/// <summary>
/// If the HSM cannot decrypt it may be because an existing software based certificate
/// cached in DNS was used for the original encryption.
/// </summary>
/// <param name="encryptedBytes"></param>
/// <param name="decryptingCertificate"></param>
/// <returns></returns>
private MimeEntity CutOverDecryption(byte[] encryptedBytes,
X509Certificate2 decryptingCertificate)
{
ProxyWarning.NotifyEvent(this, "Cutover to Soft SMIMECryptographer started...");
var mimeEntity = m_innerSoftwareCryptographer
.DecryptEntity(encryptedBytes, decryptingCertificate);
if (mimeEntity != null)
{
ProxyWarning.NotifyEvent(this, "Cutover succeeded.");
}
return(mimeEntity);
}
/// <summary>
/// Decrypt (optionally) the given message and try to extract signatures
/// </summary>
bool DecryptSignatures(IncomingMessage message, X509Certificate2 certificate, out SignedCms signatures, out MimeEntity payload)
{
MimeEntity decryptedEntity = null;
signatures = null;
payload = null;
if (certificate != null)
{
decryptedEntity = m_cryptographer.DecryptEntity(message.GetEncryptedBytes(m_cryptographer), certificate);
}
else
{
decryptedEntity = message.Message;
}
if (decryptedEntity == null)
{
return(false);
}
if (SMIMEStandard.IsContentEnvelopedSignature(decryptedEntity.ParsedContentType))
{
signatures = m_cryptographer.DeserializeEnvelopedSignature(decryptedEntity);
payload = MimeSerializer.Default.Deserialize <MimeEntity>(signatures.ContentInfo.Content);
}
else if (SMIMEStandard.IsContentMultipartSignature(decryptedEntity.ParsedContentType))
{
SignedEntity signedEntity = SignedEntity.Load(decryptedEntity);
signatures = m_cryptographer.DeserializeDetachedSignature(signedEntity);
payload = signedEntity.Content;
}
else
{
throw new AgentException(AgentError.UnsignedMessage);
}
return(true);
}
