Пример #1
0
 internal static bool IsPkcs7Der(SafeBioHandle fileBio)
 {
     using (SafePkcs7Handle pkcs7 = Interop.Crypto.D2IPkcs7Bio(fileBio))
     {
         return(!pkcs7.IsInvalid);
     }
 }
Пример #2
0
        internal static bool IsPkcs7(ReadOnlySpan <byte> rawData)
        {
            using (SafePkcs7Handle pkcs7 = Interop.Crypto.DecodePkcs7(rawData))
            {
                if (pkcs7.IsInvalid)
                {
                    Interop.Crypto.ErrClearError();
                }
                else
                {
                    return(true);
                }
            }

            using (SafeBioHandle bio = Interop.Crypto.CreateMemoryBio())
            {
                Interop.Crypto.CheckValidOpenSslHandle(bio);

                if (Interop.Crypto.BioWrite(bio, rawData) != rawData.Length)
                {
                    Interop.Crypto.ErrClearError();
                }

                using (SafePkcs7Handle pkcs7 = Interop.Crypto.PemReadBioPkcs7(bio))
                {
                    if (pkcs7.IsInvalid)
                    {
                        Interop.Crypto.ErrClearError();
                        return(false);
                    }

                    return(true);
                }
            }
        }
Пример #3
0
        private static bool TryReadPkcs7Pem(
            byte[] rawData,
            bool single,
            out ICertificatePal certPal,
            out List <ICertificatePal> certPals)
        {
            using (SafeBioHandle bio = Interop.libcrypto.BIO_new(Interop.libcrypto.BIO_s_mem()))
            {
                Interop.Crypto.CheckValidOpenSslHandle(bio);

                Interop.libcrypto.BIO_write(bio, rawData, rawData.Length);

                SafePkcs7Handle pkcs7 =
                    Interop.libcrypto.PEM_read_bio_PKCS7(bio, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero);

                if (pkcs7.IsInvalid)
                {
                    certPal  = null;
                    certPals = null;
                    return(false);
                }

                using (pkcs7)
                {
                    return(TryReadPkcs7(pkcs7, single, out certPal, out certPals));
                }
            }
        }
Пример #4
0
        private byte[] ExportPkcs7()
        {
            // Pack all of the certificates into a new PKCS7*, export it to a byte[],
            // then free the PKCS7*, since we don't need it any more.
            using (SafePkcs7Handle pkcs7 = Interop.Crypto.Pkcs7CreateSigned())
            {
                Interop.Crypto.CheckValidOpenSslHandle(pkcs7);

                foreach (X509Certificate2 cert in _certs)
                {
                    // Pkcs7AddCertificate => PKCS7_add_certificate increments the
                    // reference count of the certificate, so passing just the Handle
                    // value is sufficient.
                    //
                    // It gets decremented again when the SafePkcs7Handle is released.
                    if (!Interop.Crypto.Pkcs7AddCertificate(pkcs7, cert.Handle))
                    {
                        throw Interop.Crypto.CreateOpenSslCryptographicException();
                    }
                }

                return(Interop.Crypto.OpenSslEncode(
                           handle => Interop.Crypto.GetPkcs7DerSize(handle),
                           (handle, buf) => Interop.Crypto.EncodePkcs7(handle, buf),
                           pkcs7));
            }
        }
Пример #5
0
 internal static bool IsPkcs7Pem(SafeBioHandle fileBio)
 {
     using (SafePkcs7Handle pkcs7 = Interop.Crypto.PemReadBioPkcs7(fileBio))
     {
         return(!pkcs7.IsInvalid);
     }
 }
Пример #6
0
        internal static bool IsPkcs7Pem(SafeBioHandle fileBio)
        {
            using (SafePkcs7Handle pkcs7 = Interop.Crypto.PemReadBioPkcs7(fileBio))
            {
                if (pkcs7.IsInvalid)
                {
                    Interop.Crypto.ErrClearError();
                    return(false);
                }

                return(true);
            }
        }
Пример #7
0
        private static bool TryReadPkcs7Der(
            SafeBioHandle bio,
            bool single,
            out ICertificatePal certPal,
            out List <ICertificatePal> certPals)
        {
            using (SafePkcs7Handle pkcs7 = Interop.Crypto.D2IPkcs7Bio(bio))
            {
                if (pkcs7.IsInvalid)
                {
                    certPal  = null;
                    certPals = null;
                    return(false);
                }

                return(TryReadPkcs7(pkcs7, single, out certPal, out certPals));
            }
        }
Пример #8
0
        private static bool TryReadPkcs7Der(
            byte[] rawData,
            bool single,
            out ICertificatePal certPal,
            out List <ICertificatePal> certPals)
        {
            using (SafePkcs7Handle pkcs7 = Interop.Crypto.DecodePkcs7(rawData, rawData.Length))
            {
                if (pkcs7.IsInvalid)
                {
                    certPal  = null;
                    certPals = null;
                    return(false);
                }

                return(TryReadPkcs7(pkcs7, single, out certPal, out certPals));
            }
        }
Пример #9
0
        private static bool TryReadPkcs7Der(
            ReadOnlySpan <byte> rawData,
            bool single,
            out ICertificatePal?certPal,
            [NotNullWhen(true)] out List <ICertificatePal>?certPals)
        {
            using (SafePkcs7Handle pkcs7 = Interop.Crypto.DecodePkcs7(rawData))
            {
                if (pkcs7.IsInvalid)
                {
                    certPal  = null;
                    certPals = null;
                    Interop.Crypto.ErrClearError();
                    return(false);
                }

                return(TryReadPkcs7(pkcs7, single, out certPal, out certPals));
            }
        }
Пример #10
0
        private static bool TryReadPkcs7Pem(
            SafeBioHandle bio,
            bool single,
            out ICertificatePal?certPal,
            [NotNullWhen(true)] out List <ICertificatePal>?certPals)
        {
            using (SafePkcs7Handle pkcs7 = Interop.Crypto.PemReadBioPkcs7(bio))
            {
                if (pkcs7.IsInvalid)
                {
                    certPal  = null;
                    certPals = null;
                    Interop.Crypto.ErrClearError();
                    return(false);
                }

                return(TryReadPkcs7(pkcs7, single, out certPal, out certPals));
            }
        }
Пример #11
0
        private byte[] ExportPkcs7()
        {
            using (SafePkcs7Handle pkcs7 = Interop.Crypto.Pkcs7CreateSigned())
            {
                Interop.Crypto.CheckValidOpenSslHandle(pkcs7);

                foreach (X509Certificate2 cert in _certs)
                {
                    if (!Interop.Crypto.Pkcs7AddCertificate(pkcs7, cert.Handle))
                    {
                        throw Interop.Crypto.CreateOpenSslCryptographicException();
                    }
                }

                return(Interop.Crypto.OpenSslEncode(
                           handle => Interop.Crypto.GetPkcs7DerSize(handle),
                           (handle, buf) => Interop.Crypto.EncodePkcs7(handle, buf),
                           pkcs7));
            }
        }
Пример #12
0
        internal static SafeSharedX509StackHandle GetPkcs7Certificates(SafePkcs7Handle p7)
        {
            if (p7 == null || p7.IsInvalid)
            {
                return(SafeSharedX509StackHandle.InvalidHandle);
            }

            SafeSharedX509StackHandle certs;
            int result = GetPkcs7Certificates(p7, out certs);

            if (result != 1)
            {
                throw Interop.Crypto.CreateOpenSslCryptographicException();
            }

            // Track the parent relationship for the interior pointer so lifetime is well-managed.
            certs.SetParent(p7);

            return(certs);
        }
Пример #13
0
        private static bool TryReadPkcs7Der(
            SafeBioHandle bio,
            bool single,
            out ICertificatePal certPal,
            out List <ICertificatePal> certPals)
        {
            SafePkcs7Handle pkcs7 = Interop.libcrypto.d2i_PKCS7_bio(bio, IntPtr.Zero);

            if (pkcs7.IsInvalid)
            {
                certPal  = null;
                certPals = null;
                return(false);
            }

            using (pkcs7)
            {
                return(TryReadPkcs7(pkcs7, single, out certPal, out certPals));
            }
        }
Пример #14
0
        private static bool TryReadPkcs7(
            SafePkcs7Handle pkcs7,
            bool single,
            out ICertificatePal?certPal,
            [NotNullWhen(true)] out List <ICertificatePal> certPals)
        {
            List <ICertificatePal>?readPals = single ? null : new List <ICertificatePal>();

            using (SafeSharedX509StackHandle certs = Interop.Crypto.GetPkcs7Certificates(pkcs7))
            {
                int count = Interop.Crypto.GetX509StackFieldCount(certs);

                if (single)
                {
                    // In single mode for a PKCS#7 signed or signed-and-enveloped file we're supposed to return
                    // the certificate which signed the PKCS#7 file.
                    //
                    // X509Certificate2Collection::Export(X509ContentType.Pkcs7) claims to be a signed PKCS#7,
                    // but doesn't emit a signature block. So this is hard to test.
                    //
                    // TODO(2910): Figure out how to extract the signing certificate, when it's present.
                    throw new CryptographicException(SR.Cryptography_X509_PKCS7_NoSigner);
                }

                Debug.Assert(readPals != null); // null if single == true

                for (int i = 0; i < count; i++)
                {
                    // Use FromHandle to duplicate the handle since it would otherwise be freed when the PKCS7
                    // is Disposed.
                    IntPtr          certHandle = Interop.Crypto.GetX509StackField(certs, i);
                    ICertificatePal pal        = CertificatePal.FromHandle(certHandle);
                    readPals.Add(pal);
                }
            }

            certPal  = null;
            certPals = readPals;
            return(true);
        }
Пример #15
0
        protected override byte[] ExportPkcs7()
        {
            // Pack all of the certificates into a new PKCS7*, export it to a byte[],
            // then free the PKCS7*, since we don't need it any more.
            using (SafeX509StackHandle certs = Interop.Crypto.NewX509Stack())
            {
                foreach (X509Certificate2 cert in _certs !)
                {
                    PushHandle(cert.Handle, certs);
                    GC.KeepAlive(cert); // ensure cert's safe handle isn't finalized while raw handle is in use
                }

                using (SafePkcs7Handle pkcs7 = Interop.Crypto.Pkcs7CreateCertificateCollection(certs))
                {
                    Interop.Crypto.CheckValidOpenSslHandle(pkcs7);
                    return(Interop.Crypto.OpenSslEncode(
                               Interop.Crypto.GetPkcs7DerSize,
                               Interop.Crypto.EncodePkcs7,
                               pkcs7));
                }
            }
        }
Пример #16
0
        internal static bool IsPkcs7(byte[] rawData)
        {
            using (SafePkcs7Handle pkcs7 = Interop.Crypto.DecodePkcs7(rawData, rawData.Length))
            {
                if (!pkcs7.IsInvalid)
                {
                    return(true);
                }
            }

            using (SafeBioHandle bio = Interop.Crypto.CreateMemoryBio())
            {
                Interop.Crypto.CheckValidOpenSslHandle(bio);

                Interop.Crypto.BioWrite(bio, rawData, rawData.Length);

                using (SafePkcs7Handle pkcs7 = Interop.Crypto.PemReadBioPkcs7(bio))
                {
                    return(!pkcs7.IsInvalid);
                }
            }
        }
Пример #17
0
        private static unsafe bool TryReadPkcs7Der(
            byte[] rawData,
            bool single,
            out ICertificatePal certPal,
            out List <ICertificatePal> certPals)
        {
            SafePkcs7Handle pkcs7 = Interop.libcrypto.OpenSslD2I(
                (ptr, b, i) => Interop.libcrypto.d2i_PKCS7(ptr, b, i),
                rawData,
                checkHandle: false);

            if (pkcs7.IsInvalid)
            {
                certPal  = null;
                certPals = null;
                return(false);
            }

            using (pkcs7)
            {
                return(TryReadPkcs7(pkcs7, single, out certPal, out certPals));
            }
        }
Пример #18
0
 internal static partial int GetPkcs7DerSize(SafePkcs7Handle p7);
Пример #19
0
 internal static partial int EncodePkcs7(SafePkcs7Handle p7, byte[] buf);
Пример #20
0
 private static extern int GetPkcs7Certificates(SafePkcs7Handle p7, out SafeSharedX509StackHandle certs);
Пример #21
0
 internal static extern bool Pkcs7AddCertificate(SafePkcs7Handle p7, IntPtr x509);
Пример #22
0
 internal static extern int GetPkcs7DerSize(SafePkcs7Handle p7);
Пример #23
0
 internal static extern int EncodePkcs7(SafePkcs7Handle p7, byte[] buf);