mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Imported Upstream version 5.4.0.167

Browse Source 
Former-commit-id: 5624ac747d633e885131e8349322922b6a59baaa
This commit is contained in:
Xamarin Public Jenkins (auto-signing)
2017-08-21 15:34:15 +00:00
parent e49d6f06c0
commit 536cd135cc
12856 changed files with 563812 additions and 223249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
mcs/class/referencesource/System.IdentityModel/System/IdentityModel/Claims/Claim.cs
View File

@ -17,7 +17,7 @@ namespace System.IdentityModel.Claims
// --------------- ---------------- ------------------
// "File" "boot.ini" "Read"
// "HairColor" "Brown" "PossessProperty"
// "UserName" "[....]" "PossessProperty"
// "UserName" "Microsoft" "PossessProperty"
// "Service" "MailService" "Access"
// "Operation" "ReadMail" "Invoke"
// ClaimType:

10
mcs/class/referencesource/System.IdentityModel/System/IdentityModel/Claims/X509CertificateClaimSet.cs
View File

@ -192,7 +192,15 @@ namespace System.IdentityModel.Claims
if (!string.IsNullOrEmpty(value))
claims.Add(Claim.CreateUriClaim(new Uri(value)));
RSA rsa = this.certificate.PublicKey.Key as RSA;
RSA rsa;
if (LocalAppContextSwitches.DisableCngCertificates)
{
rsa = this.certificate.PublicKey.Key as RSA;
}
else
{
rsa = CngLightup.GetRSAPublicKey(this.certificate);
}
if (rsa != null)
claims.Add(Claim.CreateRsaClaim(rsa));

6
mcs/class/referencesource/System.IdentityModel/System/IdentityModel/CryptoHelper.cs
View File

@ -865,7 +865,7 @@ namespace System.IdentityModel
catch (InvalidOperationException)
{
algorithmObject = null;
// We ---- the exception and continue.
// We swallow the exception and continue.
}
if (algorithmObject != null)
@ -901,7 +901,7 @@ namespace System.IdentityModel
catch (InvalidOperationException)
{
algorithmObject = null;
// We ---- the exception and continue.
// We swallow the exception and continue.
}
if (algorithmObject != null)
{
@ -952,7 +952,7 @@ namespace System.IdentityModel
}
catch (InvalidOperationException)
{
// We ---- the exception and continue.
// We swallow the exception and continue.
}
if (algorithmObject != null)
{

20
mcs/class/referencesource/System.IdentityModel/System/IdentityModel/LocalAppContextSwitches.cs
View File

@ -2,6 +2,7 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
//------------------------------------------------------------
#pragma warning disable 0436 //Disable the type conflict warning for the types used by LocalAppContext framework (Quirking)
namespace System.IdentityModel
{
using System;
@ -16,10 +17,12 @@ namespace System.IdentityModel
private const string EnableCachedEmptyDefaultAuthorizationContextString = "Switch.System.IdentityModel.EnableCachedEmptyDefaultAuthorizationContext";
private const string DisableMultipleDNSEntriesInSANCertificateString = "Switch.System.IdentityModel.DisableMultipleDNSEntriesInSANCertificate";
private const string DisableUpdatingRsaProviderTypeString = "Switch.System.IdentityModel.DisableUpdatingRsaProviderType";
private const string DisableCngCertificatesString = "Switch.System.IdentityModel.DisableCngCertificates";
private static int enableCachedEmptyDefaultAuthorizationContext;
private static int disableMultipleDNSEntriesInSANCertificate;
private static int disableUpdatingRsaProviderType;
private static int disableCngCertificatesString;
public static bool EnableCachedEmptyDefaultAuthorizationContext
{
@ -48,6 +51,15 @@ namespace System.IdentityModel
}
}
public static bool DisableCngCertificates
{
[MethodImpl(MethodImplOptions.AggressiveInlining)]
get
{
return LocalAppContext.GetCachedSwitchValue(DisableCngCertificatesString, ref disableCngCertificatesString);
}
}
public static void SetDefaultsLessOrEqual_452()
{
#pragma warning disable BCL0012
@ -61,6 +73,14 @@ namespace System.IdentityModel
#pragma warning disable BCL0012
// Define the switches that should be true for 4.6 or less, false for 4.6.1+.
LocalAppContext.DefineSwitchDefault(DisableMultipleDNSEntriesInSANCertificateString, true);
#pragma warning restore BCL0012
}
public static void SetDefaultsLessOrEqual_462()
{
#pragma warning disable BCL0012
// Define the switches that should be true for 4.6.2 or less, false for above 4.6.2.
LocalAppContext.DefineSwitchDefault(DisableCngCertificatesString, true);
#pragma warning restore BCL0012
}
}

125
mcs/class/referencesource/System.IdentityModel/System/IdentityModel/RsaEncryptionCookieTransform.cs
View File

@ -46,14 +46,14 @@ namespace System.IdentityModel
/// </summary>
/// <param name="key">The provided key will be used as the encryption and decryption key by default.</param>
/// <exception cref="ArgumentNullException">When the key is null.</exception>
public RsaEncryptionCookieTransform( RSA key )
public RsaEncryptionCookieTransform(RSA key)
{
if ( null == key )
if (null == key)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "key" );
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("key");
}
_encryptionKey = key;
_decryptionKeys.Add( _encryptionKey );
_decryptionKeys.Add(_encryptionKey);
}
/// <summary>
@ -63,14 +63,14 @@ namespace System.IdentityModel
/// <exception cref="ArgumentNullException">When certificate is null.</exception>
/// <exception cref="ArgumentException">When the certificate has no private key.</exception>
/// <exception cref="ArgumentException">When the certificate's key is not RSA.</exception>
public RsaEncryptionCookieTransform( X509Certificate2 certificate )
public RsaEncryptionCookieTransform(X509Certificate2 certificate)
{
if ( null == certificate )
if (null == certificate)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "certificate" );
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("certificate");
}
_encryptionKey = X509Util.EnsureAndGetPrivateRSAKey( certificate );
_decryptionKeys.Add( _encryptionKey );
_encryptionKey = X509Util.EnsureAndGetPrivateRSAKey(certificate);
_decryptionKeys.Add(_encryptionKey);
}
/// <summary>
@ -90,7 +90,7 @@ namespace System.IdentityModel
set
{
_encryptionKey = value;
_decryptionKeys = new List<RSA>( new RSA[] { _encryptionKey });
_decryptionKeys = new List<RSA>(new RSA[] { _encryptionKey });
}
}
@ -118,11 +118,11 @@ namespace System.IdentityModel
get { return _hashName; }
set
{
using ( HashAlgorithm algorithm = CryptoHelper.CreateHashAlgorithm( value ) )
using (HashAlgorithm algorithm = CryptoHelper.CreateHashAlgorithm(value))
{
if ( algorithm == null )
if (algorithm == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument( "value", SR.GetString( SR.ID6034, value ) );
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("value", SR.GetString(SR.ID6034, value));
}
_hashName = value;
}
@ -138,23 +138,23 @@ namespace System.IdentityModel
/// <exception cref="ArgumentException">The argument 'encoded' contains zero bytes.</exception>
/// <exception cref="NotSupportedException">The platform does not support the requested algorithm.</exception>
/// <exception cref="InvalidOperationException">There are no decryption keys or none of the keys match.</exception>
public override byte[] Decode( byte[] encoded )
public override byte[] Decode(byte[] encoded)
{
if ( null == encoded )
if (null == encoded)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "encoded" );
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("encoded");
}
if ( 0 == encoded.Length )
if (0 == encoded.Length)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument( "encoded", SR.GetString( SR.ID6045 ) );
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("encoded", SR.GetString(SR.ID6045));
}
ReadOnlyCollection<RSA> decryptionKeys = DecryptionKeys;
if ( 0 == decryptionKeys.Count )
if (0 == decryptionKeys.Count)
{
throw DiagnosticUtility.ThrowHelperInvalidOperation( SR.GetString( SR.ID6039 ) );
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID6039));
}
byte[] encryptedKeyAndIV;
@ -162,50 +162,50 @@ namespace System.IdentityModel
byte[] rsaHash;
RSA rsaDecryptionKey = null;
using ( HashAlgorithm hash = CryptoHelper.CreateHashAlgorithm( _hashName ) )
using (HashAlgorithm hash = CryptoHelper.CreateHashAlgorithm(_hashName))
{
int hashSizeInBytes = hash.HashSize / 8;
using ( BinaryReader br = new BinaryReader( new MemoryStream( encoded ) ) )
using (BinaryReader br = new BinaryReader(new MemoryStream(encoded)))
{
rsaHash = br.ReadBytes( hashSizeInBytes );
rsaHash = br.ReadBytes(hashSizeInBytes);
int encryptedKeyAndIVSize = br.ReadInt32();
if ( encryptedKeyAndIVSize < 0 )
if (encryptedKeyAndIVSize < 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new FormatException( SR.GetString( SR.ID1006, encryptedKeyAndIVSize ) ) );
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new FormatException(SR.GetString(SR.ID1006, encryptedKeyAndIVSize)));
}
//
// Enforce upper limit on key size to prevent large buffer allocation in br.ReadBytes()
//
if ( encryptedKeyAndIVSize > encoded.Length )
if (encryptedKeyAndIVSize > encoded.Length)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new FormatException( SR.GetString( SR.ID1007 ) ) );
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new FormatException(SR.GetString(SR.ID1007)));
}
encryptedKeyAndIV = br.ReadBytes( encryptedKeyAndIVSize );
encryptedKeyAndIV = br.ReadBytes(encryptedKeyAndIVSize);
int encryptedDataSize = br.ReadInt32();
if ( encryptedDataSize < 0 )
if (encryptedDataSize < 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new FormatException( SR.GetString( SR.ID1008, encryptedDataSize ) ) );
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new FormatException(SR.GetString(SR.ID1008, encryptedDataSize)));
}
//
// Enforce upper limit on data size to prevent large buffer allocation in br.ReadBytes()
//
if ( encryptedDataSize > encoded.Length )
if (encryptedDataSize > encoded.Length)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new FormatException( SR.GetString( SR.ID1009 ) ) );
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new FormatException(SR.GetString(SR.ID1009)));
}
encryptedData = br.ReadBytes( encryptedDataSize );
encryptedData = br.ReadBytes(encryptedDataSize);
}
//
// Find the decryption key matching the one in XML
//
foreach ( RSA key in decryptionKeys )
foreach (RSA key in decryptionKeys)
{
byte[] hashedKey = hash.ComputeHash( Encoding.UTF8.GetBytes( key.ToXmlString( false ) ) );
if ( CryptoHelper.IsEqual( hashedKey, rsaHash ) )
byte[] hashedKey = hash.ComputeHash(Encoding.UTF8.GetBytes(key.ToXmlString(false)));
if (CryptoHelper.IsEqual(hashedKey, rsaHash))
{
rsaDecryptionKey = key;
break;
@ -213,19 +213,12 @@ namespace System.IdentityModel
}
}
if ( rsaDecryptionKey == null )
if (rsaDecryptionKey == null)
{
throw DiagnosticUtility.ThrowHelperInvalidOperation( SR.GetString( SR.ID6040 ) );
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID6040));
}
RSACryptoServiceProvider rsaProvider = rsaDecryptionKey as RSACryptoServiceProvider;
if ( rsaProvider == null )
{
throw DiagnosticUtility.ThrowHelperInvalidOperation( SR.GetString( SR.ID6041 ) );
}
byte[] decryptedKeyAndIV = rsaProvider.Decrypt( encryptedKeyAndIV, true );
byte[] decryptedKeyAndIV = CngLightup.OaepSha1Decrypt(rsaDecryptionKey, encryptedKeyAndIV);
using (SymmetricAlgorithm symmetricAlgorithm = CryptoHelper.NewDefaultEncryption())
{
@ -265,35 +258,35 @@ namespace System.IdentityModel
/// <exception cref="ArgumentException">The argument 'value' contains zero bytes.</exception>
/// <exception cref="InvalidOperationException">The EncryptionKey is null.</exception>
/// <returns>Encoded data</returns>
public override byte[] Encode( byte[] value )
public override byte[] Encode(byte[] value)
{
if ( null == value )
if (null == value)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "value" );
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");
}
if ( 0 == value.Length )
if (0 == value.Length)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument( "value", SR.GetString( SR.ID6044 ) );
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("value", SR.GetString(SR.ID6044));
}
RSA encryptionKey = EncryptionKey;
if ( null == encryptionKey )
if (null == encryptionKey)
{
throw DiagnosticUtility.ThrowHelperInvalidOperation( SR.GetString( SR.ID6043 ) );
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID6043));
}
byte[] rsaHash;
byte[] encryptedKeyAndIV;
byte[] encryptedData;
using ( HashAlgorithm hash = CryptoHelper.CreateHashAlgorithm( _hashName ) )
using (HashAlgorithm hash = CryptoHelper.CreateHashAlgorithm(_hashName))
{
rsaHash = hash.ComputeHash( Encoding.UTF8.GetBytes( encryptionKey.ToXmlString( false ) ) );
rsaHash = hash.ComputeHash(Encoding.UTF8.GetBytes(encryptionKey.ToXmlString(false)));
}
using ( SymmetricAlgorithm encryptionAlgorithm = CryptoHelper.NewDefaultEncryption() )
using (SymmetricAlgorithm encryptionAlgorithm = CryptoHelper.NewDefaultEncryption())
{
encryptionAlgorithm.GenerateIV();
encryptionAlgorithm.GenerateKey();
@ -314,21 +307,21 @@ namespace System.IdentityModel
// Concatenate the Key and IV in an attempt to avoid two minimum block lengths in the cookie
//
byte[] keyAndIV = new byte[encryptionAlgorithm.Key.Length + encryptionAlgorithm.IV.Length];
Array.Copy( encryptionAlgorithm.Key, keyAndIV, encryptionAlgorithm.Key.Length );
Array.Copy( encryptionAlgorithm.IV, 0, keyAndIV, encryptionAlgorithm.Key.Length, encryptionAlgorithm.IV.Length );
Array.Copy(encryptionAlgorithm.Key, keyAndIV, encryptionAlgorithm.Key.Length);
Array.Copy(encryptionAlgorithm.IV, 0, keyAndIV, encryptionAlgorithm.Key.Length, encryptionAlgorithm.IV.Length);
encryptedKeyAndIV = provider.Encrypt( keyAndIV, true );
encryptedKeyAndIV = CngLightup.OaepSha1Encrypt(encryptionKey, keyAndIV);
}
using ( MemoryStream ms = new MemoryStream() )
using (MemoryStream ms = new MemoryStream())
{
using ( BinaryWriter bw = new BinaryWriter( ms ) )
using (BinaryWriter bw = new BinaryWriter(ms))
{
bw.Write( rsaHash );
bw.Write( encryptedKeyAndIV.Length );
bw.Write( encryptedKeyAndIV );
bw.Write( encryptedData.Length );
bw.Write( encryptedData );
bw.Write(rsaHash);
bw.Write(encryptedKeyAndIV.Length);
bw.Write(encryptedKeyAndIV);
bw.Write(encryptedData.Length);
bw.Write(encryptedData);
bw.Flush();
}

13
mcs/class/referencesource/System.IdentityModel/System/IdentityModel/RsaSignatureCookieTransform.cs
View File

@ -242,15 +242,18 @@ namespace System.IdentityModel
}
RSA signingKey = SigningKey;
RSACryptoServiceProvider rsaCryptoServiceProvider = signingKey as RSACryptoServiceProvider;
if (null == signingKey || null == rsaCryptoServiceProvider)
if (null == signingKey)
{
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID6042));
}
if (rsaCryptoServiceProvider.PublicOnly)
RSACryptoServiceProvider rsaCryptoServiceProvider = signingKey as RSACryptoServiceProvider;
if (rsaCryptoServiceProvider == null && LocalAppContextSwitches.DisableCngCertificates)
{
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID6042));
}
if (rsaCryptoServiceProvider != null && rsaCryptoServiceProvider.PublicOnly)
{
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID6046));
}

10
mcs/class/referencesource/System.IdentityModel/System/IdentityModel/SecurityUtils.cs
View File

@ -28,7 +28,7 @@ namespace System.IdentityModel
public const int WindowsVistaMajorNumber = 6;
static IIdentity anonymousIdentity;
// these should be kept in [....] with IIS70
// these should be kept in sync with IIS70
public const string AuthTypeNTLM = "NTLM";
public const string AuthTypeNegotiate = "Negotiate";
public const string AuthTypeKerberos = "Kerberos";
@ -727,7 +727,7 @@ namespace System.IdentityModel
}
/// <summary>
/// Internal helper class to help keep Kerberos and Spnego in [....].
/// Internal helper class to help keep Kerberos and Spnego in sync.
/// This code is shared by:
/// System\IdentityModel\Tokens\KerberosReceiverSecurityToken.cs
/// System\ServiceModel\Security\WindowsSspiNegotiation.cs
@ -736,7 +736,7 @@ namespace System.IdentityModel
internal class ExtendedProtectionPolicyHelper
{
//
// keep the defaults: _protectionScenario and _policyEnforcement, in [....] with: static class System.ServiceModel.Channel.ChannelBindingUtility
// keep the defaults: _protectionScenario and _policyEnforcement, in sync with: static class System.ServiceModel.Channel.ChannelBindingUtility
// We can't access those defaults as IdentityModel cannot take a dependency on ServiceModel
//
static ExtendedProtectionPolicy disabledPolicy = new ExtendedProtectionPolicy(PolicyEnforcement.Never);
@ -893,11 +893,11 @@ namespace System.IdentityModel
}
/// <summary>
/// Keep this in [....] with \System\ServiceModel\Channels\ChannelBindingUtility.cs
/// Keep this in sync with \System\ServiceModel\Channels\ChannelBindingUtility.cs
/// </summary>
public static ExtendedProtectionPolicy DefaultPolicy
{ //
//keep the default in [....] with : static class System.ServiceModel.Channels.ChannelBindingUtility
//keep the default in sync with : static class System.ServiceModel.Channels.ChannelBindingUtility
//we can't use these defaults as IdentityModel cannot take a dependency on ServiceModel
//

14
mcs/class/referencesource/System.IdentityModel/System/IdentityModel/SspiWrapper.cs
View File

@ -18,6 +18,9 @@ namespace System.IdentityModel
internal enum SchProtocols
{
Zero = 0,
PctClient = 0x00000002,
PctServer = 0x00000001,
Pct = (PctClient | PctServer),
Ssl2Client = 0x00000008,
Ssl2Server = 0x00000004,
Ssl2 = (Ssl2Client | Ssl2Server),
@ -28,6 +31,17 @@ namespace System.IdentityModel
TlsServer = 0x00000040,
Tls = (TlsClient | TlsServer),
Ssl3Tls = (Ssl3 | Tls),
Tls11Client = 0x00000200,
Tls11Server = 0x00000100,
Tls11 = (Tls11Client | Tls11Server),
Tls12Client = 0x00000800,
Tls12Server = 0x00000400,
Tls12 = (Tls12Client | Tls12Server),
UniClient = unchecked((int)0x80000000),
UniServer = 0x40000000,
Unified = (UniClient | UniServer),
ClientMask = (PctClient | Ssl2Client | Ssl3Client | TlsClient | Tls11Client | Tls12Client | UniClient),
ServerMask = (PctServer | Ssl2Server | Ssl3Server | TlsServer | Tls11Server | Tls12Server | UniServer)
};
//From WinCrypt.h

2
mcs/class/referencesource/System.IdentityModel/System/IdentityModel/Tokens/Saml2SecurityTokenHandler.cs.REMOVED.git-id
View File

@ -1 +1 @@
3911fb6480ccc104c10e55bfe26b0960c1ad45cd
227968329eab9a80a42874eac3d17deab05c1cee

2
mcs/class/referencesource/System.IdentityModel/System/IdentityModel/Tokens/SamlSecurityTokenHandler.cs.REMOVED.git-id
View File

@ -1 +1 @@
3ee5369d33f59d5420686993f1624a6b160f07b5
0fbf94a87c6f3b563250f16a1e72fbb44ba6398c

78
mcs/class/referencesource/System.IdentityModel/System/IdentityModel/Tokens/X509AsymmetricSecurityKey.cs
View File

@ -14,7 +14,8 @@ namespace System.IdentityModel.Tokens
X509Certificate2 certificate;
AsymmetricAlgorithm privateKey;
bool privateKeyAvailabilityDetermined;
PublicKey publicKey;
AsymmetricAlgorithm publicKey;
bool publicKeyAvailabilityDetermined;
object thisLock = new Object();
@ -28,7 +29,7 @@ namespace System.IdentityModel.Tokens
public override int KeySize
{
get { return this.PublicKey.Key.KeySize; }
get { return this.PublicKey.KeySize; }
}
AsymmetricAlgorithm PrivateKey
@ -39,28 +40,67 @@ namespace System.IdentityModel.Tokens
{
lock (ThisLock)
{
if (!this.privateKeyAvailabilityDetermined)
if (LocalAppContextSwitches.DisableCngCertificates)
{
this.privateKey = this.certificate.PrivateKey;
this.privateKeyAvailabilityDetermined = true;
}
else
{
this.privateKey = CngLightup.GetRSAPrivateKey(this.certificate);
if (this.privateKey != null)
{
RSACryptoServiceProvider rsaCsp = this.privateKey as RSACryptoServiceProvider;
// ProviderType == 1 is PROV_RSA_FULL provider type that only supports SHA1. Change it to PROV_RSA_AES=24 that supports SHA2 also.
if (rsaCsp != null && rsaCsp.CspKeyContainerInfo.ProviderType == 1)
{
CspParameters csp = new CspParameters();
csp.ProviderType = 24;
csp.KeyContainerName = rsaCsp.CspKeyContainerInfo.KeyContainerName;
csp.KeyNumber = (int)rsaCsp.CspKeyContainerInfo.KeyNumber;
if (rsaCsp.CspKeyContainerInfo.MachineKeyStore)
csp.Flags = CspProviderFlags.UseMachineKeyStore;
csp.Flags |= CspProviderFlags.UseExistingKey;
this.privateKey = new RSACryptoServiceProvider(csp);
}
}
else
{
this.privateKey = CngLightup.GetDSAPrivateKey(this.certificate);
}
if (certificate.HasPrivateKey && this.privateKey == null)
DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.PrivateKeyNotSupported)));
}
this.privateKeyAvailabilityDetermined = true;
}
}
return this.privateKey;
}
}
PublicKey PublicKey
AsymmetricAlgorithm PublicKey
{
get
{
if (this.publicKey == null)
if (!this.publicKeyAvailabilityDetermined)
{
lock (ThisLock)
{
if (this.publicKey == null)
if (!this.publicKeyAvailabilityDetermined)
{
this.publicKey = this.certificate.PublicKey;
if (LocalAppContextSwitches.DisableCngCertificates)
{
this.publicKey = this.certificate.PublicKey.Key;
}
else
{
this.publicKey = CngLightup.GetRSAPublicKey(this.certificate);
if (this.publicKey == null)
this.publicKey = CngLightup.GetDSAPublicKey(this.certificate);
if (this.publicKey == null)
DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.PublicKeyNotSupported)));
}
this.publicKeyAvailabilityDetermined = true;
}
}
}
@ -115,7 +155,7 @@ namespace System.IdentityModel.Tokens
public override byte[] EncryptKey(string algorithm, byte[] keyData)
{
// Ensure that we have an RSA algorithm object
RSA rsa = this.PublicKey.Key as RSA;
RSA rsa = this.PublicKey as RSA;
if (rsa == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.PublicKeyNotRSA)));
@ -181,18 +221,18 @@ namespace System.IdentityModel.Tokens
switch (algorithm)
{
case SignedXml.XmlDsigDSAUrl:
if ((this.PublicKey.Key as DSA) != null)
if ((this.PublicKey as DSA) != null)
{
return (this.PublicKey.Key as DSA);
return (this.PublicKey as DSA);
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.AlgorithmAndPublicKeyMisMatch)));
case SignedXml.XmlDsigRSASHA1Url:
case SecurityAlgorithms.RsaSha256Signature:
case EncryptedXml.XmlEncRSA15Url:
case EncryptedXml.XmlEncRSAOAEPUrl:
if ((this.PublicKey.Key as RSA) != null)
if ((this.PublicKey as RSA) != null)
{
return (this.PublicKey.Key as RSA);
return (this.PublicKey as RSA);
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.AlgorithmAndPublicKeyMisMatch)));
default:
@ -254,14 +294,14 @@ namespace System.IdentityModel.Tokens
{
SignatureDescription description = algorithmObject as SignatureDescription;
if (description != null)
return description.CreateDeformatter(this.PublicKey.Key);
return description.CreateDeformatter(this.PublicKey);
try
{
AsymmetricSignatureDeformatter asymmetricSignatureDeformatter = algorithmObject as AsymmetricSignatureDeformatter;
if (asymmetricSignatureDeformatter != null)
{
asymmetricSignatureDeformatter.SetKey(this.PublicKey.Key);
asymmetricSignatureDeformatter.SetKey(this.PublicKey);
return asymmetricSignatureDeformatter;
}
}
@ -279,7 +319,7 @@ namespace System.IdentityModel.Tokens
case SignedXml.XmlDsigDSAUrl:
// Ensure that we have a DSA algorithm object.
DSA dsa = (this.PublicKey.Key as DSA);
DSA dsa = (this.PublicKey as DSA);
if (dsa == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.PublicKeyNotDSA)));
return new DSASignatureDeformatter(dsa);
@ -287,7 +327,7 @@ namespace System.IdentityModel.Tokens
case SignedXml.XmlDsigRSASHA1Url:
case SecurityAlgorithms.RsaSha256Signature:
// Ensure that we have an RSA algorithm object.
RSA rsa = (this.PublicKey.Key as RSA);
RSA rsa = (this.PublicKey as RSA);
if (rsa == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.PublicKeyNotRSA)));
return new RSAPKCS1SignatureDeformatter(rsa);
@ -456,13 +496,13 @@ namespace System.IdentityModel.Tokens
switch (algorithm)
{
case SignedXml.XmlDsigDSAUrl:
return (this.PublicKey.Key is DSA);
return (this.PublicKey is DSA);
case SignedXml.XmlDsigRSASHA1Url:
case SecurityAlgorithms.RsaSha256Signature:
case EncryptedXml.XmlEncRSA15Url:
case EncryptedXml.XmlEncRSAOAEPUrl:
return (this.PublicKey.Key is RSA);
return (this.PublicKey is RSA);
default:
return false;
}

33
mcs/class/referencesource/System.IdentityModel/System/IdentityModel/X509Util.cs
View File

@ -32,18 +32,23 @@ namespace System.IdentityModel
}
// Check for accessibility of private key
AsymmetricAlgorithm privateKey;
RSA rsa;
try
{
privateKey = certificate.PrivateKey;
if (LocalAppContextSwitches.DisableCngCertificates)
{
rsa = certificate.PrivateKey as RSA;
}
else
{
rsa = CngLightup.GetRSAPrivateKey(certificate);
}
}
catch (CryptographicException e)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.ID1039, certificate.Thumbprint), e));
}
// Reject weird private key
RSA rsa = privateKey as RSA;
if (rsa == null)
{
#pragma warning suppress 56526 // no validation necessary for value.Thumbprint
@ -223,13 +228,29 @@ namespace System.IdentityModel
claimsCollection.Add(new Claim(ClaimTypes.Uri, value, ClaimValueTypes.String, issuer));
}
RSA rsa = certificate.PublicKey.Key as RSA;
RSA rsa;
if (LocalAppContextSwitches.DisableCngCertificates)
{
rsa = certificate.PublicKey.Key as RSA;
}
else
{
rsa = CngLightup.GetRSAPublicKey(certificate);
}
if (rsa != null)
{
claimsCollection.Add(new Claim(ClaimTypes.Rsa, rsa.ToXmlString(false), ClaimValueTypes.RsaKeyValue, issuer));
}
DSA dsa = certificate.PublicKey.Key as DSA;
DSA dsa;
if (LocalAppContextSwitches.DisableCngCertificates)
{
dsa = certificate.PublicKey.Key as DSA;
}
else
{
dsa = CngLightup.GetDSAPublicKey(certificate);
}
if (dsa != null)
{
claimsCollection.Add(new Claim(ClaimTypes.Dsa, dsa.ToXmlString(false), ClaimValueTypes.DsaKeyValue, issuer));