From 3fd578c3ccea681efd14aea07a0364b3baa3cca7 Mon Sep 17 00:00:00 2001 From: Filip Navara Date: Mon, 9 Jul 2018 19:08:50 +0200 Subject: [PATCH] Drop pal_asn1_print in favor of the managed code * Drop pal_asn1_print in favor of the managed code that is already used on macOS. * Add handling of T61 strings to ManagedCertificateFinder.DerStringToManagedString. --- .../Interop.ASN1.Print.cs | 144 ------------------ .../Win32/SafeHandles/Asn1SafeHandles.Unix.cs | 28 ---- .../pal_asn1_print.cpp | 5 + .../pal_asn1_print.h | 5 + .../Internal/Cryptography/Pal.OSX/FindPal.cs | 28 ---- .../Pal.Unix/ManagedCertificateFinder.cs | 31 +++- .../Pal.Unix/OpenSslCertificateFinder.cs | 5 - ...urity.Cryptography.X509Certificates.csproj | 3 - 8 files changed, 40 insertions(+), 209 deletions(-) delete mode 100644 src/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.ASN1.Print.cs diff --git a/src/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.ASN1.Print.cs b/src/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.ASN1.Print.cs deleted file mode 100644 index 12199563c8b5..000000000000 --- a/src/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.ASN1.Print.cs +++ /dev/null @@ -1,144 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -using System; -using System.Runtime.InteropServices; -using System.Text; -using Microsoft.Win32.SafeHandles; - -internal static partial class Interop -{ - internal static partial class Crypto - { - [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_DecodeAsn1TypeBytes")] - private static extern SafeAsn1StringHandle DecodeAsn1TypeBytes(byte[] buf, int len, Asn1StringTypeFlags flags); - - [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_Asn1StringPrintEx")] - private static extern int Asn1StringPrintEx(SafeBioHandle bio, SafeAsn1StringHandle str, Asn1StringPrintFlags flags); - - [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_Asn1StringPrintEx")] - private static extern int Asn1StringPrintEx(SafeBioHandle bio, SafeSharedAsn1StringHandle str, Asn1StringPrintFlags flags); - - internal static string DerStringToManagedString(byte[] derString) - { - SafeAsn1StringHandle asn1String = DecodeAsn1TypeBytes(derString, derString.Length, AnyTextStringType); - - if (asn1String.IsInvalid) - { - Interop.Crypto.ErrClearError(); - return null; - } - - using (asn1String) - { - return Asn1StringToManagedString( - asn1String, - (bio, str, flags) => Asn1StringPrintEx(bio, str, flags)); - } - } - - internal static string Asn1StringToManagedString(SafeSharedAsn1StringHandle asn1String) - { - CheckValidOpenSslHandle(asn1String); - - return Asn1StringToManagedString( - asn1String, - (bio, str, flags) => Asn1StringPrintEx(bio, str, flags)); - } - - private static string Asn1StringToManagedString( - THandle asn1String, - Func asn1StringPrintEx) - { - byte[] utf8Bytes; - - using (SafeBioHandle bio = CreateMemoryBio()) - { - CheckValidOpenSslHandle(bio); - - int len = asn1StringPrintEx(bio, asn1String, Asn1StringPrintFlags.ASN1_STRFLGS_UTF8_CONVERT); - - if (len < 0) - { - throw CreateOpenSslCryptographicException(); - } - - if (len == 0) - { - return ""; - } - - int bioSize = GetMemoryBioSize(bio); - utf8Bytes = new byte[bioSize + 1]; - - int read = BioRead(bio, utf8Bytes, utf8Bytes.Length); - - if (read < 0) - { - throw CreateOpenSslCryptographicException(); - } - } - - int nonNullCount = utf8Bytes.Length; - - if (utf8Bytes[utf8Bytes.Length - 1] == 0) - { - for (int i = utf8Bytes.Length - 1; i >= 0; i--) - { - if (utf8Bytes[i] != 0) - { - break; - } - - nonNullCount = i; - } - } - - return Encoding.UTF8.GetString(utf8Bytes, 0, nonNullCount); - } - - [Flags] - private enum Asn1StringPrintFlags : ulong - { - ASN1_STRFLGS_UTF8_CONVERT = 0x10, - } - - [Flags] - private enum Asn1StringTypeFlags - { - B_ASN1_NUMERICSTRING = 0x0001, - B_ASN1_PRINTABLESTRING = 0x0002, - B_ASN1_T61STRING = 0x0004, - B_ASN1_VIDEOTEXSTRING = 0x0008, - B_ASN1_IA5STRING = 0x0010, - B_ASN1_GRAPHICSTRING = 0x0020, - B_ASN1_VISIBLESTRING = 0x0040, - B_ASN1_GENERALSTRING = 0x0080, - B_ASN1_UNIVERSALSTRING = 0x0100, - B_ASN1_OCTET_STRING = 0x0200, - B_ASN1_BIT_STRING = 0x0400, - B_ASN1_BMPSTRING = 0x0800, - B_ASN1_UNKNOWN = 0x1000, - B_ASN1_UTF8STRING = 0x2000, - B_ASN1_UTCTIME = 0x4000, - B_ASN1_GENERALIZEDTIME = 0x8000, - B_ASN1_SEQUENCE = 0x10000, - } - - private const Asn1StringTypeFlags AnyTextStringType = - Asn1StringTypeFlags.B_ASN1_NUMERICSTRING | - Asn1StringTypeFlags.B_ASN1_PRINTABLESTRING | - Asn1StringTypeFlags.B_ASN1_T61STRING | - Asn1StringTypeFlags.B_ASN1_VIDEOTEXSTRING | - Asn1StringTypeFlags.B_ASN1_IA5STRING | - Asn1StringTypeFlags.B_ASN1_GRAPHICSTRING | - Asn1StringTypeFlags.B_ASN1_VISIBLESTRING | - Asn1StringTypeFlags.B_ASN1_GENERALSTRING | - Asn1StringTypeFlags.B_ASN1_UNIVERSALSTRING | - Asn1StringTypeFlags.B_ASN1_BMPSTRING | - Asn1StringTypeFlags.B_ASN1_UTF8STRING | - Asn1StringTypeFlags.B_ASN1_UTCTIME | - Asn1StringTypeFlags.B_ASN1_GENERALIZEDTIME; - } -} diff --git a/src/Common/src/Microsoft/Win32/SafeHandles/Asn1SafeHandles.Unix.cs b/src/Common/src/Microsoft/Win32/SafeHandles/Asn1SafeHandles.Unix.cs index 3fdde3f60212..ddf413110c03 100644 --- a/src/Common/src/Microsoft/Win32/SafeHandles/Asn1SafeHandles.Unix.cs +++ b/src/Common/src/Microsoft/Win32/SafeHandles/Asn1SafeHandles.Unix.cs @@ -68,34 +68,6 @@ public override bool IsInvalid } } - internal sealed class SafeAsn1StringHandle : SafeHandle - { - private SafeAsn1StringHandle() : - base(IntPtr.Zero, ownsHandle: true) - { - } - - protected override bool ReleaseHandle() - { - Interop.Crypto.Asn1StringFree(handle); - SetHandle(IntPtr.Zero); - return true; - } - - public override bool IsInvalid - { - get { return handle == IntPtr.Zero; } - } - } - - internal sealed class SafeSharedAsn1StringHandle : SafeInteriorHandle - { - private SafeSharedAsn1StringHandle() : - base(IntPtr.Zero, ownsHandle: true) - { - } - } - internal sealed class SafeSharedAsn1IntegerHandle : SafeInteriorHandle { private SafeSharedAsn1IntegerHandle() : diff --git a/src/Native/Unix/System.Security.Cryptography.Native/pal_asn1_print.cpp b/src/Native/Unix/System.Security.Cryptography.Native/pal_asn1_print.cpp index ffbfef980d55..01a544f5e98c 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native/pal_asn1_print.cpp +++ b/src/Native/Unix/System.Security.Cryptography.Native/pal_asn1_print.cpp @@ -4,6 +4,11 @@ #include "pal_asn1_print.h" +/* + * This file is completely unused. It's kept around for compatiblity between + * servicing updates. + */ + static_assert(PAL_B_ASN1_NUMERICSTRING == B_ASN1_NUMERICSTRING, ""); static_assert(PAL_B_ASN1_PRINTABLESTRING == B_ASN1_PRINTABLESTRING, ""); static_assert(PAL_B_ASN1_T61STRING == B_ASN1_T61STRING, ""); diff --git a/src/Native/Unix/System.Security.Cryptography.Native/pal_asn1_print.h b/src/Native/Unix/System.Security.Cryptography.Native/pal_asn1_print.h index 982506e42078..71205cc13cc0 100644 --- a/src/Native/Unix/System.Security.Cryptography.Native/pal_asn1_print.h +++ b/src/Native/Unix/System.Security.Cryptography.Native/pal_asn1_print.h @@ -5,6 +5,11 @@ #include "pal_types.h" #include "opensslshim.h" +/* + * This file is completely unused. It's kept around for compatiblity between + * servicing updates. + */ + /* Flags for the 'type' parameter of CryptoNative_DecodeAsn1TypeBytes. */ diff --git a/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.OSX/FindPal.cs b/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.OSX/FindPal.cs index b2d2846c1aff..e66bad7e7628 100644 --- a/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.OSX/FindPal.cs +++ b/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.OSX/FindPal.cs @@ -22,34 +22,6 @@ public AppleCertificateFinder(X509Certificate2Collection findFrom, X509Certifica { } - protected override string DerStringToManagedString(byte[] anyString) - { - DerSequenceReader reader = DerSequenceReader.CreateForPayload(anyString); - - var tag = (DerSequenceReader.DerTag)reader.PeekTag(); - string value = null; - - switch (tag) - { - case DerSequenceReader.DerTag.BMPString: - value = reader.ReadBMPString(); - break; - case DerSequenceReader.DerTag.IA5String: - value = reader.ReadIA5String(); - break; - case DerSequenceReader.DerTag.PrintableString: - value = reader.ReadPrintableString(); - break; - case DerSequenceReader.DerTag.UTF8String: - value = reader.ReadUtf8String(); - break; - - // Ignore anything we don't know how to read. - } - - return value; - } - protected override byte[] GetSubjectPublicKeyInfo(X509Certificate2 cert) { AppleCertificatePal pal = (AppleCertificatePal)cert.Pal; diff --git a/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/ManagedCertificateFinder.cs b/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/ManagedCertificateFinder.cs index ebc5ee48d1f0..a70bf1488d2b 100644 --- a/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/ManagedCertificateFinder.cs +++ b/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/ManagedCertificateFinder.cs @@ -123,7 +123,36 @@ public void FindByTimeExpired(DateTime dateTime) FindCore(cert => cert.NotAfter < normalized); } - protected abstract string DerStringToManagedString(byte[] anyString); + private string DerStringToManagedString(byte[] anyString) + { + DerSequenceReader reader = DerSequenceReader.CreateForPayload(anyString); + + var tag = (DerSequenceReader.DerTag)reader.PeekTag(); + string value = null; + + switch (tag) + { + case DerSequenceReader.DerTag.BMPString: + value = reader.ReadBMPString(); + break; + case DerSequenceReader.DerTag.IA5String: + value = reader.ReadIA5String(); + break; + case DerSequenceReader.DerTag.PrintableString: + value = reader.ReadPrintableString(); + break; + case DerSequenceReader.DerTag.UTF8String: + value = reader.ReadUtf8String(); + break; + case DerSequenceReader.DerTag.T61String: + value = reader.ReadT61String(); + break; + + // Ignore anything we don't know how to read. + } + + return value; + } public void FindByTemplateName(string templateName) { diff --git a/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/OpenSslCertificateFinder.cs b/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/OpenSslCertificateFinder.cs index 720c2989945a..717ee3753b81 100644 --- a/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/OpenSslCertificateFinder.cs +++ b/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/OpenSslCertificateFinder.cs @@ -13,11 +13,6 @@ internal OpenSslCertificateFinder(X509Certificate2Collection findFrom, X509Certi { } - protected override string DerStringToManagedString(byte[] anyString) - { - return Interop.Crypto.DerStringToManagedString(anyString); - } - protected override byte[] GetSubjectPublicKeyInfo(X509Certificate2 cert) { OpenSslX509CertificateReader certPal = (OpenSslX509CertificateReader)cert.Pal; diff --git a/src/System.Security.Cryptography.X509Certificates/src/System.Security.Cryptography.X509Certificates.csproj b/src/System.Security.Cryptography.X509Certificates/src/System.Security.Cryptography.X509Certificates.csproj index 3bdef009b92a..5d9e22a7f399 100644 --- a/src/System.Security.Cryptography.X509Certificates/src/System.Security.Cryptography.X509Certificates.csproj +++ b/src/System.Security.Cryptography.X509Certificates/src/System.Security.Cryptography.X509Certificates.csproj @@ -186,9 +186,6 @@ Common\Interop\Unix\System.Security.Cryptography.Native\Interop.ASN1.GetIntegerBytes.cs - - Common\Interop\Unix\System.Security.Cryptography.Native\Interop.ASN1.Print.cs - Common\Interop\Unix\System.Security.Cryptography.Native\Interop.Bignum.cs