Discussion:
[Mono-bugs] [Bug 646491] New: Constructor X509Certificate2(byte[]) throws an exception
b***@novell.com
2010-10-14 10:45:47 UTC
Permalink
https://bugzilla.novell.com/show_bug.cgi?id=646491

https://bugzilla.novell.com/show_bug.cgi?id=646491#c0


Summary: Constructor X509Certificate2(byte[]) throws an
exception
Classification: Mono
Product: Mono: Runtime
Version: 2.8.x
Platform: All
OS/Version: All
Status: NEW
Severity: Critical
Priority: P5 - None
Component: interop
AssignedTo: mono-***@lists.ximian.com
ReportedBy: ***@fastwebnet.it
QAContact: mono-***@lists.ximian.com
Found By: ---
Blocker: ---


User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; it; rv:1.9.2.10)
Gecko/20100914 Firefox/3.6.10

When I try to load an X509Certificate that is stored as a .p12 file as an
embedded resource assembly, I get its payload as a byte[] and pass it to
X509Certificate2 constructor. Then I get a SecurityException from Mono.Security

Reproducible: Always

Steps to Reproduce:
Try running attached demo project
Actual Results:
Reading file but passing as byte[]
System.Security.Cryptography.CryptographicException: Unable to decode
certificat
e. ---> System.Security.Cryptography.CryptographicException: Input data cannot
b
e coded as a valid certificate. --->
System.Security.Cryptography.CryptographicE
xception: Input data cannot be coded as a valid certificate.
at Mono.Security.X509.X509Certificate.Parse (System.Byte[] data) [0x00041] in
C:\cygwin\tmp\monobuild\build\BUILD\mono-2.8\mcs\class\corlib\Mono.Security.X509
\X509Certificate.cs:113
--- End of inner exception stack trace ---
at Mono.Security.X509.X509Certificate.Parse (System.Byte[] data) [0x00352] in
C:\cygwin\tmp\monobuild\build\BUILD\mono-2.8\mcs\class\corlib\Mono.Security.X509
\X509Certificate.cs:207
at Mono.Security.X509.X509Certificate..ctor (System.Byte[] data) [0x00043] in
C:\cygwin\tmp\monobuild\build\BUILD\mono-2.8\mcs\class\corlib\Mono.Security.X509
\X509Certificate.cs:225
at System.Security.Cryptography.X509Certificates.X509Certificate.Import
(Syste
m.Byte[] rawData, System.String password, X509KeyStorageFlags keyStorageFlags)
[
0x0000c] in
C:\cygwin\tmp\monobuild\build\BUILD\mono-2.8\mcs\class\corlib\System
Security.Cryptography.X509Certificates\X509Certificate20.cs:225
--- End of inner exception stack trace ---
at System.Security.Cryptography.X509Certificates.X509Certificate.Import
(Syste
m.Byte[] rawData, System.String password, X509KeyStorageFlags keyStorageFlags)
[
0x00065] in
C:\cygwin\tmp\monobuild\build\BUILD\mono-2.8\mcs\class\corlib\System
Security.Cryptography.X509Certificates\X509Certificate20.cs:238
at System.Security.Cryptography.X509Certificates.X509Certificate2.Import
(Syst
em.Byte[] rawData, System.String password, X509KeyStorageFlags keyStorageFlags)
[0x00000] in
C:\cygwin\tmp\monobuild\build\BUILD\mono-2.8\mcs\class\System\Syste
m.Security.Cryptography.X509Certificates\X509Certificate2.cs:441
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor
(Syste
m.Byte[] rawData) [0x00011] in
C:\cygwin\tmp\monobuild\build\BUILD\mono-2.8\mcs\
class\System\System.Security.Cryptography.X509Certificates\X509Certificate2.cs:7
2
at Certificate.Program.Main (System.String[] args) [0x00000] in <filename
unkn
own>:0

Expected Results:
I expect the program to output certificate information

Problem occurred in both Mono 2.6.7 and Mono 2.8. Current test done under
Windows but found the same to occur in Linux too.

Workaround: (as soon as you are sure payload is PKCS#12) write the byte[] in a
temporary file and load it with string constructor
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
b***@novell.com
2010-10-14 13:26:59 UTC
Permalink
https://bugzilla.novell.com/show_bug.cgi?id=646491

https://bugzilla.novell.com/show_bug.cgi?id=646491#c1


Zoltan Varga <***@gmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Component|interop |System.Security
AssignedTo|mono-***@lists.ximian.com |***@novell.com
Product|Mono: Runtime |Mono: Class Libraries

--- Comment #1 from Zoltan Varga <***@gmail.com> 2010-10-14 13:26:59 UTC ---
-> class libs.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
b***@novell.com
2010-10-14 13:40:05 UTC
Permalink
https://bugzilla.novell.com/show_bug.cgi?id=646491

https://bugzilla.novell.com/show_bug.cgi?id=646491#c2


Sebastien Pouliot <***@novell.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
Component|System.Security |System
InfoProvider| |***@fastwebnet.it
AssignedTo|***@novell.com |mono-***@lists.ximian.com
Severity|Critical |Minor

--- Comment #2 from Sebastien Pouliot <***@novell.com> 2010-10-14 13:40:04 UTC ---
There is a lot of code and unit tests that show PKCS#12 files are supported and
working so please provide a test case for your specific case.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
b***@novell.com
2010-10-14 15:30:43 UTC
Permalink
https://bugzilla.novell.com/show_bug.cgi?id=646491

https://bugzilla.novell.com/show_bug.cgi?id=646491#c3


Antonio Anzivino <***@fastwebnet.it> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
InfoProvider|***@fastwebnet.it |

--- Comment #3 from Antonio Anzivino <***@fastwebnet.it> 2010-10-14 15:30:42 UTC ---
Created an attachment (id=394978)
--> (http://bugzilla.novell.com/attachment.cgi?id=394978)
Test case for X509Certificate

Right. I just found that the test case had not been uploaded before.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
b***@novell.com
2010-10-14 17:51:43 UTC
Permalink
https://bugzilla.novell.com/show_bug.cgi?id=646491

https://bugzilla.novell.com/show_bug.cgi?id=646491#c4


Sebastien Pouliot <***@novell.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
CC| |***@novell.com
InfoProvider| |***@fastwebnet.it

--- Comment #4 from Sebastien Pouliot <***@novell.com> 2010-10-14 17:51:42 UTC ---
That's how your sample code goes on MS FX / WinXP.

C:\temp\Certificate\bin\Debug>Certificate.exe
Reading sample.p12
System.Security.Cryptography.CryptographicException: The specified network
passw
ord is not correct.

at
System.Security.Cryptography.CryptographicException.ThrowCryptogaphicExcep
tion(Int32 hr)
at
System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(
String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet,
SafeCer
tContextHandle& pCertCtx)
at
System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertific
ateFromFile(String fileName, Object password, X509KeyStorageFlags
keyStorageFlag
s)
at
System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String
fileName)
at
System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Strin
g fileName)
at Certificate.Program.Main(String[] args)

Which is likely a "empty password" (which is not clearly defined in pkcs12)
issue. Always supply a password when using PKCS12, which solve the issue where
some implementation use null or "" for "no password".

I'm pretty sure a working sample on windows will also work on mono - but the
reverse is not always true, e.g. for backward compatibility, since mono support
for PKCS12 predate the FX (2.0) support.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
Loading...