public HttpResponseMessage Get(string smsNumber, string code)
{
RsaKeyPairGenerator r = new RsaKeyPairGenerator();
r.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(new Org.BouncyCastle.Security.SecureRandom(), 2048));
AsymmetricCipherKeyPair keys = r.GenerateKeyPair();
string publicKeyPath = Path.Combine(Path.GetTempPath(), "publicKey.key");
if (File.Exists(publicKeyPath))
{
File.Delete(publicKeyPath);
}
using (TextWriter textWriter = new StreamWriter(publicKeyPath, false))
{
PemWriter pemWriter = new PemWriter(textWriter);
pemWriter.WriteObject(keys.Public);
pemWriter.Writer.Flush();
}
string certSubjectName = "UShadow_RSA";
var certName = new X509Name("CN=" + certSubjectName);
var serialNo = BigInteger.ProbablePrime(120, new Random());
X509V3CertificateGenerator gen2 = new X509V3CertificateGenerator();
gen2.SetSerialNumber(serialNo);
gen2.SetSubjectDN(certName);
gen2.SetIssuerDN(new X509Name(true, "CN=UShadow"));
gen2.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(30, 0, 0, 0)));
gen2.SetNotAfter(DateTime.Now.AddYears(2));
gen2.SetSignatureAlgorithm("sha512WithRSA");
gen2.SetPublicKey(keys.Public);
Org.BouncyCastle.X509.X509Certificate newCert = gen2.Generate(keys.Private);
Pkcs12Store store = new Pkcs12StoreBuilder().Build();
X509CertificateEntry certEntry = new X509CertificateEntry(newCert);
store.SetCertificateEntry(newCert.SubjectDN.ToString(), certEntry);
AsymmetricKeyEntry keyEntry = new AsymmetricKeyEntry(keys.Private);
store.SetKeyEntry(newCert.SubjectDN.ToString() + "_key", keyEntry, new X509CertificateEntry[] { certEntry });
using (MemoryStream ms = new MemoryStream())
{
store.Save(ms, "Password".ToCharArray(), new SecureRandom());
var resp = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new ByteArrayContent(ms.ToArray())
};
resp.Content.Headers.Add("Content-Type", "application/x-pkcs12");
return resp;
}
}
public void SetKeyEntry(
string alias,
AsymmetricKeyEntry keyEntry,
X509CertificateEntry[] chain)
{
if (alias == null)
{
throw new ArgumentNullException("alias");
}
if (keyEntry == null)
{
throw new ArgumentNullException("keyEntry");
}
if (keyEntry.Key.IsPrivate && (chain == null))
{
throw new ArgumentException("No certificate chain for private key");
}
if (keys[alias] != null)
{
DeleteEntry(alias);
}
keys[alias] = keyEntry;
certs[alias] = chain[0];
for (int i = 0; i != chain.Length; i++)
{
chainCerts[new CertId(chain[i].Certificate.GetPublicKey())] = chain[i];
}
}
public void SetKeyEntry(string alias, AsymmetricKeyEntry keyEntry, X509CertificateEntry[] chain)
{
if (alias == null)
{
throw new ArgumentNullException("alias");
}
if (keyEntry == null)
{
throw new ArgumentNullException("keyEntry");
}
if (keyEntry.Key.IsPrivate && chain == null)
{
throw new ArgumentException("No certificate chain for private key");
}
if (this.keys[alias] != null)
{
this.DeleteEntry(alias);
}
this.keys[alias] = keyEntry;
this.certs[alias] = chain[0];
for (int num = 0; num != chain.Length; num++)
{
this.chainCerts[new Pkcs12Store.CertId(chain[num].Certificate.GetPublicKey())] = chain[num];
}
}
public static void ExportPKCS12(String path, String alias, AsymmetricKeyEntry privKey, char[] password,
params X509CertificateEntry[] certs)
{
var keyStore = new Pkcs12Store();
keyStore.SetKeyEntry(alias, privKey, certs);
using (var fs = new FileStream(path, FileMode.Create))
{
keyStore.Save(fs, password, Repository.Srand);
}
}
public override bool Equals(object obj)
{
AsymmetricKeyEntry asymmetricKeyEntry = obj as AsymmetricKeyEntry;
if (asymmetricKeyEntry == null)
{
return(false);
}
return(key.Equals(asymmetricKeyEntry.key));
}
protected virtual void LoadKeyBag(PrivateKeyInfo privKeyInfo, Asn1Set bagAttributes)
{
AsymmetricKeyParameter key = PrivateKeyFactory.CreateKey(privKeyInfo);
IDictionary dictionary = Platform.CreateHashtable();
AsymmetricKeyEntry value = new AsymmetricKeyEntry(key, dictionary);
string text = null;
Asn1OctetString asn1OctetString = null;
if (bagAttributes != null)
{
foreach (Asn1Sequence asn1Sequence in bagAttributes)
{
DerObjectIdentifier instance = DerObjectIdentifier.GetInstance(asn1Sequence[0]);
Asn1Set instance2 = Asn1Set.GetInstance(asn1Sequence[1]);
if (instance2.Count > 0)
{
Asn1Encodable asn1Encodable = instance2[0];
if (dictionary.Contains(instance.Id))
{
if (!dictionary[instance.Id].Equals(asn1Encodable))
{
throw new IOException("attempt to add existing attribute with different value");
}
}
else
{
dictionary.Add(instance.Id, asn1Encodable);
}
if (instance.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
text = ((DerBmpString)asn1Encodable).GetString();
this.keys[text] = value;
}
else if (instance.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
asn1OctetString = (Asn1OctetString)asn1Encodable;
}
}
}
}
if (asn1OctetString == null)
{
this.unmarkedKeyEntry = value;
return;
}
string text2 = Hex.ToHexString(asn1OctetString.GetOctets());
if (text == null)
{
this.keys[text2] = value;
return;
}
this.localIds[text] = text2;
}
/// <summary>
/// Initializes a new instance of the <see cref="MimeKit.Cryptography.CmsSigner"/> class.
/// </summary>
/// <param name="chain">The chain of certificates starting with the signer's certificate back to the root.</param>
/// <param name="key">The signer's private key.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="chain"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="key"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="System.ArgumentException">
/// <paramref name="chain"/> did not contain any certificates.
/// </exception>
public CmsSigner(IEnumerable<X509CertificateEntry> chain, AsymmetricKeyEntry key)
{
if (chain == null)
throw new ArgumentNullException ("chain");
if (key == null)
throw new ArgumentNullException ("key");
CertificateChain = new List<X509Certificate> ();
foreach (var entry in chain) {
CertificateChain.Add (entry.Certificate);
if (Certificate == null)
Certificate = entry.Certificate;
}
if (CertificateChain.Count == 0)
throw new ArgumentException ("The certificate chain was empty.", "chain");
}
public void DeleteEntry(
string alias)
{
if (alias == null)
{
throw new ArgumentNullException("alias");
}
AsymmetricKeyEntry k = (AsymmetricKeyEntry)keys[alias];
if (k != null)
{
keys.Remove(alias);
}
X509CertificateEntry c = (X509CertificateEntry)certs[alias];
if (c != null)
{
certs.Remove(alias);
chainCerts.Remove(new CertId(c.Certificate.GetPublicKey()));
}
if (k != null)
{
string id = (string)localIds[alias];
if (id != null)
{
localIds.Remove(alias);
c = (X509CertificateEntry)keyCerts[id];
}
if (c != null)
{
keyCerts.Remove(id);
chainCerts.Remove(new CertId(c.Certificate.GetPublicKey()));
}
}
if (c == null && k == null)
{
throw new ArgumentException("no such entry as " + alias);
}
}
public void DeleteEntry(string alias)
{
if (alias == null)
{
throw new ArgumentNullException("alias");
}
AsymmetricKeyEntry asymmetricKeyEntry = (AsymmetricKeyEntry)this.keys[alias];
if (asymmetricKeyEntry != null)
{
this.keys.Remove(alias);
}
X509CertificateEntry x509CertificateEntry = (X509CertificateEntry)this.certs[alias];
if (x509CertificateEntry != null)
{
this.certs.Remove(alias);
this.chainCerts.Remove(new Pkcs12Store.CertId(x509CertificateEntry.Certificate.GetPublicKey()));
}
if (asymmetricKeyEntry != null)
{
string text = (string)this.localIds[alias];
if (text != null)
{
this.localIds.Remove(alias);
x509CertificateEntry = (X509CertificateEntry)this.keyCerts[text];
}
if (x509CertificateEntry != null)
{
this.keyCerts.Remove(text);
this.chainCerts.Remove(new Pkcs12Store.CertId(x509CertificateEntry.Certificate.GetPublicKey()));
}
}
if (x509CertificateEntry == null && asymmetricKeyEntry == null)
{
throw new ArgumentException("no such entry as " + alias);
}
}
/// <summary>
/// Static method used to create a certificate and return as a .net object
/// </summary>
public static X509Certificate2 Create(string name, DateTime start, DateTime end, string userPassword, bool addtoStore = false, string exportDirectory = null)
{
// generate a key pair using RSA
var generator = new RsaKeyPairGenerator();
// keys have to be a minimum of 2048 bits for Azure
generator.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 2048));
AsymmetricCipherKeyPair cerKp = generator.GenerateKeyPair();
// get a copy of the private key
AsymmetricKeyParameter privateKey = cerKp.Private;
// create the CN using the name passed in and create a unique serial number for the cert
var certName = new X509Name("CN=" + name);
BigInteger serialNo = BigInteger.ProbablePrime(120, new Random());
// start the generator and set CN/DN and serial number and valid period
var x509Generator = new X509V3CertificateGenerator();
x509Generator.SetSerialNumber(serialNo);
x509Generator.SetSubjectDN(certName);
x509Generator.SetIssuerDN(certName);
x509Generator.SetNotBefore(start);
x509Generator.SetNotAfter(end);
// add the server authentication key usage
var keyUsage = new KeyUsage(KeyUsage.KeyEncipherment);
x509Generator.AddExtension(X509Extensions.KeyUsage, false, keyUsage.ToAsn1Object());
var extendedKeyUsage = new ExtendedKeyUsage(new[] {KeyPurposeID.IdKPServerAuth});
x509Generator.AddExtension(X509Extensions.ExtendedKeyUsage, true, extendedKeyUsage.ToAsn1Object());
// algorithm can only be SHA1 ??
x509Generator.SetSignatureAlgorithm("sha1WithRSA");
// Set the key pair
x509Generator.SetPublicKey(cerKp.Public);
X509Certificate certificate = x509Generator.Generate(cerKp.Private);
// export the certificate bytes
byte[] certStream = DotNetUtilities.ToX509Certificate(certificate).Export(X509ContentType.Pkcs12, userPassword);
// build the key parameter and the certificate entry
var keyEntry = new AsymmetricKeyEntry(privateKey);
var entry = new X509CertificateEntry(certificate);
// build the PKCS#12 store to encapsulate the certificate
var builder = new Pkcs12StoreBuilder();
builder.SetUseDerEncoding(true);
builder.SetCertAlgorithm(PkcsObjectIdentifiers.Sha1WithRsaEncryption);
builder.SetKeyAlgorithm(PkcsObjectIdentifiers.Sha1WithRsaEncryption);
builder.Build();
// create a memorystream to hold the output
var stream = new MemoryStream(10000);
// create the individual store and set two entries for cert and key
var store = new Pkcs12Store();
store.SetCertificateEntry("Created by Fluent Management", entry);
store.SetKeyEntry("Created by Fluent Management", keyEntry, new[] { entry });
store.Save(stream, userPassword.ToCharArray(), new SecureRandom());
// Create the equivalent C# representation
var cert = new X509Certificate2(stream.GetBuffer(), userPassword, X509KeyStorageFlags.Exportable);
// set up the PEM writer too
if (exportDirectory != null)
{
var textWriter = new StringWriter();
var pemWriter = new PemWriter(textWriter);
pemWriter.WriteObject(cerKp.Private, "DESEDE", userPassword.ToCharArray(), new SecureRandom());
pemWriter.Writer.Flush();
string privateKeyPem = textWriter.ToString();
using (var writer = new StreamWriter(Path.Combine(exportDirectory, cert.Thumbprint + ".pem")))
{
writer.WriteLine(privateKeyPem);
}
// also export the certs - first the .pfx
byte[] privateKeyBytes = cert.Export(X509ContentType.Pfx, userPassword);
using (var writer = new FileStream(Path.Combine(exportDirectory, cert.Thumbprint + ".pfx"), FileMode.OpenOrCreate, FileAccess.Write))
{
writer.Write(privateKeyBytes, 0, privateKeyBytes.Length);
}
// also export the certs - then the .cer
byte[] publicKeyBytes = cert.Export(X509ContentType.Cert);
using (var writer = new FileStream(Path.Combine(exportDirectory, cert.Thumbprint + ".cer"), FileMode.OpenOrCreate, FileAccess.Write))
{
writer.Write(publicKeyBytes, 0, publicKeyBytes.Length);
}
}
// if specified then this add this certificate to the store
if (addtoStore)
AddToMyStore(cert);
return cert;
}
/// <summary>
/// Static method used to create a certificate and return as a .net object
/// </summary>
public static X509Certificate2 Create(string name, DateTime start, DateTime end, string userPassword,
bool addtoStore = false)
{
// generate a key pair using RSA
var generator = new RsaKeyPairGenerator();
// keys have to be a minimum of 2048 bits for Azure
generator.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 2048));
AsymmetricCipherKeyPair cerKp = generator.GenerateKeyPair();
// get a copy of the private key
AsymmetricKeyParameter privateKey = cerKp.Private;
// create the CN using the name passed in and create a unique serial number for the cert
var certName = new X509Name("CN=" + name);
BigInteger serialNo = BigInteger.ProbablePrime(120, new Random());
// start the generator and set CN/DN and serial number and valid period
var x509Generator = new X509V3CertificateGenerator();
x509Generator.SetSerialNumber(serialNo);
x509Generator.SetSubjectDN(certName);
x509Generator.SetIssuerDN(certName);
x509Generator.SetNotBefore(start);
x509Generator.SetNotAfter(end);
// add the server authentication key usage
var keyUsage = new KeyUsage(KeyUsage.KeyEncipherment);
x509Generator.AddExtension(X509Extensions.KeyUsage, false, keyUsage.ToAsn1Object());
var extendedKeyUsage = new ExtendedKeyUsage(new[] {KeyPurposeID.IdKPServerAuth});
x509Generator.AddExtension(X509Extensions.ExtendedKeyUsage, true, extendedKeyUsage.ToAsn1Object());
// algorithm can only be SHA1 ??
x509Generator.SetSignatureAlgorithm("sha1WithRSA");
// Set the key pair
x509Generator.SetPublicKey(cerKp.Public);
X509Certificate certificate = x509Generator.Generate(cerKp.Private);
// export the certificate bytes
byte[] certStream = DotNetUtilities.ToX509Certificate(certificate).Export(X509ContentType.Pkcs12,
userPassword);
// build the key parameter and the certificate entry
var keyEntry = new AsymmetricKeyEntry(privateKey);
var entry = new X509CertificateEntry(certificate);
// build the PKCS#12 store to encapsulate the certificate
var builder = new Pkcs12StoreBuilder();
builder.SetUseDerEncoding(true);
builder.SetCertAlgorithm(PkcsObjectIdentifiers.Sha1WithRsaEncryption);
builder.SetKeyAlgorithm(PkcsObjectIdentifiers.Sha1WithRsaEncryption);
builder.Build();
// create a memorystream to hold the output
var stream = new MemoryStream(2000);
// create the individual store and set two entries for cert and key
var store = new Pkcs12Store();
store.SetCertificateEntry("Elastacloud Test Certificate", entry);
store.SetKeyEntry("Elastacloud Test Certificate", keyEntry, new[] {entry});
store.Save(stream, userPassword.ToCharArray(), new SecureRandom());
// Create the equivalent C# representation
var cert = new X509Certificate2(stream.GetBuffer(), userPassword, X509KeyStorageFlags.Exportable);
// if specified then this add this certificate to the store
if (addtoStore)
AddToMyStore(cert);
return cert;
}
public void SetKeyEntry(
string alias,
AsymmetricKeyEntry keyEntry,
X509CertificateEntry[] chain)
{
if (alias == null)
throw new ArgumentNullException("alias");
if (keyEntry == null)
throw new ArgumentNullException("keyEntry");
if (keyEntry.Key.IsPrivate && (chain == null))
throw new ArgumentException("No certificate chain for private key");
if (keys[alias] != null)
{
DeleteEntry(alias);
}
keys[alias] = keyEntry;
certs[alias] = chain[0];
for (int i = 0; i != chain.Length; i++)
{
chainCerts[new CertId(chain[i].Certificate.GetPublicKey())] = chain[i];
}
}
public void SetKeyEntry(
string alias,
AsymmetricKeyEntry keyEntry,
X509CertificateEntry[] chain)
{
if (alias == null)
throw new ArgumentNullException("alias");
if (keyEntry == null)
throw new ArgumentNullException("keyEntry");
if (keyEntry.Key.IsPrivate && (chain == null))
throw new ArgumentException("No certificate chain for private key");
if (keys[alias] != null && !keyEntry.Key.Equals(((AsymmetricKeyEntry) keys[alias]).Key))
throw new ArgumentException("There is already a key with the name " + alias + ".");
keys[alias] = keyEntry;
certs[alias] = chain[0];
for (int i = 0; i != chain.Length; i++)
{
chainCerts[new CertId(chain[i].Certificate.GetPublicKey())] = chain[i];
}
}
public void Load(
Stream input,
char[] password)
{
if (input == null)
{
throw new ArgumentNullException("input");
}
if (password == null)
{
throw new ArgumentNullException("password");
}
Asn1Sequence obj = (Asn1Sequence)Asn1Object.FromStream(input);
Pfx bag = new Pfx(obj);
ContentInfo info = bag.AuthSafe;
bool unmarkedKey = false;
bool wrongPkcs12Zero = false;
if (bag.MacData != null) // check the mac code
{
MacData mData = bag.MacData;
DigestInfo dInfo = mData.Mac;
AlgorithmIdentifier algId = dInfo.AlgorithmID;
byte[] salt = mData.GetSalt();
int itCount = mData.IterationCount.IntValue;
byte[] data = ((Asn1OctetString)info.Content).GetOctets();
byte[] mac = CalculatePbeMac(algId.ObjectID, salt, itCount, password, false, data);
byte[] dig = dInfo.GetDigest();
if (!Arrays.ConstantTimeAreEqual(mac, dig))
{
if (password.Length > 0)
{
throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file.");
}
// Try with incorrect zero length password
mac = CalculatePbeMac(algId.ObjectID, salt, itCount, password, true, data);
if (!Arrays.ConstantTimeAreEqual(mac, dig))
{
throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file.");
}
wrongPkcs12Zero = true;
}
}
keys.Clear();
localIds.Clear();
IList chain = Platform.CreateArrayList();
if (info.ContentType.Equals(PkcsObjectIdentifiers.Data))
{
byte[] octs = ((Asn1OctetString)info.Content).GetOctets();
AuthenticatedSafe authSafe = new AuthenticatedSafe(
(Asn1Sequence)Asn1OctetString.FromByteArray(octs));
ContentInfo[] cis = authSafe.GetContentInfo();
foreach (ContentInfo ci in cis)
{
DerObjectIdentifier oid = ci.ContentType;
if (oid.Equals(PkcsObjectIdentifiers.Data))
{
byte[] octets = ((Asn1OctetString)ci.Content).GetOctets();
Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(octets);
foreach (Asn1Sequence subSeq in seq)
{
SafeBag b = new SafeBag(subSeq);
if (b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag))
{
EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.GetInstance(b.BagValue);
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(
password, wrongPkcs12Zero, eIn);
IAsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo);
//
// set the attributes on the key
//
IDictionary attributes = Platform.CreateHashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
string alias = null;
Asn1OctetString localId = null;
if (b.BagAttributes != null)
{
foreach (Asn1Sequence sq in b.BagAttributes)
{
DerObjectIdentifier aOid = (DerObjectIdentifier)sq[0];
Asn1Set attrSet = (Asn1Set)sq[1];
Asn1Encodable attr = null;
if (attrSet.Count > 0)
{
// TODO We should be adding all attributes in the set
attr = attrSet[0];
// TODO We might want to "merge" attribute sets with
// the same OID - currently, differing values give an error
if (attributes.Contains(aOid.Id))
{
// OK, but the value has to be the same
if (!attributes[aOid.Id].Equals(attr))
{
throw new IOException("attempt to add existing attribute with different value");
}
}
else
{
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
// TODO Do these in a separate loop, just collect aliases here
keys[alias] = pkcs12Key;
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
}
}
if (localId != null)
{
string name = Hex.ToHexString(localId.GetOctets());
if (alias == null)
{
keys[name] = pkcs12Key;
}
else
{
// TODO There may have been more than one alias
localIds[alias] = name;
}
}
else
{
unmarkedKey = true;
keys["unmarked"] = pkcs12Key;
}
}
else if (b.BagID.Equals(PkcsObjectIdentifiers.CertBag))
{
chain.Add(b);
}
else
{
#if !NETFX_CORE
Console.WriteLine("extra " + b.BagID);
Console.WriteLine("extra " + Asn1Dump.DumpAsString(b));
#endif
}
}
}
else if (oid.Equals(PkcsObjectIdentifiers.EncryptedData))
{
EncryptedData d = EncryptedData.GetInstance(ci.Content);
byte[] octets = CryptPbeData(false, d.EncryptionAlgorithm,
password, wrongPkcs12Zero, d.Content.GetOctets());
Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(octets);
foreach (Asn1Sequence subSeq in seq)
{
SafeBag b = new SafeBag(subSeq);
if (b.BagID.Equals(PkcsObjectIdentifiers.CertBag))
{
chain.Add(b);
}
else if (b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag))
{
EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.GetInstance(b.BagValue);
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(
password, wrongPkcs12Zero, eIn);
IAsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo);
//
// set the attributes on the key
//
IDictionary attributes = Platform.CreateHashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
string alias = null;
Asn1OctetString localId = null;
foreach (Asn1Sequence sq in b.BagAttributes)
{
DerObjectIdentifier aOid = (DerObjectIdentifier)sq[0];
Asn1Set attrSet = (Asn1Set)sq[1];
Asn1Encodable attr = null;
if (attrSet.Count > 0)
{
// TODO We should be adding all attributes in the set
attr = attrSet[0];
// TODO We might want to "merge" attribute sets with
// the same OID - currently, differing values give an error
if (attributes.Contains(aOid.Id))
{
// OK, but the value has to be the same
if (!attributes[aOid.Id].Equals(attr))
{
throw new IOException("attempt to add existing attribute with different value");
}
}
else
{
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
// TODO Do these in a separate loop, just collect aliases here
keys[alias] = pkcs12Key;
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
}
// TODO Should we be checking localIds != null here
// as for PkcsObjectIdentifiers.Data version above?
string name = Hex.ToHexString(localId.GetOctets());
if (alias == null)
{
keys[name] = pkcs12Key;
}
else
{
// TODO There may have been more than one alias
localIds[alias] = name;
}
}
else if (b.BagID.Equals(PkcsObjectIdentifiers.KeyBag))
{
PrivateKeyInfo privKeyInfo = PrivateKeyInfo.GetInstance(b.BagValue);
IAsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privKeyInfo);
//
// set the attributes on the key
//
string alias = null;
Asn1OctetString localId = null;
IDictionary attributes = Platform.CreateHashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
foreach (Asn1Sequence sq in b.BagAttributes)
{
DerObjectIdentifier aOid = (DerObjectIdentifier)sq[0];
Asn1Set attrSet = (Asn1Set)sq[1];
Asn1Encodable attr = null;
if (attrSet.Count > 0)
{
// TODO We should be adding all attributes in the set
attr = attrSet[0];
// TODO We might want to "merge" attribute sets with
// the same OID - currently, differing values give an error
if (attributes.Contains(aOid.Id))
{
// OK, but the value has to be the same
if (!attributes[aOid.Id].Equals(attr))
{
throw new IOException("attempt to add existing attribute with different value");
}
}
else
{
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
// TODO Do these in a separate loop, just collect aliases here
keys[alias] = pkcs12Key;
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
}
// TODO Should we be checking localIds != null here
// as for PkcsObjectIdentifiers.Data version above?
string name = Hex.ToHexString(localId.GetOctets());
if (alias == null)
{
keys[name] = pkcs12Key;
}
else
{
// TODO There may have been more than one alias
localIds[alias] = name;
}
}
else
{
#if !NETFX_CORE
Console.WriteLine("extra " + b.BagID);
Console.WriteLine("extra " + Asn1Dump.DumpAsString(b));
#endif
}
}
}
else
{
#if !NETFX_CORE
Console.WriteLine("extra " + oid);
Console.WriteLine("extra " + Asn1Dump.DumpAsString(ci.Content));
#endif
}
}
}
certs.Clear();
chainCerts.Clear();
keyCerts.Clear();
foreach (SafeBag b in chain)
{
CertBag cb = new CertBag((Asn1Sequence)b.BagValue);
byte[] octets = ((Asn1OctetString)cb.CertValue).GetOctets();
X509Certificate cert = new X509CertificateParser().ReadCertificate(octets);
//
// set the attributes
//
IDictionary attributes = Platform.CreateHashtable();
Asn1OctetString localId = null;
string alias = null;
if (b.BagAttributes != null)
{
foreach (Asn1Sequence sq in b.BagAttributes)
{
DerObjectIdentifier aOid = (DerObjectIdentifier)sq[0];
Asn1Set attrSet = (Asn1Set)sq[1];
if (attrSet.Count > 0)
{
// TODO We should be adding all attributes in the set
Asn1Encodable attr = attrSet[0];
// TODO We might want to "merge" attribute sets with
// the same OID - currently, differing values give an error
if (attributes.Contains(aOid.Id))
{
// OK, but the value has to be the same
if (!attributes[aOid.Id].Equals(attr))
{
throw new IOException("attempt to add existing attribute with different value");
}
}
else
{
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
}
}
CertId certId = new CertId(cert.GetPublicKey());
X509CertificateEntry pkcs12Cert = new X509CertificateEntry(cert, attributes);
chainCerts[certId] = pkcs12Cert;
if (unmarkedKey)
{
if (keyCerts.Count == 0)
{
string name = Hex.ToHexString(certId.Id);
keyCerts[name] = pkcs12Cert;
object temp = keys["unmarked"];
keys.Remove("unmarked");
keys[name] = temp;
}
}
else
{
if (localId != null)
{
string name = Hex.ToHexString(localId.GetOctets());
keyCerts[name] = pkcs12Cert;
}
if (alias != null)
{
// TODO There may have been more than one alias
certs[alias] = pkcs12Cert;
}
}
}
}
private void testSupportedTypes(AsymmetricKeyEntry privKey, X509CertificateEntry[] chain)
{
basicStoreTest(privKey, chain,
PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc,
PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc );
basicStoreTest(privKey, chain,
PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc,
PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc );
}
public void Save(
Stream stream,
char[] password,
SecureRandom random)
{
if (stream == null)
{
throw new ArgumentNullException("stream");
}
if (password == null)
{
throw new ArgumentNullException("password");
}
if (random == null)
{
throw new ArgumentNullException("random");
}
//
// handle the key
//
Asn1EncodableVector keyS = new Asn1EncodableVector();
foreach (string name in keys.Keys)
{
byte[] kSalt = new byte[SaltSize];
random.NextBytes(kSalt);
AsymmetricKeyEntry privKey = (AsymmetricKeyEntry)keys[name];
EncryptedPrivateKeyInfo kInfo =
EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(
keyAlgorithm, password, kSalt, MinIterations, privKey.Key);
Asn1EncodableVector kName = new Asn1EncodableVector();
foreach (string oid in privKey.BagAttributeKeys)
{
Asn1Encodable entry = privKey[oid];
// NB: Ignore any existing FriendlyName
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id))
{
continue;
}
kName.Add(
new DerSequence(
new DerObjectIdentifier(oid),
new DerSet(entry)));
}
//
// make sure we are using the local alias on store
//
// NB: We always set the FriendlyName based on 'name'
//if (privKey[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null)
{
kName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtFriendlyName,
new DerSet(new DerBmpString(name))));
}
//
// make sure we have a local key-id
//
if (privKey[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null)
{
X509CertificateEntry ct = GetCertificate(name);
IAsymmetricKeyParameter pubKey = ct.Certificate.GetPublicKey();
SubjectKeyIdentifier subjectKeyID = CreateSubjectKeyID(pubKey);
kName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtLocalKeyID,
new DerSet(subjectKeyID)));
}
SafeBag kBag = new SafeBag(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag, kInfo.ToAsn1Object(), new DerSet(kName));
keyS.Add(kBag);
}
byte[] derEncodedBytes = new DerSequence(keyS).GetDerEncoded();
BerOctetString keyString = new BerOctetString(derEncodedBytes);
//
// certificate processing
//
byte[] cSalt = new byte[SaltSize];
random.NextBytes(cSalt);
Asn1EncodableVector certSeq = new Asn1EncodableVector();
Pkcs12PbeParams cParams = new Pkcs12PbeParams(cSalt, MinIterations);
AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.ToAsn1Object());
ISet doneCerts = new HashSet();
foreach (string name in keys.Keys)
{
X509CertificateEntry certEntry = GetCertificate(name);
CertBag cBag = new CertBag(
PkcsObjectIdentifiers.X509Certificate,
new DerOctetString(certEntry.Certificate.GetEncoded()));
Asn1EncodableVector fName = new Asn1EncodableVector();
foreach (string oid in certEntry.BagAttributeKeys)
{
Asn1Encodable entry = certEntry[oid];
// NB: Ignore any existing FriendlyName
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id))
{
continue;
}
fName.Add(
new DerSequence(
new DerObjectIdentifier(oid),
new DerSet(entry)));
}
//
// make sure we are using the local alias on store
//
// NB: We always set the FriendlyName based on 'name'
//if (certEntry[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null)
{
fName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtFriendlyName,
new DerSet(new DerBmpString(name))));
}
//
// make sure we have a local key-id
//
if (certEntry[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null)
{
IAsymmetricKeyParameter pubKey = certEntry.Certificate.GetPublicKey();
SubjectKeyIdentifier subjectKeyID = CreateSubjectKeyID(pubKey);
fName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtLocalKeyID,
new DerSet(subjectKeyID)));
}
SafeBag sBag = new SafeBag(
PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName));
certSeq.Add(sBag);
doneCerts.Add(certEntry.Certificate);
}
foreach (string certId in certs.Keys)
{
X509CertificateEntry cert = (X509CertificateEntry)certs[certId];
if (keys[certId] != null)
{
continue;
}
CertBag cBag = new CertBag(
PkcsObjectIdentifiers.X509Certificate,
new DerOctetString(cert.Certificate.GetEncoded()));
Asn1EncodableVector fName = new Asn1EncodableVector();
foreach (string oid in cert.BagAttributeKeys)
{
// a certificate not immediately linked to a key doesn't require
// a localKeyID and will confuse some PKCS12 implementations.
//
// If we find one, we'll prune it out.
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id))
{
continue;
}
Asn1Encodable entry = cert[oid];
// NB: Ignore any existing FriendlyName
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id))
{
continue;
}
fName.Add(
new DerSequence(
new DerObjectIdentifier(oid),
new DerSet(entry)));
}
//
// make sure we are using the local alias on store
//
// NB: We always set the FriendlyName based on 'certId'
//if (cert[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null)
{
fName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtFriendlyName,
new DerSet(new DerBmpString(certId))));
}
SafeBag sBag = new SafeBag(PkcsObjectIdentifiers.CertBag,
cBag.ToAsn1Object(), new DerSet(fName));
certSeq.Add(sBag);
doneCerts.Add(cert.Certificate);
}
foreach (CertId certId in chainCerts.Keys)
{
X509CertificateEntry cert = (X509CertificateEntry)chainCerts[certId];
if (doneCerts.Contains(cert.Certificate))
{
continue;
}
CertBag cBag = new CertBag(
PkcsObjectIdentifiers.X509Certificate,
new DerOctetString(cert.Certificate.GetEncoded()));
Asn1EncodableVector fName = new Asn1EncodableVector();
foreach (string oid in cert.BagAttributeKeys)
{
// a certificate not immediately linked to a key doesn't require
// a localKeyID and will confuse some PKCS12 implementations.
//
// If we find one, we'll prune it out.
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id))
{
continue;
}
fName.Add(
new DerSequence(
new DerObjectIdentifier(oid),
new DerSet(cert[oid])));
}
SafeBag sBag = new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName));
certSeq.Add(sBag);
}
derEncodedBytes = new DerSequence(certSeq).GetDerEncoded();
byte[] certBytes = CryptPbeData(true, cAlgId, password, false, derEncodedBytes);
EncryptedData cInfo = new EncryptedData(PkcsObjectIdentifiers.Data, cAlgId, new BerOctetString(certBytes));
ContentInfo[] info = new ContentInfo[]
{
new ContentInfo(PkcsObjectIdentifiers.Data, keyString),
new ContentInfo(PkcsObjectIdentifiers.EncryptedData, cInfo.ToAsn1Object())
};
byte[] data = new AuthenticatedSafe(info).GetEncoded(
useDerEncoding ? Asn1Encodable.Der : Asn1Encodable.Ber);
ContentInfo mainInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(data));
//
// create the mac
//
byte[] mSalt = new byte[20];
random.NextBytes(mSalt);
byte[] mac = CalculatePbeMac(OiwObjectIdentifiers.IdSha1,
mSalt, MinIterations, password, false, data);
AlgorithmIdentifier algId = new AlgorithmIdentifier(
OiwObjectIdentifiers.IdSha1, DerNull.Instance);
DigestInfo dInfo = new DigestInfo(algId, mac);
MacData mData = new MacData(dInfo, mSalt, MinIterations);
//
// output the Pfx
//
Pfx pfx = new Pfx(mainInfo, mData);
DerOutputStream derOut;
if (useDerEncoding)
{
derOut = new DerOutputStream(stream);
}
else
{
derOut = new BerOutputStream(stream);
}
derOut.WriteObject(pfx);
}
public override bool Equals(object obj)
{
AsymmetricKeyEntry asymmetricKeyEntry = obj as AsymmetricKeyEntry;
return(asymmetricKeyEntry != null && this.key.Equals(asymmetricKeyEntry.key));
}
public Pkcs12Store(
Stream input,
char[] password)
{
if (input == null)
{
throw new ArgumentNullException("input");
}
if (password == null)
{
throw new ArgumentNullException("password");
}
Asn1InputStream bIn = new Asn1InputStream(input);
Asn1Sequence obj = (Asn1Sequence)bIn.ReadObject();
Pfx bag = new Pfx(obj);
ContentInfo info = bag.AuthSafe;
ArrayList chain = new ArrayList();
bool unmarkedKey = false;
bool wrongPkcs12Zero = false;
if (bag.MacData != null) // check the mac code
{
MacData mData = bag.MacData;
DigestInfo dInfo = mData.Mac;
AlgorithmIdentifier algId = dInfo.AlgorithmID;
byte[] salt = mData.GetSalt();
int itCount = mData.IterationCount.IntValue;
byte[] data = ((Asn1OctetString)info.Content).GetOctets();
Asn1Encodable parameters = PbeUtilities.GenerateAlgorithmParameters(
algId.ObjectID, salt, itCount);
ICipherParameters keyParameters = PbeUtilities.GenerateCipherParameters(
algId.ObjectID, password, parameters);
IMac mac = (IMac)PbeUtilities.CreateEngine(algId.ObjectID);
mac.Init(keyParameters);
mac.BlockUpdate(data, 0, data.Length);
byte[] res = new byte[mac.GetMacSize()];
mac.DoFinal(res, 0);
byte[] dig = dInfo.GetDigest();
if (!Arrays.AreEqual(res, dig))
{
if (password.Length > 0)
{
throw new Exception("Pkcs12 key store mac invalid - wrong password or corrupted file.");
}
//
// may be incorrect zero length password
//
keyParameters = PbeUtilities.GenerateCipherParameters(
algId.ObjectID, password, true, parameters);
mac.Init(keyParameters);
mac.BlockUpdate(data, 0, data.Length);
res = new byte[mac.GetMacSize()];
mac.DoFinal(res, 0);
if (!Arrays.AreEqual(res, dig))
{
throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file.");
}
wrongPkcs12Zero = true;
}
}
keys = new Hashtable();
localIds = new Hashtable();
if (info.ContentType.Equals(PkcsObjectIdentifiers.Data))
{
byte[] octs = ((Asn1OctetString)info.Content).GetOctets();
AuthenticatedSafe authSafe = new AuthenticatedSafe(
(Asn1Sequence)Asn1OctetString.FromByteArray(octs));
ContentInfo[] c = authSafe.GetContentInfo();
for (int i = 0; i != c.Length; i++)
{
if (c[i].ContentType.Equals(PkcsObjectIdentifiers.Data))
{
byte[] octets = ((Asn1OctetString)c[i].Content).GetOctets();
Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(octets);
for (int j = 0; j != seq.Count; j++)
{
SafeBag b = new SafeBag((Asn1Sequence)seq[j]);
if (b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag))
{
EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.GetInstance(b.BagValue);
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(
password, wrongPkcs12Zero, eIn);
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo);
//
// set the attributes on the key
//
Hashtable attributes = new Hashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
string alias = null;
Asn1OctetString localId = null;
if (b.BagAttributes != null)
{
foreach (Asn1Sequence sq in b.BagAttributes)
{
DerObjectIdentifier aOid = (DerObjectIdentifier)sq[0];
Asn1Set attrSet = (Asn1Set)sq[1];
Asn1Encodable attr = null;
if (attrSet.Count > 0)
{
attr = attrSet[0];
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
keys[alias] = pkcs12Key;
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
}
if (localId != null)
{
string name = Encoding.ASCII.GetString(Hex.Encode(localId.GetOctets()));
if (alias == null)
{
keys[name] = pkcs12Key;
}
else
{
localIds[alias] = name;
}
}
else
{
unmarkedKey = true;
keys["unmarked"] = pkcs12Key;
}
}
else if (b.BagID.Equals(PkcsObjectIdentifiers.CertBag))
{
chain.Add(b);
}
else
{
Console.WriteLine("extra " + b.BagID);
Console.WriteLine("extra " + Asn1Dump.DumpAsString(b));
}
}
}
else if (c[i].ContentType.Equals(PkcsObjectIdentifiers.EncryptedData))
{
EncryptedData d = EncryptedData.GetInstance(c[i].Content);
Asn1Sequence seq = DecryptData(d.EncryptionAlgorithm, d.Content.GetOctets(), password, wrongPkcs12Zero);
for (int j = 0; j != seq.Count; j++)
{
SafeBag b = new SafeBag((Asn1Sequence)seq[j]);
if (b.BagID.Equals(PkcsObjectIdentifiers.CertBag))
{
chain.Add(b);
}
else if (b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag))
{
EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.GetInstance(b.BagValue);
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(
password, wrongPkcs12Zero, eIn);
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo);
//
// set the attributes on the key
//
Hashtable attributes = new Hashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
string alias = null;
Asn1OctetString localId = null;
foreach (Asn1Sequence sq in b.BagAttributes)
{
DerObjectIdentifier aOid = (DerObjectIdentifier)sq[0];
Asn1Set attrSet = (Asn1Set)sq[1];
Asn1Encodable attr = null;
if (attrSet.Count > 0)
{
attr = attrSet[0];
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
keys[alias] = pkcs12Key;
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
string name = Encoding.ASCII.GetString(Hex.Encode(localId.GetOctets()));
if (alias == null)
{
keys[name] = pkcs12Key;
}
else
{
localIds[alias] = name;
}
}
else if (b.BagID.Equals(PkcsObjectIdentifiers.KeyBag))
{
PrivateKeyInfo privKeyInfo = PrivateKeyInfo.GetInstance(b.BagValue);
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privKeyInfo);
//
// set the attributes on the key
//
string alias = null;
Asn1OctetString localId = null;
Hashtable attributes = new Hashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
foreach (Asn1Sequence sq in b.BagAttributes)
{
DerObjectIdentifier aOid = (DerObjectIdentifier)sq[0];
Asn1Set attrSet = (Asn1Set)sq[1];
Asn1Encodable attr = null;
if (attrSet.Count > 0)
{
attr = attrSet[0];
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
keys[alias] = pkcs12Key;
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
string name = Encoding.ASCII.GetString(Hex.Encode(localId.GetOctets()));
if (alias == null)
{
keys[name] = pkcs12Key;
}
else
{
localIds[alias] = name;
}
}
else
{
Console.WriteLine("extra " + b.BagID);
Console.WriteLine("extra " + Asn1Dump.DumpAsString(b));
}
}
}
else
{
Console.WriteLine("extra " + c[i].ContentType.Id);
Console.WriteLine("extra " + Asn1Dump.DumpAsString(c[i].Content));
}
}
}
certs = new Hashtable();
chainCerts = new Hashtable();
keyCerts = new Hashtable();
for (int i = 0; i < chain.Count; ++i)
{
SafeBag b = (SafeBag)chain[i];
CertBag cb = new CertBag((Asn1Sequence)b.BagValue);
byte[] octets = ((Asn1OctetString)cb.CertValue).GetOctets();
X509Certificate cert = new X509CertificateParser().ReadCertificate(octets);
//
// set the attributes
//
Hashtable attributes = new Hashtable();
X509CertificateEntry pkcs12Cert = new X509CertificateEntry(cert, attributes);
Asn1OctetString localId = null;
string alias = null;
if (b.BagAttributes != null)
{
foreach (Asn1Sequence sq in b.BagAttributes)
{
DerObjectIdentifier aOid = (DerObjectIdentifier)sq[0];
Asn1Set attrSet = (Asn1Set)sq[1];
if (attrSet.Count > 0)
{
Asn1Encodable attr = attrSet[0];
attributes.Add(aOid.Id, attr);
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
}
}
AsymmetricKeyParameter publicKey = cert.GetPublicKey();
chainCerts[new CertId(publicKey)] = pkcs12Cert;
if (unmarkedKey)
{
if (keyCerts.Count == 0)
{
string name = Encoding.ASCII.GetString(
Hex.Encode(
new SubjectKeyIdentifier(
SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey)).GetKeyIdentifier()));
keyCerts[name] = pkcs12Cert;
object temp = keys["unmarked"];
keys.Remove("unmarked");
keys[name] = temp;
}
}
else
{
if (localId != null)
{
string name = Encoding.ASCII.GetString(
Hex.Encode(localId.GetOctets()));
keyCerts[name] = pkcs12Cert;
}
if (alias != null)
{
certs[alias] = pkcs12Cert;
}
}
}
}
public void Save(Stream stream, char[] password, SecureRandom random)
{
if (stream == null)
{
throw new ArgumentNullException("stream");
}
if (random == null)
{
throw new ArgumentNullException("random");
}
Asn1EncodableVector asn1EncodableVector = new Asn1EncodableVector(new Asn1Encodable[0]);
foreach (string text in this.keys.Keys)
{
byte[] array = new byte[20];
random.NextBytes(array);
AsymmetricKeyEntry asymmetricKeyEntry = (AsymmetricKeyEntry)this.keys[text];
DerObjectIdentifier oid;
Asn1Encodable asn1Encodable;
if (password == null)
{
oid = PkcsObjectIdentifiers.KeyBag;
asn1Encodable = PrivateKeyInfoFactory.CreatePrivateKeyInfo(asymmetricKeyEntry.Key);
}
else
{
oid = PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag;
asn1Encodable = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(this.keyAlgorithm, password, array, 1024, asymmetricKeyEntry.Key);
}
Asn1EncodableVector asn1EncodableVector2 = new Asn1EncodableVector(new Asn1Encodable[0]);
foreach (string text2 in asymmetricKeyEntry.BagAttributeKeys)
{
Asn1Encodable obj = asymmetricKeyEntry[text2];
if (!text2.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id))
{
asn1EncodableVector2.Add(new Asn1Encodable[]
{
new DerSequence(new Asn1Encodable[]
{
new DerObjectIdentifier(text2),
new DerSet(obj)
})
});
}
}
asn1EncodableVector2.Add(new Asn1Encodable[]
{
new DerSequence(new Asn1Encodable[]
{
PkcsObjectIdentifiers.Pkcs9AtFriendlyName,
new DerSet(new DerBmpString(text))
})
});
if (asymmetricKeyEntry[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null)
{
X509CertificateEntry certificate = this.GetCertificate(text);
AsymmetricKeyParameter publicKey = certificate.Certificate.GetPublicKey();
SubjectKeyIdentifier obj2 = Pkcs12Store.CreateSubjectKeyID(publicKey);
asn1EncodableVector2.Add(new Asn1Encodable[]
{
new DerSequence(new Asn1Encodable[]
{
PkcsObjectIdentifiers.Pkcs9AtLocalKeyID,
new DerSet(obj2)
})
});
}
asn1EncodableVector.Add(new Asn1Encodable[]
{
new SafeBag(oid, asn1Encodable.ToAsn1Object(), new DerSet(asn1EncodableVector2))
});
}
byte[] derEncoded = new DerSequence(asn1EncodableVector).GetDerEncoded();
ContentInfo contentInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(derEncoded));
byte[] array2 = new byte[20];
random.NextBytes(array2);
Asn1EncodableVector asn1EncodableVector3 = new Asn1EncodableVector(new Asn1Encodable[0]);
Pkcs12PbeParams pkcs12PbeParams = new Pkcs12PbeParams(array2, 1024);
AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(this.certAlgorithm, pkcs12PbeParams.ToAsn1Object());
ISet set = new HashSet();
foreach (string text3 in this.keys.Keys)
{
X509CertificateEntry certificate2 = this.GetCertificate(text3);
CertBag certBag = new CertBag(PkcsObjectIdentifiers.X509Certificate, new DerOctetString(certificate2.Certificate.GetEncoded()));
Asn1EncodableVector asn1EncodableVector4 = new Asn1EncodableVector(new Asn1Encodable[0]);
foreach (string text4 in certificate2.BagAttributeKeys)
{
Asn1Encodable obj3 = certificate2[text4];
if (!text4.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id))
{
asn1EncodableVector4.Add(new Asn1Encodable[]
{
new DerSequence(new Asn1Encodable[]
{
new DerObjectIdentifier(text4),
new DerSet(obj3)
})
});
}
}
asn1EncodableVector4.Add(new Asn1Encodable[]
{
new DerSequence(new Asn1Encodable[]
{
PkcsObjectIdentifiers.Pkcs9AtFriendlyName,
new DerSet(new DerBmpString(text3))
})
});
if (certificate2[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null)
{
AsymmetricKeyParameter publicKey2 = certificate2.Certificate.GetPublicKey();
SubjectKeyIdentifier obj4 = Pkcs12Store.CreateSubjectKeyID(publicKey2);
asn1EncodableVector4.Add(new Asn1Encodable[]
{
new DerSequence(new Asn1Encodable[]
{
PkcsObjectIdentifiers.Pkcs9AtLocalKeyID,
new DerSet(obj4)
})
});
}
asn1EncodableVector3.Add(new Asn1Encodable[]
{
new SafeBag(PkcsObjectIdentifiers.CertBag, certBag.ToAsn1Object(), new DerSet(asn1EncodableVector4))
});
set.Add(certificate2.Certificate);
}
foreach (string text5 in this.certs.Keys)
{
X509CertificateEntry x509CertificateEntry = (X509CertificateEntry)this.certs[text5];
if (this.keys[text5] == null)
{
CertBag certBag2 = new CertBag(PkcsObjectIdentifiers.X509Certificate, new DerOctetString(x509CertificateEntry.Certificate.GetEncoded()));
Asn1EncodableVector asn1EncodableVector5 = new Asn1EncodableVector(new Asn1Encodable[0]);
foreach (string text6 in x509CertificateEntry.BagAttributeKeys)
{
if (!text6.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id))
{
Asn1Encodable obj5 = x509CertificateEntry[text6];
if (!text6.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id))
{
asn1EncodableVector5.Add(new Asn1Encodable[]
{
new DerSequence(new Asn1Encodable[]
{
new DerObjectIdentifier(text6),
new DerSet(obj5)
})
});
}
}
}
asn1EncodableVector5.Add(new Asn1Encodable[]
{
new DerSequence(new Asn1Encodable[]
{
PkcsObjectIdentifiers.Pkcs9AtFriendlyName,
new DerSet(new DerBmpString(text5))
})
});
asn1EncodableVector3.Add(new Asn1Encodable[]
{
new SafeBag(PkcsObjectIdentifiers.CertBag, certBag2.ToAsn1Object(), new DerSet(asn1EncodableVector5))
});
set.Add(x509CertificateEntry.Certificate);
}
}
foreach (Pkcs12Store.CertId key in this.chainCerts.Keys)
{
X509CertificateEntry x509CertificateEntry2 = (X509CertificateEntry)this.chainCerts[key];
if (!set.Contains(x509CertificateEntry2.Certificate))
{
CertBag certBag3 = new CertBag(PkcsObjectIdentifiers.X509Certificate, new DerOctetString(x509CertificateEntry2.Certificate.GetEncoded()));
Asn1EncodableVector asn1EncodableVector6 = new Asn1EncodableVector(new Asn1Encodable[0]);
foreach (string text7 in x509CertificateEntry2.BagAttributeKeys)
{
if (!text7.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id))
{
asn1EncodableVector6.Add(new Asn1Encodable[]
{
new DerSequence(new Asn1Encodable[]
{
new DerObjectIdentifier(text7),
new DerSet(x509CertificateEntry2[text7])
})
});
}
}
asn1EncodableVector3.Add(new Asn1Encodable[]
{
new SafeBag(PkcsObjectIdentifiers.CertBag, certBag3.ToAsn1Object(), new DerSet(asn1EncodableVector6))
});
}
}
byte[] derEncoded2 = new DerSequence(asn1EncodableVector3).GetDerEncoded();
ContentInfo contentInfo2;
if (password == null)
{
contentInfo2 = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(derEncoded2));
}
else
{
byte[] str = Pkcs12Store.CryptPbeData(true, algorithmIdentifier, password, false, derEncoded2);
EncryptedData encryptedData = new EncryptedData(PkcsObjectIdentifiers.Data, algorithmIdentifier, new BerOctetString(str));
contentInfo2 = new ContentInfo(PkcsObjectIdentifiers.EncryptedData, encryptedData.ToAsn1Object());
}
ContentInfo[] info = new ContentInfo[]
{
contentInfo,
contentInfo2
};
byte[] encoded = new AuthenticatedSafe(info).GetEncoded(this.useDerEncoding ? "DER" : "BER");
ContentInfo contentInfo3 = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(encoded));
MacData macData = null;
if (password != null)
{
byte[] array3 = new byte[20];
random.NextBytes(array3);
byte[] digest = Pkcs12Store.CalculatePbeMac(OiwObjectIdentifiers.IdSha1, array3, 1024, password, false, encoded);
AlgorithmIdentifier algID = new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1, DerNull.Instance);
DigestInfo digInfo = new DigestInfo(algID, digest);
macData = new MacData(digInfo, array3, 1024);
}
Pfx obj6 = new Pfx(contentInfo3, macData);
DerOutputStream derOutputStream;
if (this.useDerEncoding)
{
derOutputStream = new DerOutputStream(stream);
}
else
{
derOutputStream = new BerOutputStream(stream);
}
derOutputStream.WriteObject(obj6);
}
/// <summary>
/// Create the actual certificate
/// </summary>
public static bool CreateCertificate(ICertificateSettings settings, Action<string> log, out string thumbprint, out string errorMessage)
{
errorMessage = string.Empty;
thumbprint = string.Empty;
try
{
var keyStore = new Pkcs12Store();
log(Strings.GeneratingKeys);
var pGen = new RsaKeyPairGenerator();
var genParam = new
RsaKeyGenerationParameters(
BigInteger.ValueOf(0x10001),
new SecureRandom(),
1024,
10);
pGen.Init(genParam);
var keyPair = pGen.GenerateKeyPair();
log(Strings.GeneratingCertificate);
var attrs = new Dictionary<DerObjectIdentifier, string>();
var oids = new List<DerObjectIdentifier> { X509Name.O, X509Name.L, X509Name.C, X509Name.CN, X509Name.EmailAddress, X509Name.OU, X509Name.ST };
oids.Reverse();
if (!string.IsNullOrEmpty(settings.OrgName)) attrs.Add(X509Name.O, settings.OrgName); else oids.Remove(X509Name.O);
if (!string.IsNullOrEmpty(settings.OrgUnit)) attrs.Add(X509Name.OU, settings.OrgUnit); else oids.Remove(X509Name.OU);
if (!string.IsNullOrEmpty(settings.City)) attrs.Add(X509Name.L, settings.City); else oids.Remove(X509Name.L);
if (!string.IsNullOrEmpty(settings.CountryCode)) attrs.Add(X509Name.C, settings.CountryCode); else oids.Remove(X509Name.C);
if (!string.IsNullOrEmpty(settings.State)) attrs.Add(X509Name.ST, settings.State); else oids.Remove(X509Name.ST);
if (!string.IsNullOrEmpty(settings.Email)) attrs.Add(X509Name.EmailAddress, settings.Email); else oids.Remove(X509Name.EmailAddress);
if (!string.IsNullOrEmpty(settings.UserName)) attrs.Add(X509Name.CN, settings.UserName); else oids.Remove(X509Name.CN);
var certGen = new X509V3CertificateGenerator();
var random = new SecureRandom();
certGen.SetSerialNumber(BigInteger.ValueOf(Math.Abs(random.NextInt())));
certGen.SetIssuerDN(new X509Name(oids, attrs));
certGen.SetNotBefore(DateTime.Today.Subtract(new TimeSpan(1, 0, 0, 0)));
var years = Math.Min(settings.MaxYears, 50);
certGen.SetNotAfter(DateTime.Today.AddYears(years));
certGen.SetSubjectDN(new X509Name(oids, attrs));
certGen.SetPublicKey(keyPair.Public);
certGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
var cert = certGen.Generate(keyPair.Private);
// Save
log(Strings.SavingCertificate);
var keyEntry = new AsymmetricKeyEntry(keyPair.Private);
var certEntry = new X509CertificateEntry(cert);
const string alias = "alias";
keyStore.SetKeyEntry(alias, keyEntry, new[] { certEntry });
var password = settings.Password;
var memoryStream = new MemoryStream();
keyStore.Save(memoryStream, password.ToCharArray(), random);
memoryStream.Position = 0;
// Save certificate
var path = settings.Path;
var folder = Path.GetDirectoryName(path);
if (!string.IsNullOrEmpty(folder))
Directory.CreateDirectory(folder);
// Set path in finished page.
using (var fileStream = new FileStream(path, FileMode.Create, FileAccess.Write))
{
memoryStream.WriteTo(fileStream);
}
if (settings.ImportInCertificateStore)
{
log("Importing certificate in My Certificates store");
var certificate = new X509Certificate2(path, password,
X509KeyStorageFlags.Exportable |
X509KeyStorageFlags.PersistKeySet);
thumbprint = certificate.Thumbprint;
var x509Store2 = new X509Store(StoreName.My, StoreLocation.CurrentUser);
try
{
x509Store2.Open(OpenFlags.ReadWrite);
x509Store2.Add(certificate);
x509Store2.Close();
}
catch (Exception ex)
{
errorMessage = string.Format("Failed to import certificate because: {0}", ex.Message);
return false;
}
}
if (years < 30)
{
log("Certificate is intended for evaluation purposes. It cannot be used to deploy to the market.");
}
return true;
}
catch (Exception ex)
{
ErrorLog.DumpError(ex);
errorMessage = string.Format("Failed to create certificate because {0}.", ex.Message);
return false;
}
}
/// <summary>
/// Open the certificate
/// </summary>
private void LoadPfx(out X509Certificate[] certificates, out AsymmetricKeyEntry privateKey)
{
if (!string.IsNullOrEmpty(pfxFile))
{
// Load PFX directly
using (var pfxStream = new FileStream(pfxFile, FileMode.Open, FileAccess.Read))
{
var pfx = new Pkcs12Store(pfxStream, pfxPassword.ToCharArray());
var alias = pfx.Aliases.Cast<string>().FirstOrDefault(pfx.IsKeyEntry);
if (alias == null)
throw new ArgumentException("Cannot find a certificate with a key");
certificates = pfx.GetCertificateChain(alias).Select(x => x.Certificate).ToArray();
privateKey = pfx.GetKey(alias);
}
}
else if (!string.IsNullOrEmpty(certificateThumbprint))
{
// Load thumbprint
var x509 = CertificateSupport.GetCertByThumbprint(certificateThumbprint);
if (x509 == null)
throw new ArgumentException("Failed to load certificate by thumbprint");
if (!x509.HasPrivateKey)
throw new ArgumentException("Certificate has no private key");
// Gets the certificates
var parser = new X509CertificateParser();
certificates = new[] { parser.ReadCertificate(x509.RawData) };
// Get the private key
var netPrivateKey = x509.PrivateKey as RSACryptoServiceProvider;
if (netPrivateKey == null)
throw new ArgumentException("Private key is not an RSA crypto service provider");
var parameters = netPrivateKey.ExportParameters(true);
var keyParameters = new RsaPrivateCrtKeyParameters(
new BigInteger(1, parameters.Modulus),
new BigInteger(1, parameters.Exponent),
new BigInteger(1, parameters.D),
new BigInteger(1, parameters.P),
new BigInteger(1, parameters.Q),
new BigInteger(1, parameters.DP),
new BigInteger(1, parameters.DQ),
new BigInteger(1, parameters.InverseQ));
privateKey = new AsymmetricKeyEntry(keyParameters);
}
else
{
throw new ArgumentException("No certificate specified");
}
}
protected virtual void LoadKeyBag(PrivateKeyInfo privKeyInfo, Asn1Set bagAttributes)
{
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privKeyInfo);
IDictionary attributes = Platform.CreateHashtable();
AsymmetricKeyEntry keyEntry = new AsymmetricKeyEntry(privKey, attributes);
string alias = null;
Asn1OctetString localId = null;
if (bagAttributes != null)
{
foreach (Asn1Sequence sq in bagAttributes)
{
DerObjectIdentifier aOid = DerObjectIdentifier.GetInstance(sq[0]);
Asn1Set attrSet = Asn1Set.GetInstance(sq[1]);
Asn1Encodable attr = null;
if (attrSet.Count > 0)
{
// TODO We should be adding all attributes in the set
attr = attrSet[0];
// TODO We might want to "merge" attribute sets with
// the same OID - currently, differing values give an error
if (attributes.Contains(aOid.Id))
{
// OK, but the value has to be the same
if (!attributes[aOid.Id].Equals(attr))
{
throw new IOException("attempt to add existing attribute with different value");
}
}
else
{
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
// TODO Do these in a separate loop, just collect aliases here
keys[alias] = keyEntry;
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
}
}
if (localId != null)
{
string name = Hex.ToHexString(localId.GetOctets());
if (alias == null)
{
keys[name] = keyEntry;
}
else
{
// TODO There may have been more than one alias
localIds[alias] = name;
}
}
else
{
unmarkedKeyEntry = keyEntry;
}
}
public void Load(Stream input, char[] password)
{
if (input == null)
{
throw new ArgumentNullException("input");
}
Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromStream(input);
Pfx pfx = new Pfx(seq);
ContentInfo authSafe = pfx.AuthSafe;
bool wrongPkcs12Zero = false;
if (password != null && pfx.MacData != null)
{
MacData macData = pfx.MacData;
DigestInfo mac = macData.Mac;
AlgorithmIdentifier algorithmID = mac.AlgorithmID;
byte[] salt = macData.GetSalt();
int intValue = macData.IterationCount.IntValue;
byte[] octets = ((Asn1OctetString)authSafe.Content).GetOctets();
byte[] a = Pkcs12Store.CalculatePbeMac(algorithmID.ObjectID, salt, intValue, password, false, octets);
byte[] digest = mac.GetDigest();
if (!Arrays.ConstantTimeAreEqual(a, digest))
{
if (password.Length > 0)
{
throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file.");
}
a = Pkcs12Store.CalculatePbeMac(algorithmID.ObjectID, salt, intValue, password, true, octets);
if (!Arrays.ConstantTimeAreEqual(a, digest))
{
throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file.");
}
wrongPkcs12Zero = true;
}
}
this.keys.Clear();
this.localIds.Clear();
this.unmarkedKeyEntry = null;
IList list = Platform.CreateArrayList();
if (authSafe.ContentType.Equals(PkcsObjectIdentifiers.Data))
{
byte[] octets2 = ((Asn1OctetString)authSafe.Content).GetOctets();
AuthenticatedSafe authenticatedSafe = new AuthenticatedSafe((Asn1Sequence)Asn1Object.FromByteArray(octets2));
ContentInfo[] contentInfo = authenticatedSafe.GetContentInfo();
ContentInfo[] array = contentInfo;
for (int i = 0; i < array.Length; i++)
{
ContentInfo contentInfo2 = array[i];
DerObjectIdentifier contentType = contentInfo2.ContentType;
byte[] array2 = null;
if (contentType.Equals(PkcsObjectIdentifiers.Data))
{
array2 = ((Asn1OctetString)contentInfo2.Content).GetOctets();
}
else if (contentType.Equals(PkcsObjectIdentifiers.EncryptedData) && password != null)
{
EncryptedData instance = EncryptedData.GetInstance(contentInfo2.Content);
array2 = Pkcs12Store.CryptPbeData(false, instance.EncryptionAlgorithm, password, wrongPkcs12Zero, instance.Content.GetOctets());
}
if (array2 != null)
{
Asn1Sequence asn1Sequence = (Asn1Sequence)Asn1Object.FromByteArray(array2);
foreach (Asn1Sequence seq2 in asn1Sequence)
{
SafeBag safeBag = new SafeBag(seq2);
if (safeBag.BagID.Equals(PkcsObjectIdentifiers.CertBag))
{
list.Add(safeBag);
}
else if (safeBag.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag))
{
this.LoadPkcs8ShroudedKeyBag(EncryptedPrivateKeyInfo.GetInstance(safeBag.BagValue), safeBag.BagAttributes, password, wrongPkcs12Zero);
}
else if (safeBag.BagID.Equals(PkcsObjectIdentifiers.KeyBag))
{
this.LoadKeyBag(PrivateKeyInfo.GetInstance(safeBag.BagValue), safeBag.BagAttributes);
}
}
}
}
}
this.certs.Clear();
this.chainCerts.Clear();
this.keyCerts.Clear();
foreach (SafeBag safeBag2 in list)
{
CertBag certBag = new CertBag((Asn1Sequence)safeBag2.BagValue);
byte[] octets3 = ((Asn1OctetString)certBag.CertValue).GetOctets();
X509Certificate x509Certificate = new X509CertificateParser().ReadCertificate(octets3);
IDictionary dictionary = Platform.CreateHashtable();
Asn1OctetString asn1OctetString = null;
string text = null;
if (safeBag2.BagAttributes != null)
{
foreach (Asn1Sequence asn1Sequence2 in safeBag2.BagAttributes)
{
DerObjectIdentifier instance2 = DerObjectIdentifier.GetInstance(asn1Sequence2[0]);
Asn1Set instance3 = Asn1Set.GetInstance(asn1Sequence2[1]);
if (instance3.Count > 0)
{
Asn1Encodable asn1Encodable = instance3[0];
if (dictionary.Contains(instance2.Id))
{
if (!dictionary[instance2.Id].Equals(asn1Encodable))
{
throw new IOException("attempt to add existing attribute with different value");
}
}
else
{
dictionary.Add(instance2.Id, asn1Encodable);
}
if (instance2.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
text = ((DerBmpString)asn1Encodable).GetString();
}
else if (instance2.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
asn1OctetString = (Asn1OctetString)asn1Encodable;
}
}
}
}
Pkcs12Store.CertId certId = new Pkcs12Store.CertId(x509Certificate.GetPublicKey());
X509CertificateEntry value = new X509CertificateEntry(x509Certificate, dictionary);
this.chainCerts[certId] = value;
if (this.unmarkedKeyEntry != null)
{
if (this.keyCerts.Count == 0)
{
string text2 = Hex.ToHexString(certId.Id);
this.keyCerts[text2] = value;
this.keys[text2] = this.unmarkedKeyEntry;
}
}
else
{
if (asn1OctetString != null)
{
string key = Hex.ToHexString(asn1OctetString.GetOctets());
this.keyCerts[key] = value;
}
if (text != null)
{
this.certs[text] = value;
}
}
}
}
public void Load(
Stream input,
char[] password)
{
if (input == null)
{
throw new ArgumentNullException("input");
}
Asn1Sequence obj = (Asn1Sequence)Asn1Object.FromStream(input);
Pfx bag = new Pfx(obj);
ContentInfo info = bag.AuthSafe;
bool wrongPkcs12Zero = false;
if (password != null && bag.MacData != null) // check the mac code
{
MacData mData = bag.MacData;
DigestInfo dInfo = mData.Mac;
AlgorithmIdentifier algId = dInfo.AlgorithmID;
byte[] salt = mData.GetSalt();
int itCount = mData.IterationCount.IntValue;
byte[] data = ((Asn1OctetString)info.Content).GetOctets();
byte[] mac = CalculatePbeMac(algId.Algorithm, salt, itCount, password, false, data);
byte[] dig = dInfo.GetDigest();
if (!Arrays.ConstantTimeAreEqual(mac, dig))
{
if (password.Length > 0)
{
throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file.");
}
// Try with incorrect zero length password
mac = CalculatePbeMac(algId.Algorithm, salt, itCount, password, true, data);
if (!Arrays.ConstantTimeAreEqual(mac, dig))
{
throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file.");
}
wrongPkcs12Zero = true;
}
}
keys.Clear();
localIds.Clear();
unmarkedKeyEntry = null;
IList certBags = Platform.CreateArrayList();
if (info.ContentType.Equals(PkcsObjectIdentifiers.Data))
{
byte[] octs = ((Asn1OctetString)info.Content).GetOctets();
AuthenticatedSafe authSafe = new AuthenticatedSafe(
(Asn1Sequence)Asn1OctetString.FromByteArray(octs));
ContentInfo[] cis = authSafe.GetContentInfo();
foreach (ContentInfo ci in cis)
{
DerObjectIdentifier oid = ci.ContentType;
byte[] octets = null;
if (oid.Equals(PkcsObjectIdentifiers.Data))
{
octets = ((Asn1OctetString)ci.Content).GetOctets();
}
else if (oid.Equals(PkcsObjectIdentifiers.EncryptedData))
{
if (password != null)
{
EncryptedData d = EncryptedData.GetInstance(ci.Content);
octets = CryptPbeData(false, d.EncryptionAlgorithm,
password, wrongPkcs12Zero, d.Content.GetOctets());
}
}
else
{
// TODO Other data types
}
if (octets != null)
{
Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(octets);
foreach (Asn1Sequence subSeq in seq)
{
SafeBag b = new SafeBag(subSeq);
if (b.BagID.Equals(PkcsObjectIdentifiers.CertBag))
{
certBags.Add(b);
}
else if (b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag))
{
LoadPkcs8ShroudedKeyBag(EncryptedPrivateKeyInfo.GetInstance(b.BagValue),
b.BagAttributes, password, wrongPkcs12Zero);
}
else if (b.BagID.Equals(PkcsObjectIdentifiers.KeyBag))
{
LoadKeyBag(PrivateKeyInfo.GetInstance(b.BagValue), b.BagAttributes);
}
else
{
// TODO Other bag types
}
}
}
}
}
certs.Clear();
chainCerts.Clear();
keyCerts.Clear();
foreach (SafeBag b in certBags)
{
CertBag certBag = new CertBag((Asn1Sequence)b.BagValue);
byte[] octets = ((Asn1OctetString)certBag.CertValue).GetOctets();
X509Certificate cert = new X509CertificateParser().ReadCertificate(octets);
//
// set the attributes
//
IDictionary attributes = Platform.CreateHashtable();
Asn1OctetString localId = null;
string alias = null;
if (b.BagAttributes != null)
{
foreach (Asn1Sequence sq in b.BagAttributes)
{
DerObjectIdentifier aOid = DerObjectIdentifier.GetInstance(sq[0]);
Asn1Set attrSet = Asn1Set.GetInstance(sq[1]);
if (attrSet.Count > 0)
{
// TODO We should be adding all attributes in the set
Asn1Encodable attr = attrSet[0];
// TODO We might want to "merge" attribute sets with
// the same OID - currently, differing values give an error
if (attributes.Contains(aOid.Id))
{
// OK, but the value has to be the same
if (!attributes[aOid.Id].Equals(attr))
{
throw new IOException("attempt to add existing attribute with different value");
}
}
else
{
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
}
}
CertId certId = new CertId(cert.GetPublicKey());
X509CertificateEntry certEntry = new X509CertificateEntry(cert, attributes);
chainCerts[certId] = certEntry;
if (unmarkedKeyEntry != null)
{
if (keyCerts.Count == 0)
{
string name = Hex.ToHexString(certId.Id);
keyCerts[name] = certEntry;
keys[name] = unmarkedKeyEntry;
}
else
{
keys["unmarked"] = unmarkedKeyEntry;
}
}
else
{
if (localId != null)
{
string name = Hex.ToHexString(localId.GetOctets());
keyCerts[name] = certEntry;
}
if (alias != null)
{
// TODO There may have been more than one alias
certs[alias] = certEntry;
}
}
}
}
public void Load(
Stream input,
char[] password)
{
if (input == null)
throw new ArgumentNullException("input");
if (password == null)
throw new ArgumentNullException("password");
Asn1Sequence obj = (Asn1Sequence) Asn1Object.FromStream(input);
Pfx bag = new Pfx(obj);
ContentInfo info = bag.AuthSafe;
bool unmarkedKey = false;
bool wrongPkcs12Zero = false;
if (bag.MacData != null) // check the mac code
{
MacData mData = bag.MacData;
DigestInfo dInfo = mData.Mac;
AlgorithmIdentifier algId = dInfo.AlgorithmID;
byte[] salt = mData.GetSalt();
int itCount = mData.IterationCount.IntValue;
byte[] data = ((Asn1OctetString) info.Content).GetOctets();
byte[] mac = CalculatePbeMac(algId.ObjectID, salt, itCount, password, false, data);
byte[] dig = dInfo.GetDigest();
if (!Arrays.ConstantTimeAreEqual(mac, dig))
{
if (password.Length > 0)
throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file.");
// Try with incorrect zero length password
mac = CalculatePbeMac(algId.ObjectID, salt, itCount, password, true, data);
if (!Arrays.ConstantTimeAreEqual(mac, dig))
throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file.");
wrongPkcs12Zero = true;
}
}
keys.Clear();
localIds.Clear();
IList chain = Platform.CreateArrayList();
if (info.ContentType.Equals(PkcsObjectIdentifiers.Data))
{
byte[] octs = ((Asn1OctetString)info.Content).GetOctets();
AuthenticatedSafe authSafe = new AuthenticatedSafe(
(Asn1Sequence) Asn1OctetString.FromByteArray(octs));
ContentInfo[] cis = authSafe.GetContentInfo();
foreach (ContentInfo ci in cis)
{
DerObjectIdentifier oid = ci.ContentType;
if (oid.Equals(PkcsObjectIdentifiers.Data))
{
byte[] octets = ((Asn1OctetString)ci.Content).GetOctets();
Asn1Sequence seq = (Asn1Sequence) Asn1Object.FromByteArray(octets);
foreach (Asn1Sequence subSeq in seq)
{
SafeBag b = new SafeBag(subSeq);
if (b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag))
{
EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.GetInstance(b.BagValue);
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(
password, wrongPkcs12Zero, eIn);
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo);
//
// set the attributes on the key
//
IDictionary attributes = Platform.CreateHashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
string alias = null;
Asn1OctetString localId = null;
if (b.BagAttributes != null)
{
foreach (Asn1Sequence sq in b.BagAttributes)
{
DerObjectIdentifier aOid = (DerObjectIdentifier) sq[0];
Asn1Set attrSet = (Asn1Set) sq[1];
Asn1Encodable attr = null;
if (attrSet.Count > 0)
{
// TODO We should be adding all attributes in the set
attr = attrSet[0];
// TODO We might want to "merge" attribute sets with
// the same OID - currently, differing values give an error
if (attributes.Contains(aOid.Id))
{
// OK, but the value has to be the same
if (!attributes[aOid.Id].Equals(attr))
{
throw new IOException("attempt to add existing attribute with different value");
}
}
else
{
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
// TODO Do these in a separate loop, just collect aliases here
keys[alias] = pkcs12Key;
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
}
}
if (localId != null)
{
string name = Hex.ToHexString(localId.GetOctets());
if (alias == null)
{
keys[name] = pkcs12Key;
}
else
{
// TODO There may have been more than one alias
localIds[alias] = name;
}
}
else
{
unmarkedKey = true;
keys["unmarked"] = pkcs12Key;
}
}
else if (b.BagID.Equals(PkcsObjectIdentifiers.CertBag))
{
chain.Add(b);
}
else
{
//TODO: COMENTADO
//Console.WriteLine("extra " + b.BagID);
//Console.WriteLine("extra " + Asn1Dump.DumpAsString(b));
}
}
}
else if (oid.Equals(PkcsObjectIdentifiers.EncryptedData))
{
EncryptedData d = EncryptedData.GetInstance(ci.Content);
byte[] octets = CryptPbeData(false, d.EncryptionAlgorithm,
password, wrongPkcs12Zero, d.Content.GetOctets());
Asn1Sequence seq = (Asn1Sequence) Asn1Object.FromByteArray(octets);
foreach (Asn1Sequence subSeq in seq)
{
SafeBag b = new SafeBag(subSeq);
if (b.BagID.Equals(PkcsObjectIdentifiers.CertBag))
{
chain.Add(b);
}
else if (b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag))
{
EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.GetInstance(b.BagValue);
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(
password, wrongPkcs12Zero, eIn);
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo);
//
// set the attributes on the key
//
IDictionary attributes = Platform.CreateHashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
string alias = null;
Asn1OctetString localId = null;
foreach (Asn1Sequence sq in b.BagAttributes)
{
DerObjectIdentifier aOid = (DerObjectIdentifier) sq[0];
Asn1Set attrSet = (Asn1Set) sq[1];
Asn1Encodable attr = null;
if (attrSet.Count > 0)
{
// TODO We should be adding all attributes in the set
attr = attrSet[0];
// TODO We might want to "merge" attribute sets with
// the same OID - currently, differing values give an error
if (attributes.Contains(aOid.Id))
{
// OK, but the value has to be the same
if (!attributes[aOid.Id].Equals(attr))
{
throw new IOException("attempt to add existing attribute with different value");
}
}
else
{
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
// TODO Do these in a separate loop, just collect aliases here
keys[alias] = pkcs12Key;
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
}
// TODO Should we be checking localIds != null here
// as for PkcsObjectIdentifiers.Data version above?
string name = Hex.ToHexString(localId.GetOctets());
if (alias == null)
{
keys[name] = pkcs12Key;
}
else
{
// TODO There may have been more than one alias
localIds[alias] = name;
}
}
else if (b.BagID.Equals(PkcsObjectIdentifiers.KeyBag))
{
PrivateKeyInfo privKeyInfo = PrivateKeyInfo.GetInstance(b.BagValue);
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privKeyInfo);
//
// set the attributes on the key
//
string alias = null;
Asn1OctetString localId = null;
IDictionary attributes = Platform.CreateHashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
foreach (Asn1Sequence sq in b.BagAttributes)
{
DerObjectIdentifier aOid = (DerObjectIdentifier) sq[0];
Asn1Set attrSet = (Asn1Set) sq[1];
Asn1Encodable attr = null;
if (attrSet.Count > 0)
{
// TODO We should be adding all attributes in the set
attr = attrSet[0];
// TODO We might want to "merge" attribute sets with
// the same OID - currently, differing values give an error
if (attributes.Contains(aOid.Id))
{
// OK, but the value has to be the same
if (!attributes[aOid.Id].Equals(attr))
{
throw new IOException("attempt to add existing attribute with different value");
}
}
else
{
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
// TODO Do these in a separate loop, just collect aliases here
keys[alias] = pkcs12Key;
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
}
// TODO Should we be checking localIds != null here
// as for PkcsObjectIdentifiers.Data version above?
string name = Hex.ToHexString(localId.GetOctets());
if (alias == null)
{
keys[name] = pkcs12Key;
}
else
{
// TODO There may have been more than one alias
localIds[alias] = name;
}
}
else
{
//TODO: COMENTADO
//Console.WriteLine("extra " + b.BagID);
//Console.WriteLine("extra " + Asn1Dump.DumpAsString(b));
}
}
}
else
{
//TODO: COMENTADO
//Console.WriteLine("extra " + oid);
//Console.WriteLine("extra " + Asn1Dump.DumpAsString(ci.Content));
}
}
}
certs.Clear();
chainCerts.Clear();
keyCerts.Clear();
foreach (SafeBag b in chain)
{
CertBag cb = new CertBag((Asn1Sequence)b.BagValue);
byte[] octets = ((Asn1OctetString) cb.CertValue).GetOctets();
X509Certificate cert = new X509CertificateParser().ReadCertificate(octets);
//
// set the attributes
//
IDictionary attributes = Platform.CreateHashtable();
Asn1OctetString localId = null;
string alias = null;
if (b.BagAttributes != null)
{
foreach (Asn1Sequence sq in b.BagAttributes)
{
DerObjectIdentifier aOid = (DerObjectIdentifier) sq[0];
Asn1Set attrSet = (Asn1Set) sq[1];
if (attrSet.Count > 0)
{
// TODO We should be adding all attributes in the set
Asn1Encodable attr = attrSet[0];
// TODO We might want to "merge" attribute sets with
// the same OID - currently, differing values give an error
if (attributes.Contains(aOid.Id))
{
// OK, but the value has to be the same
if (!attributes[aOid.Id].Equals(attr))
{
throw new IOException("attempt to add existing attribute with different value");
}
}
else
{
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
}
}
CertId certId = new CertId(cert.GetPublicKey());
X509CertificateEntry pkcs12Cert = new X509CertificateEntry(cert, attributes);
chainCerts[certId] = pkcs12Cert;
if (unmarkedKey)
{
if (keyCerts.Count == 0)
{
string name = Hex.ToHexString(certId.Id);
keyCerts[name] = pkcs12Cert;
object temp = keys["unmarked"];
keys.Remove("unmarked");
keys[name] = temp;
}
}
else
{
if (localId != null)
{
string name = Hex.ToHexString(localId.GetOctets());
keyCerts[name] = pkcs12Cert;
}
if (alias != null)
{
// TODO There may have been more than one alias
certs[alias] = pkcs12Cert;
}
}
}
}
private static byte[] GeneratePkcs12(AsymmetricCipherKeyPair keys, Org.BouncyCastle.X509.X509Certificate cert, string friendlyName, string password,
Dictionary<string, Org.BouncyCastle.X509.X509Certificate> chain)
{
var chainCerts = new List<X509CertificateEntry>();
// Create the PKCS12 store
Pkcs12Store store = new Pkcs12StoreBuilder().Build();
// Add a Certificate entry
X509CertificateEntry certEntry = new X509CertificateEntry(cert);
store.SetCertificateEntry(friendlyName, certEntry); // use DN as the Alias.
//chainCerts.Add(certEntry);
// Add chain entries
var additionalCertsAsBytes = new List<byte[]>();
if (chain != null && chain.Count > 0)
{
foreach (var additionalCert in chain)
{
additionalCertsAsBytes.Add(additionalCert.Value.GetEncoded());
}
}
if (chain != null && chain.Count > 0)
{
var addicionalCertsAsX09Chain = BuildCertificateChainBC(cert.GetEncoded(), additionalCertsAsBytes);
foreach (var addCertAsX09 in addicionalCertsAsX09Chain)
{
chainCerts.Add(new X509CertificateEntry(addCertAsX09));
}
}
// Add a key entry
AsymmetricKeyEntry keyEntry = new AsymmetricKeyEntry(keys.Private);
// no chain
store.SetKeyEntry(friendlyName, keyEntry, new X509CertificateEntry[] { certEntry });
using (var memoryStream = new MemoryStream())
{
store.Save(memoryStream, password.ToCharArray(), new SecureRandom());
return memoryStream.ToArray();
}
}
protected virtual void LoadKeyBag(PrivateKeyInfo privKeyInfo, Asn1Set bagAttributes)
{
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privKeyInfo);
IDictionary attributes = Platform.CreateHashtable();
AsymmetricKeyEntry keyEntry = new AsymmetricKeyEntry(privKey, attributes);
string alias = null;
Asn1OctetString localId = null;
if (bagAttributes != null)
{
foreach (Asn1Sequence sq in bagAttributes)
{
DerObjectIdentifier aOid = DerObjectIdentifier.GetInstance(sq[0]);
Asn1Set attrSet = Asn1Set.GetInstance(sq[1]);
Asn1Encodable attr = null;
if (attrSet.Count > 0)
{
// TODO We should be adding all attributes in the set
attr = attrSet[0];
// TODO We might want to "merge" attribute sets with
// the same OID - currently, differing values give an error
if (attributes.Contains(aOid.Id))
{
// OK, but the value has to be the same
if (!attributes[aOid.Id].Equals(attr))
throw new IOException("attempt to add existing attribute with different value");
}
else
{
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
// TODO Do these in a separate loop, just collect aliases here
keys[alias] = keyEntry;
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
}
}
if (localId != null)
{
string name = Hex.ToHexString(localId.GetOctets());
if (alias == null)
{
keys[name] = keyEntry;
}
else
{
// TODO There may have been more than one alias
localIds[alias] = name;
}
}
else
{
unmarkedKeyEntry = keyEntry;
}
}
private void basicStoreTest(AsymmetricKeyEntry privKey, X509CertificateEntry[] chain,
DerObjectIdentifier keyAlgorithm, DerObjectIdentifier certAlgorithm)
{
Pkcs12Store store = new Pkcs12StoreBuilder()
.SetKeyAlgorithm(keyAlgorithm)
.SetCertAlgorithm(certAlgorithm)
.Build();
store.SetKeyEntry("key", privKey, chain);
MemoryStream bOut = new MemoryStream();
store.Save(bOut, passwd, new SecureRandom());
store.Load(new MemoryStream(bOut.ToArray(), false), passwd);
AsymmetricKeyEntry k = store.GetKey("key");
if (!k.Equals(privKey))
{
Fail("private key didn't match");
}
X509CertificateEntry[] c = store.GetCertificateChain("key");
if (c.Length != chain.Length || !c[0].Equals(chain[0]))
{
Fail("certificates didn't match");
}
// check attributes
Pkcs12Entry b1 = k;
Pkcs12Entry b2 = chain[0];
if (b1[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] != null)
{
DerBmpString name = (DerBmpString)b1[PkcsObjectIdentifiers.Pkcs9AtFriendlyName];
if (!name.Equals(new DerBmpString("key")))
{
Fail("friendly name wrong");
}
}
else
{
Fail("no friendly name found on key");
}
if (b1[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] != null)
{
Asn1OctetString id = (Asn1OctetString)b1[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID];
if (!id.Equals(b2[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID]))
{
Fail("local key id mismatch");
}
}
else
{
Fail("no local key id found");
}
//
// check algorithm types.
//
Asn1InputStream aIn = new Asn1InputStream(bOut.ToArray());
Pfx pfx = new Pfx((Asn1Sequence)aIn.ReadObject());
ContentInfo cInfo = pfx.AuthSafe;
Asn1OctetString auth = (Asn1OctetString)cInfo.Content;
aIn = new Asn1InputStream(auth.GetOctets());
Asn1Sequence s1 = (Asn1Sequence)aIn.ReadObject();
ContentInfo c1 = ContentInfo.GetInstance(s1[0]);
ContentInfo c2 = ContentInfo.GetInstance(s1[1]);
aIn = new Asn1InputStream(((Asn1OctetString)c1.Content).GetOctets());
SafeBag sb = new SafeBag((Asn1Sequence)(((Asn1Sequence)aIn.ReadObject())[0]));
EncryptedPrivateKeyInfo encInfo = EncryptedPrivateKeyInfo.GetInstance(sb.BagValue);
// check the key encryption
if (!encInfo.EncryptionAlgorithm.Algorithm.Equals(keyAlgorithm))
{
Fail("key encryption algorithm wrong");
}
// check the certificate encryption
EncryptedData cb = EncryptedData.GetInstance(c2.Content);
if (!cb.EncryptionAlgorithm.Algorithm.Equals(certAlgorithm))
{
Fail("cert encryption algorithm wrong");
}
}
public void Load(
Stream input,
char[] password)
{
if (input == null)
throw new ArgumentNullException("input");
Asn1Sequence obj = (Asn1Sequence) Asn1Object.FromStream(input);
Pfx bag = new Pfx(obj);
ContentInfo info = bag.AuthSafe;
bool wrongPkcs12Zero = false;
if (password != null && bag.MacData != null) // check the mac code
{
MacData mData = bag.MacData;
DigestInfo dInfo = mData.Mac;
AlgorithmIdentifier algId = dInfo.AlgorithmID;
byte[] salt = mData.GetSalt();
int itCount = mData.IterationCount.IntValue;
byte[] data = ((Asn1OctetString) info.Content).GetOctets();
byte[] mac = CalculatePbeMac(algId.ObjectID, salt, itCount, password, false, data);
byte[] dig = dInfo.GetDigest();
if (!Arrays.ConstantTimeAreEqual(mac, dig))
{
if (password.Length > 0)
throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file.");
// Try with incorrect zero length password
mac = CalculatePbeMac(algId.ObjectID, salt, itCount, password, true, data);
if (!Arrays.ConstantTimeAreEqual(mac, dig))
throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file.");
wrongPkcs12Zero = true;
}
}
keys.Clear();
localIds.Clear();
unmarkedKeyEntry = null;
IList certBags = Platform.CreateArrayList();
if (info.ContentType.Equals(PkcsObjectIdentifiers.Data))
{
byte[] octs = ((Asn1OctetString)info.Content).GetOctets();
AuthenticatedSafe authSafe = new AuthenticatedSafe(
(Asn1Sequence) Asn1OctetString.FromByteArray(octs));
ContentInfo[] cis = authSafe.GetContentInfo();
foreach (ContentInfo ci in cis)
{
DerObjectIdentifier oid = ci.ContentType;
byte[] octets = null;
if (oid.Equals(PkcsObjectIdentifiers.Data))
{
octets = ((Asn1OctetString)ci.Content).GetOctets();
}
else if (oid.Equals(PkcsObjectIdentifiers.EncryptedData))
{
if (password != null)
{
EncryptedData d = EncryptedData.GetInstance(ci.Content);
octets = CryptPbeData(false, d.EncryptionAlgorithm,
password, wrongPkcs12Zero, d.Content.GetOctets());
}
}
else
{
// TODO Other data types
}
if (octets != null)
{
Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(octets);
foreach (Asn1Sequence subSeq in seq)
{
SafeBag b = new SafeBag(subSeq);
if (b.BagID.Equals(PkcsObjectIdentifiers.CertBag))
{
certBags.Add(b);
}
else if (b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag))
{
LoadPkcs8ShroudedKeyBag(EncryptedPrivateKeyInfo.GetInstance(b.BagValue),
b.BagAttributes, password, wrongPkcs12Zero);
}
else if (b.BagID.Equals(PkcsObjectIdentifiers.KeyBag))
{
LoadKeyBag(PrivateKeyInfo.GetInstance(b.BagValue), b.BagAttributes);
}
else
{
// TODO Other bag types
}
}
}
}
}
certs.Clear();
chainCerts.Clear();
keyCerts.Clear();
foreach (SafeBag b in certBags)
{
CertBag certBag = new CertBag((Asn1Sequence)b.BagValue);
byte[] octets = ((Asn1OctetString)certBag.CertValue).GetOctets();
X509Certificate cert = new X509CertificateParser().ReadCertificate(octets);
//
// set the attributes
//
IDictionary attributes = Platform.CreateHashtable();
Asn1OctetString localId = null;
string alias = null;
if (b.BagAttributes != null)
{
foreach (Asn1Sequence sq in b.BagAttributes)
{
DerObjectIdentifier aOid = DerObjectIdentifier.GetInstance(sq[0]);
Asn1Set attrSet = Asn1Set.GetInstance(sq[1]);
if (attrSet.Count > 0)
{
// TODO We should be adding all attributes in the set
Asn1Encodable attr = attrSet[0];
// TODO We might want to "merge" attribute sets with
// the same OID - currently, differing values give an error
if (attributes.Contains(aOid.Id))
{
// OK, but the value has to be the same
if (!attributes[aOid.Id].Equals(attr))
{
throw new IOException("attempt to add existing attribute with different value");
}
}
else
{
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
}
}
CertId certId = new CertId(cert.GetPublicKey());
X509CertificateEntry certEntry = new X509CertificateEntry(cert, attributes);
chainCerts[certId] = certEntry;
if (unmarkedKeyEntry != null)
{
if (keyCerts.Count == 0)
{
string name = Hex.ToHexString(certId.Id);
keyCerts[name] = certEntry;
keys[name] = unmarkedKeyEntry;
}
}
else
{
if (localId != null)
{
string name = Hex.ToHexString(localId.GetOctets());
keyCerts[name] = certEntry;
}
if (alias != null)
{
// TODO There may have been more than one alias
certs[alias] = certEntry;
}
}
}
}
public void Save(
Stream stream,
char[] password,
SecureRandom random)
{
if (stream == null)
{
throw new ArgumentNullException("stream");
}
if (password == null)
{
throw new ArgumentNullException("password");
}
if (random == null)
{
throw new ArgumentNullException("random");
}
ContentInfo[] c = new ContentInfo[2];
//
// handle the key
//
Asn1EncodableVector keyS = new Asn1EncodableVector();
foreach (string name in keys.Keys)
{
byte[] kSalt = new byte[saltSize];
random.NextBytes(kSalt);
AsymmetricKeyEntry privKey = (AsymmetricKeyEntry)keys[name];
EncryptedPrivateKeyInfo kInfo =
EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(
keyAlgorithm, password, kSalt, minIterations, privKey.Key);
Asn1EncodableVector kName = new Asn1EncodableVector();
foreach (string oid in privKey.BagAttributeKeys)
{
kName.Add(
new DerSequence(
new DerObjectIdentifier(oid),
new DerSet(privKey[oid])));
}
//
// make sure we have a local key-id
//
if (privKey[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null)
{
X509CertificateEntry ct = GetCertificate(name);
SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(
ct.Certificate.GetPublicKey());
kName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtLocalKeyID,
new DerSet(new SubjectKeyIdentifier(info))));
}
//
// make sure we are using the local alias on store
//
DerBmpString nm = (DerBmpString)privKey[PkcsObjectIdentifiers.Pkcs9AtFriendlyName];
if (nm == null || !nm.GetString().Equals(name))
{
kName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtFriendlyName,
new DerSet(new DerBmpString(name))));
}
SafeBag kBag = new SafeBag(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag, kInfo.ToAsn1Object(), new DerSet(kName));
keyS.Add(kBag);
}
byte[] derEncodedBytes = new DerSequence(keyS).GetDerEncoded();
BerOctetString keyString = new BerOctetString(derEncodedBytes);
//
// certificate processing
//
byte[] cSalt = new byte[saltSize];
random.NextBytes(cSalt);
Asn1EncodableVector certSeq = new Asn1EncodableVector();
Pkcs12PbeParams cParams = new Pkcs12PbeParams(cSalt, minIterations);
AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.ToAsn1Object());
Hashtable doneCerts = new Hashtable();
foreach (string name in keys.Keys)
{
X509CertificateEntry certEntry = GetCertificate(name);
CertBag cBag = new CertBag(
PkcsObjectIdentifiers.X509CertType,
new DerOctetString(certEntry.Certificate.GetEncoded()));
Asn1EncodableVector fName = new Asn1EncodableVector();
foreach (string oid in certEntry.BagAttributeKeys)
{
fName.Add(
new DerSequence(
new DerObjectIdentifier(oid),
new DerSet(certEntry[oid])));
}
//
// make sure we are using the local alias on store
//
DerBmpString nm = (DerBmpString)certEntry[PkcsObjectIdentifiers.Pkcs9AtFriendlyName];
if (nm == null || !nm.GetString().Equals(name))
{
fName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtFriendlyName,
new DerSet(new DerBmpString(name))));
}
//
// make sure we have a local key-id
//
if (certEntry[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null)
{
SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(
certEntry.Certificate.GetPublicKey());
fName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtLocalKeyID,
new DerSet(new SubjectKeyIdentifier(info))));
}
SafeBag sBag = new SafeBag(
PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName));
certSeq.Add(sBag);
doneCerts.Add(certEntry.Certificate, certEntry.Certificate);
}
foreach (string certId in certs.Keys)
{
X509CertificateEntry cert = (X509CertificateEntry)certs[certId];
if (keys[certId] != null)
{
continue;
}
CertBag cBag = new CertBag(
PkcsObjectIdentifiers.X509CertType,
new DerOctetString(cert.Certificate.GetEncoded()));
Asn1EncodableVector fName = new Asn1EncodableVector();
foreach (string oid in cert.BagAttributeKeys)
{
fName.Add(
new DerSequence(
new DerObjectIdentifier(oid),
new DerSet(cert[oid])));
}
//
// make sure we are using the local alias on store
//
DerBmpString nm = (DerBmpString)cert[PkcsObjectIdentifiers.Pkcs9AtFriendlyName];
if (nm == null || !nm.GetString().Equals(certId))
{
fName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtFriendlyName,
new DerSet(new DerBmpString(certId))));
}
SafeBag sBag = new SafeBag(PkcsObjectIdentifiers.CertBag,
cBag.ToAsn1Object(), new DerSet(fName));
certSeq.Add(sBag);
doneCerts.Add(cert, cert);
}
foreach (CertId certId in chainCerts.Keys)
{
X509CertificateEntry cert = (X509CertificateEntry)chainCerts[certId];
if (doneCerts[cert] != null)
{
continue;
}
CertBag cBag = new CertBag(
PkcsObjectIdentifiers.X509CertType,
new DerOctetString(cert.Certificate.GetEncoded()));
Asn1EncodableVector fName = new Asn1EncodableVector();
foreach (string oid in cert.BagAttributeKeys)
{
fName.Add(new DerSequence(new DerObjectIdentifier(oid), new DerSet(cert[oid])));
}
SafeBag sBag = new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName));
certSeq.Add(sBag);
}
derEncodedBytes = new DerSequence(certSeq).GetDerEncoded();
byte[] certBytes = EncryptData(new AlgorithmIdentifier(certAlgorithm, cParams), derEncodedBytes, password);
EncryptedData cInfo = new EncryptedData(PkcsObjectIdentifiers.Data, cAlgId, new BerOctetString(certBytes));
c[0] = new ContentInfo(PkcsObjectIdentifiers.Data, keyString);
c[1] = new ContentInfo(PkcsObjectIdentifiers.EncryptedData, cInfo.ToAsn1Object());
AuthenticatedSafe auth = new AuthenticatedSafe(c);
byte[] pkg = auth.GetEncoded();
ContentInfo mainInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(pkg));
//
// create the mac
//
byte[] mSalt = new byte[20];
int itCount = minIterations;
random.NextBytes(mSalt);
byte[] data = ((Asn1OctetString)mainInfo.Content).GetOctets();
MacData mData = null;
Asn1Encodable parameters = PbeUtilities.GenerateAlgorithmParameters(OiwObjectIdentifiers.IdSha1, mSalt, itCount);
ICipherParameters keyParameters = PbeUtilities.GenerateCipherParameters(
OiwObjectIdentifiers.IdSha1, password, parameters);
IMac mac = (IMac)PbeUtilities.CreateEngine(OiwObjectIdentifiers.IdSha1);
mac.Init(keyParameters);
mac.BlockUpdate(data, 0, data.Length);
byte[] res = new byte[mac.GetMacSize()];
mac.DoFinal(res, 0);
AlgorithmIdentifier algId = new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1, DerNull.Instance);
DigestInfo dInfo = new DigestInfo(algId, res);
mData = new MacData(dInfo, mSalt, itCount);
//
// output the Pfx
//
Pfx pfx = new Pfx(mainInfo, mData);
BerOutputStream berOut = new BerOutputStream(stream);
berOut.WriteObject(pfx);
}
public Pkcs12Store(
Stream input,
char[] password)
{
if (input == null)
throw new ArgumentNullException("input");
if (password == null)
throw new ArgumentNullException("password");
Asn1InputStream bIn = new Asn1InputStream(input);
Asn1Sequence obj = (Asn1Sequence) bIn.ReadObject();
Pfx bag = new Pfx(obj);
ContentInfo info = bag.AuthSafe;
ArrayList chain = new ArrayList();
bool unmarkedKey = false;
bool wrongPkcs12Zero = false;
if (bag.MacData != null) // check the mac code
{
MacData mData = bag.MacData;
DigestInfo dInfo = mData.Mac;
AlgorithmIdentifier algId = dInfo.AlgorithmID;
byte[] salt = mData.GetSalt();
int itCount = mData.IterationCount.IntValue;
byte[] data = ((Asn1OctetString) info.Content).GetOctets();
Asn1Encodable parameters = PbeUtilities.GenerateAlgorithmParameters(
algId.ObjectID, salt, itCount);
ICipherParameters keyParameters = PbeUtilities.GenerateCipherParameters(
algId.ObjectID, password, parameters);
IMac mac = (IMac)PbeUtilities.CreateEngine(algId.ObjectID);
mac.Init(keyParameters);
mac.BlockUpdate(data, 0, data.Length);
byte[] res = new byte[mac.GetMacSize()];
mac.DoFinal(res, 0);
byte[] dig = dInfo.GetDigest();
if (!Arrays.AreEqual(res, dig))
{
if (password.Length > 0)
{
throw new Exception("Pkcs12 key store mac invalid - wrong password or corrupted file.");
}
//
// may be incorrect zero length password
//
keyParameters = PbeUtilities.GenerateCipherParameters(
algId.ObjectID, password, true, parameters);
mac.Init(keyParameters);
mac.BlockUpdate(data, 0, data.Length);
res = new byte[mac.GetMacSize()];
mac.DoFinal(res, 0);
if (!Arrays.AreEqual(res, dig))
{
throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file.");
}
wrongPkcs12Zero = true;
}
}
keys = new IgnoresCaseHashtable();
localIds = new Hashtable();
if (info.ContentType.Equals(PkcsObjectIdentifiers.Data))
{
byte[] octs = ((Asn1OctetString)info.Content).GetOctets();
AuthenticatedSafe authSafe = new AuthenticatedSafe(
(Asn1Sequence) Asn1OctetString.FromByteArray(octs));
ContentInfo[] c = authSafe.GetContentInfo();
for (int i = 0; i != c.Length; i++)
{
if (c[i].ContentType.Equals(PkcsObjectIdentifiers.Data))
{
byte[] octets = ((Asn1OctetString)c[i].Content).GetOctets();
Asn1Sequence seq = (Asn1Sequence) Asn1Object.FromByteArray(octets);
for (int j = 0; j != seq.Count; j++)
{
SafeBag b = new SafeBag((Asn1Sequence) seq[j]);
if (b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag))
{
EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.GetInstance(b.BagValue);
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(
password, wrongPkcs12Zero, eIn);
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo);
//
// set the attributes on the key
//
Hashtable attributes = new Hashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
string alias = null;
Asn1OctetString localId = null;
if (b.BagAttributes != null)
{
foreach (Asn1Sequence sq in b.BagAttributes)
{
DerObjectIdentifier aOid = (DerObjectIdentifier) sq[0];
Asn1Set attrSet = (Asn1Set) sq[1];
Asn1Encodable attr = null;
if (attrSet.Count > 0)
{
attr = attrSet[0];
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
keys[alias] = pkcs12Key;
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
}
if (localId != null)
{
// MASC 20070308. CF compatibility patch
byte[] hex = Hex.Encode(localId.GetOctets());
string name = Encoding.ASCII.GetString(hex,0,hex.Length);
if (alias == null)
{
keys[name] = pkcs12Key;
}
else
{
localIds[alias] = name;
}
}
else
{
unmarkedKey = true;
keys["unmarked"] = pkcs12Key;
}
}
else if (b.BagID.Equals(PkcsObjectIdentifiers.CertBag))
{
chain.Add(b);
}
else
{
Console.WriteLine("extra " + b.BagID);
Console.WriteLine("extra " + Asn1Dump.DumpAsString(b));
}
}
}
else if (c[i].ContentType.Equals(PkcsObjectIdentifiers.EncryptedData))
{
EncryptedData d = EncryptedData.GetInstance(c[i].Content);
Asn1Sequence seq = DecryptData(d.EncryptionAlgorithm, d.Content.GetOctets(), password, wrongPkcs12Zero);
for (int j = 0; j != seq.Count; j++)
{
SafeBag b = new SafeBag((Asn1Sequence) seq[j]);
if (b.BagID.Equals(PkcsObjectIdentifiers.CertBag))
{
chain.Add(b);
}
else if (b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag))
{
EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.GetInstance(b.BagValue);
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(
password, wrongPkcs12Zero, eIn);
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo);
//
// set the attributes on the key
//
Hashtable attributes = new Hashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
string alias = null;
Asn1OctetString localId = null;
foreach (Asn1Sequence sq in b.BagAttributes)
{
DerObjectIdentifier aOid = (DerObjectIdentifier) sq[0];
Asn1Set attrSet = (Asn1Set) sq[1];
Asn1Encodable attr = null;
if (attrSet.Count > 0)
{
attr = attrSet[0];
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
keys[alias] = pkcs12Key;
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
// MASC 20070308. CF compatibility patch
byte[] hex = Hex.Encode(localId.GetOctets());
string name = Encoding.ASCII.GetString(hex,0,hex.Length);
if (alias == null)
{
keys[name] = pkcs12Key;
}
else
{
localIds[alias] = name;
}
}
else if (b.BagID.Equals(PkcsObjectIdentifiers.KeyBag))
{
PrivateKeyInfo privKeyInfo = PrivateKeyInfo.GetInstance(b.BagValue);
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privKeyInfo);
//
// set the attributes on the key
//
string alias = null;
Asn1OctetString localId = null;
Hashtable attributes = new Hashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
foreach (Asn1Sequence sq in b.BagAttributes)
{
DerObjectIdentifier aOid = (DerObjectIdentifier) sq[0];
Asn1Set attrSet = (Asn1Set) sq[1];
Asn1Encodable attr = null;
if (attrSet.Count > 0)
{
attr = attrSet[0];
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
keys[alias] = pkcs12Key;
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
// MASC 20070308. CF compatibility patch
byte[] hex = Hex.Encode(localId.GetOctets());
string name = Encoding.ASCII.GetString(hex,0,hex.Length);
if (alias == null)
{
keys[name] = pkcs12Key;
}
else
{
localIds[alias] = name;
}
}
else
{
Console.WriteLine("extra " + b.BagID);
Console.WriteLine("extra " + Asn1Dump.DumpAsString(b));
}
}
}
else
{
Console.WriteLine("extra " + c[i].ContentType.Id);
Console.WriteLine("extra " + Asn1Dump.DumpAsString(c[i].Content));
}
}
}
certs = new IgnoresCaseHashtable();
chainCerts = new Hashtable();
keyCerts = new Hashtable();
for (int i = 0; i < chain.Count; ++i)
{
SafeBag b = (SafeBag)chain[i];
CertBag cb = new CertBag((Asn1Sequence)b.BagValue);
byte[] octets = ((Asn1OctetString) cb.CertValue).GetOctets();
X509Certificate cert = new X509CertificateParser().ReadCertificate(octets);
//
// set the attributes
//
Hashtable attributes = new Hashtable();
X509CertificateEntry pkcs12Cert = new X509CertificateEntry(cert, attributes);
Asn1OctetString localId = null;
string alias = null;
if (b.BagAttributes != null)
{
foreach (Asn1Sequence sq in b.BagAttributes)
{
DerObjectIdentifier aOid = (DerObjectIdentifier) sq[0];
Asn1Set attrSet = (Asn1Set) sq[1];
if (attrSet.Count > 0)
{
Asn1Encodable attr = attrSet[0];
attributes.Add(aOid.Id, attr);
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
alias = ((DerBmpString)attr).GetString();
}
else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID))
{
localId = (Asn1OctetString)attr;
}
}
}
}
AsymmetricKeyParameter publicKey = cert.GetPublicKey();
chainCerts[new CertId(publicKey)] = pkcs12Cert;
if (unmarkedKey)
{
if (keyCerts.Count == 0)
{
// MASC 20070308. CF compatibility patch
byte[] hex =
Hex.Encode(
new SubjectKeyIdentifier(
SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey)).GetKeyIdentifier());
string name = Encoding.ASCII.GetString( hex,0,hex.Length );
keyCerts[name] = pkcs12Cert;
object temp = keys["unmarked"];
keys.Remove("unmarked");
keys[name] = temp;
}
}
else
{
if (localId != null)
{
// MASC 20070308. CF compatibility patch
byte[] hex = Hex.Encode(localId.GetOctets());
string name = Encoding.ASCII.GetString( hex,0,hex.Length );
keyCerts[name] = pkcs12Cert;
}
if (alias != null)
{
certs[alias] = pkcs12Cert;
}
}
}
}
/// <summary>
/// Exports the specified stream and password to a pkcs12 encrypted file.
/// </summary>
/// <remarks>
/// Exports the specified stream and password to a pkcs12 encrypted file.
/// </remarks>
/// <param name="stream">The output stream.</param>
/// <param name="password">The password to use to lock the private keys.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="stream"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="password"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="System.IO.IOException">
/// An error occurred while writing to the stream.
/// </exception>
public void Export (Stream stream, string password)
{
if (stream == null)
throw new ArgumentNullException ("stream");
if (password == null)
throw new ArgumentNullException ("password");
var store = new Pkcs12Store ();
foreach (var certificate in certs) {
if (keys.ContainsKey (certificate))
continue;
var alias = certificate.GetCommonName ();
if (alias == null)
continue;
var entry = new X509CertificateEntry (certificate);
store.SetCertificateEntry (alias, entry);
}
foreach (var kvp in keys) {
var alias = kvp.Key.GetCommonName ();
if (alias == null)
continue;
var entry = new AsymmetricKeyEntry (kvp.Value);
var cert = new X509CertificateEntry (kvp.Key);
var chain = new List<X509CertificateEntry> ();
chain.Add (cert);
store.SetKeyEntry (alias, entry, chain.ToArray ());
}
store.Save (stream, password.ToCharArray (), new SecureRandom ());
}
private async Task AddToWinCertStore()
{
Pkcs12Store store = new Pkcs12Store();
string friendlyName = "Limelight-Client";
var certEntry = new X509CertificateEntry(cert);
store.SetCertificateEntry(friendlyName, certEntry);
var keyEntry = new AsymmetricKeyEntry(keyPair.Private);
store.SetKeyEntry(friendlyName, keyEntry, new[] { certEntry });
// Copy the Pkcs12Store to a stream using an arbitrary password
const string password = "******";
var stream = new MemoryStream();
store.Save(stream, password.ToCharArray(), new SecureRandom());
// Write to .PFX string
byte[] arr = stream.ToArray();
IBuffer buf = arr.AsBuffer();
string pfx = CryptographicBuffer.EncodeToBase64String(buf);
await CertificateEnrollmentManager.ImportPfxDataAsync(pfx, password, ExportOption.NotExportable, KeyProtectionLevel.NoConsent, InstallOptions.None, friendlyName);
}
