public static void TestExplicitCopyTo()
{
ICollection col = CreateTestCollection();
RecipientInfo[] recipients = new RecipientInfo[3];
col.CopyTo(recipients, 0);
ValidateMembers(recipients);
}
public void CopyTo(RecipientInfo[] array, int index)
{
if (array == null)
throw new ArgumentNullException(nameof(array));
if (index < 0 || index >= array.Length)
throw new ArgumentOutOfRangeException(nameof(index), SR.ArgumentOutOfRange_Index);
_recipientInfos.CopyTo(array, index);
}
public static void TestCopyToOffset()
{
RecipientInfoCollection col = CreateTestCollection();
RecipientInfo[] recipients = new RecipientInfo[6];
col.CopyTo(recipients, 2);
Assert.Null(recipients[0]);
Assert.Null(recipients[1]);
Assert.Null(recipients[5]);
ValidateMembers(recipients.Skip(2).Take(3));
}
public sealed override ContentInfo TryDecrypt(RecipientInfo recipientInfo, X509Certificate2 cert, X509Certificate2Collection originatorCerts, X509Certificate2Collection extraStore, out Exception exception)
{
Debug.Assert(recipientInfo != null);
Debug.Assert(cert != null);
Debug.Assert(originatorCerts != null);
Debug.Assert(extraStore != null);
CryptKeySpec keySpec;
exception = TryGetKeySpecForCertificate(cert, out keySpec);
if (exception != null)
return null;
// Desktop compat: We pass false for "silent" here (thus allowing crypto providers to display UI.)
using (SafeProvOrNCryptKeyHandle hKey = TryGetCertificatePrivateKey(cert, false, out exception))
{
if (hKey == null)
return null;
RecipientInfoType type = recipientInfo.Type;
switch (type)
{
case RecipientInfoType.KeyTransport:
exception = TryDecryptTrans((KeyTransRecipientInfo)recipientInfo, hKey, keySpec);
break;
case RecipientInfoType.KeyAgreement:
exception = TryDecryptAgree((KeyAgreeRecipientInfo)recipientInfo, hKey, keySpec, originatorCerts, extraStore);
break;
default:
// Since only the framework can construct RecipientInfo's, we're at fault if we get here. So it's okay to assert and throw rather than
// returning to the caller.
Debug.Fail($"Unexpected RecipientInfoType: {type}");
throw new NotSupportedException();
}
if (exception != null)
return null;
// If we got here, we successfully decrypted. Return the decrypted content.
return _hCryptMsg.GetContentInfo();
}
}
public void Decrypt(RecipientInfo recipientInfo, X509Certificate2Collection extraStore)
{
if (recipientInfo == null)
throw new ArgumentNullException(nameof(recipientInfo));
if (extraStore == null)
throw new ArgumentNullException(nameof(extraStore));
DecryptContent(new RecipientInfoCollection(recipientInfo), extraStore);
}
internal RecipientInfoCollection(ICollection<RecipientInfo> recipientInfos)
{
_recipientInfos = new RecipientInfo[recipientInfos.Count];
recipientInfos.CopyTo(_recipientInfos, 0);
}
public void Decrypt (RecipientInfo recipientInfo, X509Certificate2Collection extraStore)
{
if (recipientInfo == null)
throw new ArgumentNullException ("recipientInfo");
if (extraStore == null)
throw new ArgumentNullException ("extraStore");
Decrypt ();
}
internal RecipientInfoCollection(RecipientInfo recipientInfo)
{
this.m_safeCryptMsgHandle = System.Security.Cryptography.SafeCryptMsgHandle.InvalidHandle;
this.m_recipientInfos = new ArrayList(1);
this.m_recipientInfos.Add(recipientInfo);
}
public void Decrypt(RecipientInfo recipientInfo, X509Certificate2Collection extraStore)
{
if (recipientInfo == null)
{
throw new ArgumentNullException("recipientInfo");
}
if (extraStore == null)
{
throw new ArgumentNullException("extraStore");
}
this.DecryptContent(new RecipientInfoCollection(recipientInfo), extraStore);
}
private unsafe static int /* HRESULT */ GetCspParams (RecipientInfo recipientInfo,
X509Certificate2Collection extraStore,
ref CMSG_DECRYPT_PARAM cmsgDecryptParam) {
int hr = CAPI.CRYPT_E_RECIPIENT_NOT_FOUND;
SafeCertContextHandle safeCertContextHandle = SafeCertContextHandle.InvalidHandle;
SafeCertStoreHandle safeCertStoreHandle = BuildDecryptorStore(extraStore);
switch (recipientInfo.Type) {
case RecipientInfoType.KeyTransport:
if (recipientInfo.SubType == RecipientSubType.Pkcs7KeyTransport) {
safeCertContextHandle = CAPI.CertFindCertificateInStore(safeCertStoreHandle,
CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING,
0,
CAPI.CERT_FIND_SUBJECT_CERT,
recipientInfo.pCmsgRecipientInfo.DangerousGetHandle(),
SafeCertContextHandle.InvalidHandle);
}
else {
CAPI.CMSG_KEY_TRANS_RECIPIENT_INFO keyTrans = (CAPI.CMSG_KEY_TRANS_RECIPIENT_INFO) recipientInfo.CmsgRecipientInfo;
safeCertContextHandle = CAPI.CertFindCertificateInStore(safeCertStoreHandle,
CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING,
0,
CAPI.CERT_FIND_CERT_ID,
new IntPtr((byte *) &keyTrans.RecipientId),
SafeCertContextHandle.InvalidHandle);
}
break;
case RecipientInfoType.KeyAgreement:
KeyAgreeRecipientInfo keyAgree = (KeyAgreeRecipientInfo) recipientInfo;
CAPI.CERT_ID recipientId = keyAgree.RecipientId;
safeCertContextHandle = CAPI.CertFindCertificateInStore(safeCertStoreHandle,
CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING,
0,
CAPI.CERT_FIND_CERT_ID,
new IntPtr(&recipientId),
SafeCertContextHandle.InvalidHandle);
break;
default: // Others not supported.
hr = CAPI.E_NOTIMPL;
break;
}
// Acquire CSP if the recipient's cert is found.
if (safeCertContextHandle != null && !safeCertContextHandle.IsInvalid) {
SafeCryptProvHandle safeCryptProvHandle = SafeCryptProvHandle.InvalidHandle;
uint keySpec = 0;
bool freeCsp = false;
// Check to see if KEY_PROV_INFO contains "MS Base ..."
// If so, acquire "MS Enhanced..." or "MS Strong".
// if failed, then use CryptAcquireCertificatePrivateKey
CspParameters parameters = new CspParameters();
if (X509Utils.GetPrivateKeyInfo(safeCertContextHandle, ref parameters) == false)
throw new CryptographicException(Marshal.GetLastWin32Error());
if (String.Compare(parameters.ProviderName, CAPI.MS_DEF_PROV, StringComparison.OrdinalIgnoreCase) == 0) {
if (CAPI.CryptAcquireContext(ref safeCryptProvHandle, parameters.KeyContainerName, CAPI.MS_ENHANCED_PROV, CAPI.PROV_RSA_FULL, 0) ||
CAPI.CryptAcquireContext(ref safeCryptProvHandle, parameters.KeyContainerName, CAPI.MS_STRONG_PROV, CAPI.PROV_RSA_FULL, 0)) {
cmsgDecryptParam.safeCryptProvHandle = safeCryptProvHandle;
}
}
cmsgDecryptParam.safeCertContextHandle = safeCertContextHandle;
cmsgDecryptParam.keySpec = (uint)parameters.KeyNumber;
hr = CAPI.S_OK;
if ((safeCryptProvHandle == null) || (safeCryptProvHandle.IsInvalid)) {
if (CAPI.CAPISafe.CryptAcquireCertificatePrivateKey(safeCertContextHandle,
CAPI.CRYPT_ACQUIRE_COMPARE_KEY_FLAG | CAPI.CRYPT_ACQUIRE_USE_PROV_INFO_FLAG,
IntPtr.Zero,
ref safeCryptProvHandle,
ref keySpec,
ref freeCsp)) {
if (!freeCsp) {
GC.SuppressFinalize(safeCryptProvHandle);
}
cmsgDecryptParam.safeCryptProvHandle = safeCryptProvHandle;
}
else {
hr = Marshal.GetHRForLastWin32Error();
}
}
}
return hr;
}
private static void ValidateMembers(IEnumerator e)
{
RecipientInfo[] recipients = new RecipientInfo[3];
Assert.True(e.MoveNext());
recipients[0] = (RecipientInfo)(e.Current);
Assert.True(e.MoveNext());
recipients[1] = (RecipientInfo)(e.Current);
Assert.True(e.MoveNext());
recipients[2] = (RecipientInfo)(e.Current);
Assert.False(e.MoveNext());
X509IssuerSerial[] si = recipients.Select(r => (X509IssuerSerial)(r.RecipientIdentifier.Value)).OrderBy(x => x.IssuerName).ToArray();
Assert.Equal("CN=RSAKeyTransfer1", si[0].IssuerName);
Assert.Equal("CN=RSAKeyTransfer2", si[1].IssuerName);
Assert.Equal("CN=RSAKeyTransfer3", si[2].IssuerName);
}
public static void TestExplicitCopyToExceptions()
{
ICollection col = CreateTestCollection();
Assert.Throws<ArgumentNullException>(() => col.CopyTo(null, 0));
RecipientInfo[] recipients = new RecipientInfo[6];
col.CopyTo(recipients, 3);
Assert.Throws<ArgumentException>(() => col.CopyTo(recipients, 4));
Assert.Throws<ArgumentOutOfRangeException>(() => col.CopyTo(recipients, -1));
Assert.Throws<ArgumentOutOfRangeException>(() => col.CopyTo(recipients, 6));
}
public static void TestExplicitCopyToExceptions()
{
ICollection col = CreateTestCollection();
Assert.Throws<ArgumentNullException>(() => col.CopyTo(null, 0));
RecipientInfo[] recipients = new RecipientInfo[6];
col.CopyTo(recipients, 3);
Assert.Throws<ArgumentException>(() => col.CopyTo(recipients, 4));
Assert.Throws<ArgumentOutOfRangeException>(() => col.CopyTo(recipients, -1));
Assert.Throws<ArgumentOutOfRangeException>(() => col.CopyTo(recipients, 6));
// Array has non-zero lower bound
Array array = Array.CreateInstance(typeof(object), new int[] { 10 }, new int[] { 10 });
Assert.Throws<IndexOutOfRangeException>(() => col.CopyTo(array, 0));
}
private static void VerifyRecipients3(byte[] encodedMessage)
{
string[] expectedIssuers = s_certs.Select(c => c.Issuer).OrderBy(s => s).ToArray();
EnvelopedCms ecms = new EnvelopedCms();
ecms.Decode(encodedMessage);
RecipientInfoCollection col = ecms.RecipientInfos;
int numRecipients = col.Count;
Assert.Equal(3, numRecipients);
RecipientInfo[] recipients = new RecipientInfo[numRecipients];
col.CopyTo(recipients, 0);
string[] actualIssuers = recipients.Select(r => r.RecipientIdentifier.Value).Cast<X509IssuerSerial>().Select(xis => xis.IssuerName).OrderBy(s => s).ToArray();
Assert.Equal<string>(expectedIssuers, actualIssuers);
}
// methods
internal int Add (RecipientInfo ri)
{
return _list.Add (ri);
}
public void CopyTo (RecipientInfo[] array, int index)
{
_list.CopyTo (array, index);
}
internal RecipientInfoCollection (RecipientInfo recipientInfo) {
m_safeCryptMsgHandle = SafeCryptMsgHandle.InvalidHandle;
m_recipientInfos = new ArrayList(1);
m_recipientInfos.Add(recipientInfo);
}
public void Decrypt(RecipientInfo recipientInfo)
{
if (recipientInfo == null)
{
throw new ArgumentNullException("recipientInfo");
}
this.DecryptContent(new RecipientInfoCollection(recipientInfo), null);
}
public void CopyTo(RecipientInfo[] array, int index) {
((ICollection)this).CopyTo(array, index);
}
private static unsafe int GetCspParams(RecipientInfo recipientInfo, X509Certificate2Collection extraStore, ref CMSG_DECRYPT_PARAM cmsgDecryptParam)
{
int num = -2146889717;
System.Security.Cryptography.SafeCertContextHandle invalidHandle = System.Security.Cryptography.SafeCertContextHandle.InvalidHandle;
System.Security.Cryptography.SafeCertStoreHandle hCertStore = BuildDecryptorStore(extraStore);
switch (recipientInfo.Type)
{
case RecipientInfoType.KeyTransport:
if (recipientInfo.SubType != RecipientSubType.Pkcs7KeyTransport)
{
System.Security.Cryptography.CAPI.CMSG_KEY_TRANS_RECIPIENT_INFO cmsgRecipientInfo = (System.Security.Cryptography.CAPI.CMSG_KEY_TRANS_RECIPIENT_INFO) recipientInfo.CmsgRecipientInfo;
invalidHandle = System.Security.Cryptography.CAPI.CertFindCertificateInStore(hCertStore, 0x10001, 0, 0x100000, new IntPtr((void*) &cmsgRecipientInfo.RecipientId), System.Security.Cryptography.SafeCertContextHandle.InvalidHandle);
break;
}
invalidHandle = System.Security.Cryptography.CAPI.CertFindCertificateInStore(hCertStore, 0x10001, 0, 0xb0000, recipientInfo.pCmsgRecipientInfo.DangerousGetHandle(), System.Security.Cryptography.SafeCertContextHandle.InvalidHandle);
break;
case RecipientInfoType.KeyAgreement:
{
KeyAgreeRecipientInfo info = (KeyAgreeRecipientInfo) recipientInfo;
System.Security.Cryptography.CAPI.CERT_ID recipientId = info.RecipientId;
invalidHandle = System.Security.Cryptography.CAPI.CertFindCertificateInStore(hCertStore, 0x10001, 0, 0x100000, new IntPtr((void*) &recipientId), System.Security.Cryptography.SafeCertContextHandle.InvalidHandle);
break;
}
default:
num = -2147483647;
break;
}
if ((invalidHandle == null) || invalidHandle.IsInvalid)
{
return num;
}
System.Security.Cryptography.SafeCryptProvHandle hCryptProv = System.Security.Cryptography.SafeCryptProvHandle.InvalidHandle;
uint pdwKeySpec = 0;
bool pfCallerFreeProv = false;
CspParameters parameters = new CspParameters();
if (!System.Security.Cryptography.X509Certificates.X509Utils.GetPrivateKeyInfo(invalidHandle, ref parameters))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if ((string.Compare(parameters.ProviderName, "Microsoft Base Cryptographic Provider v1.0", StringComparison.OrdinalIgnoreCase) == 0) && (System.Security.Cryptography.CAPI.CryptAcquireContext(ref hCryptProv, parameters.KeyContainerName, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 0) || System.Security.Cryptography.CAPI.CryptAcquireContext(ref hCryptProv, parameters.KeyContainerName, "Microsoft Strong Cryptographic Provider", 1, 0)))
{
cmsgDecryptParam.safeCryptProvHandle = hCryptProv;
}
cmsgDecryptParam.safeCertContextHandle = invalidHandle;
cmsgDecryptParam.keySpec = (uint) parameters.KeyNumber;
num = 0;
if ((hCryptProv != null) && !hCryptProv.IsInvalid)
{
return num;
}
if (System.Security.Cryptography.CAPI.CAPISafe.CryptAcquireCertificatePrivateKey(invalidHandle, 6, IntPtr.Zero, ref hCryptProv, ref pdwKeySpec, ref pfCallerFreeProv))
{
if (!pfCallerFreeProv)
{
GC.SuppressFinalize(hCryptProv);
}
cmsgDecryptParam.safeCryptProvHandle = hCryptProv;
return num;
}
return Marshal.GetHRForLastWin32Error();
}
internal RecipientInfoCollection(RecipientInfo recipientInfo)
{
_recipientInfos = new RecipientInfo[] { recipientInfo };
}
// methods
internal int Add(RecipientInfo ri)
{
return(_list.Add(ri));
}
internal RecipientInfoCollection(ICollection <RecipientInfo> recipientInfos)
{
_recipientInfos = new RecipientInfo[recipientInfos.Count];
recipientInfos.CopyTo(_recipientInfos, 0);
}
public void Decrypt (RecipientInfo recipientInfo)
{
if (recipientInfo == null)
throw new ArgumentNullException ("recipientInfo");
Decrypt ();
}
public void Decrypt(RecipientInfo recipientInfo)
{
if (recipientInfo == null)
throw new ArgumentNullException(nameof(recipientInfo));
DecryptContent(new RecipientInfoCollection(recipientInfo), null);
}
/// <summary> /// Attempt to decrypt the CMS using the specified "cert". If successful, return the ContentInfo that contains the decrypted content. If unsuccessful, return null and set "exception" /// to a valid Exception object. Do not throw the exception as EnvelopedCms will want to continue decryption attempts against other recipients. Only if all the recipients fail to /// decrypt will then EnvelopedCms throw the exception from the last failed attempt. /// </summary> public abstract ContentInfo TryDecrypt(RecipientInfo recipientInfo, X509Certificate2 cert, X509Certificate2Collection originatorCerts, X509Certificate2Collection extraStore, out Exception exception);
internal RecipientInfoCollection(RecipientInfo recipientInfo)
{
_recipientInfos = new RecipientInfo[] { recipientInfo };
}
