private static ICertificatePal[] ReadPkcs12Collection( ReadOnlySpan <byte> rawData, SafePasswordHandle password, bool ephemeralSpecified) { using (var reader = new AndroidPkcs12Reader(rawData)) { reader.Decrypt(password, ephemeralSpecified); ICertificatePal[] certs = new ICertificatePal[reader.GetCertCount()]; int idx = 0; foreach (UnixPkcs12Reader.CertAndKey certAndKey in reader.EnumerateAll()) { AndroidCertificatePal pal = (AndroidCertificatePal)certAndKey.Cert !; if (certAndKey.Key != null) { pal.SetPrivateKey(AndroidPkcs12Reader.GetPrivateKey(certAndKey.Key)); } certs[idx] = pal; idx++; } return(certs); } }
internal static partial ICertificatePal FromFile( string fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) { return(AndroidCertificatePal.FromFile(fileName, password, keyStorageFlags)); }
internal static partial ICertificatePal FromBlob( ReadOnlySpan <byte> rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) { return(AndroidCertificatePal.FromBlob(rawData, password, keyStorageFlags)); }
public AndroidCertLoader(SafeX509Handle[] certHandles) { _certs = new ICertificatePal[certHandles.Length]; for (int i = 0; i < certHandles.Length; i++) { SafeX509Handle handle = certHandles[i]; Debug.Assert(!handle.IsInvalid); _certs[i] = AndroidCertificatePal.FromHandle(handle.DangerousGetHandle()); } }
protected override ICertificatePalCore ReadX509Der(ReadOnlyMemory <byte> data) { ICertificatePal?cert; if (!AndroidCertificatePal.TryReadX509(data.Span, out cert)) { throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding); } return(cert); }
private static IntPtr GetPublicKey(ICertificatePal pal, Interop.AndroidCrypto.PAL_KeyAlgorithm algorithm) { AndroidCertificatePal certPal = (AndroidCertificatePal)pal; IntPtr ptr = Interop.AndroidCrypto.X509GetPublicKey(certPal.SafeHandle, algorithm); if (ptr == IntPtr.Zero) { throw new CryptographicException(); } return(ptr); }
// Handles both DER and PEM internal static bool TryReadX509(ReadOnlySpan <byte> rawData, [NotNullWhen(true)] out ICertificatePal?handle) { handle = null; SafeX509Handle certHandle = Interop.AndroidCrypto.X509Decode( ref MemoryMarshal.GetReference(rawData), rawData.Length); if (certHandle.IsInvalid) { certHandle.Dispose(); return(false); } handle = new AndroidCertificatePal(certHandle); return(true); }
public static ICertificatePal FromOtherCert(X509Certificate cert) { Debug.Assert(cert.Pal != null); AndroidCertificatePal certPal = (AndroidCertificatePal)cert.Pal; // Ensure private key is copied if (certPal.PrivateKeyHandle != null) { return(certPal.CopyWithPrivateKeyHandle(certPal.PrivateKeyHandle.DuplicateHandle())); } SafeX509Handle handle = new SafeX509Handle(Interop.JObjectLifetime.NewGlobalReference(certPal.Handle)); return(new AndroidCertificatePal(handle)); }
private static ICertificatePal ReadPkcs12(ReadOnlySpan <byte> rawData, SafePasswordHandle password, bool ephemeralSpecified) { using (var reader = new AndroidPkcs12Reader(rawData)) { reader.Decrypt(password, ephemeralSpecified); UnixPkcs12Reader.CertAndKey certAndKey = reader.GetSingleCert(); AndroidCertificatePal pal = (AndroidCertificatePal)certAndKey.Cert !; if (certAndKey.Key != null) { pal.SetPrivateKey(AndroidPkcs12Reader.GetPrivateKey(certAndKey.Key)); } return(pal); } }
public void Add(ICertificatePal cert) { if (_readOnly) { throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly); } AndroidCertificatePal certPal = (AndroidCertificatePal)cert; string hashString = GetCertificateHashString(cert); bool success; if (certPal.HasPrivateKey) { Interop.AndroidCrypto.PAL_KeyAlgorithm algorithm = certPal.PrivateKeyHandle switch { // The AndroidKeyStore doesn't support adding DSA private key entries in newer versions (API 23+) // Our minimum supported version (API 21) does support it, but for simplicity, we simply block adding // certificates with DSA private keys on all versions instead of trying to support it on two versions. SafeDsaHandle => throw new PlatformNotSupportedException(SR.Cryptography_X509_StoreDSAPrivateKeyNotSupported), SafeEcKeyHandle => Interop.AndroidCrypto.PAL_KeyAlgorithm.EC, SafeRsaHandle => Interop.AndroidCrypto.PAL_KeyAlgorithm.RSA, _ => throw new NotSupportedException(SR.NotSupported_KeyAlgorithm) }; success = Interop.AndroidCrypto.X509StoreAddCertificateWithPrivateKey(_keyStoreHandle, certPal.SafeHandle, certPal.PrivateKeyHandle, algorithm, hashString); } else { success = Interop.AndroidCrypto.X509StoreAddCertificate(_keyStoreHandle, certPal.SafeHandle, hashString); } if (!success) { throw new CryptographicException(SR.Cryptography_X509_StoreAddFailure); } }
public void Remove(ICertificatePal cert) { string hashString = GetCertificateHashString(cert); AndroidCertificatePal certPal = (AndroidCertificatePal)cert; if (_readOnly) { bool containsCert = Interop.AndroidCrypto.X509StoreContainsCertificate(_keyStoreHandle, certPal.SafeHandle, hashString); if (containsCert) { throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly); } // Removing a non-existent certificate is not an error return; } bool success = Interop.AndroidCrypto.X509StoreRemoveCertificate(_keyStoreHandle, certPal.SafeHandle, hashString); if (!success) { throw new CryptographicException(SR.Cryptography_X509_StoreRemoveFailure); } }
internal static partial ICertificatePal FromHandle(IntPtr handle) { return(AndroidCertificatePal.FromHandle(handle)); }
internal static partial ICertificatePal FromOtherCert(X509Certificate copyFrom) { return(AndroidCertificatePal.FromOtherCert(copyFrom)); }