// // Returns: // For the input type == X509Certificate2 cert the same ref // For an older cert format clones it as X509Certificate2 and returns result // For a derived type clones it as X509Certificate2 and returns result // static X509Certificate2 MakeEx(X509Certificate certificate) { if (certificate.GetType() == typeof(X509Certificate2)) return (X509Certificate2)certificate; X509Certificate2 certificateEx = null; try { if (certificate.Handle!=IntPtr.Zero) { certificateEx = new X509Certificate2(certificate); } } catch (SecurityException) { } catch (CryptographicException) { } return certificateEx; }
private static X509Certificate2 MakeEx(X509Certificate certificate) { Debug.Assert(certificate != null, "certificate != null"); if (certificate.GetType() == typeof(X509Certificate2)) { return (X509Certificate2)certificate; } X509Certificate2 certificateEx = null; try { if (certificate.Handle != IntPtr.Zero) { certificateEx = new X509Certificate2(certificate.Handle); } } catch (SecurityException) { } catch (CryptographicException) { } return certificateEx; }
// // SECURITY: we open a private key container on behalf of the caller // and we require the caller to have permission associated with that operation. // After discussing with X509Certificate2 owners decided to demand KeyContainerPermission (Open) // At the same time we assert StorePermission on the caller frame since for consistency // we cannot predict when it will be demanded (SSL session reuse feature) // X509Certificate2 EnsurePrivateKey(X509Certificate certificate) { if (certificate == null) return null; if (Logging.On) Logging.PrintInfo(Logging.Web, this, SR.GetString(SR.net_log_locating_private_key_for_certificate, certificate.ToString(true))); try { X509Certificate2 certEx = certificate as X509Certificate2; Type t = certificate.GetType(); string certHash = null; // Protecting from X509Certificate2 derived classes if (t != typeof(X509Certificate2) && t != typeof(X509Certificate)) { if (certificate.Handle != IntPtr.Zero) { certEx = new X509Certificate2(certificate); certHash = certEx.GetCertHashString(); } } else { certHash = certificate.GetCertHashString(); } if (certEx != null) { if (certEx.HasPrivateKey) { if (Logging.On) Logging.PrintInfo(Logging.Web, this, SR.GetString(SR.net_log_cert_is_of_type_2)); return certEx; } if ((object)certificate != (object) certEx) certEx.Reset(); } // // The certificate doesn't have a private key, so we need // to open the store and search for it there. Demand the // KeyContainerPermission with Open access before opening // the store. If store.Open() or store.Cert.Find() // demand the same permissions, then we should remove our // demand here. // #if FEATURE_MONO_CAS ExceptionHelper.KeyContainerPermissionOpen.Demand(); #endif X509Certificate2Collection collectionEx; // ELSE Try MY user and machine stores for private key check // For server side mode MY machine store takes priority X509Store store = EnsureStoreOpened(m_ServerMode); if (store != null) { collectionEx = store.Certificates.Find(X509FindType.FindByThumbprint, certHash, false); if (collectionEx.Count > 0 && collectionEx[0].HasPrivateKey) { if (Logging.On) Logging.PrintInfo(Logging.Web, this, SR.GetString(SR.net_log_found_cert_in_store, (m_ServerMode ? "LocalMachine" : "CurrentUser"))); return collectionEx[0]; } } store = EnsureStoreOpened(!m_ServerMode); if (store != null) { collectionEx = store.Certificates.Find(X509FindType.FindByThumbprint, certHash, false); if (collectionEx.Count > 0 && collectionEx[0].HasPrivateKey) { if (Logging.On) Logging.PrintInfo(Logging.Web, this, SR.GetString(SR.net_log_found_cert_in_store, (m_ServerMode ? "CurrentUser" : "LocalMachine"))); return collectionEx[0]; } } } catch (CryptographicException) { } if (Logging.On) Logging.PrintInfo(Logging.Web, this, SR.GetString(SR.net_log_did_not_find_cert_in_store)); return null; }
private X509Certificate2 EnsurePrivateKey(X509Certificate certificate) { if (certificate != null) { if (Logging.On) { Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_locating_private_key_for_certificate", new object[] { certificate.ToString(true) })); } try { X509Certificate2Collection certificates; X509Certificate2 certificate2 = certificate as X509Certificate2; Type type = certificate.GetType(); string findValue = null; if ((type != typeof(X509Certificate2)) && (type != typeof(X509Certificate))) { if (certificate.Handle != IntPtr.Zero) { certificate2 = new X509Certificate2(certificate); findValue = certificate2.GetCertHashString(); } } else { findValue = certificate.GetCertHashString(); } if (certificate2 != null) { if (certificate2.HasPrivateKey) { if (Logging.On) { Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_cert_is_of_type_2")); } return certificate2; } if (certificate != certificate2) { certificate2.Reset(); } } ExceptionHelper.KeyContainerPermissionOpen.Demand(); X509Store store = EnsureStoreOpened(this.m_ServerMode); if (store != null) { certificates = store.Certificates.Find(X509FindType.FindByThumbprint, findValue, false); if ((certificates.Count > 0) && (certificates[0].PrivateKey != null)) { if (Logging.On) { Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_found_cert_in_store", new object[] { this.m_ServerMode ? "LocalMachine" : "CurrentUser" })); } return certificates[0]; } } store = EnsureStoreOpened(!this.m_ServerMode); if (store != null) { certificates = store.Certificates.Find(X509FindType.FindByThumbprint, findValue, false); if ((certificates.Count > 0) && (certificates[0].PrivateKey != null)) { if (Logging.On) { Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_found_cert_in_store", new object[] { this.m_ServerMode ? "CurrentUser" : "LocalMachine" })); } return certificates[0]; } } } catch (CryptographicException) { } if (Logging.On) { Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_did_not_find_cert_in_store")); } } return null; }