public static void Add()
{
CmsRecipient a0 = s_cr0;
CmsRecipient a1 = s_cr1;
CmsRecipient a2 = s_cr2;
CmsRecipientCollection c = new CmsRecipientCollection();
int index;
index = c.Add(a0);
Assert.Equal(0, index);
index = c.Add(a1);
Assert.Equal(1, index);
index = c.Add(a2);
Assert.Equal(2, index);
AssertEquals(c, new CmsRecipient[] { a0, a1, a2 });
}
RealCmsRecipientCollection GetRealCmsRecipients (IEnumerable<MailboxAddress> mailboxes)
{
var recipients = new RealCmsRecipientCollection ();
foreach (var mailbox in mailboxes)
recipients.Add (GetRealCmsRecipient (mailbox));
return recipients;
}
public static void DecodeRecipients3_RoundTrip()
{
ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
EnvelopedCms ecms = new EnvelopedCms(contentInfo);
CmsRecipientCollection recipients = new CmsRecipientCollection();
foreach (X509Certificate2 cert in s_certs)
{
recipients.Add(new CmsRecipient(cert));
}
ecms.Encrypt(recipients);
byte[] encodedMessage = ecms.Encode();
VerifyRecipients3(encodedMessage);
}
RealCmsRecipientCollection GetRealCmsRecipients(IEnumerable <MailboxAddress> recipients)
{
var collection = new RealCmsRecipientCollection();
foreach (var recipient in recipients)
{
collection.Add(GetRealCmsRecipient(recipient));
}
if (collection.Count == 0)
{
throw new ArgumentException("No recipients specified.", nameof(recipients));
}
return(collection);
}
RealCmsRecipientCollection GetRealCmsRecipients(CmsRecipientCollection recipients)
{
var collection = new RealCmsRecipientCollection();
foreach (var recipient in recipients)
{
var certificate = new X509Certificate2(recipient.Certificate.GetEncoded());
RealSubjectIdentifierType type;
if (recipient.RecipientIdentifierType == SubjectIdentifierType.IssuerAndSerialNumber)
{
type = RealSubjectIdentifierType.IssuerAndSerialNumber;
}
else
{
type = RealSubjectIdentifierType.SubjectKeyIdentifier;
}
collection.Add(new RealCmsRecipient(type, certificate));
}
return(collection);
}
public static void DecryptMultipleRecipients()
{
// Force Decrypt() to try multiple recipients. Ensure that a failure to find a matching cert in one doesn't cause it to quit early.
CertLoader[] certLoaders = new CertLoader[]
{
Certificates.RSAKeyTransfer1,
Certificates.RSAKeyTransfer2,
Certificates.RSAKeyTransfer3,
};
byte[] content = { 6, 3, 128, 33, 44 };
EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(content), new AlgorithmIdentifier(new Oid(Oids.Aes256)));
CmsRecipientCollection recipients = new CmsRecipientCollection();
foreach (CertLoader certLoader in certLoaders)
{
recipients.Add(new CmsRecipient(certLoader.GetCertificate()));
}
ecms.Encrypt(recipients);
byte[] encodedMessage = ecms.Encode();
ecms = new EnvelopedCms();
ecms.Decode(encodedMessage);
// How do we know that Decrypt() tries receipients in the order they appear in ecms.RecipientInfos? Because we wrote the implementation.
// Not that some future implementation can't ever change it but it's the best guess we have.
RecipientInfo me = ecms.RecipientInfos[2];
CertLoader matchingCertLoader = null;
for (int index = 0; index < recipients.Count; index++)
{
if (recipients[index].Certificate.Issuer == ((X509IssuerSerial)(me.RecipientIdentifier.Value)).IssuerName)
{
matchingCertLoader = certLoaders[index];
break;
}
}
Assert.NotNull(matchingCertLoader);
using (X509Certificate2 cert = matchingCertLoader.TryGetCertificateWithPrivateKey())
{
if (cert == null)
return; // Sorry - CertLoader is not configured to load certs with private keys - we've tested as much as we can.
X509Certificate2Collection extraStore = new X509Certificate2Collection();
extraStore.Add(cert);
ecms.Decrypt(extraStore);
}
ContentInfo contentInfo = ecms.ContentInfo;
Assert.Equal<byte>(content, contentInfo.Content);
}
internal static string Encrypt(byte[] contentBytes, CmsMessageRecipient[] recipients, SessionState sessionState, out ErrorRecord error)
{
error = null;
if ((contentBytes == null) || (contentBytes.Length == 0))
{
return String.Empty;
}
// After review with the crypto board, NIST_AES256_CBC is more appropriate
// than .NET's default 3DES. Also, when specified, uses szOID_RSAES_OAEP for key
// encryption to prevent padding attacks.
const string szOID_NIST_AES256_CBC = "2.16.840.1.101.3.4.1.42";
ContentInfo content = new ContentInfo(contentBytes);
EnvelopedCms cms = new EnvelopedCms(content,
new AlgorithmIdentifier(
Oid.FromOidValue(szOID_NIST_AES256_CBC, OidGroup.EncryptionAlgorithm)));
CmsRecipientCollection recipientCollection = new CmsRecipientCollection();
foreach (CmsMessageRecipient recipient in recipients)
{
// Resolve the recipient, if it hasn't been done yet.
if ((recipient.Certificates != null) && (recipient.Certificates.Count == 0))
{
recipient.Resolve(sessionState, ResolutionPurpose.Encryption, out error);
}
if (error != null)
{
return null;
}
foreach (X509Certificate2 certificate in recipient.Certificates)
{
recipientCollection.Add(new CmsRecipient(certificate));
}
}
cms.Encrypt(recipientCollection);
byte[] encodedBytes = cms.Encode();
string encodedContent = CmsUtils.GetAsciiArmor(encodedBytes);
return encodedContent;
}
public static void CopyExceptions()
{
CmsRecipient a0 = s_cr0;
CmsRecipient a1 = s_cr1;
CmsRecipient a2 = s_cr2;
CmsRecipientCollection c = new CmsRecipientCollection();
c.Add(a0);
c.Add(a1);
c.Add(a2);
CmsRecipient[] a = new CmsRecipient[3];
Assert.Throws<ArgumentNullException>(() => c.CopyTo(null, 0));
Assert.Throws<ArgumentOutOfRangeException>(() => c.CopyTo(a, -1));
Assert.Throws<ArgumentOutOfRangeException>(() => c.CopyTo(a, 3));
Assert.Throws<ArgumentException>(() => c.CopyTo(a, 1));
ICollection ic = c;
Assert.Throws<ArgumentNullException>(() => ic.CopyTo(null, 0));
Assert.Throws<ArgumentOutOfRangeException>(() => ic.CopyTo(a, -1));
Assert.Throws<ArgumentOutOfRangeException>(() => ic.CopyTo(a, 3));
Assert.Throws<ArgumentException>(() => ic.CopyTo(a, 1));
Assert.Throws<ArgumentException>(() => ic.CopyTo(new CmsRecipient[2, 2], 1));
Assert.Throws<InvalidCastException>(() => ic.CopyTo(new int[10], 1));
// Array has non-zero lower bound
Array array = Array.CreateInstance(typeof(object), new int[] { 10 }, new int[] { 10 });
Assert.Throws<IndexOutOfRangeException>(() => ic.CopyTo(array, 0));
}
public static void IndexOutOfBounds()
{
CmsRecipient a0 = s_cr0;
CmsRecipient a1 = s_cr1;
CmsRecipient a2 = s_cr2;
CmsRecipientCollection c = new CmsRecipientCollection();
c.Add(a0);
c.Add(a1);
c.Add(a2);
object ignore = null;
Assert.Throws<ArgumentOutOfRangeException>(() => ignore = c[-1]);
Assert.Throws<ArgumentOutOfRangeException>(() => ignore = c[3]);
}
public static void AddNegative()
{
CmsRecipientCollection c = new CmsRecipientCollection();
Assert.Throws<ArgumentNullException>(() => c.Add(null));
}
public static void CopyExceptions()
{
CmsRecipient a0 = s_cr0;
CmsRecipient a1 = s_cr1;
CmsRecipient a2 = s_cr2;
CmsRecipientCollection c = new CmsRecipientCollection();
c.Add(a0);
c.Add(a1);
c.Add(a2);
CmsRecipient[] a = new CmsRecipient[3];
Assert.Throws<ArgumentNullException>(() => c.CopyTo(null, 0));
Assert.Throws<ArgumentOutOfRangeException>(() => c.CopyTo(a, -1));
Assert.Throws<ArgumentOutOfRangeException>(() => c.CopyTo(a, 3));
Assert.Throws<ArgumentException>(() => c.CopyTo(a, 1));
ICollection ic = c;
Assert.Throws<ArgumentNullException>(() => ic.CopyTo(null, 0));
Assert.Throws<ArgumentOutOfRangeException>(() => ic.CopyTo(a, -1));
Assert.Throws<ArgumentOutOfRangeException>(() => ic.CopyTo(a, 3));
Assert.Throws<ArgumentException>(() => ic.CopyTo(a, 1));
Assert.Throws<ArgumentException>(() => ic.CopyTo(new CmsRecipient[2, 2], 1));
Assert.Throws<InvalidCastException>(() => ic.CopyTo(new int[10], 1));
}
