public X509ContentType GetCertContentType(byte[] rawData) { { ICertificatePal certPal; if (OpenSslX509CertificateReader.TryReadX509Der(rawData, out certPal) || OpenSslX509CertificateReader.TryReadX509Pem(rawData, out certPal)) { certPal.Dispose(); return(X509ContentType.Cert); } } if (PkcsFormatReader.IsPkcs7(rawData)) { return(X509ContentType.Pkcs7); } { OpenSslPkcs12Reader pfx; if (OpenSslPkcs12Reader.TryRead(rawData, out pfx)) { pfx.Dispose(); return(X509ContentType.Pkcs12); } } // Unsupported format. // Windows throws new CryptographicException(CRYPT_E_NO_MATCH) throw new CryptographicException(); }
private static bool TryRead(byte[] data, out OpenSslPkcs12Reader pkcs12Reader, out Exception openSslException, bool captureException) { SafePkcs12Handle handle = Interop.Crypto.DecodePkcs12(data, data.Length); openSslException = null; if (!handle.IsInvalid) { pkcs12Reader = new OpenSslPkcs12Reader(handle); return(true); } handle.Dispose(); pkcs12Reader = null; if (captureException) { openSslException = Interop.Crypto.CreateOpenSslCryptographicException(); } else { Interop.Crypto.ErrClearError(); } return(false); }
private static bool TryRead(SafeBioHandle fileBio, out OpenSslPkcs12Reader pkcs12Reader, out Exception openSslException, bool captureException) { SafePkcs12Handle p12 = Interop.Crypto.DecodePkcs12FromBio(fileBio); openSslException = null; if (!p12.IsInvalid) { pkcs12Reader = new OpenSslPkcs12Reader(p12); return(true); } p12.Dispose(); pkcs12Reader = null; if (captureException) { openSslException = Interop.Crypto.CreateOpenSslCryptographicException(); } else { Interop.Crypto.ErrClearError(); } return(false); }
private static IStorePal PfxToCollection(OpenSslPkcs12Reader pfx, string password) { pfx.Decrypt(password); X509Certificate2Collection coll = new X509Certificate2Collection(); foreach (OpenSslX509CertificateReader certPal in pfx.ReadCertificates()) { coll.Add(new X509Certificate2(certPal)); } return(new OpenSslX509StoreProvider(coll)); }
public static bool TryRead(byte[] data, out OpenSslPkcs12Reader pkcs12Reader) { SafePkcs12Handle handle = Interop.Crypto.DecodePkcs12(data, data.Length); if (!handle.IsInvalid) { pkcs12Reader = new OpenSslPkcs12Reader(handle); return true; } pkcs12Reader = null; return false; }
public static bool TryRead(SafeBioHandle fileBio, out OpenSslPkcs12Reader pkcs12Reader) { SafePkcs12Handle p12 = Interop.libcrypto.d2i_PKCS12_bio(fileBio, IntPtr.Zero); if (!p12.IsInvalid) { pkcs12Reader = new OpenSslPkcs12Reader(p12); return true; } pkcs12Reader = null; return false; }
public static bool TryRead(SafeBioHandle fileBio, out OpenSslPkcs12Reader pkcs12Reader) { SafePkcs12Handle p12 = Interop.Crypto.DecodePkcs12FromBio(fileBio); if (!p12.IsInvalid) { pkcs12Reader = new OpenSslPkcs12Reader(p12); return(true); } pkcs12Reader = null; return(false); }
public static bool TryRead(byte[] data, out OpenSslPkcs12Reader pkcs12Reader) { SafePkcs12Handle handle = Interop.Crypto.DecodePkcs12(data, data.Length); if (!handle.IsInvalid) { pkcs12Reader = new OpenSslPkcs12Reader(handle); return(true); } pkcs12Reader = null; return(false); }
public static bool TryRead(SafeBioHandle fileBio, out OpenSslPkcs12Reader pkcs12Reader) { SafePkcs12Handle p12 = Interop.Crypto.DecodePkcs12FromBio(fileBio); if (!p12.IsInvalid) { pkcs12Reader = new OpenSslPkcs12Reader(p12); return true; } pkcs12Reader = null; return false; }
public static bool TryRead(SafeBioHandle fileBio, out OpenSslPkcs12Reader pkcs12Reader) { SafePkcs12Handle p12 = Interop.libcrypto.d2i_PKCS12_bio(fileBio, IntPtr.Zero); if (!p12.IsInvalid) { pkcs12Reader = new OpenSslPkcs12Reader(p12); return(true); } pkcs12Reader = null; return(false); }
public static IStorePal FromBlob(byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags) { OpenSslPkcs12Reader pfx; if (OpenSslPkcs12Reader.TryRead(rawData, out pfx)) { using (pfx) { return(PfxToCollection(pfx, password)); } } return(null); }
private static bool TryReadPkcs12( OpenSslPkcs12Reader pfx, string password, bool single, out ICertificatePal readPal, out List <ICertificatePal> readCerts) { pfx.Decrypt(password); ICertificatePal first = null; List <ICertificatePal> certs = null; if (!single) { certs = new List <ICertificatePal>(); } foreach (OpenSslX509CertificateReader certPal in pfx.ReadCertificates()) { if (single) { // When requesting an X509Certificate2 from a PFX only the first entry is // returned. Other entries should be disposed. if (first == null) { first = certPal; } else if (certPal.HasPrivateKey && !first.HasPrivateKey) { first.Dispose(); first = certPal; } else { certPal.Dispose(); } } else { certs.Add(certPal); } } readPal = first; readCerts = certs; return(true); }
public unsafe static bool TryRead(byte[] data, out OpenSslPkcs12Reader pkcs12Reader) { SafePkcs12Handle handle = Interop.libcrypto.OpenSslD2I( (ptr, b, i) => Interop.libcrypto.d2i_PKCS12(ptr, b, i), data, checkHandle: false); if (!handle.IsInvalid) { pkcs12Reader = new OpenSslPkcs12Reader(handle); return(true); } pkcs12Reader = null; return(false); }
public unsafe static bool TryRead(byte[] data, out OpenSslPkcs12Reader pkcs12Reader) { SafePkcs12Handle handle = Interop.libcrypto.OpenSslD2I( (ptr, b, i) => Interop.libcrypto.d2i_PKCS12(ptr, b, i), data, checkHandle: false); if (!handle.IsInvalid) { pkcs12Reader = new OpenSslPkcs12Reader(handle); return true; } pkcs12Reader = null; return false; }
public static IStorePal FromFile(string fileName, string password, X509KeyStorageFlags keyStorageFlags) { using (SafeBioHandle fileBio = Interop.libcrypto.BIO_new_file(fileName, "rb")) { Interop.libcrypto.CheckValidOpenSslHandle(fileBio); OpenSslPkcs12Reader pfx; if (OpenSslPkcs12Reader.TryRead(fileBio, out pfx)) { using (pfx) { return(PfxToCollection(pfx, password)); } } } return(null); }
private static bool TryReadPkcs12( OpenSslPkcs12Reader pfx, SafePasswordHandle password, bool single, bool ephemeralSpecified, out ICertificatePal?readPal, out List <ICertificatePal>?readCerts) { pfx.Decrypt(password, ephemeralSpecified); if (single) { UnixPkcs12Reader.CertAndKey certAndKey = pfx.GetSingleCert(); OpenSslX509CertificateReader pal = (OpenSslX509CertificateReader)certAndKey.Cert !; if (certAndKey.Key != null) { pal.SetPrivateKey(OpenSslPkcs12Reader.GetPrivateKey(certAndKey.Key)); } readPal = pal; readCerts = null; return(true); } readPal = null; List <ICertificatePal> certs = new List <ICertificatePal>(pfx.GetCertCount()); foreach (UnixPkcs12Reader.CertAndKey certAndKey in pfx.EnumerateAll()) { OpenSslX509CertificateReader pal = (OpenSslX509CertificateReader)certAndKey.Cert !; if (certAndKey.Key != null) { pal.SetPrivateKey(OpenSslPkcs12Reader.GetPrivateKey(certAndKey.Key)); } certs.Add(pal); } readCerts = certs; return(true); }
private static bool TryReadPkcs12( byte[] rawData, SafePasswordHandle password, bool single, out ICertificatePal readPal, out List <ICertificatePal> readCerts) { // DER-PKCS12 OpenSslPkcs12Reader pfx; if (!OpenSslPkcs12Reader.TryRead(rawData, out pfx)) { readPal = null; readCerts = null; return(false); } using (pfx) { return(TryReadPkcs12(pfx, password, single, out readPal, out readCerts)); } }
private static bool TryReadPkcs12( SafeBioHandle bio, string password, bool single, out ICertificatePal readPal, out List <ICertificatePal> readCerts) { // DER-PKCS12 OpenSslPkcs12Reader pfx; if (!OpenSslPkcs12Reader.TryRead(bio, out pfx)) { readPal = null; readCerts = null; return(false); } using (pfx) { return(TryReadPkcs12(pfx, password, single, out readPal, out readCerts)); } }
private static bool TryReadPkcs12( ReadOnlySpan <byte> rawData, SafePasswordHandle password, bool single, out ICertificatePal?readPal, out List <ICertificatePal>?readCerts, out Exception?openSslException) { // DER-PKCS12 OpenSslPkcs12Reader?pfx; if (!OpenSslPkcs12Reader.TryRead(rawData, out pfx, out openSslException)) { readPal = null; readCerts = null; return(false); } using (pfx) { return(TryReadPkcs12(pfx, password, single, out readPal, out readCerts)); } }
private static bool TryRead( byte[] data, out OpenSslPkcs12Reader pkcs12Reader, out Exception openSslException, bool captureException) { openSslException = null; try { pkcs12Reader = new OpenSslPkcs12Reader(data); return(true); } catch (CryptographicException e) { if (captureException) { openSslException = e; } pkcs12Reader = null; return(false); } }
public static bool TryRead(byte[] data, out OpenSslPkcs12Reader pkcs12Reader) => TryRead(data, out pkcs12Reader, out _, captureException: false);
public X509ContentType GetCertContentType(string fileName) { // If we can't open the file, fail right away. using (SafeBioHandle fileBio = Interop.Crypto.BioNewFile(fileName, "rb")) { Interop.Crypto.CheckValidOpenSslHandle(fileBio); int bioPosition = Interop.Crypto.BioTell(fileBio); Debug.Assert(bioPosition >= 0); // X509ContentType.Cert { ICertificatePal certPal; if (OpenSslX509CertificateReader.TryReadX509Der(fileBio, out certPal)) { certPal.Dispose(); return(X509ContentType.Cert); } OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition); if (OpenSslX509CertificateReader.TryReadX509Pem(fileBio, out certPal)) { certPal.Dispose(); return(X509ContentType.Cert); } OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition); } // X509ContentType.Pkcs7 { if (PkcsFormatReader.IsPkcs7Der(fileBio)) { return(X509ContentType.Pkcs7); } OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition); if (PkcsFormatReader.IsPkcs7Pem(fileBio)) { return(X509ContentType.Pkcs7); } OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition); } // X509ContentType.Pkcs12 (aka PFX) { OpenSslPkcs12Reader pkcs12Reader; if (OpenSslPkcs12Reader.TryRead(fileBio, out pkcs12Reader)) { pkcs12Reader.Dispose(); return(X509ContentType.Pkcs12); } OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition); } } // Unsupported format. // Windows throws new CryptographicException(CRYPT_E_NO_MATCH) throw new CryptographicException(); }
private static bool TryReadPkcs12( OpenSslPkcs12Reader pfx, string password, bool single, out ICertificatePal readPal, out List<ICertificatePal> readCerts) { pfx.Decrypt(password); ICertificatePal first = null; List<ICertificatePal> certs = null; if (!single) { certs = new List<ICertificatePal>(); } foreach (OpenSslX509CertificateReader certPal in pfx.ReadCertificates()) { if (single) { // When requesting an X509Certificate2 from a PFX only the first entry is // returned. Other entries should be disposed. if (first == null) { first = certPal; } else if (certPal.HasPrivateKey && !first.HasPrivateKey) { first.Dispose(); first = certPal; } else { certPal.Dispose(); } } else { certs.Add(certPal); } } readPal = first; readCerts = certs; return true; }
public static bool TryRead(byte[] data, out OpenSslPkcs12Reader pkcs12Reader, out Exception openSslException) => TryRead(data, out pkcs12Reader, out openSslException, captureException: true);
public static bool TryRead(SafeBioHandle fileBio, out OpenSslPkcs12Reader pkcs12Reader) => TryRead(fileBio, out pkcs12Reader, out _, captureException: false);
public static bool TryRead(SafeBioHandle fileBio, out OpenSslPkcs12Reader pkcs12Reader, out Exception openSslException) => TryRead(fileBio, out pkcs12Reader, out openSslException, captureException: true);
public static unsafe ICertificatePal FromBlob(byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags) { // If we can see a hyphen, assume it's PEM. Otherwise try DER-X509, then fall back to DER-PKCS12. SafeX509Handle cert; // PEM if (rawData[0] == '-') { using (SafeBioHandle bio = Interop.libcrypto.BIO_new(Interop.libcrypto.BIO_s_mem())) { Interop.libcrypto.CheckValidOpenSslHandle(bio); Interop.libcrypto.BIO_write(bio, rawData, rawData.Length); cert = Interop.libcrypto.PEM_read_bio_X509_AUX(bio, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero); } Interop.libcrypto.CheckValidOpenSslHandle(cert); return(new OpenSslX509CertificateReader(cert)); } // DER-X509 cert = Interop.libcrypto.OpenSslD2I((ptr, b, i) => Interop.libcrypto.d2i_X509(ptr, b, i), rawData, checkHandle: false); if (!cert.IsInvalid) { return(new OpenSslX509CertificateReader(cert)); } // DER-PKCS12 OpenSslPkcs12Reader pfx; if (OpenSslPkcs12Reader.TryRead(rawData, out pfx)) { using (pfx) { pfx.Decrypt(password); ICertificatePal first = null; foreach (OpenSslX509CertificateReader certPal in pfx.ReadCertificates()) { // When requesting an X509Certificate2 from a PFX only the first entry is // returned. Other entries should be disposed. if (first == null) { first = certPal; } else { certPal.Dispose(); } } if (first == null) { throw new CryptographicException(); } return(first); } } // Unsupported throw Interop.libcrypto.CreateOpenSslCryptographicException(); }
internal static ICertificatePal FromBio(SafeBioHandle bio, string password) { // Try reading the value as: PEM-X509, DER-X509, DER-PKCS12. int bioPosition = Interop.NativeCrypto.BioTell(bio); Debug.Assert(bioPosition >= 0); SafeX509Handle cert = Interop.libcrypto.PEM_read_bio_X509_AUX(bio, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero); if (cert != null && !cert.IsInvalid) { return(new OpenSslX509CertificateReader(cert)); } // Rewind, try again. Interop.NativeCrypto.BioSeek(bio, bioPosition); cert = Interop.NativeCrypto.ReadX509AsDerFromBio(bio); if (cert != null && !cert.IsInvalid) { return(new OpenSslX509CertificateReader(cert)); } // Rewind, try again. Interop.NativeCrypto.BioSeek(bio, bioPosition); OpenSslPkcs12Reader pfx; if (OpenSslPkcs12Reader.TryRead(bio, out pfx)) { using (pfx) { pfx.Decrypt(password); ICertificatePal first = null; foreach (OpenSslX509CertificateReader certPal in pfx.ReadCertificates()) { // When requesting an X509Certificate2 from a PFX only the first entry is // returned. Other entries should be disposed. if (first == null) { first = certPal; } else { certPal.Dispose(); } } return(first); } } // Since we aren't going to finish reading, leaving the buffer where it was when we got // it seems better than leaving it in some arbitrary other position. // // But, before seeking back to start, save the Exception representing the last reported // OpenSSL error in case the last BioSeek would change it. Exception openSslException = Interop.libcrypto.CreateOpenSslCryptographicException(); Interop.NativeCrypto.BioSeek(bio, bioPosition); throw openSslException; }
private static IStorePal PfxToCollection(OpenSslPkcs12Reader pfx, string password) { pfx.Decrypt(password); X509Certificate2Collection coll = new X509Certificate2Collection(); foreach (OpenSslX509CertificateReader certPal in pfx.ReadCertificates()) { coll.Add(new X509Certificate2(certPal)); } return new OpenSslX509StoreProvider(coll); }