Merge pull request #1990 from bartonjs/add-cryptography-x509

Add System.Security.Cryptography.X509Certificates Source and Test

Author: bartonjs

src/Common/src/Interop/Unix/Interop.Libraries.cs

@@ -9,5 +9,6 @@ private static partial class Libraries
         internal const string LibCoreClr= "libcoreclr";        // CoreCLR runtime
         internal const string LibCrypto = "libcrypto";         // OpenSSL crypto library
         internal const string Zlib = "libz";                   // zlib compression library
+        internal const string CryptoInterop = "System.Security.Cryptography.Native";
     }
 }

src/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.NativeCrypto.cs

@@ -0,0 +1,75 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Runtime.InteropServices;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+
+using Microsoft.Win32.SafeHandles;
+
+internal static partial class Interop
+{
+    internal static partial class NativeCrypto
+    {
+        [DllImport(Libraries.CryptoInterop)]
+        internal static extern int GetX509Thumbprint(SafeX509Handle x509, byte[] buf, int cBuf);
+
+        [DllImport(Libraries.CryptoInterop)]
+        internal static extern int GetX509NameRawBytes(IntPtr x509Name, byte[] buf, int cBuf);
+
+        [DllImport(Libraries.CryptoInterop)]
+        internal static extern IntPtr GetX509NotBefore(SafeX509Handle x509);
+
+        [DllImport(Libraries.CryptoInterop)]
+        internal static extern IntPtr GetX509NotAfter(SafeX509Handle x509);
+
+        [DllImport(Libraries.CryptoInterop)]
+        internal static extern int GetX509Version(SafeX509Handle x509);
+
+        [DllImport(Libraries.CryptoInterop)]
+        internal static extern IntPtr GetX509SignatureAlgorithm(SafeX509Handle x509);
+
+        [DllImport(Libraries.CryptoInterop)]
+        internal static extern IntPtr GetX509PublicKeyAlgorithm(SafeX509Handle x509);
+
+        [DllImport(Libraries.CryptoInterop)]
+        internal static extern int GetX509PublicKeyParameterBytes(SafeX509Handle x509, byte[] buf, int cBuf);
+
+        [DllImport(Libraries.CryptoInterop)]
+        internal static extern IntPtr GetX509PublicKeyBytes(SafeX509Handle x509);
+
+        [DllImport(Libraries.CryptoInterop)]
+        internal static extern int GetX509EkuFieldCount(SafeEkuExtensionHandle eku);
+
+        [DllImport(Libraries.CryptoInterop)]
+        internal static extern IntPtr GetX509EkuField(SafeEkuExtensionHandle eku, int loc);
+
+        [DllImport(Libraries.CryptoInterop)]
+        internal static extern SafeBioHandle GetX509NameInfo(SafeX509Handle x509, int nameType, [MarshalAs(UnmanagedType.Bool)] bool forIssuer);
+
+        [DllImport(Libraries.CryptoInterop)]
+        private static extern int GetAsn1StringBytes(IntPtr asn1, byte[] buf, int cBuf);
+
+        internal static byte[] GetAsn1StringBytes(IntPtr asn1)
+        {
+            int negativeSize = GetAsn1StringBytes(asn1, null, 0);
+
+            if (negativeSize > 0)
+            {
+                throw new CryptographicException();
+            }
+
+            byte[] bytes = new byte[-negativeSize];
+
+            int ret = GetAsn1StringBytes(asn1, bytes, bytes.Length);
+
+            if (ret != 1)
+            {
+                throw new CryptographicException();
+            }
+
+            return bytes;
+        }
+    }
+}

src/Common/src/Interop/Unix/libcrypto/Interop.X509.cs

@@ -0,0 +1,67 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Runtime.InteropServices;
+using System.Security.Cryptography;
+
+using Microsoft.Win32.SafeHandles;
+
+using NativeULong=System.UIntPtr;
+
+internal static partial class Interop
+{
+    internal static partial class libcrypto
+    {
+        [DllImport(Libraries.LibCrypto)]
+        internal static extern void X509_free(IntPtr a);
+
+        [DllImport(Libraries.LibCrypto)]
+        internal static unsafe extern SafeX509Handle d2i_X509(IntPtr zero, byte** ppin, int len);
+
+        [DllImport(Libraries.LibCrypto)]
+        internal static extern unsafe int i2d_X509(SafeX509Handle x, byte** @out);
+
+        [DllImport(Libraries.LibCrypto)]
+        internal static extern IntPtr X509_get_serialNumber(SafeX509Handle x);
+
+        [DllImport(Libraries.LibCrypto)]
+        internal static unsafe extern SafeX509NameHandle d2i_X509_NAME(IntPtr zero, byte** ppin, int len);
+
+        [DllImport(Libraries.LibCrypto)]
+        internal static extern int X509_NAME_print_ex(SafeBioHandle @out, SafeX509NameHandle nm, int indent, NativeULong flags);
+
+        [DllImport(Libraries.LibCrypto)]
+        internal static extern void X509_NAME_free(IntPtr a);
+
+        [DllImport(Libraries.LibCrypto)]
+        internal static extern IntPtr X509_get_issuer_name(SafeX509Handle a);
+
+        [DllImport(Libraries.LibCrypto)]
+        internal static extern IntPtr X509_get_subject_name(SafeX509Handle a);
+
+        [DllImport(Libraries.LibCrypto)]
+        [return: MarshalAs(UnmanagedType.Bool)]
+        internal static extern bool X509_check_purpose(SafeX509Handle x, int id, int ca);
+
+        [DllImport(Libraries.LibCrypto)]
+        internal static extern int X509_get_ext_count(SafeX509Handle x);
+
+        // Returns a pointer already being tracked by the SafeX509Handle, shouldn't be SafeHandle tracked/freed.
+        // Bounds checking is in place for "loc", IntPtr.Zero is returned on violations.
+        [DllImport(Libraries.LibCrypto)]
+        internal static extern IntPtr X509_get_ext(SafeX509Handle x, int loc);
+
+        // Returns a pointer already being tracked by a SafeX509Handle, shouldn't be SafeHandle tracked/freed.
+        [DllImport(Libraries.LibCrypto)]
+        internal static extern IntPtr X509_EXTENSION_get_object(IntPtr ex);
+
+        // Returns a pointer already being tracked by a SafeX509Handle, shouldn't be SafeHandle tracked/freed.
+        [DllImport(Libraries.LibCrypto)]
+        internal static extern IntPtr X509_EXTENSION_get_data(IntPtr ex);
+
+        [DllImport(Libraries.LibCrypto)]
+        [return: MarshalAs(UnmanagedType.Bool)]
+        internal static extern bool X509_EXTENSION_get_critical(IntPtr ex);
+    }
+}

src/Common/src/Interop/Unix/libcrypto/Interop.d2i.cs

@@ -0,0 +1,64 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+using System.Security.Cryptography;
+
+internal static partial class Interop
+{
+    internal static partial class libcrypto
+    {
+        internal unsafe delegate THandle D2IFunc<out THandle>(IntPtr zero, byte** ppin, int len);
+
+        internal unsafe delegate int I2DFunc<in THandle>(THandle handle, byte** @out);
+
+        internal static unsafe THandle OpenSslD2I<THandle>(D2IFunc<THandle> d2i, byte[] data)
+            where THandle : SafeHandle
+        {
+            // The OpenSSL d2i_* functions are set up for cascaded calls, so they increment *ppData while reading.
+            // Since only the outermost caller (that'd be this method) knows who the outermost caller is, it's their
+            // job to keep a pointer to the original data.
+            fixed (byte* pDataFixed = data)
+            {
+                byte* pData = pDataFixed;
+                byte** ppData = &pData;
+
+                THandle handle = d2i(IntPtr.Zero, ppData, data.Length);
+
+                if (handle.IsInvalid)
+                {
+                    throw new CryptographicException(GetOpenSslErrorString());
+                }
+
+                return handle;
+            }
+        }
+
+        internal static unsafe byte[] OpenSslI2D<THandle>(I2DFunc<THandle> i2d, THandle handle)
+            where THandle : SafeHandle
+        {
+            int size = i2d(handle, null);
+
+            if (size < 1)
+            {
+                throw new CryptographicException();
+            }
+
+            byte[] data = new byte[size];
+
+            fixed (byte* pDataFixed = data)
+            {
+                byte* pData = pDataFixed;
+                byte** ppData = &pData;
+
+                int size2 = i2d(handle, ppData);
+
+                Debug.Assert(size == size2);
+            }
+
+            return data;
+        }
+    }
+}

src/Common/src/Microsoft/Win32/SafeHandles/SafeX509Handle.Unix.cs

@@ -0,0 +1,32 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Security;
+using System.Runtime.InteropServices;
+
+namespace Microsoft.Win32.SafeHandles
+{
+    [SecurityCritical]
+    internal sealed class SafeX509Handle : SafeHandle
+    {
+        private SafeX509Handle() : 
+            base(IntPtr.Zero, ownsHandle: true)
+        {
+        }
+
+        [SecurityCritical]
+        protected override bool ReleaseHandle()
+        {
+            Interop.libcrypto.X509_free(handle);
+            SetHandle(IntPtr.Zero);
+            return true;
+        }
+
+        public override bool IsInvalid
+        {
+            [SecurityCritical]
+            get { return handle == IntPtr.Zero; }
+        }
+    }
+}

src/Common/src/Microsoft/Win32/SafeHandles/SafeX509NameHandle.Unix.cs

@@ -0,0 +1,30 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Security;
+using System.Runtime.InteropServices;
+
+namespace Microsoft.Win32.SafeHandles
+{
+    [SecurityCritical]
+    internal sealed class SafeX509NameHandle : SafeHandle
+    {
+        private SafeX509NameHandle() :
+            base(IntPtr.Zero, ownsHandle: true)
+        {
+        }
+
+        protected override bool ReleaseHandle()
+        {
+            Interop.libcrypto.X509_NAME_free(handle);
+            SetHandle(IntPtr.Zero);
+            return true;
+        }
+
+        public override bool IsInvalid
+        {
+            get { return handle == IntPtr.Zero; }
+        }
+    }
+}

src/Common/src/System/Collections/Generic/LowLevelList.cs

@@ -497,6 +497,15 @@ public T[] ToArray()
     /// </summary>
     internal sealed class LowLevelListWithIList<T> : LowLevelList<T>, IList<T>
     {
+        public LowLevelListWithIList()
+        {
+        }
+
+        public LowLevelListWithIList(int capacity)
+            : base(capacity)
+        {
+        }
+
         // Is this List read-only?
         bool ICollection<T>.IsReadOnly
         {

src/System.Security.Cryptography.X509Certificates/System.Security.Cryptography.X509Certificates.sln

@@ -0,0 +1,48 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 14
+VisualStudioVersion = 14.0.22911.2
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "System.Security.Cryptography.X509Certificates", "src\System.Security.Cryptography.X509Certificates.csproj", "{6F8576C2-6CD0-4DF3-8394-00B002D82E40}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "System.Security.Cryptography.X509Certificates.Tests", "tests\System.Security.Cryptography.X509Certificates.Tests.csproj", "{A28B0064-EFB2-4B77-B97C-DECF5DAB074E}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Linux_Debug|Any CPU = Linux_Debug|Any CPU
+		Linux_Release|Any CPU = Linux_Release|Any CPU
+		OSX_Debug|Any CPU = OSX_Debug|Any CPU
+		OSX_Release|Any CPU = OSX_Release|Any CPU
+		Windows_Debug|Any CPU = Windows_Debug|Any CPU
+		Windows_Release|Any CPU = Windows_Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{6F8576C2-6CD0-4DF3-8394-00B002D82E40}.Linux_Debug|Any CPU.ActiveCfg = Linux_Debug|Any CPU
+		{6F8576C2-6CD0-4DF3-8394-00B002D82E40}.Linux_Debug|Any CPU.Build.0 = Linux_Debug|Any CPU
+		{6F8576C2-6CD0-4DF3-8394-00B002D82E40}.Linux_Release|Any CPU.ActiveCfg = Linux_Release|Any CPU
+		{6F8576C2-6CD0-4DF3-8394-00B002D82E40}.Linux_Release|Any CPU.Build.0 = Linux_Release|Any CPU
+		{6F8576C2-6CD0-4DF3-8394-00B002D82E40}.OSX_Debug|Any CPU.ActiveCfg = OSX_Debug|Any CPU
+		{6F8576C2-6CD0-4DF3-8394-00B002D82E40}.OSX_Debug|Any CPU.Build.0 = OSX_Debug|Any CPU
+		{6F8576C2-6CD0-4DF3-8394-00B002D82E40}.OSX_Release|Any CPU.ActiveCfg = OSX_Release|Any CPU
+		{6F8576C2-6CD0-4DF3-8394-00B002D82E40}.OSX_Release|Any CPU.Build.0 = OSX_Release|Any CPU
+		{6F8576C2-6CD0-4DF3-8394-00B002D82E40}.Windows_Debug|Any CPU.ActiveCfg = Windows_Debug|Any CPU
+		{6F8576C2-6CD0-4DF3-8394-00B002D82E40}.Windows_Debug|Any CPU.Build.0 = Windows_Debug|Any CPU
+		{6F8576C2-6CD0-4DF3-8394-00B002D82E40}.Windows_Release|Any CPU.ActiveCfg = Windows_Release|Any CPU
+		{6F8576C2-6CD0-4DF3-8394-00B002D82E40}.Windows_Release|Any CPU.Build.0 = Windows_Release|Any CPU
+		{A28B0064-EFB2-4B77-B97C-DECF5DAB074E}.Linux_Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A28B0064-EFB2-4B77-B97C-DECF5DAB074E}.Linux_Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A28B0064-EFB2-4B77-B97C-DECF5DAB074E}.Linux_Release|Any CPU.ActiveCfg = Debug|Any CPU
+		{A28B0064-EFB2-4B77-B97C-DECF5DAB074E}.Linux_Release|Any CPU.Build.0 = Debug|Any CPU
+		{A28B0064-EFB2-4B77-B97C-DECF5DAB074E}.OSX_Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A28B0064-EFB2-4B77-B97C-DECF5DAB074E}.OSX_Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A28B0064-EFB2-4B77-B97C-DECF5DAB074E}.OSX_Release|Any CPU.ActiveCfg = Debug|Any CPU
+		{A28B0064-EFB2-4B77-B97C-DECF5DAB074E}.OSX_Release|Any CPU.Build.0 = Debug|Any CPU
+		{A28B0064-EFB2-4B77-B97C-DECF5DAB074E}.Windows_Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A28B0064-EFB2-4B77-B97C-DECF5DAB074E}.Windows_Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A28B0064-EFB2-4B77-B97C-DECF5DAB074E}.Windows_Release|Any CPU.ActiveCfg = Debug|Any CPU
+		{A28B0064-EFB2-4B77-B97C-DECF5DAB074E}.Windows_Release|Any CPU.Build.0 = Debug|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/ErrorCode.cs

@@ -0,0 +1,38 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System;
+using System.Text;
+using System.Diagnostics;
+using System.Globalization;
+using System.Security.Cryptography;
+
+namespace Internal.Cryptography
+{
+    //
+    // Error codes for specific throw sites. Defined outside of Internal.Crytography.Pal.Native as some non-Pal code uses these.
+    // Since these error codes are publically surfaced through the Exception class, these hresults are effectively managed exchange values despite
+    // their Win32 origin.
+    //
+    internal static class ErrorCode
+    {
+        public const int CERT_E_CHAINING = unchecked((int)0x800B010A);
+        public const int CERT_E_EXPIRED = unchecked((int)0x800B0101);
+        public const int CERT_E_INVALID_NAME = unchecked((int)0x800B0114);
+        public const int CERT_E_INVALID_POLICY = unchecked((int)0x800B0113);
+        public const int CERT_E_UNTRUSTEDROOT = unchecked((int)0x800B0109);
+        public const int CERT_E_VALIDITYPERIODNESTING = unchecked((int)0x800B0102);
+        public const int CERT_E_WRONG_USAGE = unchecked((int)0x800B0110);
+        public const int CRYPT_E_NO_REVOCATION_CHECK = unchecked((int)0x80092012);
+        public const int CRYPT_E_NOT_FOUND = unchecked((int)0x80092004);
+        public const int CRYPT_E_REVOCATION_OFFLINE = unchecked((int)0x80092013);
+        public const int CRYPT_E_REVOKED = unchecked((int)0x80092010);
+        public const int CRYPT_E_SIGNER_NOT_FOUND = unchecked((int)0x8009100e);
+        public const int E_POINTER = unchecked((int)0x80004003);
+        public const int ERROR_INVALID_PARAMETER = 0x00000057;
+        public const int HRESULT_INVALID_HANDLE = unchecked((int)0x80070006);
+        public const int NTE_BAD_PUBLIC_KEY = unchecked((int)0x80090015);
+        public const int TRUST_E_BASIC_CONSTRAINTS = unchecked((int)0x80096019);
+        public const int TRUST_E_CERT_SIGNATURE = unchecked((int)0x80096004);
+    }
+}