Monitor.IsEntered(s_recheckStopwatch),
"LoadMachineStores assumes a lock(s_recheckStopwatch)");
- IEnumerable<FileInfo> trustedCertFiles;
+ SafeX509StackHandle rootStore = Interop.Crypto.NewX509Stack();
+ Interop.Crypto.CheckValidOpenSslHandle(rootStore);
+ SafeX509StackHandle intermedStore = Interop.Crypto.NewX509Stack();
+ Interop.Crypto.CheckValidOpenSslHandle(intermedStore);
+
DateTime newFileTime = default;
DateTime newDirTime = default;
- if (rootStorePath != null && rootStorePath.Exists)
- {
- trustedCertFiles = rootStorePath.EnumerateFiles();
- newDirTime = rootStorePath.LastWriteTimeUtc;
- }
- else
- {
- trustedCertFiles = Array.Empty<FileInfo>();
- }
+ var uniqueRootCerts = new HashSet<X509Certificate2>();
+ var uniqueIntermediateCerts = new HashSet<X509Certificate2>();
if (rootStoreFile != null && rootStoreFile.Exists)
{
- trustedCertFiles = trustedCertFiles.Prepend(rootStoreFile);
newFileTime = rootStoreFile.LastWriteTimeUtc;
+ ProcessFile(rootStoreFile);
}
- SafeX509StackHandle rootStore = Interop.Crypto.NewX509Stack();
- Interop.Crypto.CheckValidOpenSslHandle(rootStore);
- SafeX509StackHandle intermedStore = Interop.Crypto.NewX509Stack();
- Interop.Crypto.CheckValidOpenSslHandle(intermedStore);
-
- HashSet<X509Certificate2> uniqueRootCerts = new HashSet<X509Certificate2>();
- HashSet<X509Certificate2> uniqueIntermediateCerts = new HashSet<X509Certificate2>();
+ if (rootStorePath != null && rootStorePath.Exists)
+ {
+ newDirTime = rootStorePath.LastWriteTimeUtc;
+ foreach (FileInfo file in rootStorePath.EnumerateFiles())
+ {
+ ProcessFile(file);
+ }
+ }
- foreach (FileInfo file in trustedCertFiles)
+ void ProcessFile(FileInfo file)
{
using (SafeBioHandle fileBio = Interop.Crypto.BioNewFile(file.FullName, "rb"))
{
if (fileBio.IsInvalid)
{
Interop.Crypto.ErrClearError();
- continue;
+ return;
}
- ICertificatePal pal;
-
// Some distros ship with two variants of the same certificate.
// One is the regular format ('BEGIN CERTIFICATE') and the other
// contains additional AUX-data ('BEGIN TRUSTED CERTIFICATE').
// The additional data contains the appropriate usage (e.g. emailProtection, serverAuth, ...).
// Because corefx doesn't validate for a specific usage, derived certificates are rejected.
// For now, we skip the certificates with AUX data and use the regular certificates.
+ ICertificatePal pal;
while (OpenSslX509CertificateReader.TryReadX509PemNoAux(fileBio, out pal) ||
OpenSslX509CertificateReader.TryReadX509Der(fileBio, out pal))
{
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Diagnostics;
-using System.Linq;
using System.Security.Cryptography.Asn1;
using System.Security.Cryptography.X509Certificates.Asn1;
using Internal.Cryptography;
spki.Algorithm = new AlgorithmIdentifierAsn { Algorithm = PublicKey.Oid, Parameters = PublicKey.EncodedParameters.RawData };
spki.SubjectPublicKey = PublicKey.EncodedKeyValue.RawData;
+ var attributes = new AttributeAsn[Attributes.Count];
+ for (int i = 0; i < attributes.Length; i++)
+ {
+ attributes[i] = new AttributeAsn(Attributes[i]);
+ }
+
CertificationRequestInfoAsn requestInfo = new CertificationRequestInfoAsn
{
Version = 0,
Subject = this.Subject.RawData,
SubjectPublicKeyInfo = spki,
- Attributes = Attributes.Select(a => new AttributeAsn(a)).ToArray(),
+ Attributes = attributes
};
using (AsnWriter writer = new AsnWriter(AsnEncodingRules.DER))