public ManagedDecryptorPal(
byte[] dataCopy,
EnvelopedDataAsn envelopedDataAsn,
RecipientInfoCollection recipientInfos)
: base(recipientInfos)
{
_dataCopy = dataCopy;
_envelopedData = envelopedDataAsn;
}
public override DecryptorPal Decode(
byte[] encodedMessage,
out int version,
out ContentInfo contentInfo,
out AlgorithmIdentifier contentEncryptionAlgorithm,
out X509Certificate2Collection originatorCerts,
out CryptographicAttributeObjectCollection unprotectedAttributes)
{
// Read using BER because the CMS specification says the encoding is BER.
AsnValueReader reader = new AsnValueReader(encodedMessage, AsnEncodingRules.BER);
ContentInfoAsn.Decode(
ref reader,
encodedMessage,
out ContentInfoAsn parsedContentInfo);
if (parsedContentInfo.ContentType != Oids.Pkcs7Enveloped)
{
throw new CryptographicException(SR.Cryptography_Cms_InvalidMessageType);
}
byte[] copy = parsedContentInfo.Content.ToArray();
EnvelopedDataAsn data = EnvelopedDataAsn.Decode(copy, AsnEncodingRules.BER);
version = data.Version;
contentInfo = new ContentInfo(
new Oid(data.EncryptedContentInfo.ContentType),
data.EncryptedContentInfo.EncryptedContent?.ToArray() ?? Array.Empty <byte>());
contentEncryptionAlgorithm =
data.EncryptedContentInfo.ContentEncryptionAlgorithm.ToPresentationObject();
originatorCerts = new X509Certificate2Collection();
if (data.OriginatorInfo.HasValue && data.OriginatorInfo.Value.CertificateSet != null)
{
foreach (CertificateChoiceAsn certChoice in data.OriginatorInfo.Value.CertificateSet)
{
if (certChoice.Certificate != null)
{
originatorCerts.Add(new X509Certificate2(certChoice.Certificate.Value.ToArray()));
}
}
}
unprotectedAttributes = SignerInfo.MakeAttributeCollection(data.UnprotectedAttributes);
var recipientInfos = new List <RecipientInfo>();
foreach (RecipientInfoAsn recipientInfo in data.RecipientInfos)
{
if (recipientInfo.Ktri.HasValue)
{
recipientInfos.Add(new KeyTransRecipientInfo(new ManagedKeyTransPal(recipientInfo.Ktri.Value)));
}
else if (recipientInfo.Kari.HasValue)
{
for (int i = 0; i < recipientInfo.Kari.Value.RecipientEncryptedKeys.Length; i++)
{
recipientInfos.Add(
new KeyAgreeRecipientInfo(new ManagedKeyAgreePal(recipientInfo.Kari.Value, i)));
}
}
else
{
Debug.Fail($"{nameof(RecipientInfoAsn)} deserialized with an unknown recipient type");
throw new CryptographicException();
}
}
return(new ManagedDecryptorPal(copy, data, new RecipientInfoCollection(recipientInfos)));
}
private byte[] Encrypt(
CmsRecipientCollection recipients,
ContentInfo contentInfo,
AlgorithmIdentifier contentEncryptionAlgorithm,
X509Certificate2Collection originatorCerts,
CryptographicAttributeObjectCollection unprotectedAttributes,
byte[] encryptedContent,
byte[] cek,
byte[] parameterBytes)
{
EnvelopedDataAsn envelopedData = new EnvelopedDataAsn
{
EncryptedContentInfo =
{
ContentType = contentInfo.ContentType.Value,
ContentEncryptionAlgorithm =
{
Algorithm = contentEncryptionAlgorithm.Oid,
Parameters = parameterBytes,
},
EncryptedContent = encryptedContent,
},
};
if (unprotectedAttributes != null && unprotectedAttributes.Count > 0)
{
List <AttributeAsn> attrList = CmsSigner.BuildAttributes(unprotectedAttributes);
envelopedData.UnprotectedAttributes = Helpers.NormalizeSet(attrList.ToArray());
}
if (originatorCerts != null && originatorCerts.Count > 0)
{
CertificateChoiceAsn[] certs = new CertificateChoiceAsn[originatorCerts.Count];
for (int i = 0; i < originatorCerts.Count; i++)
{
certs[i].Certificate = originatorCerts[i].RawData;
}
envelopedData.OriginatorInfo = new OriginatorInfoAsn
{
CertificateSet = certs,
};
}
envelopedData.RecipientInfos = new RecipientInfoAsn[recipients.Count];
bool allRecipientsVersion0 = true;
for (var i = 0; i < recipients.Count; i++)
{
CmsRecipient recipient = recipients[i];
bool v0Recipient;
switch (recipient.Certificate.GetKeyAlgorithm())
{
case Oids.Rsa:
envelopedData.RecipientInfos[i].Ktri = MakeKtri(cek, recipient, out v0Recipient);
break;
default:
throw new CryptographicException(
SR.Cryptography_Cms_UnknownAlgorithm,
recipient.Certificate.GetKeyAlgorithm());
}
allRecipientsVersion0 = allRecipientsVersion0 && v0Recipient;
}
// https://tools.ietf.org/html/rfc5652#section-6.1
//
// v4 (RFC 3852):
// * OriginatorInfo contains certificates with type other (not supported)
// * OriginatorInfo contains crls with type other (not supported)
// v3 (RFC 3369):
// * OriginatorInfo contains v2 attribute certificates (not supported)
// * Any PWRI (password) recipients are present (not supported)
// * Any ORI (other) recipients are present (not supported)
// v2 (RFC 2630):
// * OriginatorInfo is present
// * Any RecipientInfo has a non-zero version number
// * UnprotectedAttrs is present
// v1 (not defined for EnvelopedData)
// v0 (RFC 2315):
// * Anything not already matched
if (envelopedData.OriginatorInfo != null ||
!allRecipientsVersion0 ||
envelopedData.UnprotectedAttributes != null)
{
envelopedData.Version = 2;
}
return(Helpers.EncodeContentInfo(envelopedData, Oids.Pkcs7Enveloped));
}
