diff options
Diffstat (limited to 'mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs')
-rw-r--r-- | mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs | 67 |
1 files changed, 39 insertions, 28 deletions
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs index 300e1140e1..4559687a7f 100644 --- a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs +++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs @@ -426,17 +426,34 @@ namespace System.Security.Cryptography.X509Certificates { } } - private void ImportPkcs12 (byte[] rawData, string password) + private MX.X509Certificate ImportPkcs12 (byte[] rawData, string password) { MX.PKCS12 pfx = (password == null) ? new MX.PKCS12 (rawData) : new MX.PKCS12 (rawData, password); - if (pfx.Certificates.Count > 0) { - _cert = pfx.Certificates [0]; + if (pfx.Certificates.Count == 0) { + // no certificate was found + return null; + } else if (pfx.Keys.Count == 0) { + // no key were found - pick the first certificate + return pfx.Certificates [0]; } else { - _cert = null; - } - if (pfx.Keys.Count > 0) { - _cert.RSA = (pfx.Keys [0] as RSA); - _cert.DSA = (pfx.Keys [0] as DSA); + // find the certificate that match the first key + MX.X509Certificate cert = null; + var keypair = (pfx.Keys [0] as AsymmetricAlgorithm); + string pubkey = keypair.ToXmlString (false); + foreach (var c in pfx.Certificates) { + if (((c.RSA != null) && (pubkey == c.RSA.ToXmlString (false))) || + ((c.DSA != null) && (pubkey == c.DSA.ToXmlString (false)))) { + cert = c; + break; + } + } + if (cert == null) { + cert = pfx.Certificates [0]; // no match, pick first certificate without keys + } else { + cert.RSA = (keypair as RSA); + cert.DSA = (keypair as DSA); + } + return cert; } } @@ -448,14 +465,14 @@ namespace System.Security.Cryptography.X509Certificates { [MonoTODO ("missing KeyStorageFlags support")] public override void Import (byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags) { - base.Import (rawData, password, keyStorageFlags); + MX.X509Certificate cert = null; if (password == null) { try { - _cert = new MX.X509Certificate (rawData); + cert = new MX.X509Certificate (rawData); } catch (Exception e) { try { - ImportPkcs12 (rawData, null); + cert = ImportPkcs12 (rawData, null); } catch { string msg = Locale.GetText ("Unable to decode certificate."); @@ -466,14 +483,19 @@ namespace System.Security.Cryptography.X509Certificates { } else { // try PKCS#12 try { - ImportPkcs12 (rawData, password); + cert = ImportPkcs12 (rawData, password); } catch { // it's possible to supply a (unrequired/unusued) password // fix bug #79028 - _cert = new MX.X509Certificate (rawData); + cert = new MX.X509Certificate (rawData); } } + // we do not have to fully re-decode the certificate since X509Certificate does not deal with keys + if (cert != null) { + base.Import (cert.RawData, (string) null, keyStorageFlags); + _cert = cert; // becuase base call will call Reset! + } } [MonoTODO ("SecureString is incomplete")] @@ -484,35 +506,24 @@ namespace System.Security.Cryptography.X509Certificates { public override void Import (string fileName) { - byte[] rawData = Load (fileName); + byte[] rawData = File.ReadAllBytes (fileName); Import (rawData, (string)null, X509KeyStorageFlags.DefaultKeySet); } [MonoTODO ("missing KeyStorageFlags support")] public override void Import (string fileName, string password, X509KeyStorageFlags keyStorageFlags) { - byte[] rawData = Load (fileName); + byte[] rawData = File.ReadAllBytes (fileName); Import (rawData, password, keyStorageFlags); } [MonoTODO ("SecureString is incomplete")] public override void Import (string fileName, SecureString password, X509KeyStorageFlags keyStorageFlags) { - byte[] rawData = Load (fileName); + byte[] rawData = File.ReadAllBytes (fileName); Import (rawData, (string)null, keyStorageFlags); } - private static byte[] Load (string fileName) - { - byte[] data = null; - using (FileStream fs = File.OpenRead (fileName)) { - data = new byte [fs.Length]; - fs.Read (data, 0, data.Length); - fs.Close (); - } - return data; - } - public override void Reset () { _cert = null; @@ -654,7 +665,7 @@ namespace System.Security.Cryptography.X509Certificates { if (fileName.Length == 0) throw new ArgumentException ("fileName"); - byte[] data = Load (fileName); + byte[] data = File.ReadAllBytes (fileName); return GetCertContentType (data); } |