Imported Upstream version 4.0.0~alpha1

Former-commit-id: 806294f5ded97629b74c85c09952f2a74fe182d9

mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Alert.cs

@@ -124,8 +124,8 @@ namespace Mono.Security.Protocol.Tls
 
 		public Alert(AlertDescription description)
 		{
-			this.inferAlertLevel();
 			this.description = description;
+			this.level = inferAlertLevel(description);
 		}
 
 		public Alert(
@@ -140,15 +140,14 @@ namespace Mono.Security.Protocol.Tls
 
 		#region Private Methods
 
-		private void inferAlertLevel()
+		private static AlertLevel inferAlertLevel(AlertDescription description)
 		{
 			switch (description)
 			{
 				case AlertDescription.CloseNotify:
 				case AlertDescription.NoRenegotiation:
 				case AlertDescription.UserCancelled:
-					this.level = AlertLevel.Warning;
-					break;
+					return AlertLevel.Warning;
 
 				case AlertDescription.AccessDenied:
 				case AlertDescription.BadCertificate:
@@ -171,8 +170,7 @@ namespace Mono.Security.Protocol.Tls
 				case AlertDescription.UnknownCA:
 				case AlertDescription.UnsupportedCertificate:
 				default:
-					this.level = AlertLevel.Fatal;
-					break;
+					return AlertLevel.Fatal;
 			}
 		}
 		

mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuite.cs

@@ -477,12 +477,8 @@ namespace Mono.Security.Protocol.Tls
 					break;
 
 				case CipherAlgorithmType.Rijndael:
-#if MOBILE || NET_4_0
 					// only AES is really used - and we can use CommonCrypto for iOS and OSX this way
 					this.encryptionAlgorithm = Aes.Create();
-#else
-					this.encryptionAlgorithm = Rijndael.Create();
-#endif
 					break;
 			}
 
@@ -548,12 +544,8 @@ namespace Mono.Security.Protocol.Tls
 					break;
 
 				case CipherAlgorithmType.Rijndael:
-#if MOBILE || NET_4_0
 					// only AES is really used - and we can use CommonCrypto for iOS and OSX this way
 					this.decryptionAlgorithm = Aes.Create();
-#else
-					this.decryptionAlgorithm = Rijndael.Create();
-#endif
 					break;
 			}
 

mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs

@@ -589,14 +589,24 @@ namespace Mono.Security.Protocol.Tls
 
 		#region Send Alert Methods
 
+		internal void SendAlert(ref Exception ex)
+		{
+			var tlsEx = ex as TlsException;
+			var alert = tlsEx != null ? tlsEx.Alert : new Alert(AlertDescription.InternalError);
+
+			try {
+				SendAlert(alert);
+			} catch (Exception alertEx) {
+				ex = new IOException (string.Format ("Error while sending TLS Alert ({0}:{1}): {2}", alert.Level, alert.Description, ex), ex);
+			}
+		}
+
 		public void SendAlert(AlertDescription description)
 		{
 			this.SendAlert(new Alert(description));
 		}
 
-		public void SendAlert(
-			AlertLevel			level, 
-			AlertDescription	description)
+		public void SendAlert(AlertLevel level, AlertDescription description)
 		{
 			this.SendAlert(new Alert(level, description));
 		}

mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SecurityProtocolType.cs

@@ -40,9 +40,7 @@ namespace Mono.Security.Protocol.Tls
 		Ssl2	= 12,
 		Ssl3	= 48,
 		Tls		= 192,
-#if NET_4_5
 		Tls11	= 768,
 		Tls12	= 3072,
-#endif
 	}
 }

mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs

@@ -590,7 +590,7 @@ namespace Mono.Security.Protocol.Tls
 			{
 				try {
 					Exception e = ex;
-					this.protocol.SendAlert(ex.Alert != null ? ex.Alert : new Alert (AlertDescription.InternalError));
+					this.protocol.SendAlert(ref e);
 				} catch {
 				}
 				negotiate.SetComplete(new IOException("The authentication or decryption has failed.", ex));

mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs

@@ -98,16 +98,9 @@ namespace Mono.Security.Protocol.Tls
 				{
 					this.EndNegotiateHandshake(asyncResult);
 				}
-				catch (TlsException ex)
-				{
-					this.protocol.SendAlert(ex.Alert);
-
-					throw new IOException("The authentication or decryption has failed.", ex);
-				}
 				catch (Exception ex)
 				{
-					this.protocol.SendAlert(AlertDescription.InternalError);
-
+					this.protocol.SendAlert(ref ex);
 					throw new IOException("The authentication or decryption has failed.", ex);
 				}
 
@@ -502,17 +495,10 @@ namespace Mono.Security.Protocol.Tls
 					}
 				}
 			}
-			catch (TlsException ex)
-			{
-				this.negotiationComplete.Set();
-				this.protocol.SendAlert(ex.Alert);
-
-				throw new IOException("The authentication or decryption has failed.", ex);
-			}
 			catch (Exception ex)
 			{
 				this.negotiationComplete.Set();
-				this.protocol.SendAlert(AlertDescription.InternalError);
+				this.protocol.SendAlert(ref ex);
 
 				throw new IOException("The authentication or decryption has failed.", ex);
 			}
@@ -628,15 +614,10 @@ namespace Mono.Security.Protocol.Tls
 					asyncResult.SetComplete(0);
 				}
 			}
-			catch (TlsException ex)
-			{
-				this.protocol.SendAlert(ex.Alert);
-
-				throw new IOException("The authentication or decryption has failed.", ex);
-			}
 			catch (Exception ex)
 			{
-				throw new IOException("IO exception during read.", ex);
+				this.protocol.SendAlert(ref ex);
+				throw new IOException("The authentication or decryption has failed.", ex);
 			}
 		}
 
@@ -781,17 +762,13 @@ namespace Mono.Security.Protocol.Tls
 						record, 0, record.Length, new AsyncCallback(InternalWriteCallback), asyncResult);
 				}
 			}
-			catch (TlsException ex)
+			catch (Exception ex)
 			{
-				this.protocol.SendAlert(ex.Alert);
+				this.protocol.SendAlert (ref ex);
 				this.Close();
 
 				throw new IOException("The authentication or decryption has failed.", ex);
 			}
-			catch (Exception ex)
-			{
-				throw new IOException("IO exception during Write.", ex);
-			}
 		}
 
 		private void InternalWriteCallback(IAsyncResult ar)
@@ -1121,15 +1098,11 @@ namespace Mono.Security.Protocol.Tls
 					byte[] record = this.protocol.EncodeRecord (ContentType.ApplicationData, buffer, offset, count);
 					this.innerStream.Write (record, 0, record.Length);
 				}
-				catch (TlsException ex)
-				{
-					this.protocol.SendAlert(ex.Alert);
-					this.Close();
-					throw new IOException("The authentication or decryption has failed.", ex);
-				}
 				catch (Exception ex)
 				{
-					throw new IOException("IO exception during Write.", ex);
+					this.protocol.SendAlert(ref ex);
+					this.Close();
+					throw new IOException("The authentication or decryption has failed.", ex);
 				}
 			}
 		}

mcs/class/Mono.Security/Mono.Security.X509/X509Certificate.cs

@@ -68,6 +68,10 @@ namespace Mono.Security.X509 {
 		private byte[] certhash;
 		private RSA _rsa;
 		private DSA _dsa;
+
+		// from http://msdn.microsoft.com/en-gb/library/ff635835.aspx
+		private const string OID_DSA = "1.2.840.10040.4.1";
+		private const string OID_RSA = "1.2.840.113549.1.1.1";
 		
 		// from http://www.ietf.org/rfc/rfc2459.txt
 		//
@@ -247,7 +251,7 @@ namespace Mono.Security.X509 {
 				if (m_keyalgoparams == null)
 					throw new CryptographicException ("Missing key algorithm parameters.");
 
-				if (_dsa == null) {
+				if (_dsa == null && m_keyalgo == OID_DSA) {
 					DSAParameters dsaParams = new DSAParameters ();
 					// for DSA m_publickey contains 1 ASN.1 integer - Y
 					ASN1 pubkey = new ASN1 (m_publickey);
@@ -327,7 +331,7 @@ namespace Mono.Security.X509 {
 
 		public virtual RSA RSA {
 			get {
-				if (_rsa == null) {
+				if (_rsa == null && m_keyalgo == OID_RSA) {
 					RSAParameters rsaParams = new RSAParameters ();
 					// for RSA m_publickey contains 2 ASN.1 integers
 					// the modulus and the public exponent
@@ -560,4 +564,4 @@ namespace Mono.Security.X509 {
 			return Convert.FromBase64String (base64);
 		}
 	}
-}
+}

mcs/class/Mono.Security/Test/Mono.Security/ASN1ConvertTest.cs

@@ -39,9 +39,7 @@ namespace MonoTests.Mono.Security {
 			ASN1 dt = ASN1Convert.FromDateTime (expected);
 			Assert.AreEqual (0x17, dt.Tag, "UTCTIME");
 			DateTime actual = ASN1Convert.ToDateTime (dt);
-#if NET_2_0
 			Assert.AreEqual (DateTimeKind.Utc, actual.Kind, "Kind");
-#endif
 			AssertDate (expected, actual.ToLocalTime(), "DateTime");
 		}
 
@@ -52,9 +50,7 @@ namespace MonoTests.Mono.Security {
 			ASN1 dt = ASN1Convert.FromDateTime (expected);
 			Assert.AreEqual (0x17, dt.Tag, "UTCTIME");
 			DateTime actual = ASN1Convert.ToDateTime (dt);
-#if NET_2_0
 			Assert.AreEqual (DateTimeKind.Utc, actual.Kind, "Kind");
-#endif
 			AssertDate (expected, actual.ToLocalTime(), "DateTime");
 		}
 
@@ -65,9 +61,7 @@ namespace MonoTests.Mono.Security {
 			ASN1 dt = ASN1Convert.FromDateTime (expected);
 			Assert.AreEqual (0x18, dt.Tag, "GENERALIZEDTIME");
 			DateTime actual = ASN1Convert.ToDateTime (dt);
-#if NET_2_0
 			Assert.AreEqual (DateTimeKind.Utc, actual.Kind, "Kind");
-#endif
 			AssertDate (expected, actual.ToLocalTime(), "DateTime");
 		}
 
@@ -77,9 +71,7 @@ namespace MonoTests.Mono.Security {
 			string nosecs = "9912312359Z"; 
 			ASN1 dt = new ASN1 (0x18, Encoding.ASCII.GetBytes (nosecs));
 			DateTime actual = ASN1Convert.ToDateTime (dt);
-#if NET_2_0
 			Assert.AreEqual (DateTimeKind.Utc, actual.Kind, "Kind");
-#endif
 			Assert.AreEqual (nosecs, actual.ToUniversalTime ().ToString ("yyMMddHHmm") + "Z", "DateTime");
 		}
 
@@ -173,12 +165,10 @@ namespace MonoTests.Mono.Security {
 		}
 
 		[Test]
-#if NET_2_0
 		// the large X test tries to encode an invalid OID (second part being > 40).
 		// In 1.x CryptoConfig.EncodeOID just encoded the binary (so we copied the 
 		// *bad* behaviour) but 2.0 encode it differently (sigh)
 		[Category ("NotDotNet")]
-#endif
 		public void ConvertOID_LargeX () 
 		{
 			ASN1 asn = new ASN1 (0x06, new byte [] { 0xA8, 0x00, 0x00 });