summaryrefslogtreecommitdiff
path: root/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs
diff options
context:
space:
mode:
Diffstat (limited to 'mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs')
-rw-r--r--mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs67
1 files changed, 39 insertions, 28 deletions
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs
index 300e1140e1..4559687a7f 100644
--- a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs
@@ -426,17 +426,34 @@ namespace System.Security.Cryptography.X509Certificates {
}
}
- private void ImportPkcs12 (byte[] rawData, string password)
+ private MX.X509Certificate ImportPkcs12 (byte[] rawData, string password)
{
MX.PKCS12 pfx = (password == null) ? new MX.PKCS12 (rawData) : new MX.PKCS12 (rawData, password);
- if (pfx.Certificates.Count > 0) {
- _cert = pfx.Certificates [0];
+ if (pfx.Certificates.Count == 0) {
+ // no certificate was found
+ return null;
+ } else if (pfx.Keys.Count == 0) {
+ // no key were found - pick the first certificate
+ return pfx.Certificates [0];
} else {
- _cert = null;
- }
- if (pfx.Keys.Count > 0) {
- _cert.RSA = (pfx.Keys [0] as RSA);
- _cert.DSA = (pfx.Keys [0] as DSA);
+ // find the certificate that match the first key
+ MX.X509Certificate cert = null;
+ var keypair = (pfx.Keys [0] as AsymmetricAlgorithm);
+ string pubkey = keypair.ToXmlString (false);
+ foreach (var c in pfx.Certificates) {
+ if (((c.RSA != null) && (pubkey == c.RSA.ToXmlString (false))) ||
+ ((c.DSA != null) && (pubkey == c.DSA.ToXmlString (false)))) {
+ cert = c;
+ break;
+ }
+ }
+ if (cert == null) {
+ cert = pfx.Certificates [0]; // no match, pick first certificate without keys
+ } else {
+ cert.RSA = (keypair as RSA);
+ cert.DSA = (keypair as DSA);
+ }
+ return cert;
}
}
@@ -448,14 +465,14 @@ namespace System.Security.Cryptography.X509Certificates {
[MonoTODO ("missing KeyStorageFlags support")]
public override void Import (byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
{
- base.Import (rawData, password, keyStorageFlags);
+ MX.X509Certificate cert = null;
if (password == null) {
try {
- _cert = new MX.X509Certificate (rawData);
+ cert = new MX.X509Certificate (rawData);
}
catch (Exception e) {
try {
- ImportPkcs12 (rawData, null);
+ cert = ImportPkcs12 (rawData, null);
}
catch {
string msg = Locale.GetText ("Unable to decode certificate.");
@@ -466,14 +483,19 @@ namespace System.Security.Cryptography.X509Certificates {
} else {
// try PKCS#12
try {
- ImportPkcs12 (rawData, password);
+ cert = ImportPkcs12 (rawData, password);
}
catch {
// it's possible to supply a (unrequired/unusued) password
// fix bug #79028
- _cert = new MX.X509Certificate (rawData);
+ cert = new MX.X509Certificate (rawData);
}
}
+ // we do not have to fully re-decode the certificate since X509Certificate does not deal with keys
+ if (cert != null) {
+ base.Import (cert.RawData, (string) null, keyStorageFlags);
+ _cert = cert; // becuase base call will call Reset!
+ }
}
[MonoTODO ("SecureString is incomplete")]
@@ -484,35 +506,24 @@ namespace System.Security.Cryptography.X509Certificates {
public override void Import (string fileName)
{
- byte[] rawData = Load (fileName);
+ byte[] rawData = File.ReadAllBytes (fileName);
Import (rawData, (string)null, X509KeyStorageFlags.DefaultKeySet);
}
[MonoTODO ("missing KeyStorageFlags support")]
public override void Import (string fileName, string password, X509KeyStorageFlags keyStorageFlags)
{
- byte[] rawData = Load (fileName);
+ byte[] rawData = File.ReadAllBytes (fileName);
Import (rawData, password, keyStorageFlags);
}
[MonoTODO ("SecureString is incomplete")]
public override void Import (string fileName, SecureString password, X509KeyStorageFlags keyStorageFlags)
{
- byte[] rawData = Load (fileName);
+ byte[] rawData = File.ReadAllBytes (fileName);
Import (rawData, (string)null, keyStorageFlags);
}
- private static byte[] Load (string fileName)
- {
- byte[] data = null;
- using (FileStream fs = File.OpenRead (fileName)) {
- data = new byte [fs.Length];
- fs.Read (data, 0, data.Length);
- fs.Close ();
- }
- return data;
- }
-
public override void Reset ()
{
_cert = null;
@@ -654,7 +665,7 @@ namespace System.Security.Cryptography.X509Certificates {
if (fileName.Length == 0)
throw new ArgumentException ("fileName");
- byte[] data = Load (fileName);
+ byte[] data = File.ReadAllBytes (fileName);
return GetCertContentType (data);
}