Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Use SafePasswordHandle in the internal certificate APIs. #9651

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
marek-safar merged 5 commits into from
Jul 23, 2018
Merged

Use SafePasswordHandle in the internal certificate APIs. #9651

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
49a385f
Use `SafePasswordHandle` in the internal certificate APIs.
Jul 19, 2018
fca8e66
Add `SafePasswordHandle.Mono_DangerousGetString()` and use .sources t…
Jul 20, 2018
5ce105b
Merge remote-tracking branch 'upstream/master' into work-yellow
monojenkins Jul 23, 2018
3cd60c9
Bump API snapshot submodule
monojenkins Jul 23, 2018
800bce1
[csproj] Update project files
monojenkins Jul 23, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion external/api-snapshot
Open in desktop
Submodule api-snapshot updated 3 files
+0 −1 profiles/monodroid/System.cs
+0 −1 profiles/monotouch/System.cs
+0 −1 profiles/net_4_x/System.cs
3 changes: 2 additions & 1 deletion mcs/class/System/Mono.AppleTls/X509CertificateImplApple.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using Microsoft.Win32.SafeHandles;
using XamMac.CoreFoundation;

namespace Mono.AppleTls
Expand Down Expand Up @@ -155,7 +156,7 @@ public override byte[] GetSerialNumber ()
return FallbackImpl.GetSerialNumber ();
}

public override byte[] Export (X509ContentType contentType, byte[] password)
public override byte[] Export (X509ContentType contentType, SafePasswordHandle password)
{
ThrowIfContextInvalid ();

Expand Down
3 changes: 2 additions & 1 deletion mcs/class/System/Mono.AppleTls/X509PalImpl.Apple.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using Microsoft.Win32.SafeHandles;
using XamMac.CoreFoundation;

namespace Mono.AppleTls
Expand All @@ -45,7 +46,7 @@ public override X509CertificateImpl Import (byte[] data)
}

public override X509Certificate2Impl Import (
byte[] data, string password, X509KeyStorageFlags keyStorageFlags)
byte[] data, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
{
return null;
}
Expand Down
11 changes: 7 additions & 4 deletions mcs/class/System/Mono.Btls/MonoBtlsContext.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
using System.Security.Cryptography.X509Certificates;
using System.Security.Authentication;
using System.Runtime.InteropServices;
using Microsoft.Win32.SafeHandles;

#if MONO_SECURITY_ALIAS
using MonoSecurity::Mono.Security.Interface;
Expand Down Expand Up @@ -76,11 +77,13 @@ static X509CertificateImplBtls GetPrivateCertificate (X509Certificate certificat
return (X509CertificateImplBtls)impl.Clone ();

var password = Guid.NewGuid ().ToString ();
var buffer = certificate.Export (X509ContentType.Pfx, password);
using (var handle = new SafePasswordHandle (password)) {
var buffer = certificate.Export (X509ContentType.Pfx, password);

impl = new X509CertificateImplBtls ();
impl.Import (buffer, password, X509KeyStorageFlags.DefaultKeySet);
return impl;
impl = new X509CertificateImplBtls ();
impl.Import (buffer, handle, X509KeyStorageFlags.DefaultKeySet);
return impl;
}
}

new public MonoBtlsProvider Provider {
Expand Down
17 changes: 5 additions & 12 deletions mcs/class/System/Mono.Btls/MonoBtlsPkcs12.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
using System.Security.Cryptography.X509Certificates;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using Microsoft.Win32.SafeHandles;

namespace Mono.Btls
{
Expand Down Expand Up @@ -68,7 +69,7 @@ protected override bool ReleaseHandle ()
extern static int mono_btls_pkcs12_add_cert (IntPtr chain, IntPtr x509);

[DllImport (BTLS_DYLIB)]
extern unsafe static int mono_btls_pkcs12_import (IntPtr chain, void* data, int len, IntPtr password);
extern unsafe static int mono_btls_pkcs12_import (IntPtr chain, void* data, int len, SafePasswordHandle password);

[DllImport (BTLS_DYLIB)]
extern static int mono_btls_pkcs12_has_private_key (IntPtr pkcs12);
Expand Down Expand Up @@ -108,20 +109,12 @@ public void AddCertificate (MonoBtlsX509 x509)
x509.Handle.DangerousGetHandle ());
}

public unsafe void Import (byte[] buffer, string password)
public unsafe void Import (byte[] buffer, SafePasswordHandle password)
{
var passptr = IntPtr.Zero;
fixed (void* ptr = buffer)
try {
if (password != null)
passptr = Marshal.StringToHGlobalAnsi (password);
fixed (void* ptr = buffer) {
var ret = mono_btls_pkcs12_import (
Handle.DangerousGetHandle (), ptr,
buffer.Length, passptr);
Handle.DangerousGetHandle (), ptr, buffer.Length, password);
CheckError (ret);
} finally {
if (passptr != IntPtr.Zero)
Marshal.FreeHGlobal (passptr);
}
}

Expand Down
19 changes: 14 additions & 5 deletions mcs/class/System/Mono.Btls/MonoBtlsProvider.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Security.Authentication;
using Microsoft.Win32.SafeHandles;

#if MONO_SECURITY_ALIAS
using MonoSecurity::Mono.Security.Interface;
Expand Down Expand Up @@ -105,9 +106,8 @@ internal override bool HasNativeCertificates {
internal override X509Certificate2Impl GetNativeCertificate (
byte[] data, string password, X509KeyStorageFlags flags)
{
var impl = new X509CertificateImplBtls (false);
impl.Import (data, password, flags);
return impl;
using (var handle = new SafePasswordHandle (password))
return GetNativeCertificate (data, handle, flags);
}

internal override X509Certificate2Impl GetNativeCertificate (
Expand All @@ -121,6 +121,14 @@ internal override X509Certificate2Impl GetNativeCertificate (
return new X509CertificateImplBtls (data, MonoBtlsX509Format.DER, false);
}

internal X509Certificate2Impl GetNativeCertificate (
byte[] data, SafePasswordHandle password, X509KeyStorageFlags flags)
{
var impl = new X509CertificateImplBtls (false);
impl.Import (data, password, flags);
return impl;
}

internal static MonoBtlsX509VerifyParam GetVerifyParam (MonoTlsSettings settings, string targetHost, bool serverMode)
{
MonoBtlsX509VerifyParam param;
Expand Down Expand Up @@ -336,8 +344,9 @@ public static X509Certificate2 CreateCertificate2 (byte[] data, MonoBtlsX509Form

public static X509Certificate2 CreateCertificate2 (byte[] data, string password, bool disallowFallback = false)
{
using (var impl = new X509CertificateImplBtls (disallowFallback)) {
impl.Import (data, password, X509KeyStorageFlags.DefaultKeySet);
using (var impl = new X509CertificateImplBtls (disallowFallback))
using (var handle = new SafePasswordHandle (password)) {
impl.Import (data, handle, X509KeyStorageFlags.DefaultKeySet);
return new X509Certificate2 (impl);
}
}
Expand Down
44 changes: 18 additions & 26 deletions mcs/class/System/Mono.Btls/X509CertificateImplBtls.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
#if SECURITY_DEP && MONO_FEATURE_BTLS
#if MONO_FEATURE_BTLS
#if MONO_SECURITY_ALIAS
extern alias MonoSecurity;
#endif
Expand All @@ -40,7 +40,9 @@
using System.Security;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Runtime.InteropServices;
using Mono.Security.Cryptography;
using Microsoft.Win32.SafeHandles;

namespace Mono.Btls
{
Expand Down Expand Up @@ -187,25 +189,6 @@ public override byte[] GetKeyAlgorithmParameters ()
return PublicKey.EncodedParameters.RawData;
}

public override byte[] Export (X509ContentType contentType, byte[] password)
{
ThrowIfContextInvalid ();

switch (contentType) {
case X509ContentType.Cert:
return GetRawCertData ();
case X509ContentType.Pfx: // this includes Pkcs12
// TODO
throw new NotSupportedException ();
case X509ContentType.SerializedCert:
// TODO
throw new NotSupportedException ();
default:
string msg = Locale.GetText ("This certificate format '{0}' cannot be exported.", contentType);
throw new CryptographicException (msg);
}
}

internal override X509CertificateImplCollection IntermediateCertificates {
get { return intermediateCerts; }
}
Expand Down Expand Up @@ -355,10 +338,10 @@ public override string GetNameInfo (X509NameType nameType, bool forIssuer)
return FallbackImpl.GetNameInfo (nameType, forIssuer);
}

public override void Import (byte[] data, string password, X509KeyStorageFlags keyStorageFlags)
public override void Import (byte[] data, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
{
Reset ();
if (password == null) {
if (password == null || password.IsInvalid) {
try {
Import (data);
} catch (Exception e) {
Expand Down Expand Up @@ -399,16 +382,17 @@ void Import (byte[] data)
}
}

void ImportPkcs12 (byte[] data, string password)
void ImportPkcs12 (byte[] data, SafePasswordHandle password)
{
using (var pkcs12 = new MonoBtlsPkcs12 ()) {
if (string.IsNullOrEmpty (password)) {
if (password == null || password.IsInvalid) {
try {
// Support both unencrypted PKCS#12..
pkcs12.Import (data, null);
} catch {
// ..and PKCS#12 encrypted with an empty password
pkcs12.Import (data, string.Empty);
using (var empty = new SafePasswordHandle (string.Empty))
pkcs12.Import (data, empty);
}
} else {
pkcs12.Import (data, password);
Expand All @@ -431,7 +415,7 @@ void ImportPkcs12 (byte[] data, string password)
}
}

public override byte[] Export (X509ContentType contentType, string password)
public override byte[] Export (X509ContentType contentType, SafePasswordHandle password)
{
ThrowIfContextInvalid ();

Expand All @@ -449,6 +433,14 @@ public override byte[] Export (X509ContentType contentType, string password)
}
}

byte[] ExportPkcs12 (SafePasswordHandle password)
{
if (password == null || password.IsInvalid)
return ExportPkcs12 ((string)null);
var passwordString = password.Mono_DangerousGetString ();
return ExportPkcs12 (passwordString);
}

byte[] ExportPkcs12 (string password)
{
var pfx = new MX.PKCS12 ();
Expand Down
7 changes: 4 additions & 3 deletions mcs/class/System/Mono.Btls/X509PalImpl.Btls.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,17 +39,18 @@
using System.Text;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using Microsoft.Win32.SafeHandles;

namespace Mono.Btls
{
class X509PalImplBtls : X509PalImpl
{
public X509PalImplBtls (MonoTlsProvider provider)
{
Provider = provider;
Provider = (MonoBtlsProvider)provider;
}

MonoTlsProvider Provider {
MonoBtlsProvider Provider {
get;
}

Expand All @@ -59,7 +60,7 @@ public override X509CertificateImpl Import (byte[] data)
}

public override X509Certificate2Impl Import (
byte[] data, string password, X509KeyStorageFlags keyStorageFlags)
byte[] data, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
{
return Provider.GetNativeCertificate (data, password, keyStorageFlags);
}
Expand Down
5 changes: 3 additions & 2 deletions mcs/class/System/Mono/SystemCertificateProvider.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
using System.Threading;
using System.Threading.Tasks;
using System.Security.Cryptography.X509Certificates;
using Microsoft.Win32.SafeHandles;

namespace Mono
{
Expand Down Expand Up @@ -118,14 +119,14 @@ public X509CertificateImpl Import (
}

X509CertificateImpl ISystemCertificateProvider.Import (
byte[] data, string password, X509KeyStorageFlags keyStorageFlags,
byte[] data, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags,
CertificateImportFlags importFlags)
{
return Import (data, password, keyStorageFlags, importFlags);
}

public X509Certificate2Impl Import (
byte[] data, string password, X509KeyStorageFlags keyStorageFlags,
byte[] data, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags,
CertificateImportFlags importFlags = CertificateImportFlags.None)
{
if (data == null || data.Length == 0)
Expand Down
3 changes: 2 additions & 1 deletion mcs/class/System/Mono/X509PalImpl.Mono.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
// THE SOFTWARE.
using System;
using System.Security.Cryptography.X509Certificates;
using Microsoft.Win32.SafeHandles;

namespace Mono
{
Expand All @@ -36,7 +37,7 @@ public override X509CertificateImpl Import (byte[] data)
}

public override X509Certificate2Impl Import (
byte[] data, string password, X509KeyStorageFlags keyStorageFlags)
byte[] data, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
{
return ImportFallback (data, password, keyStorageFlags);
}
Expand Down
8 changes: 5 additions & 3 deletions mcs/class/System/Mono/X509PalImpl.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
using System.Text;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using Microsoft.Win32.SafeHandles;

namespace Mono
{
Expand All @@ -36,7 +37,7 @@ abstract class X509PalImpl
public abstract X509CertificateImpl Import (byte[] data);

public abstract X509Certificate2Impl Import (
byte[] data, string password, X509KeyStorageFlags keyStorageFlags);
byte[] data, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags);

public abstract X509Certificate2Impl Import (X509Certificate cert);

Expand Down Expand Up @@ -72,11 +73,12 @@ internal X509Certificate2Impl ImportFallback (byte[] data)
data = ConvertData (data);

var impl = new X509Certificate2ImplMono ();
impl.Import (data, null, X509KeyStorageFlags.DefaultKeySet);
using (var handle = new SafePasswordHandle ((string)null))
impl.Import (data, handle, X509KeyStorageFlags.DefaultKeySet);
return impl;
}

internal X509Certificate2Impl ImportFallback (byte[] data, string password, X509KeyStorageFlags keyStorageFlags)
internal X509Certificate2Impl ImportFallback (byte[] data, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
{
var impl = new X509Certificate2ImplMono ();
impl.Import (data, password, keyStorageFlags);
Expand Down
Loading