public void Add(ICertificatePal cert) { if (_readOnly) { throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly); } AndroidCertificatePal certPal = (AndroidCertificatePal)cert; string hashString = GetCertificateHashString(cert); bool success; if (certPal.HasPrivateKey) { Interop.AndroidCrypto.PAL_KeyAlgorithm algorithm = certPal.PrivateKeyHandle switch { // The AndroidKeyStore doesn't support adding DSA private key entries in newer versions (API 23+) // Our minimum supported version (API 21) does support it, but for simplicity, we simply block adding // certificates with DSA private keys on all versions instead of trying to support it on two versions. SafeDsaHandle _ => throw new PlatformNotSupportedException(SR.Cryptography_X509_StoreDSAPrivateKeyNotSupported), SafeEcKeyHandle _ => Interop.AndroidCrypto.PAL_KeyAlgorithm.EC, SafeRsaHandle _ => Interop.AndroidCrypto.PAL_KeyAlgorithm.RSA, _ => throw new NotSupportedException(SR.NotSupported_KeyAlgorithm) }; success = Interop.AndroidCrypto.X509StoreAddCertificateWithPrivateKey(_keyStoreHandle, certPal.SafeHandle, certPal.PrivateKeyHandle, algorithm, hashString); } else { success = Interop.AndroidCrypto.X509StoreAddCertificate(_keyStoreHandle, certPal.SafeHandle, hashString); } if (!success) { throw new CryptographicException(SR.Cryptography_X509_StoreAddFailure); } }
private static AsymmetricAlgorithm GetPrivateKeyAlgorithm(X509Certificate2 cert, out PAL_KeyAlgorithm algorithm) { AsymmetricAlgorithm?key = cert.GetRSAPrivateKey(); if (key != null) { algorithm = PAL_KeyAlgorithm.RSA; return(key); } key = cert.GetECDsaPrivateKey(); if (key != null) { algorithm = PAL_KeyAlgorithm.EC; return(key); } key = cert.GetDSAPrivateKey(); if (key != null) { algorithm = PAL_KeyAlgorithm.DSA; return(key); } throw new NotSupportedException(SR.net_ssl_io_no_server_cert); }
private static unsafe void EnumCertificatesCallback(void *certPtr, void *privateKeyPtr, Interop.AndroidCrypto.PAL_KeyAlgorithm privateKeyAlgorithm, void *context) { ref EnumCertificatesContext callbackContext = ref Unsafe.As <byte, EnumCertificatesContext>(ref *(byte *)context);