private static void CheckOracleSecretBag(
Pkcs12SafeBag safeBag,
string key,
string value,
string keyId)
{
Pkcs12SecretBag secretBag = Assert.IsType <Pkcs12SecretBag>(safeBag);
Assert.Equal("1.2.840.113549.1.16.12.12", secretBag.GetSecretType().Value);
Assert.Equal(
MakeOracleKeyValuePairHex(key, value),
secretBag.SecretValue.ByteArrayToHex());
CryptographicAttributeObjectCollection attrs = secretBag.Attributes;
Assert.Equal(1, attrs.Count);
CryptographicAttributeObject firstAttr = attrs[0];
Assert.Equal(Oids.LocalKeyId, firstAttr.Oid.Value);
Assert.Equal(1, firstAttr.Values.Count);
Pkcs9LocalKeyId localKeyId = Assert.IsType <Pkcs9LocalKeyId>(firstAttr.Values[0]);
Assert.Equal(keyId, localKeyId.KeyId.ByteArrayToHex());
}
public static void HasExpectedEncode(bool withAttribute)
{
string expectedHexWithAttribute =
"303F060B2A864886F70D010C0A0105A01C301A060100A0150C1353776F726466" +
"6973682E20436C6561726C792E3112301006092A864886F70D01091531030401" +
"01";
string expectedHexNoAttribute =
"302B060B2A864886F70D010C0A0105A01C301A060100A0150C1353776F726466" +
"6973682E20436C6561726C792E";
string expectedHex = withAttribute ? expectedHexWithAttribute : expectedHexNoAttribute;
// UTF8String ("Swordfish. Clearly.")
string payloadHex = "0C1353776F7264666973682E20436C6561726C792E";
Pkcs12SafeContents contents = new Pkcs12SafeContents();
Pkcs12SecretBag bag = contents.AddSecret(new Oid("0.0", "0.0"), payloadHex.HexToByteArray());
if (withAttribute)
{
bag.Attributes.Add(new Pkcs9LocalKeyId(new byte[] { 0x01 }));
}
byte[] encoded = bag.Encode();
Assert.Equal(expectedHex, encoded.ByteArrayToHex());
Span <byte> tooBig = new byte[encoded.Length + 10];
tooBig.Fill(0xCA);
Assert.False(bag.TryEncode(tooBig.Slice(0, encoded.Length - 1), out int bytesWritten));
Assert.Equal(0, bytesWritten);
Assert.Equal(0xCA, tooBig[0]);
Assert.True(bag.TryEncode(tooBig.Slice(3), out bytesWritten));
Assert.Equal(encoded.Length, bytesWritten);
Assert.Equal(expectedHex, tooBig.Slice(3, bytesWritten).ByteArrayToHex());
tooBig.Fill(0xCA);
bytesWritten = 0;
Assert.True(bag.TryEncode(tooBig.Slice(3, encoded.Length), out bytesWritten));
Assert.Equal(encoded.Length, bytesWritten);
Assert.Equal(expectedHex, tooBig.Slice(3, bytesWritten).ByteArrayToHex());
}
public static void EncryptDecryptMixBytesAndChars(bool encryptBytes, bool withSpan)
{
Pkcs12SafeContents contents = new Pkcs12SafeContents();
contents.AddSecret(s_zeroOid, s_derNull);
string password = nameof(EncryptDecryptMixBytesAndChars);
Span <byte> passwordUtf8Bytes = stackalloc byte[password.Length];
Encoding.UTF8.GetBytes(password, passwordUtf8Bytes);
Pkcs12Builder builder = new Pkcs12Builder();
if (encryptBytes)
{
builder.AddSafeContentsEncrypted(contents, passwordUtf8Bytes, s_pbkdf2Parameters);
}
else
{
builder.AddSafeContentsEncrypted(contents, password, s_pbkdf2Parameters);
}
builder.SealWithMac(password, HashAlgorithmName.SHA1, 2048);
byte[] encoded = builder.Encode();
Pkcs12Info info = Pkcs12Info.Decode(encoded, out _, skipCopy: true);
Assert.True(info.VerifyMac(password));
ReadOnlyCollection <Pkcs12SafeContents> authSafe = info.AuthenticatedSafe;
Assert.Equal(1, authSafe.Count);
Pkcs12SafeContents readContents = authSafe[0];
Assert.Equal(
Pkcs12ConfidentialityMode.Password,
readContents.ConfidentialityMode);
if (encryptBytes)
{
if (withSpan)
{
readContents.Decrypt(password.AsSpan());
}
else
{
readContents.Decrypt(password);
}
}
else
{
if (withSpan)
{
readContents.Decrypt(passwordUtf8Bytes);
}
else
{
readContents.Decrypt(passwordUtf8Bytes.ToArray());
}
}
Assert.Equal(
Pkcs12ConfidentialityMode.None,
readContents.ConfidentialityMode);
List <Pkcs12SafeBag> bags = readContents.GetBags().ToList();
Assert.Equal(1, bags.Count);
Pkcs12SecretBag secretBag = Assert.IsType <Pkcs12SecretBag>(bags[0]);
Assert.Equal(s_zeroOid.Value, secretBag.GetSecretType().Value);
Assert.Equal(s_derNull.ByteArrayToHex(), secretBag.SecretValue.ByteArrayToHex());
}