private void DecryptContent(RecipientInfoCollection recipientInfos, X509Certificate2Collection?extraStore)
{
CheckStateForDecryption();
extraStore = extraStore ?? new X509Certificate2Collection();
X509Certificate2Collection certs = new X509Certificate2Collection();
PkcsPal.Instance.AddCertsFromStoreForDecryption(certs);
certs.AddRange(extraStore);
X509Certificate2Collection originatorCerts = Certificates;
ContentInfo?newContentInfo = null;
Exception? exception = PkcsPal.Instance.CreateRecipientsNotFoundException();
foreach (RecipientInfo recipientInfo in recipientInfos)
{
X509Certificate2?cert = certs.TryFindMatchingCertificate(recipientInfo.RecipientIdentifier);
if (cert == null)
{
exception = PkcsPal.Instance.CreateRecipientsNotFoundException();
continue;
}
newContentInfo = _decryptorPal !.TryDecrypt(
recipientInfo,
cert,
null,
originatorCerts,
extraStore,
out exception);
if (exception != null)
{
continue;
}
break;
}
if (exception != null)
{
throw exception;
}
SetContentInfo(newContentInfo !);
}
private DecryptorPalWindows(SafeCryptMsgHandle hCryptMsg, RecipientInfoCollection recipientInfos)
: base(recipientInfos)
{
_hCryptMsg = hCryptMsg;
}
// constructors
public EnvelopedCms()
{
_certs = new X509Certificate2Collection();
_recipients = new RecipientInfoCollection();
_uattribs = new CryptographicAttributeObjectCollection();
}
internal DecryptorPal(RecipientInfoCollection recipientInfos)
{
RecipientInfos = recipientInfos;
}
// constructors
public EnvelopedCms ()
{
_certs = new X509Certificate2Collection ();
_recipients = new RecipientInfoCollection ();
_uattribs = new CryptographicAttributeObjectCollection ();
}
internal RecipientInfoEnumerator(RecipientInfoCollection RecipientInfos)
{
m_recipientInfos = RecipientInfos;
m_current = -1;
}
private unsafe void DecryptContent(RecipientInfoCollection recipientInfos, X509Certificate2Collection extraStore)
{
int hr = -2146889717;
if ((this.m_safeCryptMsgHandle == null) || this.m_safeCryptMsgHandle.IsInvalid)
{
throw new InvalidOperationException(SecurityResources.GetResourceString("Cryptography_Cms_NoEncryptedMessageToEncode"));
}
for (int i = 0; i < recipientInfos.Count; i++)
{
System.Security.Cryptography.SafeCertContextHandle invalidHandle;
KeyAgreeRecipientInfo info2;
System.Security.Cryptography.CAPI.CMSG_CTRL_KEY_AGREE_DECRYPT_PARA cmsg_ctrl_key_agree_decrypt_para;
System.Security.Cryptography.CAPI.CMSG_KEY_AGREE_PUBLIC_KEY_RECIPIENT_INFO cmsg_key_agree_public_key_recipient_info;
RecipientInfo recipientInfo = recipientInfos[i];
CMSG_DECRYPT_PARAM cmsgDecryptParam = new CMSG_DECRYPT_PARAM();
int num3 = GetCspParams(recipientInfo, extraStore, ref cmsgDecryptParam);
if (num3 != 0)
{
goto Label_02F1;
}
CspParameters parameters = new CspParameters();
if (!System.Security.Cryptography.X509Certificates.X509Utils.GetPrivateKeyInfo(cmsgDecryptParam.safeCertContextHandle, ref parameters))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Decrypt | KeyContainerPermissionFlags.Open);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
switch (recipientInfo.Type)
{
case RecipientInfoType.KeyTransport:
{
System.Security.Cryptography.CAPI.CMSG_CTRL_DECRYPT_PARA cmsg_ctrl_decrypt_para = new System.Security.Cryptography.CAPI.CMSG_CTRL_DECRYPT_PARA(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_CTRL_DECRYPT_PARA))) {
hCryptProv = cmsgDecryptParam.safeCryptProvHandle.DangerousGetHandle(),
dwKeySpec = cmsgDecryptParam.keySpec,
dwRecipientIndex = recipientInfo.Index
};
if (!System.Security.Cryptography.CAPI.CryptMsgControl(this.m_safeCryptMsgHandle, 0, 2, new IntPtr((void*) &cmsg_ctrl_decrypt_para)))
{
num3 = Marshal.GetHRForLastWin32Error();
}
GC.KeepAlive(cmsg_ctrl_decrypt_para);
goto Label_02E6;
}
case RecipientInfoType.KeyAgreement:
{
invalidHandle = System.Security.Cryptography.SafeCertContextHandle.InvalidHandle;
info2 = (KeyAgreeRecipientInfo) recipientInfo;
System.Security.Cryptography.CAPI.CMSG_CMS_RECIPIENT_INFO cmsg_cms_recipient_info = (System.Security.Cryptography.CAPI.CMSG_CMS_RECIPIENT_INFO) Marshal.PtrToStructure(info2.pCmsgRecipientInfo.DangerousGetHandle(), typeof(System.Security.Cryptography.CAPI.CMSG_CMS_RECIPIENT_INFO));
cmsg_ctrl_key_agree_decrypt_para = new System.Security.Cryptography.CAPI.CMSG_CTRL_KEY_AGREE_DECRYPT_PARA(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_CTRL_KEY_AGREE_DECRYPT_PARA))) {
hCryptProv = cmsgDecryptParam.safeCryptProvHandle.DangerousGetHandle(),
dwKeySpec = cmsgDecryptParam.keySpec,
pKeyAgree = cmsg_cms_recipient_info.pRecipientInfo,
dwRecipientIndex = info2.Index,
dwRecipientEncryptedKeyIndex = info2.SubIndex
};
if (info2.SubType != RecipientSubType.CertIdKeyAgreement)
{
goto Label_0286;
}
System.Security.Cryptography.CAPI.CMSG_KEY_AGREE_CERT_ID_RECIPIENT_INFO cmsgRecipientInfo = (System.Security.Cryptography.CAPI.CMSG_KEY_AGREE_CERT_ID_RECIPIENT_INFO) info2.CmsgRecipientInfo;
invalidHandle = System.Security.Cryptography.CAPI.CertFindCertificateInStore(BuildOriginatorStore(this.Certificates, extraStore), 0x10001, 0, 0x100000, new IntPtr((void*) &cmsgRecipientInfo.OriginatorCertId), System.Security.Cryptography.SafeCertContextHandle.InvalidHandle);
if ((invalidHandle != null) && !invalidHandle.IsInvalid)
{
break;
}
num3 = -2146885628;
goto Label_02E6;
}
default:
throw new CryptographicException(-2147483647);
}
System.Security.Cryptography.CAPI.CERT_CONTEXT cert_context = (System.Security.Cryptography.CAPI.CERT_CONTEXT) Marshal.PtrToStructure(invalidHandle.DangerousGetHandle(), typeof(System.Security.Cryptography.CAPI.CERT_CONTEXT));
System.Security.Cryptography.CAPI.CERT_INFO cert_info = (System.Security.Cryptography.CAPI.CERT_INFO) Marshal.PtrToStructure(cert_context.pCertInfo, typeof(System.Security.Cryptography.CAPI.CERT_INFO));
cmsg_ctrl_key_agree_decrypt_para.OriginatorPublicKey = cert_info.SubjectPublicKeyInfo.PublicKey;
goto Label_02A7;
Label_0286:
cmsg_key_agree_public_key_recipient_info = (System.Security.Cryptography.CAPI.CMSG_KEY_AGREE_PUBLIC_KEY_RECIPIENT_INFO) info2.CmsgRecipientInfo;
cmsg_ctrl_key_agree_decrypt_para.OriginatorPublicKey = cmsg_key_agree_public_key_recipient_info.OriginatorPublicKeyInfo.PublicKey;
Label_02A7:
if (!System.Security.Cryptography.CAPI.CryptMsgControl(this.m_safeCryptMsgHandle, 0, 0x11, new IntPtr((void*) &cmsg_ctrl_key_agree_decrypt_para)))
{
num3 = Marshal.GetHRForLastWin32Error();
}
GC.KeepAlive(cmsg_ctrl_key_agree_decrypt_para);
GC.KeepAlive(invalidHandle);
Label_02E6:
GC.KeepAlive(cmsgDecryptParam);
Label_02F1:
if (num3 == 0)
{
uint cbData = 0;
System.Security.Cryptography.SafeLocalAllocHandle pvData = System.Security.Cryptography.SafeLocalAllocHandle.InvalidHandle;
PkcsUtils.GetParam(this.m_safeCryptMsgHandle, 2, 0, out pvData, out cbData);
if (cbData > 0)
{
Oid contentType = PkcsUtils.GetContentType(this.m_safeCryptMsgHandle);
byte[] destination = new byte[cbData];
Marshal.Copy(pvData.DangerousGetHandle(), destination, 0, (int) cbData);
this.m_contentInfo = new System.Security.Cryptography.Pkcs.ContentInfo(contentType, destination);
}
pvData.Dispose();
hr = 0;
break;
}
hr = num3;
}
if (hr != 0)
{
throw new CryptographicException(hr);
}
}
private unsafe void DecryptContent (RecipientInfoCollection recipientInfos, X509Certificate2Collection extraStore) {
int hr = CAPI.CRYPT_E_RECIPIENT_NOT_FOUND;
if (m_safeCryptMsgHandle == null || m_safeCryptMsgHandle.IsInvalid)
throw new InvalidOperationException(SecurityResources.GetResourceString("Cryptography_Cms_NoEncryptedMessageToEncode"));
for (int index = 0; index < recipientInfos.Count; index++) {
RecipientInfo recipientInfo = recipientInfos[index];
CMSG_DECRYPT_PARAM cmsgDecryptParam = new CMSG_DECRYPT_PARAM();
// Get CSP parameters
int hr2 = GetCspParams(recipientInfo, extraStore, ref cmsgDecryptParam);
if (hr2 == CAPI.S_OK) {
//
CspParameters parameters = new CspParameters();
if (X509Utils.GetPrivateKeyInfo(cmsgDecryptParam.safeCertContextHandle, ref parameters) == false)
throw new CryptographicException(Marshal.GetLastWin32Error());
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Decrypt);
kp.AccessEntries.Add(entry);
kp.Demand();
// Decrypt the content.
switch (recipientInfo.Type) {
case RecipientInfoType.KeyTransport:
CAPI.CMSG_CTRL_DECRYPT_PARA ctrlDecryptPara = new CAPI.CMSG_CTRL_DECRYPT_PARA(Marshal.SizeOf(typeof(CAPI.CMSG_CTRL_DECRYPT_PARA)));
ctrlDecryptPara.hCryptProv = cmsgDecryptParam.safeCryptProvHandle.DangerousGetHandle();
ctrlDecryptPara.dwKeySpec = cmsgDecryptParam.keySpec;
ctrlDecryptPara.dwRecipientIndex = (uint) recipientInfo.Index;
if (!CAPI.CryptMsgControl(m_safeCryptMsgHandle,
0,
CAPI.CMSG_CTRL_DECRYPT,
new IntPtr(&ctrlDecryptPara)))
hr2 = Marshal.GetHRForLastWin32Error();
GC.KeepAlive(ctrlDecryptPara);
break;
case RecipientInfoType.KeyAgreement:
SafeCertContextHandle pOriginatorCert = SafeCertContextHandle.InvalidHandle;
KeyAgreeRecipientInfo keyAgree = (KeyAgreeRecipientInfo) recipientInfo;
CAPI.CMSG_CMS_RECIPIENT_INFO cmsRecipientInfo = (CAPI.CMSG_CMS_RECIPIENT_INFO) Marshal.PtrToStructure(keyAgree.pCmsgRecipientInfo.DangerousGetHandle(), typeof(CAPI.CMSG_CMS_RECIPIENT_INFO));
CAPI.CMSG_CTRL_KEY_AGREE_DECRYPT_PARA keyAgreeDecryptPara = new CAPI.CMSG_CTRL_KEY_AGREE_DECRYPT_PARA(Marshal.SizeOf(typeof(CAPI.CMSG_CTRL_KEY_AGREE_DECRYPT_PARA)));
keyAgreeDecryptPara.hCryptProv = cmsgDecryptParam.safeCryptProvHandle.DangerousGetHandle();
keyAgreeDecryptPara.dwKeySpec = cmsgDecryptParam.keySpec;
keyAgreeDecryptPara.pKeyAgree = cmsRecipientInfo.pRecipientInfo;
keyAgreeDecryptPara.dwRecipientIndex = keyAgree.Index;
keyAgreeDecryptPara.dwRecipientEncryptedKeyIndex = keyAgree.SubIndex;
if (keyAgree.SubType == RecipientSubType.CertIdKeyAgreement) {
CAPI.CMSG_KEY_AGREE_CERT_ID_RECIPIENT_INFO certIdKeyAgree = (CAPI.CMSG_KEY_AGREE_CERT_ID_RECIPIENT_INFO) keyAgree.CmsgRecipientInfo;
SafeCertStoreHandle hCertStore = BuildOriginatorStore(this.Certificates, extraStore);
pOriginatorCert = CAPI.CertFindCertificateInStore(hCertStore,
CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING,
0,
CAPI.CERT_FIND_CERT_ID,
new IntPtr(&certIdKeyAgree.OriginatorCertId),
SafeCertContextHandle.InvalidHandle);
if (pOriginatorCert == null || pOriginatorCert.IsInvalid) {
hr2 = CAPI.CRYPT_E_NOT_FOUND;
break;
}
CAPI.CERT_CONTEXT pCertContext = (CAPI.CERT_CONTEXT) Marshal.PtrToStructure(pOriginatorCert.DangerousGetHandle(), typeof(CAPI.CERT_CONTEXT));
CAPI.CERT_INFO certInfo = (CAPI.CERT_INFO) Marshal.PtrToStructure(pCertContext.pCertInfo, typeof(CAPI.CERT_INFO));
keyAgreeDecryptPara.OriginatorPublicKey = certInfo.SubjectPublicKeyInfo.PublicKey;
}
else {
CAPI.CMSG_KEY_AGREE_PUBLIC_KEY_RECIPIENT_INFO publicKeyAgree = (CAPI.CMSG_KEY_AGREE_PUBLIC_KEY_RECIPIENT_INFO) keyAgree.CmsgRecipientInfo;
keyAgreeDecryptPara.OriginatorPublicKey = publicKeyAgree.OriginatorPublicKeyInfo.PublicKey;
}
if (!CAPI.CryptMsgControl(m_safeCryptMsgHandle,
0,
CAPI.CMSG_CTRL_KEY_AGREE_DECRYPT,
new IntPtr(&keyAgreeDecryptPara)))
hr2 = Marshal.GetHRForLastWin32Error();
GC.KeepAlive(keyAgreeDecryptPara);
GC.KeepAlive(pOriginatorCert);
break;
default:
throw new CryptographicException(CAPI.E_NOTIMPL);
}
GC.KeepAlive(cmsgDecryptParam);
}
// Content decrypted?
if (hr2 == CAPI.S_OK) {
// Yes, so retrieve it.
uint cbContent = 0;
SafeLocalAllocHandle pbContent = SafeLocalAllocHandle.InvalidHandle;
PkcsUtils.GetParam(m_safeCryptMsgHandle, CAPI.CMSG_CONTENT_PARAM, 0, out pbContent, out cbContent);
if (cbContent > 0) {
Oid contentType = PkcsUtils.GetContentType(m_safeCryptMsgHandle);
byte[] content = new byte[cbContent];
Marshal.Copy(pbContent.DangerousGetHandle(), content, 0, (int) cbContent);
m_contentInfo = new ContentInfo(contentType, content);
}
pbContent.Dispose();
hr = CAPI.S_OK;
break;
}
else {
// Try next recipient.
hr = hr2;
}
}
if (hr != CAPI.S_OK)
throw new CryptographicException(hr);
return;
}
private void DecryptContent(RecipientInfoCollection recipientInfos, X509Certificate2Collection extraStore)
{
switch (_lastCall)
{
case LastCall.Ctor:
throw new InvalidOperationException(SR.Cryptography_Cms_MessageNotEncrypted);
case LastCall.Encrypt:
throw PkcsPal.Instance.CreateDecryptAfterEncryptException();
case LastCall.Decrypt:
throw PkcsPal.Instance.CreateDecryptTwiceException();
case LastCall.Decode:
break; // This is the expected state.
default:
Debug.Fail($"Unexpected _lastCall value: {_lastCall}");
throw new InvalidOperationException();
}
extraStore = extraStore ?? new X509Certificate2Collection();
X509Certificate2Collection certs = new X509Certificate2Collection();
PkcsPal.Instance.AddCertsFromStoreForDecryption(certs);
certs.AddRange(extraStore);
X509Certificate2Collection originatorCerts = Certificates;
ContentInfo newContentInfo = null;
Exception exception = PkcsPal.Instance.CreateRecipientsNotFoundException();
foreach (RecipientInfo recipientInfo in recipientInfos)
{
X509Certificate2 cert = certs.TryFindMatchingCertificate(recipientInfo.RecipientIdentifier);
if (cert == null)
{
exception = PkcsPal.Instance.CreateRecipientsNotFoundException();
continue;
}
newContentInfo = _decryptorPal.TryDecrypt(recipientInfo, cert, originatorCerts, extraStore, out exception);
if (exception != null)
continue;
break;
}
if (exception != null)
throw exception;
ContentInfo = newContentInfo;
// Desktop compat: Encode() after a Decrypt() returns you the same thing that ContentInfo.Content does.
_encodedMessage = newContentInfo.Content.CloneByteArray();
_lastCall = LastCall.Decrypt;
}
private void DecryptContent(RecipientInfoCollection recipientInfos, X509Certificate2Collection extraStore)
{
switch (_lastCall)
{
case LastCall.Ctor:
throw new InvalidOperationException(SR.Cryptography_Cms_MessageNotEncrypted);
case LastCall.Encrypt:
throw PkcsPal.Instance.CreateDecryptAfterEncryptException();
case LastCall.Decrypt:
throw PkcsPal.Instance.CreateDecryptTwiceException();
case LastCall.Decode:
break; // This is the expected state.
default:
Debug.Fail($"Unexpected _lastCall value: {_lastCall}");
throw new InvalidOperationException();
}
extraStore = extraStore ?? new X509Certificate2Collection();
X509Certificate2Collection certs = new X509Certificate2Collection();
PkcsPal.Instance.AddCertsFromStoreForDecryption(certs);
certs.AddRange(extraStore);
X509Certificate2Collection originatorCerts = Certificates;
ContentInfo newContentInfo = null;
Exception exception = PkcsPal.Instance.CreateRecipientsNotFoundException();
foreach (RecipientInfo recipientInfo in recipientInfos)
{
X509Certificate2 cert = certs.TryFindMatchingCertificate(recipientInfo.RecipientIdentifier);
if (cert == null)
{
exception = PkcsPal.Instance.CreateRecipientsNotFoundException();
continue;
}
newContentInfo = _decryptorPal.TryDecrypt(recipientInfo, cert, originatorCerts, extraStore, out exception);
if (exception != null)
{
continue;
}
break;
}
if (exception != null)
{
throw exception;
}
ContentInfo = newContentInfo;
// Desktop compat: Encode() after a Decrypt() returns you the same thing that ContentInfo.Content does.
_encodedMessage = newContentInfo.Content.CloneByteArray();
_lastCall = LastCall.Decrypt;
}
internal RecipientInfoEnumerator(RecipientInfoCollection RecipientInfos) {
m_recipientInfos = RecipientInfos;
m_current = -1;
}
