mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux-packaging-mono/mcs/class/System/Mono.Btls/X509CertificateImplBtls.cs
Xamarin Public Jenkins (auto-signing) 0510252385 Imported Upstream version 5.20.0.180 
Former-commit-id: ff953ca879339fe1e1211f7220f563e1342e66cb
2019-02-04 20:11:37 +00:00

454 lines
13 KiB
C#
Raw Blame History

//
// X509CertificateImplBtls.cs
//
// Author:
// Martin Baulig <martin.baulig@xamarin.com>
//
// Copyright (c) 2016 Xamarin Inc. (http://www.xamarin.com)
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
#if MONO_FEATURE_BTLS
#if MONO_SECURITY_ALIAS
extern alias MonoSecurity;
#endif
#if MONO_SECURITY_ALIAS
using MX = MonoSecurity::Mono.Security.X509;
using MonoSecurity::Mono.Security.Cryptography;
#else
using MX = Mono.Security.X509;
using Mono.Security.Cryptography;
#endif
using System;
using System.Text;
using System.Collections;
using System.Security;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Runtime.InteropServices;
using Microsoft.Win32.SafeHandles;
namespace Mono.Btls
{
class X509CertificateImplBtls : X509Certificate2Impl
{
MonoBtlsX509 x509;
MonoBtlsKey nativePrivateKey;
X500DistinguishedName subjectName;
X500DistinguishedName issuerName;
X509CertificateImplCollection intermediateCerts;
PublicKey publicKey;
bool archived;
bool disallowFallback;
internal X509CertificateImplBtls (bool disallowFallback = false)
{
this.disallowFallback = disallowFallback;
}
internal X509CertificateImplBtls (MonoBtlsX509 x509, bool disallowFallback = false)
{
this.disallowFallback = disallowFallback;
this.x509 = x509.Copy ();
}
X509CertificateImplBtls (X509CertificateImplBtls other)
{
disallowFallback = other.disallowFallback;
x509 = other.x509 != null ? other.x509.Copy () : null;
nativePrivateKey = other.nativePrivateKey != null ? other.nativePrivateKey.Copy () : null;
fallback = other.fallback != null ? (X509Certificate2Impl)other.fallback.Clone () : null;
if (other.intermediateCerts != null)
intermediateCerts = other.intermediateCerts.Clone ();
}
internal X509CertificateImplBtls (byte[] data, MonoBtlsX509Format format, bool disallowFallback = false)
{
this.disallowFallback = disallowFallback;
x509 = MonoBtlsX509.LoadFromData (data, format);
}
public override bool IsValid {
get { return x509 != null && x509.IsValid; }
}
public override IntPtr Handle {
get { return x509.Handle.DangerousGetHandle (); }
}
public override IntPtr GetNativeAppleCertificate ()
{
return IntPtr.Zero;
}
internal MonoBtlsX509 X509 {
get {
ThrowIfContextInvalid ();
return x509;
}
}
internal MonoBtlsKey NativePrivateKey {
get {
ThrowIfContextInvalid ();
if (nativePrivateKey == null && FallbackImpl.HasPrivateKey) {
var key = FallbackImpl.PrivateKey as RSA;
if (key == null)
throw new NotSupportedException ("Currently only supports RSA private keys.");
nativePrivateKey = MonoBtlsKey.CreateFromRSAPrivateKey (key);
}
return nativePrivateKey;
}
}
public override X509CertificateImpl Clone ()
{
ThrowIfContextInvalid ();
return new X509CertificateImplBtls (this);
}
public override bool Equals (X509CertificateImpl other, out bool result)
{
var otherBoringImpl = other as X509CertificateImplBtls;
if (otherBoringImpl == null) {
result = false;
return false;
}
result = MonoBtlsX509.Compare (X509, otherBoringImpl.X509) == 0;
return true;
}
public override byte[] Thumbprint => X509.GetCertHash ();
public override byte[] RawData => X509.GetRawData (MonoBtlsX509Format.DER);
public override string Subject => SubjectName.Name;
public override string Issuer => IssuerName.Name;
public override string LegacySubject => SubjectName.Decode (X500DistinguishedNameFlags.None);
public override string LegacyIssuer => IssuerName.Decode (X500DistinguishedNameFlags.None);
public override DateTime NotBefore => X509.GetNotBefore ().ToLocalTime ();
public override DateTime NotAfter => X509.GetNotAfter ().ToLocalTime ();
public override byte[] PublicKeyValue => X509.GetPublicKeyData ();
public override byte[] SerialNumber => X509.GetSerialNumber (true);
public override string KeyAlgorithm => PublicKey.Oid.Value;
public override byte[] KeyAlgorithmParameters => PublicKey.EncodedParameters.RawData;
internal override X509CertificateImplCollection IntermediateCertificates {
get { return intermediateCerts; }
}
protected override void Dispose (bool disposing)
{
if (x509 != null) {
x509.Dispose ();
x509 = null;
}
}
#region X509Certificate2Impl
X509Certificate2Impl fallback;
void MustFallback ()
{
if (disallowFallback)
throw new InvalidOperationException ();
if (fallback != null)
return;
fallback = SystemDependencyProvider.Instance.CertificateProvider.Import (
RawData, null, X509KeyStorageFlags.DefaultKeySet,
CertificateImportFlags.DisableNativeBackend);
}
internal override X509Certificate2Impl FallbackImpl {
get {
MustFallback ();
return fallback;
}
}
[MonoTODO]
public override bool Archived {
get {
ThrowIfContextInvalid ();
return archived;
}
set {
ThrowIfContextInvalid ();
archived = value;
}
}
public override X509ExtensionCollection Extensions {
get { return FallbackImpl.Extensions; }
}
public override bool HasPrivateKey {
get { return nativePrivateKey != null || FallbackImpl.HasPrivateKey; }
}
public override X500DistinguishedName IssuerName {
get {
ThrowIfContextInvalid ();
if (issuerName == null) {
using (var xname = x509.GetIssuerName ()) {
var encoding = xname.GetRawData (false);
var canonEncoding = xname.GetRawData (true);
var name = MonoBtlsUtils.FormatName (xname, true, ", ", true);
issuerName = new X500DistinguishedName (encoding, canonEncoding, name);
}
}
return issuerName;
}
}
public override AsymmetricAlgorithm PrivateKey {
get {
if (nativePrivateKey == null || !nativePrivateKey.IsRsa)
return FallbackImpl.PrivateKey;
var bytes = nativePrivateKey.GetBytes (true);
return PKCS8.PrivateKeyInfo.DecodeRSA (bytes);
}
set {
if (nativePrivateKey != null)
nativePrivateKey.Dispose ();
nativePrivateKey = null;
FallbackImpl.PrivateKey = value;
}
}
public override PublicKey PublicKey {
get {
ThrowIfContextInvalid ();
if (publicKey == null) {
var keyAsn = X509.GetPublicKeyAsn1 ();
var keyParamAsn = X509.GetPublicKeyParameters ();
publicKey = new PublicKey (keyAsn.Oid, keyParamAsn, keyAsn);
}
return publicKey;
}
}
public override Oid SignatureAlgorithm {
get {
ThrowIfContextInvalid ();
return X509.GetSignatureAlgorithm ();
}
}
public override X500DistinguishedName SubjectName {
get {
ThrowIfContextInvalid ();
if (subjectName == null) {
using (var xname = x509.GetSubjectName ()) {
var encoding = xname.GetRawData (false);
var canonEncoding = xname.GetRawData (true);
var name = MonoBtlsUtils.FormatName (xname, true, ", ", true);
subjectName = new X500DistinguishedName (encoding, canonEncoding, name);
}
}
return subjectName;
}
}
public override int Version {
get { return X509.GetVersion (); }
}
public override string GetNameInfo (X509NameType nameType, bool forIssuer)
{
return FallbackImpl.GetNameInfo (nameType, forIssuer);
}
public override void Import (byte[] data, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
{
Reset ();
if (password == null || password.IsInvalid) {
try {
Import (data);
} catch (Exception e) {
try {
ImportPkcs12 (data, null);
} catch {
string msg = Locale.GetText ("Unable to decode certificate.");
// inner exception is the original (not second) exception
throw new CryptographicException (msg, e);
}
}
} else {
// try PKCS#12
try {
ImportPkcs12 (data, password);
} catch (Exception e) {
try {
// it's possible to supply a (unrequired/unusued) password
// fix bug #79028
Import (data);
} catch {
string msg = Locale.GetText ("Unable to decode certificate.");
// inner exception is the original (not second) exception
throw new CryptographicException (msg, e);
}
}
}
}
void Import (byte[] data)
{
if (data != null) {
// Does it look like PEM?
if ((data.Length > 0) && (data [0] != 0x30))
x509 = MonoBtlsX509.LoadFromData (data, MonoBtlsX509Format.PEM);
else
x509 = MonoBtlsX509.LoadFromData (data, MonoBtlsX509Format.DER);
}
}
void ImportPkcs12 (byte[] data, SafePasswordHandle password)
{
using (var pkcs12 = new MonoBtlsPkcs12 ()) {
if (password == null || password.IsInvalid) {
try {
// Support both unencrypted PKCS#12..
pkcs12.Import (data, null);
} catch {
// ..and PKCS#12 encrypted with an empty password
using (var empty = new SafePasswordHandle (string.Empty))
pkcs12.Import (data, empty);
}
} else {
pkcs12.Import (data, password);
}
x509 = pkcs12.GetCertificate (0);
if (pkcs12.HasPrivateKey)
nativePrivateKey = pkcs12.GetPrivateKey ();
if (pkcs12.Count > 1) {
intermediateCerts = new X509CertificateImplCollection ();
for (int i = 0; i < pkcs12.Count; i++) {
using (var ic = pkcs12.GetCertificate (i)) {
if (MonoBtlsX509.Compare (ic, x509) == 0)
continue;
var impl = new X509CertificateImplBtls (ic, true);
intermediateCerts.Add (impl, true);
}
}
}
}
}
public override byte[] Export (X509ContentType contentType, SafePasswordHandle password)
{
ThrowIfContextInvalid ();
switch (contentType) {
case X509ContentType.Cert:
return RawData;
case X509ContentType.Pfx: // this includes Pkcs12
return ExportPkcs12 (password);
case X509ContentType.SerializedCert:
// TODO
throw new NotSupportedException ();
default:
string msg = Locale.GetText ("This certificate format '{0}' cannot be exported.", contentType);
throw new CryptographicException (msg);
}
}
byte[] ExportPkcs12 (SafePasswordHandle password)
{
if (password == null || password.IsInvalid)
return ExportPkcs12 ((string)null);
var passwordString = password.Mono_DangerousGetString ();
return ExportPkcs12 (passwordString);
}
byte[] ExportPkcs12 (string password)
{
var pfx = new MX.PKCS12 ();
try {
var attrs = new Hashtable ();
var localKeyId = new ArrayList ();
localKeyId.Add (new byte[] { 1, 0, 0, 0 });
attrs.Add (MX.PKCS9.localKeyId, localKeyId);
if (password != null)
pfx.Password = password;
pfx.AddCertificate (new MX.X509Certificate (RawData), attrs);
if (IntermediateCertificates != null) {
for (int i = 0; i < IntermediateCertificates.Count; i++)
pfx.AddCertificate (new MX.X509Certificate (IntermediateCertificates [i].RawData));
}
var privateKey = PrivateKey;
if (privateKey != null)
pfx.AddPkcs8ShroudedKeyBag (privateKey, attrs);
return pfx.GetBytes ();
} finally {
pfx.Password = null;
}
}
public override bool Verify (X509Certificate2 thisCertificate)
{
using (var chain = new MonoBtlsX509Chain ()) {
chain.AddCertificate (x509.Copy ());
if (intermediateCerts != null) {
for (int i = 0; i < intermediateCerts.Count; i++) {
var intermediate = (X509CertificateImplBtls)intermediateCerts [i];
chain.AddCertificate (intermediate.x509.Copy ());
}
}
return MonoBtlsProvider.ValidateCertificate (chain, null);
}
}
public override void Reset ()
{
if (x509 != null) {
x509.Dispose ();
x509 = null;
}
if (nativePrivateKey != null) {
nativePrivateKey.Dispose ();
nativePrivateKey = null;
}
subjectName = null;
issuerName = null;
archived = false;
publicKey = null;
intermediateCerts = null;
if (fallback != null)
fallback.Reset ();
}
#endregion
}
}
#endif
Reference in New Issue View Git Blame Copy Permalink