public static void ReadCustomType() { byte[] input = ( "3033020103302E06092A864886F70D010701A021041F301D301B06092A864886" + "F70D010701A00E040C300A3008060100A003040102").HexToByteArray(); Pkcs12Info info = Pkcs12Info.Decode(input, out _, skipCopy: true); Assert.Equal(Pkcs12IntegrityMode.None, info.IntegrityMode); ReadOnlyCollection <Pkcs12SafeContents> allContents = info.AuthenticatedSafe; Assert.Equal(1, allContents.Count); Pkcs12SafeContents contents = allContents[0]; Assert.Equal(Pkcs12ConfidentialityMode.None, contents.ConfidentialityMode); List <Pkcs12SafeBag> bags = contents.GetBags().ToList(); Assert.Equal(1, bags.Count); Pkcs12SafeBag bag = bags[0]; Assert.IsNotType <Pkcs12CertBag>(bag); Assert.IsNotType <Pkcs12KeyBag>(bag); Assert.IsNotType <Pkcs12SecretBag>(bag); Assert.IsNotType <Pkcs12ShroudedKeyBag>(bag); CustomBagType customBag = new CustomBagType(bag.EncodedBagValue); Assert.Equal(2, customBag.Value); }
public static void BuildWithFactoryReadDirect() { using (RSA rsa = RSA.Create()) { Pkcs12SafeContents contents = new Pkcs12SafeContents(); Pkcs12KeyBag keyBag = contents.AddKeyUnencrypted(rsa); using (RSA rsa2 = RSA.Create()) { rsa2.ImportPkcs8PrivateKey( keyBag.Pkcs8PrivateKey.Span, out _); byte[] sig = new byte[rsa.KeySize / 8]; Assert.True(rsa2.TrySignData( keyBag.Pkcs8PrivateKey.Span, sig, HashAlgorithmName.MD5, RSASignaturePadding.Pkcs1, out int sigLen)); Assert.Equal(sig.Length, sigLen); Assert.True(rsa.VerifyData( keyBag.Pkcs8PrivateKey.Span, sig, HashAlgorithmName.MD5, RSASignaturePadding.Pkcs1)); } } }
public static void BuildWithBytesFactoryReadDirect() { using (RSA rsa = RSA.Create()) { Pkcs12SafeContents contents = new Pkcs12SafeContents(); byte[] encryptionKey = new byte[] { 1, 2, 3, 4, 5 }; Pkcs12ShroudedKeyBag keyBag = contents.AddShroudedKey(rsa, encryptionKey, s_pbkdf2Pbe); using (RSA rsa2 = RSA.Create()) { rsa2.ImportEncryptedPkcs8PrivateKey( encryptionKey, keyBag.EncryptedPkcs8PrivateKey.Span, out _); byte[] sig = new byte[rsa.KeySize / 8]; Assert.True(rsa2.TrySignData( keyBag.EncryptedPkcs8PrivateKey.Span, sig, HashAlgorithmName.MD5, RSASignaturePadding.Pkcs1, out int sigLen)); Assert.Equal(sig.Length, sigLen); Assert.True(rsa.VerifyData( keyBag.EncryptedPkcs8PrivateKey.Span, sig, HashAlgorithmName.MD5, RSASignaturePadding.Pkcs1)); } } }
public static void BuildWithEmptySafeContents(bool encrypted) { string pw = nameof(BuildWithEmptySafeContents); Pkcs12Builder builder = new Pkcs12Builder(); Pkcs12SafeContents empty = new Pkcs12SafeContents(); if (encrypted) { builder.AddSafeContentsEncrypted(empty, pw, s_win7Pbe); } else { builder.AddSafeContentsUnencrypted(empty); } builder.SealWithMac(pw, HashAlgorithmName.SHA1, 1); byte[] pfxBytes = builder.Encode(); X509Certificate2Collection coll = new X509Certificate2Collection(); coll.Import(pfxBytes, pw, default); Assert.Equal(0, coll.Count); }
public static X509Certificate2 CreateCertificateWithPrivateKey( X509Certificate2 certificate, AsymmetricAlgorithm privateKey, string password = null) { var builder = new Pkcs12Builder(); var contents = new Pkcs12SafeContents(); contents.AddCertificate(certificate); contents.AddKeyUnencrypted(privateKey); builder.AddSafeContentsUnencrypted(contents); // OpenSSL requires the file to have a mac, without mac this will run on Windows but not on Linux builder.SealWithMac(password, HashAlgorithmName.SHA256, 1); var pkcs12bytes = builder.Encode(); if (string.IsNullOrEmpty(password)) { var certificateOut = new X509Certificate2(pkcs12bytes); return(certificateOut); } else { var certificateOut = new X509Certificate2(pkcs12bytes, password); return(certificateOut); } }
public void TwoCerts_CrossedKeys() { string pw = nameof(SameCertTwice_NoKeys); using (var cert = new X509Certificate2(TestData.PfxData, TestData.PfxDataPassword, s_exportableImportFlags)) using (var cert2 = new X509Certificate2(TestData.MsCertificate)) using (RSA key = cert.GetRSAPrivateKey()) { Pkcs12Builder builder = new Pkcs12Builder(); Pkcs12SafeContents keyContents = new Pkcs12SafeContents(); Pkcs12SafeContents certContents = new Pkcs12SafeContents(); Pkcs12SafeBag keyBag = keyContents.AddShroudedKey(key, pw, s_windowsPbe); Pkcs12SafeBag certBag = certContents.AddCertificate(cert); Pkcs12SafeBag certBag2 = certContents.AddCertificate(cert2); keyBag.Attributes.Add(s_keyIdOne); certBag2.Attributes.Add(s_keyIdOne); AddContents(keyContents, builder, pw, encrypt: false); AddContents(certContents, builder, pw, encrypt: true); builder.SealWithMac(pw, s_digestAlgorithm, MacCount); byte[] pfxBytes = builder.Encode(); // Windows seems to be applying both the implicit match and the LocalKeyId match, // so it detects two hits against the same key and fails. ReadUnreadablePfx( pfxBytes, pw, // NTE_BAD_DATA -2146893819); } }
public void CertTwice_KeyOnce(bool addLocalKeyId) { string pw = nameof(CertTwice_KeyOnce); using (var cert = new X509Certificate2(TestData.PfxData, TestData.PfxDataPassword, s_exportableImportFlags)) using (RSA key = cert.GetRSAPrivateKey()) { Pkcs12Builder builder = new Pkcs12Builder(); Pkcs12SafeContents keyContents = new Pkcs12SafeContents(); Pkcs12SafeContents certContents = new Pkcs12SafeContents(); Pkcs12SafeBag keyBag = keyContents.AddShroudedKey(key, pw, s_windowsPbe); Pkcs12SafeBag certBag = certContents.AddCertificate(cert); Pkcs12SafeBag certBag2 = certContents.AddCertificate(cert); if (addLocalKeyId) { certBag.Attributes.Add(s_keyIdOne); certBag2.Attributes.Add(s_keyIdOne); keyBag.Attributes.Add(s_keyIdOne); } AddContents(keyContents, builder, pw, encrypt: false); AddContents(certContents, builder, pw, encrypt: true); builder.SealWithMac(pw, s_digestAlgorithm, MacCount); byte[] pfxBytes = builder.Encode(); ReadUnreadablePfx( pfxBytes, pw, // NTE_BAD_DATA -2146893819); } }
public void SameCertTwice_NoKeys(bool addLocalKeyId) { string pw = nameof(SameCertTwice_NoKeys); using (var cert = new X509Certificate2(TestData.MsCertificate)) { Pkcs12Builder builder = new Pkcs12Builder(); Pkcs12SafeContents certContents = new Pkcs12SafeContents(); Pkcs12SafeBag certBag = certContents.AddCertificate(cert); Pkcs12SafeBag certBag2 = certContents.AddCertificate(cert); if (addLocalKeyId) { certBag.Attributes.Add(s_keyIdOne); certBag2.Attributes.Add(s_keyIdOne); } AddContents(certContents, builder, pw, encrypt: true); builder.SealWithMac(pw, s_digestAlgorithm, MacCount); byte[] pfxBytes = builder.Encode(); ReadMultiPfx( pfxBytes, pw, cert, new[] { cert, cert }); } }
public static void AddContentsAfterSealing() { Pkcs12SafeContents contents = new Pkcs12SafeContents(); contents.AddSecret(s_zeroOid, s_derNull); Pkcs12Builder builder = new Pkcs12Builder(); builder.SealWithoutIntegrity(); Assert.Throws <InvalidOperationException>( () => builder.AddSafeContentsUnencrypted(contents)); Assert.Throws <InvalidOperationException>( () => builder.AddSafeContentsEncrypted(contents, Array.Empty <byte>(), s_pbkdf2Parameters)); Assert.Throws <InvalidOperationException>( () => builder.AddSafeContentsEncrypted(contents, ReadOnlySpan <byte> .Empty, s_pbkdf2Parameters)); Assert.Throws <InvalidOperationException>( () => builder.AddSafeContentsEncrypted(contents, string.Empty, s_pbkdf2Parameters)); Assert.Throws <InvalidOperationException>( () => builder.AddSafeContentsEncrypted(contents, ReadOnlySpan <char> .Empty, s_pbkdf2Parameters)); }
public static void StartsInReadWriteNoConfidentialityMode() { Pkcs12SafeContents contents = new Pkcs12SafeContents(); Assert.Equal(Pkcs12ConfidentialityMode.None, contents.ConfidentialityMode); Assert.False(contents.IsReadOnly); }
public static void WriteOneCertNoKeys_Encrypted() { Pkcs12SafeContents contents = new Pkcs12SafeContents(); byte[] rawData; using (X509Certificate2 cert = Certificates.RSAKeyTransferCapi1.GetCertificate()) { contents.AddCertificate(cert); rawData = cert.RawData; } const string password = nameof(WriteOneCertNoKeys_NoEncryption); Pkcs12Builder builder = new Pkcs12Builder(); builder.AddSafeContentsEncrypted( contents, password, s_win7Pbe); builder.SealWithMac(password, HashAlgorithmName.SHA1, 1024); byte[] pfx = builder.Encode(); ImportedCollection coll = ImportedCollection.Import(pfx, password, X509KeyStorageFlags.EphemeralKeySet); using (coll) { Assert.Equal(1, coll.Collection.Count); Assert.Equal(rawData, coll.Collection[0].RawData); Assert.False(coll.Collection[0].HasPrivateKey, "coll.Collection[0].HasPrivateKey"); } }
public void OneCert_TwentyKeys_NoMatches() { string pw = nameof(OneCert_NoKey_WithLocalKeyId); using (var cert = new X509Certificate2(TestData.MsCertificate)) using (RSA rsa = RSA.Create(TestData.RsaBigExponentParams)) { Pkcs12Builder builder = new Pkcs12Builder(); Pkcs12SafeContents certContents = new Pkcs12SafeContents(); Pkcs12SafeContents keyContents = new Pkcs12SafeContents(); Pkcs12CertBag certBag = certContents.AddCertificate(cert); certBag.Attributes.Add(s_keyIdOne); byte[] keyExport = rsa.ExportEncryptedPkcs8PrivateKey(pw, s_windowsPbe); for (int i = 0; i < 20; i++) { Pkcs12SafeBag keyBag = new Pkcs12ShroudedKeyBag(keyExport, skipCopy: true); keyContents.AddSafeBag(keyBag); // Even with i=1 this won't match, because { 0x01 } != { 0x01, 0x00, 0x00, 0x00 } and // { 0x01 } != { 0x00, 0x00, 0x00, 0x01 } (binary comparison, not "equivalence" comparison). keyBag.Attributes.Add(new Pkcs9LocalKeyId(BitConverter.GetBytes(i))); } AddContents(keyContents, builder, pw, encrypt: false); AddContents(certContents, builder, pw, encrypt: true); builder.SealWithMac(pw, s_digestAlgorithm, MacCount); byte[] pfxBytes = builder.Encode(); ReadPfx(pfxBytes, pw, cert); } }
public static void BuildWithCharsFactoryReadDirect() { using (RSA rsa = RSA.Create()) { Pkcs12SafeContents contents = new Pkcs12SafeContents(); Pkcs12ShroudedKeyBag keyBag = contents.AddShroudedKey(rsa, nameof(rsa), s_win7Pbe); using (RSA rsa2 = RSA.Create()) { rsa2.ImportEncryptedPkcs8PrivateKey( (ReadOnlySpan <char>)nameof(rsa), keyBag.EncryptedPkcs8PrivateKey.Span, out _); byte[] sig = new byte[rsa.KeySize / 8]; Assert.True(rsa2.TrySignData( keyBag.EncryptedPkcs8PrivateKey.Span, sig, HashAlgorithmName.MD5, RSASignaturePadding.Pkcs1, out int sigLen)); Assert.Equal(sig.Length, sigLen); Assert.True(rsa.VerifyData( keyBag.EncryptedPkcs8PrivateKey.Span, sig, HashAlgorithmName.MD5, RSASignaturePadding.Pkcs1)); } } }
public static void EncryptEncryptedSafeContents() { Pkcs12Builder builder1 = new Pkcs12Builder(); Pkcs12Builder builder2 = new Pkcs12Builder(); Pkcs12SafeContents contents = new Pkcs12SafeContents(); contents.AddSecret(s_zeroOid, s_derNull); builder1.AddSafeContentsEncrypted(contents, ReadOnlySpan <byte> .Empty, s_pbkdf2Parameters); builder1.SealWithoutIntegrity(); byte[] encoded = builder1.Encode(); Pkcs12Info info = Pkcs12Info.Decode(encoded, out _, skipCopy: true); Assert.Equal(Pkcs12IntegrityMode.None, info.IntegrityMode); Assert.Equal(1, info.AuthenticatedSafe.Count); AssertExtensions.Throws <ArgumentException>( "safeContents", () => builder2.AddSafeContentsEncrypted( info.AuthenticatedSafe[0], "nope", s_pbkdf2Parameters)); AssertExtensions.Throws <ArgumentException>( "safeContents", () => builder2.AddSafeContentsEncrypted( info.AuthenticatedSafe[0], s_derNull.Span, s_pbkdf2Parameters)); }
public static void CopyEncryptedSafeContents(bool withSpan) { Pkcs12Builder builder1 = new Pkcs12Builder(); Pkcs12Builder builder2 = new Pkcs12Builder(); Pkcs12SafeContents contents = new Pkcs12SafeContents(); contents.AddSecret(s_zeroOid, s_derNull); if (withSpan) { builder1.AddSafeContentsEncrypted(contents, ReadOnlySpan <byte> .Empty, s_pbkdf2Parameters); } else { builder1.AddSafeContentsEncrypted(contents, (byte[])null, s_pbkdf2Parameters); } builder1.SealWithoutIntegrity(); byte[] encoded1 = builder1.Encode(); Pkcs12Info info = Pkcs12Info.Decode(encoded1, out _, skipCopy: true); Assert.Equal(Pkcs12IntegrityMode.None, info.IntegrityMode); Assert.Equal(1, info.AuthenticatedSafe.Count); builder2.AddSafeContentsUnencrypted(info.AuthenticatedSafe[0]); builder2.SealWithoutIntegrity(); byte[] encoded2 = builder2.Encode(); Assert.Equal(encoded1.ByteArrayToHex(), encoded2.ByteArrayToHex()); }
public static void AddCertificateDisallowedInReadOnly() { Pkcs12SafeContents contents = MakeReadonly(new Pkcs12SafeContents()); X509Certificate2 cert = new X509Certificate2(stackalloc byte[0]); Assert.Throws <InvalidOperationException>(() => contents.AddCertificate(cert)); }
public static void ReadSerializedData(bool encryptSafe) { Pkcs12SafeContents container = new Pkcs12SafeContents(); Pkcs12SafeContents builtContents = new Pkcs12SafeContents(); builtContents.AddSecret(s_zeroOid, s_derNull); builtContents.AddSecret(s_zeroOid, new byte[] { 4, 1, 2 }).Attributes.Add( new Pkcs9LocalKeyId(s_derNull.Span)); builtContents.AddSecret(s_zeroOid, new byte[] { 4, 1, 3 }); container.AddNestedContents(builtContents); Pkcs12Builder builder = new Pkcs12Builder(); if (encryptSafe) { builder.AddSafeContentsEncrypted(container, s_derNull.Span, s_pbkdf2Parameters); } else { builder.AddSafeContentsUnencrypted(container); } builder.SealWithoutIntegrity(); byte[] encoded = builder.Encode(); Pkcs12Info info = Pkcs12Info.Decode(encoded, out _, skipCopy: true); Pkcs12SafeContents onlySafe = info.AuthenticatedSafe.Single(); if (encryptSafe) { onlySafe.Decrypt(s_derNull.Span); } Pkcs12SafeBag onlyBag = onlySafe.GetBags().Single(); Pkcs12SafeContentsBag safeContentsBag = Assert.IsType <Pkcs12SafeContentsBag>(onlyBag); Pkcs12SafeContents readContents = safeContentsBag.SafeContents; Assert.Equal( Pkcs12ConfidentialityMode.None, readContents.ConfidentialityMode); Assert.True(readContents.IsReadOnly); List <Pkcs12SafeBag> bags1 = builtContents.GetBags().ToList(); List <Pkcs12SafeBag> bags2 = readContents.GetBags().ToList(); Assert.Equal(bags1.Count, bags2.Count); for (int i = 0; i < bags2.Count; i++) { byte[] encoded1 = bags1[i].Encode(); byte[] encoded2 = bags1[i].Encode(); Assert.True(encoded1.AsSpan().SequenceEqual(encoded2), $"Bag {i} encodes the same"); } }
public static void AddBagDisallowedInReadOnly() { Pkcs12SafeContents contents = MakeReadonly(new Pkcs12SafeContents()); Pkcs12CertBag certBag = new Pkcs12CertBag(s_zeroOid, s_derNull); Assert.True(contents.IsReadOnly); Assert.Throws <InvalidOperationException>(() => contents.AddSafeBag(certBag)); }
public static void OidRequired() { Pkcs12SafeContents contents = new Pkcs12SafeContents(); AssertExtensions.Throws <ArgumentNullException>( "secretType", () => contents.AddSecret(null, ReadOnlyMemory <byte> .Empty)); }
public static void BadOidFails() { string payloadHex = "0403090807"; Pkcs12SafeContents contents = new Pkcs12SafeContents(); Assert.ThrowsAny <CryptographicException>( () => contents.AddSecret(new Oid("Hi", "There"), payloadHex.HexToByteArray())); }
public static void AddNestedContentsDisallowedInReadOnly() { Pkcs12SafeContents outerContents = MakeReadonly(new Pkcs12SafeContents()); Pkcs12SafeContents innerContents = new Pkcs12SafeContents(); Assert.Throws <InvalidOperationException>( () => outerContents.AddNestedContents(innerContents)); }
public static void AddKeyUnencryptedDisallowedInReadOnly() { Pkcs12SafeContents contents = MakeReadonly(new Pkcs12SafeContents()); using (RSA rsa = RSA.Create()) { Assert.Throws <InvalidOperationException>(() => contents.AddKeyUnencrypted(rsa)); } }
public static void EncodeGrowsWhenNeeded() { Pkcs12Builder builder = new Pkcs12Builder(); Pkcs12SafeContents contents = new Pkcs12SafeContents(); byte[] bigBuf = new byte[16 * 1024 + 4]; bigBuf[0] = 0x04; bigBuf[1] = 0x82; ref byte upper = ref bigBuf[2];
public void OneCert_ExtraKeyBadEncoding(bool badTag) { string pw = nameof(OneCert_ExtraKeyBadEncoding); using (var cert = new X509Certificate2(TestData.MsCertificate)) { Pkcs12Builder builder = new Pkcs12Builder(); Pkcs12SafeContents certContents = new Pkcs12SafeContents(); Pkcs12SafeContents keyContents = new Pkcs12SafeContents(); // SEQUENCE { INTEGER(1) } is not a valid RSAPrivateKey, it should be // SEQUENCE { INTEGER(N), INTEGER(E), ... (D, P, Q, DP, DQ, QInv) } // So the conclusion is "unexpected end of data" byte[] badKeyBytes = { 0x30, 0x03, 0x02, 0x01, 0x01 }; // In "badTag" we make the INTEGER be OCTET STRING, triggering a different // "uh, I can't read this..." error. if (badTag) { badKeyBytes[2] = 0x04; } Pkcs8PrivateKeyInfo pk8 = new Pkcs8PrivateKeyInfo( // The correct RSA OID. new Oid("1.2.840.113549.1.1.1", null), null, badKeyBytes, skipCopies: true); // Note that neither the cert nor the key have a LocalKeyId attribute. // The existence of this unreadable key is enough to abort the load on older Windows keyContents.AddSafeBag(new Pkcs12ShroudedKeyBag(pk8.Encrypt(pw, s_windowsPbe))); certContents.AddCertificate(cert); AddContents(keyContents, builder, pw, encrypt: false); AddContents(certContents, builder, pw, encrypt: true); builder.SealWithMac(pw, s_digestAlgorithm, MacCount); byte[] pfxBytes = builder.Encode(); if (s_loaderFailsKeysEarly) { // CRYPT_E_ASN1_BADTAG or CRYPT_E_ASN1_EOD int expectedWin32Error = badTag ? -2146881269 : -2146881278; ReadUnreadablePfx( pfxBytes, pw, expectedWin32Error); } else { ReadPfx(pfxBytes, pw, cert); } } }
public static void AddShroudedKeyWithCharsDisallowedInReadOnly() { Pkcs12SafeContents contents = MakeReadonly(new Pkcs12SafeContents()); using (RSA rsa = RSA.Create()) { Assert.Throws <InvalidOperationException>( () => contents.AddShroudedKey(rsa, ReadOnlySpan <char> .Empty, s_pbeParameters)); } }
public static void ReadOracleWallet(int trailingByteCount) { ReadOnlyMemory <byte> source = PadContents(Pkcs12Documents.SimpleOracleWallet, trailingByteCount); Pkcs12Info info = Pkcs12Info.Decode( source, out int bytesRead, skipCopy: true); Assert.Equal(Pkcs12Documents.SimpleOracleWallet.Length, bytesRead); Assert.Equal(Pkcs12IntegrityMode.Password, info.IntegrityMode); Assert.False(info.VerifyMac(ReadOnlySpan <char> .Empty), "VerifyMac(no password)"); Assert.False(info.VerifyMac(""), "VerifyMac(empty password)"); Assert.True(info.VerifyMac(Pkcs12Documents.OracleWalletPassword), "VerifyMac(correct password)"); ReadOnlyCollection <Pkcs12SafeContents> authSafes = info.AuthenticatedSafe; Assert.Equal(1, authSafes.Count); Pkcs12SafeContents authSafe = authSafes[0]; Assert.Equal(Pkcs12ConfidentialityMode.Password, authSafe.ConfidentialityMode); // Wrong password Assert.ThrowsAny <CryptographicException>(() => authSafe.Decrypt(ReadOnlySpan <char> .Empty)); authSafe.Decrypt(Pkcs12Documents.OracleWalletPassword); Assert.Equal(Pkcs12ConfidentialityMode.None, authSafe.ConfidentialityMode); List <Pkcs12SafeBag> bags = authSafe.GetBags().ToList(); Assert.Equal(4, bags.Count); CheckOracleSecretBag( bags[0], "oracle.security.client.connect_string1", "a_prod_db", "E6B652DD0000000400000000000000060000000300000000"); CheckOracleSecretBag( bags[1], "a@#3#@b", "{pwd_cred_type}@#4#@NEVER_EXPIRE@#5#@c@#111#@d", "E6B652DD0000000400000000000000060000000200000000"); CheckOracleSecretBag( bags[2], "oracle.security.client.username1", "a_test_user", "E6B652DD0000000400000000000000060000000100000000"); CheckOracleSecretBag( bags[3], "oracle.security.client.password1", "potatos are tasty", "E6B652DD0000000400000000000000060000000000000000"); }
public static void EncryptPkcs12KdfWithBytes() { Pkcs12SafeContents contents = new Pkcs12SafeContents(); contents.AddSecret(s_zeroOid, s_derNull); Pkcs12Builder builder = new Pkcs12Builder(); Assert.ThrowsAny <CryptographicException>( () => builder.AddSafeContentsEncrypted(contents, s_derNull.Span, s_win7Pbe)); }
public static void DecryptThrowsWhenNotPasswordMode(bool forReadOnly) { Pkcs12SafeContents contents = new Pkcs12SafeContents(); if (forReadOnly) { contents = MakeReadonly(contents); } Assert.Equal(Pkcs12ConfidentialityMode.None, contents.ConfidentialityMode); Assert.Throws <InvalidOperationException>(() => contents.Decrypt("test")); }
public static void WriteOneCertWithKey_LikeWindows() { Pkcs12SafeContents safe1 = new Pkcs12SafeContents(); Pkcs12SafeContents safe2 = new Pkcs12SafeContents(); byte[] rawData; Pkcs9LocalKeyId localKeyId = new Pkcs9LocalKeyId(new byte[] { 1 }); const string password = nameof(WriteOneCertWithKey_LikeWindows); using (X509Certificate2 cert = Certificates.RSAKeyTransferCapi1.TryGetCertificateWithPrivateKey(true)) { Pkcs12CertBag certBag = safe1.AddCertificate(cert); certBag.Attributes.Add(localKeyId); rawData = cert.RawData; Pkcs12ShroudedKeyBag keyBag; using (RSA rsa = cert.GetRSAPrivateKey()) { keyBag = safe2.AddShroudedKey( rsa, password, s_win7Pbe); } keyBag.Attributes.Add(localKeyId); } Pkcs12Builder builder = new Pkcs12Builder(); builder.AddSafeContentsEncrypted( safe1, password, s_win7Pbe); builder.AddSafeContentsUnencrypted(safe2); builder.SealWithMac(password, HashAlgorithmName.SHA1, 2068); byte[] pfx = builder.Encode(); ImportedCollection coll = ImportedCollection.Import(pfx, password, X509KeyStorageFlags.EphemeralKeySet); using (coll) { Assert.Equal(1, coll.Collection.Count); Assert.Equal(rawData, coll.Collection[0].RawData); Assert.True(coll.Collection[0].HasPrivateKey, "coll.Collection[0].HasPrivateKey"); } }
public static void AddKeyUnencryptedDisallowsNull(bool forReadOnly) { Pkcs12SafeContents contents = new Pkcs12SafeContents(); if (forReadOnly) { contents = MakeReadonly(contents); } AssertExtensions.Throws <ArgumentNullException>( "key", () => contents.AddKeyUnencrypted(null)); }