Example #1
0
        private static ICertificatePal[] ReadPkcs12Collection(
            ReadOnlySpan <byte> rawData,
            SafePasswordHandle password,
            bool ephemeralSpecified)
        {
            using (var reader = new AndroidPkcs12Reader(rawData))
            {
                reader.Decrypt(password, ephemeralSpecified);

                ICertificatePal[] certs = new ICertificatePal[reader.GetCertCount()];
                int idx = 0;
                foreach (UnixPkcs12Reader.CertAndKey certAndKey in reader.EnumerateAll())
                {
                    AndroidCertificatePal pal = (AndroidCertificatePal)certAndKey.Cert !;
                    if (certAndKey.Key != null)
                    {
                        pal.SetPrivateKey(AndroidPkcs12Reader.GetPrivateKey(certAndKey.Key));
                    }

                    certs[idx] = pal;
                    idx++;
                }

                return(certs);
            }
        }
Example #2
0
 internal static partial ICertificatePal FromFile(
     string fileName,
     SafePasswordHandle password,
     X509KeyStorageFlags keyStorageFlags)
 {
     return(AndroidCertificatePal.FromFile(fileName, password, keyStorageFlags));
 }
Example #3
0
 internal static partial ICertificatePal FromBlob(
     ReadOnlySpan <byte> rawData,
     SafePasswordHandle password,
     X509KeyStorageFlags keyStorageFlags)
 {
     return(AndroidCertificatePal.FromBlob(rawData, password, keyStorageFlags));
 }
Example #4
0
 public AndroidCertLoader(SafeX509Handle[] certHandles)
 {
     _certs = new ICertificatePal[certHandles.Length];
     for (int i = 0; i < certHandles.Length; i++)
     {
         SafeX509Handle handle = certHandles[i];
         Debug.Assert(!handle.IsInvalid);
         _certs[i] = AndroidCertificatePal.FromHandle(handle.DangerousGetHandle());
     }
 }
Example #5
0
        protected override ICertificatePalCore ReadX509Der(ReadOnlyMemory <byte> data)
        {
            ICertificatePal?cert;

            if (!AndroidCertificatePal.TryReadX509(data.Span, out cert))
            {
                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
            }

            return(cert);
        }
Example #6
0
            private static IntPtr GetPublicKey(ICertificatePal pal, Interop.AndroidCrypto.PAL_KeyAlgorithm algorithm)
            {
                AndroidCertificatePal certPal = (AndroidCertificatePal)pal;
                IntPtr ptr = Interop.AndroidCrypto.X509GetPublicKey(certPal.SafeHandle, algorithm);

                if (ptr == IntPtr.Zero)
                {
                    throw new CryptographicException();
                }

                return(ptr);
            }
Example #7
0
        // Handles both DER and PEM
        internal static bool TryReadX509(ReadOnlySpan <byte> rawData, [NotNullWhen(true)] out ICertificatePal?handle)
        {
            handle = null;
            SafeX509Handle certHandle = Interop.AndroidCrypto.X509Decode(
                ref MemoryMarshal.GetReference(rawData),
                rawData.Length);

            if (certHandle.IsInvalid)
            {
                certHandle.Dispose();
                return(false);
            }

            handle = new AndroidCertificatePal(certHandle);
            return(true);
        }
Example #8
0
        public static ICertificatePal FromOtherCert(X509Certificate cert)
        {
            Debug.Assert(cert.Pal != null);

            AndroidCertificatePal certPal = (AndroidCertificatePal)cert.Pal;

            // Ensure private key is copied
            if (certPal.PrivateKeyHandle != null)
            {
                return(certPal.CopyWithPrivateKeyHandle(certPal.PrivateKeyHandle.DuplicateHandle()));
            }

            SafeX509Handle handle = new SafeX509Handle(Interop.JObjectLifetime.NewGlobalReference(certPal.Handle));

            return(new AndroidCertificatePal(handle));
        }
Example #9
0
        private static ICertificatePal ReadPkcs12(ReadOnlySpan <byte> rawData, SafePasswordHandle password, bool ephemeralSpecified)
        {
            using (var reader = new AndroidPkcs12Reader(rawData))
            {
                reader.Decrypt(password, ephemeralSpecified);

                UnixPkcs12Reader.CertAndKey certAndKey = reader.GetSingleCert();
                AndroidCertificatePal       pal        = (AndroidCertificatePal)certAndKey.Cert !;
                if (certAndKey.Key != null)
                {
                    pal.SetPrivateKey(AndroidPkcs12Reader.GetPrivateKey(certAndKey.Key));
                }

                return(pal);
            }
        }
Example #10
0
            public void Add(ICertificatePal cert)
            {
                if (_readOnly)
                {
                    throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly);
                }

                AndroidCertificatePal certPal = (AndroidCertificatePal)cert;
                string hashString             = GetCertificateHashString(cert);

                bool success;

                if (certPal.HasPrivateKey)
                {
                    Interop.AndroidCrypto.PAL_KeyAlgorithm algorithm = certPal.PrivateKeyHandle switch
                    {
                        // The AndroidKeyStore doesn't support adding DSA private key entries in newer versions (API 23+)
                        // Our minimum supported version (API 21) does support it, but for simplicity, we simply block adding
                        // certificates with DSA private keys on all versions instead of trying to support it on two versions.
                        SafeDsaHandle => throw new PlatformNotSupportedException(SR.Cryptography_X509_StoreDSAPrivateKeyNotSupported),
                              SafeEcKeyHandle => Interop.AndroidCrypto.PAL_KeyAlgorithm.EC,
                              SafeRsaHandle => Interop.AndroidCrypto.PAL_KeyAlgorithm.RSA,
                              _ => throw new NotSupportedException(SR.NotSupported_KeyAlgorithm)
                    };

                    success = Interop.AndroidCrypto.X509StoreAddCertificateWithPrivateKey(_keyStoreHandle, certPal.SafeHandle, certPal.PrivateKeyHandle, algorithm, hashString);
                }
                else
                {
                    success = Interop.AndroidCrypto.X509StoreAddCertificate(_keyStoreHandle, certPal.SafeHandle, hashString);
                }

                if (!success)
                {
                    throw new CryptographicException(SR.Cryptography_X509_StoreAddFailure);
                }
            }
Example #11
0
            public void Remove(ICertificatePal cert)
            {
                string hashString             = GetCertificateHashString(cert);
                AndroidCertificatePal certPal = (AndroidCertificatePal)cert;

                if (_readOnly)
                {
                    bool containsCert = Interop.AndroidCrypto.X509StoreContainsCertificate(_keyStoreHandle, certPal.SafeHandle, hashString);
                    if (containsCert)
                    {
                        throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly);
                    }

                    // Removing a non-existent certificate is not an error
                    return;
                }

                bool success = Interop.AndroidCrypto.X509StoreRemoveCertificate(_keyStoreHandle, certPal.SafeHandle, hashString);

                if (!success)
                {
                    throw new CryptographicException(SR.Cryptography_X509_StoreRemoveFailure);
                }
            }
Example #12
0
 internal static partial ICertificatePal FromHandle(IntPtr handle)
 {
     return(AndroidCertificatePal.FromHandle(handle));
 }
Example #13
0
 internal static partial ICertificatePal FromOtherCert(X509Certificate copyFrom)
 {
     return(AndroidCertificatePal.FromOtherCert(copyFrom));
 }