// Publicly available certificate
public Java.Security.Cert.Certificate GetCertificate()
{
if (!_androidKeyStore.ContainsAlias(_keyAlias))
{
return(null);
}
return(_androidKeyStore.GetCertificate(_keyAlias));
}
KeyPair GetAsymmetricKeyPair()
{
var asymmetricAlias = $"{alias}.asymmetric";
var privateKey = keyStore.GetKey(asymmetricAlias, null)?.JavaCast <IPrivateKey>();
var publicKey = keyStore.GetCertificate(asymmetricAlias)?.PublicKey;
// Return the existing key if found
if (privateKey != null && publicKey != null)
{
return(new KeyPair(publicKey, privateKey));
}
// Otherwise we create a new key
var generator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, androidKeyStore);
var end = DateTime.UtcNow.AddYears(20);
var startDate = new Java.Util.Date();
var endDate = new Java.Util.Date(end.Year, end.Month, end.Day);
#pragma warning disable CS0618
var builder = new KeyPairGeneratorSpec.Builder(Platform.AppContext)
.SetAlias(asymmetricAlias)
.SetSerialNumber(Java.Math.BigInteger.One)
.SetSubject(new Javax.Security.Auth.X500.X500Principal($"CN={asymmetricAlias} CA Certificate"))
.SetStartDate(startDate)
.SetEndDate(endDate);
generator.Initialize(builder.Build());
#pragma warning restore CS0618
return(generator.GenerateKeyPair());
}
//BELOW API 23
public KeyPair GetAsymmetricKey()
{
var asymmetricAlias = $"{alias}.asymmetric";
var privateKey = keyStore.GetKey(asymmetricAlias, null)?.JavaCast <IPrivateKey>();
var publicKey = keyStore.GetCertificate(asymmetricAlias)?.PublicKey;
if (privateKey != null && publicKey != null)
{
return(new KeyPair(publicKey, privateKey));
}
// var originalLocale = Platform.
var generator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, CONST_ANDROIDKEY);
var end = DateTime.UtcNow.AddYears(20);
var startDate = new Java.Util.Date();
var endDate = new Java.Util.Date(end.Year, end.Month, end.Day);
var builder = new KeyPairGeneratorSpec.Builder(appContext)
.SetAlias(asymmetricAlias)
.SetSerialNumber(Java.Math.BigInteger.One)
.SetSubject(new Javax.Security.Auth.X500.X500Principal($"CN={asymmetricAlias} CA Certificate"))
.SetStartDate(startDate)
.SetEndDate(endDate);
generator.Initialize(builder.Build());
return(generator.GenerateKeyPair());
}
/// <summary>
/// Creates an instance of {@code PKIXParameters} that
/// populates the set of most-trusted CAs from the trusted
/// certificate entries contained in the specified {@code KeyStore}.
/// Only keystore entries that contain trusted {@code X509Certificates}
/// are considered; all other certificate types are ignored.
/// </summary>
/// <param name="keystore"> a {@code KeyStore} from which the set of
/// most-trusted CAs will be populated </param>
/// <exception cref="KeyStoreException"> if the keystore has not been initialized </exception>
/// <exception cref="InvalidAlgorithmParameterException"> if the keystore does
/// not contain at least one trusted certificate entry </exception>
/// <exception cref="NullPointerException"> if the keystore is {@code null} </exception>
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: public PKIXParameters(java.security.KeyStore keystore) throws java.security.KeyStoreException, java.security.InvalidAlgorithmParameterException
public PKIXParameters(KeyStore keystore)
{
if (keystore == null)
{
throw new NullPointerException("the keystore parameter must be " + "non-null");
}
Set <TrustAnchor> hashSet = new HashSet <TrustAnchor>();
IEnumerator <String> aliases = keystore.Aliases();
while (aliases.MoveNext())
{
String alias = aliases.Current;
if (keystore.IsCertificateEntry(alias))
{
Certificate cert = keystore.GetCertificate(alias);
if (cert is X509Certificate)
{
hashSet.Add(new TrustAnchor((X509Certificate)cert, null));
}
}
}
TrustAnchors = hashSet;
this.UnmodInitialPolicies = System.Linq.Enumerable.Empty <String>();
this.CertPathCheckers_Renamed = new List <PKIXCertPathChecker>();
this.CertStores_Renamed = new List <CertStore>();
}
public IKey GetPublicKey()
{
if (!_androidKeyStore.ContainsAlias(_keyName))
{
return(null);
}
return(_androidKeyStore.GetCertificate(_keyName)?.PublicKey);
}
/// <summary>
/// Load RSA key pair from KeyStore
/// </summary>
private static void AccessKeyStore()
{
if (_keyStore.ContainsAlias(ALIAS))
{
IPrivateKey privateKey = (_keyStore.GetEntry(ALIAS, null) as KeyStore.PrivateKeyEntry).PrivateKey;
IPublicKey publicKey = _keyStore.GetCertificate(ALIAS).PublicKey;
_keyPair = new KeyPair(publicKey, privateKey);
}
}
KeyPair GetAsymmetricKeyPair()
{
// set that we generated keys on pre-m device.
Preferences.Set(useSymmetricPreferenceKey, false, SecureStorage.Alias);
var asymmetricAlias = $"{alias}.asymmetric";
var privateKey = keyStore.GetKey(asymmetricAlias, null)?.JavaCast <IPrivateKey>();
var publicKey = keyStore.GetCertificate(asymmetricAlias)?.PublicKey;
// Return the existing key if found
if (privateKey != null && publicKey != null)
{
return(new KeyPair(publicKey, privateKey));
}
var originalLocale = Platform.GetLocale();
try
{
// Force to english for known bug in date parsing:
// https://issuetracker.google.com/issues/37095309
Platform.SetLocale(Java.Util.Locale.English);
// Otherwise we create a new key
var generator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, androidKeyStore);
var end = DateTime.UtcNow.AddYears(20);
var startDate = new Java.Util.Date();
#pragma warning disable CS0618 // Type or member is obsolete
var endDate = new Java.Util.Date(end.Year, end.Month, end.Day);
#pragma warning restore CS0618 // Type or member is obsolete
#pragma warning disable CS0618
var builder = new KeyPairGeneratorSpec.Builder(Platform.AppContext)
.SetAlias(asymmetricAlias)
.SetSerialNumber(Java.Math.BigInteger.One)
.SetSubject(new Javax.Security.Auth.X500.X500Principal($"CN={asymmetricAlias} CA Certificate"))
.SetStartDate(startDate)
.SetEndDate(endDate);
generator.Initialize(builder.Build());
#pragma warning restore CS0618
return(generator.GenerateKeyPair());
}
finally
{
Platform.SetLocale(originalLocale);
}
}
//###############################################################################
public SecureEncryptor(Context context)
{
_context = context;
storeObject = KeyStore.GetInstance(AndroidKeyStore);
storeObject.Load(null);
if (!storeObject.ContainsAlias(KEYALIAS_CREDENTIALS))
{
CreateKey_Credentials();
}
Key_private = storeObject.GetKey(KEYALIAS_CREDENTIALS, null);
Key_public = storeObject.GetCertificate(KEYALIAS_CREDENTIALS)?.PublicKey;
}
public void RefreshItems()
{
_listItems.Clear();
foreach (String alias in KeyStore.Aliases)
{
KeyStoreEntryType entryType;
if (KeyStore.IsCertificateEntry(alias))
{
entryType = KeyStoreEntryType.TrustCertEntry;
}
else if (KeyStore.IsKeyEntry(alias) && KeyStore.GetCertificateChain(alias) != null && KeyStore.GetCertificateChain(alias).Length != 0)
{
entryType = KeyStoreEntryType.KeyPairEntry;
}
else
{
entryType = KeyStoreEntryType.KeyEntry;
}
_listItems.Add(new ListItemEntry(entryType, alias, KeyStore.GetCertificate(alias).Certificate));
}
}