private Pkcs12CertBag(ReadOnlyMemory <byte> encodedBagValue, CertBagAsn decoded)
: base(Oids.Pkcs12CertBag, encodedBagValue)
{
_decoded = decoded;
IsX509Certificate = _decoded.CertId == Oids.Pkcs12X509CertBagType;
}
private static byte[] EncodeBagValue(string certificateType, ReadOnlyMemory <byte> encodedCertificate)
{
// Read to ensure that there is precisely one legally encoded value.
if (!AsnDecoder.TryReadEncodedValue(
encodedCertificate.Span,
AsnEncodingRules.BER,
out _,
out _,
out _,
out int consumed) ||
consumed != encodedCertificate.Length)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
}
// No need to copy encodedCertificate here, because it will be copied into the
// return value.
CertBagAsn certBagAsn = new CertBagAsn
{
CertId = certificateType,
CertValue = encodedCertificate,
};
AsnWriter writer = new AsnWriter(AsnEncodingRules.BER);
certBagAsn.Encode(writer);
return(writer.Encode());
}
internal Pkcs12CertBag(X509Certificate2 cert)
: base(
Oids.Pkcs12CertBag,
EncodeBagValue(
Oids.Pkcs12X509CertBagType,
PkcsHelpers.EncodeOctetString(cert.RawData)),
skipCopy: true)
{
_decoded = CertBagAsn.Decode(EncodedBagValue, AsnEncodingRules.BER);
IsX509Certificate = true;
}
/// <summary>
/// Create a CertBag for a specified certificate type and encoding.
/// </summary>
/// <param name="certificateType">The identifier for the certificate type</param>
/// <param name="encodedCertificate">The encoded value</param>
/// <remarks>
/// No validation is done to ensure that the <paramref name="encodedCertificate"/> value is
/// correct for the indicated <paramref name="certificateType"/>. Note that for X.509
/// public-key certificates the correct encoding for a CertBag value is to wrap the
/// DER-encoded certificate in an OCTET STRING.
/// </remarks>
public Pkcs12CertBag(Oid certificateType, ReadOnlyMemory <byte> encodedCertificate)
: base(
Oids.Pkcs12CertBag,
EncodeBagValue(certificateType, encodedCertificate),
skipCopy: true)
{
_certTypeOid = certificateType.CopyOid();
_decoded = CertBagAsn.Decode(EncodedBagValue, AsnEncodingRules.BER);
IsX509Certificate = _decoded.CertId == Oids.Pkcs12X509CertBagType;
}
private void BuildBags(
ICertificatePalCore certPal,
ReadOnlySpan <char> passwordSpan,
AsnWriter tmpWriter,
CertBagAsn[] certBags,
AttributeAsn[] certAttrs,
SafeBagAsn[] keyBags,
ref int certIdx,
ref int keyIdx)
{
tmpWriter.WriteOctetString(certPal.RawData);
certBags[certIdx] = new CertBagAsn
{
CertId = Oids.Pkcs12X509CertBagType,
CertValue = tmpWriter.Encode(),
};
tmpWriter.Reset();
if (certPal.HasPrivateKey)
{
byte[] attrBytes = new byte[6];
attrBytes[0] = (byte)UniversalTagNumber.OctetString;
attrBytes[1] = sizeof(int);
MemoryMarshal.Write(attrBytes.AsSpan(2), ref keyIdx);
keyBags[keyIdx] = new SafeBagAsn
{
BagId = Oids.Pkcs12ShroudedKeyBag,
BagValue = ExportPkcs8(certPal, passwordSpan),
BagAttributes = new[]
{
new AttributeAsn
{
AttrType = new Oid(Oids.LocalKeyId, null),
AttrValues = new ReadOnlyMemory <byte>[]
{
attrBytes,
}
}
}
};
// Reuse the attribute between the cert and the key.
certAttrs[certIdx] = keyBags[keyIdx].BagAttributes[0];
keyIdx++;
}
certIdx++;
}
internal Pkcs12CertBag(X509Certificate2 cert)
: base(
Oids.Pkcs12CertBag,
EncodeBagValue(
Oids.Pkcs12X509CertBagType,
PkcsPal.Instance.EncodeOctetString(cert.RawData)),
skipCopy: true)
{
_decoded = AsnSerializer.Deserialize <CertBagAsn>(
EncodedBagValue,
AsnEncodingRules.BER);
IsX509Certificate = true;
}
/// <summary>
/// Create a CertBag for a specified certificate type and encoding.
/// </summary>
/// <param name="certificateType">The identifier for the certificate type</param>
/// <param name="encodedCertificate">The encoded value</param>
/// <remarks>
/// No validation is done to ensure that the <paramref name="encodedCertificate"/> value is
/// correct for the indicated <paramref name="certificateType"/>. Note that for X.509
/// public-key certificates the correct encoding for a CertBag value is to wrap the
/// DER-encoded certificate in an OCTET STRING.
/// </remarks>
public Pkcs12CertBag(Oid certificateType, ReadOnlyMemory <byte> encodedCertificate)
: base(
Oids.Pkcs12CertBag,
EncodeBagValue(certificateType, encodedCertificate),
skipCopy: true)
{
_certTypeOid = new Oid(certificateType);
_decoded = AsnSerializer.Deserialize <CertBagAsn>(
EncodedBagValue,
AsnEncodingRules.BER);
IsX509Certificate = _decoded.CertId == Oids.Pkcs12X509CertBagType;
}
private static byte[] EncodeBagValue(string certificateType, ReadOnlyMemory <byte> encodedCertificate)
{
// Read to ensure that there is precisely one legally encoded value.
AsnReader reader = new AsnReader(encodedCertificate, AsnEncodingRules.BER);
reader.GetEncodedValue();
reader.ThrowIfNotEmpty();
// No need to copy encodedCertificate here, because it will be copied into the
// return value.
CertBagAsn certBagAsn = new CertBagAsn
{
CertId = certificateType,
CertValue = encodedCertificate,
};
using (AsnWriter writer = AsnSerializer.Serialize(certBagAsn, AsnEncodingRules.BER))
{
return(writer.Encode());
}
}
internal static Pkcs12CertBag DecodeValue(ReadOnlyMemory <byte> bagValue)
{
CertBagAsn decoded = CertBagAsn.Decode(bagValue, AsnEncodingRules.BER);
return(new Pkcs12CertBag(bagValue, decoded));
}
