2018-10-09 08:20:59 +00:00
|
|
|
//
|
|
|
|
|
// MonoCertificatePal.cs
|
|
|
|
|
//
|
|
|
|
|
// Authors:
|
|
|
|
|
// Miguel de Icaza
|
|
|
|
|
// Sebastien Pouliot <sebastien@xamarin.com>
|
|
|
|
|
// Martin Baulig <mabaul@microsoft.com>
|
|
|
|
|
//
|
|
|
|
|
// Copyright 2010 Novell, Inc
|
|
|
|
|
// Copyright 2011-2014 Xamarin Inc.
|
|
|
|
|
// Copyright (c) 2018 Xamarin Inc. (http://www.xamarin.com)
|
|
|
|
|
//
|
|
|
|
|
// Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
|
// of this software and associated documentation files (the "Software"), to deal
|
|
|
|
|
// in the Software without restriction, including without limitation the rights
|
|
|
|
|
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
|
// copies of the Software, and to permit persons to whom the Software is
|
|
|
|
|
// furnished to do so, subject to the following conditions:
|
|
|
|
|
//
|
|
|
|
|
// The above copyright notice and this permission notice shall be included in
|
|
|
|
|
// all copies or substantial portions of the Software.
|
|
|
|
|
//
|
|
|
|
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
|
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
|
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
|
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
|
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
|
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
|
// THE SOFTWARE.
|
|
|
|
|
using System;
|
|
|
|
|
using System.Threading;
|
|
|
|
|
using System.Runtime.InteropServices;
|
|
|
|
|
using System.Security.Cryptography.Apple;
|
|
|
|
|
using System.Security.Cryptography.X509Certificates;
|
|
|
|
|
using Microsoft.Win32.SafeHandles;
|
|
|
|
|
|
|
|
|
|
namespace Mono.AppleTls
|
|
|
|
|
{
|
|
|
|
|
static partial class MonoCertificatePal
|
|
|
|
|
{
|
2018-10-19 08:34:24 +00:00
|
|
|
const string SecurityLibrary = OSX509Certificates.SecurityLibrary;
|
|
|
|
|
|
|
|
|
|
[DllImport (SecurityLibrary)]
|
2018-10-09 08:20:59 +00:00
|
|
|
extern static IntPtr SecCertificateCreateWithData (IntPtr allocator, IntPtr cfData);
|
|
|
|
|
|
|
|
|
|
public static SafeSecCertificateHandle FromOtherCertificate (X509Certificate certificate)
|
|
|
|
|
{
|
|
|
|
|
if (certificate == null)
|
|
|
|
|
throw new ArgumentNullException (nameof (certificate));
|
|
|
|
|
return FromOtherCertificate (certificate.Impl);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static SafeSecCertificateHandle FromOtherCertificate (X509CertificateImpl impl)
|
|
|
|
|
{
|
|
|
|
|
X509Helper.ThrowIfContextInvalid (impl);
|
|
|
|
|
|
|
|
|
|
var handle = impl.GetNativeAppleCertificate ();
|
|
|
|
|
if (handle != IntPtr.Zero)
|
|
|
|
|
return new SafeSecCertificateHandle (handle, false);
|
|
|
|
|
|
|
|
|
|
using (var data = CFData.FromData (impl.RawData)) {
|
|
|
|
|
handle = SecCertificateCreateWithData (IntPtr.Zero, data.Handle);
|
|
|
|
|
if (handle == IntPtr.Zero)
|
|
|
|
|
throw new ArgumentException ("Not a valid DER-encoded X.509 certificate");
|
|
|
|
|
|
|
|
|
|
return new SafeSecCertificateHandle (handle, true);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-19 08:34:24 +00:00
|
|
|
[DllImport (SecurityLibrary)]
|
2018-10-09 08:20:59 +00:00
|
|
|
extern static IntPtr SecIdentityGetTypeID ();
|
|
|
|
|
|
|
|
|
|
public static bool IsSecIdentity (IntPtr ptr)
|
|
|
|
|
{
|
|
|
|
|
if (ptr == IntPtr.Zero)
|
|
|
|
|
return false;
|
|
|
|
|
return CFType.GetTypeID (ptr) == SecIdentityGetTypeID ();
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-19 08:34:24 +00:00
|
|
|
[DllImport (SecurityLibrary)]
|
2018-10-09 08:20:59 +00:00
|
|
|
public extern static IntPtr SecKeyGetTypeID ();
|
|
|
|
|
|
|
|
|
|
public static bool IsSecKey (IntPtr ptr)
|
|
|
|
|
{
|
|
|
|
|
if (ptr == IntPtr.Zero)
|
|
|
|
|
return false;
|
|
|
|
|
return CFType.GetTypeID (ptr) == SecKeyGetTypeID ();
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-19 08:34:24 +00:00
|
|
|
[DllImport (SecurityLibrary)]
|
2018-10-09 08:20:59 +00:00
|
|
|
extern static /* OSStatus */ SecStatusCode SecIdentityCopyCertificate (/* SecIdentityRef */ IntPtr identityRef, /* SecCertificateRef* */ out IntPtr certificateRef);
|
|
|
|
|
|
|
|
|
|
public static SafeSecCertificateHandle GetCertificate (SafeSecIdentityHandle identity)
|
|
|
|
|
{
|
|
|
|
|
if (identity == null || identity.IsInvalid)
|
|
|
|
|
throw new ArgumentNullException (nameof (identity));
|
|
|
|
|
var result = SecIdentityCopyCertificate (identity.DangerousGetHandle (), out var cert);
|
|
|
|
|
if (result != SecStatusCode.Success)
|
|
|
|
|
throw new InvalidOperationException (result.ToString ());
|
|
|
|
|
return new SafeSecCertificateHandle (cert, true);
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-19 08:34:24 +00:00
|
|
|
[DllImport (SecurityLibrary)]
|
2018-10-09 08:20:59 +00:00
|
|
|
extern static IntPtr SecCertificateCopySubjectSummary (IntPtr cert);
|
|
|
|
|
|
|
|
|
|
public static string GetSubjectSummary (SafeSecCertificateHandle certificate)
|
|
|
|
|
{
|
|
|
|
|
if (certificate == null || certificate.IsInvalid)
|
|
|
|
|
throw new ArgumentNullException (nameof (certificate));
|
|
|
|
|
|
|
|
|
|
var subjectSummaryHandle = IntPtr.Zero;
|
|
|
|
|
try {
|
|
|
|
|
subjectSummaryHandle = SecCertificateCopySubjectSummary (certificate.DangerousGetHandle ());
|
|
|
|
|
return CFString.AsString (subjectSummaryHandle);
|
|
|
|
|
} finally {
|
|
|
|
|
if (subjectSummaryHandle != IntPtr.Zero)
|
|
|
|
|
CFObject.CFRelease (subjectSummaryHandle);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-19 08:34:24 +00:00
|
|
|
[DllImport (SecurityLibrary)]
|
2018-10-09 08:20:59 +00:00
|
|
|
extern static /* CFDataRef */ IntPtr SecCertificateCopyData (/* SecCertificateRef */ IntPtr cert);
|
|
|
|
|
|
|
|
|
|
public static byte[] GetRawData (SafeSecCertificateHandle certificate)
|
|
|
|
|
{
|
|
|
|
|
if (certificate == null || certificate.IsInvalid)
|
|
|
|
|
throw new ArgumentNullException (nameof (certificate));
|
|
|
|
|
|
|
|
|
|
var dataPtr = SecCertificateCopyData (certificate.DangerousGetHandle ());
|
|
|
|
|
if (dataPtr == IntPtr.Zero)
|
|
|
|
|
throw new ArgumentException ("Not a valid certificate");
|
|
|
|
|
|
|
|
|
|
using (var data = new CFData (dataPtr, true)) {
|
|
|
|
|
var buffer = new byte[(int)data.Length];
|
|
|
|
|
Marshal.Copy (data.Bytes, buffer, 0, buffer.Length);
|
|
|
|
|
return buffer;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public static bool Equals (SafeSecCertificateHandle first, SafeSecCertificateHandle second)
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* This is a little bit expensive, but unfortunately there is no better API to compare two
|
|
|
|
|
* SecCertificateRef's for equality.
|
|
|
|
|
*/
|
|
|
|
|
if (first == null || first.IsInvalid)
|
|
|
|
|
throw new ArgumentNullException (nameof (first));
|
|
|
|
|
if (second == null || second.IsInvalid)
|
|
|
|
|
throw new ArgumentNullException (nameof (second));
|
|
|
|
|
if (first.DangerousGetHandle () == second.DangerousGetHandle ())
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
var firstDataPtr = SecCertificateCopyData (first.DangerousGetHandle ());
|
|
|
|
|
var secondDataPtr = SecCertificateCopyData (first.DangerousGetHandle ());
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
if (firstDataPtr == IntPtr.Zero || secondDataPtr == IntPtr.Zero)
|
|
|
|
|
throw new ArgumentException ("Not a valid certificate.");
|
|
|
|
|
if (firstDataPtr == secondDataPtr)
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
var firstLength = (int)CFData.CFDataGetLength (firstDataPtr);
|
|
|
|
|
var secondLength = (int)CFData.CFDataGetLength (secondDataPtr);
|
|
|
|
|
if (firstLength != secondLength)
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
var firstBytePtr = CFData.CFDataGetBytePtr (firstDataPtr);
|
|
|
|
|
var secondBytePtr = CFData.CFDataGetBytePtr (secondDataPtr);
|
|
|
|
|
if (firstBytePtr == secondBytePtr)
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
var firstBuffer = new byte[firstLength];
|
|
|
|
|
var secondBuffer = new byte[secondLength];
|
|
|
|
|
Marshal.Copy (firstBytePtr, firstBuffer, 0, firstBuffer.Length);
|
|
|
|
|
Marshal.Copy (secondBytePtr, secondBuffer, 0, secondBuffer.Length);
|
|
|
|
|
|
|
|
|
|
for (int i = 0; i < firstBuffer.Length; i++)
|
|
|
|
|
if (firstBuffer[i] != secondBuffer[i])
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
} finally {
|
|
|
|
|
if (firstDataPtr != IntPtr.Zero)
|
|
|
|
|
CFObject.CFRelease (firstDataPtr);
|
|
|
|
|
if (secondDataPtr != IntPtr.Zero)
|
|
|
|
|
CFObject.CFRelease (secondDataPtr);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
