internal static bool IsPkcs7Der(SafeBioHandle fileBio)
{
using (SafePkcs7Handle pkcs7 = Interop.Crypto.D2IPkcs7Bio(fileBio))
{
return !pkcs7.IsInvalid;
}
}
internal static bool IsPkcs7Pem(SafeBioHandle fileBio)
{
using (SafePkcs7Handle pkcs7 = Interop.Crypto.PemReadBioPkcs7(fileBio))
{
return !pkcs7.IsInvalid;
}
}
private static IStorePal FromBio(SafeBioHandle bio, string password)
{
int bioPosition = Interop.Crypto.BioTell(bio);
Debug.Assert(bioPosition >= 0);
ICertificatePal singleCert;
if (CertificatePal.TryReadX509Pem(bio, out singleCert))
{
return SingleCertToStorePal(singleCert);
}
// Rewind, try again.
CertificatePal.RewindBio(bio, bioPosition);
if (CertificatePal.TryReadX509Der(bio, out singleCert))
{
return SingleCertToStorePal(singleCert);
}
// Rewind, try again.
CertificatePal.RewindBio(bio, bioPosition);
List<ICertificatePal> certPals;
if (PkcsFormatReader.TryReadPkcs7Pem(bio, out certPals))
{
return ListToStorePal(certPals);
}
// Rewind, try again.
CertificatePal.RewindBio(bio, bioPosition);
if (PkcsFormatReader.TryReadPkcs7Der(bio, out certPals))
{
return ListToStorePal(certPals);
}
// Rewind, try again.
CertificatePal.RewindBio(bio, bioPosition);
if (PkcsFormatReader.TryReadPkcs12(bio, password, out certPals))
{
return ListToStorePal(certPals);
}
// Since we aren't going to finish reading, leaving the buffer where it was when we got
// it seems better than leaving it in some arbitrary other position.
//
// But, before seeking back to start, save the Exception representing the last reported
// OpenSSL error in case the last BioSeek would change it.
Exception openSslException = Interop.Crypto.CreateOpenSslCryptographicException();
// Use BioSeek directly for the last seek attempt, because any failure here should instead
// report the already created (but not yet thrown) exception.
Interop.Crypto.BioSeek(bio, bioPosition);
throw openSslException;
}
internal static void RewindBio(SafeBioHandle bio, int bioPosition)
{
int ret = Interop.Crypto.BioSeek(bio, bioPosition);
if (ret < 0)
{
throw Interop.Crypto.CreateOpenSslCryptographicException();
}
}
public static bool TryRead(SafeBioHandle fileBio, out OpenSslPkcs12Reader pkcs12Reader)
{
SafePkcs12Handle p12 = Interop.libcrypto.d2i_PKCS12_bio(fileBio, IntPtr.Zero);
if (!p12.IsInvalid)
{
pkcs12Reader = new OpenSslPkcs12Reader(p12);
return true;
}
pkcs12Reader = null;
return false;
}
public static bool TryRead(SafeBioHandle fileBio, out OpenSslPkcs12Reader pkcs12Reader)
{
SafePkcs12Handle p12 = Interop.Crypto.DecodePkcs12FromBio(fileBio);
if (!p12.IsInvalid)
{
pkcs12Reader = new OpenSslPkcs12Reader(p12);
return true;
}
pkcs12Reader = null;
return false;
}
private static bool TryReadPkcs7Der(
SafeBioHandle bio,
bool single,
out ICertificatePal certPal,
out List<ICertificatePal> certPals)
{
using (SafePkcs7Handle pkcs7 = Interop.Crypto.D2IPkcs7Bio(bio))
{
if (pkcs7.IsInvalid)
{
certPal = null;
certPals = null;
return false;
}
return TryReadPkcs7(pkcs7, single, out certPal, out certPals);
}
}
private static bool TryReadPkcs7Der(
SafeBioHandle bio,
bool single,
out ICertificatePal certPal,
out List<ICertificatePal> certPals)
{
SafePkcs7Handle pkcs7 = Interop.libcrypto.d2i_PKCS7_bio(bio, IntPtr.Zero);
if (pkcs7.IsInvalid)
{
certPal = null;
certPals = null;
return false;
}
using (pkcs7)
{
return TryReadPkcs7(pkcs7, single, out certPal, out certPals);
}
}
internal static extern void SslSetBio(SafeSslHandle ssl, SafeBioHandle rbio, SafeBioHandle wbio);
internal static extern int BIO_write(SafeBioHandle bio, IntPtr buf, int num);
internal static bool TryReadPkcs7Pem(SafeBioHandle bio, out List<ICertificatePal> certPals)
{
ICertificatePal ignored;
return TryReadPkcs7Pem(bio, false, out ignored, out certPals);
}
internal static bool TryReadPkcs12(SafeBioHandle bio, string password, out List<ICertificatePal> certPals)
{
ICertificatePal ignored;
return TryReadPkcs12(bio, password, false, out ignored, out certPals);
}
internal static extern int BIO_ctrl_pending(SafeBioHandle bio);
internal static extern SafePkcs12Handle DecodePkcs12FromBio(SafeBioHandle bio);
internal static extern int X509_NAME_print_ex(SafeBioHandle @out, SafeX509NameHandle nm, int indent, NativeULong flags);
internal static extern SafeX509Handle PEM_read_bio_X509_AUX(SafeBioHandle bio, IntPtr zero, IntPtr zero1, IntPtr zero2);
internal static extern SafePkcs12Handle d2i_PKCS12_bio(SafeBioHandle bio, IntPtr zero);
internal static unsafe extern int BioWrite(SafeBioHandle b, byte* data, int len);
public static SafeSslHandle Create(SafeSslContextHandle context, bool isServer)
{
SafeBioHandle readBio = Interop.Crypto.CreateMemoryBio();
if (readBio.IsInvalid)
{
return(new SafeSslHandle());
}
SafeBioHandle writeBio = Interop.Crypto.CreateMemoryBio();
if (writeBio.IsInvalid)
{
readBio.Dispose();
return(new SafeSslHandle());
}
SafeSslHandle handle = Interop.Ssl.SslCreate(context);
if (handle.IsInvalid)
{
readBio.Dispose();
writeBio.Dispose();
return(handle);
}
handle._isServer = isServer;
// After SSL_set_bio, the BIO handles are owned by SSL pointer
// and are automatically freed by SSL_free. To prevent a double
// free, we need to keep the ref counts bumped up till SSL_free
bool gotRef = false;
readBio.DangerousAddRef(ref gotRef);
try
{
bool ignore = false;
writeBio.DangerousAddRef(ref ignore);
}
catch
{
if (gotRef)
{
readBio.DangerousRelease();
}
throw;
}
Interop.Ssl.SslSetBio(handle, readBio, writeBio);
handle._readBio = readBio;
handle._writeBio = writeBio;
if (isServer)
{
Interop.Ssl.SslSetAcceptState(handle);
}
else
{
Interop.Ssl.SslSetConnectState(handle);
}
return(handle);
}
internal static bool TryReadPkcs12(SafeBioHandle bio, string password, out ICertificatePal certPal)
{
List<ICertificatePal> ignored;
return TryReadPkcs12(bio, password, true, out certPal, out ignored);
}
internal static bool TryReadX509Pem(SafeBioHandle bio, out ICertificatePal certPal)
{
SafeX509Handle cert = Interop.Crypto.PemReadX509FromBio(bio);
if (cert.IsInvalid)
{
cert.Dispose();
certPal = null;
return false;
}
certPal = new OpenSslX509CertificateReader(cert);
return true;
}
private static bool TryReadPkcs12(
SafeBioHandle bio,
string password,
bool single,
out ICertificatePal readPal,
out List<ICertificatePal> readCerts)
{
// DER-PKCS12
OpenSslPkcs12Reader pfx;
if (!OpenSslPkcs12Reader.TryRead(bio, out pfx))
{
readPal = null;
readCerts = null;
return false;
}
using (pfx)
{
return TryReadPkcs12(pfx, password, single, out readPal, out readCerts);
}
}
private static int BioRead(SafeBioHandle bio, byte[] buffer, int count)
{
Debug.Assert(buffer != null);
Debug.Assert(count >= 0);
Debug.Assert(buffer.Length >= count);
int bytes = Crypto.BioRead(bio, buffer, count);
if (bytes != count)
{
throw CreateSslException(SR.net_ssl_read_bio_failed_error);
}
return bytes;
}
internal static bool TryReadPkcs7Pem(SafeBioHandle bio, out ICertificatePal certPal)
{
List<ICertificatePal> ignored;
return TryReadPkcs7Pem(bio, true, out certPal, out ignored);
}
private static extern int Asn1StringPrintEx(SafeBioHandle bio, SafeAsn1StringHandle str, Asn1StringPrintFlags flags);
internal static extern int PemWriteBioX509Crl(SafeBioHandle bio, SafeX509CrlHandle crl);
internal static extern void SSL_set_bio(SafeSslHandle ssl, SafeBioHandle rbio, SafeBioHandle wbio);
internal static bool TryReadX509Der(SafeBioHandle bio, out ICertificatePal fromBio)
{
SafeX509Handle cert = Interop.Crypto.ReadX509AsDerFromBio(bio);
if (cert.IsInvalid)
{
cert.Dispose();
fromBio = null;
return false;
}
fromBio = new OpenSslX509CertificateReader(cert);
return true;
}
internal static extern SafeX509CrlHandle PemReadBioX509Crl(SafeBioHandle bio);
private static int BioWrite(SafeBioHandle bio, byte[] buffer, int offset, int count)
{
Debug.Assert(buffer != null);
Debug.Assert(offset >= 0);
Debug.Assert(count >= 0);
Debug.Assert(buffer.Length >= offset + count);
int bytes;
unsafe
{
fixed (byte* bufPtr = buffer)
{
bytes = Ssl.BioWrite(bio, bufPtr + offset, count);
}
}
if (bytes != count)
{
throw CreateSslException(SR.net_ssl_write_bio_failed_error);
}
return bytes;
}
internal static extern SafeX509Handle PemReadX509FromBio(SafeBioHandle bio);