|
private DuplicateHandles ( ) : |
||
| return | ||
public void Remove(ICertificatePal certPal)
{
OpenSslX509CertificateReader cert = (OpenSslX509CertificateReader)certPal;
using (X509Certificate2 copy = new X509Certificate2(cert.DuplicateHandles()))
{
string currentFilename;
do
{
bool hadCandidates;
currentFilename = FindExistingFilename(copy, _storePath, out hadCandidates);
if (currentFilename != null)
{
if (_readOnly)
{
// Windows compatibility, the readonly check isn't done until after a match is found.
throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly);
}
File.Delete(currentFilename);
}
} while (currentFilename != null);
}
}
public static ICertificatePal FromOtherCert(X509Certificate cert)
{
Debug.Assert(cert.Pal != null);
// Ensure private key is copied
OpenSslX509CertificateReader certPal = (OpenSslX509CertificateReader)cert.Pal;
return(certPal.DuplicateHandles());
}
private void FindCore(Predicate <X509Certificate2> predicate)
{
foreach (X509Certificate2 cert in _findFrom)
{
if (predicate(cert))
{
if (!_validOnly || IsCertValid(cert))
{
OpenSslX509CertificateReader certPal = (OpenSslX509CertificateReader)cert.Pal;
_copyTo.Add(new X509Certificate2(certPal.DuplicateHandles()));
}
}
}
}
public void Add(ICertificatePal certPal)
{
if (_readOnly)
{
// Windows compatibility: Remove only throws when it needs to do work, add throws always.
throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly);
}
// This may well be the first time that we've added something to this store.
Directory.CreateDirectory(_storePath);
uint userId = Interop.Sys.GetEUid();
EnsureDirectoryPermissions(_storePath, userId);
OpenSslX509CertificateReader cert = (OpenSslX509CertificateReader)certPal;
using (X509Certificate2 copy = new X509Certificate2(cert.DuplicateHandles()))
{
string thumbprint = copy.Thumbprint;
bool findOpenSlot;
// The odds are low that we'd have a thumbprint collision, but check anyways.
string existingFilename = FindExistingFilename(copy, _storePath, out findOpenSlot);
if (existingFilename != null)
{
if (!copy.HasPrivateKey)
{
return;
}
try
{
using (X509Certificate2 fromFile = new X509Certificate2(existingFilename))
{
if (fromFile.HasPrivateKey)
{
// We have a private key, the file has a private key, we're done here.
return;
}
}
}
catch (CryptographicException)
{
// We can't read this file anymore, but a moment ago it was this certificate,
// so go ahead and overwrite it.
}
}
string destinationFilename;
FileMode mode = FileMode.CreateNew;
if (existingFilename != null)
{
destinationFilename = existingFilename;
mode = FileMode.Create;
}
else if (findOpenSlot)
{
destinationFilename = FindOpenSlot(thumbprint);
}
else
{
destinationFilename = Path.Combine(_storePath, thumbprint + PfxExtension);
}
using (FileStream stream = new FileStream(destinationFilename, mode))
{
EnsureFilePermissions(stream, userId);
byte[] pkcs12 = copy.Export(X509ContentType.Pkcs12);
stream.Write(pkcs12, 0, pkcs12.Length);
}
}
}
protected override X509Certificate2 CloneCertificate(X509Certificate2 cert)
{
OpenSslX509CertificateReader certPal = (OpenSslX509CertificateReader)cert.Pal;
return(new X509Certificate2(certPal.DuplicateHandles()));
}
public void Add(ICertificatePal certPal)
{
if (_readOnly)
{
// Windows compatibility: Remove only throws when it needs to do work, add throws always.
throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly);
}
// Save the collection to a local so it's consistent for the whole method
List <X509Certificate2> certificates = _certificates;
OpenSslX509CertificateReader cert = (OpenSslX509CertificateReader)certPal;
using (X509Certificate2 copy = new X509Certificate2(cert.DuplicateHandles()))
{
// certificates will be null if anything has changed since the last call to
// get_Certificates; including Add being called without get_Certificates being
// called at all.
if (certificates != null)
{
foreach (X509Certificate2 inCollection in certificates)
{
if (inCollection.Equals(copy))
{
if (!copy.HasPrivateKey || inCollection.HasPrivateKey)
{
// If the existing store only knows about a public key, but we're
// adding a public+private pair, continue with the add.
//
// So, therefore, if we aren't adding a private key, or already have one,
// we don't need to do anything.
return;
}
}
}
}
// This may well be the first time that we've added something to this store.
Directory.CreateDirectory(_storePath);
uint userId = Interop.Sys.GetEUid();
EnsureDirectoryPermissions(_storePath, userId);
string thumbprint = copy.Thumbprint;
bool findOpenSlot;
// The odds are low that we'd have a thumbprint collision, but check anyways.
string existingFilename = FindExistingFilename(copy, _storePath, out findOpenSlot);
if (existingFilename != null)
{
bool dataExistsAlready = false;
// If the file on disk is just a public key, but we're trying to add a private key,
// we'll want to overwrite it.
if (copy.HasPrivateKey)
{
try
{
using (X509Certificate2 fromFile = new X509Certificate2(existingFilename))
{
if (fromFile.HasPrivateKey)
{
// We have a private key, the file has a private key, we're done here.
dataExistsAlready = true;
}
}
}
catch (CryptographicException)
{
// We can't read this file anymore, but a moment ago it was this certificate,
// so go ahead and overwrite it.
}
}
else
{
// If we're just a public key then the file has at least as much data as we do.
dataExistsAlready = true;
}
if (dataExistsAlready)
{
// The file was added but our collection hasn't resynced yet.
// Set _certificates to null to force a resync.
_certificates = null;
return;
}
}
string destinationFilename;
FileMode mode = FileMode.CreateNew;
if (existingFilename != null)
{
destinationFilename = existingFilename;
mode = FileMode.Create;
}
else if (findOpenSlot)
{
destinationFilename = FindOpenSlot(thumbprint);
}
else
{
destinationFilename = Path.Combine(_storePath, thumbprint + PfxExtension);
}
using (FileStream stream = new FileStream(destinationFilename, mode))
{
EnsureFilePermissions(stream, userId);
byte[] pkcs12 = copy.Export(X509ContentType.Pkcs12);
stream.Write(pkcs12, 0, pkcs12.Length);
}
}
// Null out _certificates so the next call to get_Certificates causes a re-scan.
_certificates = null;
}
