mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Imported Upstream version 4.3.2.467

Browse Source 
Former-commit-id: 9c2cb47f45fa221e661ab616387c9cda183f283d
This commit is contained in:
Xamarin Public Jenkins
2016-02-22 11:00:01 -05:00
parent f302175246
commit f3e3aab35a
4097 changed files with 122406 additions and 82300 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
external/referencesource/System.IdentityModel/System/IdentityModel/Claims/X509CertificateClaimSet.cs vendored
View File

@@ -172,9 +172,24 @@ namespace System.IdentityModel.Claims
if (!string.IsNullOrEmpty(value))
claims.Add(Claim.CreateX500DistinguishedNameClaim(this.certificate.SubjectName));
value = this.certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(value))
claims.Add(Claim.CreateDnsClaim(value));
// App context switch for disabling support for multiple dns entries in a SAN certificate
if (LocalAppContextSwitches.DisableMultipleDNSEntriesInSANCertificate)
{
// old behavior, default for <= 4.6
value = this.certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(value))
claims.Add(Claim.CreateDnsClaim(value));
}
else
{
// new behavior as this is the default long term behavior
// Since a SAN can have multiple DNS entries
string[] entries = GetDnsFromExtensions(this.certificate);
for (int i = 0; i < entries.Length; ++i)
{
claims.Add(Claim.CreateDnsClaim(entries[i]));
}
}
value = this.certificate.GetNameInfo(X509NameType.SimpleName, false);
if (!string.IsNullOrEmpty(value))
@@ -243,10 +258,24 @@ namespace System.IdentityModel.Claims
{
if (right == null || Rights.PossessProperty.Equals(right))
{
string value = this.certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(value))
// App context switch for disabling support for multiple dns entries in a SAN certificate
if (LocalAppContextSwitches.DisableMultipleDNSEntriesInSANCertificate)
{
yield return Claim.CreateDnsClaim(value);
// old behavior, default for <= 4.6
string value = this.certificate.GetNameInfo(X509NameType.DnsName, false);
if (!string.IsNullOrEmpty(value))
{
yield return Claim.CreateDnsClaim(value);
}
}
else
{
// new behavior since this is the default long term behavior
string[] entries = GetDnsFromExtensions(certificate);
for (int i = 0; i < entries.Length; ++i)
{
yield return Claim.CreateDnsClaim(entries[i]);
}
}
}
}
@@ -270,6 +299,33 @@ namespace System.IdentityModel.Claims
}
}
// Fixing Bug 795660: SAN having multiple DNS entries
private static string[] GetDnsFromExtensions(X509Certificate2 cert)
{
foreach (X509Extension ext in cert.Extensions)
{
// Extension is SAN or SAN2
if (ext.Oid.Value == "2.5.29.7" || ext.Oid.Value == "2.5.29.17")
{
string asnString = ext.Format(true);
if (string.IsNullOrEmpty(asnString))
{
return new string[0];
}
string[] rawDnsEntries = asnString.Split(new string[1] { "\n" }, StringSplitOptions.RemoveEmptyEntries);
string[] dnsEntries = new string[rawDnsEntries.Length];
for (int i = 0; i < rawDnsEntries.Length; ++i)
{
int equalSignIndex = rawDnsEntries[i].IndexOf('=');
dnsEntries[i] = rawDnsEntries[i].Substring(equalSignIndex + 1).Trim();
}
return dnsEntries;
}
}
return new string[0];
}
public override IEnumerator<Claim> GetEnumerator()
{
ThrowIfDisposed();
@@ -347,7 +403,7 @@ namespace System.IdentityModel.Claims
{
ThrowIfDisposed();
if (this.name == null)
{
{
//
// DCR 48092: PrincipalPermission authorization using certificates could cause Elevation of Privilege.
// because there could be duplicate subject name. In order to be more unique, we use SubjectName + Thumbprint

2
external/referencesource/System.IdentityModel/System/IdentityModel/IdentityModelStrings.cs vendored
View File

@@ -9,4 +9,4 @@ namespace System.IdentityModel
public abstract int Count { get; }
public abstract string this[int index] { get; }
}
}
}

52
external/referencesource/System.IdentityModel/System/IdentityModel/LocalAppContextSwitches.cs vendored Normal file
View File

@@ -0,0 +1,52 @@
//------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//------------------------------------------------------------
namespace System.IdentityModel
{
using System;
using System.Runtime.CompilerServices;
// When adding a quirk, name it such that false is new behavior and true is old behavior.
// You are opting IN to old behavior. The new behavior is default.
// For example, we want to enable the functionality to explicitly add a connection close header
// in 4.6 and above. So we set DisableExplicitConnectionCloseHeader to true if running 4.5.2 or less.
internal static class LocalAppContextSwitches
{
private const string EnableCachedEmptyDefaultAuthorizationContextString = "Switch.System.IdentityModel.EnableCachedEmptyDefaultAuthorizationContext";
private const string DisableMultipleDNSEntriesInSANCertificateString = "Switch.System.IdentityModel.DisableMultipleDNSEntriesInSANCertificate";
private static int enableCachedEmptyDefaultAuthorizationContext;
private static int disableMultipleDNSEntriesInSANCertificate;
public static bool EnableCachedEmptyDefaultAuthorizationContext
{
[MethodImpl(MethodImplOptions.AggressiveInlining)]
get
{
return LocalAppContext.GetCachedSwitchValue(EnableCachedEmptyDefaultAuthorizationContextString, ref enableCachedEmptyDefaultAuthorizationContext);
}
}
public static bool DisableMultipleDNSEntriesInSANCertificate
{
[MethodImpl(MethodImplOptions.AggressiveInlining)]
get
{
return LocalAppContext.GetCachedSwitchValue(DisableMultipleDNSEntriesInSANCertificateString, ref disableMultipleDNSEntriesInSANCertificate);
}
}
public static void SetDefaultsLessOrEqual_452()
{
// Define the switches that should be true for 4.5.2 or less, false for 4.6+.
LocalAppContext.DefineSwitchDefault(EnableCachedEmptyDefaultAuthorizationContextString, true);
}
public static void SetDefaultsLessOrEqual_46()
{
// Define the switches that should be true for 4.6 or less, false for 4.6.1+.
LocalAppContext.DefineSwitchDefault(DisableMultipleDNSEntriesInSANCertificateString, true);
}
}
}

17
external/referencesource/System.IdentityModel/System/IdentityModel/Policy/DefaultAuthorizationContext.cs vendored
View File

@@ -27,19 +27,26 @@ namespace System.IdentityModel.Policy
{
get
{
if (empty == null)
empty = new DefaultAuthorizationContext(new DefaultEvaluationContext());
return empty;
if (LocalAppContextSwitches.EnableCachedEmptyDefaultAuthorizationContext)
{
if (empty == null)
empty = new DefaultAuthorizationContext(new DefaultEvaluationContext());
return empty;
}
else
{
return new DefaultAuthorizationContext(new DefaultEvaluationContext());
}
}
}
public override string Id
{
get
get
{
if (this.id == null)
this.id = SecurityUniqueId.Create();
return this.id.Value;
return this.id.Value;
}
}

7
external/referencesource/System.IdentityModel/System/IdentityModel/SignedXml.cs vendored
View File

@@ -155,6 +155,11 @@ namespace System.IdentityModel
this.Signature.SignedInfo.EnsureDigestValidity(id, resolvedXmlSource);
}
public bool EnsureDigestValidityIfIdMatches(string id, object resolvedXmlSource)
{
return this.Signature.SignedInfo.EnsureDigestValidityIfIdMatches(id, resolvedXmlSource);
}
public byte[] GetSignatureValue()
{
return this.Signature.GetSignatureBytes();
@@ -1226,7 +1231,7 @@ namespace System.IdentityModel
{
this.transformChain.ReadFrom(reader, transformFactory, dictionaryManager, ShouldPreserveComments(this.Uri));
}
this.digestMethodElement.ReadFrom(reader, dictionaryManager);
this.digestValueElement.ReadFrom(reader, dictionaryManager);