private static bool TryRead(SafeBioHandle fileBio, out OpenSslPkcs12Reader pkcs12Reader, out Exception openSslException, bool captureException)
{
SafePkcs12Handle p12 = Interop.Crypto.DecodePkcs12FromBio(fileBio);
openSslException = null;
if (!p12.IsInvalid)
{
pkcs12Reader = new OpenSslPkcs12Reader(p12);
return(true);
}
p12.Dispose();
pkcs12Reader = null;
if (captureException)
{
openSslException = Interop.Crypto.CreateOpenSslCryptographicException();
}
else
{
Interop.Crypto.ErrClearError();
}
return(false);
}
private static bool TryRead(byte[] data, out OpenSslPkcs12Reader pkcs12Reader, out Exception openSslException, bool captureException)
{
SafePkcs12Handle handle = Interop.Crypto.DecodePkcs12(data, data.Length);
openSslException = null;
if (!handle.IsInvalid)
{
pkcs12Reader = new OpenSslPkcs12Reader(handle);
return(true);
}
handle.Dispose();
pkcs12Reader = null;
if (captureException)
{
openSslException = Interop.Crypto.CreateOpenSslCryptographicException();
}
else
{
Interop.Crypto.ErrClearError();
}
return(false);
}
public static bool TryRead(SafeBioHandle fileBio, out OpenSslPkcs12Reader pkcs12Reader)
{
SafePkcs12Handle p12 = Interop.libcrypto.d2i_PKCS12_bio(fileBio, IntPtr.Zero);
if (!p12.IsInvalid)
{
pkcs12Reader = new OpenSslPkcs12Reader(p12);
return(true);
}
pkcs12Reader = null;
return(false);
}
public static bool TryRead(SafeBioHandle fileBio, out OpenSslPkcs12Reader pkcs12Reader)
{
SafePkcs12Handle p12 = Interop.Crypto.DecodePkcs12FromBio(fileBio);
if (!p12.IsInvalid)
{
pkcs12Reader = new OpenSslPkcs12Reader(p12);
return(true);
}
pkcs12Reader = null;
return(false);
}
public static bool TryRead(byte[] data, out OpenSslPkcs12Reader pkcs12Reader)
{
SafePkcs12Handle handle = Interop.Crypto.DecodePkcs12(data, data.Length);
if (!handle.IsInvalid)
{
pkcs12Reader = new OpenSslPkcs12Reader(handle);
return(true);
}
pkcs12Reader = null;
return(false);
}
public unsafe static bool TryRead(byte[] data, out OpenSslPkcs12Reader pkcs12Reader)
{
SafePkcs12Handle handle = Interop.libcrypto.OpenSslD2I(
(ptr, b, i) => Interop.libcrypto.d2i_PKCS12(ptr, b, i),
data,
checkHandle: false);
if (!handle.IsInvalid)
{
pkcs12Reader = new OpenSslPkcs12Reader(handle);
return(true);
}
pkcs12Reader = null;
return(false);
}
private byte[] ExportPfx(string password)
{
using (SafeX509StackHandle publicCerts = Interop.Crypto.NewX509Stack())
{
X509Certificate2 privateCert = null;
// Walk the collection backwards, because we're pushing onto a stack.
// This will cause the read order later to be the same as it was now.
for (int i = _certs.Length - 1; i >= 0; --i)
{
X509Certificate2 cert = _certs[i];
if (cert.HasPrivateKey)
{
if (privateCert != null)
{
// OpenSSL's PKCS12 accelerator (PKCS12_create) only supports one
// private key. The data structure supports more than one, but
// being able to use that functionality requires a lot more code for
// a low-usage scenario.
throw new PlatformNotSupportedException(SR.NotSupported_Export_MultiplePrivateCerts);
}
privateCert = cert;
}
else
{
using (SafeX509Handle certHandle = Interop.libcrypto.X509_dup(cert.Handle))
{
if (!Interop.Crypto.PushX509StackField(publicCerts, certHandle))
{
throw Interop.libcrypto.CreateOpenSslCryptographicException();
}
// The handle ownership has been transferred into the STACK_OF(X509).
certHandle.SetHandleAsInvalid();
}
}
}
SafeX509Handle privateCertHandle;
SafeEvpPKeyHandle privateCertKeyHandle;
if (privateCert != null)
{
OpenSslX509CertificateReader pal = (OpenSslX509CertificateReader)privateCert.Pal;
privateCertHandle = pal.SafeHandle;
privateCertKeyHandle = pal.PrivateKeyHandle ?? InvalidPKeyHandle;
}
else
{
privateCertHandle = SafeX509Handle.InvalidHandle;
privateCertKeyHandle = InvalidPKeyHandle;
}
using (SafePkcs12Handle pkcs12 = Interop.libcrypto.PKCS12_create(
password,
null,
privateCertKeyHandle,
privateCertHandle,
publicCerts,
Interop.libcrypto.NID_undef,
Interop.libcrypto.NID_undef,
Interop.libcrypto.PKCS12_DEFAULT_ITER,
Interop.libcrypto.PKCS12_DEFAULT_ITER,
0))
{
if (pkcs12.IsInvalid)
{
throw Interop.libcrypto.CreateOpenSslCryptographicException();
}
unsafe
{
return(Interop.libcrypto.OpenSslI2D(
(handle, b) => Interop.libcrypto.i2d_PKCS12(handle, b),
pkcs12));
}
}
}
}
internal static extern bool Pkcs12Parse(
SafePkcs12Handle p12,
string pass,
out SafeEvpPKeyHandle pkey,
out SafeX509Handle cert,
out SafeX509StackHandle ca);
internal static extern int EncodePkcs12(SafePkcs12Handle p12, byte[] buf);
internal static extern int GetPkcs12DerSize(SafePkcs12Handle p12);
private OpenSslPkcs12Reader(SafePkcs12Handle pkcs12Handle)
{
_pkcs12Handle = pkcs12Handle;
}
private byte[] ExportPfx(SafePasswordHandle password)
{
using (SafeX509StackHandle publicCerts = Interop.Crypto.NewX509Stack())
{
SafeX509Handle privateCertHandle = SafeX509Handle.InvalidHandle;
SafeEvpPKeyHandle privateCertKeyHandle = InvalidPKeyHandle;
if (_singleCertPal != null)
{
var certPal = (OpenSslX509CertificateReader)_singleCertPal;
if (_singleCertPal.HasPrivateKey)
{
privateCertHandle = certPal.SafeHandle;
privateCertKeyHandle = certPal.PrivateKeyHandle;
}
else
{
PushHandle(certPal.Handle, publicCerts);
}
GC.KeepAlive(certPal); // ensure reader's safe handle isn't finalized while raw handle is in use
}
else
{
X509Certificate2 privateCert = null;
// Walk the collection backwards, because we're pushing onto a stack.
// This will cause the read order later to be the same as it was now.
for (int i = _certs.Count - 1; i >= 0; --i)
{
X509Certificate2 cert = _certs[i];
if (cert.HasPrivateKey)
{
if (privateCert != null)
{
// OpenSSL's PKCS12 accelerator (PKCS12_create) only supports one
// private key. The data structure supports more than one, but
// being able to use that functionality requires a lot more code for
// a low-usage scenario.
throw new PlatformNotSupportedException(SR.NotSupported_Export_MultiplePrivateCerts);
}
privateCert = cert;
var certPal = (OpenSslX509CertificateReader)cert.Pal;
privateCertHandle = certPal.SafeHandle;
privateCertKeyHandle = certPal.PrivateKeyHandle;
}
else
{
PushHandle(cert.Handle, publicCerts);
}
}
}
using (SafePkcs12Handle pkcs12 = Interop.Crypto.Pkcs12Create(
password,
privateCertKeyHandle,
privateCertHandle,
publicCerts))
{
if (pkcs12.IsInvalid)
{
throw Interop.Crypto.CreateOpenSslCryptographicException();
}
byte[] result = Interop.Crypto.OpenSslEncode(
Interop.Crypto.GetPkcs12DerSize,
Interop.Crypto.EncodePkcs12,
pkcs12);
// ensure cert handles aren't finalized while the raw handles are in use
GC.KeepAlive(_certs);
return(result);
}
}
}
internal static extern unsafe int i2d_PKCS12(SafePkcs12Handle p12, byte ** @out);
