Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[corlib]: Cleanup X509Certificate implementation and sync it with CoreFx. #9650

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
akoeplinger merged 3 commits into from
Jul 26, 2018
Merged

[corlib]: Cleanup X509Certificate implementation and sync it with CoreFx. #9650

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c7e77a0
[corlib]: Cleanup `X509Certificate` implementation and sync it with C…
Jul 19, 2018
51f30b1
Bump API snapshot submodule
monojenkins Jul 26, 2018
ea24255
[csproj] Update project files
monojenkins Jul 26, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion external/api-snapshot
Open in desktop
Submodule api-snapshot updated 3 files
+10 −21 profiles/monodroid/mscorlib.cs
+10 −21 profiles/monotouch/mscorlib.cs
+10 −21 profiles/net_4_x/mscorlib.cs
5 changes: 4 additions & 1 deletion mcs/class/Mono.Btls.Interface/Mono.Btls.Interface/BtlsX509.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,10 @@ public byte[] GetPublicKeyData ()

public byte[] GetSerialNumber (bool mono_style)
{
return Instance.GetSerialNumber (mono_style);
var serial = Instance.GetSerialNumber (mono_style);
if (mono_style)
Array.Reverse (serial);
return serial;
Copy link
Contributor

@filipnavara filipnavara Jul 25, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does mono_style mean? I was under the impression that it means "little endian", but then I don't understand why it would be both passed to the underlying implementation and then Array.Reversed.

Copy link
Contributor Author

@baulig baulig Jul 25, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MonoBtlsX509.GetSerialNumber(false) returns the raw data as they're stored in the certificate.

MonoBtlsX509.GetSerialNumber(true) returns it in the format expected by CoreFX's PAL - which is big-endian plus padding. This is not a direct reverse of the first and we have a test somewhere which exposes the difference.

The Array.Reverse() here in Mono.Btls.Interface (which is used by the web-tests) was added because the internal implementation (in MonoBtlsX509) switched from returning little-ending to big-ending (to match CoreFX PAL) - to avoid regressing the web-tests with a behavior change in the "semi-public" Mono.Btls.Interface code.

Copy link
Contributor Author

@baulig baulig Jul 25, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could also rename mono_style into dotnet_style as it is now the same. However, I will reserve such cosmetic changes for a future PR as I would like to land this as soon as Jenkins is done building.

}

public int GetVersion ()
Expand Down
2 changes: 1 addition & 1 deletion mcs/class/System/Mono.AppleTls/MonoCertificatePal.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ public static SafeSecCertificateHandle FromOtherCertificate (X509CertificateImpl
if (handle != IntPtr.Zero)
return new SafeSecCertificateHandle (handle, false);

using (var data = CFData.FromData (impl.GetRawCertData ())) {
using (var data = CFData.FromData (impl.RawData)) {
handle = SecCertificateCreateWithData (IntPtr.Zero, data.Handle);
if (handle == IntPtr.Zero)
throw new ArgumentException ("Not a valid DER-encoded X.509 certificate");
Expand Down
106 changes: 33 additions & 73 deletions mcs/class/System/Mono.AppleTls/X509CertificateImplApple.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,17 +57,18 @@ public override X509CertificateImpl Clone ()
[DllImport (CFHelpers.SecurityLibrary)]
extern static IntPtr SecCertificateCopyData (IntPtr cert);

public override byte[] GetRawCertData ()
{
ThrowIfContextInvalid ();
var data = SecCertificateCopyData (handle);
if (data == IntPtr.Zero)
throw new ArgumentException ("Not a valid certificate");

try {
return CFHelpers.FetchDataBuffer (data);
} finally {
CFHelpers.CFRelease (data);
public override byte[] RawData {
get {
ThrowIfContextInvalid ();
var data = SecCertificateCopyData (handle);
if (data == IntPtr.Zero)
throw new ArgumentException ("Not a valid certificate");

try {
return CFHelpers.FetchDataBuffer (data);
} finally {
CFHelpers.CFRelease (data);
}
}
}

Expand All @@ -80,12 +81,13 @@ public string GetSubjectSummary ()
return ret;
}

protected override byte[] GetCertHash (bool lazy)
{
// FIXME: might just return 'null' when 'lazy' is true.
ThrowIfContextInvalid ();
SHA1 sha = SHA1.Create ();
return sha.ComputeHash (GetRawCertData ());
public override byte[] Thumbprint {
get {
// FIXME: might just return 'null' when 'lazy' is true.
ThrowIfContextInvalid ();
SHA1 sha = SHA1.Create ();
return sha.ComputeHash (RawData);
}
}

public override bool Equals (X509CertificateImpl other, out bool result)
Expand All @@ -105,7 +107,7 @@ void MustFallback ()
ThrowIfContextInvalid ();
if (fallback != null)
return;
var mxCert = new MX.X509Certificate (GetRawCertData ());
var mxCert = new MX.X509Certificate (RawData);
fallback = new X509Certificate2ImplMono (mxCert);
}

Expand All @@ -116,53 +118,33 @@ public X509CertificateImpl FallbackImpl {
}
}

public override string GetSubjectName (bool legacyV1Mode)
{
return FallbackImpl.GetSubjectName (legacyV1Mode);
}
public override string Subject => FallbackImpl.Subject;

public override string GetIssuerName (bool legacyV1Mode)
{
return FallbackImpl.GetIssuerName (legacyV1Mode);
}
public override string Issuer => FallbackImpl.Issuer;

public override DateTime GetValidFrom ()
{
return FallbackImpl.GetValidFrom ();
}
public override string LegacySubject => FallbackImpl.LegacySubject;

public override DateTime GetValidUntil ()
{
return FallbackImpl.GetValidUntil ();
}
public override string LegacyIssuer => FallbackImpl.LegacyIssuer;

public override string GetKeyAlgorithm ()
{
return FallbackImpl.GetKeyAlgorithm ();
}
public override DateTime NotAfter => FallbackImpl.NotAfter;

public override byte[] GetKeyAlgorithmParameters ()
{
return FallbackImpl.GetKeyAlgorithmParameters ();
}
public override DateTime NotBefore => FallbackImpl.NotBefore;

public override byte[] GetPublicKey ()
{
return FallbackImpl.GetPublicKey ();
}
public override string KeyAlgorithm => FallbackImpl.KeyAlgorithm;

public override byte[] GetSerialNumber ()
{
return FallbackImpl.GetSerialNumber ();
}
public override byte[] KeyAlgorithmParameters => FallbackImpl.KeyAlgorithmParameters;

public override byte[] PublicKeyValue => FallbackImpl.PublicKeyValue;

public override byte[] SerialNumber => FallbackImpl.SerialNumber;

public override byte[] Export (X509ContentType contentType, SafePasswordHandle password)
{
ThrowIfContextInvalid ();

switch (contentType) {
case X509ContentType.Cert:
return GetRawCertData ();
return RawData;
case X509ContentType.Pfx: // this includes Pkcs12
// TODO
throw new NotSupportedException ();
Expand All @@ -175,28 +157,6 @@ public override byte[] Export (X509ContentType contentType, SafePasswordHandle p
}
}

public override string ToString (bool full)
{
ThrowIfContextInvalid ();

if (!full || fallback == null) {
var summary = GetSubjectSummary ();
return string.Format ("[X509Certificate: {0}]", summary);
}

string nl = Environment.NewLine;
StringBuilder sb = new StringBuilder ();
sb.AppendFormat ("[Subject]{0} {1}{0}{0}", nl, GetSubjectName (false));

sb.AppendFormat ("[Issuer]{0} {1}{0}{0}", nl, GetIssuerName (false));
sb.AppendFormat ("[Not Before]{0} {1}{0}{0}", nl, GetValidFrom ().ToLocalTime ());
sb.AppendFormat ("[Not After]{0} {1}{0}{0}", nl, GetValidUntil ().ToLocalTime ());
sb.AppendFormat ("[Thumbprint]{0} {1}{0}", nl, X509Helper.ToHexString (GetCertHash ()));

sb.Append (nl);
return sb.ToString ();
}

protected override void Dispose (bool disposing)
{
if (handle != IntPtr.Zero){
Expand Down
88 changes: 18 additions & 70 deletions mcs/class/System/Mono.Btls/X509CertificateImplBtls.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,84 +135,32 @@ public override bool Equals (X509CertificateImpl other, out bool result)
return true;
}

protected override byte[] GetCertHash (bool lazy)
{
return X509.GetCertHash ();
}
public override byte[] Thumbprint => X509.GetCertHash ();

public override byte[] GetRawCertData ()
{
return X509.GetRawData (MonoBtlsX509Format.DER);
}
public override byte[] RawData => X509.GetRawData (MonoBtlsX509Format.DER);

public override string GetSubjectName (bool legacyV1Mode)
{
if (legacyV1Mode)
return SubjectName.Decode (X500DistinguishedNameFlags.None);
return SubjectName.Name;
}
public override string Subject => SubjectName.Name;

public override string GetIssuerName (bool legacyV1Mode)
{
if (legacyV1Mode)
return IssuerName.Decode (X500DistinguishedNameFlags.None);
return IssuerName.Name;
}
public override string Issuer => IssuerName.Name;

public override DateTime GetValidFrom ()
{
return X509.GetNotBefore ().ToLocalTime ();
}
public override string LegacySubject => SubjectName.Decode (X500DistinguishedNameFlags.None);

public override DateTime GetValidUntil ()
{
return X509.GetNotAfter ().ToLocalTime ();
}
public override string LegacyIssuer => IssuerName.Decode (X500DistinguishedNameFlags.None);

public override byte[] GetPublicKey ()
{
return X509.GetPublicKeyData ();
}
public override DateTime NotBefore => X509.GetNotBefore ().ToLocalTime ();

public override byte[] GetSerialNumber ()
{
return X509.GetSerialNumber (true);
}
public override DateTime NotAfter => X509.GetNotAfter ().ToLocalTime ();

public override string GetKeyAlgorithm ()
{
return PublicKey.Oid.Value;
}
public override byte[] PublicKeyValue => X509.GetPublicKeyData ();

public override byte[] GetKeyAlgorithmParameters ()
{
return PublicKey.EncodedParameters.RawData;
}
public override byte[] SerialNumber => X509.GetSerialNumber (true);

internal override X509CertificateImplCollection IntermediateCertificates {
get { return intermediateCerts; }
}
public override string KeyAlgorithm => PublicKey.Oid.Value;

public override string ToString (bool full)
{
ThrowIfContextInvalid ();

if (!full) {
var summary = GetSubjectName (false);
return string.Format ("[X509Certificate: {0}]", summary);
}

string nl = Environment.NewLine;
StringBuilder sb = new StringBuilder ();
sb.AppendFormat ("[Subject]{0} {1}{0}{0}", nl, GetSubjectName (false));
public override byte[] KeyAlgorithmParameters => PublicKey.EncodedParameters.RawData;

sb.AppendFormat ("[Issuer]{0} {1}{0}{0}", nl, GetIssuerName (false));
sb.AppendFormat ("[Not Before]{0} {1}{0}{0}", nl, GetValidFrom ().ToLocalTime ());
sb.AppendFormat ("[Not After]{0} {1}{0}{0}", nl, GetValidUntil ().ToLocalTime ());
sb.AppendFormat ("[Thumbprint]{0} {1}{0}", nl, X509Helper.ToHexString (GetCertHash ()));

sb.Append (nl);
return sb.ToString ();
internal override X509CertificateImplCollection IntermediateCertificates {
get { return intermediateCerts; }
}

protected override void Dispose (bool disposing)
Expand All @@ -234,7 +182,7 @@ void MustFallback ()
if (fallback != null)
return;
fallback = SystemDependencyProvider.Instance.CertificateProvider.Import (
GetRawCertData (), null, X509KeyStorageFlags.DefaultKeySet,
RawData, null, X509KeyStorageFlags.DefaultKeySet,
CertificateImportFlags.DisableNativeBackend);
}

Expand Down Expand Up @@ -421,7 +369,7 @@ public override byte[] Export (X509ContentType contentType, SafePasswordHandle p

switch (contentType) {
case X509ContentType.Cert:
return GetRawCertData ();
return RawData;
case X509ContentType.Pfx: // this includes Pkcs12
return ExportPkcs12 (password);
case X509ContentType.SerializedCert:
Expand Down Expand Up @@ -451,10 +399,10 @@ byte[] ExportPkcs12 (string password)
attrs.Add (MX.PKCS9.localKeyId, localKeyId);
if (password != null)
pfx.Password = password;
pfx.AddCertificate (new MX.X509Certificate (GetRawCertData ()), attrs);
pfx.AddCertificate (new MX.X509Certificate (RawData), attrs);
if (IntermediateCertificates != null) {
for (int i = 0; i < IntermediateCertificates.Count; i++)
pfx.AddCertificate (new MX.X509Certificate (IntermediateCertificates [i].GetRawCertData ()));
pfx.AddCertificate (new MX.X509Certificate (IntermediateCertificates [i].RawData));
}
var privateKey = PrivateKey;
if (privateKey != null)
Expand Down
8 changes: 4 additions & 4 deletions mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,11 +148,11 @@ public X509ExtensionCollection Extensions {

public string FriendlyName {
get {
ThrowIfContextInvalid ();
ThrowIfInvalid ();
return friendlyName;
}
set {
ThrowIfContextInvalid ();
ThrowIfInvalid ();
friendlyName = value;
}
}
Expand All @@ -166,11 +166,11 @@ public X500DistinguishedName IssuerName {
}

public DateTime NotAfter {
get { return Impl.GetValidUntil ().ToLocalTime (); }
get { return Impl.NotAfter.ToLocalTime (); }
}

public DateTime NotBefore {
get { return Impl.GetValidFrom ().ToLocalTime (); }
get { return Impl.NotBefore.ToLocalTime (); }
}

public AsymmetricAlgorithm PrivateKey {
Expand Down
Loading