Imported Upstream version 4.4.0.122

Former-commit-id: a99f46acaeba3ab496c7afc02c29b839e30a0d0b

mcs/class/System/Assembly/AssemblyInfo.cs

@@ -83,3 +83,5 @@ using System.Runtime.InteropServices;
 	[assembly: InternalsVisibleTo ("Mono.Security.Providers.NewTls, PublicKey=002400000480000094000000060200000024000052534131000400000100010079159977d2d03a8e6bea7a2e74e8d1afcc93e8851974952bb480a12c9134474d04062447c37e0e68c080536fcf3c3fbe2ff9c979ce998475e506e8ce82dd5b0f350dc10e93bf2eeecf874b24770c5081dbea7447fddafa277b22de47d6ffea449674a4f9fccf84d15069089380284dbdd35f46cdff12a1bd78e4ef0065d016df")]
 	[assembly: InternalsVisibleTo ("Mono.Security.Providers.DotNet, PublicKey=002400000480000094000000060200000024000052534131000400000100010079159977d2d03a8e6bea7a2e74e8d1afcc93e8851974952bb480a12c9134474d04062447c37e0e68c080536fcf3c3fbe2ff9c979ce998475e506e8ce82dd5b0f350dc10e93bf2eeecf874b24770c5081dbea7447fddafa277b22de47d6ffea449674a4f9fccf84d15069089380284dbdd35f46cdff12a1bd78e4ef0065d016df")]
 	[assembly: InternalsVisibleTo ("Mono.Security, PublicKey=002400000480000094000000060200000024000052534131000400000100010079159977d2d03a8e6bea7a2e74e8d1afcc93e8851974952bb480a12c9134474d04062447c37e0e68c080536fcf3c3fbe2ff9c979ce998475e506e8ce82dd5b0f350dc10e93bf2eeecf874b24770c5081dbea7447fddafa277b22de47d6ffea449674a4f9fccf84d15069089380284dbdd35f46cdff12a1bd78e4ef0065d016df")]
+
+	[assembly: InternalsVisibleTo ("Xamarin.BoringTls, PublicKey=002400000480000094000000060200000024000052534131000400001100000099dd12eda85767ae6f06023ee28e711c7e5a212462095c83868c29db75eddf6d8e296e03824c14fedd5f55553fed0b6173be3cc985a4b7f9fb7c83ccff8ba3938563b3d1f45a81122f12a1bcb73edcaad61a8456c7595a6da5184b4dd9d10f011b949ef1391fccfeab1ba62aa51c267ef8bd57ef1b6ba5a4c515d0badb81a78f")]

mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs

@@ -74,7 +74,7 @@ namespace Mono.Net.Security
 {
 	internal delegate bool ServerCertValidationCallbackWrapper (ServerCertValidationCallback callback, X509Certificate certificate, X509Chain chain, MonoSslPolicyErrors sslPolicyErrors);
 
-	internal class ChainValidationHelper : ICertificateValidator
+	internal class ChainValidationHelper : ICertificateValidator2
 	{
 		readonly object sender;
 		readonly MonoTlsSettings settings;
@@ -228,7 +228,7 @@ namespace Mono.Net.Security
 			var certs = new XX509CertificateCollection ();
 			certs.Add (new X509Certificate2 (certificate.GetRawCertData ()));
 
-			var result = ValidateChain (string.Empty, true, certs, (SslPolicyErrors)errors);
+			var result = ValidateChain (string.Empty, true, certificate, null, certs, (SslPolicyErrors)errors);
 			if (result == null)
 				return false;
 
@@ -238,7 +238,12 @@ namespace Mono.Net.Security
 		public ValidationResult ValidateCertificate (string host, bool serverMode, XX509CertificateCollection certs)
 		{
 			try {
-				var result = ValidateChain (host, serverMode, certs, 0);
+				X509Certificate leaf;
+				if (certs != null && certs.Count != 0)
+					leaf = certs [0];
+				else
+					leaf = null;
+				var result = ValidateChain (host, serverMode, leaf, null, certs, 0);
 				if (tlsStream != null)
 					tlsStream.CertificateValidationFailed = result == null || !result.Trusted || result.UserDenied;
 				return result;
@@ -249,7 +254,43 @@ namespace Mono.Net.Security
 			}
 		}
 
-		ValidationResult ValidateChain (string host, bool server, XX509CertificateCollection certs, SslPolicyErrors errors)
+		public ValidationResult ValidateCertificate (string host, bool serverMode, X509Certificate leaf, XX509Chain xchain)
+		{
+			try {
+				var chain = (X509Chain)(object)xchain;
+				var result = ValidateChain (host, serverMode, leaf, chain, null, 0);
+				if (tlsStream != null)
+					tlsStream.CertificateValidationFailed = result == null || !result.Trusted || result.UserDenied;
+				return result;
+			} catch {
+				if (tlsStream != null)
+					tlsStream.CertificateValidationFailed = true;
+				throw;
+			}
+		}
+
+		ValidationResult ValidateChain (string host, bool server, X509Certificate leaf,
+		                                X509Chain chain, XX509CertificateCollection certs,
+		                                SslPolicyErrors errors)
+		{
+			var oldChain = chain;
+			var ownsChain = chain == null;
+			try {
+				var result = ValidateChain (host, server, leaf, ref chain, certs, errors);
+				if (chain != oldChain)
+					ownsChain = true;
+
+				return result;
+			} finally {
+				// If ValidateChain() changed the chain, then we need to free it.
+				if (ownsChain && chain != null)
+					chain.Dispose ();
+			}
+		}
+
+		ValidationResult ValidateChain (string host, bool server, X509Certificate leaf,
+		                                ref X509Chain chain, XX509CertificateCollection certs,
+		                                SslPolicyErrors errors)
 		{
 			// user_denied is true if the user callback is called and returns false
 			bool user_denied = false;
@@ -257,12 +298,6 @@ namespace Mono.Net.Security
 
 			var hasCallback = certValidationCallback != null || callbackWrapper != null;
 
-			X509Certificate leaf;
-			if (certs == null || certs.Count == 0)
-				leaf = null;
-			else
-				leaf = certs [0];
-
 			if (tlsStream != null)
 				request.ServicePoint.UpdateServerCertificate (leaf);
 
@@ -281,7 +316,6 @@ namespace Mono.Net.Security
 			ICertificatePolicy policy = ServicePointManager.GetLegacyCertificatePolicy ();
 
 			int status11 = 0; // Error code passed to the obsolete ICertificatePolicy callback
-			X509Chain chain = null;
 
 			bool wantsChain = SystemCertificateValidator.NeedsChain (settings);
 			if (!wantsChain && hasCallback) {
@@ -289,18 +323,15 @@ namespace Mono.Net.Security
 					wantsChain = true;
 			}
 
-			if (wantsChain)
-				chain = SystemCertificateValidator.CreateX509Chain (certs);
-
-			if (wantsChain || SystemCertificateValidator.NeedsChain (settings))
-				SystemCertificateValidator.BuildX509Chain (certs, chain, ref errors, ref status11);
-
 			bool providerValidated = false;
 			if (provider != null && provider.HasCustomSystemCertificateValidator) {
 				var xerrors = (MonoSslPolicyErrors)errors;
 				var xchain = (XX509Chain)(object)chain;
-				providerValidated = provider.InvokeSystemCertificateValidator (this, host, server, certs, xchain, out result, ref xerrors, ref status11);
+				providerValidated = provider.InvokeSystemCertificateValidator (this, host, server, certs, wantsChain, ref xchain, out result, ref xerrors, ref status11);
+				chain = (X509Chain)(object)xchain;
 				errors = (SslPolicyErrors)xerrors;
+			} else if (wantsChain) {
+				chain = SystemCertificateValidator.CreateX509Chain (certs);
 			}
 
 			if (!providerValidated)

mcs/class/System/Mono.Net.Security/MonoTlsProviderFactory.cs

@@ -69,7 +69,7 @@ namespace Mono.Net.Security
 					return currentProvider;
 
 				try {
-					defaultProvider = CreateDefaultProvider ();
+					defaultProvider = GetDefaultProviderInternal ();
 				} catch (Exception ex) {
 					throw new NotSupportedException ("TLS Support not available.", ex);
 				}
@@ -174,6 +174,8 @@ namespace Mono.Net.Security
 				providerRegistration = new Dictionary<string,string> ();
 				providerRegistration.Add ("newtls", "Mono.Security.Providers.NewTls.NewTlsProvider, Mono.Security.Providers.NewTls, Version=4.0.0.0, Culture=neutral, PublicKeyToken=0738eb9f132ed756");
 				providerRegistration.Add ("oldtls", "Mono.Security.Providers.OldTls.OldTlsProvider, Mono.Security.Providers.OldTls, Version=4.0.0.0, Culture=neutral, PublicKeyToken=0738eb9f132ed756");
+				providerRegistration.Add ("boringtls", "Xamarin.BoringTls.BoringTlsProvider, Xamarin.BoringTls, Version=4.0.0.0, Culture=neutral, PublicKeyToken=672c06b0b8f05406");
+				X509Helper2.Initialize ();
 			}
 		}
 

mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs

@@ -86,13 +86,13 @@ namespace Mono.Net.Security
 			return chain;
 		}
 
-		public static bool BuildX509Chain (XX509CertificateCollection certs, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
+		static bool BuildX509Chain (XX509CertificateCollection certs, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
 		{
 #if MOBILE
-			return true;
+			return false;
 #else
 			if (is_macosx)
-				return true;
+				return false;
 
 			var leaf = (X509Certificate2)certs [0];
 
@@ -121,7 +121,9 @@ namespace Mono.Net.Security
 		static bool CheckUsage (XX509CertificateCollection certs, string host, ref SslPolicyErrors errors, ref int status11)
 		{
 #if !MONOTOUCH
-			var leaf = (X509Certificate2)certs[0];
+			var leaf = certs[0] as X509Certificate2;
+			if (leaf == null)
+				leaf = new X509Certificate2 (certs[0]);
 			// for OSX and iOS we're using the native API to check for the SSL server policy and host names
 			if (!is_macosx) {
 				if (!CheckCertificateUsage (leaf)) {
@@ -130,7 +132,7 @@ namespace Mono.Net.Security
 					return false;
 				}
 
-				if (host != null && !CheckServerIdentity (leaf, host)) {
+				if (!string.IsNullOrEmpty (host) && !CheckServerIdentity (leaf, host)) {
 					errors |= SslPolicyErrors.RemoteCertificateNameMismatch;
 					status11 = -2146762481; // CERT_E_CN_NO_MATCH 0x800B010F
 					return false;
@@ -143,7 +145,7 @@ namespace Mono.Net.Security
 		static bool EvaluateSystem (XX509CertificateCollection certs, XX509CertificateCollection anchors, string host, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
 		{
 			var leaf = certs [0];
-			var result = false;
+			bool result;
 
 #if MONODROID
 			result = AndroidPlatform.TrustEvaluateSsl (certs);
@@ -166,6 +168,8 @@ namespace Mono.Net.Security
 					result = (trustResult == OSX509Certificates.SecTrustResult.Proceed ||
 						trustResult == OSX509Certificates.SecTrustResult.Unspecified);
 				} catch {
+					result = false;
+					errors |= SslPolicyErrors.RemoteCertificateChainErrors;
 					// Ignore
 				}
 
@@ -178,6 +182,8 @@ namespace Mono.Net.Security
 					status11 = (int)trustResult;
 					errors |= SslPolicyErrors.RemoteCertificateChainErrors;
 				}
+			} else {
+				result = BuildX509Chain (certs, chain, ref errors, ref status11);
 			}
 #endif
 
@@ -203,6 +209,8 @@ namespace Mono.Net.Security
 #if MOBILE
 			return false;
 #else
+			if (!is_macosx)
+				return true;
 			if (!CertificateValidationHelper.SupportsX509Chain)
 				return false;
 			if (settings != null)

mcs/class/System/System.Diagnostics/DefaultTraceListener.cs

@@ -255,10 +255,10 @@ namespace System.Diagnostics {
 				WritePrefix ();
 			}
 
-			WriteDebugString (message);
-
 			if (Debugger.IsLogging())
 				Debugger.Log (0, null, message);
+			else
+				WriteDebugString (message);
 
 			WriteLogFile (message, LogFileName);
 		}

mcs/class/System/System.Security.Cryptography.X509Certificates/X500DistinguishedName.cs

@@ -52,6 +52,7 @@ namespace System.Security.Cryptography.X509Certificates {
 			X500DistinguishedNameFlags.UseT61Encoding | X500DistinguishedNameFlags.ForceUTF8Encoding;
 
 		private string name;
+		private byte[] canonEncoding;
 
 
 		public X500DistinguishedName (AsnEncodedData encodedDistinguishedName)
@@ -122,6 +123,20 @@ namespace System.Security.Cryptography.X509Certificates {
 			name = distinguishedName.name;
 		}
 
+		internal X500DistinguishedName (byte[] encoded, byte[] canonEncoding, string name)
+			: this (encoded)
+		{
+			this.canonEncoding = canonEncoding;
+			this.name = name;
+
+			Oid = new Oid ();
+			RawData = encoded;
+		}
+
+		internal byte[] CanonicalEncoding {
+			get { return canonEncoding; }
+		}
+
 
 		public string Name {
 			get { return name; }
@@ -215,6 +230,16 @@ namespace System.Security.Cryptography.X509Certificates {
 			if (name2 == null)
 				return false;
 
+			if (name1.canonEncoding != null && name2.canonEncoding != null) {
+				if (name1.canonEncoding.Length != name2.canonEncoding.Length)
+					return false;
+				for (int i = 0; i < name1.canonEncoding.Length; i++) {
+					if (name1.canonEncoding[i] != name2.canonEncoding[2])
+						return false;
+				}
+				return true;
+			}
+
 			X500DistinguishedNameFlags flags = X500DistinguishedNameFlags.UseNewLines | X500DistinguishedNameFlags.DoNotUseQuotes;
 			string[] split = new string[] { Environment.NewLine };
 			string[] parts1 = name1.Decode (flags).Split (split, StringSplitOptions.RemoveEmptyEntries);

mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2Impl.cs

@@ -0,0 +1,82 @@
+//
+// X509Certificate2Impl.cs
+//
+// Authors:
+//	Martin Baulig  <martin.baulig@xamarin.com>
+//
+// Copyright (C) 2016 Xamarin, Inc. (http://www.xamarin.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+namespace System.Security.Cryptography.X509Certificates
+{
+	internal abstract class X509Certificate2Impl : X509CertificateImpl
+	{
+#if SECURITY_DEP
+
+		public abstract bool Archived {
+			get; set;
+		}
+
+		public abstract X509ExtensionCollection Extensions {
+			get;
+		}
+
+		public abstract bool HasPrivateKey {
+			get;
+		}
+
+		public abstract X500DistinguishedName IssuerName {
+			get;
+		}
+
+		public abstract AsymmetricAlgorithm PrivateKey {
+			get; set;
+		}
+
+		public abstract PublicKey PublicKey {
+			get;
+		}
+
+		public abstract Oid SignatureAlgorithm {
+			get;
+		}
+
+		public abstract X500DistinguishedName SubjectName {
+			get;
+		}
+
+		public abstract int Version {
+			get;
+		}
+
+		public abstract string GetNameInfo (X509NameType nameType, bool forIssuer);
+
+		public abstract void Import (byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags);
+
+		public abstract byte[] Export (X509ContentType contentType, string password);
+
+		public abstract bool Verify (X509Certificate2 thisCertificate);
+
+		public abstract void Reset ();
+
+#endif
+	}
+}

mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainImpl.cs

@@ -0,0 +1,81 @@
+//
+// X509ChainImpl.cs
+//
+// Authors:
+//	Martin Baulig  <martin.baulig@xamarin.com>
+//
+// Copyright (C) 2016 Xamarin, Inc. (http://www.xamarin.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+#if SECURITY_DEP
+
+namespace System.Security.Cryptography.X509Certificates
+{
+	internal abstract class X509ChainImpl : IDisposable
+	{
+		public abstract bool IsValid {
+			get;
+		}
+
+		public abstract IntPtr Handle {
+			get;
+		}
+
+		protected void ThrowIfContextInvalid ()
+		{
+			if (!IsValid)
+				throw X509Helper2.GetInvalidChainContextException ();
+		}
+
+		public abstract X509ChainElementCollection ChainElements {
+			get;
+		}
+
+		public abstract X509ChainPolicy ChainPolicy {
+			get; set;
+		}
+
+		public abstract X509ChainStatus[] ChainStatus {
+			get;
+		}
+
+		public abstract bool Build (X509Certificate2 certificate);
+
+		public abstract void Reset ();
+
+		public void Dispose ()
+		{
+			Dispose (true);
+			GC.SuppressFinalize (this);
+		}
+
+		protected virtual void Dispose (bool disposing)
+		{
+		}
+
+		~X509ChainImpl ()
+		{
+			Dispose (false);
+		}
+	}
+}
+
+#endif

mcs/class/System/System.Security.Cryptography.X509Certificates/X509Helper2.cs

@@ -0,0 +1,119 @@
+//
+// X509Helper2.cs
+//
+// Authors:
+//	Martin Baulig  <martin.baulig@xamarin.com>
+//
+// Copyright (C) 2016 Xamarin, Inc. (http://www.xamarin.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if SECURITY_DEP
+#if MONO_SECURITY_ALIAS
+extern alias MonoSecurity;
+#endif
+#if MONO_X509_ALIAS
+extern alias PrebuiltSystem;
+#endif
+
+#if MONO_SECURITY_ALIAS
+using MonoSecurity::Mono.Security.Interface;
+#else
+using Mono.Security.Interface;
+#endif
+
+namespace System.Security.Cryptography.X509Certificates
+{
+	internal static class X509Helper2
+	{
+		internal static void Initialize ()
+		{
+			X509Helper.InstallNativeHelper (new MyNativeHelper ());
+		}
+
+		internal static void ThrowIfContextInvalid (X509CertificateImpl impl)
+		{
+			X509Helper.ThrowIfContextInvalid (impl);
+		}
+
+		internal static X509Certificate2Impl Import (byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
+		{
+			var provider = MonoTlsProviderFactory.GetProvider ();
+			if (provider.HasNativeCertificates) {
+				var impl = provider.GetNativeCertificate (rawData, password, keyStorageFlags);
+				return (X509Certificate2Impl)(object)impl;
+			} else {
+				var impl = new X509Certificate2ImplMono ();
+				impl.Import (rawData, password, keyStorageFlags);
+				return impl;
+			}
+		}
+
+		internal static X509Certificate2Impl Import (X509Certificate cert)
+		{
+			var provider = MonoTlsProviderFactory.GetProvider ();
+			if (provider.HasNativeCertificates) {
+				var impl = provider.GetNativeCertificate (cert);
+				return (X509Certificate2Impl)(object)impl;
+			}
+			var impl2 = cert.Impl as X509Certificate2Impl;
+			if (impl2 != null)
+				return (X509Certificate2Impl)impl2.Clone ();
+			return Import (cert.GetRawCertData (), null, X509KeyStorageFlags.DefaultKeySet);
+		}
+
+		internal static X509ChainImpl CreateChainImpl (bool useMachineContext)
+		{
+			return new X509ChainImplMono (useMachineContext);
+		}
+
+		public static bool IsValid (X509ChainImpl impl)
+		{
+			return impl != null && impl.IsValid;
+		}
+
+		internal static void ThrowIfContextInvalid (X509ChainImpl impl)
+		{
+			if (!IsValid (impl))
+				throw GetInvalidChainContextException ();
+		}
+
+		internal static Exception GetInvalidChainContextException ()
+		{
+			return new CryptographicException (Locale.GetText ("Chain instance is empty."));
+		}
+
+		class MyNativeHelper : INativeCertificateHelper
+		{
+			public X509CertificateImpl Import (
+				byte[] data, string password, X509KeyStorageFlags flags)
+			{
+				return X509Helper2.Import (data, password, flags);
+			}
+
+			public X509CertificateImpl Import (X509Certificate cert)
+			{
+				return X509Helper2.Import (cert);
+			}
+		}
+	}
+}
+#endif

mcs/class/System/System.dll.sources

@@ -536,11 +536,15 @@ System.Security.Cryptography.X509Certificates/X509BasicConstraintsExtension.cs
 System.Security.Cryptography.X509Certificates/X509Certificate2Collection.cs
 System.Security.Cryptography.X509Certificates/X509Certificate2.cs
 System.Security.Cryptography.X509Certificates/X509Certificate2Enumerator.cs
+System.Security.Cryptography.X509Certificates/X509Certificate2Impl.cs
+System.Security.Cryptography.X509Certificates/X509Certificate2ImplMono.cs
 System.Security.Cryptography.X509Certificates/X509CertificateCollection.cs
 System.Security.Cryptography.X509Certificates/X509Chain.cs
 System.Security.Cryptography.X509Certificates/X509ChainElementCollection.cs
 System.Security.Cryptography.X509Certificates/X509ChainElement.cs
 System.Security.Cryptography.X509Certificates/X509ChainElementEnumerator.cs
+System.Security.Cryptography.X509Certificates/X509ChainImpl.cs
+System.Security.Cryptography.X509Certificates/X509ChainImplMono.cs
 System.Security.Cryptography.X509Certificates/X509ChainPolicy.cs
 System.Security.Cryptography.X509Certificates/X509ChainStatus.cs
 System.Security.Cryptography.X509Certificates/X509ChainStatusFlags.cs
@@ -550,6 +554,7 @@ System.Security.Cryptography.X509Certificates/X509Extension.cs
 System.Security.Cryptography.X509Certificates/X509ExtensionEnumerator.cs
 System.Security.Cryptography.X509Certificates/X509FindType.cs
 System.Security.Cryptography.X509Certificates/X509IncludeOption.cs
+System.Security.Cryptography.X509Certificates/X509Helper2.cs
 System.Security.Cryptography.X509Certificates/X509KeyUsageExtension.cs
 System.Security.Cryptography.X509Certificates/X509KeyUsageFlags.cs
 System.Security.Cryptography.X509Certificates/X509NameType.cs

mcs/class/System/Test/System.Security.Cryptography.X509Certificates/X509Certificate2Test.cs.REMOVED.git-id

@@ -1 +1 @@
-e642d688f3c59c8d62dd075b49ad48e36176f470
+a7e48646d05dcf3b87af070d4ee4cb66ac045634

mcs/class/System/mobile_System.dll.sources

@@ -300,11 +300,15 @@ System.Security.Cryptography.X509Certificates/X509BasicConstraintsExtension.cs
 System.Security.Cryptography.X509Certificates/X509Certificate2.cs
 System.Security.Cryptography.X509Certificates/X509Certificate2Collection.cs
 System.Security.Cryptography.X509Certificates/X509Certificate2Enumerator.cs
+System.Security.Cryptography.X509Certificates/X509Certificate2Impl.cs
+System.Security.Cryptography.X509Certificates/X509Certificate2ImplMono.cs
 System.Security.Cryptography.X509Certificates/X509CertificateCollection.cs
 System.Security.Cryptography.X509Certificates/X509Chain.cs
 System.Security.Cryptography.X509Certificates/X509ChainElement.cs
 System.Security.Cryptography.X509Certificates/X509ChainElementCollection.cs
 System.Security.Cryptography.X509Certificates/X509ChainElementEnumerator.cs
+System.Security.Cryptography.X509Certificates/X509ChainImpl.cs
+System.Security.Cryptography.X509Certificates/X509ChainImplMono.cs
 System.Security.Cryptography.X509Certificates/X509ChainPolicy.cs
 System.Security.Cryptography.X509Certificates/X509ChainStatus.cs
 System.Security.Cryptography.X509Certificates/X509ChainStatusFlags.cs
@@ -314,6 +318,7 @@ System.Security.Cryptography.X509Certificates/X509ExtensionCollection.cs
 System.Security.Cryptography.X509Certificates/X509ExtensionEnumerator.cs
 System.Security.Cryptography.X509Certificates/X509FindType.cs
 System.Security.Cryptography.X509Certificates/X509IncludeOption.cs
+System.Security.Cryptography.X509Certificates/X509Helper2.cs
 System.Security.Cryptography.X509Certificates/X509KeyUsageExtension.cs
 System.Security.Cryptography.X509Certificates/X509KeyUsageFlags.cs
 System.Security.Cryptography.X509Certificates/X509NameType.cs