internal static Pkcs12SafeContentsBag Decode(ReadOnlyMemory <byte> encodedValue)
{
Pkcs12SafeContents contents = new Pkcs12SafeContents(encodedValue);
return(new Pkcs12SafeContentsBag(encodedValue)
{
SafeContents = contents
});
}
internal static Pkcs12SafeContentsBag Create(Pkcs12SafeContents copyFrom)
{
Debug.Assert(copyFrom != null);
Debug.Assert(copyFrom.ConfidentialityMode == Pkcs12ConfidentialityMode.None);
AsnWriter writer = copyFrom.Encode();
return(Decode(writer.Encode()));
}
public void AddSafeContentsEncrypted(
Pkcs12SafeContents safeContents,
string?password,
PbeParameters pbeParameters)
{
AddSafeContentsEncrypted(
safeContents,
// This extension invoke allows null
password.AsSpan(),
pbeParameters);
}
public void AddSafeContentsEncrypted(
Pkcs12SafeContents safeContents,
byte[]?passwordBytes,
PbeParameters pbeParameters)
{
AddSafeContentsEncrypted(
safeContents,
// Allows null.
new ReadOnlySpan <byte>(passwordBytes),
pbeParameters);
}
public void AddSafeContentsUnencrypted(Pkcs12SafeContents safeContents)
{
if (safeContents is null)
{
throw new ArgumentNullException(nameof(safeContents));
}
if (IsSealed)
{
throw new InvalidOperationException(SR.Cryptography_Pkcs12_PfxIsSealed);
}
_contents ??= new List <ContentInfoAsn>();
_contents.Add(safeContents.EncodeToContentInfo());
}
public void AddSafeContentsEncrypted(
Pkcs12SafeContents safeContents,
ReadOnlySpan <char> password,
PbeParameters pbeParameters)
{
if (safeContents is null)
{
throw new ArgumentNullException(nameof(safeContents));
}
if (pbeParameters is null)
{
throw new ArgumentNullException(nameof(pbeParameters));
}
if (pbeParameters.IterationCount < 1)
{
throw new ArgumentOutOfRangeException(nameof(pbeParameters));
}
if (safeContents.ConfidentialityMode != Pkcs12ConfidentialityMode.None)
{
throw new ArgumentException(SR.Cryptography_Pkcs12_CannotProcessEncryptedSafeContents, nameof(safeContents));
}
if (IsSealed)
{
throw new InvalidOperationException(SR.Cryptography_Pkcs12_PfxIsSealed);
}
PasswordBasedEncryption.ValidatePbeParameters(
pbeParameters,
password,
ReadOnlySpan <byte> .Empty);
byte[] encrypted = safeContents.Encrypt(password, ReadOnlySpan <byte> .Empty, pbeParameters);
if (_contents == null)
{
_contents = new List <ContentInfoAsn>();
}
_contents.Add(
new ContentInfoAsn
{
ContentType = Oids.Pkcs7Encrypted,
Content = encrypted,
});
}
public Pkcs12SafeContentsBag AddNestedContents(Pkcs12SafeContents safeContents)
{
if (safeContents == null)
{
throw new ArgumentNullException(nameof(safeContents));
}
if (safeContents.ConfidentialityMode != Pkcs12ConfidentialityMode.None)
{
throw new ArgumentException(SR.Cryptography_Pkcs12_CannotProcessEncryptedSafeContents, nameof(safeContents));
}
if (IsReadOnly)
{
throw new InvalidOperationException(SR.Cryptography_Pkcs12_SafeContentsIsReadOnly);
}
Pkcs12SafeContentsBag bag = Pkcs12SafeContentsBag.Create(safeContents);
AddSafeBag(bag);
return(bag);
}
public static Pkcs12Info Decode(
ReadOnlyMemory <byte> encodedBytes,
out int bytesConsumed,
bool skipCopy = false)
{
AsnReader reader = new AsnReader(encodedBytes, AsnEncodingRules.BER);
// Trim it to the first value
encodedBytes = reader.PeekEncodedValue();
ReadOnlyMemory <byte> maybeCopy = skipCopy ? encodedBytes : encodedBytes.ToArray();
PfxAsn pfx = PfxAsn.Decode(maybeCopy, AsnEncodingRules.BER);
// https://tools.ietf.org/html/rfc7292#section-4 only defines version 3.
if (pfx.Version != 3)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
}
ReadOnlyMemory <byte> authSafeBytes = ReadOnlyMemory <byte> .Empty;
Pkcs12IntegrityMode mode = Pkcs12IntegrityMode.Unknown;
if (pfx.AuthSafe.ContentType == Oids.Pkcs7Data)
{
authSafeBytes = PkcsHelpers.DecodeOctetStringAsMemory(pfx.AuthSafe.Content);
if (pfx.MacData.HasValue)
{
mode = Pkcs12IntegrityMode.Password;
}
else
{
mode = Pkcs12IntegrityMode.None;
}
}
else if (pfx.AuthSafe.ContentType == Oids.Pkcs7Signed)
{
SignedDataAsn signedData = SignedDataAsn.Decode(pfx.AuthSafe.Content, AsnEncodingRules.BER);
mode = Pkcs12IntegrityMode.PublicKey;
if (signedData.EncapContentInfo.ContentType == Oids.Pkcs7Data)
{
authSafeBytes = signedData.EncapContentInfo.Content.GetValueOrDefault();
}
if (pfx.MacData.HasValue)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
}
}
if (mode == Pkcs12IntegrityMode.Unknown)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
}
List <ContentInfoAsn> authSafeData = new List <ContentInfoAsn>();
AsnReader authSafeReader = new AsnReader(authSafeBytes, AsnEncodingRules.BER);
AsnReader sequenceReader = authSafeReader.ReadSequence();
authSafeReader.ThrowIfNotEmpty();
while (sequenceReader.HasData)
{
ContentInfoAsn.Decode(sequenceReader, out ContentInfoAsn contentInfo);
authSafeData.Add(contentInfo);
}
ReadOnlyCollection <Pkcs12SafeContents> authSafe;
if (authSafeData.Count == 0)
{
authSafe = new ReadOnlyCollection <Pkcs12SafeContents>(Array.Empty <Pkcs12SafeContents>());
}
else
{
Pkcs12SafeContents[] contentsArray = new Pkcs12SafeContents[authSafeData.Count];
for (int i = 0; i < contentsArray.Length; i++)
{
contentsArray[i] = new Pkcs12SafeContents(authSafeData[i]);
}
authSafe = new ReadOnlyCollection <Pkcs12SafeContents>(contentsArray);
}
bytesConsumed = encodedBytes.Length;
return(new Pkcs12Info
{
AuthenticatedSafe = authSafe,
IntegrityMode = mode,
_decoded = pfx,
_authSafeContents = authSafeBytes,
});
}
/// <summary>Add contents to the PFX without encrypting them.</summary>
/// <param name="safeContents">The contents to add to the PFX.</param>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="safeContents" /> parameter is <see langword="null" />.</exception>
/// <exception cref="T:System.InvalidOperationException">The PFX is already sealed (<see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Builder.IsSealed" /> is <see langword="true" />).</exception>
public void AddSafeContentsUnencrypted(Pkcs12SafeContents safeContents)
{
throw new PlatformNotSupportedException();
}
/// <summary>Add contents to the PFX in an bundle encrypted with a char-based password from a string.</summary>
/// <param name="safeContents">The contents to add to the PFX.</param>
/// <param name="password">The string to use as a password when encrypting the contents.</param>
/// <param name="pbeParameters">The password-based encryption (PBE) parameters to use when encrypting the contents.</param>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="safeContents" /> or <paramref name="pbeParameters" /> parameter is <see langword="null" />.</exception>
/// <exception cref="T:System.ArgumentException">The <paramref name="safeContents" /> parameter value is already encrypted.</exception>
/// <exception cref="T:System.InvalidOperationException">The PFX is already sealed (<see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Builder.IsSealed" /> is <see langword="true" />).</exception>
public void AddSafeContentsEncrypted(Pkcs12SafeContents safeContents, string password, PbeParameters pbeParameters)
{
throw new PlatformNotSupportedException();
}
/// <summary>Add contents to the PFX in an bundle encrypted with a char-based password from a span.</summary>
/// <param name="safeContents">The contents to add to the PFX.</param>
/// <param name="password">The span to use as a password when encrypting the contents.</param>
/// <param name="pbeParameters">The password-based encryption (PBE) parameters to use when encrypting the contents.</param>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="safeContents" /> or <paramref name="pbeParameters" /> parameter is <see langword="null" />.</exception>
/// <exception cref="T:System.ArgumentException">The <paramref name="safeContents" /> parameter value is already encrypted.</exception>
/// <exception cref="T:System.InvalidOperationException">The PFX is already sealed (<see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Builder.IsSealed" /> is <see langword="true" />).</exception>
public void AddSafeContentsEncrypted(Pkcs12SafeContents safeContents, ReadOnlySpan <char> password, PbeParameters pbeParameters)
{
throw new PlatformNotSupportedException();
}
/// <summary>Adds a nested SafeContents to the SafeContents via a new <see cref="T:System.Security.Cryptography.Pkcs.Pkcs12SafeContentsBag" /> and returns the newly created bag instance.</summary>
/// <param name="safeContents">The nested contents to add to the SafeContents.</param>
/// <returns>The bag instance which was added to the SafeContents.</returns>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="safeContents" /> parameter is <see langword="null" />.</exception>
/// <exception cref="T:System.ArgumentException">The <paramref name="safeContents" /> parameter is encrypted.</exception>
/// <exception cref="T:System.InvalidOperationException">This instance is read-only.</exception>
public Pkcs12SafeContentsBag AddNestedContents(Pkcs12SafeContents safeContents)
{
throw new PlatformNotSupportedException();
}
public void AddSafeContentsEncrypted(
Pkcs12SafeContents safeContents !!,