[Mono.Security]: Add the new certificate store.

BTLS uses a different format and naming scheme for the local certificate store. Before using BTLS for the first time on desktop, you need to convert the local certificate store by either using the new `btls-cert-sync` tool (which will convert your existing certificate store to the new new format) or `cert-sync` with the `--btls` argument. The new format and naming scheme is identically to what you'll find in '/system/etc/security/cacerts/' on an Android device. It stores the certificates in PEM format (with a human-readable text section added) using filenames which are based on the certificate's subject name hash. Previously, Mono stored the certificates in binary DER format, using a filename based on either the Subject-Key-Identifier (if available) or the thumbprint. We cannot access this from BTLS because computing these filenames requires reading the entire X509 certificate (including the X509v3 extensions), but their native lookup code only gives us the SubjectName. This transitioning won't affect Android users as we're using the system certificate store (including the user certificate store, via a Java callback). * Mono.Security.X509.X509Store and X509Stores: Support both the old and the new format. Using the new format requires BTLS. * Mono.Security.X509.X509StoreManager: Add `NewCurrentUserPath` and `NewLocalMachinePath` properties for the new path names (~/.config/.mono/new-certs). * Mono.Security.X509.X509StoreManager: Add `NewCurrentUser` and `NewLocalMachine` properties. Requires BTLS. * tools/security/cert-sync: Add new `--btls` argument to use the new store.
author: Martin Baulig <martin.baulig@xamarin.com> 2016-09-30 14:08:26 +0300
committer: Martin Baulig <martin.baulig@xamarin.com> 2016-09-30 14:38:44 +0300
commit: fb93be4490897141525ee95fb4bfb7413d5d0815 (patch)
tree: a1a03f1e3a76a3596293f63e938f2f2b0fccf3d1 /mcs/class/Mono.Security/Mono.Security.X509/X509Stores.cs
parent: 52b290680c59b0233e19c589420ca7d9050e6cac (diff)
1 files changed, 10 insertions, 8 deletions
diff --git a/mcs/class/Mono.Security/Mono.Security.X509/X509Stores.cs b/mcs/class/Mono.Security/Mono.Security.X509/X509Stores.cs
index bfe7451b5de..071faa70ddd 100644
--- a/mcs/class/Mono.Security/Mono.Security.X509/X509Stores.cs
+++ b/mcs/class/Mono.Security/Mono.Security.X509/X509Stores.cs
@@ -44,15 +44,17 @@ namespace Mono.Security.X509 {
 	class X509Stores {
 
 		private string _storePath;
+		private bool _newFormat;
 		private X509Store _personal;
 		private X509Store _other;
 		private X509Store _intermediate;
 		private X509Store _trusted;
 		private X509Store _untrusted;
 
-		internal X509Stores (string path) 
+		internal X509Stores (string path, bool newFormat)
 		{
 			_storePath = path;
+			_newFormat = newFormat;
 		}
 
 		// properties
@@ -61,7 +63,7 @@ namespace Mono.Security.X509 {
 			get { 
 				if (_personal == null) {
 					string path = Path.Combine (_storePath, Names.Personal);
-					_personal = new X509Store (path, false);
+					_personal = new X509Store (path, false, false);
 				}
 				return _personal; 
 			}
@@ -71,7 +73,7 @@ namespace Mono.Security.X509 {
 			get { 
 				if (_other == null) {
 					string path = Path.Combine (_storePath, Names.OtherPeople);
-					_other = new X509Store (path, false);
+					_other = new X509Store (path, false, false);
 				}
 				return _other; 
 			}
@@ -81,7 +83,7 @@ namespace Mono.Security.X509 {
 			get { 
 				if (_intermediate == null) {
 					string path = Path.Combine (_storePath, Names.IntermediateCA);
-					_intermediate = new X509Store (path, true);
+					_intermediate = new X509Store (path, true, _newFormat);
 				}
 				return _intermediate; 
 			}
@@ -91,7 +93,7 @@ namespace Mono.Security.X509 {
 			get { 
 				if (_trusted == null) {
 					string path = Path.Combine (_storePath, Names.TrustedRoot);
-					_trusted = new X509Store (path, true);
+					_trusted = new X509Store (path, true, _newFormat);
 				}
 				return _trusted; 
 			}
@@ -101,7 +103,7 @@ namespace Mono.Security.X509 {
 			get { 
 				if (_untrusted == null) {
 					string path = Path.Combine (_storePath, Names.Untrusted);
-					_untrusted = new X509Store (path, false);
+					_untrusted = new X509Store (path, false, _newFormat);
 				}
 				return _untrusted; 
 			}
@@ -138,7 +140,7 @@ namespace Mono.Security.X509 {
 			if (!create && !Directory.Exists (path))
 				return null;
 
-			return new X509Store (path, true);
+			return new X509Store (path, true, false);
 		}
 
 		// names
@@ -151,7 +153,7 @@ namespace Mono.Security.X509 {
 			public const string IntermediateCA = "CA";
 			public const string TrustedRoot = "Trust";
 			public const string Untrusted = "Disallowed";
-			
+
 			public Names () {}
 		}
 	}
author	Martin Baulig <martin.baulig@xamarin.com>	2016-09-30 14:08:26 +0300
committer	Martin Baulig <martin.baulig@xamarin.com>	2016-09-30 14:38:44 +0300
commit	fb93be4490897141525ee95fb4bfb7413d5d0815 (patch)
tree	a1a03f1e3a76a3596293f63e938f2f2b0fccf3d1 /mcs/class/Mono.Security/Mono.Security.X509/X509Stores.cs
parent	52b290680c59b0233e19c589420ca7d9050e6cac (diff)