Inheritance: Org.BouncyCastle.X509.Store.X509CertStoreSelector
        /// <inheritdoc />
        public byte[] Decrypt(byte[] data)
        {
            foreach (var pkcsStore in _allSenderCertificates)
            {
                var certAlias = pkcsStore.Aliases.Cast<string>().First(x => pkcsStore.IsKeyEntry(x));
                var certEntry = pkcsStore.GetCertificate(certAlias);
                var cert = certEntry.Certificate;

                var envelopedData = new CmsEnvelopedData(data);
                var recepientInfos = envelopedData.GetRecipientInfos();
                var recepientId = new RecipientID()
                {
                    Issuer = cert.IssuerDN,
                    SerialNumber = cert.SerialNumber
                };
                var recepient = recepientInfos[recepientId];
                if (recepient == null)
                    continue;

                var privKeyEntry = pkcsStore.GetKey(certAlias);
                var privKey = privKeyEntry.Key;

                var decryptedData = recepient.GetContent(privKey);
                var sig = new CmsSignedData(decryptedData);
                var sigInfos = sig.GetSignerInfos();
                var signerId = new SignerID()
                {
                    Issuer = _receiverCertificate.IssuerDN,
                    SerialNumber = _receiverCertificate.SerialNumber
                };
                var signer = sigInfos.GetFirstSigner(signerId);
                if (!signer.Verify(_receiverCertificate))
                    throw new ExtraEncryptionException("Failed to verify the signature.");

                var verifiedData = new MemoryStream();
                sig.SignedContent.Write(verifiedData);

                return verifiedData.ToArray();
            }

            throw new ExtraEncryptionException("No certificate for decryption found.");
        }
Exemple #2
0
 internal KeyAgreeRecipientInformation(KeyAgreeRecipientInfo info, RecipientID rid, Asn1OctetString encryptedKey, CmsSecureReadable secureReadable)
     : base(info.KeyEncryptionAlgorithm, secureReadable)
 {
     this.info         = info;
     base.rid          = rid;
     this.encryptedKey = encryptedKey;
 }
Exemple #3
0
 public RecipientInformationStore(global::System.Collections.ICollection recipientInfos)
 {
     global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)recipientInfos).GetEnumerator();
     try
     {
         while (enumerator.MoveNext())
         {
             RecipientInformation             recipientInformation = (RecipientInformation)enumerator.get_Current();
             RecipientID                      recipientID          = recipientInformation.RecipientID;
             global::System.Collections.IList list = (global::System.Collections.IList)table.get_Item((object)recipientID);
             if (list == null)
             {
                 table.set_Item((object)recipientID, (object)(list = Platform.CreateArrayList(1)));
             }
             list.Add((object)recipientInformation);
         }
     }
     finally
     {
         global::System.IDisposable disposable = enumerator as global::System.IDisposable;
         if (disposable != null)
         {
             disposable.Dispose();
         }
     }
     all = Platform.CreateArrayList(recipientInfos);
 }
Exemple #4
0
        /**
         * Return possible empty collection with recipients matching the passed in RecipientID
         *
         * @param selector a recipient id to select against.
         * @return a collection of RecipientInformation objects.
         */
        public ICollection GetRecipients(
            RecipientID selector)
        {
            ArrayList list = (ArrayList)table[selector];

            return(list == null ? new ArrayList() : new ArrayList(list));
        }
		/**
		* Return possible empty collection with recipients matching the passed in RecipientID
		*
		* @param selector a recipient id to select against.
		* @return a collection of RecipientInformation objects.
		*/
		public ICollection GetRecipients(
			RecipientID selector)
		{
            IList list = (IList)table[selector];

            return list == null ? Platform.CreateArrayList() : Platform.CreateArrayList(list);
		}
		/**
		* Return the first RecipientInformation object that matches the
		* passed in selector. Null if there are no matches.
		*
		* @param selector to identify a recipient
		* @return a single RecipientInformation object. Null if none matches.
		*/
		public RecipientInformation GetFirstRecipient(
			RecipientID selector)
		{
			ArrayList list = (ArrayList) table[selector];

			return list == null ? null : (RecipientInformation) list[0];
		}
Exemple #7
0
        internal KeyTransRecipientInformation(KeyTransRecipientInfo info, CmsSecureReadable secureReadable)
            : base(info.KeyEncryptionAlgorithm, secureReadable)
        {
            //IL_0088: Unknown result type (might be due to invalid IL or missing references)
            this.info = info;
            rid       = new RecipientID();
            RecipientIdentifier recipientIdentifier = info.RecipientIdentifier;

            try
            {
                if (recipientIdentifier.IsTagged)
                {
                    Asn1OctetString instance = Asn1OctetString.GetInstance(recipientIdentifier.ID);
                    rid.SubjectKeyIdentifier = instance.GetOctets();
                }
                else
                {
                    Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber instance2 = Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber.GetInstance(recipientIdentifier.ID);
                    rid.Issuer       = instance2.Name;
                    rid.SerialNumber = instance2.SerialNumber.Value;
                }
            }
            catch (IOException)
            {
                throw new ArgumentException("invalid rid in KeyTransRecipientInformation");
            }
        }
		/**
		* Return possible empty collection with recipients matching the passed in RecipientID
		*
		* @param selector a recipient id to select against.
		* @return a collection of RecipientInformation objects.
		*/
		public ICollection GetRecipients(
			RecipientID selector)
		{
			ArrayList list = (ArrayList) table[selector];

			return list == null ? new ArrayList() : new ArrayList(list);
		}
		public KeyAgreeRecipientInformation(
			KeyAgreeRecipientInfo	info,
			AlgorithmIdentifier		encAlg,
			Stream					data)
			: base(encAlg, AlgorithmIdentifier.GetInstance(info.KeyEncryptionAlgorithm), data)
		{
			_info = info;
//			_encAlg = encAlg;

			try
			{
				Asn1Sequence s = _info.RecipientEncryptedKeys;
				RecipientEncryptedKey id = RecipientEncryptedKey.GetInstance(s[0]);

				Asn1.Cms.IssuerAndSerialNumber iAnds = id.Identifier.IssuerAndSerialNumber;

//				byte[] issuerBytes = iAnds.Name.GetEncoded();

				_rid = new RecipientID();
//				_rid.SetIssuer(issuerBytes);
				_rid.Issuer = iAnds.Name;
				_rid.SerialNumber = iAnds.SerialNumber.Value;

				_encryptedKey = id.EncryptedKey;
			}
			catch (IOException e)
			{
				throw new ArgumentException("invalid rid in KeyAgreeRecipientInformation", e);
			}
		}
Exemple #10
0
        /**
         * Return the first RecipientInformation object that matches the
         * passed in selector. Null if there are no matches.
         *
         * @param selector to identify a recipient
         * @return a single RecipientInformation object. Null if none matches.
         */
        public RecipientInformation GetFirstRecipient(
            RecipientID selector)
        {
            IList list = (IList)table[selector];

            return(list == null ? null : (RecipientInformation)list[0]);
        }
        public KeyAgreeRecipientInformation(
            KeyAgreeRecipientInfo info,
            AlgorithmIdentifier encAlg,
            Stream data)
            : base(encAlg, AlgorithmIdentifier.GetInstance(info.KeyEncryptionAlgorithm), data)
        {
            _info = info;
//			_encAlg = encAlg;

            try
            {
                Asn1Sequence          s  = _info.RecipientEncryptedKeys;
                RecipientEncryptedKey id = RecipientEncryptedKey.GetInstance(s[0]);

                Asn1.Cms.IssuerAndSerialNumber iAnds = id.Identifier.IssuerAndSerialNumber;

//				byte[] issuerBytes = iAnds.Name.GetEncoded();

                _rid = new RecipientID();
//				_rid.SetIssuer(issuerBytes);
                _rid.Issuer       = iAnds.Name;
                _rid.SerialNumber = iAnds.SerialNumber.Value;

                _encryptedKey = id.EncryptedKey;
            }
            catch (IOException e)
            {
                throw new ArgumentException("invalid rid in KeyAgreeRecipientInformation", e);
            }
        }
Exemple #12
0
 public RecipientInformation this[RecipientID selector]
 {
     get
     {
         return(this.GetFirstRecipient(selector));
     }
 }
 internal static void ReadRecipientInfo(IList infos, KeyAgreeRecipientInfo info, CmsSecureReadable secureReadable)
 {
     try
     {
         foreach (Asn1Encodable asn1Encodable in info.RecipientEncryptedKeys)
         {
             RecipientEncryptedKey       instance    = RecipientEncryptedKey.GetInstance(asn1Encodable.ToAsn1Object());
             RecipientID                 recipientID = new RecipientID();
             KeyAgreeRecipientIdentifier identifier  = instance.Identifier;
             Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber issuerAndSerialNumber = identifier.IssuerAndSerialNumber;
             if (issuerAndSerialNumber != null)
             {
                 recipientID.Issuer       = issuerAndSerialNumber.Name;
                 recipientID.SerialNumber = issuerAndSerialNumber.SerialNumber.Value;
             }
             else
             {
                 RecipientKeyIdentifier rKeyID = identifier.RKeyID;
                 recipientID.SubjectKeyIdentifier = rKeyID.SubjectKeyIdentifier.GetOctets();
             }
             infos.Add(new KeyAgreeRecipientInformation(info, recipientID, instance.EncryptedKey, secureReadable));
         }
     }
     catch (IOException innerException)
     {
         throw new ArgumentException("invalid rid in KeyAgreeRecipientInformation", innerException);
     }
 }
Exemple #14
0
        /**
         * Return possible empty collection with recipients matching the passed in RecipientID
         *
         * @param selector a recipient id to select against.
         * @return a collection of RecipientInformation objects.
         */
        public ICollection GetRecipients(
            RecipientID selector)
        {
            IList list = (IList)table[selector];

            return(list == null?Platform.CreateArrayList() : Platform.CreateArrayList(list));
        }
Exemple #15
0
 public global::System.Collections.ICollection GetRecipients(RecipientID selector)
 {
     global::System.Collections.IList list = (global::System.Collections.IList)table.get_Item((object)selector);
     if (list != null)
     {
         return((global::System.Collections.ICollection)Platform.CreateArrayList((global::System.Collections.ICollection)list));
     }
     return((global::System.Collections.ICollection)Platform.CreateArrayList());
 }
Exemple #16
0
 public RecipientInformation GetFirstRecipient(RecipientID selector)
 {
     global::System.Collections.IList list = (global::System.Collections.IList)table.get_Item((object)selector);
     if (list != null)
     {
         return((RecipientInformation)list.get_Item(0));
     }
     return(null);
 }
Exemple #17
0
        internal KekRecipientInformation(KekRecipientInfo info, CmsSecureReadable secureReadable)
            : base(info.KeyEncryptionAlgorithm, secureReadable)
        {
            this.info = info;
            rid       = new RecipientID();
            KekIdentifier kekID = info.KekID;

            rid.KeyIdentifier = kekID.KeyIdentifier.GetOctets();
        }
Exemple #18
0
        public RecipientInformation GetFirstRecipient(RecipientID selector)
        {
            IList list = (IList)this.table[selector];

            if (list != null)
            {
                return((RecipientInformation)list[0]);
            }
            return(null);
        }
        public override bool Equals(object obj)
        {
            if (obj == this)
            {
                return(true);
            }
            RecipientID recipientID = obj as RecipientID;

            return(recipientID != null && (Arrays.AreEqual(this.keyIdentifier, recipientID.keyIdentifier) && Arrays.AreEqual(base.SubjectKeyIdentifier, recipientID.SubjectKeyIdentifier) && object.Equals(base.SerialNumber, recipientID.SerialNumber)) && X509CertStoreSelector.IssuersMatch(base.Issuer, recipientID.Issuer));
        }
Exemple #20
0
        public ICollection GetRecipients(RecipientID selector)
        {
            IList list = (IList)this.table[selector];

            if (list != null)
            {
                return(Platform.CreateArrayList(list));
            }
            return(Platform.CreateArrayList());
        }
 internal KeyAgreeRecipientInformation(
     KeyAgreeRecipientInfo	info,
     RecipientID				rid,
     Asn1OctetString			encryptedKey,
     CmsSecureReadable		secureReadable)
     : base(info.KeyEncryptionAlgorithm, secureReadable)
 {
     this.info = info;
     this.rid = rid;
     this.encryptedKey = encryptedKey;
 }
 public KeyAgreeRecipientInformation(
     KeyAgreeRecipientInfo info,
     RecipientID rid,
     Asn1OctetString encryptedKey,
     AlgorithmIdentifier encAlg,
     AlgorithmIdentifier macAlg,
     AlgorithmIdentifier authEncAlg,
     Stream data)
     : base(encAlg, macAlg, authEncAlg, info.KeyEncryptionAlgorithm, data)
 {
     this.info         = info;
     this.rid          = rid;
     this.encryptedKey = encryptedKey;
 }
Exemple #23
0
 public RecipientInformationStore(ICollection recipientInfos)
 {
     foreach (RecipientInformation recipientInformation in recipientInfos)
     {
         RecipientID recipientID = recipientInformation.RecipientID;
         IList       list        = (IList)this.table[recipientID];
         if (list == null)
         {
             list = (this.table[recipientID] = Platform.CreateArrayList(1));
         }
         list.Add(recipientInformation);
     }
     this.all = Platform.CreateArrayList(recipientInfos);
 }
Exemple #24
0
        public override bool Equals(object obj)
        {
            if (obj == this)
            {
                return(true);
            }
            RecipientID recipientID = obj as RecipientID;

            if (recipientID == null)
            {
                return(false);
            }
            if (Arrays.AreEqual(keyIdentifier, recipientID.keyIdentifier) && Arrays.AreEqual(base.SubjectKeyIdentifier, recipientID.SubjectKeyIdentifier) && object.Equals((object)base.SerialNumber, (object)recipientID.SerialNumber))
            {
                return(X509CertStoreSelector.IssuersMatch(base.Issuer, recipientID.Issuer));
            }
            return(false);
        }
Exemple #25
0
        private readonly Hashtable table = new Hashtable(); // Hashtable[RecipientID, ArrayList[RecipientInformation]]

        public RecipientInformationStore(
            ICollection recipientInfos)
        {
            foreach (RecipientInformation recipientInformation in recipientInfos)
            {
                RecipientID rid  = recipientInformation.RecipientID;
                ArrayList   list = (ArrayList)table[rid];

                if (list == null)
                {
                    table[rid] = list = new ArrayList(1);
                }

                list.Add(recipientInformation);
            }

            this.all = new ArrayList(recipientInfos);
        }
Exemple #26
0
 internal static void ReadRecipientInfo(global::System.Collections.IList infos, KeyAgreeRecipientInfo info, CmsSecureReadable secureReadable)
 {
     //IL_00bb: Expected O, but got Unknown
     //IL_00c2: Unknown result type (might be due to invalid IL or missing references)
     try
     {
         global::System.Collections.IEnumerator enumerator = info.RecipientEncryptedKeys.GetEnumerator();
         try
         {
             while (enumerator.MoveNext())
             {
                 Asn1Encodable               asn1Encodable = (Asn1Encodable)enumerator.get_Current();
                 RecipientEncryptedKey       instance      = RecipientEncryptedKey.GetInstance(asn1Encodable.ToAsn1Object());
                 RecipientID                 recipientID   = new RecipientID();
                 KeyAgreeRecipientIdentifier identifier    = instance.Identifier;
                 Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber issuerAndSerialNumber = identifier.IssuerAndSerialNumber;
                 if (issuerAndSerialNumber != null)
                 {
                     recipientID.Issuer       = issuerAndSerialNumber.Name;
                     recipientID.SerialNumber = issuerAndSerialNumber.SerialNumber.Value;
                 }
                 else
                 {
                     RecipientKeyIdentifier rKeyID = identifier.RKeyID;
                     recipientID.SubjectKeyIdentifier = rKeyID.SubjectKeyIdentifier.GetOctets();
                 }
                 infos.Add((object)new KeyAgreeRecipientInformation(info, recipientID, instance.EncryptedKey, secureReadable));
             }
         }
         finally
         {
             global::System.IDisposable disposable = enumerator as global::System.IDisposable;
             if (disposable != null)
             {
                 disposable.Dispose();
             }
         }
     }
     catch (IOException val)
     {
         IOException val2 = val;
         throw new ArgumentException("invalid rid in KeyAgreeRecipientInformation", (global::System.Exception)(object) val2);
     }
 }
        public override bool Equals(
            object obj)
        {
            if (obj == this)
            {
                return(true);
            }

            RecipientID id = obj as RecipientID;

            if (id == null)
            {
                return(false);
            }

            return(Arrays.AreEqual(keyIdentifier, id.keyIdentifier) &&
                   Arrays.AreEqual(SubjectKeyIdentifier, id.SubjectKeyIdentifier) &&
                   Platform.Equals(SerialNumber, id.SerialNumber) &&
                   IssuersMatch(Issuer, id.Issuer));
        }
Exemple #28
0
        public override bool Equals(
            object obj)
        {
            if (obj == this)
            {
                return(true);
            }

            RecipientID id = obj as RecipientID;

            if (id == null)
            {
                return(false);
            }

            return(Arrays.AreSame(keyIdentifier, id.keyIdentifier) &&
                   Arrays.AreSame(SubjectKeyIdentifier, id.SubjectKeyIdentifier) &&
                   object.Equals(SerialNumber, id.SerialNumber) &&
                   object.Equals(IssuerAsString, id.IssuerAsString));
        }
        internal static void ReadRecipientInfo(IList infos, KeyAgreeRecipientInfo info,
                                               AlgorithmIdentifier encAlg, AlgorithmIdentifier macAlg, AlgorithmIdentifier authEncAlg,
                                               Stream data)
        {
            try
            {
                foreach (Asn1Encodable rek in info.RecipientEncryptedKeys)
                {
                    RecipientEncryptedKey id = RecipientEncryptedKey.GetInstance(rek.ToAsn1Object());

                    RecipientID rid = new RecipientID();

                    Asn1.Cms.KeyAgreeRecipientIdentifier karid = id.Identifier;

                    Asn1.Cms.IssuerAndSerialNumber iAndSN = karid.IssuerAndSerialNumber;
                    if (iAndSN != null)
                    {
                        rid.Issuer       = iAndSN.Name;
                        rid.SerialNumber = iAndSN.SerialNumber.Value;
                    }
                    else
                    {
                        Asn1.Cms.RecipientKeyIdentifier rKeyID = karid.RKeyID;

                        // Note: 'date' and 'other' fields of RecipientKeyIdentifier appear to be only informational

                        rid.SubjectKeyIdentifier = rKeyID.SubjectKeyIdentifier.GetOctets();
                    }

                    infos.Add(new KeyAgreeRecipientInformation(info, rid, id.EncryptedKey,
                                                               encAlg, macAlg, authEncAlg, data));
                }
            }
            catch (IOException e)
            {
                throw new ArgumentException("invalid rid in KeyAgreeRecipientInformation", e);
            }
        }
        internal static void ReadRecipientInfo(IList infos, KeyAgreeRecipientInfo info,
            CmsSecureReadable secureReadable)
        {
            try
            {
                foreach (Asn1Encodable rek in info.RecipientEncryptedKeys)
                {
                    RecipientEncryptedKey id = RecipientEncryptedKey.GetInstance(rek.ToAsn1Object());

                    RecipientID rid = new RecipientID();

                    Asn1.Cms.KeyAgreeRecipientIdentifier karid = id.Identifier;

                    Asn1.Cms.IssuerAndSerialNumber iAndSN = karid.IssuerAndSerialNumber;
                    if (iAndSN != null)
                    {
                        rid.Issuer = iAndSN.Name;
                        rid.SerialNumber = iAndSN.SerialNumber.Value;
                    }
                    else
                    {
                        Asn1.Cms.RecipientKeyIdentifier rKeyID = karid.RKeyID;

                        // Note: 'date' and 'other' fields of RecipientKeyIdentifier appear to be only informational 

                        rid.SubjectKeyIdentifier = rKeyID.SubjectKeyIdentifier.GetOctets();
                    }

                    infos.Add(new KeyAgreeRecipientInformation(info, rid, id.EncryptedKey,
                        secureReadable));
                }
            }
            catch (IOException e)
            {
                throw new ArgumentException("invalid rid in KeyAgreeRecipientInformation", e);
            }
        }
Exemple #31
0
 public RecipientInformation this[RecipientID selector] => GetFirstRecipient(selector);
        /**
        * Return possible empty collection with recipients matching the passed in RecipientID
        *
        * @param selector a recipient id to select against.
        * @return a collection of RecipientInformation objects.
        */
        public ICollection GetRecipients(
			RecipientID selector)
        {
            ArrayList list = (ArrayList) table[selector];

            return list == null ? new ArrayList() :
                // MASC 20070307. CF compatibility patch
            #if !NETCF
                ArrayList.ReadOnly(list);
            #else
                list;
            #endif
        }
		public void TestTwoAesKek()
		{
			byte[] data = Encoding.Default.GetBytes("WallaWallaWashington");
			KeyParameter kek1 = CmsTestUtil.MakeAes192Key();
			KeyParameter kek2 = CmsTestUtil.MakeAes192Key();

			CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();

			byte[]  kekId1 = new byte[] { 1, 2, 3, 4, 5 };
			byte[]  kekId2 = new byte[] { 5, 4, 3, 2, 1 };

			edGen.AddKekRecipient("AES192", kek1, kekId1);
			edGen.AddKekRecipient("AES192", kek2, kekId2);

			MemoryStream bOut = new MemoryStream();

			Stream outStream = edGen.Open(
				bOut,
				CmsEnvelopedDataGenerator.DesEde3Cbc);
			outStream.Write(data, 0, data.Length);

			outStream.Close();

			CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(bOut.ToArray());

			RecipientInformationStore recipients = ep.GetRecipientInfos();

			Assert.AreEqual(ep.EncryptionAlgOid, CmsEnvelopedDataGenerator.DesEde3Cbc);

			RecipientID recSel = new RecipientID();

			recSel.KeyIdentifier = kekId2;

			RecipientInformation recipient = recipients.GetFirstRecipient(recSel);

			Assert.AreEqual(recipient.KeyEncryptionAlgOid, "2.16.840.1.101.3.4.1.25");

			CmsTypedStream recData = recipient.GetContentStream(kek2);

			Assert.IsTrue(Arrays.AreEqual(data, CmsTestUtil.StreamToByteArray(recData.ContentStream)));

			ep.Close();
		}
		public void TestECKeyAgree()
		{
			byte[] data = Hex.Decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");

			CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();

			edGen.AddKeyAgreementRecipient(
				CmsEnvelopedDataGenerator.ECDHSha1Kdf,
				OrigECKP.Private,
				OrigECKP.Public,
				ReciECCert,
				CmsEnvelopedDataGenerator.Aes128Wrap);

			MemoryStream bOut = new MemoryStream();

			Stream outStr = edGen.Open(bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
			outStr.Write(data, 0, data.Length);

			outStr.Close();

			CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(bOut.ToArray());

			RecipientInformationStore recipients = ep.GetRecipientInfos();

			Assert.AreEqual(ep.EncryptionAlgOid, CmsEnvelopedDataGenerator.Aes128Cbc);

			RecipientID recSel = new RecipientID();

//			recSel.SetIssuer(PrincipalUtilities.GetIssuerX509Principal(ReciECCert).GetEncoded());
			recSel.Issuer = PrincipalUtilities.GetIssuerX509Principal(ReciECCert);
			recSel.SerialNumber = ReciECCert.SerialNumber;

			RecipientInformation recipient = recipients.GetFirstRecipient(recSel);

			CmsTypedStream recData = recipient.GetContentStream(ReciECKP.Private);

			Assert.IsTrue(Arrays.AreEqual(data, CmsTestUtil.StreamToByteArray(recData.ContentStream)));

			ep.Close();
		}
		public RecipientInformation this[RecipientID selector]
		{
			get { return GetFirstRecipient(selector); }
		}
		private static void ConfirmDataReceived(RecipientInformationStore recipients,
			byte[] expectedData, X509Certificate reciCert, AsymmetricKeyParameter reciPrivKey)
		{
			RecipientID rid = new RecipientID();
			rid.Issuer = PrincipalUtilities.GetIssuerX509Principal(reciCert);
			rid.SerialNumber = reciCert.SerialNumber;

			RecipientInformation recipient = recipients[rid];
			Assert.IsNotNull(recipient);

			byte[] actualData = recipient.GetContent(reciPrivKey);
			Assert.IsTrue(Arrays.AreEqual(expectedData, actualData));
		}
 internal PasswordRecipientInformation(PasswordRecipientInfo info, CmsSecureReadable secureReadable)
     : base(info.KeyEncryptionAlgorithm, secureReadable)
 {
     this.info = info;
     rid       = new RecipientID();
 }
Exemple #38
0
        private SecurityInformation Decrypt(Stream clear, Stream cypher, SecretKey key, DateTime? sealedOn)
        {
            int i;
            bool found;
            StringBuilder algos;
            DateTime date = sealedOn == null ? DateTime.UtcNow : sealedOn.Value;

            trace.TraceEvent(TraceEventType.Information, 0, "Decrypting message for {0} recipient", key == null ? "known" : "unknown");
            try
            {
                SecurityInformation result = new SecurityInformation();
                CmsEnvelopedDataParser cypherData;
                try
                {
                    cypherData = new CmsEnvelopedDataParser(cypher);
                    trace.TraceEvent(TraceEventType.Verbose, 0, "Read the cms header");
                }
                catch (Exception e)
                {
                    trace.TraceEvent(TraceEventType.Error, 0, "The messages isn't encrypted");
                    throw new InvalidMessageException("The message isn't a triple wrapped message", e);
                }
                RecipientInformationStore recipientInfos = cypherData.GetRecipientInfos();
                trace.TraceEvent(TraceEventType.Verbose, 0, "Got the recipient info of the encrypted message");

                i = 0;
                found = false;
                algos = new StringBuilder();
                string encryptionAlgOid = cypherData.EncryptionAlgOid;
                while (!found && i < EteeActiveConfig.Unseal.EncryptionAlgorithms.Count)
                {
                    Oid algo = EteeActiveConfig.Unseal.EncryptionAlgorithms[i++];
                    algos.Append(algo.Value + " (" + algo.FriendlyName + ") ");
                    found = algo.Value == encryptionAlgOid;
                }
                if (!found)
                {
                    result.securityViolations.Add(SecurityViolation.NotAllowedEncryptionAlgorithm);
                    trace.TraceEvent(TraceEventType.Warning, 0, "The encryption algorithm {0} isn't allowed, only {1} are", encryptionAlgOid, algos);
                }
                trace.TraceEvent(TraceEventType.Verbose, 0, "The encryption algorithm is verified: {0}", encryptionAlgOid);

                //Key size of the message should not be checked, size is determined by the algorithm

                //Get recipient, should be receiver.
                RecipientInformation recipientInfo;
                ICipherParameters recipientKey;
                if (key == null)
                {
                    if (encCertStore != null)
                    {
                        //Find find a matching receiver
                        ICollection recipients = recipientInfos.GetRecipients(); //recipients in the message
                        IList<KeyValuePair<RecipientInformation, IList>> allMatches = new List<KeyValuePair<RecipientInformation, IList>>();
                        foreach (RecipientInformation recipient in recipients)
                        {
                            trace.TraceEvent(TraceEventType.Verbose, 0, "The message is addressed to {0} ({1})", recipient.RecipientID.SerialNumber, recipient.RecipientID.Issuer);
                            if (recipient is KeyTransRecipientInformation) {
                                IList matches = (IList) encCertStore.GetMatches(recipient.RecipientID);
                                if (matches.Count > 0)
                                {
                                    allMatches.Add(new KeyValuePair<RecipientInformation, IList>(recipient, matches));
                                }
                            }
                        }

                        //Did we find a receiver?
                        if (allMatches.Count == 0)
                        {
                            trace.TraceEvent(TraceEventType.Error, 0, "The recipients doe not contain any of your your encryption certificates");
                            throw new InvalidMessageException("The message isn't a message that is addressed to you.  Or it is an unaddressed message or it is addressed to somebody else");
                        }

                        //check with encryption cert matches where valid at creation time
                        IList<KeyValuePair<RecipientInformation, IList>> validMatches = new List<KeyValuePair<RecipientInformation, IList>>();
                        foreach (KeyValuePair<RecipientInformation, IList> match in allMatches)
                        {
                            IList validCertificate = new List<X509Certificate2>();
                            foreach (X509Certificate2 cert in match.Value)
                            {
                                //Validate the description cert, providing minimal info to force minimal validation.
                                CertificateSecurityInformation certVerRes = CertVerifier.VerifyEnc(DotNetUtilities.FromX509Certificate(cert), null, date, null, false);
                                trace.TraceEvent(TraceEventType.Verbose, 0, "Validated potential decryption certificate ({0}) : Validation Status = {1}, Trust Status = {2}",
                                    cert.Subject, certVerRes.ValidationStatus, certVerRes.TrustStatus);
                                if (certVerRes.SecurityViolations.Count == 0)
                                {
                                    validCertificate.Add(cert);
                                }
                            }

                            if (validCertificate.Count > 0)
                            {
                                validMatches.Add(new KeyValuePair<RecipientInformation, IList>(match.Key, validCertificate));
                            }
                        }

                        //If we have a valid encCert use that one, otherwise use an invalid one (at least we can read it, but should not use it)
                        X509Certificate2 selectedCert;
                        if (validMatches.Count > 0)
                        {
                            selectedCert = (X509Certificate2)validMatches[0].Value[0];
                            recipientInfo = validMatches[0].Key;
                            trace.TraceEvent(TraceEventType.Information, 0, "Found valid decryption certificate ({0}) that matches one the the recipients", selectedCert.Subject);
                        }
                        else
                        {
                            selectedCert = (X509Certificate2)allMatches[0].Value[0];
                            recipientInfo = allMatches[0].Key;
                            trace.TraceEvent(TraceEventType.Warning, 0, "Found *invalid* decryption certificate ({0}) that matches one the the recipients", selectedCert.Subject);
                        }
                        recipientKey = DotNetUtilities.GetKeyPair(selectedCert.PrivateKey).Private;

                        //we validate the selected certificate again to inform the caller
                        result.Subject = CertVerifier.VerifyEnc(DotNetUtilities.FromX509Certificate(selectedCert),  null, date, null, false);
                    }
                    else
                    {
                        trace.TraceEvent(TraceEventType.Error, 0, "The unsealer does not have an decryption certificate and no symmetric key was provided");
                        throw new InvalidOperationException("There should be an receiver (=yourself) and/or a key provided");
                    }
                }
                else
                {
                    trace.TraceEvent(TraceEventType.Verbose, 0, "Found symmetric key: {0}", key.IdString);

                    RecipientID recipientId = new RecipientID();
                    recipientId.KeyIdentifier = key.Id;
                    recipientInfo = recipientInfos.GetFirstRecipient(recipientId);
                    if (recipientInfo == null)
                    {
                        trace.TraceEvent(TraceEventType.Error, 0, "The symmetric key was not found in this cms message");
                        throw new InvalidMessageException("The key isn't for this unaddressed message");
                    }
                    trace.TraceEvent(TraceEventType.Verbose, 0, "Found symmetric key in recipients of the cms message");

                    //Get receivers key
                    recipientKey = key.BCKey;

                    //Validate the unaddressed key
                    if ((((KeyParameter)recipientKey).GetKey().Length * 8) < EteeActiveConfig.Unseal.MinimumEncryptionKeySize.SymmetricRecipientKey)
                    {
                        result.securityViolations.Add(SecurityViolation.NotAllowedEncryptionKeySize);
                        trace.TraceEvent(TraceEventType.Warning, 0, "The symmetric key was only {0} bits while it should be at least {0}",
                            ((KeyParameter)recipientKey).GetKey().Length * 8,  EteeActiveConfig.Unseal.MinimumEncryptionKeySize.SymmetricRecipientKey);
                    }
                }

                //check if key encryption algorithm is allowed
                i = 0;
                found = false;
                algos = new StringBuilder();
                while (!found && i < EteeActiveConfig.Unseal.KeyEncryptionAlgorithms.Count)
                {
                    Oid algo = EteeActiveConfig.Unseal.KeyEncryptionAlgorithms[i++];
                    algos.Append(algo.Value + " (" + algo.FriendlyName + ") ");
                    found = algo.Value == recipientInfo.KeyEncryptionAlgOid;
                }
                if (!found)
                {
                    result.securityViolations.Add(SecurityViolation.NotAllowedKeyEncryptionAlgorithm);
                    trace.TraceEvent(TraceEventType.Warning, 0, "Encryption algorithm is {0} while it should be one of the following {1}",
                        recipientInfo.KeyEncryptionAlgOid, algos);
                }
                trace.TraceEvent(TraceEventType.Verbose, 0, "Finished verifying the encryption algorithm: {0}", recipientInfo.KeyEncryptionAlgOid);

                //Decrypt!
                CmsTypedStream clearStream = recipientInfo.GetContentStream(recipientKey);
                trace.TraceEvent(TraceEventType.Verbose, 0, "Accessed the encrypted content");

                try
                {
                    clearStream.ContentStream.CopyTo(clear);
                    trace.TraceEvent(TraceEventType.Verbose, 0, "Decrypted the content");
                }
                finally
                {
                    clearStream.ContentStream.Close();
                }

                return result;
            }
            catch (CmsException cmse)
            {
                trace.TraceEvent(TraceEventType.Error, 0, "The message isn't a CMS message");
                throw new InvalidMessageException("The message isn't a triple wrapped message", cmse);
            }
        }