/// <summary>
/// Imports certificates and keys from a pkcs12-encoded stream.
/// </summary>
/// <remarks>
/// Imports certificates and keys from a pkcs12-encoded stream.
/// </remarks>
/// <param name="stream">The raw certificate and key data.</param>
/// <param name="password">The password to unlock the stream.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="stream"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="password"/> is <c>null</c>.</para>
/// </exception>
public override void Import(Stream stream, string password)
{
if (stream == null)
{
throw new ArgumentNullException("stream");
}
if (password == null)
{
throw new ArgumentNullException("password");
}
var pkcs12 = new Pkcs12Store(stream, password.ToCharArray());
foreach (string alias in pkcs12.Aliases)
{
if (pkcs12.IsKeyEntry(alias))
{
var chain = pkcs12.GetCertificateChain(alias);
var entry = pkcs12.GetKey(alias);
for (int i = 0; i < chain.Length; i++)
{
certificates.Add(chain[i].Certificate);
}
keys.Add(chain[0].Certificate, entry.Key);
}
else if (pkcs12.IsCertificateEntry(alias))
{
var entry = pkcs12.GetCertificate(alias);
certificates.Add(entry.Certificate);
}
}
}
public static List <X509Certificate> InitStore(String p12FileName, char[] ksPass)
{
List <X509Certificate> certStore = new List <X509Certificate>();
string alias = null;
Pkcs12Store pk12 = new Pkcs12Store(new FileStream(p12FileName, FileMode.Open, FileAccess.Read), ksPass);
foreach (var a in pk12.Aliases)
{
alias = ((string)a);
if (pk12.IsCertificateEntry(alias))
{
certStore.Add(pk12.GetCertificate(alias).Certificate);
}
}
return(certStore);
}
/// <summary>
/// Imports certificates and keys from a pkcs12-encoded stream.
/// </summary>
/// <remarks>
/// Imports certificates and keys from a pkcs12-encoded stream.
/// </remarks>
/// <param name="stream">The raw certificate and key data in pkcs12 format.</param>
/// <param name="password">The password to unlock the stream.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="stream"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="password"/> is <c>null</c>.</para>
/// </exception>
public override void Import(Stream stream, string password)
{
if (stream == null)
{
throw new ArgumentNullException(nameof(stream));
}
if (password == null)
{
throw new ArgumentNullException(nameof(password));
}
var pkcs12 = new Pkcs12Store(stream, password.ToCharArray());
foreach (string alias in pkcs12.Aliases)
{
if (pkcs12.IsKeyEntry(alias))
{
var chain = pkcs12.GetCertificateChain(alias);
var entry = pkcs12.GetKey(alias);
for (int i = 0; i < chain.Length; i++)
{
Import(chain[i].Certificate);
}
var fingerprint = chain[0].Certificate.GetFingerprint();
if (!keys.ContainsKey(fingerprint))
{
keys.Add(fingerprint, entry.Key);
}
}
else if (pkcs12.IsCertificateEntry(alias))
{
var entry = pkcs12.GetCertificate(alias);
Import(entry.Certificate);
}
}
}
private void RefreshStore()
{
_listItems.Clear();
foreach (String alias in _store.Aliases)
{
KeyStoreEntryType entryType;
if (_store.IsCertificateEntry(alias))
{
entryType = KeyStoreEntryType.TrustCertEntry;
}
else if (_store.IsKeyEntry(alias) && _store.GetCertificateChain(alias) != null &&
_store.GetCertificateChain(alias).Length != 0)
{
entryType = KeyStoreEntryType.KeyPairEntry;
}
else
{
entryType = KeyStoreEntryType.KeyEntry;
}
X509Certificate cert = _store.GetCertificate(alias).Certificate;
_listItems.Add(new ListItemEntry(entryType, alias, cert,
Repository.Instance.IsRevokedCertificate(cert.SerialNumber.ToString())));
}
}
private static X509Certificate2 ConvertToCertificate2(Pkcs12Store store)
{
foreach (string alias in store.Aliases)
{
if (store.IsCertificateEntry(alias))
{
var entry = store.GetCertificate(alias);
}
if (store.IsKeyEntry(alias))
{
var entry = store.GetKey(alias);
}
}
var senderCertStream = new MemoryStream();
store.Save(senderCertStream, new char[0], new SecureRandom());
var coll = new X509Certificate2Collection();
coll.Import(senderCertStream.ToArray());
return(coll.Cast <X509Certificate2>().First(x => x.HasPrivateKey));
}
/// <summary>
/// Imports certificates and keys from a pkcs12-encoded stream.
/// </summary>
/// <remarks>
/// Imports all of the certificates and keys from the pkcs12-encoded stream.
/// </remarks>
/// <param name="stream">The raw certificate and key data.</param>
/// <param name="password">The password to unlock the data.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="stream"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="password"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="Org.BouncyCastle.Cms.CmsException">
/// An error occurred in the cryptographic message syntax subsystem.
/// </exception>
public override void Import(Stream stream, string password)
{
if (stream == null)
{
throw new ArgumentNullException(nameof(stream));
}
if (password == null)
{
throw new ArgumentNullException(nameof(password));
}
var pkcs12 = new Pkcs12Store(stream, password.ToCharArray());
var enabledAlgorithms = EnabledEncryptionAlgorithms;
X509CertificateRecord record;
foreach (string alias in pkcs12.Aliases)
{
if (pkcs12.IsKeyEntry(alias))
{
var chain = pkcs12.GetCertificateChain(alias);
var entry = pkcs12.GetKey(alias);
int startIndex = 0;
if (entry.Key.IsPrivate)
{
if ((record = dbase.Find(chain[0].Certificate, ImportPkcs12Fields)) == null)
{
record = new X509CertificateRecord(chain[0].Certificate, entry.Key);
record.AlgorithmsUpdated = DateTime.UtcNow;
record.Algorithms = enabledAlgorithms;
record.IsTrusted = true;
dbase.Add(record);
}
else
{
record.AlgorithmsUpdated = DateTime.UtcNow;
record.Algorithms = enabledAlgorithms;
if (record.PrivateKey == null)
{
record.PrivateKey = entry.Key;
}
record.IsTrusted = true;
dbase.Update(record, ImportPkcs12Fields);
}
startIndex = 1;
}
for (int i = startIndex; i < chain.Length; i++)
{
Import(chain[i].Certificate, true);
}
}
else if (pkcs12.IsCertificateEntry(alias))
{
var entry = pkcs12.GetCertificate(alias);
Import(entry.Certificate, true);
}
}
}
public virtual ImportedKeySet Pkcs12Keys(KeyPurpose purpose, Stream input, Func <string> passwordPrompt = null, bool official = false, KeyType hint = null)
{
using (var password = CachedPrompt.Password(passwordPrompt))
{
var keyStore = new Pkcs12Store(input, password.Prompt().ToCharArray());
var keys = new List <Key>();
foreach (string n in keyStore.Aliases)
{
if (keyStore.IsKeyEntry(n))
{
AsymmetricKeyEntry key = keyStore.GetKey(n);
if (key.Key.IsPrivate)
{
switch (key.Key)
{
case RsaPrivateCrtKeyParameters rsa:
keys.Add(KeyFromBouncyCastle(rsa, purpose, official, hint));
break;
case DsaPrivateKeyParameters dsa:
if (purpose == KeyPurpose.SignAndVerify)
{
keys.Add(KeyFromBouncyCastle(dsa));
}
break;
}
}
}
}
if (!keys.Any())
{
foreach (string n in keyStore.Aliases)
{
if (keyStore.IsCertificateEntry(n))
{
var entry = keyStore.GetCertificate(n);
var pubKey = entry.Certificate.GetPublicKey();
switch (pubKey)
{
case RsaKeyParameters rsa:
keys.Add(KeyFromBouncyCastle(rsa, purpose, official, hint));
break;
case DsaPublicKeyParameters dsa:
if (purpose == KeyPurpose.SignAndVerify)
{
keys.Add(KeyFromBouncyCastle(dsa));
}
break;
}
}
}
}
if (keys.Any())
{
return(new ImportedKeySet(keys, purpose, "imported keys"));
}
throw new InvalidKeySetException("couldn't find any keys in file");
}
}
