mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Imported Upstream version 5.18.0.142

Browse Source 
Former-commit-id: 7467d4b717762eeaf652d77f1486dd11ffb1ff1f
This commit is contained in:
Xamarin Public Jenkins (auto-signing)
2018-10-09 08:20:59 +00:00
parent e52655b4dc
commit 0abdbe5a7d
1547 changed files with 93792 additions and 47893 deletions
Download Patch File Download Diff File Expand all files Collapse all files

292
mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2ImplMono.cs
View File

@@ -29,8 +29,6 @@
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if SECURITY_DEP
#if MONO_SECURITY_ALIAS
extern alias MonoSecurity;
using MonoSecurity::Mono.Security;
@@ -45,6 +43,8 @@ using MX = Mono.Security.X509;
using System.IO;
using System.Text;
using System.Collections;
using System.Runtime.InteropServices;
using Microsoft.Win32.SafeHandles;
namespace System.Security.Cryptography.X509Certificates
{
@@ -77,7 +77,7 @@ namespace System.Security.Cryptography.X509Certificates
return IntPtr.Zero;
}
X509Certificate2ImplMono (MX.X509Certificate cert)
public X509Certificate2ImplMono (MX.X509Certificate cert)
{
this._cert = cert;
}
@@ -95,50 +95,37 @@ namespace System.Security.Cryptography.X509Certificates
return new X509Certificate2ImplMono (this);
}
#region Implemented X509CertificateImpl members
public override string GetIssuerName (bool legacyV1Mode)
{
ThrowIfContextInvalid ();
if (legacyV1Mode)
return _cert.IssuerName;
else
return MX.X501.ToString (_cert.GetIssuerName (), true, ", ", true);
MX.X509Certificate Cert {
get {
ThrowIfContextInvalid ();
return _cert;
}
}
public override string GetSubjectName (bool legacyV1Mode)
{
ThrowIfContextInvalid ();
if (legacyV1Mode)
return _cert.SubjectName;
else
return MX.X501.ToString (_cert.GetSubjectName (), true, ", ", true);
#region Implemented X509CertificateImpl members
public override string Issuer => MX.X501.ToString (Cert.GetIssuerName (), true, ", ", true);
public override string Subject => MX.X501.ToString (Cert.GetSubjectName (), true, ", ", true);
public override string LegacyIssuer => Cert.IssuerName;
public override string LegacySubject => Cert.SubjectName;
public override byte[] RawData => Cert.RawData;
public override byte[] Thumbprint {
get {
ThrowIfContextInvalid ();
SHA1 sha = SHA1.Create ();
return sha.ComputeHash (_cert.RawData);
}
}
public override byte[] GetRawCertData ()
{
ThrowIfContextInvalid ();
return _cert.RawData;
}
public override DateTime NotBefore => Cert.ValidFrom.ToLocalTime ();
protected override byte[] GetCertHash (bool lazy)
{
ThrowIfContextInvalid ();
SHA1 sha = SHA1.Create ();
return sha.ComputeHash (_cert.RawData);
}
public override DateTime GetValidFrom ()
{
ThrowIfContextInvalid ();
return _cert.ValidFrom;
}
public override DateTime GetValidUntil ()
{
ThrowIfContextInvalid ();
return _cert.ValidUntil;
}
public override DateTime NotAfter => Cert.ValidUntil.ToLocalTime ();
public override bool Equals (X509CertificateImpl other, out bool result)
{
@@ -147,46 +134,18 @@ namespace System.Security.Cryptography.X509Certificates
return false;
}
public override string GetKeyAlgorithm ()
{
ThrowIfContextInvalid ();
return _cert.KeyAlgorithm;
}
public override string KeyAlgorithm => Cert.KeyAlgorithm;
public override byte[] GetKeyAlgorithmParameters ()
{
ThrowIfContextInvalid ();
return _cert.KeyAlgorithmParameters;
}
public override byte[] KeyAlgorithmParameters => Cert.KeyAlgorithmParameters ?? throw new CryptographicException ();
public override byte[] GetPublicKey ()
{
ThrowIfContextInvalid ();
return _cert.PublicKey;
}
public override byte[] PublicKeyValue => Cert.PublicKey;
public override byte[] GetSerialNumber ()
{
ThrowIfContextInvalid ();
return _cert.SerialNumber;
}
public override byte[] Export (X509ContentType contentType, byte[] password)
{
ThrowIfContextInvalid ();
switch (contentType) {
case X509ContentType.Cert:
return GetRawCertData ();
case X509ContentType.Pfx: // this includes Pkcs12
// TODO
throw new NotSupportedException ();
case X509ContentType.SerializedCert:
// TODO
throw new NotSupportedException ();
default:
string msg = Locale.GetText ("This certificate format '{0}' cannot be exported.", contentType);
throw new CryptographicException (msg);
public override byte[] SerialNumber {
get {
ThrowIfContextInvalid ();
var serial = Cert.SerialNumber;
Array.Reverse (serial);
return serial;
}
}
@@ -237,7 +196,7 @@ namespace System.Security.Cryptography.X509Certificates
issuer_name = new X500DistinguishedName (_cert.GetIssuerName ().GetBytes ());
return issuer_name;
}
}
}
public override AsymmetricAlgorithm PrivateKey {
get {
@@ -248,25 +207,24 @@ namespace System.Security.Cryptography.X509Certificates
if (rcsp.PublicOnly)
return null;
var key = new RSACryptoServiceProvider ();
key.ImportParameters (_cert.RSA.ExportParameters(true));
key.ImportParameters (_cert.RSA.ExportParameters (true));
return key;
}
if (_cert.RSA is RSAManaged rsam) {
if (rsam.PublicOnly)
return null;
var key = new RSAManaged ();
key.ImportParameters (_cert.RSA.ExportParameters(true));
key.ImportParameters (_cert.RSA.ExportParameters (true));
return key;
}
if (_cert.DSA is DSACryptoServiceProvider dcsp) {
if (dcsp.PublicOnly)
return null;
var key = new DSACryptoServiceProvider();
key.ImportParameters(_cert.DSA.ExportParameters(true));
var key = new DSACryptoServiceProvider ();
key.ImportParameters (_cert.DSA.ExportParameters (true));
return key;
}
}
catch {
} catch {
}
return null;
}
@@ -279,25 +237,24 @@ namespace System.Security.Cryptography.X509Certificates
if (value == null) {
_cert.RSA = null;
_cert.DSA = null;
} else if (value is RSA)
_cert.RSA = (RSA) value;
} else if (value is RSA)
_cert.RSA = (RSA)value;
else if (value is DSA)
_cert.DSA = (DSA) value;
_cert.DSA = (DSA)value;
else
throw new NotSupportedException ();
}
}
}
public override PublicKey PublicKey {
get {
get {
if (_cert == null)
throw new CryptographicException (empty_error);
if (_publicKey == null) {
try {
_publicKey = new PublicKey (_cert);
}
catch (Exception e) {
} catch (Exception e) {
string msg = Locale.GetText ("Unable to decode public key.");
throw new CryptographicException (msg, e);
}
@@ -315,7 +272,7 @@ namespace System.Security.Cryptography.X509Certificates
signature_algorithm = new Oid (_cert.SignatureAlgorithm);
return signature_algorithm;
}
}
}
public override X500DistinguishedName SubjectName {
get {
@@ -326,7 +283,7 @@ namespace System.Security.Cryptography.X509Certificates
subject_name = new X500DistinguishedName (_cert.GetSubjectName ().GetBytes ());
return subject_name;
}
}
}
public override int Version {
get {
@@ -339,7 +296,7 @@ namespace System.Security.Cryptography.X509Certificates
// methods
[MonoTODO ("always return String.Empty for UpnName, DnsFromAlternativeName and UrlName")]
public override string GetNameInfo (X509NameType nameType, bool forIssuer)
public override string GetNameInfo (X509NameType nameType, bool forIssuer)
{
switch (nameType) {
case X509NameType.SimpleName:
@@ -352,10 +309,10 @@ namespace System.Security.Cryptography.X509Certificates
return GetValueAsString (dn);
if (sn.Count == 0)
return String.Empty;
ASN1 last_entry = sn [sn.Count - 1];
ASN1 last_entry = sn[sn.Count - 1];
if (last_entry.Count == 0)
return String.Empty;
return GetValueAsString (last_entry [0]);
return GetValueAsString (last_entry[0]);
case X509NameType.EmailName:
// return the E= part of the DN (if present)
ASN1 e = Find (email, forIssuer ? _cert.GetIssuerName () : _cert.GetSubjectName ());
@@ -392,13 +349,13 @@ namespace System.Security.Cryptography.X509Certificates
// process SET
for (int i = 0; i < dn.Count; i++) {
ASN1 set = dn [i];
ASN1 set = dn[i];
for (int j = 0; j < set.Count; j++) {
ASN1 pair = set [j];
ASN1 pair = set[j];
if (pair.Count != 2)
continue;
ASN1 poid = pair [0];
ASN1 poid = pair[0];
if (poid == null)
continue;
@@ -414,7 +371,7 @@ namespace System.Security.Cryptography.X509Certificates
if (pair.Count != 2)
return String.Empty;
ASN1 value = pair [1];
ASN1 value = pair[1];
if ((value.Value == null) || (value.Length == 0))
return String.Empty;
@@ -422,14 +379,22 @@ namespace System.Security.Cryptography.X509Certificates
// BMPSTRING
StringBuilder sb = new StringBuilder ();
for (int j = 1; j < value.Value.Length; j += 2)
sb.Append ((char)value.Value [j]);
sb.Append ((char)value.Value[j]);
return sb.ToString ();
} else {
return Encoding.UTF8.GetString (value.Value);
}
}
private MX.X509Certificate ImportPkcs12 (byte[] rawData, string password)
MX.X509Certificate ImportPkcs12 (byte[] rawData, SafePasswordHandle password)
{
if (password == null || password.IsInvalid)
return ImportPkcs12 (rawData, (string)null);
var passwordString = password.Mono_DangerousGetString ();
return ImportPkcs12 (rawData, passwordString);
}
MX.X509Certificate ImportPkcs12 (byte[] rawData, string password)
{
MX.PKCS12 pfx = null;
if (string.IsNullOrEmpty (password)) {
@@ -482,40 +447,28 @@ namespace System.Security.Cryptography.X509Certificates
}
[MonoTODO ("missing KeyStorageFlags support")]
public override void Import (byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
public override void Import (byte[] rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
{
Reset ();
MX.X509Certificate cert = null;
if (password == null) {
try {
cert = new MX.X509Certificate (rawData);
}
catch (Exception e) {
try {
cert = ImportPkcs12 (rawData, null);
}
catch {
string msg = Locale.GetText ("Unable to decode certificate.");
// inner exception is the original (not second) exception
throw new CryptographicException (msg, e);
}
}
} else {
// try PKCS#12
try {
cert = ImportPkcs12 (rawData, password);
}
catch {
// it's possible to supply a (unrequired/unusued) password
// fix bug #79028
cert = new MX.X509Certificate (rawData);
}
switch (X509Certificate2.GetCertContentType (rawData)) {
case X509ContentType.Pkcs12:
_cert = ImportPkcs12 (rawData, password);
break;
case X509ContentType.Cert:
case X509ContentType.Pkcs7:
_cert = new MX.X509Certificate (rawData);
break;
default:
string msg = Locale.GetText ("Unable to decode certificate.");
throw new CryptographicException (msg);
}
_cert = cert;
}
[MonoTODO ("X509ContentType.SerializedCert is not supported")]
public override byte[] Export (X509ContentType contentType, string password)
public override byte[] Export (X509ContentType contentType, SafePasswordHandle password)
{
if (_cert == null)
throw new CryptographicException (empty_error);
@@ -534,6 +487,14 @@ namespace System.Security.Cryptography.X509Certificates
}
}
byte[] ExportPkcs12 (SafePasswordHandle password)
{
if (password == null || password.IsInvalid)
return ExportPkcs12 ((string)null);
var passwordString = password.Mono_DangerousGetString ();
return ExportPkcs12 (passwordString);
}
byte[] ExportPkcs12 (string password)
{
var pfx = new MX.PKCS12 ();
@@ -570,71 +531,6 @@ namespace System.Security.Cryptography.X509Certificates
}
}
public override string ToString ()
{
if (_cert == null)
return "System.Security.Cryptography.X509Certificates.X509Certificate2";
return ToString (true);
}
public override string ToString (bool verbose)
{
if (_cert == null)
return "System.Security.Cryptography.X509Certificates.X509Certificate2";
string nl = Environment.NewLine;
StringBuilder sb = new StringBuilder ();
// the non-verbose X509Certificate2 == verbose X509Certificate
if (!verbose) {
sb.AppendFormat ("[Subject]{0} {1}{0}{0}", nl, GetSubjectName (false));
sb.AppendFormat ("[Issuer]{0} {1}{0}{0}", nl, GetIssuerName (false));
sb.AppendFormat ("[Not Before]{0} {1}{0}{0}", nl, GetValidFrom ().ToLocalTime ());
sb.AppendFormat ("[Not After]{0} {1}{0}{0}", nl, GetValidUntil ().ToLocalTime ());
sb.AppendFormat ("[Thumbprint]{0} {1}{0}", nl, X509Helper.ToHexString (GetCertHash ()));
sb.Append (nl);
return sb.ToString ();
}
sb.AppendFormat ("[Version]{0} V{1}{0}{0}", nl, Version);
sb.AppendFormat ("[Subject]{0} {1}{0}{0}", nl, GetSubjectName (false));
sb.AppendFormat ("[Issuer]{0} {1}{0}{0}", nl, GetIssuerName (false));
sb.AppendFormat ("[Serial Number]{0} {1}{0}{0}", nl, GetSerialNumber ());
sb.AppendFormat ("[Not Before]{0} {1}{0}{0}", nl, GetValidFrom ().ToLocalTime ());
sb.AppendFormat ("[Not After]{0} {1}{0}{0}", nl, GetValidUntil ().ToLocalTime ());
sb.AppendFormat ("[Thumbprint]{0} {1}{0}", nl, X509Helper.ToHexString (GetCertHash ()));
sb.AppendFormat ("[Signature Algorithm]{0} {1}({2}){0}{0}", nl, SignatureAlgorithm.FriendlyName,
SignatureAlgorithm.Value);
AsymmetricAlgorithm key = PublicKey.Key;
sb.AppendFormat ("[Public Key]{0} Algorithm: ", nl);
if (key is RSA)
sb.Append ("RSA");
else if (key is DSA)
sb.Append ("DSA");
else
sb.Append (key.ToString ());
sb.AppendFormat ("{0} Length: {1}{0} Key Blob: ", nl, key.KeySize);
AppendBuffer (sb, PublicKey.EncodedKeyValue.RawData);
sb.AppendFormat ("{0} Parameters: ", nl);
AppendBuffer (sb, PublicKey.EncodedParameters.RawData);
sb.Append (nl);
return sb.ToString ();
}
private static void AppendBuffer (StringBuilder sb, byte[] buffer)
{
if (buffer == null)
return;
for (int i=0; i < buffer.Length; i++) {
sb.Append (buffer [i].ToString ("x2"));
if (i < buffer.Length - 1)
sb.Append (" ");
}
}
[MonoTODO ("by default this depends on the incomplete X509Chain")]
public override bool Verify (X509Certificate2 thisCertificate)
{
@@ -725,5 +621,3 @@ namespace System.Security.Cryptography.X509Certificates
}
}
}
#endif