Skip to content
This repository has been archived by the owner on Jan 23, 2023. It is now read-only.
/ corefx Public archive

Fixing X509Certificate2Collection.Export on Unix with multiple certs and private key #26152

Merged
merged 3 commits into from
Jan 19, 2018
Merged

Fixing X509Certificate2Collection.Export on Unix with multiple certs and private key #26152

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
000bb1e
Fixing #26125 - When exporting a certificate collection with more tha…
ayende Jan 4, 2018
6fc44a4
Applying PR comments
ayende Jan 8, 2018
b528825
Marking test as active issue on OSX
ayende Jan 18, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions ...curity.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/ExportProvider.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,13 +117,15 @@ private byte[] ExportPfx(SafePasswordHandle password)
}

privateCert = cert;
var certPal = (OpenSslX509CertificateReader)cert.Pal;
privateCertHandle = certPal.SafeHandle;
privateCertKeyHandle = certPal.PrivateKeyHandle;
}
else
{
PushHandle(cert.Handle, publicCerts);
}

GC.KeepAlive(cert); // ensure cert's safe handle isn't finalized while raw handle is in use
}
}

Expand All @@ -138,11 +140,17 @@ private byte[] ExportPfx(SafePasswordHandle password)
throw Interop.Crypto.CreateOpenSslCryptographicException();
}

return Interop.Crypto.OpenSslEncode(
byte[] result = Interop.Crypto.OpenSslEncode(
Interop.Crypto.GetPkcs12DerSize,
Interop.Crypto.EncodePkcs12,
pkcs12);

// ensure cert handles aren't finalized while the raw handles are in use
GC.KeepAlive(_certs);
return result;
}


}
}

Expand Down
26 changes: 26 additions & 0 deletions src/System.Security.Cryptography.X509Certificates/tests/CollectionTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -863,6 +863,32 @@ public static void ExportMultiplePrivateKeys()
}
}

[Fact]
public static void CanAddMultipleCertsWithSinglePrivateKey()
{
using (var oneWithKey = new X509Certificate2(TestData.PfxData, TestData.PfxDataPassword, X509KeyStorageFlags.Exportable | Cert.EphemeralIfPossible))
using (var twoWithoutKey = new X509Certificate2(TestData.ComplexNameInfoCert))
{
Assert.True(oneWithKey.HasPrivateKey);

var col = new X509Certificate2Collection
{
oneWithKey,
twoWithoutKey,
};

Assert.Equal(1, col.Cast<X509Certificate2>().Count(x => x.HasPrivateKey));
Assert.Equal(2, col.Count);

byte[] buffer = col.Export(X509ContentType.Pfx);

using (ImportedCollection newCollection = Cert.Import(buffer))
{
Assert.Equal(2, newCollection.Collection.Count);
}
}
}

[Fact]
public static void X509CertificateCollectionCopyTo()
{
Expand Down
2 changes: 1 addition & 1 deletion ...ography.X509Certificates/tests/System.Security.Cryptography.X509Certificates.Tests.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,4 +94,4 @@
<SupplementalTestData Include="$(PackagesDir)system.security.cryptography.x509certificates.testdata\1.0.2-prerelease\content\**\*.*" />
</ItemGroup>
<Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.targets))\dir.targets" />
</Project>
</Project>