|
public static TryRead ( Microsoft.Win32.SafeHandles.SafeBioHandle fileBio, |
||
| fileBio | Microsoft.Win32.SafeHandles.SafeBioHandle | |
| pkcs12Reader | ||
| Результат | bool | |
public X509ContentType GetCertContentType(byte[] rawData)
{
{
ICertificatePal certPal;
if (OpenSslX509CertificateReader.TryReadX509Der(rawData, out certPal) ||
OpenSslX509CertificateReader.TryReadX509Pem(rawData, out certPal))
{
certPal.Dispose();
return(X509ContentType.Cert);
}
}
if (PkcsFormatReader.IsPkcs7(rawData))
{
return(X509ContentType.Pkcs7);
}
{
OpenSslPkcs12Reader pfx;
if (OpenSslPkcs12Reader.TryRead(rawData, out pfx))
{
pfx.Dispose();
return(X509ContentType.Pkcs12);
}
}
// Unsupported format.
// Windows throws new CryptographicException(CRYPT_E_NO_MATCH)
throw new CryptographicException();
}
public static IStorePal FromBlob(byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
{
OpenSslPkcs12Reader pfx;
if (OpenSslPkcs12Reader.TryRead(rawData, out pfx))
{
using (pfx)
{
return(PfxToCollection(pfx, password));
}
}
return(null);
}
public static IStorePal FromFile(string fileName, string password, X509KeyStorageFlags keyStorageFlags)
{
using (SafeBioHandle fileBio = Interop.libcrypto.BIO_new_file(fileName, "rb"))
{
Interop.libcrypto.CheckValidOpenSslHandle(fileBio);
OpenSslPkcs12Reader pfx;
if (OpenSslPkcs12Reader.TryRead(fileBio, out pfx))
{
using (pfx)
{
return(PfxToCollection(pfx, password));
}
}
}
return(null);
}
private static bool TryReadPkcs12(
SafeBioHandle bio,
string password,
bool single,
out ICertificatePal readPal,
out List <ICertificatePal> readCerts)
{
// DER-PKCS12
OpenSslPkcs12Reader pfx;
if (!OpenSslPkcs12Reader.TryRead(bio, out pfx))
{
readPal = null;
readCerts = null;
return(false);
}
using (pfx)
{
return(TryReadPkcs12(pfx, password, single, out readPal, out readCerts));
}
}
private static bool TryReadPkcs12(
byte[] rawData,
SafePasswordHandle password,
bool single,
out ICertificatePal readPal,
out List <ICertificatePal> readCerts)
{
// DER-PKCS12
OpenSslPkcs12Reader pfx;
if (!OpenSslPkcs12Reader.TryRead(rawData, out pfx))
{
readPal = null;
readCerts = null;
return(false);
}
using (pfx)
{
return(TryReadPkcs12(pfx, password, single, out readPal, out readCerts));
}
}
private static bool TryReadPkcs12(
ReadOnlySpan <byte> rawData,
SafePasswordHandle password,
bool single,
out ICertificatePal?readPal,
out List <ICertificatePal>?readCerts,
out Exception?openSslException)
{
// DER-PKCS12
OpenSslPkcs12Reader?pfx;
if (!OpenSslPkcs12Reader.TryRead(rawData, out pfx, out openSslException))
{
readPal = null;
readCerts = null;
return(false);
}
using (pfx)
{
return(TryReadPkcs12(pfx, password, single, out readPal, out readCerts));
}
}
internal static ICertificatePal FromBio(SafeBioHandle bio, string password)
{
// Try reading the value as: PEM-X509, DER-X509, DER-PKCS12.
int bioPosition = Interop.NativeCrypto.BioTell(bio);
Debug.Assert(bioPosition >= 0);
SafeX509Handle cert = Interop.libcrypto.PEM_read_bio_X509_AUX(bio, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero);
if (cert != null && !cert.IsInvalid)
{
return(new OpenSslX509CertificateReader(cert));
}
// Rewind, try again.
Interop.NativeCrypto.BioSeek(bio, bioPosition);
cert = Interop.NativeCrypto.ReadX509AsDerFromBio(bio);
if (cert != null && !cert.IsInvalid)
{
return(new OpenSslX509CertificateReader(cert));
}
// Rewind, try again.
Interop.NativeCrypto.BioSeek(bio, bioPosition);
OpenSslPkcs12Reader pfx;
if (OpenSslPkcs12Reader.TryRead(bio, out pfx))
{
using (pfx)
{
pfx.Decrypt(password);
ICertificatePal first = null;
foreach (OpenSslX509CertificateReader certPal in pfx.ReadCertificates())
{
// When requesting an X509Certificate2 from a PFX only the first entry is
// returned. Other entries should be disposed.
if (first == null)
{
first = certPal;
}
else
{
certPal.Dispose();
}
}
return(first);
}
}
// Since we aren't going to finish reading, leaving the buffer where it was when we got
// it seems better than leaving it in some arbitrary other position.
//
// But, before seeking back to start, save the Exception representing the last reported
// OpenSSL error in case the last BioSeek would change it.
Exception openSslException = Interop.libcrypto.CreateOpenSslCryptographicException();
Interop.NativeCrypto.BioSeek(bio, bioPosition);
throw openSslException;
}
public X509ContentType GetCertContentType(string fileName)
{
// If we can't open the file, fail right away.
using (SafeBioHandle fileBio = Interop.Crypto.BioNewFile(fileName, "rb"))
{
Interop.Crypto.CheckValidOpenSslHandle(fileBio);
int bioPosition = Interop.Crypto.BioTell(fileBio);
Debug.Assert(bioPosition >= 0);
// X509ContentType.Cert
{
ICertificatePal certPal;
if (OpenSslX509CertificateReader.TryReadX509Der(fileBio, out certPal))
{
certPal.Dispose();
return(X509ContentType.Cert);
}
OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition);
if (OpenSslX509CertificateReader.TryReadX509Pem(fileBio, out certPal))
{
certPal.Dispose();
return(X509ContentType.Cert);
}
OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition);
}
// X509ContentType.Pkcs7
{
if (PkcsFormatReader.IsPkcs7Der(fileBio))
{
return(X509ContentType.Pkcs7);
}
OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition);
if (PkcsFormatReader.IsPkcs7Pem(fileBio))
{
return(X509ContentType.Pkcs7);
}
OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition);
}
// X509ContentType.Pkcs12 (aka PFX)
{
OpenSslPkcs12Reader pkcs12Reader;
if (OpenSslPkcs12Reader.TryRead(fileBio, out pkcs12Reader))
{
pkcs12Reader.Dispose();
return(X509ContentType.Pkcs12);
}
OpenSslX509CertificateReader.RewindBio(fileBio, bioPosition);
}
}
// Unsupported format.
// Windows throws new CryptographicException(CRYPT_E_NO_MATCH)
throw new CryptographicException();
}
public static unsafe ICertificatePal FromBlob(byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
{
// If we can see a hyphen, assume it's PEM. Otherwise try DER-X509, then fall back to DER-PKCS12.
SafeX509Handle cert;
// PEM
if (rawData[0] == '-')
{
using (SafeBioHandle bio = Interop.libcrypto.BIO_new(Interop.libcrypto.BIO_s_mem()))
{
Interop.libcrypto.CheckValidOpenSslHandle(bio);
Interop.libcrypto.BIO_write(bio, rawData, rawData.Length);
cert = Interop.libcrypto.PEM_read_bio_X509_AUX(bio, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero);
}
Interop.libcrypto.CheckValidOpenSslHandle(cert);
return(new OpenSslX509CertificateReader(cert));
}
// DER-X509
cert = Interop.libcrypto.OpenSslD2I((ptr, b, i) => Interop.libcrypto.d2i_X509(ptr, b, i), rawData, checkHandle: false);
if (!cert.IsInvalid)
{
return(new OpenSslX509CertificateReader(cert));
}
// DER-PKCS12
OpenSslPkcs12Reader pfx;
if (OpenSslPkcs12Reader.TryRead(rawData, out pfx))
{
using (pfx)
{
pfx.Decrypt(password);
ICertificatePal first = null;
foreach (OpenSslX509CertificateReader certPal in pfx.ReadCertificates())
{
// When requesting an X509Certificate2 from a PFX only the first entry is
// returned. Other entries should be disposed.
if (first == null)
{
first = certPal;
}
else
{
certPal.Dispose();
}
}
if (first == null)
{
throw new CryptographicException();
}
return(first);
}
}
// Unsupported
throw Interop.libcrypto.CreateOpenSslCryptographicException();
}
