private static ICertificatePal[] ReadPkcs12Collection( ReadOnlySpan <byte> rawData, SafePasswordHandle password, bool ephemeralSpecified) { using (var reader = new AndroidPkcs12Reader(rawData)) { reader.Decrypt(password, ephemeralSpecified); ICertificatePal[] certs = new ICertificatePal[reader.GetCertCount()]; int idx = 0; foreach (UnixPkcs12Reader.CertAndKey certAndKey in reader.EnumerateAll()) { AndroidCertificatePal pal = (AndroidCertificatePal)certAndKey.Cert !; if (certAndKey.Key != null) { pal.SetPrivateKey(AndroidPkcs12Reader.GetPrivateKey(certAndKey.Key)); } certs[idx] = pal; idx++; } return(certs); } }
public static ICertificatePal FromOtherCert(X509Certificate cert) { Debug.Assert(cert.Pal != null); // Ensure private key is copied AndroidCertificatePal certPal = (AndroidCertificatePal)cert.Pal; return(certPal.DuplicateHandles()); }
public AndroidCertLoader(SafeX509Handle[] certHandles) { _certs = new ICertificatePal[certHandles.Length]; for (int i = 0; i < certHandles.Length; i++) { SafeX509Handle handle = certHandles[i]; Debug.Assert(!handle.IsInvalid); _certs[i] = AndroidCertificatePal.FromHandle(handle.DangerousGetHandle()); } }
protected override ICertificatePalCore ReadX509Der(ReadOnlyMemory <byte> data) { ICertificatePal?cert; if (!AndroidCertificatePal.TryReadX509(data.Span, out cert)) { throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding); } return(cert); }
private static IntPtr GetPublicKey(ICertificatePal pal, Interop.AndroidCrypto.PAL_KeyAlgorithm algorithm) { AndroidCertificatePal certPal = (AndroidCertificatePal)pal; IntPtr ptr = Interop.AndroidCrypto.X509GetPublicKey(certPal.SafeHandle, algorithm); if (ptr == IntPtr.Zero) { throw new CryptographicException(); } return(ptr); }
private SafeEcKeyHandle DecodeECPublicKey(ICertificatePal pal) { AndroidCertificatePal certPal = (AndroidCertificatePal)pal; IntPtr ptr = Interop.AndroidCrypto.X509GetPublicKey(certPal.SafeHandle, Interop.AndroidCrypto.PAL_KeyAlgorithm.EC); if (ptr == IntPtr.Zero) { throw new CryptographicException(); } return(new SafeEcKeyHandle(ptr)); }
public void MoveTo(X509Certificate2Collection collection) { for (int i = 0; i < _certs.Length; i++) { SafeX509Handle handle = _certs[i]; System.Diagnostics.Debug.Assert(!handle.IsInvalid); ICertificatePal certPal = AndroidCertificatePal.FromHandle(handle.DangerousGetHandle()); X509Certificate2 cert = new X509Certificate2(certPal); collection.Add(cert); } }
private static ICertificatePal ReadPkcs12(ReadOnlySpan <byte> rawData, SafePasswordHandle password) { using (var reader = new AndroidPkcs12Reader(rawData)) { reader.Decrypt(password); UnixPkcs12Reader.CertAndKey certAndKey = reader.GetSingleCert(); AndroidCertificatePal pal = (AndroidCertificatePal)certAndKey.Cert !; if (certAndKey.Key != null) { pal.SetPrivateKey(AndroidPkcs12Reader.GetPrivateKey(certAndKey.Key)); } return(pal); } }
public static ICertificatePal FromOtherCert(X509Certificate cert) { Debug.Assert(cert.Pal != null); AndroidCertificatePal certPal = (AndroidCertificatePal)cert.Pal; // Ensure private key is copied if (certPal.PrivateKeyHandle != null) { return(certPal.CopyWithPrivateKeyHandle(certPal.PrivateKeyHandle.DuplicateHandle())); } SafeX509Handle handle = new SafeX509Handle(Interop.JObjectLifetime.NewGlobalReference(certPal.Handle)); return(new AndroidCertificatePal(handle)); }
// Handles both DER and PEM internal static bool TryReadX509(ReadOnlySpan <byte> rawData, [NotNullWhen(true)] out ICertificatePal?handle) { handle = null; SafeX509Handle certHandle = Interop.AndroidCrypto.X509Decode( ref MemoryMarshal.GetReference(rawData), rawData.Length); if (certHandle.IsInvalid) { certHandle.Dispose(); return(false); } handle = new AndroidCertificatePal(certHandle); return(true); }
public void Add(ICertificatePal cert) { if (_readOnly) { throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly); } AndroidCertificatePal certPal = (AndroidCertificatePal)cert; string hashString = GetCertificateHashString(cert); bool success; if (certPal.HasPrivateKey) { Interop.AndroidCrypto.PAL_KeyAlgorithm algorithm = certPal.PrivateKeyHandle switch { // The AndroidKeyStore doesn't support adding DSA private key entries in newer versions (API 23+) // Our minimum supported version (API 21) does support it, but for simplicity, we simply block adding // certificates with DSA private keys on all versions instead of trying to support it on two versions. SafeDsaHandle _ => throw new PlatformNotSupportedException(SR.Cryptography_X509_StoreDSAPrivateKeyNotSupported), SafeEcKeyHandle _ => Interop.AndroidCrypto.PAL_KeyAlgorithm.EC, SafeRsaHandle _ => Interop.AndroidCrypto.PAL_KeyAlgorithm.RSA, _ => throw new NotSupportedException(SR.NotSupported_KeyAlgorithm) }; success = Interop.AndroidCrypto.X509StoreAddCertificateWithPrivateKey(_keyStoreHandle, certPal.SafeHandle, certPal.PrivateKeyHandle, algorithm, hashString); } else { success = Interop.AndroidCrypto.X509StoreAddCertificate(_keyStoreHandle, certPal.SafeHandle, hashString); } if (!success) { throw new CryptographicException(SR.Cryptography_X509_StoreAddFailure); } }
public void Remove(ICertificatePal cert) { string hashString = GetCertificateHashString(cert); AndroidCertificatePal certPal = (AndroidCertificatePal)cert; if (_readOnly) { bool containsCert = Interop.AndroidCrypto.X509StoreContainsCertificate(_keyStoreHandle, certPal.SafeHandle, hashString); if (containsCert) { throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly); } // Removing a non-existent certificate is not an error return; } bool success = Interop.AndroidCrypto.X509StoreRemoveCertificate(_keyStoreHandle, certPal.SafeHandle, hashString); if (!success) { throw new CryptographicException(SR.Cryptography_X509_StoreRemoveFailure); } }
protected override X509Certificate2 CloneCertificate(X509Certificate2 cert) { return(new X509Certificate2(AndroidCertificatePal.FromOtherCert(cert))); }
public static ICertificatePal FromOtherCert(X509Certificate cert) { return(AndroidCertificatePal.FromOtherCert(cert)); }
public static ICertificatePal FromFile(string fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) { return(AndroidCertificatePal.FromFile(fileName, password, keyStorageFlags)); }
public static ICertificatePal FromBlob(ReadOnlySpan <byte> rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) { return(AndroidCertificatePal.FromBlob(rawData, password, keyStorageFlags)); }
protected override byte[] GetSubjectPublicKeyInfo(X509Certificate2 cert) { AndroidCertificatePal pal = (AndroidCertificatePal)cert.Pal; return(pal.SubjectPublicKeyInfo); }
public static ICertificatePal FromHandle(IntPtr handle) { return(AndroidCertificatePal.FromHandle(handle)); }