private DuplicateHandles ( ) : |
||
return |
public void Remove(ICertificatePal certPal) { OpenSslX509CertificateReader cert = (OpenSslX509CertificateReader)certPal; using (X509Certificate2 copy = new X509Certificate2(cert.DuplicateHandles())) { string currentFilename; do { bool hadCandidates; currentFilename = FindExistingFilename(copy, _storePath, out hadCandidates); if (currentFilename != null) { if (_readOnly) { // Windows compatibility, the readonly check isn't done until after a match is found. throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly); } File.Delete(currentFilename); } } while (currentFilename != null); } }
public static ICertificatePal FromOtherCert(X509Certificate cert) { Debug.Assert(cert.Pal != null); // Ensure private key is copied OpenSslX509CertificateReader certPal = (OpenSslX509CertificateReader)cert.Pal; return(certPal.DuplicateHandles()); }
private void FindCore(Predicate <X509Certificate2> predicate) { foreach (X509Certificate2 cert in _findFrom) { if (predicate(cert)) { if (!_validOnly || IsCertValid(cert)) { OpenSslX509CertificateReader certPal = (OpenSslX509CertificateReader)cert.Pal; _copyTo.Add(new X509Certificate2(certPal.DuplicateHandles())); } } } }
public void Add(ICertificatePal certPal) { if (_readOnly) { // Windows compatibility: Remove only throws when it needs to do work, add throws always. throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly); } // This may well be the first time that we've added something to this store. Directory.CreateDirectory(_storePath); uint userId = Interop.Sys.GetEUid(); EnsureDirectoryPermissions(_storePath, userId); OpenSslX509CertificateReader cert = (OpenSslX509CertificateReader)certPal; using (X509Certificate2 copy = new X509Certificate2(cert.DuplicateHandles())) { string thumbprint = copy.Thumbprint; bool findOpenSlot; // The odds are low that we'd have a thumbprint collision, but check anyways. string existingFilename = FindExistingFilename(copy, _storePath, out findOpenSlot); if (existingFilename != null) { if (!copy.HasPrivateKey) { return; } try { using (X509Certificate2 fromFile = new X509Certificate2(existingFilename)) { if (fromFile.HasPrivateKey) { // We have a private key, the file has a private key, we're done here. return; } } } catch (CryptographicException) { // We can't read this file anymore, but a moment ago it was this certificate, // so go ahead and overwrite it. } } string destinationFilename; FileMode mode = FileMode.CreateNew; if (existingFilename != null) { destinationFilename = existingFilename; mode = FileMode.Create; } else if (findOpenSlot) { destinationFilename = FindOpenSlot(thumbprint); } else { destinationFilename = Path.Combine(_storePath, thumbprint + PfxExtension); } using (FileStream stream = new FileStream(destinationFilename, mode)) { EnsureFilePermissions(stream, userId); byte[] pkcs12 = copy.Export(X509ContentType.Pkcs12); stream.Write(pkcs12, 0, pkcs12.Length); } } }
protected override X509Certificate2 CloneCertificate(X509Certificate2 cert) { OpenSslX509CertificateReader certPal = (OpenSslX509CertificateReader)cert.Pal; return(new X509Certificate2(certPal.DuplicateHandles())); }
public void Add(ICertificatePal certPal) { if (_readOnly) { // Windows compatibility: Remove only throws when it needs to do work, add throws always. throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly); } // Save the collection to a local so it's consistent for the whole method List <X509Certificate2> certificates = _certificates; OpenSslX509CertificateReader cert = (OpenSslX509CertificateReader)certPal; using (X509Certificate2 copy = new X509Certificate2(cert.DuplicateHandles())) { // certificates will be null if anything has changed since the last call to // get_Certificates; including Add being called without get_Certificates being // called at all. if (certificates != null) { foreach (X509Certificate2 inCollection in certificates) { if (inCollection.Equals(copy)) { if (!copy.HasPrivateKey || inCollection.HasPrivateKey) { // If the existing store only knows about a public key, but we're // adding a public+private pair, continue with the add. // // So, therefore, if we aren't adding a private key, or already have one, // we don't need to do anything. return; } } } } // This may well be the first time that we've added something to this store. Directory.CreateDirectory(_storePath); uint userId = Interop.Sys.GetEUid(); EnsureDirectoryPermissions(_storePath, userId); string thumbprint = copy.Thumbprint; bool findOpenSlot; // The odds are low that we'd have a thumbprint collision, but check anyways. string existingFilename = FindExistingFilename(copy, _storePath, out findOpenSlot); if (existingFilename != null) { bool dataExistsAlready = false; // If the file on disk is just a public key, but we're trying to add a private key, // we'll want to overwrite it. if (copy.HasPrivateKey) { try { using (X509Certificate2 fromFile = new X509Certificate2(existingFilename)) { if (fromFile.HasPrivateKey) { // We have a private key, the file has a private key, we're done here. dataExistsAlready = true; } } } catch (CryptographicException) { // We can't read this file anymore, but a moment ago it was this certificate, // so go ahead and overwrite it. } } else { // If we're just a public key then the file has at least as much data as we do. dataExistsAlready = true; } if (dataExistsAlready) { // The file was added but our collection hasn't resynced yet. // Set _certificates to null to force a resync. _certificates = null; return; } } string destinationFilename; FileMode mode = FileMode.CreateNew; if (existingFilename != null) { destinationFilename = existingFilename; mode = FileMode.Create; } else if (findOpenSlot) { destinationFilename = FindOpenSlot(thumbprint); } else { destinationFilename = Path.Combine(_storePath, thumbprint + PfxExtension); } using (FileStream stream = new FileStream(destinationFilename, mode)) { EnsureFilePermissions(stream, userId); byte[] pkcs12 = copy.Export(X509ContentType.Pkcs12); stream.Write(pkcs12, 0, pkcs12.Length); } } // Null out _certificates so the next call to get_Certificates causes a re-scan. _certificates = null; }