public Oid(Oid oid) {
if (oid == null)
throw new ArgumentNullException("oid");
m_value = oid.m_value;
m_friendlyName = oid.m_friendlyName;
m_group = oid.m_group;
}
//
// Attempts to map a friendly name to an OID. Returns null if not a known name.
//
public static string ToFriendlyName(string oid, OidGroup oidGroup, bool fallBackToAllGroups)
{
if (oid == null)
throw new ArgumentNullException("oid");
return NativeOidToFriendlyName(oid, oidGroup, fallBackToAllGroups);
}
//
// Attempts to map a friendly name to an OID. Returns null if not a known name.
//
public static string ToFriendlyName(string oid, OidGroup oidGroup, bool fallBackToAllGroups)
{
if (oid == null)
throw new ArgumentNullException("oid");
string mappedName;
bool shouldUseCache = ShouldUseCache(oidGroup);
// On Unix shouldUseCache is always true, so no matter what OidGroup is passed in the Windows
// friendly name will be returned.
//
// On Windows shouldUseCache is only true for OidGroup.All, because otherwise the OS may filter
// out the answer based on the group criteria.
if (shouldUseCache)
{
if (s_oidToFriendlyName.TryGetValue(oid, out mappedName) ||
s_compatOids.TryGetValue(oid, out mappedName) ||
s_lateBoundOidToFriendlyName.TryGetValue(oid, out mappedName))
{
return mappedName;
}
}
mappedName = NativeOidToFriendlyName(oid, oidGroup, fallBackToAllGroups);
if (shouldUseCache && mappedName != null)
{
s_lateBoundOidToFriendlyName.TryAdd(oid, mappedName);
// Don't add the reverse here. Just because oid => name doesn't mean name => oid.
// And don't bother doing the reverse lookup proactively, just wait until they ask for it.
}
return mappedName;
}
//
// Attempts to retrieve the friendly name for an OID. Returns null if not a known or valid OID.
//
public static string ToOid(string friendlyName, OidGroup oidGroup, bool fallBackToAllGroups)
{
if (friendlyName == null)
throw new ArgumentNullException("friendlyName");
if (friendlyName.Length == 0)
return null;
string mappedOid;
bool shouldUseCache = ShouldUseCache(oidGroup);
if (shouldUseCache)
{
if (s_friendlyNameToOid.TryGetValue(friendlyName, out mappedOid) ||
s_lateBoundFriendlyNameToOid.TryGetValue(friendlyName, out mappedOid))
{
return mappedOid;
}
}
mappedOid = NativeFriendlyNameToOid(friendlyName, oidGroup, fallBackToAllGroups);
if (shouldUseCache && mappedOid != null)
{
s_lateBoundFriendlyNameToOid.TryAdd(friendlyName, mappedOid);
// Don't add the reverse here. Friendly Name => OID is a case insensitive search,
// so the casing provided as input here may not be the 'correct' one. Just let
// ToFriendlyName capture the response and cache it itself.
}
return mappedOid;
}
private Oid(string value, string friendlyName, OidGroup group) {
Debug.Assert(value != null);
Debug.Assert(friendlyName != null);
m_value = value;
m_friendlyName = friendlyName;
m_group = group;
}
private static string ConfirmedOidValue(IFindPal findPal, object findValue, OidGroup oidGroup)
{
string maybeOid = ConfirmedCast <string>(findValue);
if (maybeOid.Length == 0)
{
throw new ArgumentException(SR.Argument_InvalidOidValue);
}
return(findPal.NormalizeOid(maybeOid, oidGroup));
}
private static string?NativeFriendlyNameToOid(string friendlyName, OidGroup oidGroup, bool fallBackToAllGroups)
{
IntPtr sharedObject = Interop.Crypto.GetObjectDefinitionByName(friendlyName);
if (sharedObject == IntPtr.Zero)
{
return(null);
}
return(Interop.Crypto.GetOidValue(sharedObject));
}
private static bool OidGroupWillNotUseActiveDirectory(OidGroup group)
{
// These groups will never cause an Active Directory query
return(group == OidGroup.HashAlgorithm ||
group == OidGroup.EncryptionAlgorithm ||
group == OidGroup.PublicKeyAlgorithm ||
group == OidGroup.SignatureAlgorithm ||
group == OidGroup.Attribute ||
group == OidGroup.ExtensionOrAttribute ||
group == OidGroup.KeyDerivationFunction);
}
public static Oid FromOidValue(String oidValue, OidGroup group)
{
if (oidValue == null)
throw new ArgumentNullException("oidValue");
String friendlyName = OidLookup.ToFriendlyName(oidValue, group, fallBackToAllGroups: false);
if (friendlyName == null)
throw new CryptographicException(SR.Cryptography_Oid_InvalidValue);
return new Oid(oidValue, friendlyName, group);
}
private static string NativeOidToFriendlyName(string oid, OidGroup oidGroup, bool fallBackToAllGroups)
{
string friendlyName;
if (s_extraOidToFriendlyName.TryGetValue(oid, out friendlyName))
{
return(friendlyName);
}
return(null);
}
private static string NativeFriendlyNameToOid(string friendlyName, OidGroup oidGroup, bool fallBackToAllGroups)
{
string oid;
if (s_extraFriendlyNameToOid.TryGetValue(friendlyName, out oid))
{
return(oid);
}
return(null);
}
private static string NativeFriendlyNameToOid(string friendlyName, OidGroup oidGroup, bool fallBackToAllGroups)
{
IntPtr sharedObject = Interop.Crypto.GetObjectDefinitionByName(friendlyName);
if (sharedObject == IntPtr.Zero)
{
return null;
}
return Interop.Crypto.GetOidValue(sharedObject);
}
// Try to find OID info within a specific group, and if that doesn't work fall back to all
// groups for compatibility with previous frameworks
internal static string FindOidInfoWithFallback(uint key, string value, OidGroup group)
{
string info = FindOidInfo(key, value, group);
// If we couldn't find it in the requested group, then try again in all groups
if (info == null && group != OidGroup.All)
{
info = FindOidInfo(key, value, OidGroup.All);
}
return(info);
}
public string NormalizeOid(string maybeOid, OidGroup expectedGroup)
{
string oidValue = OidInfo.FindOidInfo(CryptOidInfoKeyType.CRYPT_OID_INFO_NAME_KEY, maybeOid, expectedGroup, fallBackToAllGroups: true).OID;
if (oidValue == null)
{
oidValue = maybeOid;
ValidateOidValue(oidValue);
}
return oidValue;
}
public static Oid2 FindByValue(string oid, OidGroup group, bool useNetworkLookup)
{
CapiNative.CRYPT_OID_INFO oidInfo = new CapiNative.CRYPT_OID_INFO();
if (CapiNative.TryFindOidInfo(oid, group, CapiNative.OidKeyType.Oid, useNetworkLookup, out oidInfo))
{
return(new Oid2(oidInfo));
}
else
{
return(null);
}
}
private static CRYPT_OID_INFO FindOidInfo(OidKeyType keyType, string key, OidGroup group)
{
IntPtr intPtr = IntPtr.Zero;
RuntimeHelpers.PrepareConstrainedRegions();
CRYPT_OID_INFO result;
try
{
if (keyType == OidKeyType.Oid)
{
intPtr = Marshal.StringToCoTaskMemAnsi(key);
}
else
{
intPtr = Marshal.StringToCoTaskMemUni(key);
}
if (!X509Utils.OidGroupWillNotUseActiveDirectory(group))
{
OidGroup dwGroupId = group | OidGroup.DisableSearchDS;
IntPtr intPtr2 = X509Utils.CryptFindOIDInfo(keyType, intPtr, dwGroupId);
if (intPtr2 != IntPtr.Zero)
{
return((CRYPT_OID_INFO)Marshal.PtrToStructure(intPtr2, typeof(CRYPT_OID_INFO)));
}
}
IntPtr intPtr3 = X509Utils.CryptFindOIDInfo(keyType, intPtr, group);
if (intPtr3 != IntPtr.Zero)
{
result = (CRYPT_OID_INFO)Marshal.PtrToStructure(intPtr3, typeof(CRYPT_OID_INFO));
}
else
{
if (group != OidGroup.AllGroups)
{
IntPtr intPtr4 = X509Utils.CryptFindOIDInfo(keyType, intPtr, OidGroup.AllGroups);
if (intPtr4 != IntPtr.Zero)
{
return((CRYPT_OID_INFO)Marshal.PtrToStructure(intPtr4, typeof(CRYPT_OID_INFO)));
}
}
result = default(CRYPT_OID_INFO);
}
}
finally
{
if (intPtr != IntPtr.Zero)
{
Marshal.FreeCoTaskMem(intPtr);
}
}
return(result);
}
public static Oid FromFriendlyName(string friendlyName, OidGroup group) {
if (friendlyName == null) {
throw new ArgumentNullException("friendlyName");
}
string oidValue = X509Utils.FindOidInfo(CAPI.CRYPT_OID_INFO_NAME_KEY, friendlyName, group);
if (oidValue == null) {
throw new CryptographicException(SR.GetString(SR.Cryptography_Oid_InvalidValue));
}
return new Oid(oidValue, friendlyName, group);
}
public string NormalizeOid(string maybeOid, OidGroup expectedGroup)
{
string?oidValue = Interop.Crypt32.FindOidInfo(Interop.Crypt32.CryptOidInfoKeyType.CRYPT_OID_INFO_NAME_KEY, maybeOid, expectedGroup, fallBackToAllGroups: true).OID;
if (oidValue == null)
{
oidValue = maybeOid;
ValidateOidValue(oidValue);
}
return(oidValue);
}
private static String ConfirmedOidValue(Object findValue, OidGroup oidGroup)
{
String input = ConfirmedCast <String>(findValue);
String oidValue = OidInfo.FindOidInfo(CryptOidInfoKeyType.CRYPT_OID_INFO_NAME_KEY, input, oidGroup, fallBackToAllGroups: true).OID;
if (oidValue == null)
{
oidValue = input;
ValidateOidValue(oidValue);
}
return(oidValue);
}
public string NormalizeOid(string maybeOid, OidGroup expectedGroup)
{
Oid oid = new Oid(maybeOid);
// If maybeOid is interpreted to be a FriendlyName, return the OID.
if (!StringComparer.OrdinalIgnoreCase.Equals(oid.Value, maybeOid))
{
return oid.Value;
}
FindPal.ValidateOidValue(maybeOid);
return maybeOid;
}
public static Oid FromOidValue(string oidValue, OidGroup group)
{
ArgumentNullException.ThrowIfNull(oidValue);
string?friendlyName = OidLookup.ToFriendlyName(oidValue, group, fallBackToAllGroups: false);
if (friendlyName == null)
{
throw new CryptographicException(SR.Cryptography_Oid_InvalidValue);
}
return(new Oid(oidValue, friendlyName, group));
}
public string NormalizeOid(string maybeOid, OidGroup expectedGroup)
{
Oid oid = new Oid(maybeOid);
// If maybeOid is interpreted to be a FriendlyName, return the OID.
if (!StringComparer.OrdinalIgnoreCase.Equals(oid.Value, maybeOid))
{
return(oid.Value);
}
FindPal.ValidateOidValue(maybeOid);
return(maybeOid);
}
internal static int OidToAlgId(string oid, OidGroup group)
{
if (oid == null)
{
return(0x8004);
}
string str = CryptoConfig.MapNameToOID(oid);
if (str == null)
{
str = oid;
}
return(OidToAlgIdStrict(str, group));
}
internal static CRYPT_OID_INFO[] EnumerateOidInformation(OidGroup group)
{
// This list is passed through to the callbacks as a GCHandle, so if the type of this object is
// changed, the type expected in OidEnumerationCallback must also be changed.
List<CRYPT_OID_INFO> oidInformation = new List<CRYPT_OID_INFO>();
GCHandle oidInformationHandle = new GCHandle();
RuntimeHelpers.PrepareConstrainedRegions();
try
{
// Get a handle to the OID information list so that we can pass it into the callback function
oidInformationHandle = GCHandle.Alloc(oidInformation, GCHandleType.Normal);
if (!UseWin2k3OidStructures)
{
CryptEnumOidInfoCallback callback = new CryptEnumOidInfoCallback(OidEnumerationCallback);
UnsafeNativeMethods.CryptEnumOIDInfo(group,
0,
GCHandle.ToIntPtr(oidInformationHandle),
callback);
// Make sure we don't GC the callback delegate before we're done enumerating
GC.KeepAlive(callback);
}
else
{
CryptEnumOidInfoCallbackWin2k3 callback = new CryptEnumOidInfoCallbackWin2k3(OidEnumerationCallbackWin2k3);
UnsafeNativeMethods.CryptEnumOIDInfoWin2k3(group,
0,
GCHandle.ToIntPtr(oidInformationHandle),
callback);
// Make sure we don't GC the callback delegate before we're done enumerating
GC.KeepAlive(callback);
}
}
finally
{
if (oidInformationHandle.IsAllocated)
{
oidInformationHandle.Free();
}
}
return oidInformation.ToArray();
}
/// <summary>
/// Функция CryptFindOIDInfo получает первую предопределенную или зарегистрированную структуру CRYPT_OID_INFO,
/// согласованную с определенным типом ключа и с ключем. Поиск может быть ограничен идентификаторами объекта,
/// принадлежащими определенной группе идентификаторов объекта.
/// </summary>
/// <param name="dwKeyType"></param>
/// <param name="pvKey"></param>
/// <param name="dwGroupId"></param>
/// <returns></returns>
internal static IntPtr CryptFindOIDInfo(OidKeyType dwKeyType, String pvKey, OidGroup dwGroupId)
{
if (SignServiceProvider.Csp == CspType.CryptoPro)
{
return(CApiExtUnixCryptoPro.CryptFindOIDInfo(dwKeyType, pvKey, dwGroupId));
}
else if (SignServiceProvider.Csp == CspType.VipNet)
{
return(CApiExtUnixVipNet.CryptFindOIDInfo(dwKeyType, pvKey, dwGroupId));
}
else
{
throw new Exception($"CryptFindOIDInfo. Указан неподдерживаемый тип криптопровайдера {SignServiceProvider.Csp}.");
}
}
internal static string MapNameToOID(string name, OidGroup oidGroup)
{
if (name == null)
throw new ArgumentNullException("name");
CryptoConfig.InitializeConfigInfo();
string str = (string) null;
lock (CryptoConfig.InternalSyncObject)
str = CryptoConfig.appOidHT.GetValueOrDefault(name);
if (str == null)
str = CryptoConfig.machineOidHT.GetValueOrDefault(name);
if (str == null)
str = CryptoConfig.DefaultOidHT.GetValueOrDefault(name);
if (str == null)
str = X509Utils.GetOidFromFriendlyName(name, oidGroup);
return str;
}
public static Oid FromFriendlyName(string friendlyName, OidGroup group)
{
if (friendlyName == null)
{
throw new ArgumentNullException("friendlyName");
}
string oidValue = X509Utils.FindOidInfo(CAPI.CRYPT_OID_INFO_NAME_KEY, friendlyName, group);
if (oidValue == null)
{
throw new CryptographicException(SR.GetString(SR.Cryptography_Oid_InvalidValue));
}
return(new Oid(oidValue, friendlyName, group));
}
private static Oid OpportunisticOid(string oidValue, OidGroup group = OidGroup.HashAlgorithm)
{
if (oidValue == null)
{
return(null);
}
try
{
return(Oid.FromOidValue(oidValue, group));
}
catch (CryptographicException)
{
return(new Oid(oidValue, oidValue));
}
}
public static Oid FromFriendlyName(string friendlyName, OidGroup group)
{
if (friendlyName == null)
{
throw new ArgumentNullException(nameof(friendlyName));
}
string?oidValue = OidLookup.ToOid(friendlyName, group, fallBackToAllGroups: false);
if (oidValue == null)
{
throw new CryptographicException(SR.Cryptography_Oid_InvalidName);
}
return(new Oid(oidValue, friendlyName, group));
}
internal static int GetAlgIdFromOid(string oid, OidGroup oidGroup)
{
if (string.Equals(oid, "2.16.840.1.101.3.4.2.1", StringComparison.Ordinal))
{
return(32780);
}
if (string.Equals(oid, "2.16.840.1.101.3.4.2.2", StringComparison.Ordinal))
{
return(32781);
}
if (string.Equals(oid, "2.16.840.1.101.3.4.2.3", StringComparison.Ordinal))
{
return(32782);
}
return(X509Utils.FindOidInfo(OidKeyType.Oid, oid, oidGroup).AlgId);
}
/// <summary>
/// Create an Oid2 object for an OID which has no CAPI algorithm representation
/// </summary>
public Oid2(string oid,
string friendlyName,
OidGroup group,
CngAlgorithm cngAlgorithm,
CngAlgorithm extraCngAlgorithm)
{
if (oid == null)
throw new ArgumentNullException("oid");
if (friendlyName == null)
throw new ArgumentNullException("friendlyName");
m_oid = oid;
m_name = friendlyName;
m_group = group;
m_cngAlgorithm = cngAlgorithm;
m_cngExtraAlgorithm = extraCngAlgorithm;
}
internal Oid(string oid, OidGroup group, bool lookupFriendlyName)
{
if (lookupFriendlyName)
{
// If we were passed the friendly name, retrieve the value string.
string oidValue = X509Utils.FindOidInfoWithFallback(CAPI.CRYPT_OID_INFO_NAME_KEY, oid, group);
if (oidValue == null)
oidValue = oid;
this.Value = oidValue;
}
else
{
this.Value = oid;
}
m_group = group;
}
internal static string FindOidInfo(uint keyType, string keyValue, OidGroup oidGroup)
{
if (keyValue == null)
{
throw new ArgumentNullException("keyValue");
}
if (keyValue.Length == 0)
{
return(null);
}
SafeLocalAllocHandle pvKey = SafeLocalAllocHandle.InvalidHandle;
try {
switch (keyType)
{
case CAPI.CRYPT_OID_INFO_OID_KEY:
pvKey = StringToAnsiPtr(keyValue);
break;
case CAPI.CRYPT_OID_INFO_NAME_KEY:
pvKey = StringToUniPtr(keyValue);
break;
default:
Debug.Assert(false);
break;
}
CAPI.CRYPT_OID_INFO pOidInfo = CAPI.CryptFindOIDInfo(keyType, pvKey, oidGroup);
if (keyType == CAPI.CRYPT_OID_INFO_OID_KEY)
{
return(pOidInfo.pwszName);
}
else
{
return(pOidInfo.pszOID);
}
}
finally {
pvKey.Dispose();
}
}
internal static int NameOrOidToAlgId(string oid, OidGroup oidGroup)
{
if (oid == null)
{
return(32772);
}
int algIdFromOid = X509Utils.GetAlgIdFromOid(CryptoConfig.MapNameToOID(oid, oidGroup) ?? oid, oidGroup);
switch (algIdFromOid)
{
case 0:
case -1:
throw new CryptographicException(Environment.GetResourceString("Cryptography_InvalidOID"));
default:
return(algIdFromOid);
}
}
private static string NativeOidToFriendlyName(string oid, OidGroup oidGroup, bool fallBackToAllGroups)
{
IntPtr friendlyNamePtr = IntPtr.Zero;
int result = Interop.Crypto.LookupFriendlyNameByOid(oid, ref friendlyNamePtr);
switch (result)
{
case 1: /* Success */
Debug.Assert(friendlyNamePtr != IntPtr.Zero, "friendlyNamePtr != IntPtr.Zero");
// The pointer is to a shared string, so marshalling it out is all that's required.
return Marshal.PtrToStringAnsi(friendlyNamePtr);
case -1: /* OpenSSL internal error */
throw Interop.Crypto.CreateOpenSslCryptographicException();
default:
Debug.Assert(result == 0, "LookupFriendlyNameByOid returned unexpected result " + result);
return null;
}
}
//
// Attempts to retrieve the friendly name for an OID. Returns null if not a known or valid OID.
//
public static string ToOid(string friendlyName, OidGroup oidGroup, bool fallBackToAllGroups)
{
if (friendlyName == null)
throw new ArgumentNullException("friendlyName");
string oid = NativeFriendlyNameToOid(friendlyName, oidGroup, fallBackToAllGroups);
if (oid == null)
{
string alias = FindFriendlyNameAlias(friendlyName);
if (alias != null)
{
oid = NativeFriendlyNameToOid(alias, oidGroup, fallBackToAllGroups);
}
}
return oid;
}
internal Oid(string oid, OidGroup group, bool lookupFriendlyName)
{
if (lookupFriendlyName)
{
// If we were passed the friendly name, retrieve the value string.
string oidValue = X509Utils.FindOidInfoWithFallback(CAPI.CRYPT_OID_INFO_NAME_KEY, oid, group);
if (oidValue == null)
{
oidValue = oid;
}
this.Value = oidValue;
}
else
{
this.Value = oid;
}
m_group = group;
}
//
// Attempts to retrieve the friendly name for an OID. Returns null if not a known or valid OID.
//
public static string?ToOid(string friendlyName, OidGroup oidGroup, bool fallBackToAllGroups)
{
if (friendlyName == null)
{
throw new ArgumentNullException(nameof(friendlyName));
}
if (friendlyName.Length == 0)
{
return(null);
}
string?mappedOid;
bool shouldUseCache = ShouldUseCache(oidGroup);
if (shouldUseCache)
{
if (s_friendlyNameToOid.TryGetValue(friendlyName, out mappedOid) ||
s_lateBoundFriendlyNameToOid.TryGetValue(friendlyName, out mappedOid))
{
return(mappedOid);
}
}
mappedOid = NativeFriendlyNameToOid(friendlyName, oidGroup, fallBackToAllGroups);
if (shouldUseCache)
{
s_lateBoundFriendlyNameToOid.TryAdd(friendlyName, mappedOid);
// Don't add the reverse here. Friendly Name => OID is a case insensitive search,
// so the casing provided as input here may not be the 'correct' one. Just let
// ToFriendlyName capture the response and cache it itself.
// Also, mappedOid could be null here if the lookup failed. Allowing storing null
// means we're able to cache that a lookup failed so we don't repeat it. It's
// theoretically possible, however, the failure could have been intermittent, e.g.
// if the call was forced to follow an AD fallback path and the relevant servers
// were offline.
}
return(mappedOid);
}
internal static CRYPT_OID_INFO CryptFindOIDInfo(
[In] uint dwKeyType,
[In] IntPtr pvKey,
[In] OidGroup dwGroupId)
{
if (pvKey == IntPtr.Zero)
{
throw new ArgumentNullException("pvKey");
}
CRYPT_OID_INFO pOIDInfo = new CRYPT_OID_INFO(Marshal.SizeOf(typeof(CRYPT_OID_INFO)));
IntPtr pv = UnsafeNativeMethods.CryptFindOIDInfo(dwKeyType,
pvKey,
dwGroupId);
if (pv != IntPtr.Zero)
{
pOIDInfo = (CRYPT_OID_INFO)Marshal.PtrToStructure(pv, typeof(CRYPT_OID_INFO));
}
return(pOIDInfo);
}
// Token: 0x0600242D RID: 9261 RVA: 0x00083DB0 File Offset: 0x00081FB0
internal static int NameOrOidToAlgId(string oid, OidGroup oidGroup)
{
if (oid == null)
{
return(32772);
}
string text = CryptoConfig.MapNameToOID(oid, oidGroup);
if (text == null)
{
text = oid;
}
int algIdFromOid = X509Utils.GetAlgIdFromOid(text, oidGroup);
if (algIdFromOid == 0 || algIdFromOid == -1)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_InvalidOID"));
}
return(algIdFromOid);
}
internal static int NameOrOidToAlgId(string oid, OidGroup oidGroup)
{
// Default Algorithm Id is CALG_SHA1
if (oid == null)
{
return(Constants.CALG_SHA1);
}
string oidValue = CryptoConfig.MapNameToOID(oid, oidGroup);
if (oidValue == null)
{
oidValue = oid; // we were probably passed an OID value directly
}
int algId = GetAlgIdFromOid(oidValue, oidGroup);
if (algId == 0 || algId == -1)
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_InvalidOID"));
}
return(algId);
}
private static string NativeOidToFriendlyName(string oid, OidGroup oidGroup, bool fallBackToAllGroups)
{
IntPtr friendlyNamePtr = IntPtr.Zero;
int result = Interop.Crypto.LookupFriendlyNameByOid(oid, ref friendlyNamePtr);
switch (result)
{
case 1: /* Success */
Debug.Assert(friendlyNamePtr != IntPtr.Zero, "friendlyNamePtr != IntPtr.Zero");
// The pointer is to a shared string, so marshalling it out is all that's required.
return(Marshal.PtrToStringAnsi(friendlyNamePtr));
case -1: /* OpenSSL internal error */
throw Interop.libcrypto.CreateOpenSslCryptographicException();
default:
Debug.Assert(result == 0, "LookupFriendlyNameByOid returned unexpected result " + result);
return(null);
}
}
/// <summary>
/// Constructs an Oid2 object with the given value and friendly name belonging to a specific
/// group. No lookup is done for further information on this OID. It has no CAPI algorithm
/// mapping, but does have optional CNG algorithm mappings.
/// </summary>
/// <param name="oid">value of this OID</param>
/// <param name="friendlyName">friendly name for the OID</param>
/// <param name="group">group the OID belongs to</param>
/// <param name="cngAlgorithm">CNG algorithm that this OID represents</param>
/// <param name="extraCngAlgorithm">additional CNG algorithm this OID represents</param>
/// <exception cref="ArgumentNullException">
/// if <paramref name="oid" /> or <paramref name="friendlyName"/> are null
/// </exception>
public Oid2(string oid,
string friendlyName,
OidGroup group,
CngAlgorithm cngAlgorithm,
CngAlgorithm extraCngAlgorithm)
{
if (oid == null)
{
throw new ArgumentNullException("oid");
}
if (friendlyName == null)
{
throw new ArgumentNullException("friendlyName");
}
m_oid = oid;
m_name = friendlyName;
m_group = group;
m_cngAlgorithm = cngAlgorithm;
m_cngExtraAlgorithm = extraCngAlgorithm;
}
private static string NativeOidToFriendlyName(string oid, OidGroup oidGroup, bool fallBackToAllGroups)
{
// We're going to call OBJ_txt2nid, then OBJ_nid2obj. Anyone proficient in factor/label reduction
// would see that this should be equivalent to OBJ_txt2obj, but it isn't.
//
// OBJ_txt2obj, when given an OID value dotted string will decode the dotted string and return
// a blank(ish) object (which would need to be freed). We could then pass that to OBJ_obj2nid to
// look up the internal identifier. Then, if we got a NID which wasn't NID_undef we would know
// there was a match, and could call OBJ_nid2obj to get the shared pointer to the definition.
//
// In this case, the composition of functions that we want is OBJ_obj2nid(OBJ_txt2obj) => OBJ_txt2nid.
int nid = Interop.libcrypto.OBJ_txt2nid(oid);
if (nid == Interop.libcrypto.NID_undef)
{
return(null);
}
return(Interop.libcrypto.OBJ_nid2ln(nid));
}
private static string NativeFriendlyNameToOid(string friendlyName, OidGroup oidGroup, bool fallBackToAllGroups)
{
int nid = Interop.libcrypto.OBJ_ln2nid(friendlyName);
if (nid == Interop.libcrypto.NID_undef)
{
nid = Interop.libcrypto.OBJ_sn2nid(friendlyName);
}
if (nid == Interop.libcrypto.NID_undef)
{
return null;
}
IntPtr sharedObject = Interop.libcrypto.OBJ_nid2obj(nid);
if (sharedObject == IntPtr.Zero)
{
return null;
}
return Interop.libcrypto.OBJ_obj2txt_helper(sharedObject);
}
public static CRYPT_OID_INFO FindOidInfo(CryptOidInfoKeyType keyType, string key, OidGroup group, bool fallBackToAllGroups)
{
const OidGroup CRYPT_OID_DISABLE_SEARCH_DS_FLAG = unchecked((OidGroup)0x80000000);
Debug.Assert(key != null);
IntPtr rawKey = IntPtr.Zero;
try
{
if (keyType == CryptOidInfoKeyType.CRYPT_OID_INFO_OID_KEY)
{
rawKey = Marshal.StringToCoTaskMemAnsi(key);
}
else if (keyType == CryptOidInfoKeyType.CRYPT_OID_INFO_NAME_KEY)
{
rawKey = Marshal.StringToCoTaskMemUni(key);
}
else
{
throw new NotSupportedException();
}
// If the group alone isn't sufficient to suppress an active directory lookup, then our
// first attempt should also include the suppression flag
if (!OidGroupWillNotUseActiveDirectory(group))
{
OidGroup localGroup = group | CRYPT_OID_DISABLE_SEARCH_DS_FLAG;
IntPtr localOidInfo = CryptFindOIDInfo(keyType, rawKey, localGroup);
if (localOidInfo != IntPtr.Zero)
{
return Marshal.PtrToStructure<CRYPT_OID_INFO>(localOidInfo);
}
}
// Attempt to query with a specific group, to make try to avoid an AD lookup if possible
IntPtr fullOidInfo = CryptFindOIDInfo(keyType, rawKey, group);
if (fullOidInfo != IntPtr.Zero)
{
return Marshal.PtrToStructure<CRYPT_OID_INFO>(fullOidInfo);
}
if (fallBackToAllGroups && group != OidGroup.All)
{
// Finally, for compatibility with previous runtimes, if we have a group specified retry the
// query with no group
IntPtr allGroupOidInfo = CryptFindOIDInfo(keyType, rawKey, OidGroup.All);
if (allGroupOidInfo != IntPtr.Zero)
{
return Marshal.PtrToStructure<CRYPT_OID_INFO>(fullOidInfo);
}
}
// Otherwise the lookup failed.
return new CRYPT_OID_INFO() { AlgId = -1 };
}
finally
{
if (rawKey != IntPtr.Zero)
{
Marshal.FreeCoTaskMem(rawKey);
}
}
}
private static extern IntPtr CryptFindOIDInfo(CryptOidInfoKeyType dwKeyType, IntPtr pvKey, OidGroup group);
private static bool OidGroupWillNotUseActiveDirectory(OidGroup group)
{
// These groups will never cause an Active Directory query
return group == OidGroup.HashAlgorithm ||
group == OidGroup.EncryptionAlgorithm ||
group == OidGroup.PublicKeyAlgorithm ||
group == OidGroup.SignatureAlgorithm ||
group == OidGroup.Attribute ||
group == OidGroup.ExtensionOrAttribute ||
group == OidGroup.KeyDerivationFunction;
}
internal static string MapNameToOID(string name, OidGroup oidGroup) {
if (name == null)
throw new ArgumentNullException("name");
Contract.EndContractBlock();
// First we'll do the machine-wide stuff, initializing if necessary
InitializeConfigInfo();
string oid = null;
// Check to see if we have an application defined mapping
lock (InternalSyncObject) {
oid = appOidHT.GetValueOrDefault(name);
}
// If we didn't find an application defined mapping, search the machine table
if (oid == null)
oid = machineOidHT.GetValueOrDefault(name);
// If we didn't find it in the machine-wide table, look in the default table
if (oid == null)
oid = DefaultOidHT.GetValueOrDefault(name);
#if FEATURE_CRYPTO || FEATURE_LEGACYNETCFCRYPTO
// Try the CAPI table association
if (oid == null)
oid = X509Utils.GetOidFromFriendlyName(name, oidGroup);
#endif // FEATURE_CRYPTO
return oid;
}
private static string NativeFriendlyNameToOid(string friendlyName, OidGroup oidGroup, bool fallBackToAllGroups)
{
CRYPT_OID_INFO oidInfo = OidInfo.FindOidInfo(CryptOidInfoKeyType.CRYPT_OID_INFO_NAME_KEY, friendlyName, oidGroup, fallBackToAllGroups);
return oidInfo.OID;
}
// Try to find OID info within a specific group, and if that doesn't work fall back to all
// groups for compatibility with previous frameworks
internal static string FindOidInfoWithFallback(uint key, string value, OidGroup group) {
string info = FindOidInfo(key, value, group);
// If we couldn't find it in the requested group, then try again in all groups
if (info == null && group != OidGroup.All) {
info = FindOidInfo(key, value, OidGroup.All);
}
return info;
}
/// <summary>
/// Convert an OID into a CAPI-1 CALG ID.
/// </summary>
private static int GetAlgIdFromOid(string oid, OidGroup oidGroup)
{
Contract.Requires(oid != null);
// CAPI does not have ALGID mappings for all of the hash algorithms - see if we know the mapping
// first to avoid doing an AD lookup on these values
if (String.Equals(oid, CapiHelper.OID_OIWSEC_SHA256, StringComparison.Ordinal))
{
return CapiHelper.CALG_SHA_256;
}
else if (String.Equals(oid, CapiHelper.OID_OIWSEC_SHA384, StringComparison.Ordinal))
{
return CapiHelper.CALG_SHA_384;
}
else if (String.Equals(oid, CapiHelper.OID_OIWSEC_SHA512, StringComparison.Ordinal))
{
return CapiHelper.CALG_SHA_512;
}
else
{
return OidInfo.FindOidInfo(CryptOidInfoKeyType.CRYPT_OID_INFO_OID_KEY, oid, OidGroup.HashAlgorithm, fallBackToAllGroups: false).AlgId;
}
}
internal static int GetAlgIdFromOid(string oid, OidGroup oidGroup) {
Contract.Requires(oid != null);
// CAPI does not have ALGID mappings for all of the hash algorithms - see if we know the mapping
// first to avoid doing an AD lookup on these values
if (String.Equals(oid, Constants.OID_OIWSEC_SHA256, StringComparison.Ordinal)) {
return Constants.CALG_SHA_256;
}
else if (String.Equals(oid, Constants.OID_OIWSEC_SHA384, StringComparison.Ordinal)) {
return Constants.CALG_SHA_384;
}
else if (String.Equals(oid, Constants.OID_OIWSEC_SHA512, StringComparison.Ordinal)) {
return Constants.CALG_SHA_512;
}
else {
return FindOidInfo(OidKeyType.Oid, oid, oidGroup).AlgId;
}
}
internal static string GetOidFromFriendlyName(string friendlyName, OidGroup oidGroup) {
Contract.Requires(friendlyName != null);
CRYPT_OID_INFO oidInfo = FindOidInfo(OidKeyType.Name, friendlyName, oidGroup);
return oidInfo.pszOID;
}
/// <summary>
/// Helper for signing and verifications that accept a string to specify a hashing algorithm.
/// </summary>
public static int NameOrOidToHashAlgId(string nameOrOid, OidGroup oidGroup)
{
// Default Algorithm Id is CALG_SHA1
if (nameOrOid == null)
return CapiHelper.CALG_SHA1;
string oidValue = CryptoConfig.MapNameToOID(nameOrOid);
if (oidValue == null)
oidValue = nameOrOid; // we were probably passed an OID value directly
int algId = GetAlgIdFromOid(oidValue, oidGroup);
if (algId == 0 || algId == -1)
throw new CryptographicException(SR.Cryptography_InvalidOID);
return algId;
}
internal static int NameOrOidToAlgId (string oid, OidGroup oidGroup) {
// Default Algorithm Id is CALG_SHA1
if (oid == null)
return Constants.CALG_SHA1;
string oidValue = CryptoConfig.MapNameToOID(oid, oidGroup);
if (oidValue == null)
oidValue = oid; // we were probably passed an OID value directly
int algId = GetAlgIdFromOid(oidValue, oidGroup);
if (algId == 0 || algId == -1) {
throw new CryptographicException(Environment.GetResourceString("Cryptography_InvalidOID"));
}
return algId;
}
internal static string GetFriendlyNameFromOid(string oid, OidGroup oidGroup) {
Contract.Requires(oid != null);
CRYPT_OID_INFO oidInfo = FindOidInfo(OidKeyType.Oid, oid, oidGroup);
return oidInfo.pwszName;
}
private static string NativeOidToFriendlyName(string oid, OidGroup oidGroup, bool fallBackToAllGroups)
{
CRYPT_OID_INFO oidInfo = OidInfo.FindOidInfo(CryptOidInfoKeyType.CRYPT_OID_INFO_OID_KEY, oid, oidGroup, fallBackToAllGroups);
return oidInfo.Name;
}
internal static string FindOidInfo(uint keyType, string keyValue, OidGroup oidGroup) {
if (keyValue == null)
throw new ArgumentNullException("keyValue");
if (keyValue.Length == 0)
return null;
SafeLocalAllocHandle pvKey = SafeLocalAllocHandle.InvalidHandle;
try {
switch(keyType) {
case CAPI.CRYPT_OID_INFO_OID_KEY:
pvKey = StringToAnsiPtr(keyValue);
break;
case CAPI.CRYPT_OID_INFO_NAME_KEY:
pvKey = StringToUniPtr(keyValue);
break;
default:
Debug.Assert(false);
break;
}
CAPI.CRYPT_OID_INFO pOidInfo = CAPI.CryptFindOIDInfo(keyType, pvKey, oidGroup);
if (keyType == CAPI.CRYPT_OID_INFO_OID_KEY) {
return pOidInfo.pwszName;
}
else {
return pOidInfo.pszOID;
}
}
finally {
pvKey.Dispose();
}
}
private static extern IntPtr CryptFindOIDInfo(OidKeyType dwKeyType, IntPtr pvKey, OidGroup dwGroupId);
