Imported Upstream version 3.6.0

Former-commit-id: da6be194a6b1221998fc28233f2503bd61dd9d14

mcs/class/corlib/System.Security.Cryptography.X509Certificates/ChangeLog

@@ -0,0 +1,203 @@
+2010-03-16  Jb Evain  <jbevain@novell.com>
+
+	* X509KeyStorageFlags.cs, X509ContentType.cs, X509Certificate.cs
+	X509Certificate20.cs: use MOONLIGHT symbol to disambiguate
+	MonoTouch and Moonlight code.
+
+2009-09-22  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Certificate20.cs: Don't depend on SecureString for NET_2_1
+
+2009-05-02  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Certificate.cs: Remove code to initialize from an handle
+	in NET_2_1 since this is only possible from Windows and would be
+	SC anyway.
+
+2009-04-30  Sebastien Pouliot  <sebastien@ximian.com> 
+
+	* X509Certificate.cs: Remove CreateFromSignedFile from NET_2_1 
+	since it's unneeded and bring more code and [SecuritySafeCritical]
+	API into the assemblies.
+
+2008-08-18  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Certificate[20].cs: Silverlight 2.0 does not implement either
+	IDeserializationCallback or ISerializable interfaces for this type.
+
+2008-08-08  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Certificate20.cs: Remove reference to X509ContentType.Pfx and
+	SerializedCert since they are not available in SL 2.0
+	* X509ContentType.cs: Remove values not available in SL 2.0
+	* X509KeyStorageFlags.cs: Remove values not available in SL 2.0
+
+2008-07-02  Andreas Nahr  <ClassDevelopment@A-SoftTech.com>
+
+	* X509Certificate.cs: Fix parameter names
+
+2008-01-12  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Certificate.cs: Don't wrap our own COMException inside another
+	one. This will provide a better error message to the user (or tool)
+
+2007-01-05  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Certificate.cs: Now that the ASN.1 converted DateTime is 
+	"clearly" UTC (in 2.0) we need to adjust GetEffectiveDateString and 
+	GetExpirationDateString methods to return the local time.
+
+2006-11-17  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Certificate.cs: Fix Equals to throw a CryptographicException, in
+	2.0 profile, if the certificate instance is empty.
+	* X509Certificate20.cs: Fix Reset method to reset every fields (as the
+	instance can be reused in 2.0). Updated MonoTODO attributes.
+
+2006-11-08  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Certificate.cs: Refactored 2.0 support (partial class) and added
+	some missing features. All unit tests now works in both 1.x and 2.0.
+	* X509Certificate20.cs: Partial class for 2.0 specific properties and
+	methods for X509Certificate class.
+
+2006-10-08  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Certificate.cs: Ensure we can load certificates from read-only
+	files (fix bug #79616). Refactored to avoid code duplication.
+
+2006-08-08  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Certificate.cs: A unrequired password can be supplied to the 
+	2.0 ctors.
+
+2006-07-31  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* X509Certificate.cs :
+	  In 2.0 IntPtr constructor reject IntPtr.Zero as invalid handle.
+	  In 2.0 copy constructor rejects null argument.
+	  Equals() should return false if the argument cert is null.
+	  Also if both x509 and raw data are null it caused NRE.
+
+2005-11-09  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509ContentType.cs: Removed extra [Serializable] (2.0).
+
+2005-09-25  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Certificate.cs: Fix date/time reporting for NET_2_0 profile (bug
+	fixed in 2.0).
+
+2005-04-27  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Certificate.cs: Updated features for 2.0.
+
+2005-04-24  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Certificate.cs: Add [ComVisible (true)] to class, add new Issuer
+	and Subject properties. Removed some [ComVisible (false)] on methods.
+	* X509ContentType.cs: Add [ComVisible (true)] to enum.
+	* X509KeyStorageFlags.cs: Add [ComVisible (true)] to enum.
+
+2005-03-24  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Certificate.cs: Added Demand for UnmanagedCode to ctor(IntPtr).
+	Return "empty" certificate when IntPtr.Zero is used with ctor(IntPtr).
+	Don't wrap SecurityException inside COMException for Authenticode.
+
+2004-11-30  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Certificate.cs: Added ComVisible attributes to match 2.0 October
+	Preview. Prepared Import and Export to be plugged with PKCS#12 code.
+	* X509ContentType.cs: Fixed typo (dnd) in comments.
+
+2004-09-07  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Certificate.cs: CreateFromSignedFile now throw the COMException
+	if the specified file isn't signed (before this was done by 
+	AuthenticodeDeformatter). More details are available on failure.
+
+2004-07-08  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Certificate.cs: Added new Equals(Object). Moved [Serializable]
+	so it's compiled by all profiles. Added missing MonoTODO.
+	* X509ContentType.cs: Added new (from 1.2) Pkcs12 enum member. Added
+	missing [Serializable] attribute.
+	* X509KeyStorageFlags.cs: Specified all flags values. Added missing
+	[Serializable] attribute.
+
+2004-07-07  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Certificate.cs: Fixed NET_2_0 directives.
+	* X509ContentType.cs: New enum in Fx 2.0.
+	* X509KeyStorageFlags.cs: New flags in Fx 2.0.
+
+2003-12-15  Sebastien Pouliot  <spouliot@videotron.ca>
+
+	* X509Certificate.cs: Removed old (commented) Authenticode stuff.
+	Added new stuff for 1.2 (stub).
+
+2003-10-12  Sebastien Pouliot  <spouliot@videotron.ca>
+
+	* X509Certificate.cs: Implements CreateFromSignedFile using
+	Authenticode related classes.
+
+2003-06-02  Sebastien Pouliot  <spouliot@videotron.ca>
+
+	* X509Certificate.cs: Implements X509Certificate(IntPtr)
+	constructor for compatibility with CryptoAPI.
+
+2003-04-23  Sebastien Pouliot  <spouliot@videotron.ca>
+
+	* X509Certificate.cs: Fixed issues for null certificate 
+	(special case where object exists without any certificate)
+	which made PublisherTest fails.
+
+2003-03-15  Sebastien Pouliot  <spouliot@videotron.ca>
+
+	* X509Certificate.cs: Now use Mono.Security.X509.X509Certificate.
+
+2003-02-08  Sebastien Pouliot  <spouliot@videotron.ca>
+
+	* X509Certificate.cs: Changes to refer Mono.Security (for ASN1)
+
+2002-12-27  Sebastien Pouliot  <spouliot@videotron.ca>
+
+	* ASN1.cs: New. Updated ASN1 classes for X509Certificate that can
+	now be reused for other tools (like Cert2Spc). Classes are marked
+	internal so they cannot be reused from outside corlib (for 
+	compatibility with MS implementation).
+	* X509Certificate.cs: Removed all ASN1 classes from file.	
+
+2002-12-26  Sebastien Pouliot  <spouliot@videotron.ca>
+
+	* X509Certificate.cs: Fixed the date issue (again). Time was 
+	converted to local time then ajusted to Pacific time. Now time
+	is kept (internally) as UTC and correct (-8) to Pacific when shown.
+	Changed Authenticode signature detection and removed debugging code.
+
+2002-12-22  Sebastien Pouliot  <spouliot@videotron.ca>
+
+	* X509Certificate.cs: Completed CreateFromSignedFile. Added a new 
+	internal constructor so Publisher (and the related classes) can 
+	create a X509Certificate object which return null dates (for both 
+	GetEffectiveDateString and GetExpirationDateString methods).
+
+2002-12-15  Sebastien Pouliot  <spouliot@videotron.ca>
+
+	* X509Certificate.cs: Fixed the date issue. MS implementation always
+	return the local time for Pacific (GMT-8). Added ToString() and changed
+	some protected to private to please corcompare.
+
+2002-11-03  Sebastien Pouliot  <spouliot@videotron.ca>
+
+	* X509Certificate.cs: Updated some DN cases and some minor time issues.
+	GetEffectiveDateString and GetExpirationDateString still don't match 
+	MS implementation (however they seems, most of the time, to be on par 
+	with the Windows Certificate Viewer - crtmgr.exe).
+
+2002-11-02  Sebastien Pouliot  <spouliot@videotron.ca>
+
+	* ChangeLog: New. First entry ;-)
+	* X509Certificates.cs: New. Almost complete - except 
+	CryptoAPI link, CreateFromSignedFile and some date issues.

mcs/class/corlib/System.Security.Cryptography.X509Certificates/X509Certificate.cs

@@ -0,0 +1,386 @@
+//
+// X509Certificate.cs: Handles X.509 certificates.
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004-2006 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.IO;
+using System.Runtime.InteropServices;
+using System.Security.Permissions;
+using System.Text;
+
+using Mono.Security;
+using Mono.Security.X509;
+
+using System.Runtime.Serialization;
+using Mono.Security.Authenticode;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	// References:
+	// a.	Internet X.509 Public Key Infrastructure Certificate and CRL Profile
+	//	http://www.ietf.org/rfc/rfc3280.txt
+	
+	// LAMESPEC: the MSDN docs always talks about X509v3 certificates
+	// and/or Authenticode certs. However this class works with older
+	// X509v1 certificates and non-authenticode (code signing) certs.
+	[Serializable]
+#if NET_2_1
+	public partial class X509Certificate {
+#else
+	public partial class X509Certificate : IDeserializationCallback, ISerializable {
+#endif
+		// typedef struct _CERT_CONTEXT {
+                //	DWORD                   dwCertEncodingType;
+                //	BYTE                    *pbCertEncoded;
+		//	DWORD                   cbCertEncoded;
+		//	PCERT_INFO              pCertInfo;
+		//	HCERTSTORE              hCertStore;
+		// } CERT_CONTEXT, *PCERT_CONTEXT;
+		// typedef const CERT_CONTEXT *PCCERT_CONTEXT;
+		[StructLayout (LayoutKind.Sequential)]
+		internal struct CertificateContext {
+			public UInt32 dwCertEncodingType;
+			public IntPtr pbCertEncoded;
+			public UInt32 cbCertEncoded;
+			public IntPtr pCertInfo;
+			public IntPtr hCertStore;
+		}
+		// NOTE: We only define the CryptoAPI structure (from WINCRYPT.H)
+		// so we don't create any dependencies on Windows DLL in corlib
+
+		private Mono.Security.X509.X509Certificate x509;
+		private bool hideDates;
+		private byte[] cachedCertificateHash;
+	
+		// almost every byte[] returning function has a string equivalent
+		// sadly the BitConverter insert dash between bytes :-(
+		private string tostr (byte[] data) 
+		{
+			if (data != null) {
+				StringBuilder sb = new StringBuilder ();
+				for (int i = 0; i < data.Length; i++)
+					sb.Append (data[i].ToString ("X2"));
+				return sb.ToString ();
+			}
+			else
+				return null;
+		}
+	
+		// static methods
+	
+		public static X509Certificate CreateFromCertFile (string filename) 
+		{
+			byte[] data = File.ReadAllBytes (filename);
+			return new X509Certificate (data);
+		}
+
+		[MonoTODO ("Incomplete - minimal validation in this version")]
+		public static X509Certificate CreateFromSignedFile (string filename)
+		{
+			try {
+				AuthenticodeDeformatter a = new AuthenticodeDeformatter (filename);
+				if (a.SigningCertificate != null) {
+					return new X509Certificate (a.SigningCertificate.RawData);
+				}
+			}
+			catch (SecurityException) {
+				// don't wrap SecurityException into a COMException
+				throw;
+			}
+			catch (Exception e) {
+				string msg = Locale.GetText ("Couldn't extract digital signature from {0}.", filename);
+				throw new COMException (msg, e);
+			}
+			throw new CryptographicException (Locale.GetText ("{0} isn't signed.", filename));
+		}
+
+		// constructors
+	
+		// special constructor for Publisher (and related classes).
+		// Dates strings are null
+		internal X509Certificate (byte[] data, bool dates) 
+		{
+			if (data != null) {
+				Import (data, (string)null, X509KeyStorageFlags.DefaultKeySet);
+				hideDates = !dates;
+			}
+		}
+	
+		public X509Certificate (byte[] data) : this (data, true)
+		{
+		}
+	
+		public X509Certificate (IntPtr handle) 
+		{
+			if (handle == IntPtr.Zero)
+				throw new ArgumentException ("Invalid handle.");
+#if NET_2_1
+			// this works on Windows-only so it's of no use for Moonlight
+			// even more since this ctor is [SecurityCritical]
+			throw new NotSupportedException ();
+#else
+			InitFromHandle (handle);
+#endif
+		}
+
+		[SecurityPermission (SecurityAction.Demand, UnmanagedCode = true)]
+		private void InitFromHandle (IntPtr handle)
+		{
+			if (handle != IntPtr.Zero) {
+				// both Marshal.PtrToStructure and Marshal.Copy use LinkDemand (so they will always success from here)
+				CertificateContext cc = (CertificateContext) Marshal.PtrToStructure (handle, typeof (CertificateContext));
+				byte[] data = new byte [cc.cbCertEncoded];
+				Marshal.Copy (cc.pbCertEncoded, data, 0, (int)cc.cbCertEncoded);
+				x509 = new Mono.Security.X509.X509Certificate (data);
+			}
+			// for 1.x IntPtr.Zero results in an "empty" certificate instance
+		}
+	
+		public X509Certificate (System.Security.Cryptography.X509Certificates.X509Certificate cert) 
+		{
+			if (cert == null)
+				throw new ArgumentNullException ("cert");
+
+			if (cert != null) {
+				byte[] data = cert.GetRawCertData ();
+				if (data != null)
+					x509 = new Mono.Security.X509.X509Certificate (data);
+				hideDates = false;
+			}
+		}
+
+
+		// public methods
+	
+		public virtual bool Equals (System.Security.Cryptography.X509Certificates.X509Certificate other)
+		{
+			if (other == null) {
+				return false;
+			} else {
+				if (other.x509 == null) {
+					if (x509 == null)
+						return true;
+					throw new CryptographicException (Locale.GetText ("Certificate instance is empty."));
+				}
+
+				byte[] raw = other.x509.RawData;
+				if (raw != null) {
+					if (x509 == null)
+						return false;
+					if (x509.RawData == null)
+						return false;
+					if (raw.Length == x509.RawData.Length) {
+						for (int i = 0; i < raw.Length; i++) {
+							if (raw[i] != x509.RawData [i])
+								return false;
+						}
+						// well no choice must be equals!
+						return true;
+					}
+					else
+						return false;
+				}
+			}
+			return ((x509 == null) || (x509.RawData == null));
+		}
+	
+		// LAMESPEC: This is the equivalent of the "thumbprint" that can be seen
+		// in the certificate viewer of Windows. This is ALWAYS the SHA1 hash of
+		// the certificate (i.e. it has nothing to do with the actual hash 
+		// algorithm used to sign the certificate).
+		public virtual byte[] GetCertHash () 
+		{
+			if (x509 == null)
+				throw new CryptographicException (Locale.GetText ("Certificate instance is empty."));
+			// we'll hash the cert only once and only if required
+			if ((cachedCertificateHash == null) && (x509 != null)) {
+				SHA1 sha = SHA1.Create ();
+				cachedCertificateHash = sha.ComputeHash (x509.RawData);
+			}
+			return cachedCertificateHash;
+		}
+	
+		public virtual string GetCertHashString () 
+		{
+			// must call GetCertHash (not variable) or optimization wont work
+			return tostr (GetCertHash ());
+		}
+	
+		// strangly there are no DateTime returning function
+		public virtual string GetEffectiveDateString ()
+		{
+			if (hideDates)
+				return null;
+			if (x509 == null)
+				throw new CryptographicException (Locale.GetText ("Certificate instance is empty."));
+
+			return x509.ValidFrom.ToLocalTime ().ToString ();
+		}
+	
+		// strangly there are no DateTime returning function
+		public virtual string GetExpirationDateString () 
+		{
+			if (hideDates)
+				return null;
+			if (x509 == null)
+				throw new CryptographicException (Locale.GetText ("Certificate instance is empty."));
+
+			return x509.ValidUntil.ToLocalTime ().ToString ();
+		}
+	
+		// well maybe someday there'll be support for PGP or SPKI ?
+		public virtual string GetFormat () 
+		{
+			return "X509";	// DO NOT TRANSLATE
+		}
+	
+		public override int GetHashCode ()
+		{
+			if (x509 == null)
+				return 0;
+			// the cert hash may not be (yet) calculated
+			if (cachedCertificateHash == null)
+				GetCertHash();
+		
+			// return the integer of the first 4 bytes of the cert hash
+			if ((cachedCertificateHash != null) && (cachedCertificateHash.Length >= 4))
+				return ((cachedCertificateHash[0] << 24) |(cachedCertificateHash[1] << 16) |
+					(cachedCertificateHash[2] << 8) | cachedCertificateHash[3]);
+			else
+				return 0;
+		}
+
+		[Obsolete ("Use the Issuer property.")]
+		public virtual string GetIssuerName () 
+		{
+			if (x509 == null)
+				throw new CryptographicException (Locale.GetText ("Certificate instance is empty."));
+			return x509.IssuerName;
+		}
+	
+		public virtual string GetKeyAlgorithm () 
+		{
+			if (x509 == null)
+				throw new CryptographicException (Locale.GetText ("Certificate instance is empty."));
+			return x509.KeyAlgorithm;
+		}
+	
+		public virtual byte[] GetKeyAlgorithmParameters () 
+		{
+			if (x509 == null)
+				throw new CryptographicException (Locale.GetText ("Certificate instance is empty."));
+
+			byte[] kap = x509.KeyAlgorithmParameters;
+			if (kap == null)
+				throw new CryptographicException (Locale.GetText ("Parameters not part of the certificate"));
+
+			return kap;
+		}
+	
+		public virtual string GetKeyAlgorithmParametersString () 
+		{
+			return tostr (GetKeyAlgorithmParameters ());
+		}
+	
+		[Obsolete ("Use the Subject property.")]
+		public virtual string GetName ()
+		{
+			if (x509 == null)
+				throw new CryptographicException (Locale.GetText ("Certificate instance is empty."));
+			return x509.SubjectName;
+		}
+	
+		public virtual byte[] GetPublicKey () 
+		{
+			if (x509 == null)
+				throw new CryptographicException (Locale.GetText ("Certificate instance is empty."));
+			return x509.PublicKey;
+		}
+	
+		public virtual string GetPublicKeyString () 
+		{
+			return tostr (GetPublicKey ());
+		}
+	
+		public virtual byte[] GetRawCertData () 
+		{
+			if (x509 == null)
+				throw new CryptographicException (Locale.GetText ("Certificate instance is empty."));
+			return x509.RawData;
+		}
+	
+		public virtual string GetRawCertDataString () 
+		{
+			if (x509 == null)
+				throw new CryptographicException (Locale.GetText ("Certificate instance is empty."));
+			return tostr (x509.RawData);
+		}
+	
+		public virtual byte[] GetSerialNumber () 
+		{
+			if (x509 == null)
+				throw new CryptographicException (Locale.GetText ("Certificate instance is empty."));
+			return x509.SerialNumber;
+		}
+	
+		public virtual string GetSerialNumberString () 
+		{
+			byte[] sn = GetSerialNumber ();
+			Array.Reverse (sn);
+			return tostr (sn);
+		}
+	
+		// to please corcompare ;-)
+		public override string ToString () 
+		{
+			return base.ToString ();
+		}
+	
+		public virtual string ToString (bool fVerbose) 
+		{
+			if (!fVerbose || (x509 == null))
+				return base.ToString ();
+
+			string nl = Environment.NewLine;
+			StringBuilder sb = new StringBuilder ();
+			sb.AppendFormat ("[Subject]{0}  {1}{0}{0}", nl, Subject);
+			sb.AppendFormat ("[Issuer]{0}  {1}{0}{0}", nl, Issuer);
+			sb.AppendFormat ("[Not Before]{0}  {1}{0}{0}", nl, GetEffectiveDateString ());
+			sb.AppendFormat ("[Not After]{0}  {1}{0}{0}", nl, GetExpirationDateString ());
+			sb.AppendFormat ("[Thumbprint]{0}  {1}{0}", nl, GetCertHashString ());
+			sb.Append (nl);
+			return sb.ToString ();
+		}
+
+#if NET_4_0
+		protected static string FormatDate (DateTime date)
+		{
+			throw new NotImplementedException ();
+		}
+#endif
+	}
+}

mcs/class/corlib/System.Security.Cryptography.X509Certificates/X509Certificate20.cs

@@ -0,0 +1,306 @@
+//
+// X509Certificate20.cs: Partial class to handle new 2.0-only stuff
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004-2006,2008 Novell, Inc (http://www.novell.com)
+// Copyright 2013 Xamarin Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.IO;
+using System.Runtime.InteropServices;
+using System.Security.Permissions;
+using System.Text;
+
+using Mono.Security;
+using Mono.Security.X509;
+
+using System.Runtime.Serialization;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	[ComVisible (true)]
+	[MonoTODO ("X509ContentType.SerializedCert isn't supported (anywhere in the class)")]
+	public partial class X509Certificate : IDeserializationCallback, ISerializable {
+		private string issuer_name;
+		private string subject_name;
+
+
+		public X509Certificate ()
+		{
+			// this allows an empty certificate to exists
+		}
+
+		public X509Certificate (byte[] rawData, string password)
+		{
+			Import (rawData, password, X509KeyStorageFlags.DefaultKeySet);
+		}
+
+		[MonoTODO ("SecureString support is incomplete")]
+		public X509Certificate (byte[] rawData, SecureString password)
+		{
+			Import (rawData, password, X509KeyStorageFlags.DefaultKeySet);
+		}
+
+		public X509Certificate (byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
+		{
+			Import (rawData, password, keyStorageFlags);
+		}
+
+		[MonoTODO ("SecureString support is incomplete")]
+		public X509Certificate (byte[] rawData, SecureString password, X509KeyStorageFlags keyStorageFlags)
+		{
+			Import (rawData, password, keyStorageFlags);
+		}
+
+		public X509Certificate (string fileName)
+		{
+			Import (fileName, (string)null, X509KeyStorageFlags.DefaultKeySet);
+		}
+
+		public X509Certificate (string fileName, string password)
+		{
+			Import (fileName, password, X509KeyStorageFlags.DefaultKeySet);
+		}
+
+		[MonoTODO ("SecureString support is incomplete")]
+		public X509Certificate (string fileName, SecureString password)
+		{
+			Import (fileName, password, X509KeyStorageFlags.DefaultKeySet);
+		}
+
+		public X509Certificate (string fileName, string password, X509KeyStorageFlags keyStorageFlags)
+		{
+			Import (fileName, password, keyStorageFlags);
+		}
+
+		[MonoTODO ("SecureString support is incomplete")]
+		public X509Certificate (string fileName, SecureString password, X509KeyStorageFlags keyStorageFlags)
+		{
+			Import (fileName, password, keyStorageFlags);
+		}
+
+		public X509Certificate (SerializationInfo info, StreamingContext context)
+		{
+			byte[] raw = (byte[]) info.GetValue ("RawData", typeof (byte[]));
+			Import (raw, (string)null, X509KeyStorageFlags.DefaultKeySet);
+		}
+
+
+		public string Issuer {
+			get {
+				if (x509 == null)
+					throw new CryptographicException (Locale.GetText ("Certificate instance is empty."));
+
+				if (issuer_name == null)
+					issuer_name = X501.ToString (x509.GetIssuerName (), true, ", ", true);
+				return issuer_name;
+			}
+		}
+
+		public string Subject {
+			get {
+				if (x509 == null)
+					throw new CryptographicException (Locale.GetText ("Certificate instance is empty."));
+
+				if (subject_name == null)
+					subject_name = X501.ToString (x509.GetSubjectName (), true, ", ", true);
+				return subject_name;
+			}
+		}
+
+		[ComVisible (false)]
+		public IntPtr Handle {
+			get { return IntPtr.Zero; }
+		}
+
+
+		[ComVisible (false)]
+		public override bool Equals (object obj) 
+		{
+			X509Certificate x = (obj as X509Certificate);
+			if (x != null)
+				return this.Equals (x);
+			return false;
+		}
+
+		[MonoTODO ("X509ContentType.Pfx/Pkcs12 and SerializedCert are not supported")]
+		[ComVisible (false)]
+		public virtual byte[] Export (X509ContentType contentType)
+		{
+			return Export (contentType, (byte[])null);
+		}
+
+		[MonoTODO ("X509ContentType.Pfx/Pkcs12 and SerializedCert are not supported")]
+		[ComVisible (false)]
+		public virtual byte[] Export (X509ContentType contentType, string password)
+		{
+			byte[] pwd = (password == null) ? null : Encoding.UTF8.GetBytes (password);
+			return Export (contentType, pwd);
+		}
+
+		[MonoTODO ("X509ContentType.Pfx/Pkcs12 and SerializedCert are not supported. SecureString support is incomplete.")]
+		public virtual byte[] Export (X509ContentType contentType, SecureString password)
+		{
+			byte[] pwd = (password == null) ? null : password.GetBuffer ();
+			return Export (contentType, pwd);
+		}
+
+		internal byte[] Export (X509ContentType contentType, byte[] password)
+		{
+			if (x509 == null)
+				throw new CryptographicException (Locale.GetText ("Certificate instance is empty."));
+
+			try {
+				switch (contentType) {
+				case X509ContentType.Cert:
+					return x509.RawData;
+				case X509ContentType.Pfx: // this includes Pkcs12
+					// TODO
+					throw new NotSupportedException ();
+				case X509ContentType.SerializedCert:
+					// TODO
+					throw new NotSupportedException ();
+				default:
+					string msg = Locale.GetText ("This certificate format '{0}' cannot be exported.", contentType);
+					throw new CryptographicException (msg);
+				}
+			}
+			finally {
+				// protect password
+				if (password != null)
+					Array.Clear (password, 0, password.Length);
+			}
+		}
+
+		[ComVisible (false)]
+		public virtual void Import (byte[] rawData)
+		{
+			Import (rawData, (string)null, X509KeyStorageFlags.DefaultKeySet);
+		}
+
+		private Mono.Security.X509.X509Certificate ImportPkcs12 (byte[] rawData, string password)
+		{
+			var pfx = (password == null) ? new Mono.Security.X509.PKCS12 (rawData) : new Mono.Security.X509.PKCS12 (rawData, password);
+			if (pfx.Certificates.Count == 0) {
+				// no certificate was found
+				return null;
+			} else if (pfx.Keys.Count == 0) {
+				// no key were found - pick the first certificate
+				return pfx.Certificates [0];
+			} else {
+				// find the certificate that match the first key
+				var keypair = (pfx.Keys [0] as AsymmetricAlgorithm);
+				string pubkey = keypair.ToXmlString (false);
+				foreach (var c in pfx.Certificates) {
+					if ((c.RSA != null) && (pubkey == c.RSA.ToXmlString (false)))
+						return c;
+					if ((c.DSA != null) && (pubkey == c.DSA.ToXmlString (false)))
+						return c;
+				}
+				return pfx.Certificates [0]; // no match, pick first certificate without keys
+			}
+		}
+
+		[MonoTODO ("missing KeyStorageFlags support")]
+		[ComVisible (false)]
+		public virtual void Import (byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
+		{
+			Reset ();
+			if (password == null) {
+				try {
+					x509 = new Mono.Security.X509.X509Certificate (rawData);
+				}
+				catch (Exception e) {
+					try {
+						x509 = ImportPkcs12 (rawData, null);
+					}
+					catch {
+						string msg = Locale.GetText ("Unable to decode certificate.");
+						// inner exception is the original (not second) exception
+						throw new CryptographicException (msg, e);
+					}
+				}
+			} else {
+				// try PKCS#12
+				try {
+					x509 = ImportPkcs12 (rawData, password);
+				}
+				catch {
+					// it's possible to supply a (unrequired/unusued) password
+					// fix bug #79028
+					x509 = new Mono.Security.X509.X509Certificate (rawData);
+				}
+			}
+		}
+
+		[MonoTODO ("SecureString support is incomplete")]
+		public virtual void Import (byte[] rawData, SecureString password, X509KeyStorageFlags keyStorageFlags)
+		{
+			Import (rawData, (string)null, keyStorageFlags);
+		}
+
+		[ComVisible (false)]
+		public virtual void Import (string fileName)
+		{
+			byte[] rawData = File.ReadAllBytes (fileName);
+			Import (rawData, (string)null, X509KeyStorageFlags.DefaultKeySet);
+		}
+
+		[MonoTODO ("missing KeyStorageFlags support")]
+		[ComVisible (false)]
+		public virtual void Import (string fileName, string password, X509KeyStorageFlags keyStorageFlags)
+		{
+			byte[] rawData = File.ReadAllBytes (fileName);
+			Import (rawData, password, keyStorageFlags);
+		}
+
+		[MonoTODO ("SecureString support is incomplete, missing KeyStorageFlags support")]
+		public virtual void Import (string fileName, SecureString password, X509KeyStorageFlags keyStorageFlags)
+		{
+			byte[] rawData = File.ReadAllBytes (fileName);
+			Import (rawData, (string)null, keyStorageFlags);
+		}
+
+		void IDeserializationCallback.OnDeserialization (object sender)
+		{
+		}
+
+		void ISerializable.GetObjectData (SerializationInfo info, StreamingContext context)
+		{
+			// will throw a NRE if info is null (just like MS implementation)
+			info.AddValue ("RawData", x509.RawData);
+		}
+
+		[ComVisible (false)]
+		public virtual void Reset ()
+		{
+			x509 = null;
+			issuer_name = null;
+			subject_name = null;
+			hideDates = false;
+			cachedCertificateHash = null;
+		}
+	}
+}

mcs/class/corlib/System.Security.Cryptography.X509Certificates/X509ContentType.cs

@@ -0,0 +1,48 @@
+//
+// System.Security.Cryptography.X509Certificates.X509ContentType.cs
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.Runtime.InteropServices;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+// Note: Definitions are useful for 1.0 and 1.1 so we declare them internal
+
+	[ComVisible (true)]
+	public
+	enum X509ContentType {
+		Unknown,
+		Cert,
+		// not supported by Silverlight 2.0 (NET_2_1)
+		SerializedCert,
+		Pfx,
+		SerializedStore,
+		Pkcs7,
+		Authenticode,
+		Pkcs12 = Pfx
+	}
+}

mcs/class/corlib/System.Security.Cryptography.X509Certificates/X509KeyStorageFlags.cs

@@ -0,0 +1,46 @@
+//
+// System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.cs
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.Runtime.InteropServices;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	[Flags]
+	[Serializable]
+	[ComVisible (true)]
+	public enum X509KeyStorageFlags	{
+		DefaultKeySet = 0,
+		// not supported by Silverlight 2.0 (NET_2_1)
+		UserKeySet = 1,
+		MachineKeySet = 2,
+		Exportable = 4,
+		UserProtected = 8,
+		PersistKeySet = 16 
+	}
+}
+