public static ICertificatePal FromBlob(ReadOnlySpan <byte> rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) { Debug.Assert(password != null); ICertificatePal?cert; Exception? openSslException; bool ephemeralSpecified = keyStorageFlags.HasFlag(X509KeyStorageFlags.EphemeralKeySet); if (TryReadX509Der(rawData, out cert) || TryReadX509Pem(rawData, out cert) || OpenSslPkcsFormatReader.TryReadPkcs7Der(rawData, out cert) || OpenSslPkcsFormatReader.TryReadPkcs7Pem(rawData, out cert) || OpenSslPkcsFormatReader.TryReadPkcs12(rawData, password, ephemeralSpecified, out cert, out openSslException)) { if (cert == null) { // Empty collection, most likely. throw new CryptographicException(); } return(cert); } // Unsupported Debug.Assert(openSslException != null); throw openSslException; }
public static ICertificatePal FromFile(string fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) { ICertificatePal?pal; bool ephemeralSpecified = keyStorageFlags.HasFlag(X509KeyStorageFlags.EphemeralKeySet); // If we can't open the file, fail right away. using (SafeBioHandle fileBio = Interop.Crypto.BioNewFile(fileName, "rb")) { Interop.Crypto.CheckValidOpenSslHandle(fileBio); pal = FromBio(fileBio); } if (pal == null) { OpenSslPkcsFormatReader.TryReadPkcs12( File.ReadAllBytes(fileName), password, ephemeralSpecified, out pal, out Exception? exception); if (exception != null) { throw exception; } Debug.Assert(pal != null); } return(pal); }
internal static partial ILoaderPal FromBlob(ReadOnlySpan <byte> rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) { Debug.Assert(password != null); ICertificatePal?singleCert; bool ephemeralSpecified = keyStorageFlags.HasFlag(X509KeyStorageFlags.EphemeralKeySet); if (OpenSslX509CertificateReader.TryReadX509Der(rawData, out singleCert) || OpenSslX509CertificateReader.TryReadX509Pem(rawData, out singleCert)) { // The single X509 structure methods shouldn't return true and out null, only empty // collections have that behavior. Debug.Assert(singleCert != null); return(SingleCertToLoaderPal(singleCert)); } List <ICertificatePal>?certPals; Exception?openSslException; if (OpenSslPkcsFormatReader.TryReadPkcs7Der(rawData, out certPals) || OpenSslPkcsFormatReader.TryReadPkcs7Pem(rawData, out certPals) || OpenSslPkcsFormatReader.TryReadPkcs12(rawData, password, ephemeralSpecified, out certPals, out openSslException)) { Debug.Assert(certPals != null); return(ListToLoaderPal(certPals)); } Debug.Assert(openSslException != null); throw openSslException; }
public X509ContentType GetCertContentType(ReadOnlySpan <byte> rawData) { { ICertificatePal?certPal; if (OpenSslX509CertificateReader.TryReadX509Der(rawData, out certPal) || OpenSslX509CertificateReader.TryReadX509Pem(rawData, out certPal)) { certPal.Dispose(); return(X509ContentType.Cert); } } if (OpenSslPkcsFormatReader.IsPkcs7(rawData)) { return(X509ContentType.Pkcs7); } { OpenSslPkcs12Reader?pfx; if (OpenSslPkcs12Reader.TryRead(rawData, out pfx)) { pfx.Dispose(); return(X509ContentType.Pkcs12); } } // Unsupported format. // Windows throws new CryptographicException(CRYPT_E_NO_MATCH) throw new CryptographicException(); }
private static ICertificatePal?FromBio(SafeBioHandle bio) { int bioPosition = Interop.Crypto.BioTell(bio); Debug.Assert(bioPosition >= 0); ICertificatePal?certPal; if (TryReadX509Pem(bio, out certPal)) { return(certPal); } // Rewind, try again. RewindBio(bio, bioPosition); if (TryReadX509Der(bio, out certPal)) { return(certPal); } // Rewind, try again. RewindBio(bio, bioPosition); if (OpenSslPkcsFormatReader.TryReadPkcs7Pem(bio, out certPal)) { return(certPal); } // Rewind, try again. RewindBio(bio, bioPosition); if (OpenSslPkcsFormatReader.TryReadPkcs7Der(bio, out certPal)) { return(certPal); } return(null); }
private static ILoaderPal FromBio( string fileName, SafeBioHandle bio, SafePasswordHandle password, bool ephemeralSpecified) { int bioPosition = Interop.Crypto.BioTell(bio); Debug.Assert(bioPosition >= 0); ICertificatePal?singleCert; if (OpenSslX509CertificateReader.TryReadX509Pem(bio, out singleCert)) { return(SingleCertToLoaderPal(singleCert)); } // Rewind, try again. OpenSslX509CertificateReader.RewindBio(bio, bioPosition); if (OpenSslX509CertificateReader.TryReadX509Der(bio, out singleCert)) { return(SingleCertToLoaderPal(singleCert)); } // Rewind, try again. OpenSslX509CertificateReader.RewindBio(bio, bioPosition); List <ICertificatePal>?certPals; if (OpenSslPkcsFormatReader.TryReadPkcs7Pem(bio, out certPals)) { return(ListToLoaderPal(certPals)); } // Rewind, try again. OpenSslX509CertificateReader.RewindBio(bio, bioPosition); if (OpenSslPkcsFormatReader.TryReadPkcs7Der(bio, out certPals)) { return(ListToLoaderPal(certPals)); } // Rewind, try again. OpenSslX509CertificateReader.RewindBio(bio, bioPosition); // Capture the exception so in case of failure, the call to BioSeek does not override it. Exception?openSslException; byte[] data = File.ReadAllBytes(fileName); if (OpenSslPkcsFormatReader.TryReadPkcs12(data, password, ephemeralSpecified, out certPals, out openSslException)) { return(ListToLoaderPal(certPals)); } // Since we aren't going to finish reading, leaving the buffer where it was when we got // it seems better than leaving it in some arbitrary other position. // // Use BioSeek directly for the last seek attempt, because any failure here should instead // report the already created (but not yet thrown) exception. if (Interop.Crypto.BioSeek(bio, bioPosition) < 0) { Interop.Crypto.ErrClearError(); } Debug.Assert(openSslException != null); throw openSslException; }
public X509ContentType GetCertContentType(string fileName) { // If we can't open the file, fail right away. using (SafeBioHandle fileBio = Interop.Crypto.BioNewFile(fileName, "rb")) { Interop.Crypto.CheckValidOpenSslHandle(fileBio); int bioPosition = Interop.Crypto.BioTell(fileBio); Debug.Assert(bioPosition >= 0); // X509ContentType.Cert { ICertificatePal?certPal; if (OpenSslX509CertificateReader.TryReadX509Der(fileBio, out certPal)) { certPal.Dispose(); return(X509ContentType.Cert); } OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition); if (OpenSslX509CertificateReader.TryReadX509Pem(fileBio, out certPal)) { certPal.Dispose(); return(X509ContentType.Cert); } OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition); } // X509ContentType.Pkcs7 { if (OpenSslPkcsFormatReader.IsPkcs7Der(fileBio)) { return(X509ContentType.Pkcs7); } OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition); if (OpenSslPkcsFormatReader.IsPkcs7Pem(fileBio)) { return(X509ContentType.Pkcs7); } OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition); } } // X509ContentType.Pkcs12 (aka PFX) { OpenSslPkcs12Reader?pkcs12Reader; if (OpenSslPkcs12Reader.TryRead(File.ReadAllBytes(fileName), out pkcs12Reader)) { pkcs12Reader.Dispose(); return(X509ContentType.Pkcs12); } } // Unsupported format. // Windows throws new CryptographicException(CRYPT_E_NO_MATCH) throw new CryptographicException(); }