public sealed override byte[] Encrypt(CmsRecipientCollection recipients, ContentInfo contentInfo, AlgorithmIdentifier contentEncryptionAlgorithm, X509Certificate2Collection originatorCerts, CryptographicAttributeObjectCollection unprotectedAttributes)
{
using (SafeCryptMsgHandle hCryptMsg = EncodeHelpers.CreateCryptMsgHandleToEncode(recipients, contentInfo.ContentType, contentEncryptionAlgorithm, originatorCerts, unprotectedAttributes))
{
byte[] encodedContent;
if (contentInfo.ContentType.Value.Equals(Oids.Pkcs7Data, StringComparison.OrdinalIgnoreCase))
{
unsafe
{
byte[] content = contentInfo.Content;
fixed(byte *pContent = content)
{
DATA_BLOB blob = new DATA_BLOB((IntPtr)pContent, (uint)(content.Length));
encodedContent = Interop.Crypt32.CryptEncodeObjectToByteArray(CryptDecodeObjectStructType.X509_OCTET_STRING, &blob);
}
}
}
else
{
encodedContent = contentInfo.Content;
}
if (encodedContent.Length > 0)
{
if (!Interop.Crypt32.CryptMsgUpdate(hCryptMsg, encodedContent, encodedContent.Length, fFinal: true))
{
throw Marshal.GetLastWin32Error().ToCryptographicException();
}
}
byte[] encodedMessage = hCryptMsg.GetMsgParamAsByteArray(CryptMsgParamType.CMSG_CONTENT_PARAM);
return(encodedMessage);
}
}
public sealed unsafe override byte[] Encrypt(CmsRecipientCollection recipients, ContentInfo contentInfo, AlgorithmIdentifier contentEncryptionAlgorithm, X509Certificate2Collection originatorCerts, CryptographicAttributeObjectCollection unprotectedAttributes)
{
using (SafeCryptMsgHandle hCryptMsg = EncodeHelpers.CreateCryptMsgHandleToEncode(recipients, contentInfo.ContentType, contentEncryptionAlgorithm, originatorCerts, unprotectedAttributes))
{
byte[] encodedContent;
if (contentInfo.ContentType.Value.Equals(Oids.Pkcs7Data, StringComparison.OrdinalIgnoreCase))
{
unsafe
{
byte[] content = contentInfo.Content;
fixed(byte *pContent = content)
{
DATA_BLOB blob = new DATA_BLOB((IntPtr)pContent, (uint)(content.Length));
encodedContent = Interop.Crypt32.CryptEncodeObjectToByteArray(CryptDecodeObjectStructType.X509_OCTET_STRING, &blob);
}
}
}
else
{
encodedContent = contentInfo.Content;
if (encodedContent.Length > 0)
{
// Windows will throw if it encounters indefinite length encoding.
// Let's reencode if that is the case
ReencodeIfUsingIndefiniteLengthEncodingOnOuterStructure(ref encodedContent);
}
}
if (encodedContent.Length > 0)
{
// Pin to avoid copy during heap compaction
fixed(byte *pinnedContent = encodedContent)
{
try
{
if (!Interop.Crypt32.CryptMsgUpdate(hCryptMsg, encodedContent, encodedContent.Length, fFinal: true))
{
throw Marshal.GetLastWin32Error().ToCryptographicException();
}
}
finally
{
if (!object.ReferenceEquals(encodedContent, contentInfo.Content))
{
Array.Clear(encodedContent, 0, encodedContent.Length);
}
}
}
}
byte[] encodedMessage = hCryptMsg.GetMsgParamAsByteArray(CryptMsgParamType.CMSG_CONTENT_PARAM);
return(encodedMessage);
}
}
/// <summary>
/// Returns the inner content of the CMS.
///
/// Special case: If the CMS is an enveloped CMS that has been decrypted and the inner content type is Oids.Pkcs7Data, the returned
/// content bytes are the decoded octet bytes, rather than the encoding of those bytes. This is a documented convenience behavior of
/// CryptMsgGetParam(CMSG_CONTENT_PARAM) that apparently got baked into the behavior of the managed EnvelopedCms class.
/// </summary>
public static ContentInfo GetContentInfo(this SafeCryptMsgHandle hCryptMsg)
{
byte[] oidBytes = hCryptMsg.GetMsgParamAsByteArray(CryptMsgParamType.CMSG_INNER_CONTENT_TYPE_PARAM);
// Desktop compat: If we get a null or non-terminated string back from Crypt32, throwing an exception seems more apropros but
// for the desktop compat, we throw the result at the ASCII Encoder and let the chips fall where they may.
int length = oidBytes.Length;
if (length > 0 && oidBytes[length - 1] == 0)
{
length--;
}
string oidValue = Encoding.ASCII.GetString(oidBytes, 0, length);
Oid contentType = new Oid(oidValue);
byte[] content = hCryptMsg.GetMsgParamAsByteArray(CryptMsgParamType.CMSG_CONTENT_PARAM);
return(new ContentInfo(contentType, content));
}
public static X509Certificate2Collection GetOriginatorCerts(this SafeCryptMsgHandle hCryptMsg)
{
int numCertificates = 0;
int cbNumCertificates = sizeof(int);
if (!Interop.Crypt32.CryptMsgGetParam(hCryptMsg, CryptMsgParamType.CMSG_CERT_COUNT_PARAM, 0, out numCertificates, ref cbNumCertificates))
{
throw Interop.CPError.GetLastWin32Error().ToCryptographicException();
}
X509Certificate2Collection certs = new X509Certificate2Collection();
for (int index = 0; index < numCertificates; index++)
{
byte[] encodedCertificate = hCryptMsg.GetMsgParamAsByteArray(CryptMsgParamType.CMSG_CERT_PARAM, index);
X509Certificate2 cert = new X509Certificate2(encodedCertificate);
certs.Add(cert);
}
return(certs);
}