/// <summary> /// Checks if an <see cref="X509Certificate2Collection"/> object contains a given <see cref="X509Certificate2"/> /// by comparing <see cref="X509Certificate2.RawData"/>, byte-by-byte. /// </summary> /// <param name="collection">An <see cref="X509Certificate2Collection"/> object.</param> /// <param name="certificate">A <see cref="X509Certificate2"/> object.</param> /// <returns>true if <paramref name="collection"/> contains <paramref name="collection"/>, false otherwise.</returns> internal static bool CollectionContainsCertificate(X509Certificate2Collection collection, X509Certificate2 certificate) { if (collection == null || certificate == null || certificate.Handle == IntPtr.Zero) { return(false); } var certificateRawData = certificate.RawData; for (int i = 0; i < collection.Count; i++) { if (collection[i].Handle == IntPtr.Zero) { continue; } var memberCertificateRawData = collection[i].RawData; if (CryptoHelper.IsEqual(memberCertificateRawData, certificateRawData)) { return(true); } } return(false); }
private void VerifySignature(KeyedHashAlgorithm hash) { this.Signature.SignedInfo.ComputeHash(hash); if (!CryptoHelper.IsEqual(hash.Hash, this.GetSignatureValue())) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(System.IdentityModel.SR.GetString("SignatureVerificationFailed"))); } }
public bool EnsureDigestValidityIfIdMatches(string id, byte[] computedDigest) { if (this.verified || (id != this.ExtractReferredId())) { return(false); } if (!CryptoHelper.IsEqual(computedDigest, this.GetDigestValue())) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(System.IdentityModel.SR.GetString("DigestVerificationFailedForReference", new object[] { this.uri }))); } this.verified = true; return(true); }
public bool CheckDigest() { return(CryptoHelper.IsEqual(this.ComputeDigest(), this.GetDigestValue())); }
/// <summary> /// Decrypts data using the provided RSA key(s) to decrypt an AES key, which decrypts the cookie. /// </summary> /// <param name="encoded">The encoded data</param> /// <returns>The decoded data</returns> /// <exception cref="ArgumentNullException">The argument 'encoded' is null.</exception> /// <exception cref="ArgumentException">The argument 'encoded' contains zero bytes.</exception> /// <exception cref="NotSupportedException">The platform does not support the requested algorithm.</exception> /// <exception cref="InvalidOperationException">There are no decryption keys or none of the keys match.</exception> public override byte[] Decode(byte[] encoded) { if (null == encoded) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("encoded"); } if (0 == encoded.Length) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("encoded", SR.GetString(SR.ID6045)); } ReadOnlyCollection <RSA> decryptionKeys = DecryptionKeys; if (0 == decryptionKeys.Count) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID6039)); } byte[] encryptedKeyAndIV; byte[] encryptedData; byte[] rsaHash; RSA rsaDecryptionKey = null; using (HashAlgorithm hash = CryptoHelper.CreateHashAlgorithm(_hashName)) { int hashSizeInBytes = hash.HashSize / 8; using (BinaryReader br = new BinaryReader(new MemoryStream(encoded))) { rsaHash = br.ReadBytes(hashSizeInBytes); int encryptedKeyAndIVSize = br.ReadInt32(); if (encryptedKeyAndIVSize < 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new FormatException(SR.GetString(SR.ID1006, encryptedKeyAndIVSize))); } // // Enforce upper limit on key size to prevent large buffer allocation in br.ReadBytes() // if (encryptedKeyAndIVSize > encoded.Length) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new FormatException(SR.GetString(SR.ID1007))); } encryptedKeyAndIV = br.ReadBytes(encryptedKeyAndIVSize); int encryptedDataSize = br.ReadInt32(); if (encryptedDataSize < 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new FormatException(SR.GetString(SR.ID1008, encryptedDataSize))); } // // Enforce upper limit on data size to prevent large buffer allocation in br.ReadBytes() // if (encryptedDataSize > encoded.Length) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new FormatException(SR.GetString(SR.ID1009))); } encryptedData = br.ReadBytes(encryptedDataSize); } // // Find the decryption key matching the one in XML // foreach (RSA key in decryptionKeys) { byte[] hashedKey = hash.ComputeHash(Encoding.UTF8.GetBytes(key.ToXmlString(false))); if (CryptoHelper.IsEqual(hashedKey, rsaHash)) { rsaDecryptionKey = key; break; } } } if (rsaDecryptionKey == null) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID6040)); } byte[] decryptedKeyAndIV = CngLightup.OaepSha1Decrypt(rsaDecryptionKey, encryptedKeyAndIV); using (SymmetricAlgorithm symmetricAlgorithm = CryptoHelper.NewDefaultEncryption()) { byte[] decryptionKey = new byte[symmetricAlgorithm.KeySize / 8]; // // Ensure there is sufficient length in the descrypted key and IV buffer for an IV. // if (decryptedKeyAndIV.Length < decryptionKey.Length) { throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID6047, decryptedKeyAndIV.Length, decryptionKey.Length)); } byte[] decryptionIV = new byte[decryptedKeyAndIV.Length - decryptionKey.Length]; // // Copy key into its own buffer. // The remaining bytes are the IV copy those into a buffer as well. // Array.Copy(decryptedKeyAndIV, decryptionKey, decryptionKey.Length); Array.Copy(decryptedKeyAndIV, decryptionKey.Length, decryptionIV, 0, decryptionIV.Length); using (ICryptoTransform decryptor = symmetricAlgorithm.CreateDecryptor(decryptionKey, decryptionIV)) { return(decryptor.TransformFinalBlock(encryptedData, 0, encryptedData.Length)); } } }