Add back support for reading PEM files as an X509Certificate2.

bartonjs · bartonjs · commit a432fdaead8d · 2015-08-05T12:27:48.000-07:00
The code did all of the work for reading the PEM-formatted certificate, but then didn't return the object.

Added TestByteArrayConstructor_PEM, and broke the existing TestByteArrayConstructor into TestByteArrayConstructor_DER and UseAfterDispose; because it was really doing two separate things.
diff --git a/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/CertificatePal.cs b/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/CertificatePal.cs
@@ -35,6 +35,8 @@ public static unsafe ICertificatePal FromBlob(byte[] rawData, string password, X
                 }
 
                 Interop.libcrypto.CheckValidOpenSslHandle(cert);
+
+                return new OpenSslX509CertificateReader(cert);
             }
 
             // DER-X509
diff --git a/src/System.Security.Cryptography.X509Certificates/tests/CertTests.cs b/src/System.Security.Cryptography.X509Certificates/tests/CertTests.cs
@@ -165,5 +165,33 @@ public static void X509Cert2CreateFromPfxWithPassword()
                 Assert.Equal("1.2.840.113549.1.1.1", cert2.GetKeyAlgorithm());
             }
         }
+
+        [Fact]
+        public static void UseAfterDispose()
+        {
+            using (X509Certificate2 c = new X509Certificate2(TestData.MsCertificate))
+            {
+                IntPtr h = c.Handle;
+
+                // Do a couple of things that would only be true on a valid certificate, as a precondition.
+                Assert.NotEqual(IntPtr.Zero, h);
+                byte[] actualThumbprint = c.GetCertHash();
+
+                c.Dispose();
+
+                // For compat reasons, Dispose() acts like the now-defunct Reset() method rather than
+                // causing ObjectDisposedExceptions.
+                h = c.Handle;
+                Assert.Equal(IntPtr.Zero, h);
+                Assert.Throws<CryptographicException>(() => c.GetCertHash());
+                Assert.Throws<CryptographicException>(() => c.GetKeyAlgorithm());
+                Assert.Throws<CryptographicException>(() => c.GetKeyAlgorithmParameters());
+                Assert.Throws<CryptographicException>(() => c.GetKeyAlgorithmParametersString());
+                Assert.Throws<CryptographicException>(() => c.GetPublicKey());
+                Assert.Throws<CryptographicException>(() => c.GetSerialNumber());
+                Assert.Throws<CryptographicException>(() => c.Issuer);
+                Assert.Throws<CryptographicException>(() => c.Subject);
+            }
+        }
     }
 }
diff --git a/src/System.Security.Cryptography.X509Certificates/tests/CtorTests.cs b/src/System.Security.Cryptography.X509Certificates/tests/CtorTests.cs
@@ -37,7 +37,7 @@ public static void TestDefaultConstructor()
         }
 
         [Fact]
-        public static void TestByteArrayConstructor()
+        public static void TestByteArrayConstructor_DER()
         {
             byte[] expectedThumbPrint = new byte[]
             {
@@ -49,24 +49,28 @@ public static void TestByteArrayConstructor()
             using (X509Certificate2 c = new X509Certificate2(TestData.MsCertificate))
             {
                 IntPtr h = c.Handle;
-                object ignored;
                 Assert.NotEqual(IntPtr.Zero, h);
                 byte[] actualThumbprint = c.GetCertHash();
                 Assert.Equal(expectedThumbPrint, actualThumbprint);
+            }
+        }
 
-                c.Dispose();
+        [Fact]
+        public static void TestByteArrayConstructor_PEM()
+        {
+            byte[] expectedThumbPrint =
+            {
+                0x10, 0x8e, 0x2b, 0xa2, 0x36, 0x32, 0x62, 0x0c,
+                0x42, 0x7c, 0x57, 0x0b, 0x6d, 0x9d, 0xb5, 0x1a,
+                0xc3, 0x13, 0x87, 0xfe,
+            };
 
-                // For compat reasons, Dispose() acts like the now-defunct Reset() method rather than causing ObjectDisposedExceptions.
-                h = c.Handle;
-                Assert.Equal(IntPtr.Zero, h);
-                Assert.Throws<CryptographicException>(() => c.GetCertHash());
-                Assert.Throws<CryptographicException>(() => c.GetKeyAlgorithm());
-                Assert.Throws<CryptographicException>(() => c.GetKeyAlgorithmParameters());
-                Assert.Throws<CryptographicException>(() => c.GetKeyAlgorithmParametersString());
-                Assert.Throws<CryptographicException>(() => c.GetPublicKey());
-                Assert.Throws<CryptographicException>(() => c.GetSerialNumber());
-                Assert.Throws<CryptographicException>(() => ignored = c.Issuer);
-                Assert.Throws<CryptographicException>(() => ignored = c.Subject);
+            using (X509Certificate2 cert = new X509Certificate2(TestData.MsCertificatePemBytes))
+            {
+                IntPtr h = cert.Handle;
+                Assert.NotEqual(IntPtr.Zero, h);
+                byte[] actualThumbprint = cert.GetCertHash();
+                Assert.Equal(expectedThumbPrint, actualThumbprint);
             }
         }
 
diff --git a/src/System.Security.Cryptography.X509Certificates/tests/TestData.cs b/src/System.Security.Cryptography.X509Certificates/tests/TestData.cs
@@ -50,6 +50,38 @@ internal static class TestData
             "aee25d3ef575c7e6666360ccd59a84878d2430f7ef34d0631db142674a0e4bbf" +
             "3a0eefb6953aa738e4259208a6886682").HexToByteArray();
 
+        public static readonly byte[] MsCertificatePemBytes = ByteUtils.AsciiBytes(
+            @"-----BEGIN CERTIFICATE-----
+MIIE7DCCA9SgAwIBAgITMwAAALARrwqL0Duf3QABAAAAsDANBgkqhkiG9w0BAQUF
+ADB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH
+UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSMwIQYDVQQD
+ExpNaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQTAeFw0xMzAxMjQyMjMzMzlaFw0x
+NDA0MjQyMjMzMzlaMIGDMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv
+bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0
+aW9uMQ0wCwYDVQQLEwRNT1BSMR4wHAYDVQQDExVNaWNyb3NvZnQgQ29ycG9yYXRp
+b24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDor1yiIA34KHy8BXt/
+re7rdqwoUz8620B9s44z5lc/pVEVNFSlz7SLqT+oN+EtUO01Fk7vTXrbE3aIsCzw
+WVyp6+HXKXXkG4Unm/P4LZ5BNisLQPu+O7q5XHWTFlJLyjPFN7Dz636o9UEVXAhl
+HSE38Cy6IgsQsRCddyKFhHxPuRuQsPWj/ov0DJpOoPXJCiHiquMBNkf9L4JqgQP1
+qTXclFed+0vUDoLbOI8S/uPWenSIZOFixCUuKq6dGB8OHrbCryS0DlC83hyTXEmm
+ebW22875cHsoAYS4KinPv6kFBeHgD3FN/a1cI4Mp68fFSsjoJ4TTfsZDC5UABbFP
+ZXHFAgMBAAGjggFgMIIBXDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU
+WXGmWjNN2pgHgP+EHr6H+XIyQfIwUQYDVR0RBEowSKRGMEQxDTALBgNVBAsTBE1P
+UFIxMzAxBgNVBAUTKjMxNTk1KzRmYWYwYjcxLWFkMzctNGFhMy1hNjcxLTc2YmMw
+NTIzNDRhZDAfBgNVHSMEGDAWgBTLEejK0rQWWAHJNy4zFha5TJoKHzBWBgNVHR8E
+TzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9k
+dWN0cy9NaWNDb2RTaWdQQ0FfMDgtMzEtMjAxMC5jcmwwWgYIKwYBBQUHAQEETjBM
+MEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRz
+L01pY0NvZFNpZ1BDQV8wOC0zMS0yMDEwLmNydDANBgkqhkiG9w0BAQUFAAOCAQEA
+MdduKhJXM4HVncbr+TrURE0Inu5e32pbt3nPApy8dmiekKGcC8N/oozxTbqVOfsN
+4OGb9F0kDxuNiBU6fNutzrPJbLo5LEV9JBFUJjANDf9H6gMH5eRmXSx7nR2pEPoc
+sHTyT2lrnqkkhNrtlqDfc6TvahqsS2Ke8XzAFH9IzU2yRPnwPJNtQtjofOYXoJto
+aAko+QKX7xEDumdSrcHps3Om0mPNSuI+5PNO/f+h4LsCEztdIN5VP6OukEAxOHUo
+XgSpRm3m9Xp5QL0fzehF1a7iXT71dcfmZmNgzNWahIeNJDD37zTQYx2xQmdKDku/
+Og7vtpU6pzjkJZIIpohmgg==
+-----END CERTIFICATE-----
+");
+
         public const string PfxDataPassword = "12345";
 
         public static byte[] PfxData = (

Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,8 @@ public static unsafe ICertificatePal FromBlob(byte[] rawData, string password, X`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`Interop.libcrypto.CheckValidOpenSslHandle(cert);`
	`38`	`+`
	`39`	`+ return new OpenSslX509CertificateReader(cert);`
`38`	`40`	`}`
`39`	`41`
`40`	`42`	`// DER-X509`