Managed classes for AndroidCrypto SSL and X509Certificates #48674
Conversation
We need to use this to get the extensions in the declared order.
ghost
added
the
|
Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchforks Issue Details
cc @jkoritzinsky @steveisok @AaronRobinsonMSFT @bartonjs
|
|
|
||
| public static ICertificatePal FromBlob(ReadOnlySpan<byte> rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) | ||
| { | ||
| // TODO: [AndroidCrypto] Handle PKCS#12 |
There was a problem hiding this comment.
The good news is that macOS and Unix-OpenSSL both use a managed PKCS#12 reader/writer to take away a lot of corner case inconsistencies.
But it probably requires that there already be support from the Algorithms layer 😄
src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Android.cs
Outdated
Show resolved
Hide resolved
bartonjs
left a comment
bartonjs
left a comment
There was a problem hiding this comment.
The stubs look reasonable to me. Added a networking representative to weigh in on the System.Net.Security parts.
wfurt
left a comment
wfurt
left a comment
There was a problem hiding this comment.
generally looks OK to me. Left few comments to consider.
src/libraries/Native/Unix/System.Security.Cryptography.Native.Android/pal_x509.c
Show resolved
Hide resolved
src/libraries/System.Net.Security/src/System/Net/CertificateValidationPal.Android.cs
Outdated
Show resolved
Hide resolved
| { | ||
| if (certificateContext != null) | ||
| { | ||
| // Make a defensive copy of the certificate. In some async cases the |
There was a problem hiding this comment.
I'm not sure this is really needed but I know macOS has it there. So it is probably OK to keep.
|
|
||
| namespace System.Net | ||
| { | ||
| internal sealed class SafeDeleteSslContext : SafeDeleteContext |
There was a problem hiding this comment.
For Windows & Linux SafeDeleteSslContext lives in Common. OSX was here under System.Net.Security. It would make sense to ma to use consistent location. Do you have any preference @stephentoub? We can possibly move it later but since this is new file it may be peer to make sure it its where we want it.
There was a problem hiding this comment.
Looks like the Windows one is actually shared and the Linux one (like OSX and Android) is only used by System.Net.Security.
I'm going to leave this here for now. Happy to move it (and the OSX one) to common in a follow-up if that is what you / @stephentoub would like.
src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeFreeSslCredentials.cs
Show resolved
Hide resolved
...Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Android/AndroidCertificatePal.cs
Outdated
Show resolved
Hide resolved
...Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Android/AndroidCertificatePal.cs
Outdated
Show resolved
Hide resolved
4 participants
NotImplementedExceptionright now, but it is at least a clean split from the existing OpenSSL usageSafeJObjectHandlefor handling deletion of global referencescc @jkoritzinsky @steveisok @AaronRobinsonMSFT @bartonjs