public static void TestKeyTransRecipientIdValue_ExplicitSki_RoundTrip() { ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); EnvelopedCms ecms = new EnvelopedCms(contentInfo); using (X509Certificate2 cert = Certificates.RSAKeyTransfer_ExplicitSki.GetCertificate()) { CmsRecipient cmsRecipient = new CmsRecipient(SubjectIdentifierType.SubjectKeyIdentifier, cert); ecms.Encrypt(cmsRecipient); } byte[] encodedMessage = ecms.Encode(); EnvelopedCms ecms2 = new EnvelopedCms(); ecms2.Decode(encodedMessage); RecipientInfoCollection recipients = ecms2.RecipientInfos; Assert.Equal(1, recipients.Count); RecipientInfo recipientInfo = recipients[0]; Assert.IsType <KeyTransRecipientInfo>(recipientInfo); KeyTransRecipientInfo recipient = (KeyTransRecipientInfo)recipientInfo; SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; object value = subjectIdentifier.Value; Assert.IsType <string>(value); string ski = (string)value; Assert.Equal("01952851C55DB594B0C6167F5863C5B6B67AEFE6", ski); }
public void SubjectKeyIdentifier() { SubjectIdentifier si = GetSubjectIdentifier(subjectKeyIdentifierSignature); Assert.AreEqual(SubjectIdentifierType.SubjectKeyIdentifier, si.Type, "Type"); Assert.AreEqual("02E1A73254AEFDC0A43236F6FE236A037228B1F7", (string)si.Value, "SignerIdentifier.Value"); }
public static void TestKeyAgreeRecipientIdType_Ski_RoundTrip() { KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(SubjectIdentifierType.SubjectKeyIdentifier); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; Assert.Equal(SubjectIdentifierType.SubjectKeyIdentifier, subjectIdentifier.Type); }
public static void TestKeyTransRecipientIdType_RoundTrip() { KeyTransRecipientInfo recipient = EncodeKeyTransl(); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; Assert.Equal(SubjectIdentifierType.IssuerAndSerialNumber, subjectIdentifier.Type); }
public static void TestKeyTransRecipientIdType_FixedValue() { KeyTransRecipientInfo recipient = FixedValueKeyTrans1(); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; Assert.Equal(SubjectIdentifierType.IssuerAndSerialNumber, subjectIdentifier.Type); }
public static void ReuseEnvelopeCmsEncodeThenDecode() { // Test ability to encrypt, encode and decode all in one EnvelopedCms instance. ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); EnvelopedCms ecms = new EnvelopedCms(contentInfo); using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate()) { CmsRecipient cmsRecipient = new CmsRecipient(cert); ecms.Encrypt(cmsRecipient); } byte[] encodedMessage = ecms.Encode(); ecms.Decode(encodedMessage); RecipientInfoCollection recipients = ecms.RecipientInfos; Assert.Equal(1, recipients.Count); RecipientInfo recipientInfo = recipients[0]; KeyTransRecipientInfo recipient = recipientInfo as KeyTransRecipientInfo; Assert.NotNull(recipientInfo); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; object value = subjectIdentifier.Value; Assert.True(value is X509IssuerSerial); X509IssuerSerial xis = (X509IssuerSerial)value; Assert.Equal("CN=RSAKeyTransfer1", xis.IssuerName); Assert.Equal("31D935FB63E8CFAB48A0BF7B397B67C0", xis.SerialNumber); }
public static void TestKeyTransRecipientIdType_Ski_FixedValue() { KeyTransRecipientInfo recipient = FixedValueKeyTrans1(SubjectIdentifierType.SubjectKeyIdentifier); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; Assert.Equal(SubjectIdentifierType.SubjectKeyIdentifier, subjectIdentifier.Type); }
public static void TestKeyTransRecipientIdType_Ski_RoundTrip() { KeyTransRecipientInfo recipient = EncodeKeyTransl(SubjectIdentifierType.SubjectKeyIdentifier); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; Assert.Equal(SubjectIdentifierType.SubjectKeyIdentifier, subjectIdentifier.Type); }
private Exception TryDecryptAgree(KeyAgreeRecipientInfo keyAgreeRecipientInfo, SafeProvOrNCryptKeyHandle hKey, CryptKeySpec keySpec, X509Certificate2Collection originatorCerts, X509Certificate2Collection extraStore) { unsafe { KeyAgreeRecipientInfoPalWindows pal = (KeyAgreeRecipientInfoPalWindows)(keyAgreeRecipientInfo.Pal); return(pal.WithCmsgCmsRecipientInfo <Exception>( delegate(CMSG_KEY_AGREE_RECIPIENT_INFO * pKeyAgreeRecipientInfo) { CMSG_CTRL_KEY_AGREE_DECRYPT_PARA decryptPara = default(CMSG_CTRL_KEY_AGREE_DECRYPT_PARA); decryptPara.cbSize = Marshal.SizeOf <CMSG_CTRL_KEY_AGREE_DECRYPT_PARA>(); decryptPara.hProv = hKey; decryptPara.dwKeySpec = keySpec; decryptPara.pKeyAgree = pKeyAgreeRecipientInfo; decryptPara.dwRecipientIndex = pal.Index; decryptPara.dwRecipientEncryptedKeyIndex = pal.SubIndex; CMsgKeyAgreeOriginatorChoice originatorChoice = pKeyAgreeRecipientInfo->dwOriginatorChoice; switch (originatorChoice) { case CMsgKeyAgreeOriginatorChoice.CMSG_KEY_AGREE_ORIGINATOR_CERT: { X509Certificate2Collection candidateCerts = new X509Certificate2Collection(); candidateCerts.AddRange(Helpers.GetStoreCertificates(StoreName.AddressBook, StoreLocation.CurrentUser, openExistingOnly: true)); candidateCerts.AddRange(Helpers.GetStoreCertificates(StoreName.AddressBook, StoreLocation.LocalMachine, openExistingOnly: true)); candidateCerts.AddRange(originatorCerts); candidateCerts.AddRange(extraStore); SubjectIdentifier originatorId = pKeyAgreeRecipientInfo->OriginatorCertId.ToSubjectIdentifier(); using (X509Certificate2 originatorCert = candidateCerts.TryFindMatchingCertificate(originatorId)) { if (originatorCert == null) { return ErrorCode.CRYPT_E_NOT_FOUND.ToCryptographicException(); } using (SafeCertContextHandle hCertContext = originatorCert.CreateCertContextHandle()) { CERT_CONTEXT *pOriginatorCertContext = hCertContext.DangerousGetCertContext(); decryptPara.OriginatorPublicKey = pOriginatorCertContext->pCertInfo->SubjectPublicKeyInfo.PublicKey; // Do not factor this call out of the switch statement as leaving this "using" block will free up // native memory that decryptPara points to. return TryExecuteDecryptAgree(ref decryptPara); } } } case CMsgKeyAgreeOriginatorChoice.CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY: { decryptPara.OriginatorPublicKey = pKeyAgreeRecipientInfo->OriginatorPublicKeyInfo.PublicKey; return TryExecuteDecryptAgree(ref decryptPara); } default: return new CryptographicException(SR.Format(SR.Cryptography_Cms_Invalid_Originator_Identifier_Choice, originatorChoice)); } })); } }
public void IssuerAndSerialNumber() { SubjectIdentifier si = GetSubjectIdentifier(issuerAndSerialNumberSignature); Assert.AreEqual(SubjectIdentifierType.IssuerAndSerialNumber, si.Type, "SignerIdentifier.Type"); Assert.IsTrue((si.Value.GetType() == typeof(X509IssuerSerial)), "SignerIdentifier.Value"); X509IssuerSerial xis = (X509IssuerSerial)si.Value; Assert.AreEqual("CN=Motus Technologies inc.(test)", xis.IssuerName, "X509IssuerSerial.IssuerName"); Assert.AreEqual("91C44B0DB7D81084422671B397B50097", xis.SerialNumber, "X509IssuerSerial.SerialNumber"); }
public static void TestKeyTransRecipientIdValue_Ski_FixedValue() { KeyTransRecipientInfo recipient = FixedValueKeyTrans1(SubjectIdentifierType.SubjectKeyIdentifier); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; object value = subjectIdentifier.Value; Assert.True(value is string); string ski = (string)value; Assert.Equal("F2008AA9FA3742E8370CB1674CE1D1582921DCC3", ski); }
public static void TestKeyAgreeRecipientIdValue_Ski_FixedValue() { KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(SubjectIdentifierType.SubjectKeyIdentifier); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; object value = subjectIdentifier.Value; Assert.True(value is string); string ski = (string)value; Assert.Equal("10DA1370316788112EB8594C864C2420AE7FBA42", ski); }
public static void TestKeyTransRecipientIdValue_FixedValue() { KeyTransRecipientInfo recipient = FixedValueKeyTrans1(); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; object value = subjectIdentifier.Value; Assert.True(value is X509IssuerSerial); X509IssuerSerial xis = (X509IssuerSerial)value; Assert.Equal("CN=RSAKeyTransfer1", xis.IssuerName); Assert.Equal("31D935FB63E8CFAB48A0BF7B397B67C0", xis.SerialNumber); }
public static void TestKeyAgreeRecipientIdValue_FixedValue() { KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; object value = subjectIdentifier.Value; Assert.True(value is X509IssuerSerial); X509IssuerSerial xis = (X509IssuerSerial)value; Assert.Equal("CN=\"Managed PKCS#7 Test Root Authority\"", xis.IssuerName); Assert.Equal("0AE59B0CB8119F8942EDA74163413A02", xis.SerialNumber); }
public static void ReuseEnvelopeCmsDecodeThenEncode() { byte[] encodedMessage = ("3082010c06092a864886f70d010703a081fe3081fb0201003181c83081c5020100302e301a311830160603550403130f5253" + "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d01010105000481805e" + "bb2d08773594be9ec5d30c0707cf339f2b982a4f0797b74d520a0c973d668a9a6ad9d28066ef36e5b5620fef67f4d79ee50c" + "25eb999f0c656548347d5676ac4b779f8fce2b87e6388fbe483bb0fcf78ab1f1ff29169600401fded7b2803a0bf96cc160c4" + "96726216e986869eed578bda652855c85604a056201538ee56b6c4302b06092a864886f70d010701301406082a864886f70d" + "030704083adadf63cd297a86800835edc437e31d0b70").HexToByteArray(); EnvelopedCms ecms = new EnvelopedCms(); ecms.Decode(encodedMessage); using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate()) { CmsRecipient cmsRecipient = new CmsRecipient(cert); ecms.Encrypt(cmsRecipient); } encodedMessage = ecms.Encode(); ecms.Decode(encodedMessage); RecipientInfoCollection recipients = ecms.RecipientInfos; Assert.Equal(1, recipients.Count); RecipientInfo recipientInfo = recipients[0]; KeyTransRecipientInfo recipient = recipientInfo as KeyTransRecipientInfo; Assert.NotNull(recipientInfo); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; object value = subjectIdentifier.Value; Assert.True(value is X509IssuerSerial); X509IssuerSerial xis = (X509IssuerSerial)value; Assert.Equal("CN=RSAKeyTransfer1", xis.IssuerName); Assert.Equal("31D935FB63E8CFAB48A0BF7B397B67C0", xis.SerialNumber); }
public static SubjectIdentifierOrKey ToSubjectIdentifierOrKey(this CERT_ID certId) { // // SubjectIdentifierOrKey is just a SubjectIdentifier with an (irrelevant here) "key" option thumbtacked onto it so // the easiest way is to subcontract the job to SubjectIdentifier. // SubjectIdentifier subjectIdentifier = certId.ToSubjectIdentifier(); SubjectIdentifierType subjectIdentifierType = subjectIdentifier.Type; switch (subjectIdentifierType) { case SubjectIdentifierType.IssuerAndSerialNumber: return(new SubjectIdentifierOrKey(SubjectIdentifierOrKeyType.IssuerAndSerialNumber, subjectIdentifier.Value)); case SubjectIdentifierType.SubjectKeyIdentifier: return(new SubjectIdentifierOrKey(SubjectIdentifierOrKeyType.SubjectKeyIdentifier, subjectIdentifier.Value)); default: Debug.Fail("Only the framework can construct SubjectIdentifier's so if we got a bad value here, that's our fault."); throw new CryptographicException(SR.Format(SR.Cryptography_Cms_Invalid_Subject_Identifier_Type, subjectIdentifierType)); } }
private void Reset(uint originatorChoice, uint version, CAPI.CMSG_RECIPIENT_ENCRYPTED_KEY_INFO encryptedKeyInfo, uint subIndex) { this.m_encryptedKeyInfo = encryptedKeyInfo; this.m_originatorChoice = originatorChoice; this.m_version = (int)version; this.m_originatorIdentifier = (SubjectIdentifierOrKey)null; this.m_userKeyMaterial = new byte[0]; this.m_encryptionAlgorithm = (AlgorithmIdentifier)null; this.m_recipientIdentifier = (SubjectIdentifier)null; this.m_encryptedKey = new byte[0]; this.m_date = DateTime.MinValue; this.m_otherKeyAttribute = (CryptographicAttributeObject)null; this.m_subIndex = subIndex; }
/// <summary> /// Desktop compat: We do not complain about multiple matches. Just take the first one and ignore the rest. /// </summary> public static X509Certificate2 TryFindMatchingCertificate(this X509Certificate2Collection certs, SubjectIdentifier recipientIdentifier) { // // Note: SubjectIdentifier has no public constructor so the only one that can construct this type is this assembly. // Therefore, we trust that the string-ized byte array (serial or ski) in it is correct and canonicalized. // SubjectIdentifierType recipientIdentifierType = recipientIdentifier.Type; switch (recipientIdentifierType) { case SubjectIdentifierType.IssuerAndSerialNumber: { X509IssuerSerial issuerSerial = (X509IssuerSerial)(recipientIdentifier.Value); byte[] serialNumber = issuerSerial.SerialNumber.ToSerialBytes(); string issuer = issuerSerial.IssuerName; foreach (X509Certificate2 candidate in certs) { byte[] candidateSerialNumber = candidate.GetSerialNumber(); if (AreByteArraysEqual(candidateSerialNumber, serialNumber) && candidate.Issuer == issuer) { return(candidate); } } } break; case SubjectIdentifierType.SubjectKeyIdentifier: { string skiString = (string)(recipientIdentifier.Value); byte[] ski = skiString.ToSkiBytes(); foreach (X509Certificate2 cert in certs) { byte[] candidateSki = PkcsPal.Instance.GetSubjectKeyIdentifier(cert); if (AreByteArraysEqual(ski, candidateSki)) { return(cert); } } } break; default: // RecipientInfo's can only be created by this package so if this an invalid type, it's the package's fault. Debug.Fail($"Invalid recipientIdentifier type: {recipientIdentifierType}"); throw new CryptographicException(); } return(null); }
/// <summary> /// Note: Due to its use of X509Certificate2Collection.Find(), this returns a cloned certificate. So the caller should dispose it. /// </summary> public static X509Certificate2 TryFindMatchingCertificate(this X509Certificate2Collection certs, SubjectIdentifier recipientIdentifier) { SubjectIdentifierType recipientIdentifierType = recipientIdentifier.Type; switch (recipientIdentifierType) { case SubjectIdentifierType.IssuerAndSerialNumber: { X509IssuerSerial issuerSerial = (X509IssuerSerial)(recipientIdentifier.Value); using (ClonedCertificates matches1 = certs.FindCertificates(X509FindType.FindBySerialNumber, issuerSerial.SerialNumber)) { using (ClonedCertificates matches2 = matches1.FindCertificates(X509FindType.FindByIssuerDistinguishedName, issuerSerial.IssuerName)) { // Desktop compat: We do not complain about multiple matches. Just take the first one and ignore the rest. return(matches2.Any ? matches2.ClaimResult() : null); } } } case SubjectIdentifierType.SubjectKeyIdentifier: { string ski = (string)(recipientIdentifier.Value); using (ClonedCertificates matches = certs.FindCertificates(X509FindType.FindBySubjectKeyIdentifier, ski)) { // Desktop compat: We do not complain about multiple matches. Just take the first one and ignore the rest. return(matches.Any ? matches.ClaimResult() : null); } } default: // RecipientInfo's can only be created by this package so if this an invalid type, it's the package's fault. Debug.Fail($"Invalid recipientIdentifier type: {recipientIdentifierType}"); throw new CryptographicException(); } }
/// <summary>验证数据,通过抛出异常的方式提示验证失败。</summary> /// <param name="isNew">是否插入</param> public override void Valid(Boolean isNew) { // 如果没有脏数据,则不需要进行任何处理 if (!HasDirty) { return; } // 这里验证参数范围,建议抛出参数异常,指定参数名,前端用户界面可以捕获参数异常并聚焦到对应的参数输入框 if (When.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(When), "When不能为空!"); } if (Source.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(Source), "Source不能为空!"); } if (SubjectType.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(SubjectType), "SubjectType不能为空!"); } if (SubjectIdentifier.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(SubjectIdentifier), "SubjectIdentifier不能为空!"); } if (Subject.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(Subject), "Subject不能为空!"); } if (Action.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(Action), "Action不能为空!"); } if (ResourceType.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(ResourceType), "ResourceType不能为空!"); } if (Resource.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(Resource), "Resource不能为空!"); } if (ResourceIdentifier.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(ResourceIdentifier), "ResourceIdentifier不能为空!"); } if (NormalisedSubject.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(NormalisedSubject), "NormalisedSubject不能为空!"); } if (NormalisedAction.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(NormalisedAction), "NormalisedAction不能为空!"); } if (NormalisedResource.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(NormalisedResource), "NormalisedResource不能为空!"); } if (NormalisedSource.IsNullOrEmpty()) { throw new ArgumentNullException(nameof(NormalisedSource), "NormalisedSource不能为空!"); } // 在新插入数据或者修改了指定字段时进行修正 }
private void Reset(int version) { this.m_version = version; this.m_recipientIdentifier = (SubjectIdentifier)null; this.m_encryptionAlgorithm = (AlgorithmIdentifier)null; this.m_encryptedKey = new byte[0]; }