projects / platform / upstream / dotnet / runtime.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 41e93d4)
[iOS][libraries] Throw PNSE for Exportable and PersistKeySet flags iOS (#57153)
authorMitchell Hwang <16830051+mdh1418@users.noreply.github.com>
Thu, 12 Aug 2021 20:38:59 +0000 (16:38 -0400)
committerGitHub <noreply@github.com>
Thu, 12 Aug 2021 20:38:59 +0000 (16:38 -0400)
* [iOS][libraries] Throw PNSE for Exportable and PersistKeySet flags on iOS

* Fix typo

* Address feedback

* Address feedback

Co-authored-by: Mitchell Hwang <mitchell.hwang@microsoft.com>
src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.iOS/AppleCertificatePal.ImportExport.cs patch | blob | history
src/libraries/System.Security.Cryptography.X509Certificates/src/Resources/Strings.resx patch | blob | history

diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.iOS/AppleCertificatePal.ImportExport.cs b/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.iOS/AppleCertificatePal.ImportExport.cs
index ad4baa38cc3f7123ab6c63a545a524096f336ad1..dd8fb2ac2ddafd4de86ed03da50e2e04a11bc867 100644 (file)
--- a/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.iOS/AppleCertificatePal.ImportExport.cs
+++ b/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.iOS/AppleCertificatePal.ImportExport.cs
@@ -114,10 +114,16 @@ namespace Internal.Cryptography.Pal
 
             if (contentType == X509ContentType.Pkcs12)
             {
-                // TODO:
-                // We ignore keyStorageFlags which is tracked in https://github.com/dotnet/runtime/issues/52434.
-                // The keys are always imported as ephemeral and never persisted. Exportability is ignored for
-                // the moment and it needs to be investigated how to map it to iOS keychain primitives.
+                if ((keyStorageFlags & X509KeyStorageFlags.Exportable) == X509KeyStorageFlags.Exportable)
+                {
+                    throw new PlatformNotSupportedException(SR.Cryptography_X509_PKCS12_ExportableNotSupported);
+                }
+
+                if ((keyStorageFlags & X509KeyStorageFlags.PersistKeySet) == X509KeyStorageFlags.PersistKeySet)
+                {
+                    throw new PlatformNotSupportedException(SR.Cryptography_X509_PKCS12_PersistKeySetNotSupported);
+                }
+
                 return ImportPkcs12(rawData, password, ephemeralSpecified);
             }
 
diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/src/Resources/Strings.resx b/src/libraries/System.Security.Cryptography.X509Certificates/src/Resources/Strings.resx
index 322e2bab91d0c48f8cf0ccb6ebc7e7a551c3fe52..eab4b5a5ba1fa5c5d9e30a4e42392b5bc399f696 100644 (file)
--- a/src/libraries/System.Security.Cryptography.X509Certificates/src/Resources/Strings.resx
+++ b/src/libraries/System.Security.Cryptography.X509Certificates/src/Resources/Strings.resx
@@ -295,6 +295,12 @@
   <data name="Cryptography_X509_PKCS7_Unsupported" xml:space="preserve">
     <value>PKCS#7 certificate format is not supported on this platform.</value>
   </data>
+  <data name="Cryptography_X509_PKCS12_PersistKeySetNotSupported" xml:space="preserve">
+    <value>The PKCS#12 PersistKeySet flag is not supported on this platform.</value>
+  </data>
+  <data name="Cryptography_X509_PKCS12_ExportableNotSupported" xml:space="preserve">
+    <value>The PKCS#12 Exportable flag is not supported on this platform.</value>
+  </data>
   <data name="Cryptography_X509_StoreAddFailure" xml:space="preserve">
     <value>The X509 certificate could not be added to the store.</value>
   </data>
Domain: Dotnet / Core;