| public static GetCertContentType ( byte rawData ) : System.Security.Cryptography.X509Certificates.X509ContentType | ||
| rawData | byte | |
| return | System.Security.Cryptography.X509Certificates.X509ContentType | |
public X509Certificate2ImplMono(byte[] rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
{
switch (X509Certificate2.GetCertContentType(rawData))
{
case X509ContentType.Pkcs12:
_cert = ImportPkcs12(rawData, password);
break;
case X509ContentType.Cert:
case X509ContentType.Pkcs7:
_cert = new MX.X509Certificate(rawData);
break;
#if !MONOTOUCH_WATCH
case X509ContentType.Authenticode:
AuthenticodeDeformatter ad = new AuthenticodeDeformatter(rawData);
_cert = ad.SigningCertificate;
if (_cert == null)
{
goto default;
}
break;
#endif
default:
string msg = Locale.GetText("Unable to decode certificate.");
throw new CryptographicException(msg);
}
}
internal static partial ILoaderPal FromBlob(ReadOnlySpan <byte> rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
{
Debug.Assert(password != null);
X509ContentType contentType = X509Certificate2.GetCertContentType(rawData);
if (contentType == X509ContentType.Pkcs12)
{
if ((keyStorageFlags & X509KeyStorageFlags.EphemeralKeySet) == X509KeyStorageFlags.EphemeralKeySet)
{
throw new PlatformNotSupportedException(SR.Cryptography_X509_NoEphemeralPfx);
}
bool exportable = (keyStorageFlags & X509KeyStorageFlags.Exportable) == X509KeyStorageFlags.Exportable;
bool persist =
(keyStorageFlags & X509KeyStorageFlags.PersistKeySet) == X509KeyStorageFlags.PersistKeySet;
SafeKeychainHandle keychain = persist
? Interop.AppleCrypto.SecKeychainCopyDefault()
: Interop.AppleCrypto.CreateTemporaryKeychain();
return(ImportPkcs12(rawData, password, exportable, ephemeralSpecified: false, keychain));
}
SafeCFArrayHandle certs = Interop.AppleCrypto.X509ImportCollection(
rawData,
contentType,
password,
SafeTemporaryKeychainHandle.InvalidHandle,
exportable: true);
return(new AppleCertLoader(certs, null));
}
public static X509ContentType GetCertContentType(string fileName)
{
if (fileName == null)
{
throw new ArgumentNullException("fileName");
}
if (fileName.Length == 0)
{
throw new ArgumentException("fileName");
}
byte[] rawData = X509Certificate2.Load(fileName);
return(X509Certificate2.GetCertContentType(rawData));
}
public X509Certificate2ImplMono(byte[] rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
{
switch (X509Certificate2.GetCertContentType(rawData))
{
case X509ContentType.Pkcs12:
_cert = ImportPkcs12(rawData, password);
break;
case X509ContentType.Cert:
case X509ContentType.Pkcs7:
_cert = new MX.X509Certificate(rawData);
break;
default:
string msg = Locale.GetText("Unable to decode certificate.");
throw new CryptographicException(msg);
}
}
internal static partial ILoaderPal FromBlob(ReadOnlySpan <byte> rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
{
Debug.Assert(password != null);
X509ContentType contentType = X509Certificate2.GetCertContentType(rawData);
bool ephemeralSpecified = keyStorageFlags.HasFlag(X509KeyStorageFlags.EphemeralKeySet);
if (contentType == X509ContentType.Pkcs12)
{
ICertificatePal[] certPals = ReadPkcs12Collection(rawData, password, ephemeralSpecified);
return(new AndroidCertLoader(certPals));
}
else
{
SafeX509Handle[] certs = Interop.AndroidCrypto.X509DecodeCollection(rawData);
return(new AndroidCertLoader(certs));
}
}
public static ICertificatePal FromBlob(ReadOnlySpan <byte> rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
{
Debug.Assert(password != null);
bool ephemeralSpecified = keyStorageFlags.HasFlag(X509KeyStorageFlags.EphemeralKeySet);
X509ContentType contentType = X509Certificate2.GetCertContentType(rawData);
switch (contentType)
{
case X509ContentType.Pkcs7:
// In single mode for a PKCS#7 signed or signed-and-enveloped file we're supposed to return
// the certificate which signed the PKCS#7 file.
// We don't support determining this on Android right now, so we throw.
throw new CryptographicException(SR.Cryptography_X509_PKCS7_NoSigner);
case X509ContentType.Pkcs12:
if ((keyStorageFlags & X509KeyStorageFlags.PersistKeySet) == X509KeyStorageFlags.PersistKeySet)
{
throw new PlatformNotSupportedException(SR.Cryptography_X509_PKCS12_PersistKeySetNotSupported);
}
return(ReadPkcs12(rawData, password, ephemeralSpecified));
case X509ContentType.Cert:
default:
{
ICertificatePal?cert;
if (TryReadX509(rawData, out cert))
{
return(cert);
}
break;
}
}
// Unsupported
throw new CryptographicException();
}
public static ICertificatePal FromBlob(
ReadOnlySpan <byte> rawData,
SafePasswordHandle password,
X509KeyStorageFlags keyStorageFlags)
{
Debug.Assert(password != null);
X509ContentType contentType = X509Certificate2.GetCertContentType(rawData);
if (contentType == X509ContentType.Pkcs7)
{
// In single mode for a PKCS#7 signed or signed-and-enveloped file we're supposed to return
// the certificate which signed the PKCS#7 file.
//
// X509Certificate2Collection::Export(X509ContentType.Pkcs7) claims to be a signed PKCS#7,
// but doesn't emit a signature block. So this is hard to test.
//
// TODO(2910): Figure out how to extract the signing certificate, when it's present.
throw new CryptographicException(SR.Cryptography_X509_PKCS7_NoSigner);
}
if (contentType == X509ContentType.Pkcs12)
{
if ((keyStorageFlags & X509KeyStorageFlags.EphemeralKeySet) == X509KeyStorageFlags.EphemeralKeySet)
{
throw new PlatformNotSupportedException(SR.Cryptography_X509_NoEphemeralPfx);
}
bool exportable = (keyStorageFlags & X509KeyStorageFlags.Exportable) == X509KeyStorageFlags.Exportable;
bool persist =
(keyStorageFlags & X509KeyStorageFlags.PersistKeySet) == X509KeyStorageFlags.PersistKeySet;
SafeKeychainHandle keychain = persist
? Interop.AppleCrypto.SecKeychainCopyDefault()
: Interop.AppleCrypto.CreateTemporaryKeychain();
using (keychain)
{
AppleCertificatePal ret = ImportPkcs12(rawData, password, exportable, keychain);
if (!persist)
{
// If we used temporary keychain we need to prevent deletion.
// on 10.15+ if keychain is unlinked, certain certificate operations may fail.
bool success = false;
keychain.DangerousAddRef(ref success);
if (success)
{
ret._tempKeychain = keychain;
}
}
return(ret);
}
}
SafeSecIdentityHandle identityHandle;
SafeSecCertificateHandle certHandle = Interop.AppleCrypto.X509ImportCertificate(
rawData,
contentType,
SafePasswordHandle.InvalidHandle,
SafeTemporaryKeychainHandle.InvalidHandle,
exportable: true,
out identityHandle);
if (identityHandle.IsInvalid)
{
identityHandle.Dispose();
return(new AppleCertificatePal(certHandle));
}
Debug.Fail("Non-PKCS12 import produced an identity handle");
identityHandle.Dispose();
certHandle.Dispose();
throw new CryptographicException();
}
