Continue X509Chain processing even if the local machine directory does not exists

* corlib/Mono.Security.X509/X509Store.cs:
* Mono.Security/Mono.Security.X509/X509Store.cs:
	Fix key pair persistence to load key pairs from the same location
	(machine or user) as the requested certificate. This avoids an
	internal exception (on missing local machine directory) that stop
	the evaluation of the certificate validity (i.e. no user store
	check)
* System/System.Security.Cryptography.X509Certificates/X509Chain.cs:
Ensure that a missing local machine directory does not result in a NRE
while loading CRL (which would fail the certificate being validated)

diff --git a/mcs/class/Mono.Security/Mono.Security.X509/X509Store.cs b/mcs/class/Mono.Security/Mono.Security.X509/X509Store.cs
index df9c8cb243d3d18edf34ad8b04002464da707d33..c4bb4b99afc571ad78443cf986ac88853b898f7a 100644 (file)
--- a/mcs/class/Mono.Security/Mono.Security.X509/X509Store.cs
+++ b/mcs/class/Mono.Security/Mono.Security.X509/X509Store.cs
@@ -232,7 +232,8 @@ namespace Mono.Security.X509 {
                        // If privateKey it's available, load it too..
                        CspParameters cspParams = new CspParameters ();
                        cspParams.KeyContainerName = CryptoConvert.ToHex (cert.Hash);
-                       cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
+                       if (_storePath.StartsWith (X509StoreManager.LocalMachinePath))
+                               cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
                        KeyPairPersistence kpp = new KeyPairPersistence (cspParams);
 
                        if (!kpp.Load ())
@@ -314,7 +315,7 @@ namespace Mono.Security.X509 {
                        }
                        return list;
                }
-#if !INSIDE_CORLIB
+#if !NET_2_1
                private void ImportPrivateKey (X509Certificate certificate, CspParameters cspParams)
                {
                        RSACryptoServiceProvider rsaCsp = certificate.RSA as RSACryptoServiceProvider;

diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs
index c892907e2ebf01480b8a4f8f6fdf926fd8307bb3..b0bea7c875ff589c53b4aac4a94a69b6230752e8 100644 (file)
--- a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs
@@ -888,7 +888,9 @@ namespace System.Security.Cryptography.X509Certificates {
                {
                        string subject = caCertificate.SubjectName.Decode (X500DistinguishedNameFlags.None);
                        string ski = GetSubjectKeyIdentifier (caCertificate);
-                       MX.X509Crl result = CheckCrls (subject, ski, LMCAStore.Store.Crls);
+
+                       // consider that the LocalMachine directories could not exists... and cannot be created by the user
+                       MX.X509Crl result = (LMCAStore.Store == null) ? null : CheckCrls (subject, ski, LMCAStore.Store.Crls);
                        if (result != null)
                                return result;
                        if (location == StoreLocation.CurrentUser) {
@@ -896,7 +898,9 @@ namespace System.Security.Cryptography.X509Certificates {
                                if (result != null)
                                        return result;
                        }
-                       result = CheckCrls (subject, ski, LMRootStore.Store.Crls);
+
+                       // consider that the LocalMachine directories could not exists... and cannot be created by the user
+                       result = (LMRootStore.Store == null) ? null : CheckCrls (subject, ski, LMRootStore.Store.Crls);
                        if (result != null)
                                return result;
                        if (location == StoreLocation.CurrentUser) {

diff --git a/mcs/class/corlib/Mono.Security.X509/X509Store.cs b/mcs/class/corlib/Mono.Security.X509/X509Store.cs
index 6b7ebc6475144f4888025ab5d97fc31f66492b43..c4bb4b99afc571ad78443cf986ac88853b898f7a 100644 (file)
--- a/mcs/class/corlib/Mono.Security.X509/X509Store.cs
+++ b/mcs/class/corlib/Mono.Security.X509/X509Store.cs
@@ -232,7 +232,8 @@ namespace Mono.Security.X509 {
                        // If privateKey it's available, load it too..
                        CspParameters cspParams = new CspParameters ();
                        cspParams.KeyContainerName = CryptoConvert.ToHex (cert.Hash);
-                       cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
+                       if (_storePath.StartsWith (X509StoreManager.LocalMachinePath))
+                               cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
                        KeyPairPersistence kpp = new KeyPairPersistence (cspParams);
 
                        if (!kpp.Load ())