internal static Pkcs12SafeContentsBag Decode(ReadOnlyMemory <byte> encodedValue)
        {
            Pkcs12SafeContents contents = new Pkcs12SafeContents(encodedValue);

            return(new Pkcs12SafeContentsBag(encodedValue)
            {
                SafeContents = contents
            });
        }
        internal static Pkcs12SafeContentsBag Create(Pkcs12SafeContents copyFrom)
        {
            Debug.Assert(copyFrom != null);
            Debug.Assert(copyFrom.ConfidentialityMode == Pkcs12ConfidentialityMode.None);

            AsnWriter writer = copyFrom.Encode();

            return(Decode(writer.Encode()));
        }
 public void AddSafeContentsEncrypted(
     Pkcs12SafeContents safeContents,
     string?password,
     PbeParameters pbeParameters)
 {
     AddSafeContentsEncrypted(
         safeContents,
         // This extension invoke allows null
         password.AsSpan(),
         pbeParameters);
 }
 public void AddSafeContentsEncrypted(
     Pkcs12SafeContents safeContents,
     byte[]?passwordBytes,
     PbeParameters pbeParameters)
 {
     AddSafeContentsEncrypted(
         safeContents,
         // Allows null.
         new ReadOnlySpan <byte>(passwordBytes),
         pbeParameters);
 }
Exemple #5
0
        public void AddSafeContentsUnencrypted(Pkcs12SafeContents safeContents)
        {
            if (safeContents is null)
            {
                throw new ArgumentNullException(nameof(safeContents));
            }

            if (IsSealed)
            {
                throw new InvalidOperationException(SR.Cryptography_Pkcs12_PfxIsSealed);
            }

            _contents ??= new List <ContentInfoAsn>();

            _contents.Add(safeContents.EncodeToContentInfo());
        }
Exemple #6
0
        public void AddSafeContentsEncrypted(
            Pkcs12SafeContents safeContents,
            ReadOnlySpan <char> password,
            PbeParameters pbeParameters)
        {
            if (safeContents is null)
            {
                throw new ArgumentNullException(nameof(safeContents));
            }
            if (pbeParameters is null)
            {
                throw new ArgumentNullException(nameof(pbeParameters));
            }

            if (pbeParameters.IterationCount < 1)
            {
                throw new ArgumentOutOfRangeException(nameof(pbeParameters));
            }
            if (safeContents.ConfidentialityMode != Pkcs12ConfidentialityMode.None)
            {
                throw new ArgumentException(SR.Cryptography_Pkcs12_CannotProcessEncryptedSafeContents, nameof(safeContents));
            }
            if (IsSealed)
            {
                throw new InvalidOperationException(SR.Cryptography_Pkcs12_PfxIsSealed);
            }

            PasswordBasedEncryption.ValidatePbeParameters(
                pbeParameters,
                password,
                ReadOnlySpan <byte> .Empty);

            byte[] encrypted = safeContents.Encrypt(password, ReadOnlySpan <byte> .Empty, pbeParameters);

            if (_contents == null)
            {
                _contents = new List <ContentInfoAsn>();
            }

            _contents.Add(
                new ContentInfoAsn
            {
                ContentType = Oids.Pkcs7Encrypted,
                Content     = encrypted,
            });
        }
Exemple #7
0
        public Pkcs12SafeContentsBag AddNestedContents(Pkcs12SafeContents safeContents)
        {
            if (safeContents == null)
            {
                throw new ArgumentNullException(nameof(safeContents));
            }
            if (safeContents.ConfidentialityMode != Pkcs12ConfidentialityMode.None)
            {
                throw new ArgumentException(SR.Cryptography_Pkcs12_CannotProcessEncryptedSafeContents, nameof(safeContents));
            }
            if (IsReadOnly)
            {
                throw new InvalidOperationException(SR.Cryptography_Pkcs12_SafeContentsIsReadOnly);
            }

            Pkcs12SafeContentsBag bag = Pkcs12SafeContentsBag.Create(safeContents);

            AddSafeBag(bag);
            return(bag);
        }
Exemple #8
0
        public static Pkcs12Info Decode(
            ReadOnlyMemory <byte> encodedBytes,
            out int bytesConsumed,
            bool skipCopy = false)
        {
            AsnReader reader = new AsnReader(encodedBytes, AsnEncodingRules.BER);

            // Trim it to the first value
            encodedBytes = reader.PeekEncodedValue();

            ReadOnlyMemory <byte> maybeCopy = skipCopy ? encodedBytes : encodedBytes.ToArray();
            PfxAsn pfx = PfxAsn.Decode(maybeCopy, AsnEncodingRules.BER);

            // https://tools.ietf.org/html/rfc7292#section-4 only defines version 3.
            if (pfx.Version != 3)
            {
                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
            }

            ReadOnlyMemory <byte> authSafeBytes = ReadOnlyMemory <byte> .Empty;
            Pkcs12IntegrityMode   mode          = Pkcs12IntegrityMode.Unknown;

            if (pfx.AuthSafe.ContentType == Oids.Pkcs7Data)
            {
                authSafeBytes = PkcsHelpers.DecodeOctetStringAsMemory(pfx.AuthSafe.Content);

                if (pfx.MacData.HasValue)
                {
                    mode = Pkcs12IntegrityMode.Password;
                }
                else
                {
                    mode = Pkcs12IntegrityMode.None;
                }
            }
            else if (pfx.AuthSafe.ContentType == Oids.Pkcs7Signed)
            {
                SignedDataAsn signedData = SignedDataAsn.Decode(pfx.AuthSafe.Content, AsnEncodingRules.BER);

                mode = Pkcs12IntegrityMode.PublicKey;

                if (signedData.EncapContentInfo.ContentType == Oids.Pkcs7Data)
                {
                    authSafeBytes = signedData.EncapContentInfo.Content.GetValueOrDefault();
                }

                if (pfx.MacData.HasValue)
                {
                    throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
                }
            }

            if (mode == Pkcs12IntegrityMode.Unknown)
            {
                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
            }

            List <ContentInfoAsn> authSafeData   = new List <ContentInfoAsn>();
            AsnReader             authSafeReader = new AsnReader(authSafeBytes, AsnEncodingRules.BER);
            AsnReader             sequenceReader = authSafeReader.ReadSequence();

            authSafeReader.ThrowIfNotEmpty();
            while (sequenceReader.HasData)
            {
                ContentInfoAsn.Decode(sequenceReader, out ContentInfoAsn contentInfo);
                authSafeData.Add(contentInfo);
            }

            ReadOnlyCollection <Pkcs12SafeContents> authSafe;

            if (authSafeData.Count == 0)
            {
                authSafe = new ReadOnlyCollection <Pkcs12SafeContents>(Array.Empty <Pkcs12SafeContents>());
            }
            else
            {
                Pkcs12SafeContents[] contentsArray = new Pkcs12SafeContents[authSafeData.Count];

                for (int i = 0; i < contentsArray.Length; i++)
                {
                    contentsArray[i] = new Pkcs12SafeContents(authSafeData[i]);
                }

                authSafe = new ReadOnlyCollection <Pkcs12SafeContents>(contentsArray);
            }

            bytesConsumed = encodedBytes.Length;

            return(new Pkcs12Info
            {
                AuthenticatedSafe = authSafe,
                IntegrityMode = mode,
                _decoded = pfx,
                _authSafeContents = authSafeBytes,
            });
        }
Exemple #9
0
 /// <summary>Add contents to the PFX without encrypting them.</summary>
 /// <param name="safeContents">The contents to add to the PFX.</param>
 /// <exception cref="T:System.ArgumentNullException">The <paramref name="safeContents" /> parameter is <see langword="null" />.</exception>
 /// <exception cref="T:System.InvalidOperationException">The PFX is already sealed (<see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Builder.IsSealed" /> is <see langword="true" />).</exception>
 public void AddSafeContentsUnencrypted(Pkcs12SafeContents safeContents)
 {
     throw new PlatformNotSupportedException();
 }
Exemple #10
0
 /// <summary>Add contents to the PFX in an bundle encrypted with a char-based password from a string.</summary>
 /// <param name="safeContents">The contents to add to the PFX.</param>
 /// <param name="password">The string to use as a password when encrypting the contents.</param>
 /// <param name="pbeParameters">The password-based encryption (PBE) parameters to use when encrypting the contents.</param>
 /// <exception cref="T:System.ArgumentNullException">The <paramref name="safeContents" /> or <paramref name="pbeParameters" /> parameter is <see langword="null" />.</exception>
 /// <exception cref="T:System.ArgumentException">The <paramref name="safeContents" /> parameter value is already encrypted.</exception>
 /// <exception cref="T:System.InvalidOperationException">The PFX is already sealed (<see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Builder.IsSealed" /> is <see langword="true" />).</exception>
 public void AddSafeContentsEncrypted(Pkcs12SafeContents safeContents, string password, PbeParameters pbeParameters)
 {
     throw new PlatformNotSupportedException();
 }
Exemple #11
0
 /// <summary>Add contents to the PFX in an bundle encrypted with a char-based password from a span.</summary>
 /// <param name="safeContents">The contents to add to the PFX.</param>
 /// <param name="password">The span to use as a password when encrypting the contents.</param>
 /// <param name="pbeParameters">The password-based encryption (PBE) parameters to use when encrypting the contents.</param>
 /// <exception cref="T:System.ArgumentNullException">The <paramref name="safeContents" /> or <paramref name="pbeParameters" /> parameter is <see langword="null" />.</exception>
 /// <exception cref="T:System.ArgumentException">The <paramref name="safeContents" /> parameter value is already encrypted.</exception>
 /// <exception cref="T:System.InvalidOperationException">The PFX is already sealed (<see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Builder.IsSealed" /> is <see langword="true" />).</exception>
 public void AddSafeContentsEncrypted(Pkcs12SafeContents safeContents, ReadOnlySpan <char> password, PbeParameters pbeParameters)
 {
     throw new PlatformNotSupportedException();
 }
Exemple #12
0
 /// <summary>Adds a nested SafeContents to the SafeContents via a new <see cref="T:System.Security.Cryptography.Pkcs.Pkcs12SafeContentsBag" /> and returns the newly created bag instance.</summary>
 /// <param name="safeContents">The nested contents to add to the SafeContents.</param>
 /// <returns>The bag instance which was added to the SafeContents.</returns>
 /// <exception cref="T:System.ArgumentNullException">The <paramref name="safeContents" /> parameter is <see langword="null" />.</exception>
 /// <exception cref="T:System.ArgumentException">The <paramref name="safeContents" /> parameter is encrypted.</exception>
 /// <exception cref="T:System.InvalidOperationException">This instance is read-only.</exception>
 public Pkcs12SafeContentsBag AddNestedContents(Pkcs12SafeContents safeContents)
 {
     throw new PlatformNotSupportedException();
 }
Exemple #13
0
 public void AddSafeContentsEncrypted(
     Pkcs12SafeContents safeContents !!,