dotnet · elinor-fung · Mar 23, 2021 · Mar 10, 2021 · Mar 10, 2021 · Mar 11, 2021
diff --git a/...mmon/src/Interop/Android/System.Security.Cryptography.Native.Android/Interop.X509Chain.cs b/...mmon/src/Interop/Android/System.Security.Cryptography.Native.Android/Interop.X509Chain.cs
@@ -0,0 +1,123 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Collections.Generic;
+using System.Runtime.InteropServices;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+
+internal static partial class Interop
+{
+    internal static partial class AndroidCrypto
+    {
+        [DllImport(Libraries.CryptoNative, EntryPoint = "AndroidCryptoNative_X509ChainCreateContext")]
+        internal static extern SafeX509ChainContextHandle X509ChainCreateContext(
+            SafeX509Handle cert,
+            IntPtr[] extraStore,
+            int extraStoreLen);
+
+        [DllImport(Libraries.CryptoNative, EntryPoint = "AndroidCryptoNative_X509ChainDestroyContext")]
+        internal static extern void X509ChainDestroyContext(IntPtr ctx);
+
+        [DllImport(Libraries.CryptoNative, EntryPoint = "AndroidCryptoNative_X509ChainBuild")]
+        [return: MarshalAs(UnmanagedType.U1)]
+        internal static extern bool X509ChainBuild(
+            SafeX509ChainContextHandle ctx,
+            long timeInMsFromUnixEpoch);
+
+        [DllImport(Libraries.CryptoNative, EntryPoint = "AndroidCryptoNative_X509ChainGetCertificateCount")]
+        private static extern int X509ChainGetCertificateCount(SafeX509ChainContextHandle ctx);
+
+        [DllImport(Libraries.CryptoNative, EntryPoint = "AndroidCryptoNative_X509ChainGetCertificates")]
+        private static extern int X509ChainGetCertificates(
+            SafeX509ChainContextHandle ctx,
+            IntPtr[] certs,
+            int certsLen);
+
+        internal static X509Certificate2[] X509ChainGetCertificates(SafeX509ChainContextHandle ctx)
+        {
+            int count = Interop.AndroidCrypto.X509ChainGetCertificateCount(ctx);
+            var certPtrs = new IntPtr[count];
+
+            int res = Interop.AndroidCrypto.X509ChainGetCertificates(ctx, certPtrs, certPtrs.Length);
+            if (res != SUCCESS)
+                throw new CryptographicException();
+
+            var certs = new X509Certificate2[certPtrs.Length];
+            for (int i = 0; i < certs.Length; i++)
+            {
+                certs[i] = new X509Certificate2(certPtrs[i]);
+            }
+
+            return certs;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        internal struct ValidationError
+        {
+            public IntPtr Message; // UTF-16 string
+            public int Index;
+            public int Status;
+        }
+
+        [DllImport(Libraries.CryptoNative, EntryPoint = "AndroidCryptoNative_X509ChainGetErrorCount")]
+        private static extern int X509ChainGetErrorCount(SafeX509ChainContextHandle ctx);
+
+        [DllImport(Libraries.CryptoNative, EntryPoint = "AndroidCryptoNative_X509ChainGetErrors")]
+        private static unsafe extern int X509ChainGetErrors(
+            SafeX509ChainContextHandle ctx,
+            [Out] ValidationError[] errors,
+            int errorsLen);
+
+        internal static ValidationError[] X509ChainGetErrors(SafeX509ChainContextHandle ctx)
+        {
+            int count = Interop.AndroidCrypto.X509ChainGetErrorCount(ctx);
+            if (count == 0)
+                return Array.Empty<ValidationError>();
+
+            var errors = new ValidationError[count];
+            int res = Interop.AndroidCrypto.X509ChainGetErrors(ctx, errors, errors.Length);
+            if (res != SUCCESS)
+                throw new CryptographicException();
+
+            return errors;
+        }
+
+        [DllImport(Libraries.CryptoNative, EntryPoint = "AndroidCryptoNative_X509ChainSetCustomTrustStore")]
+        internal static extern int X509ChainSetCustomTrustStore(
+            SafeX509ChainContextHandle ctx,
+            IntPtr[] customTrustStore,
+            int customTrustStoreLen);
+
+        [DllImport(Libraries.CryptoNative, EntryPoint = "AndroidCryptoNative_X509ChainSupportsRevocationOptions")]
+        [return: MarshalAs(UnmanagedType.U1)]
+        internal static extern bool X509ChainSupportsRevocationOptions();
+
+        [DllImport(Libraries.CryptoNative, EntryPoint = "AndroidCryptoNative_X509ChainValidate")]
+        internal static extern int X509ChainValidate(
+            SafeX509ChainContextHandle ctx,
+            X509RevocationMode revocationMode,
+            X509RevocationFlag revocationFlag);
+    }
+}
+
+namespace System.Security.Cryptography.X509Certificates
+{
+    internal sealed class SafeX509ChainContextHandle : SafeHandle
+    {
+        public SafeX509ChainContextHandle()
+            : base(IntPtr.Zero, ownsHandle: true)
+        {
+        }
+
+        protected override bool ReleaseHandle()
+        {
+            Interop.AndroidCrypto.X509ChainDestroyContext(handle);
+            SetHandle(IntPtr.Zero);
+            return true;
+        }
+
+        public override bool IsInvalid => handle == IntPtr.Zero;
+    }
+}
diff --git a/src/libraries/Native/Unix/Common/pal_x509_types.h b/src/libraries/Native/Unix/Common/pal_x509_types.h
@@ -0,0 +1,49 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+#pragma once
+
+// Matches managed X509ChainStatusFlags enum
+enum
+{
+    PAL_X509ChainNoError = 0,
+    PAL_X509ChainNotTimeValid = 0x00000001,
+    PAL_X509ChainNotTimeNested = 0x00000002,
+    PAL_X509ChainRevoked = 0x00000004,
+    PAL_X509ChainNotSignatureValid = 0x00000008,
+    PAL_X509ChainNotValidForUsage = 0x00000010,
+    PAL_X509ChainUntrustedRoot = 0x00000020,
+    PAL_X509ChainRevocationStatusUnknown = 0x00000040,
+    PAL_X509ChainCyclic = 0x00000080,
+    PAL_X509ChainInvalidExtension = 0x00000100,
+    PAL_X509ChainInvalidPolicyConstraints = 0x00000200,
+    PAL_X509ChainInvalidBasicConstraints = 0x00000400,
+    PAL_X509ChainInvalidNameConstraints = 0x00000800,
+    PAL_X509ChainHasNotSupportedNameConstraint = 0x00001000,
+    PAL_X509ChainHasNotDefinedNameConstraint = 0x00002000,
+    PAL_X509ChainHasNotPermittedNameConstraint = 0x00004000,
+    PAL_X509ChainHasExcludedNameConstraint = 0x00008000,
+    PAL_X509ChainPartialChain = 0x00010000,
+    PAL_X509ChainCtlNotTimeValid = 0x00020000,
+    PAL_X509ChainCtlNotSignatureValid = 0x00040000,
+    PAL_X509ChainCtlNotValidForUsage = 0x00080000,
+    PAL_X509ChainOfflineRevocation = 0x01000000,
+    PAL_X509ChainNoIssuanceChainPolicy = 0x02000000,
+    PAL_X509ChainExplicitDistrust = 0x04000000,
+    PAL_X509ChainHasNotSupportedCriticalExtension = 0x08000000,
+    PAL_X509ChainHasWeakSignature = 0x00100000,
+};
+typedef uint32_t PAL_X509ChainStatusFlags;
+
+// Matches managed X509ContentType enum
+enum
+{
+    PAL_X509Unknown = 0,
+    PAL_Certificate = 1,
+    PAL_SerializedCert = 2,
+    PAL_Pkcs12 = 3,
+    PAL_SerializedStore = 4,
+    PAL_Pkcs7 = 5,
+    PAL_Authenticode = 6,
+};
+typedef uint32_t PAL_X509ContentType;
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Android/CMakeLists.txt b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Android/CMakeLists.txt
@@ -23,6 +23,7 @@ set(NATIVECRYPTO_SOURCES
     pal_ssl.c
     pal_sslstream.c
     pal_x509.c
+    pal_x509chain.c
 )
 
 add_library(System.Security.Cryptography.Native.Android

diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Android/pal_dsa.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Android/pal_dsa.c
@@ -6,18 +6,6 @@
 #include "pal_signature.h"
 #include "pal_bignum.h"
 
-#define INIT_LOCALS(name, ...) \
-    enum { __VA_ARGS__, count_##name }; \
-    jobject name[count_##name] = { 0 } \
-
-#define RELEASE_LOCALS_ENV(name, releaseFn) \
-do { \
-    for (int i = 0; i < count_##name; ++i) \
-    { \
-        releaseFn(env, name[i]); \
-    } \
-} while(0)
-
 int32_t AndroidCryptoNative_DsaGenerateKey(jobject* dsa, int32_t bits)
 {
     assert(dsa);
@@ -225,7 +213,7 @@ int32_t AndroidCryptoNative_GetDsaParameters(
     assert(gLength);
     assert(yLength);
     assert(xLength);
-    
+
     JNIEnv* env = GetJNIEnv();
 
     INIT_LOCALS(loc, algName, keyFactory, publicKey, publicKeySpec, privateKey, privateKeySpec);
@@ -282,7 +270,7 @@ int32_t AndroidCryptoNative_DsaKeyCreateByExplicitParameters(
         assert(false);
         return 0;
     }
-    
+
     JNIEnv* env = GetJNIEnv();
 
     INIT_LOCALS(bn, P, Q, G, Y, X);

diff --git a/...libraries/Native/Unix/System.Security.Cryptography.Native.Android/pal_ecc_import_export.c b/...libraries/Native/Unix/System.Security.Cryptography.Native.Android/pal_ecc_import_export.c
@@ -7,19 +7,6 @@
 #include "pal_jni.h"
 #include "pal_utilities.h"
 
-
-#define INIT_LOCALS(name, ...) \
-    enum { __VA_ARGS__, count_##name }; \
-    jobject name[count_##name] = { 0 } \
-
-#define RELEASE_LOCALS_ENV(name, releaseFn) \
-do { \
-    for (int i = 0; i < count_##name; ++i) \
-    { \
-        releaseFn(env, name[i]); \
-    } \
-} while(0)
-
 int32_t AndroidCryptoNative_GetECKeyParameters(const EC_KEY* key,
                                         int32_t includePrivate,
                                         jobject* qx,