Add support for private keys in X509Certificate2 objects on Unix.

bartonjs · bartonjs · commit 870e5a21b4cf · 2015-07-31T18:48:14.000-07:00
diff --git a/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/OpenSslPkcs12Reader.cs b/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/OpenSslPkcs12Reader.cs
@@ -120,6 +120,12 @@ public List<OpenSslX509CertificateReader> ReadCertificates()
                 OpenSslX509CertificateReader reader = new OpenSslX509CertificateReader(_x509Handle);
                 _x509Handle = null;
 
+                if (_evpPkeyHandle != null && !_evpPkeyHandle.IsInvalid)
+                {
+                    reader.SetPrivateKey(_evpPkeyHandle);
+                    _evpPkeyHandle = null;
+                }
+
                 certs.Add(reader);
             }
 
diff --git a/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/OpenSslX509CertificateReader.cs b/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/OpenSslX509CertificateReader.cs
@@ -18,6 +18,7 @@ internal sealed class OpenSslX509CertificateReader : ICertificatePal
         private static DateTimeFormatInfo s_validityDateTimeFormatInfo;
 
         private SafeX509Handle _cert;
+        private SafeEvpPkeyHandle _privateKey;
         private X500DistinguishedName _subjectName;
         private X500DistinguishedName _issuerName;
 
@@ -37,7 +38,7 @@ internal OpenSslX509CertificateReader(SafeX509Handle handle)
 
         public bool HasPrivateKey
         {
-            get { return false; }
+            get { return _privateKey != null; }
         }
 
         public IntPtr Handle
@@ -228,9 +229,22 @@ public IEnumerable<X509Extension> Extensions
             }
         }
 
+        internal void SetPrivateKey(SafeEvpPkeyHandle privateKey)
+        {
+            _privateKey = privateKey;
+        }
+
         public RSA GetRSAPrivateKey()
         {
-            return null;
+            if (_privateKey == null || _privateKey.IsInvalid)
+            {
+                return null;
+            }
+
+            using (SafeRsaHandle rsaHandle = Interop.libcrypto.EVP_PKEY_get1_RSA(_privateKey))
+            {
+                return new RSAOpenSsl(rsaHandle.DangerousGetHandle());
+            }
         }
 
         public string GetNameInfo(X509NameType nameType, bool forIssuer)
@@ -258,10 +272,25 @@ public string GetNameInfo(X509NameType nameType, bool forIssuer)
 
         public void AppendPrivateKeyInfo(StringBuilder sb)
         {
+            if (!HasPrivateKey)
+            {
+                return;
+            }
+
+            // There's nothing really to say about the key, just acknowledge there is one.
+            sb.AppendLine();
+            sb.AppendLine();
+            sb.AppendLine("[Private Key]");
         }
 
         public void Dispose()
         {
+            if (_privateKey != null)
+            {
+                _privateKey.Dispose();
+                _privateKey = null;
+            }
+
             if (_cert != null)
             {
                 _cert.Dispose();
diff --git a/src/System.Security.Cryptography.X509Certificates/tests/PfxTests.cs b/src/System.Security.Cryptography.X509Certificates/tests/PfxTests.cs
@@ -57,7 +57,6 @@ public static void TestRawData()
         }
 
         [Fact]
-        [ActiveIssue(1993, PlatformID.AnyUnix)]
         public static void TestPrivateKey()
         {
             using (var c = new X509Certificate2(TestData.PfxData, TestData.PfxDataPassword))

Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,6 @@ public static void TestRawData()`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`[Fact]`
`60`		`- [ActiveIssue(1993, PlatformID.AnyUnix)]`
`61`	`60`	`public static void TestPrivateKey()`
`62`	`61`	`{`
`63`	`62`	`using (var c = new X509Certificate2(TestData.PfxData, TestData.PfxDataPassword))`