protected override byte[] ExportPkcs8(ICertificatePalCore certificatePal, ReadOnlySpan <char> password)
{
if (_privateKey != null)
{
return(_privateKey.ExportEncryptedPkcs8PrivateKey(password, s_windowsPbe));
}
Debug.Assert(certificatePal.HasPrivateKey);
ICertificatePal pal = (ICertificatePal)certificatePal;
AsymmetricAlgorithm algorithm;
switch (pal.KeyAlgorithm)
{
case Oids.Rsa:
algorithm = pal.GetRSAPrivateKey() !;
break;
case Oids.EcPublicKey:
algorithm = pal.GetECDsaPrivateKey() !;
break;
case Oids.Dsa:
default:
throw new CryptographicException(SR.Format(SR.Cryptography_UnknownKeyAlgorithm, pal.KeyAlgorithm));
}
;
using (algorithm)
{
return(algorithm.ExportEncryptedPkcs8PrivateKey(password, s_windowsPbe));
}
}
private static byte[] GetCertHash(HashAlgorithmName hashAlgorithm, ICertificatePalCore certPal)
{
using (IncrementalHash hasher = IncrementalHash.CreateHash(hashAlgorithm))
{
hasher.AppendData(certPal.RawData);
return(hasher.GetHashAndReset());
}
}
private void BuildBags(
ICertificatePalCore certPal,
ReadOnlySpan <char> passwordSpan,
AsnWriter tmpWriter,
CertBagAsn[] certBags,
AttributeAsn[] certAttrs,
SafeBagAsn[] keyBags,
ref int certIdx,
ref int keyIdx)
{
tmpWriter.WriteOctetString(certPal.RawData);
certBags[certIdx] = new CertBagAsn
{
CertId = Oids.Pkcs12X509CertBagType,
CertValue = tmpWriter.Encode(),
};
tmpWriter.Reset();
if (certPal.HasPrivateKey)
{
byte[] attrBytes = new byte[6];
attrBytes[0] = (byte)UniversalTagNumber.OctetString;
attrBytes[1] = sizeof(int);
MemoryMarshal.Write(attrBytes.AsSpan(2), ref keyIdx);
keyBags[keyIdx] = new SafeBagAsn
{
BagId = Oids.Pkcs12ShroudedKeyBag,
BagValue = ExportPkcs8(certPal, passwordSpan),
BagAttributes = new[]
{
new AttributeAsn
{
AttrType = new Oid(Oids.LocalKeyId, null),
AttrValues = new ReadOnlyMemory <byte>[]
{
attrBytes,
}
}
}
};
// Reuse the attribute between the cert and the key.
certAttrs[certIdx] = keyBags[keyIdx].BagAttributes[0];
keyIdx++;
}
certIdx++;
}
public virtual void Reset()
{
_lazyCertHash = null;
_lazyIssuer = null;
_lazySubject = null;
_lazySerialNumber = null;
_lazyKeyAlgorithm = null;
_lazyKeyAlgorithmParameters = null;
_lazyPublicKey = null;
_lazyNotBefore = DateTime.MinValue;
_lazyNotAfter = DateTime.MinValue;
ICertificatePalCore pal = Pal;
if (pal != null)
{
Pal = null;
pal.Dispose();
}
}
public static IExportPal FromCertificate(ICertificatePalCore cert)
{
CertificatePal certificatePal = (CertificatePal)cert;
SafeCertStoreHandle certStore = Interop.crypt32.CertOpenStore(
CertStoreProvider.CERT_STORE_PROV_MEMORY,
CertEncodingType.All,
IntPtr.Zero,
CertStoreFlags.CERT_STORE_ENUM_ARCHIVED_FLAG | CertStoreFlags.CERT_STORE_CREATE_NEW_FLAG | CertStoreFlags.CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG,
null);
if (certStore.IsInvalid)
{
throw Marshal.GetHRForLastWin32Error().ToCryptographicException();
}
if (!Interop.crypt32.CertAddCertificateLinkToStore(certStore, certificatePal.CertContext, CertStoreAddDisposition.CERT_STORE_ADD_ALWAYS, IntPtr.Zero))
{
throw Marshal.GetHRForLastWin32Error().ToCryptographicException();
}
return(new StorePal(certStore));
}
protected override byte[] ExportPkcs8(
ICertificatePalCore certificatePal,
ReadOnlySpan <char> password)
{
AsymmetricAlgorithm?alg = null;
SafeEvpPKeyHandle? privateKey = ((OpenSslX509CertificateReader)certificatePal).PrivateKeyHandle;
try
{
alg = new RSAOpenSsl(privateKey !);
}
catch (CryptographicException)
{
}
if (alg == null)
{
try
{
alg = new ECDsaOpenSsl(privateKey !);
}
catch (CryptographicException)
{
}
}
if (alg == null)
{
try
{
alg = new DSAOpenSsl(privateKey !);
}
catch (CryptographicException)
{
}
}
Debug.Assert(alg != null);
return(alg.ExportEncryptedPkcs8PrivateKey(password, s_windowsPbe));
}
internal static partial IExportPal FromCertificate(ICertificatePalCore cert)
{
CertificatePal certificatePal = (CertificatePal)cert;
SafeCertStoreHandle certStore = Interop.crypt32.CertOpenStore(
CertStoreProvider.CERT_STORE_PROV_MEMORY,
Interop.Crypt32.CertEncodingType.All,
IntPtr.Zero,
Interop.Crypt32.CertStoreFlags.CERT_STORE_ENUM_ARCHIVED_FLAG | Interop.Crypt32.CertStoreFlags.CERT_STORE_CREATE_NEW_FLAG | Interop.Crypt32.CertStoreFlags.CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG,
null);
using (SafeCertContextHandle certContext = certificatePal.GetCertContext())
{
if (certStore.IsInvalid ||
!Interop.Crypt32.CertAddCertificateLinkToStore(certStore, certContext, Interop.Crypt32.CertStoreAddDisposition.CERT_STORE_ADD_ALWAYS, IntPtr.Zero))
{
Exception e = Marshal.GetHRForLastWin32Error().ToCryptographicException();
certStore.Dispose();
throw e;
}
}
return new StorePal(certStore);
}
public AndroidExportProvider(ICertificatePalCore cert)
: base(cert)
{
}
public static IExportPal FromCertificate(ICertificatePalCore cert)
{
throw new NotImplementedException(nameof(FromCertificate));
}
private static byte[] GetCertHash(HashAlgorithmName hashAlgorithm, ICertificatePalCore certPal)
{
return(HashOneShotHelpers.HashData(hashAlgorithm, certPal.RawData));
}
public AppleCertificateExporter(ICertificatePalCore cert, AsymmetricAlgorithm privateKey)
: base(cert)
{
_privateKey = privateKey;
}
public void Dispose()
{
// Don't dispose any of the resources, they're still owned by the caller.
_singleCertPal = null;
_certs = null;
}
internal Pkcs12SmallExport(ICertificatePalCore cert, SafeSecKeyRefHandle privateKey)
: base(cert)
{
Debug.Assert(!privateKey.IsInvalid);
_privateKey = privateKey;
}
public static IExportPal FromCertificate(ICertificatePalCore cert)
{
return(new AppleCertificateExporter(cert));
}
internal static partial IExportPal FromCertificate(ICertificatePalCore cert);
internal static partial IExportPal FromCertificate(ICertificatePalCore cert)
{
return(new AndroidExportProvider(cert));
}
internal static partial IExportPal FromCertificate(ICertificatePalCore cert)
{
throw new PlatformNotSupportedException(SR.SystemSecurityCryptographyX509Certificates_PlatformNotSupported);
}
protected abstract byte[] ExportPkcs8(ICertificatePalCore certificatePal, ReadOnlySpan <char> password);
internal UnixExportProvider(ICertificatePalCore singleCertPal)
{
_singleCertPal = singleCertPal;
}
public AppleCertificateExporter(ICertificatePalCore cert)
: base(cert)
{
}
protected override byte[] ExportPkcs8(ICertificatePalCore certificatePal, ReadOnlySpan <char> password)
{
return(AppleCertificatePal.ExportPkcs8(_privateKey, password));
}
public AppleCertificateExporter(ICertificatePalCore cert)
{
_singleCertPal = cert;
}
public static IExportPal FromCertificate(ICertificatePalCore cert)
{
return(new ExportProvider(cert));
}
protected override byte[] ExportPkcs8(ICertificatePalCore certificatePal, ReadOnlySpan <char> password)
{
AppleCertificatePal pal = (AppleCertificatePal)certificatePal;
return(pal.ExportPkcs8(password));
}
internal OpenSslExportProvider(ICertificatePalCore singleCertPal)
: base(singleCertPal)
{
}
internal static string GetCertHashString(HashAlgorithmName hashAlgorithm, ICertificatePalCore certPal)
{
return(GetCertHash(hashAlgorithm, certPal).ToHexStringUpper());
}
internal X509Certificate(ICertificatePalCore pal)
{
Debug.Assert(pal != null);
Pal = pal;
}
internal static partial IExportPal FromCertificate(ICertificatePalCore cert)
{
return(new AppleCertificateExporter(cert));
}
