC2253.RDNPair>>> reject = new List<List<List<RFC2253.RDNPair>>>(),
accept = new List<List<List<RFC2253.RDNPair>>>();
@@ -127,9 +127,9 @@ namespace IceSSL
//
// If there is no certificate then we match false.
//
- if(info.nativeCerts != null && info.nativeCerts.Length > 0)
+ if(info.certs != null && info.certs.Length > 0)
{
- X500DistinguishedName subjectDN = info.nativeCerts[0].SubjectName;
+ X500DistinguishedName subjectDN = info.certs[0].SubjectName;
string subjectName = subjectDN.Name;
Debug.Assert(subjectName != null);
try
diff --git a/csharp/src/IceSSL/Util.cs b/csharp/src/IceSSL/Util.cs
index 242c596febb..30ca194b8e2 100644
--- a/csharp/src/IceSSL/Util.cs
+++ b/csharp/src/IceSSL/Util.cs
@@ -13,21 +13,6 @@ namespace IceSSL
using System.Diagnostics;
using System.Security.Cryptography.X509Certificates;
- /// <summary>
- /// This class provides information about a connection to applications
- /// that require information about a peer, for example, to implement
- /// a CertificateVerifier.
- /// </summary>
- public sealed class NativeConnectionInfo : ConnectionInfo
- {
- /// <summary>
- /// The certificate chain. This may be null if the peer did not
- /// supply a certificate. The peer's certificate (if any) is the
- /// first one in the chain.
- /// </summary>
- public X509Certificate2[] nativeCerts;
- }
-
public sealed class Util
{
public static X509Certificate2 createCertificate(string certPEM)
diff --git a/csharp/test/IceSSL/configuration/AllTests.cs b/csharp/test/IceSSL/configuration/AllTests.cs
index f275492b0ad..af3243d115f 100644
--- a/csharp/test/IceSSL/configuration/AllTests.cs
+++ b/csharp/test/IceSSL/configuration/AllTests.cs
@@ -374,12 +374,12 @@ public class AllTests
new X509Certificate2(defaultDir + "/s_rsa_ca1.p12", "password");
X509Certificate2 caCert = new X509Certificate2(defaultDir + "/cacert1.pem");
- IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
- test(info.nativeCerts.Length == 2);
+ IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo();
+ test(info.certs.Length == 2);
test(info.verified);
- test(caCert.Equals(info.nativeCerts[1]));
- test(serverCert.Equals(info.nativeCerts[0]));
+ test(caCert.Equals(info.certs[1]));
+ test(serverCert.Equals(info.certs[0]));
}
catch(Exception ex)
{
@@ -802,7 +802,7 @@ public class AllTests
}
try
{
- IceSSL.NativeConnectionInfo info;
+ IceSSL.ConnectionInfo info;
initData = createClientProps(defaultProperties, "", "");
initData.properties.setProperty("IceSSL.VerifyPeer", "0");
@@ -821,8 +821,8 @@ public class AllTests
Test.ServerPrx server = fact.createServer(d);
try
{
- info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
- test(info.nativeCerts.Length == 1);
+ info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo();
+ test(info.certs.Length == 1);
test(!info.verified);
}
catch(Ice.LocalException)
@@ -840,8 +840,8 @@ public class AllTests
server = fact.createServer(d);
try
{
- info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
- test(info.nativeCerts.Length == 1);
+ info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo();
+ test(info.certs.Length == 1);
test(!info.verified);
}
catch(Ice.LocalException)
@@ -860,8 +860,8 @@ public class AllTests
server = fact.createServer(d);
try
{
- info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
- test(info.nativeCerts.Length == 1); // Like the SChannel transport, .NET never sends the root.
+ info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo();
+ test(info.certs.Length == 1); // Like the SChannel transport, .NET never sends the root.
}
catch(Ice.LocalException)
{
@@ -886,8 +886,8 @@ public class AllTests
server = fact.createServer(d);
try
{
- info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
- test(info.nativeCerts.Length == 2);
+ info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo();
+ test(info.certs.Length == 2);
test(info.verified);
}
catch(Ice.LocalException)
@@ -946,8 +946,8 @@ public class AllTests
server = fact.createServer(d);
try
{
- info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
- test(info.nativeCerts.Length == 3);
+ info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo();
+ test(info.certs.Length == 3);
test(info.verified);
}
catch(Ice.LocalException)
@@ -991,8 +991,8 @@ public class AllTests
server = fact.createServer(d);
try
{
- info = (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
- test(info.nativeCerts.Length == 4);
+ info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo();
+ test(info.certs.Length == 4);
test(info.verified);
}
catch(Ice.LocalException)
@@ -1087,8 +1087,7 @@ public class AllTests
Test.ServerPrx server = fact.createServer(d);
try
{
- IceSSL.NativeConnectionInfo info =
- (IceSSL.NativeConnectionInfo)server.ice_getConnection().getInfo();
+ IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)server.ice_getConnection().getInfo();
server.checkCipher(info.cipher);
}
catch(Ice.LocalException)
diff --git a/csharp/test/IceSSL/configuration/CertificateVerifierI.cs b/csharp/test/IceSSL/configuration/CertificateVerifierI.cs
index 47be15a4b83..bd3c549c18c 100644
--- a/csharp/test/IceSSL/configuration/CertificateVerifierI.cs
+++ b/csharp/test/IceSSL/configuration/CertificateVerifierI.cs
@@ -16,9 +16,9 @@ public class CertificateVerifierI : IceSSL.CertificateVerifier
reset();
}
- public bool verify(IceSSL.NativeConnectionInfo info)
+ public bool verify(IceSSL.ConnectionInfo info)
{
- _hadCert = info.nativeCerts != null;
+ _hadCert = info.certs != null;
_invoked = true;
return _returnValue;
}
diff --git a/csharp/test/IceSSL/configuration/TestI.cs b/csharp/test/IceSSL/configuration/TestI.cs
index f05b8198741..01918d96a96 100644
--- a/csharp/test/IceSSL/configuration/TestI.cs
+++ b/csharp/test/IceSSL/configuration/TestI.cs
@@ -24,8 +24,8 @@ internal sealed class ServerI : ServerDisp_
{
try
{
- IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)current.con.getInfo();
- test(info.nativeCerts == null);
+ IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)current.con.getInfo();
+ test(info.certs == null);
}
catch(Ice.LocalException)
{
@@ -38,11 +38,11 @@ internal sealed class ServerI : ServerDisp_
{
try
{
- IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)current.con.getInfo();
+ IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)current.con.getInfo();
test(info.verified);
- test(info.nativeCerts.Length == 2 &&
- info.nativeCerts[0].Subject.Equals(subjectDN) &&
- info.nativeCerts[0].Issuer.Equals(issuerDN));
+ test(info.certs.Length == 2 &&
+ info.certs[0].Subject.Equals(subjectDN) &&
+ info.certs[0].Issuer.Equals(issuerDN));
}
catch(Ice.LocalException)
{
@@ -55,7 +55,7 @@ internal sealed class ServerI : ServerDisp_
{
try
{
- IceSSL.NativeConnectionInfo info = (IceSSL.NativeConnectionInfo)current.con.getInfo();
+ IceSSL.ConnectionInfo info = (IceSSL.ConnectionInfo)current.con.getInfo();
test(info.cipher.Equals(cipher));
}
catch(Ice.LocalException)
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-05 18:54:34 +0000