[tvOS] Make the managed code depending on System.Net.Security.Native throw PNSE

src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.GssFlags.cs

@@ -0,0 +1,28 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+
+internal static partial class Interop
+{
+    internal static partial class NetSecurityNative
+    {
+        [Flags]
+        internal enum GssFlags : uint
+        {
+            GSS_C_DELEG_FLAG = 0x1,
+            GSS_C_MUTUAL_FLAG = 0x2,
+            GSS_C_REPLAY_FLAG = 0x4,
+            GSS_C_SEQUENCE_FLAG = 0x8,
+            GSS_C_CONF_FLAG = 0x10,
+            GSS_C_INTEG_FLAG = 0x20,
+            GSS_C_ANON_FLAG = 0x40,
+            GSS_C_PROT_READY_FLAG = 0x80,
+            GSS_C_TRANS_FLAG = 0x100,
+            GSS_C_DCE_STYLE = 0x1000,
+            GSS_C_IDENTIFY_FLAG = 0x2000,
+            GSS_C_EXTENDED_ERROR_FLAG = 0x4000,
+            GSS_C_DELEG_POLICY_FLAG = 0x8000
+        }
+    }
+}

src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.Status.cs

@@ -0,0 +1,38 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+
+internal static partial class Interop
+{
+    internal static partial class NetSecurityNative
+    {
+        // https://www.gnu.org/software/gss/reference/gss.pdf Page 65
+        internal const int GSS_C_ROUTINE_ERROR_OFFSET = 16;
+
+        // https://www.gnu.org/software/gss/reference/gss.pdf Page 9
+        internal enum Status : uint
+        {
+            GSS_S_COMPLETE = 0,
+            GSS_S_CONTINUE_NEEDED = 1,
+            GSS_S_BAD_MECH = 1 << GSS_C_ROUTINE_ERROR_OFFSET,
+            GSS_S_BAD_NAME = 2 << GSS_C_ROUTINE_ERROR_OFFSET,
+            GSS_S_BAD_NAMETYPE = 3 << GSS_C_ROUTINE_ERROR_OFFSET,
+            GSS_S_BAD_BINDINGS = 4 << GSS_C_ROUTINE_ERROR_OFFSET,
+            GSS_S_BAD_STATUS = 5 << GSS_C_ROUTINE_ERROR_OFFSET,
+            GSS_S_BAD_SIG = 6 << GSS_C_ROUTINE_ERROR_OFFSET,
+            GSS_S_NO_CRED = 7 << GSS_C_ROUTINE_ERROR_OFFSET,
+            GSS_S_NO_CONTEXT = 8 << GSS_C_ROUTINE_ERROR_OFFSET,
+            GSS_S_DEFECTIVE_TOKEN = 9 << GSS_C_ROUTINE_ERROR_OFFSET,
+            GSS_S_DEFECTIVE_CREDENTIAL = 10 << GSS_C_ROUTINE_ERROR_OFFSET,
+            GSS_S_CREDENTIALS_EXPIRED = 11 << GSS_C_ROUTINE_ERROR_OFFSET,
+            GSS_S_CONTEXT_EXPIRED = 12 << GSS_C_ROUTINE_ERROR_OFFSET,
+            GSS_S_FAILURE = 13 << GSS_C_ROUTINE_ERROR_OFFSET,
+            GSS_S_BAD_QOP = 14 << GSS_C_ROUTINE_ERROR_OFFSET,
+            GSS_S_UNAUTHORIZED = 15 << GSS_C_ROUTINE_ERROR_OFFSET,
+            GSS_S_UNAVAILABLE = 16 << GSS_C_ROUTINE_ERROR_OFFSET,
+            GSS_S_DUPLICATE_ELEMENT = 17 << GSS_C_ROUTINE_ERROR_OFFSET,
+            GSS_S_NAME_NOT_MN = 18 << GSS_C_ROUTINE_ERROR_OFFSET,
+        }
+    }
+}

src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.cs

@@ -169,51 +169,5 @@ internal static Status UnwrapBuffer(
 
             return Unwrap(out minorStatus, contextHandle, inputBytes, offset, count, ref outBuffer);
         }
-
-        // https://www.gnu.org/software/gss/reference/gss.pdf Page 65
-        internal const int GSS_C_ROUTINE_ERROR_OFFSET = 16;
-
-        // https://www.gnu.org/software/gss/reference/gss.pdf Page 9
-        internal enum Status : uint
-        {
-            GSS_S_COMPLETE = 0,
-            GSS_S_CONTINUE_NEEDED = 1,
-            GSS_S_BAD_MECH = 1 << GSS_C_ROUTINE_ERROR_OFFSET,
-            GSS_S_BAD_NAME = 2 << GSS_C_ROUTINE_ERROR_OFFSET,
-            GSS_S_BAD_NAMETYPE = 3 << GSS_C_ROUTINE_ERROR_OFFSET,
-            GSS_S_BAD_BINDINGS = 4 << GSS_C_ROUTINE_ERROR_OFFSET,
-            GSS_S_BAD_STATUS = 5 << GSS_C_ROUTINE_ERROR_OFFSET,
-            GSS_S_BAD_SIG = 6 << GSS_C_ROUTINE_ERROR_OFFSET,
-            GSS_S_NO_CRED = 7 << GSS_C_ROUTINE_ERROR_OFFSET,
-            GSS_S_NO_CONTEXT = 8 << GSS_C_ROUTINE_ERROR_OFFSET,
-            GSS_S_DEFECTIVE_TOKEN = 9 << GSS_C_ROUTINE_ERROR_OFFSET,
-            GSS_S_DEFECTIVE_CREDENTIAL = 10 << GSS_C_ROUTINE_ERROR_OFFSET,
-            GSS_S_CREDENTIALS_EXPIRED = 11 << GSS_C_ROUTINE_ERROR_OFFSET,
-            GSS_S_CONTEXT_EXPIRED = 12 << GSS_C_ROUTINE_ERROR_OFFSET,
-            GSS_S_FAILURE = 13 << GSS_C_ROUTINE_ERROR_OFFSET,
-            GSS_S_BAD_QOP = 14 << GSS_C_ROUTINE_ERROR_OFFSET,
-            GSS_S_UNAUTHORIZED = 15 << GSS_C_ROUTINE_ERROR_OFFSET,
-            GSS_S_UNAVAILABLE = 16 << GSS_C_ROUTINE_ERROR_OFFSET,
-            GSS_S_DUPLICATE_ELEMENT = 17 << GSS_C_ROUTINE_ERROR_OFFSET,
-            GSS_S_NAME_NOT_MN = 18 << GSS_C_ROUTINE_ERROR_OFFSET,
-        }
-
-        [Flags]
-        internal enum GssFlags : uint
-        {
-            GSS_C_DELEG_FLAG = 0x1,
-            GSS_C_MUTUAL_FLAG = 0x2,
-            GSS_C_REPLAY_FLAG = 0x4,
-            GSS_C_SEQUENCE_FLAG = 0x8,
-            GSS_C_CONF_FLAG = 0x10,
-            GSS_C_INTEG_FLAG = 0x20,
-            GSS_C_ANON_FLAG = 0x40,
-            GSS_C_PROT_READY_FLAG = 0x80,
-            GSS_C_TRANS_FLAG = 0x100,
-            GSS_C_DCE_STYLE = 0x1000,
-            GSS_C_IDENTIFY_FLAG = 0x2000,
-            GSS_C_EXTENDED_ERROR_FLAG = 0x4000,
-            GSS_C_DELEG_POLICY_FLAG = 0x8000
-        }
     }
 }

src/libraries/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs

@@ -0,0 +1,58 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+using System.Runtime.Versioning;
+using System.Text;
+
+namespace Microsoft.Win32.SafeHandles
+{
+    [UnsupportedOSPlatform("tvos")]
+    internal sealed class SafeGssNameHandle : SafeHandle
+    {
+        public override bool IsInvalid
+        {
+            get {  throw new PlatformNotSupportedException(); }
+        }
+
+        protected override bool ReleaseHandle() => throw new PlatformNotSupportedException();
+        private SafeGssNameHandle()
+            : base(IntPtr.Zero, true)
+        {
+        }
+    }
+
+    [UnsupportedOSPlatform("tvos")]
+    internal sealed class SafeGssCredHandle : SafeHandle
+    {
+        private SafeGssCredHandle()
+            : base(IntPtr.Zero, true)
+        {
+        }
+
+        public override bool IsInvalid
+        {
+            get { throw new PlatformNotSupportedException(); }
+        }
+
+        protected override bool ReleaseHandle() => throw new PlatformNotSupportedException();
+    }
+
+    [UnsupportedOSPlatform("tvos")]
+    internal sealed class SafeGssContextHandle : SafeHandle
+    {
+        private SafeGssContextHandle()
+            : base(IntPtr.Zero, true)
+        {
+        }
+
+        public override bool IsInvalid
+        {
+            get {  throw new PlatformNotSupportedException(); }
+        }
+
+        protected override bool ReleaseHandle() => throw new PlatformNotSupportedException();
+    }
+}

src/libraries/Common/src/System/Net/ContextFlagsAdapterPal.PlatformNotSupported.cs

@@ -0,0 +1,22 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Runtime.Versioning;
+
+namespace System.Net
+{
+    [UnsupportedOSPlatform("tvos")]
+    internal static class ContextFlagsAdapterPal
+    {
+        internal static ContextFlagsPal GetContextFlagsPalFromInterop(Interop.NetSecurityNative.GssFlags gssFlags, bool isServer)
+        {
+            throw new PlatformNotSupportedException();
+        }
+
+        internal static Interop.NetSecurityNative.GssFlags GetInteropFromContextFlagsPal(ContextFlagsPal flags, bool isServer)
+        {
+            throw new PlatformNotSupportedException();
+        }
+    }
+}

src/libraries/Common/src/System/Net/Security/NegotiateStreamPal.PlatformNotSupported.cs

@@ -0,0 +1,124 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.IO;
+using System.ComponentModel;
+using System.Diagnostics;
+using System.Diagnostics.CodeAnalysis;
+using System.Runtime.InteropServices;
+using System.Runtime.Versioning;
+using System.Security;
+using System.Security.Authentication;
+using System.Security.Authentication.ExtendedProtection;
+using System.Security.Principal;
+using System.Text;
+using System.Threading;
+using Microsoft.Win32.SafeHandles;
+
+namespace System.Net.Security
+{
+    //
+    // The class maintains the state of the authentication process and the security context.
+    // It encapsulates security context and does the real work in authentication and
+    // user data encryption with NEGO SSPI package.
+    //
+    [UnsupportedOSPlatform("tvos")]
+    internal static partial class NegotiateStreamPal
+    {
+        internal static string QueryContextClientSpecifiedSpn(SafeDeleteContext securityContext)
+        {
+            throw new PlatformNotSupportedException(SR.net_nego_server_not_supported);
+        }
+
+        internal static string QueryContextAuthenticationPackage(SafeDeleteContext securityContext)
+        {
+            throw new PlatformNotSupportedException();
+        }
+
+        internal static SecurityStatusPal InitializeSecurityContext(
+            ref SafeFreeCredentials credentialsHandle,
+            ref SafeDeleteContext? securityContext,
+            string? spn,
+            ContextFlagsPal requestedContextFlags,
+            byte[]? incomingBlob,
+            ChannelBinding? channelBinding,
+            ref byte[]? resultBlob,
+            ref ContextFlagsPal contextFlags)
+        {
+            throw new PlatformNotSupportedException();
+        }
+
+        internal static SecurityStatusPal AcceptSecurityContext(
+            SafeFreeCredentials? credentialsHandle,
+            ref SafeDeleteContext? securityContext,
+            ContextFlagsPal requestedContextFlags,
+            byte[]? incomingBlob,
+            ChannelBinding? channelBinding,
+            ref byte[] resultBlob,
+            ref ContextFlagsPal contextFlags)
+        {
+            throw new PlatformNotSupportedException();
+        }
+
+        internal static Win32Exception CreateExceptionFromError(SecurityStatusPal statusCode)
+        {
+            throw new PlatformNotSupportedException();
+        }
+
+        internal static int QueryMaxTokenSize(string package)
+        {
+            throw new PlatformNotSupportedException();
+        }
+
+        internal static SafeFreeCredentials AcquireDefaultCredential(string package, bool isServer)
+        {
+            throw new PlatformNotSupportedException();
+        }
+
+        internal static SafeFreeCredentials AcquireCredentialsHandle(string package, bool isServer, NetworkCredential credential)
+        {
+            throw new PlatformNotSupportedException();
+        }
+
+        internal static SecurityStatusPal CompleteAuthToken(
+            ref SafeDeleteContext? securityContext,
+            byte[]? incomingBlob)
+        {
+            throw new PlatformNotSupportedException();
+        }
+
+        internal static int Encrypt(
+            SafeDeleteContext securityContext,
+            ReadOnlySpan<byte> buffer,
+            bool isConfidential,
+            bool isNtlm,
+            [NotNull] ref byte[]? output,
+            uint sequenceNumber)
+        {
+            throw new PlatformNotSupportedException();
+        }
+
+        internal static int Decrypt(
+            SafeDeleteContext securityContext,
+            byte[]? buffer,
+            int offset,
+            int count,
+            bool isConfidential,
+            bool isNtlm,
+            out int newOffset,
+            uint sequenceNumber)
+        {
+            throw new PlatformNotSupportedException();
+        }
+
+        internal static int VerifySignature(SafeDeleteContext securityContext, byte[] buffer, int offset, int count)
+        {
+            throw new PlatformNotSupportedException();
+        }
+
+        internal static int MakeSignature(SafeDeleteContext securityContext, byte[] buffer, int offset, int count, [AllowNull] ref byte[] output)
+        {
+            throw new PlatformNotSupportedException();
+        }
+    }
+}

src/libraries/System.Net.Http/src/System.Net.Http.csproj

@@ -327,6 +327,10 @@
              Link="Common\System\Net\Security\Unix\SecChannelBindings.cs" />
     <Compile Include="$(CommonPath)Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.cs"
              Link="Common\Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.cs" />
+    <Compile Include="$(CommonPath)Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.GssFlags.cs"
+             Link="Common\Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.GssFlags.cs" />
+    <Compile Include="$(CommonPath)Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.Status.cs"
+             Link="Common\Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.Status.cs" />
     <Compile Include="$(CommonPath)Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.IsNtlmInstalled.cs"
              Link="Common\Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.IsNtlmInstalled.cs" />
     <Compile Include="$(CommonPath)Interop\Unix\System.Net.Security.Native\Interop.GssBuffer.cs"

src/libraries/System.Net.Mail/src/System.Net.Mail.csproj

@@ -150,6 +150,10 @@
              Link="Common\Interop\Unix\System.Net.Security.Native\Interop.GssApiException.cs" />
     <Compile Include="$(CommonPath)Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.cs"
              Link="Common\Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.cs" />
+    <Compile Include="$(CommonPath)Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.GssFlags.cs"
+             Link="Common\Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.GssFlags.cs" />
+    <Compile Include="$(CommonPath)Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.Status.cs"
+             Link="Common\Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.Status.cs" />
     <Compile Include="$(CommonPath)Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.IsNtlmInstalled.cs"
              Link="Common\Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.IsNtlmInstalled.cs" />
     <Compile Include="$(CommonPath)System\Net\Security\Unix\SafeDeleteNegoContext.cs"

src/libraries/System.Net.Mail/tests/Unit/System.Net.Mail.Unit.Tests.csproj

@@ -160,8 +160,12 @@
              Link="Common\Interop\Unix\System.Net.Security.Native\Interop.GssApiException.cs" />
     <Compile Include="$(CommonPath)Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.cs"
              Link="Common\Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.cs" />
+    <Compile Include="$(CommonPath)Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.GssFlags.cs"
+             Link="Common\Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.GssFlags.cs" />
     <Compile Include="$(CommonPath)Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.IsNtlmInstalled.cs"
              Link="Common\Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.IsNtlmInstalled.cs" />
+    <Compile Include="$(CommonPath)Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.Status.cs"
+             Link="Common\Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.Status.cs" />
     <Compile Include="$(CommonPath)System\Net\Security\Unix\SafeDeleteNegoContext.cs"
              Link="Common\System\Net\Security\Unix\SafeDeleteNegoContext.cs" />
     <Compile Include="$(CommonPath)System\Net\Security\Unix\SafeFreeCredentials.cs"

src/libraries/System.Net.Security/ref/System.Net.Security.cs

@@ -33,6 +33,7 @@ public enum EncryptionPolicy
         NoEncryption = 2,
     }
     public delegate System.Security.Cryptography.X509Certificates.X509Certificate LocalCertificateSelectionCallback(object sender, string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection localCertificates, System.Security.Cryptography.X509Certificates.X509Certificate? remoteCertificate, string[] acceptableIssuers);
+    [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")]
     public partial class NegotiateStream : System.Net.Security.AuthenticatedStream
     {
         public NegotiateStream(System.IO.Stream innerStream) : base (default(System.IO.Stream), default(bool)) { }