internal static AppleCertificatePal ImportPkcs12(UnixPkcs12Reader.CertAndKey certAndKey) { AppleCertificatePal pal = (AppleCertificatePal)certAndKey.Cert !; if (certAndKey.Key != null) { AppleCertificateExporter exporter = new AppleCertificateExporter(new TempExportPal(pal), certAndKey.Key); byte[] smallPfx = exporter.Export(X509ContentType.Pkcs12, s_passwordExportHandle) !; SafeSecIdentityHandle identityHandle; SafeSecCertificateHandle certHandle = Interop.AppleCrypto.X509ImportCertificate( smallPfx, X509ContentType.Pkcs12, s_passwordExportHandle, out identityHandle); if (identityHandle.IsInvalid) { identityHandle.Dispose(); return(new AppleCertificatePal(certHandle)); } certHandle.Dispose(); return(new AppleCertificatePal(identityHandle)); } return(pal); }
private static ICertificatePal ReadPkcs12(ReadOnlySpan <byte> rawData, SafePasswordHandle password) { using (var reader = new AndroidPkcs12Reader(rawData)) { reader.Decrypt(password); UnixPkcs12Reader.CertAndKey certAndKey = reader.GetSingleCert(); AndroidCertificatePal pal = (AndroidCertificatePal)certAndKey.Cert !; if (certAndKey.Key != null) { pal.SetPrivateKey(AndroidPkcs12Reader.GetPrivateKey(certAndKey.Key)); } return(pal); } }
private static AppleCertificatePal ImportPkcs12( ReadOnlySpan <byte> rawData, SafePasswordHandle password, bool exportable, SafeKeychainHandle keychain) { using (ApplePkcs12Reader reader = new ApplePkcs12Reader(rawData)) { reader.Decrypt(password, ephemeralSpecified: false); UnixPkcs12Reader.CertAndKey certAndKey = reader.GetSingleCert(); AppleCertificatePal pal = (AppleCertificatePal)certAndKey.Cert !; SafeSecKeyRefHandle?safeSecKeyRefHandle = ApplePkcs12Reader.GetPrivateKey(certAndKey.Key); AppleCertificatePal?newPal; using (safeSecKeyRefHandle) { // SecItemImport doesn't seem to respect non-exportable import for PKCS#8, // only PKCS#12. // // So, as part of reading this PKCS#12 we now need to write the minimum // PKCS#12 in a normalized form, and ask the OS to import it. if (!exportable && safeSecKeyRefHandle != null) { using (pal) { return(ImportPkcs12NonExportable(pal, safeSecKeyRefHandle, password, keychain)); } } newPal = pal.MoveToKeychain(keychain, safeSecKeyRefHandle); if (newPal != null) { pal.Dispose(); } } // If no new PAL came back, it means we moved the cert, but had no private key. return(newPal ?? pal); } }
private static bool TryReadPkcs12( OpenSslPkcs12Reader pfx, SafePasswordHandle password, bool single, bool ephemeralSpecified, out ICertificatePal?readPal, out List <ICertificatePal>?readCerts) { pfx.Decrypt(password, ephemeralSpecified); if (single) { UnixPkcs12Reader.CertAndKey certAndKey = pfx.GetSingleCert(); OpenSslX509CertificateReader pal = (OpenSslX509CertificateReader)certAndKey.Cert !; if (certAndKey.Key != null) { pal.SetPrivateKey(OpenSslPkcs12Reader.GetPrivateKey(certAndKey.Key)); } readPal = pal; readCerts = null; return(true); } readPal = null; List <ICertificatePal> certs = new List <ICertificatePal>(pfx.GetCertCount()); foreach (UnixPkcs12Reader.CertAndKey certAndKey in pfx.EnumerateAll()) { OpenSslX509CertificateReader pal = (OpenSslX509CertificateReader)certAndKey.Cert !; if (certAndKey.Key != null) { pal.SetPrivateKey(OpenSslPkcs12Reader.GetPrivateKey(certAndKey.Key)); } certs.Add(pal); } readCerts = certs; return(true); }