Merge pull request #784 from Unity-Technologies/unity-master-unitytls

Unitytls integration

Author: AndreasReich

mcs/class/System/Mono.Net.Security/MonoTlsProviderFactory.cs

@@ -211,6 +211,7 @@ internal static void Debug (string message, params object[] args)
 
 #endregion
 
+		internal static readonly Guid UnityTlsId = new Guid("06414A97-74F6-488F-877B-A6CA9BBEB82E");
 		internal static readonly Guid AppleTlsId = new Guid ("981af8af-a3a3-419a-9f01-a518e3a17c1c");
 		internal static readonly Guid BtlsId = new Guid ("432d18c9-9348-4b90-bfbf-9f2a10e1f15b");
 		internal static readonly Guid LegacyId = new Guid ("809e77d5-56cc-4da8-b9f0-45e65ba9cceb");
@@ -226,6 +227,16 @@ static void InitializeProviderRegistration ()
 				providerRegistration = new Dictionary<string,Tuple<Guid,string>> ();
 				providerCache = new Dictionary<Guid,MSI.MonoTlsProvider> ();
 
+#if UNITY
+				if (Mono.Unity.UnityTls.IsSupported)
+				{
+					var unityTlsEntry = new Tuple<Guid,String> (UnityTlsId, "Mono.Unity.UnityTlsProvider");
+					providerRegistration.Add ("default", unityTlsEntry);
+					providerRegistration.Add ("unitytls", unityTlsEntry);
+					return;
+				}
+#endif
+
 				var appleTlsEntry = new Tuple<Guid,String> (AppleTlsId, "Mono.AppleTls.AppleTlsProvider");
 
 #if ONLY_APPLETLS || MONOTOUCH || XAMMAC

mcs/class/System/Mono.UnityTls/CertHelper.cs

@@ -0,0 +1,53 @@
+#if SECURITY_DEP
+using System.Security.Cryptography.X509Certificates;
+
+namespace Mono.Unity
+{
+	internal unsafe static class CertHelper
+	{
+		public static void AddCertificatesToNativeChain (UnityTls.unitytls_x509list* nativeCertificateChain, X509CertificateCollection certificates, UnityTls.unitytls_errorstate* errorState)
+		{
+			foreach (var certificate in certificates) {
+				AddCertificateToNativeChain (nativeCertificateChain, certificate, errorState);
+			}
+		}
+
+		public static void AddCertificateToNativeChain (UnityTls.unitytls_x509list* nativeCertificateChain, X509Certificate certificate, UnityTls.unitytls_errorstate* errorState)
+		{
+			byte[] certDer = certificate.GetRawCertData ();
+			fixed(byte* certDerPtr = certDer) {
+				UnityTls.NativeInterface.unitytls_x509list_append_der (nativeCertificateChain, certDerPtr, certDer.Length, errorState);
+			}
+
+			var certificateImpl2 = certificate.Impl as X509Certificate2Impl;
+			if (certificateImpl2 != null) {
+				var intermediates = certificateImpl2.IntermediateCertificates;
+				if (intermediates != null && intermediates.Count > 0) {
+					for (int i=0; i<intermediates.Count; ++i) {
+						AddCertificateToNativeChain (nativeCertificateChain, new X509Certificate (intermediates[i]), errorState);
+					}
+				}
+			}
+		}
+
+		public static X509CertificateCollection NativeChainToManagedCollection (UnityTls.unitytls_x509list_ref nativeCertificateChain, UnityTls.unitytls_errorstate* errorState)
+		{
+			X509CertificateCollection certificates = new X509CertificateCollection ();
+
+			var cert = UnityTls.NativeInterface.unitytls_x509list_get_x509 (nativeCertificateChain, 0, errorState);
+			for (int i = 0; cert.handle != UnityTls.NativeInterface.UNITYTLS_INVALID_HANDLE; ++i) {
+				size_t certBufferSize = UnityTls.NativeInterface.unitytls_x509_export_der (cert, null, 0, errorState);
+				var certBuffer = new byte[certBufferSize];	// Need to reallocate every time since X509Certificate constructor takes no length but only a byte array.
+				fixed(byte* certBufferPtr = certBuffer) {
+					UnityTls.NativeInterface.unitytls_x509_export_der (cert, certBufferPtr, certBufferSize, errorState);
+				}
+				certificates.Add (new X509Certificate (certBuffer));
+
+				cert = UnityTls.NativeInterface.unitytls_x509list_get_x509 (nativeCertificateChain, i, errorState);
+			}
+
+			return certificates;
+		}
+	}
+}
+#endif

mcs/class/System/Mono.UnityTls/Debug.cs

@@ -0,0 +1,39 @@
+#if SECURITY_DEP
+#if MONO_SECURITY_ALIAS
+extern alias MonoSecurity;
+#endif
+
+#if MONO_SECURITY_ALIAS
+using MonoSecurity::Mono.Security.Interface;
+#else
+using Mono.Security.Interface;
+#endif
+
+namespace Mono.Unity
+{
+	internal static class Debug
+	{
+		public static void CheckAndThrow (UnityTls.unitytls_errorstate errorState, string context, AlertDescription defaultAlert = AlertDescription.InternalError)
+		{
+			if (errorState.code == UnityTls.unitytls_error_code.UNITYTLS_SUCCESS)
+				return;
+
+			string message = string.Format ("{0} - error code: {1}", context, errorState.code);
+			throw new TlsException (defaultAlert, message);
+		}
+
+		public static void CheckAndThrow(UnityTls.unitytls_errorstate errorState, UnityTls.unitytls_x509verify_result verifyResult, string context, AlertDescription defaultAlert = AlertDescription.InternalError)
+		{
+			// Ignore verify result if verification is not the issue.
+			if (verifyResult == UnityTls.unitytls_x509verify_result.UNITYTLS_X509VERIFY_SUCCESS) {
+				CheckAndThrow (errorState, context, defaultAlert);
+				return;
+			}
+
+			AlertDescription alert = UnityTlsConversions.VerifyResultToAlertDescription (verifyResult, defaultAlert);
+			string message = string.Format ("{0} - error code: {1}, verify result: {2}", context, errorState.code, verifyResult);
+			throw new TlsException (alert, message);
+		}
+	}
+}
+#endif