public static void BuildWithFactoryReadDirect()
{
using (RSA rsa = RSA.Create())
{
Pkcs12SafeContents contents = new Pkcs12SafeContents();
Pkcs12KeyBag keyBag = contents.AddKeyUnencrypted(rsa);
using (RSA rsa2 = RSA.Create())
{
rsa2.ImportPkcs8PrivateKey(
keyBag.Pkcs8PrivateKey.Span,
out _);
byte[] sig = new byte[rsa.KeySize / 8];
Assert.True(rsa2.TrySignData(
keyBag.Pkcs8PrivateKey.Span,
sig,
HashAlgorithmName.MD5,
RSASignaturePadding.Pkcs1,
out int sigLen));
Assert.Equal(sig.Length, sigLen);
Assert.True(rsa.VerifyData(
keyBag.Pkcs8PrivateKey.Span,
sig,
HashAlgorithmName.MD5,
RSASignaturePadding.Pkcs1));
}
}
}
public static void SkipCopyHonored(bool skipCopy)
{
Pkcs12KeyBag keyBag = new Pkcs12KeyBag(s_derNull, skipCopy);
if (skipCopy)
{
Assert.True(
s_derNull.Span.Overlaps(keyBag.Pkcs8PrivateKey.Span),
"Same memory");
}
else
{
Assert.False(
s_derNull.Span.Overlaps(keyBag.Pkcs8PrivateKey.Span),
"Same memory");
}
}
public static void WriteOneCertWithKey_Encrypted_SameSafe()
{
Pkcs12SafeContents contents = new Pkcs12SafeContents();
byte[] rawData;
Pkcs9LocalKeyId localKeyId = new Pkcs9LocalKeyId(new byte[] { 1 });
using (X509Certificate2 cert = Certificates.RSAKeyTransferCapi1.TryGetCertificateWithPrivateKey(true))
using (RSA certKey = cert.GetRSAPrivateKey())
using (RSA exportableKey = certKey.MakeExportable())
{
Pkcs12CertBag certBag = contents.AddCertificate(cert);
certBag.Attributes.Add(localKeyId);
rawData = cert.RawData;
Pkcs12KeyBag keyBag = contents.AddKeyUnencrypted(exportableKey);
keyBag.Attributes.Add(localKeyId);
}
const string password = nameof(WriteOneCertWithKey_Encrypted_SameSafe);
Pkcs12Builder builder = new Pkcs12Builder();
builder.AddSafeContentsEncrypted(
contents,
password,
s_win7Pbe);
builder.SealWithMac(password, HashAlgorithmName.SHA1, 1024);
byte[] pfx = builder.Encode();
ImportedCollection coll =
ImportedCollection.Import(pfx, password, X509KeyStorageFlags.EphemeralKeySet);
using (coll)
{
Assert.Equal(1, coll.Collection.Count);
Assert.Equal(rawData, coll.Collection[0].RawData);
Assert.True(coll.Collection[0].HasPrivateKey, "coll.Collection[0].HasPrivateKey");
}
}
public static void ReadIndefiniteEncodingNoMac(int trailingByteCount)
{
ReadOnlyMemory <byte> source = PadContents(Pkcs12Documents.IndefiniteEncodingNoMac, trailingByteCount);
Pkcs12Info info = Pkcs12Info.Decode(
source,
out int bytesRead,
skipCopy: true);
Assert.Equal(Pkcs12Documents.IndefiniteEncodingNoMac.Length, bytesRead);
Assert.Equal(Pkcs12IntegrityMode.None, info.IntegrityMode);
ReadOnlyCollection <Pkcs12SafeContents> safes = info.AuthenticatedSafe;
Assert.Equal(2, safes.Count);
Pkcs12SafeContents firstSafe = safes[0];
Pkcs12SafeContents secondSafe = safes[1];
Assert.Equal(Pkcs12ConfidentialityMode.None, firstSafe.ConfidentialityMode);
Assert.Equal(Pkcs12ConfidentialityMode.None, secondSafe.ConfidentialityMode);
Assert.True(firstSafe.IsReadOnly, "firstSafe.IsReadOnly");
Assert.True(secondSafe.IsReadOnly, "secondSafe.IsReadOnly");
Pkcs12SafeBag[] firstContents = firstSafe.GetBags().ToArray();
Pkcs12SafeBag[] secondContents = secondSafe.GetBags().ToArray();
Assert.Equal(1, firstContents.Length);
Assert.Equal(1, secondContents.Length);
Pkcs12KeyBag keyBag = Assert.IsType <Pkcs12KeyBag>(firstContents[0]);
Pkcs12CertBag certBag = Assert.IsType <Pkcs12CertBag>(secondContents[0]);
CryptographicAttributeObjectCollection keyBagAttrs = keyBag.Attributes;
CryptographicAttributeObjectCollection certBagAttrs = certBag.Attributes;
Assert.Equal(2, keyBagAttrs.Count);
Assert.Equal(2, certBagAttrs.Count);
Assert.Equal(Oids.FriendlyName, keyBagAttrs[0].Oid.Value);
Assert.Equal(1, keyBagAttrs[0].Values.Count);
Assert.Equal(Oids.LocalKeyId, keyBagAttrs[1].Oid.Value);
Assert.Equal(1, keyBagAttrs[1].Values.Count);
Pkcs9AttributeObject keyFriendlyName =
Assert.IsAssignableFrom <Pkcs9AttributeObject>(keyBagAttrs[0].Values[0]);
Pkcs9LocalKeyId keyKeyId = Assert.IsType <Pkcs9LocalKeyId>(keyBagAttrs[1].Values[0]);
Assert.Equal(Oids.FriendlyName, certBagAttrs[0].Oid.Value);
Assert.Equal(1, certBagAttrs[0].Values.Count);
Assert.Equal(Oids.LocalKeyId, certBagAttrs[1].Oid.Value);
Assert.Equal(1, certBagAttrs[1].Values.Count);
Pkcs9AttributeObject certFriendlyName =
Assert.IsAssignableFrom <Pkcs9AttributeObject>(certBagAttrs[0].Values[0]);
Pkcs9LocalKeyId certKeyId = Assert.IsType <Pkcs9LocalKeyId>(certBagAttrs[1].Values[0]);
// This PFX gave a friendlyName value of "cert" to both the key and the cert.
Assert.Equal("1E080063006500720074", keyFriendlyName.RawData.ByteArrayToHex());
Assert.Equal(keyFriendlyName.RawData, certFriendlyName.RawData);
// The private key (KeyBag) and the public key (CertBag) are matched from their keyId value.
Assert.Equal("0414EDF3D122CF623CF0CFC9CD226261E8415A83E630", keyKeyId.RawData.ByteArrayToHex());
Assert.Equal("EDF3D122CF623CF0CFC9CD226261E8415A83E630", keyKeyId.KeyId.ByteArrayToHex());
Assert.Equal(keyKeyId.RawData, certKeyId.RawData);
using (X509Certificate2 cert = certBag.GetCertificate())
using (RSA privateKey = RSA.Create())
using (RSA publicKey = cert.GetRSAPublicKey())
{
privateKey.ImportPkcs8PrivateKey(keyBag.Pkcs8PrivateKey.Span, out _);
Assert.Equal(
publicKey.ExportSubjectPublicKeyInfo().ByteArrayToHex(),
privateKey.ExportSubjectPublicKeyInfo().ByteArrayToHex());
}
}
