1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
// **********************************************************************
//
// Copyright (c) 2003-2014 ZeroC, Inc. All rights reserved.
//
// This copy of Ice is licensed to you under the terms described in the
// ICE_LICENSE file included in this distribution.
//
// **********************************************************************
namespace IceSSL
{
using System.Security;
using System.Security.Cryptography.X509Certificates;
//
// An application can customize the certificate verification process
// by implementing the CertificateVerifier interface.
//
public interface CertificateVerifier
{
//
// Return true to allow a connection using the provided certificate
// information, or false to reject the connection.
//
bool verify(NativeConnectionInfo info);
}
/// <summary>
/// A password callback is an alternate way of supplying the plug-in with
/// passwords; this avoids using plain text configuration properties.
/// </summary>
public interface PasswordCallback
{
/// <summary>
/// Obtain the password necessary to access the private key associated with
/// the certificate in the given file.
/// <param name="file">The certificate file name.</param>
/// <returns>The password for the key or null, if no password is necessary.</returns>
/// </summary>
SecureString getPassword(string file);
/// <summary>
/// Obtain a password for a certificate being imported via an IceSSL.ImportCert
/// property. Return null if no password is necessary.
/// </summary>
/// <param name="file">The certificate file name.</param>
/// <returns>The password for the key or null, if no password is necessary.</returns>
SecureString getImportPassword(string file);
}
/// <summary>
/// Interface that allows applications to interact with the IceSSL plug-in.
/// </summary>
abstract public class Plugin : Ice.Plugin
{
abstract public void initialize();
/// <summary>
/// Specify the certificate authorities certificates to use
/// when validating SSL peer certificates. This must be done
/// before the plug-in is initialized; therefore, the application
/// must define the property Ice.InitPlugins=0, set the certificates,
/// and finally invoke initializePlugins on the PluginManager.
/// When the application supplies its own certificate authorities
/// certificates, the plug-in skips its normal property-based
/// configuration.
/// </summary>
/// <param name="certs">The certificate authorities certificates to use.</param>
abstract public void setCACertificates(X509Certificate2Collection certs);
/// <summary>
/// Specify the certificates to use for SSL connections. This
/// must be done before the plug-in is initialized; therefore,
/// the application must define the property Ice.InitPlugins=0,
/// set the certificates, and finally invoke initializePlugins
/// on the PluginManager.
/// When the application supplies its own certificates, the
/// plug-in skips its normal property-based configuration.
/// </summary>
/// <param name="certs">The certificates to use for SSL connections.</param>
abstract public void setCertificates(X509Certificate2Collection certs);
/// <summary>
/// Establish the certificate verifier object. This must be
/// done before any connections are established.
/// </summary>
/// <param name="verifier">The certificate verifier.</param>
abstract public void setCertificateVerifier(CertificateVerifier verifier);
/// <summary>
/// Obtain the certificate verifier object.
/// </summary>
/// <returns>The certificate verifier (null if not set).</returns>
abstract public CertificateVerifier getCertificateVerifier();
/// <summary>
/// Establish the password callback object. This must be
/// done before the plug-in is initialized.
/// </summary>
/// <param name="callback">The password callback.</param>
abstract public void setPasswordCallback(PasswordCallback callback);
/// <summary>
/// Returns the password callback.
/// </summary>
/// <returns>The password callback (null if not set).</returns>
abstract public PasswordCallback getPasswordCallback();
/// <summary>
/// This method is for internal use.
/// </summary>
abstract public void destroy();
}
}
|
