TryRead() public static method

public static TryRead ( Microsoft.Win32.SafeHandles.SafeBioHandle fileBio, OpenSslPkcs12Reader &pkcs12Reader ) : bool
fileBio Microsoft.Win32.SafeHandles.SafeBioHandle
pkcs12Reader OpenSslPkcs12Reader
return bool
コード例 #1
0
        public X509ContentType GetCertContentType(byte[] rawData)
        {
            {
                ICertificatePal certPal;

                if (OpenSslX509CertificateReader.TryReadX509Der(rawData, out certPal) ||
                    OpenSslX509CertificateReader.TryReadX509Pem(rawData, out certPal))
                {
                    certPal.Dispose();

                    return(X509ContentType.Cert);
                }
            }

            if (PkcsFormatReader.IsPkcs7(rawData))
            {
                return(X509ContentType.Pkcs7);
            }

            {
                OpenSslPkcs12Reader pfx;

                if (OpenSslPkcs12Reader.TryRead(rawData, out pfx))
                {
                    pfx.Dispose();
                    return(X509ContentType.Pkcs12);
                }
            }

            // Unsupported format.
            // Windows throws new CryptographicException(CRYPT_E_NO_MATCH)
            throw new CryptographicException();
        }
コード例 #2
0
        public static IStorePal FromBlob(byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
        {
            OpenSslPkcs12Reader pfx;

            if (OpenSslPkcs12Reader.TryRead(rawData, out pfx))
            {
                using (pfx)
                {
                    return(PfxToCollection(pfx, password));
                }
            }

            return(null);
        }
コード例 #3
0
        public static IStorePal FromFile(string fileName, string password, X509KeyStorageFlags keyStorageFlags)
        {
            using (SafeBioHandle fileBio = Interop.libcrypto.BIO_new_file(fileName, "rb"))
            {
                Interop.libcrypto.CheckValidOpenSslHandle(fileBio);

                OpenSslPkcs12Reader pfx;

                if (OpenSslPkcs12Reader.TryRead(fileBio, out pfx))
                {
                    using (pfx)
                    {
                        return(PfxToCollection(pfx, password));
                    }
                }
            }

            return(null);
        }
コード例 #4
0
        private static bool TryReadPkcs12(
            SafeBioHandle bio,
            string password,
            bool single,
            out ICertificatePal readPal,
            out List <ICertificatePal> readCerts)
        {
            // DER-PKCS12
            OpenSslPkcs12Reader pfx;

            if (!OpenSslPkcs12Reader.TryRead(bio, out pfx))
            {
                readPal   = null;
                readCerts = null;
                return(false);
            }

            using (pfx)
            {
                return(TryReadPkcs12(pfx, password, single, out readPal, out readCerts));
            }
        }
コード例 #5
0
        private static bool TryReadPkcs12(
            byte[] rawData,
            SafePasswordHandle password,
            bool single,
            out ICertificatePal readPal,
            out List <ICertificatePal> readCerts)
        {
            // DER-PKCS12
            OpenSslPkcs12Reader pfx;

            if (!OpenSslPkcs12Reader.TryRead(rawData, out pfx))
            {
                readPal   = null;
                readCerts = null;
                return(false);
            }

            using (pfx)
            {
                return(TryReadPkcs12(pfx, password, single, out readPal, out readCerts));
            }
        }
コード例 #6
0
        private static bool TryReadPkcs12(
            ReadOnlySpan <byte> rawData,
            SafePasswordHandle password,
            bool single,
            out ICertificatePal?readPal,
            out List <ICertificatePal>?readCerts,
            out Exception?openSslException)
        {
            // DER-PKCS12
            OpenSslPkcs12Reader?pfx;

            if (!OpenSslPkcs12Reader.TryRead(rawData, out pfx, out openSslException))
            {
                readPal   = null;
                readCerts = null;
                return(false);
            }

            using (pfx)
            {
                return(TryReadPkcs12(pfx, password, single, out readPal, out readCerts));
            }
        }
コード例 #7
0
        internal static ICertificatePal FromBio(SafeBioHandle bio, string password)
        {
            // Try reading the value as: PEM-X509, DER-X509, DER-PKCS12.
            int bioPosition = Interop.NativeCrypto.BioTell(bio);

            Debug.Assert(bioPosition >= 0);

            SafeX509Handle cert = Interop.libcrypto.PEM_read_bio_X509_AUX(bio, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero);

            if (cert != null && !cert.IsInvalid)
            {
                return(new OpenSslX509CertificateReader(cert));
            }

            // Rewind, try again.
            Interop.NativeCrypto.BioSeek(bio, bioPosition);
            cert = Interop.NativeCrypto.ReadX509AsDerFromBio(bio);

            if (cert != null && !cert.IsInvalid)
            {
                return(new OpenSslX509CertificateReader(cert));
            }

            // Rewind, try again.
            Interop.NativeCrypto.BioSeek(bio, bioPosition);

            OpenSslPkcs12Reader pfx;

            if (OpenSslPkcs12Reader.TryRead(bio, out pfx))
            {
                using (pfx)
                {
                    pfx.Decrypt(password);

                    ICertificatePal first = null;

                    foreach (OpenSslX509CertificateReader certPal in pfx.ReadCertificates())
                    {
                        // When requesting an X509Certificate2 from a PFX only the first entry is
                        // returned.  Other entries should be disposed.
                        if (first == null)
                        {
                            first = certPal;
                        }
                        else
                        {
                            certPal.Dispose();
                        }
                    }

                    return(first);
                }
            }

            // Since we aren't going to finish reading, leaving the buffer where it was when we got
            // it seems better than leaving it in some arbitrary other position.
            //
            // But, before seeking back to start, save the Exception representing the last reported
            // OpenSSL error in case the last BioSeek would change it.
            Exception openSslException = Interop.libcrypto.CreateOpenSslCryptographicException();

            Interop.NativeCrypto.BioSeek(bio, bioPosition);

            throw openSslException;
        }
コード例 #8
0
        public X509ContentType GetCertContentType(string fileName)
        {
            // If we can't open the file, fail right away.
            using (SafeBioHandle fileBio = Interop.Crypto.BioNewFile(fileName, "rb"))
            {
                Interop.Crypto.CheckValidOpenSslHandle(fileBio);

                int bioPosition = Interop.Crypto.BioTell(fileBio);
                Debug.Assert(bioPosition >= 0);

                // X509ContentType.Cert
                {
                    ICertificatePal certPal;

                    if (OpenSslX509CertificateReader.TryReadX509Der(fileBio, out certPal))
                    {
                        certPal.Dispose();

                        return(X509ContentType.Cert);
                    }

                    OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition);

                    if (OpenSslX509CertificateReader.TryReadX509Pem(fileBio, out certPal))
                    {
                        certPal.Dispose();

                        return(X509ContentType.Cert);
                    }

                    OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition);
                }

                // X509ContentType.Pkcs7
                {
                    if (PkcsFormatReader.IsPkcs7Der(fileBio))
                    {
                        return(X509ContentType.Pkcs7);
                    }

                    OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition);

                    if (PkcsFormatReader.IsPkcs7Pem(fileBio))
                    {
                        return(X509ContentType.Pkcs7);
                    }

                    OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition);
                }

                // X509ContentType.Pkcs12 (aka PFX)
                {
                    OpenSslPkcs12Reader pkcs12Reader;

                    if (OpenSslPkcs12Reader.TryRead(fileBio, out pkcs12Reader))
                    {
                        pkcs12Reader.Dispose();

                        return(X509ContentType.Pkcs12);
                    }

                    OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition);
                }
            }

            // Unsupported format.
            // Windows throws new CryptographicException(CRYPT_E_NO_MATCH)
            throw new CryptographicException();
        }
コード例 #9
0
        public static unsafe ICertificatePal FromBlob(byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
        {
            // If we can see a hyphen, assume it's PEM.  Otherwise try DER-X509, then fall back to DER-PKCS12.
            SafeX509Handle cert;

            // PEM
            if (rawData[0] == '-')
            {
                using (SafeBioHandle bio = Interop.libcrypto.BIO_new(Interop.libcrypto.BIO_s_mem()))
                {
                    Interop.libcrypto.CheckValidOpenSslHandle(bio);

                    Interop.libcrypto.BIO_write(bio, rawData, rawData.Length);
                    cert = Interop.libcrypto.PEM_read_bio_X509_AUX(bio, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero);
                }

                Interop.libcrypto.CheckValidOpenSslHandle(cert);

                return(new OpenSslX509CertificateReader(cert));
            }

            // DER-X509
            cert = Interop.libcrypto.OpenSslD2I((ptr, b, i) => Interop.libcrypto.d2i_X509(ptr, b, i), rawData, checkHandle: false);

            if (!cert.IsInvalid)
            {
                return(new OpenSslX509CertificateReader(cert));
            }

            // DER-PKCS12
            OpenSslPkcs12Reader pfx;

            if (OpenSslPkcs12Reader.TryRead(rawData, out pfx))
            {
                using (pfx)
                {
                    pfx.Decrypt(password);

                    ICertificatePal first = null;

                    foreach (OpenSslX509CertificateReader certPal in pfx.ReadCertificates())
                    {
                        // When requesting an X509Certificate2 from a PFX only the first entry is
                        // returned.  Other entries should be disposed.
                        if (first == null)
                        {
                            first = certPal;
                        }
                        else
                        {
                            certPal.Dispose();
                        }
                    }

                    if (first == null)
                    {
                        throw new CryptographicException();
                    }

                    return(first);
                }
            }

            // Unsupported
            throw Interop.libcrypto.CreateOpenSslCryptographicException();
        }