Imported Upstream version 5.0.0.42

Former-commit-id: fd56571888259555122d8a0f58c68838229cea2b

mcs/class/System/Mono.AppleTls/Certificate.cs

@@ -0,0 +1,341 @@
+// 
+// Certificate.cs: Implements the managed SecCertificate wrapper.
+//
+// Authors: 
+//	Miguel de Icaza
+//  Sebastien Pouliot  <sebastien@xamarin.com>
+//
+// Copyright 2010 Novell, Inc
+// Copyright 2012-2013 Xamarin Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if SECURITY_DEP && MONO_FEATURE_APPLETLS
+
+using System;
+using System.Runtime.InteropServices;
+using System.Security.Cryptography.X509Certificates;
+using Mono.Net;
+
+using ObjCRuntime;
+
+namespace Mono.AppleTls {
+
+	partial class SecCertificate : INativeObject, IDisposable {
+		internal IntPtr handle;
+		
+		internal SecCertificate (IntPtr handle, bool owns = false)
+		{
+			if (handle == IntPtr.Zero)
+				throw new Exception ("Invalid handle");
+
+			this.handle = handle;
+			if (!owns)
+				CFObject.CFRetain (handle);
+		}
+		
+		[DllImport (AppleTlsContext.SecurityLibrary, EntryPoint="SecCertificateGetTypeID")]
+		public extern static IntPtr GetTypeID ();
+			
+		[DllImport (AppleTlsContext.SecurityLibrary)]
+		extern static IntPtr SecCertificateCreateWithData (IntPtr allocator, IntPtr cfData);
+
+		public SecCertificate (X509Certificate certificate)
+		{
+			if (certificate == null)
+				throw new ArgumentNullException ("certificate");
+
+			handle = certificate.Impl.GetNativeAppleCertificate ();
+			if (handle != IntPtr.Zero) {
+				CFObject.CFRetain (handle);
+				return;
+			}
+
+			using (CFData cert = CFData.FromData (certificate.GetRawCertData ())) {
+				Initialize (cert);
+			}
+		}
+
+		internal SecCertificate (X509CertificateImpl impl)
+		{
+			handle = impl.GetNativeAppleCertificate ();
+			if (handle != IntPtr.Zero) {
+				CFObject.CFRetain (handle);
+				return;
+			}
+
+			using (CFData cert = CFData.FromData (impl.GetRawCertData ())) {
+				Initialize (cert);
+			}
+		}
+
+		void Initialize (CFData data)
+		{
+			handle = SecCertificateCreateWithData (IntPtr.Zero, data.Handle);
+			if (handle == IntPtr.Zero)
+				throw new ArgumentException ("Not a valid DER-encoded X.509 certificate");
+		}
+
+		[DllImport (AppleTlsContext.SecurityLibrary)]
+		extern static IntPtr SecCertificateCopySubjectSummary (IntPtr cert);
+
+		public string SubjectSummary {
+			get {
+				if (handle == IntPtr.Zero)
+					throw new ObjectDisposedException ("SecCertificate");
+				
+				IntPtr subjectSummaryHandle = IntPtr.Zero;
+				try {
+					subjectSummaryHandle = SecCertificateCopySubjectSummary (handle);
+					CFString subjectSummary = CFString.AsString (subjectSummaryHandle);
+					return subjectSummary;
+				}
+				finally {
+					if (subjectSummaryHandle != IntPtr.Zero)
+						CFObject.CFRelease (subjectSummaryHandle);
+				}
+			}
+		}
+
+		[DllImport (AppleTlsContext.SecurityLibrary)]
+		extern static /* CFDataRef */ IntPtr SecCertificateCopyData (/* SecCertificateRef */ IntPtr cert);
+
+		public CFData DerData {
+			get {
+				if (handle == IntPtr.Zero)
+					throw new ObjectDisposedException ("SecCertificate");
+
+				IntPtr data = SecCertificateCopyData (handle);
+				if (data == IntPtr.Zero)
+					throw new ArgumentException ("Not a valid certificate");
+				return new CFData (data, true);
+			}
+		}
+
+		public X509Certificate ToX509Certificate ()
+		{
+			if (handle == IntPtr.Zero)
+				throw new ObjectDisposedException ("SecCertificate");
+
+			return new X509Certificate (handle);
+		}
+
+		internal static bool Equals (SecCertificate first, SecCertificate second)
+		{
+			/*
+			 * This is a little bit expensive, but unfortunately there is no better API to compare two
+			 * SecCertificateRef's for equality.
+			 */
+			if (first == null)
+				throw new ArgumentNullException ("first");
+			if (second == null)
+				throw new ArgumentNullException ("second");
+			if (first.Handle == second.Handle)
+				return true;
+
+			using (var firstData = first.DerData)
+			using (var secondData = second.DerData) {
+				if (firstData.Handle == secondData.Handle)
+					return true;
+
+				if (firstData.Length != secondData.Length)
+					return false;
+				IntPtr length = (IntPtr)firstData.Length;
+				for (long i = 0; i < (long)length; i++) {
+					if (firstData [i] != secondData [i])
+						return false;
+				}
+
+				return true;
+			}
+		}
+
+		~SecCertificate ()
+		{
+			Dispose (false);
+		}
+
+		public IntPtr Handle {
+			get {
+				return handle;
+			}
+		}
+
+		public void Dispose ()
+		{
+			Dispose (true);
+			GC.SuppressFinalize (this);
+		}
+
+		protected virtual void Dispose (bool disposing)
+		{
+			if (handle != IntPtr.Zero){
+				CFObject.CFRelease (handle);
+				handle = IntPtr.Zero;
+			}
+		}
+	}
+
+	partial class SecIdentity : INativeObject, IDisposable {
+		 
+		static readonly CFString ImportExportPassphase;
+		static readonly CFString ImportItemIdentity;
+		
+		static SecIdentity ()
+		{
+			var handle = CFObject.dlopen (AppleTlsContext.SecurityLibrary, 0);
+			if (handle == IntPtr.Zero)
+				return;
+
+			try {		
+				ImportExportPassphase = CFObject.GetStringConstant (handle, "kSecImportExportPassphrase");
+				ImportItemIdentity = CFObject.GetStringConstant (handle, "kSecImportItemIdentity");
+			} finally {
+				CFObject.dlclose (handle);
+			}
+		}
+
+		internal IntPtr handle;
+		
+		internal SecIdentity (IntPtr handle, bool owns = false)
+		{
+			this.handle = handle;
+			if (!owns)
+				CFObject.CFRetain (handle);
+		}
+
+		[DllImport (AppleTlsContext.SecurityLibrary, EntryPoint="SecIdentityGetTypeID")]
+		public extern static IntPtr GetTypeID ();
+
+		[DllImport (AppleTlsContext.SecurityLibrary)]
+		extern static /* OSStatus */ SecStatusCode SecIdentityCopyCertificate (/* SecIdentityRef */ IntPtr identityRef,  /* SecCertificateRef* */ out IntPtr certificateRef);
+
+		public SecCertificate Certificate {
+			get {
+				if (handle == IntPtr.Zero)
+					throw new ObjectDisposedException ("SecIdentity");
+				IntPtr cert;
+				SecStatusCode result = SecIdentityCopyCertificate (handle, out cert);
+				if (result != SecStatusCode.Success)
+					throw new InvalidOperationException (result.ToString ());
+				return new SecCertificate (cert, true);
+			}
+		}
+
+		public static SecIdentity Import (byte[] data, string password)
+		{
+			if (data == null)
+				throw new ArgumentNullException ("data");
+			if (string.IsNullOrEmpty (password)) // SecPKCS12Import() doesn't allow empty passwords.
+				throw new ArgumentException ("password");
+			using (var pwstring = CFString.Create (password))
+			using (var options = CFDictionary.FromObjectAndKey (pwstring.Handle, ImportExportPassphase.Handle)) {
+				CFDictionary [] array;
+				SecStatusCode result = SecImportExport.ImportPkcs12 (data, options, out array);
+				if (result != SecStatusCode.Success)
+					throw new InvalidOperationException (result.ToString ());
+
+				return new SecIdentity (array [0].GetValue (ImportItemIdentity.Handle));
+			}
+		}
+
+		public static SecIdentity Import (X509Certificate2 certificate)
+		{
+			if (certificate == null)
+				throw new ArgumentNullException ("certificate");
+			if (!certificate.HasPrivateKey)
+				throw new InvalidOperationException ("Need X509Certificate2 with a private key.");
+
+			/*
+			 * SecPSK12Import does not allow any empty passwords, so let's generate
+			 * a semi-random one here.
+			 */
+			var password = Guid.NewGuid ().ToString ();
+			var pkcs12 = certificate.Export (X509ContentType.Pfx, password);
+			return Import (pkcs12, password);
+		}
+
+		~SecIdentity ()
+		{
+			Dispose (false);
+		}
+
+		public IntPtr Handle {
+			get {
+				return handle;
+			}
+		}
+
+		public void Dispose ()
+		{
+			Dispose (true);
+			GC.SuppressFinalize (this);
+		}
+
+		protected virtual void Dispose (bool disposing)
+		{
+			if (handle != IntPtr.Zero){
+				CFObject.CFRelease (handle);
+				handle = IntPtr.Zero;
+			}
+		}
+	}
+
+	partial class SecKey : INativeObject, IDisposable {
+		internal IntPtr handle;
+		
+		public SecKey (IntPtr handle, bool owns = false)
+		{
+			this.handle = handle;
+			if (!owns)
+				CFObject.CFRetain (handle);
+		}
+
+		[DllImport (AppleTlsContext.SecurityLibrary, EntryPoint="SecKeyGetTypeID")]
+		public extern static IntPtr GetTypeID ();
+		
+		~SecKey ()
+		{
+			Dispose (false);
+		}
+
+		public IntPtr Handle {
+			get {
+				return handle;
+			}
+		}
+
+		public void Dispose ()
+		{
+			Dispose (true);
+			GC.SuppressFinalize (this);
+		}
+
+		protected virtual void Dispose (bool disposing)
+		{
+			if (handle != IntPtr.Zero){
+				CFObject.CFRelease (handle);
+				handle = IntPtr.Zero;
+			}
+		}
+	}
+}
+#endif