public static void BuildWithFactoryReadDirect() { using (RSA rsa = RSA.Create()) { Pkcs12SafeContents contents = new Pkcs12SafeContents(); Pkcs12KeyBag keyBag = contents.AddKeyUnencrypted(rsa); using (RSA rsa2 = RSA.Create()) { rsa2.ImportPkcs8PrivateKey( keyBag.Pkcs8PrivateKey.Span, out _); byte[] sig = new byte[rsa.KeySize / 8]; Assert.True(rsa2.TrySignData( keyBag.Pkcs8PrivateKey.Span, sig, HashAlgorithmName.MD5, RSASignaturePadding.Pkcs1, out int sigLen)); Assert.Equal(sig.Length, sigLen); Assert.True(rsa.VerifyData( keyBag.Pkcs8PrivateKey.Span, sig, HashAlgorithmName.MD5, RSASignaturePadding.Pkcs1)); } } }
public static void SkipCopyHonored(bool skipCopy) { Pkcs12KeyBag keyBag = new Pkcs12KeyBag(s_derNull, skipCopy); if (skipCopy) { Assert.True( s_derNull.Span.Overlaps(keyBag.Pkcs8PrivateKey.Span), "Same memory"); } else { Assert.False( s_derNull.Span.Overlaps(keyBag.Pkcs8PrivateKey.Span), "Same memory"); } }
public static void WriteOneCertWithKey_Encrypted_SameSafe() { Pkcs12SafeContents contents = new Pkcs12SafeContents(); byte[] rawData; Pkcs9LocalKeyId localKeyId = new Pkcs9LocalKeyId(new byte[] { 1 }); using (X509Certificate2 cert = Certificates.RSAKeyTransferCapi1.TryGetCertificateWithPrivateKey(true)) using (RSA certKey = cert.GetRSAPrivateKey()) using (RSA exportableKey = certKey.MakeExportable()) { Pkcs12CertBag certBag = contents.AddCertificate(cert); certBag.Attributes.Add(localKeyId); rawData = cert.RawData; Pkcs12KeyBag keyBag = contents.AddKeyUnencrypted(exportableKey); keyBag.Attributes.Add(localKeyId); } const string password = nameof(WriteOneCertWithKey_Encrypted_SameSafe); Pkcs12Builder builder = new Pkcs12Builder(); builder.AddSafeContentsEncrypted( contents, password, s_win7Pbe); builder.SealWithMac(password, HashAlgorithmName.SHA1, 1024); byte[] pfx = builder.Encode(); ImportedCollection coll = ImportedCollection.Import(pfx, password, X509KeyStorageFlags.EphemeralKeySet); using (coll) { Assert.Equal(1, coll.Collection.Count); Assert.Equal(rawData, coll.Collection[0].RawData); Assert.True(coll.Collection[0].HasPrivateKey, "coll.Collection[0].HasPrivateKey"); } }
public static void ReadIndefiniteEncodingNoMac(int trailingByteCount) { ReadOnlyMemory <byte> source = PadContents(Pkcs12Documents.IndefiniteEncodingNoMac, trailingByteCount); Pkcs12Info info = Pkcs12Info.Decode( source, out int bytesRead, skipCopy: true); Assert.Equal(Pkcs12Documents.IndefiniteEncodingNoMac.Length, bytesRead); Assert.Equal(Pkcs12IntegrityMode.None, info.IntegrityMode); ReadOnlyCollection <Pkcs12SafeContents> safes = info.AuthenticatedSafe; Assert.Equal(2, safes.Count); Pkcs12SafeContents firstSafe = safes[0]; Pkcs12SafeContents secondSafe = safes[1]; Assert.Equal(Pkcs12ConfidentialityMode.None, firstSafe.ConfidentialityMode); Assert.Equal(Pkcs12ConfidentialityMode.None, secondSafe.ConfidentialityMode); Assert.True(firstSafe.IsReadOnly, "firstSafe.IsReadOnly"); Assert.True(secondSafe.IsReadOnly, "secondSafe.IsReadOnly"); Pkcs12SafeBag[] firstContents = firstSafe.GetBags().ToArray(); Pkcs12SafeBag[] secondContents = secondSafe.GetBags().ToArray(); Assert.Equal(1, firstContents.Length); Assert.Equal(1, secondContents.Length); Pkcs12KeyBag keyBag = Assert.IsType <Pkcs12KeyBag>(firstContents[0]); Pkcs12CertBag certBag = Assert.IsType <Pkcs12CertBag>(secondContents[0]); CryptographicAttributeObjectCollection keyBagAttrs = keyBag.Attributes; CryptographicAttributeObjectCollection certBagAttrs = certBag.Attributes; Assert.Equal(2, keyBagAttrs.Count); Assert.Equal(2, certBagAttrs.Count); Assert.Equal(Oids.FriendlyName, keyBagAttrs[0].Oid.Value); Assert.Equal(1, keyBagAttrs[0].Values.Count); Assert.Equal(Oids.LocalKeyId, keyBagAttrs[1].Oid.Value); Assert.Equal(1, keyBagAttrs[1].Values.Count); Pkcs9AttributeObject keyFriendlyName = Assert.IsAssignableFrom <Pkcs9AttributeObject>(keyBagAttrs[0].Values[0]); Pkcs9LocalKeyId keyKeyId = Assert.IsType <Pkcs9LocalKeyId>(keyBagAttrs[1].Values[0]); Assert.Equal(Oids.FriendlyName, certBagAttrs[0].Oid.Value); Assert.Equal(1, certBagAttrs[0].Values.Count); Assert.Equal(Oids.LocalKeyId, certBagAttrs[1].Oid.Value); Assert.Equal(1, certBagAttrs[1].Values.Count); Pkcs9AttributeObject certFriendlyName = Assert.IsAssignableFrom <Pkcs9AttributeObject>(certBagAttrs[0].Values[0]); Pkcs9LocalKeyId certKeyId = Assert.IsType <Pkcs9LocalKeyId>(certBagAttrs[1].Values[0]); // This PFX gave a friendlyName value of "cert" to both the key and the cert. Assert.Equal("1E080063006500720074", keyFriendlyName.RawData.ByteArrayToHex()); Assert.Equal(keyFriendlyName.RawData, certFriendlyName.RawData); // The private key (KeyBag) and the public key (CertBag) are matched from their keyId value. Assert.Equal("0414EDF3D122CF623CF0CFC9CD226261E8415A83E630", keyKeyId.RawData.ByteArrayToHex()); Assert.Equal("EDF3D122CF623CF0CFC9CD226261E8415A83E630", keyKeyId.KeyId.ByteArrayToHex()); Assert.Equal(keyKeyId.RawData, certKeyId.RawData); using (X509Certificate2 cert = certBag.GetCertificate()) using (RSA privateKey = RSA.Create()) using (RSA publicKey = cert.GetRSAPublicKey()) { privateKey.ImportPkcs8PrivateKey(keyBag.Pkcs8PrivateKey.Span, out _); Assert.Equal( publicKey.ExportSubjectPublicKeyInfo().ByteArrayToHex(), privateKey.ExportSubjectPublicKeyInfo().ByteArrayToHex()); } }