Terraria v1.4.4.9
Terraria source code documentation
Loading...
Searching...
No Matches
X509Certificate2.cs
Go to the documentation of this file.
1using System.Formats.Asn1;
2using System.IO;
3using System.Runtime.Serialization;
4using System.Runtime.Versioning;
5using System.Security.Cryptography.X509Certificates.Asn1;
6using System.Text;
7using Internal.Cryptography;
8using Internal.Cryptography.Pal;
9
10namespace System.Security.Cryptography.X509Certificates;
11
12public class X509Certificate2 : X509Certificate
13{
14 private volatile byte[] _lazyRawData;
15
16 private volatile Oid _lazySignatureAlgorithm;
17
18 private volatile int _lazyVersion;
19
20 private volatile X500DistinguishedName _lazySubjectName;
21
22 private volatile X500DistinguishedName _lazyIssuerName;
23
24 private volatile PublicKey _lazyPublicKey;
25
26 private volatile AsymmetricAlgorithm _lazyPrivateKey;
27
28 private volatile X509ExtensionCollection _lazyExtensions;
29
30 private static readonly string[] s_EcPublicKeyPrivateKeyLabels = new string[2] { "EC PRIVATE KEY", "PRIVATE KEY" };
31
32 private static readonly string[] s_RsaPublicKeyPrivateKeyLabels = new string[2] { "RSA PRIVATE KEY", "PRIVATE KEY" };
33
34 private static readonly string[] s_DsaPublicKeyPrivateKeyLabels = new string[1] { "PRIVATE KEY" };
35
36 internal new ICertificatePal Pal => (ICertificatePal)base.Pal;
37
38 public bool Archived
39 {
40 get
41 {
42 ThrowIfInvalid();
43 return Pal.Archived;
44 }
45 [SupportedOSPlatform("windows")]
46 set
47 {
48 ThrowIfInvalid();
49 Pal.Archived = value;
50 }
51 }
52
78
79 public string FriendlyName
80 {
81 get
82 {
83 ThrowIfInvalid();
84 return Pal.FriendlyName;
85 }
86 [SupportedOSPlatform("windows")]
87 set
88 {
89 ThrowIfInvalid();
90 Pal.FriendlyName = value;
91 }
92 }
93
94 public bool HasPrivateKey
95 {
96 get
97 {
98 ThrowIfInvalid();
99 return Pal.HasPrivateKey;
100 }
101 }
102
103 [Obsolete("X509Certificate2.PrivateKey is obsolete. Use the appropriate method to get the private key, such as GetRSAPrivateKey, or use the CopyWithPrivateKey method to create a new instance with a private key.", DiagnosticId = "SYSLIB0028", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
104 public AsymmetricAlgorithm? PrivateKey
105 {
106 get
107 {
108 ThrowIfInvalid();
109 if (!HasPrivateKey)
110 {
111 return null;
112 }
113 if (_lazyPrivateKey == null)
114 {
115 string keyAlgorithm = GetKeyAlgorithm();
116 AsymmetricAlgorithm lazyPrivateKey;
117 if (!(keyAlgorithm == "1.2.840.113549.1.1.1"))
118 {
119 if (!(keyAlgorithm == "1.2.840.10040.4.1"))
120 {
121 throw new NotSupportedException(System.SR.NotSupported_KeyAlgorithm);
122 }
123 lazyPrivateKey = Pal.GetDSAPrivateKey();
124 }
125 else
126 {
127 lazyPrivateKey = Pal.GetRSAPrivateKey();
128 }
129 _lazyPrivateKey = lazyPrivateKey;
130 }
131 return _lazyPrivateKey;
132 }
133 set
134 {
135 throw new PlatformNotSupportedException();
136 }
137 }
138
139 public X500DistinguishedName IssuerName
140 {
141 get
142 {
143 ThrowIfInvalid();
144 X500DistinguishedName x500DistinguishedName = _lazyIssuerName;
145 if (x500DistinguishedName == null)
146 {
147 x500DistinguishedName = (_lazyIssuerName = Pal.IssuerName);
148 }
149 return x500DistinguishedName;
150 }
151 }
152
153 public DateTime NotAfter => GetNotAfter();
154
155 public DateTime NotBefore => GetNotBefore();
156
157 public PublicKey PublicKey
158 {
159 get
160 {
161 ThrowIfInvalid();
162 PublicKey publicKey = _lazyPublicKey;
163 if (publicKey == null)
164 {
165 string keyAlgorithm = GetKeyAlgorithm();
166 byte[] keyAlgorithmParameters = GetKeyAlgorithmParameters();
167 byte[] publicKey2 = GetPublicKey();
168 Oid oid = new Oid(keyAlgorithm);
169 publicKey = (_lazyPublicKey = new PublicKey(oid, new AsnEncodedData(oid, keyAlgorithmParameters), new AsnEncodedData(oid, publicKey2)));
170 }
171 return publicKey;
172 }
173 }
174
175 public byte[] RawData
176 {
177 get
178 {
179 ThrowIfInvalid();
180 byte[] array = _lazyRawData;
181 if (array == null)
182 {
183 array = (_lazyRawData = Pal.RawData);
184 }
185 return array.CloneByteArray();
186 }
187 }
188
189 public string SerialNumber => GetSerialNumberString();
190
191 public Oid SignatureAlgorithm
192 {
193 get
194 {
195 ThrowIfInvalid();
196 Oid oid = _lazySignatureAlgorithm;
197 if (oid == null)
198 {
199 string signatureAlgorithm = Pal.SignatureAlgorithm;
200 oid = (_lazySignatureAlgorithm = new Oid(signatureAlgorithm, null));
201 }
202 return oid;
203 }
204 }
205
206 public X500DistinguishedName SubjectName
207 {
208 get
209 {
210 ThrowIfInvalid();
211 X500DistinguishedName x500DistinguishedName = _lazySubjectName;
212 if (x500DistinguishedName == null)
213 {
214 x500DistinguishedName = (_lazySubjectName = Pal.SubjectName);
215 }
216 return x500DistinguishedName;
217 }
218 }
219
220 public string Thumbprint => GetCertHashString();
221
222 public int Version
223 {
224 get
225 {
226 ThrowIfInvalid();
227 int num = _lazyVersion;
228 if (num == 0)
229 {
230 num = (_lazyVersion = Pal.Version);
231 }
232 return num;
233 }
234 }
235
236 public override void Reset()
237 {
238 _lazyRawData = null;
239 _lazySignatureAlgorithm = null;
240 _lazyVersion = 0;
241 _lazySubjectName = null;
242 _lazyIssuerName = null;
243 _lazyPublicKey = null;
244 _lazyPrivateKey = null;
245 _lazyExtensions = null;
246 base.Reset();
247 }
248
249 [Obsolete("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
250 public X509Certificate2()
251 {
252 }
253
254 public X509Certificate2(byte[] rawData)
255 : base(rawData)
256 {
257 }
258
259 public X509Certificate2(byte[] rawData, string? password)
260 : base(rawData, password)
261 {
262 }
263
264 [CLSCompliant(false)]
265 public X509Certificate2(byte[] rawData, SecureString? password)
266 : base(rawData, password)
267 {
268 }
269
274
275 [CLSCompliant(false)]
280
285
290
291 public X509Certificate2(IntPtr handle)
292 : base(handle)
293 {
294 }
295
296 internal X509Certificate2(ICertificatePal pal)
297 : base(pal)
298 {
299 }
300
301 public X509Certificate2(string fileName)
302 : base(fileName)
303 {
304 }
305
306 public X509Certificate2(string fileName, string? password)
307 : base(fileName, password)
308 {
309 }
310
311 [CLSCompliant(false)]
316
321
322 [CLSCompliant(false)]
327
332
337
338 protected X509Certificate2(SerializationInfo info, StreamingContext context)
339 : base(info, context)
340 {
341 throw new PlatformNotSupportedException();
342 }
343
344 public static X509ContentType GetCertContentType(byte[] rawData)
345 {
346 if (rawData == null || rawData.Length == 0)
347 {
348 throw new ArgumentException(System.SR.Arg_EmptyOrNullArray, "rawData");
349 }
350 return X509Pal.Instance.GetCertContentType(rawData);
351 }
352
353 public static X509ContentType GetCertContentType(ReadOnlySpan<byte> rawData)
354 {
355 if (rawData.Length == 0)
356 {
357 throw new ArgumentException(System.SR.Arg_EmptyOrNullArray, "rawData");
358 }
359 return X509Pal.Instance.GetCertContentType(rawData);
360 }
361
362 public static X509ContentType GetCertContentType(string fileName)
363 {
364 if (fileName == null)
365 {
366 throw new ArgumentNullException("fileName");
367 }
368 Path.GetFullPath(fileName);
369 return X509Pal.Instance.GetCertContentType(fileName);
370 }
371
372 public string GetNameInfo(X509NameType nameType, bool forIssuer)
373 {
374 return Pal.GetNameInfo(nameType, forIssuer);
375 }
376
377 public override string ToString()
378 {
379 return base.ToString(fVerbose: true);
380 }
381
382 public override string ToString(bool verbose)
383 {
384 if (!verbose || Pal == null)
385 {
386 return ToString();
387 }
388 StringBuilder stringBuilder = new StringBuilder();
389 stringBuilder.AppendLine("[Version]");
390 stringBuilder.Append(" V");
391 stringBuilder.Append(Version);
392 stringBuilder.AppendLine();
393 stringBuilder.AppendLine();
394 stringBuilder.AppendLine("[Subject]");
395 stringBuilder.Append(" ");
396 stringBuilder.Append(SubjectName.Name);
397 string nameInfo = GetNameInfo(X509NameType.SimpleName, forIssuer: false);
398 if (nameInfo.Length > 0)
399 {
400 stringBuilder.AppendLine();
401 stringBuilder.Append(" ");
402 stringBuilder.Append("Simple Name: ");
403 stringBuilder.Append(nameInfo);
404 }
405 string nameInfo2 = GetNameInfo(X509NameType.EmailName, forIssuer: false);
406 if (nameInfo2.Length > 0)
407 {
408 stringBuilder.AppendLine();
409 stringBuilder.Append(" ");
410 stringBuilder.Append("Email Name: ");
411 stringBuilder.Append(nameInfo2);
412 }
413 string nameInfo3 = GetNameInfo(X509NameType.UpnName, forIssuer: false);
414 if (nameInfo3.Length > 0)
415 {
416 stringBuilder.AppendLine();
417 stringBuilder.Append(" ");
418 stringBuilder.Append("UPN Name: ");
419 stringBuilder.Append(nameInfo3);
420 }
421 string nameInfo4 = GetNameInfo(X509NameType.DnsName, forIssuer: false);
422 if (nameInfo4.Length > 0)
423 {
424 stringBuilder.AppendLine();
425 stringBuilder.Append(" ");
426 stringBuilder.Append("DNS Name: ");
427 stringBuilder.Append(nameInfo4);
428 }
429 stringBuilder.AppendLine();
430 stringBuilder.AppendLine();
431 stringBuilder.AppendLine("[Issuer]");
432 stringBuilder.Append(" ");
433 stringBuilder.Append(IssuerName.Name);
434 nameInfo = GetNameInfo(X509NameType.SimpleName, forIssuer: true);
435 if (nameInfo.Length > 0)
436 {
437 stringBuilder.AppendLine();
438 stringBuilder.Append(" ");
439 stringBuilder.Append("Simple Name: ");
440 stringBuilder.Append(nameInfo);
441 }
442 nameInfo2 = GetNameInfo(X509NameType.EmailName, forIssuer: true);
443 if (nameInfo2.Length > 0)
444 {
445 stringBuilder.AppendLine();
446 stringBuilder.Append(" ");
447 stringBuilder.Append("Email Name: ");
448 stringBuilder.Append(nameInfo2);
449 }
450 nameInfo3 = GetNameInfo(X509NameType.UpnName, forIssuer: true);
451 if (nameInfo3.Length > 0)
452 {
453 stringBuilder.AppendLine();
454 stringBuilder.Append(" ");
455 stringBuilder.Append("UPN Name: ");
456 stringBuilder.Append(nameInfo3);
457 }
458 nameInfo4 = GetNameInfo(X509NameType.DnsName, forIssuer: true);
459 if (nameInfo4.Length > 0)
460 {
461 stringBuilder.AppendLine();
462 stringBuilder.Append(" ");
463 stringBuilder.Append("DNS Name: ");
464 stringBuilder.Append(nameInfo4);
465 }
466 stringBuilder.AppendLine();
467 stringBuilder.AppendLine();
468 stringBuilder.AppendLine("[Serial Number]");
469 stringBuilder.Append(" ");
470 stringBuilder.AppendLine(SerialNumber);
471 stringBuilder.AppendLine();
472 stringBuilder.AppendLine("[Not Before]");
473 stringBuilder.Append(" ");
474 stringBuilder.AppendLine(X509Certificate.FormatDate(NotBefore));
475 stringBuilder.AppendLine();
476 stringBuilder.AppendLine("[Not After]");
477 stringBuilder.Append(" ");
478 stringBuilder.AppendLine(X509Certificate.FormatDate(NotAfter));
479 stringBuilder.AppendLine();
480 stringBuilder.AppendLine("[Thumbprint]");
481 stringBuilder.Append(" ");
482 stringBuilder.AppendLine(Thumbprint);
483 stringBuilder.AppendLine();
484 stringBuilder.AppendLine("[Signature Algorithm]");
485 stringBuilder.Append(" ");
486 stringBuilder.Append(SignatureAlgorithm.FriendlyName);
487 stringBuilder.Append('(');
488 stringBuilder.Append(SignatureAlgorithm.Value);
489 stringBuilder.AppendLine(")");
490 stringBuilder.AppendLine();
491 stringBuilder.Append("[Public Key]");
492 try
493 {
494 PublicKey publicKey = PublicKey;
495 stringBuilder.AppendLine();
496 stringBuilder.Append(" ");
497 stringBuilder.Append("Algorithm: ");
498 stringBuilder.Append(publicKey.Oid.FriendlyName);
499 try
500 {
501 stringBuilder.AppendLine();
502 stringBuilder.Append(" ");
503 stringBuilder.Append("Length: ");
504 using RSA rSA = this.GetRSAPublicKey();
505 if (rSA != null)
506 {
507 stringBuilder.Append(rSA.KeySize);
508 }
509 }
510 catch (NotSupportedException)
511 {
512 }
513 stringBuilder.AppendLine();
514 stringBuilder.Append(" ");
515 stringBuilder.Append("Key Blob: ");
516 stringBuilder.AppendLine(publicKey.EncodedKeyValue.Format(multiLine: true));
517 stringBuilder.Append(" ");
518 stringBuilder.Append("Parameters: ");
519 stringBuilder.Append(publicKey.EncodedParameters.Format(multiLine: true));
520 }
521 catch (CryptographicException)
522 {
523 }
524 Pal.AppendPrivateKeyInfo(stringBuilder);
525 X509ExtensionCollection extensions = Extensions;
526 if (extensions.Count > 0)
527 {
528 stringBuilder.AppendLine();
529 stringBuilder.AppendLine();
530 stringBuilder.Append("[Extensions]");
531 foreach (X509Extension item in extensions)
532 {
533 try
534 {
535 stringBuilder.AppendLine();
536 stringBuilder.Append("* ");
537 stringBuilder.Append(item.Oid.FriendlyName);
538 stringBuilder.Append('(');
539 stringBuilder.Append(item.Oid.Value);
540 stringBuilder.Append("):");
541 stringBuilder.AppendLine();
542 stringBuilder.Append(" ");
543 stringBuilder.Append(item.Format(multiLine: true));
544 }
545 catch (CryptographicException)
546 {
547 }
548 }
549 }
550 stringBuilder.AppendLine();
551 return stringBuilder.ToString();
552 }
553
554 [Obsolete("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
555 public override void Import(byte[] rawData)
556 {
557 base.Import(rawData);
558 }
559
560 [Obsolete("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
561 public override void Import(byte[] rawData, string? password, X509KeyStorageFlags keyStorageFlags)
562 {
563 base.Import(rawData, password, keyStorageFlags);
564 }
565
566 [CLSCompliant(false)]
567 [Obsolete("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
568 public override void Import(byte[] rawData, SecureString? password, X509KeyStorageFlags keyStorageFlags)
569 {
570 base.Import(rawData, password, keyStorageFlags);
571 }
572
573 [Obsolete("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
574 public override void Import(string fileName)
575 {
576 base.Import(fileName);
577 }
578
579 [Obsolete("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
580 public override void Import(string fileName, string? password, X509KeyStorageFlags keyStorageFlags)
581 {
582 base.Import(fileName, password, keyStorageFlags);
583 }
584
585 [CLSCompliant(false)]
586 [Obsolete("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
591
592 public bool Verify()
593 {
594 ThrowIfInvalid();
595 using X509Chain x509Chain = new X509Chain();
596 bool result = x509Chain.Build(this, throwOnException: false);
597 for (int i = 0; i < x509Chain.ChainElements.Count; i++)
598 {
599 x509Chain.ChainElements[i].Certificate.Dispose();
600 }
601 return result;
602 }
603
608
613
638
649
660
661 public static X509Certificate2 CreateFromPem(ReadOnlySpan<char> certPem, ReadOnlySpan<char> keyPem)
662 {
663 using X509Certificate2 x509Certificate = CreateFromPem(certPem);
664 string keyAlgorithm = x509Certificate.GetKeyAlgorithm();
665 switch (keyAlgorithm)
666 {
667 case "1.2.840.113549.1.1.1":
668 return ExtractKeyFromPem(keyPem, s_RsaPublicKeyPrivateKeyLabels, RSA.Create, x509Certificate.CopyWithPrivateKey);
669 case "1.2.840.10040.4.1":
670 if (Internal.Cryptography.Helpers.IsDSASupported)
671 {
672 return ExtractKeyFromPem(keyPem, s_DsaPublicKeyPrivateKeyLabels, DSA.Create, x509Certificate.CopyWithPrivateKey);
673 }
674 break;
675 case "1.2.840.10045.2.1":
676 if (IsECDsa(x509Certificate))
677 {
678 return ExtractKeyFromPem(keyPem, s_EcPublicKeyPrivateKeyLabels, ECDsa.Create, x509Certificate.CopyWithPrivateKey);
679 }
680 if (IsECDiffieHellman(x509Certificate))
681 {
682 return ExtractKeyFromPem(keyPem, s_EcPublicKeyPrivateKeyLabels, ECDiffieHellman.Create, x509Certificate.CopyWithPrivateKey);
683 }
684 break;
685 }
686 throw new CryptographicException(System.SR.Format(System.SR.Cryptography_UnknownKeyAlgorithm, keyAlgorithm));
687 }
688
689 public static X509Certificate2 CreateFromEncryptedPem(ReadOnlySpan<char> certPem, ReadOnlySpan<char> keyPem, ReadOnlySpan<char> password)
690 {
691 using X509Certificate2 x509Certificate = CreateFromPem(certPem);
692 string keyAlgorithm = x509Certificate.GetKeyAlgorithm();
693 switch (keyAlgorithm)
694 {
695 case "1.2.840.113549.1.1.1":
696 return ExtractKeyFromEncryptedPem(keyPem, password, RSA.Create, x509Certificate.CopyWithPrivateKey);
697 case "1.2.840.10040.4.1":
698 if (Internal.Cryptography.Helpers.IsDSASupported)
699 {
700 return ExtractKeyFromEncryptedPem(keyPem, password, DSA.Create, x509Certificate.CopyWithPrivateKey);
701 }
702 break;
703 case "1.2.840.10045.2.1":
704 if (IsECDsa(x509Certificate))
705 {
706 return ExtractKeyFromEncryptedPem(keyPem, password, ECDsa.Create, x509Certificate.CopyWithPrivateKey);
707 }
708 if (IsECDiffieHellman(x509Certificate))
709 {
710 return ExtractKeyFromEncryptedPem(keyPem, password, ECDiffieHellman.Create, x509Certificate.CopyWithPrivateKey);
711 }
712 break;
713 }
714 throw new CryptographicException(System.SR.Format(System.SR.Cryptography_UnknownKeyAlgorithm, keyAlgorithm));
715 }
716
717 private static bool IsECDsa(X509Certificate2 certificate)
718 {
719 using ECDsa eCDsa = certificate.GetECDsaPublicKey();
720 return eCDsa != null;
721 }
722
723 private static bool IsECDiffieHellman(X509Certificate2 certificate)
724 {
725 using ECDiffieHellman eCDiffieHellman = certificate.GetECDiffieHellmanPublicKey();
726 return eCDiffieHellman != null;
727 }
728
729 public static X509Certificate2 CreateFromPem(ReadOnlySpan<char> certPem)
730 {
731 PemEnumerator.Enumerator enumerator = new PemEnumerator(certPem).GetEnumerator();
732 while (enumerator.MoveNext())
733 {
734 enumerator.Current.Deconstruct(out var contents, out var pemFields);
735 ReadOnlySpan<char> readOnlySpan = contents;
736 PemFields pemFields2 = pemFields;
737 contents = readOnlySpan;
738 ReadOnlySpan<char> span = contents[pemFields2.Label];
739 if (span.SequenceEqual("CERTIFICATE"))
740 {
741 byte[] array = System.Security.Cryptography.CryptoPool.Rent(pemFields2.DecodedDataLength);
742 contents = readOnlySpan;
743 if (!Convert.TryFromBase64Chars(contents[pemFields2.Base64Data], array, out var bytesWritten) || bytesWritten != pemFields2.DecodedDataLength)
744 {
745 throw new CryptographicException(System.SR.Cryptography_X509_NoPemCertificate);
746 }
747 ReadOnlyMemory<byte> encoded = new ReadOnlyMemory<byte>(array, 0, bytesWritten);
748 try
749 {
750 CertificateAsn.Decode(encoded, AsnEncodingRules.DER);
751 }
752 catch (CryptographicException)
753 {
754 throw new CryptographicException(System.SR.Cryptography_X509_NoPemCertificate);
755 }
756 X509Certificate2 result = new X509Certificate2(encoded.Span);
757 System.Security.Cryptography.CryptoPool.Return(array, 0);
758 return result;
759 }
760 }
761 throw new CryptographicException(System.SR.Cryptography_X509_NoPemCertificate);
762 }
763
764 private static X509Certificate2 ExtractKeyFromPem<TAlg>(ReadOnlySpan<char> keyPem, string[] labels, Func<TAlg> factory, Func<TAlg, X509Certificate2> import) where TAlg : AsymmetricAlgorithm
765 {
766 PemEnumerator.Enumerator enumerator = new PemEnumerator(keyPem).GetEnumerator();
767 while (enumerator.MoveNext())
768 {
769 enumerator.Current.Deconstruct(out var contents, out var pemFields);
770 ReadOnlySpan<char> readOnlySpan = contents;
771 PemFields pemFields2 = pemFields;
772 contents = readOnlySpan;
773 ReadOnlySpan<char> span = contents[pemFields2.Label];
774 foreach (string text in labels)
775 {
776 if (span.SequenceEqual(text))
777 {
778 TAlg val = factory();
779 contents = readOnlySpan;
780 val.ImportFromPem(contents[pemFields2.Location]);
781 try
782 {
783 return import(val);
784 }
785 catch (ArgumentException inner)
786 {
787 throw new CryptographicException(System.SR.Cryptography_X509_NoOrMismatchedPemKey, inner);
788 }
789 }
790 }
791 }
792 throw new CryptographicException(System.SR.Cryptography_X509_NoOrMismatchedPemKey);
793 }
794
795 private static X509Certificate2 ExtractKeyFromEncryptedPem<TAlg>(ReadOnlySpan<char> keyPem, ReadOnlySpan<char> password, Func<TAlg> factory, Func<TAlg, X509Certificate2> import) where TAlg : AsymmetricAlgorithm
796 {
797 PemEnumerator.Enumerator enumerator = new PemEnumerator(keyPem).GetEnumerator();
798 while (enumerator.MoveNext())
799 {
800 enumerator.Current.Deconstruct(out var contents, out var pemFields);
801 ReadOnlySpan<char> readOnlySpan = contents;
802 PemFields pemFields2 = pemFields;
803 contents = readOnlySpan;
804 ReadOnlySpan<char> span = contents[pemFields2.Label];
805 if (span.SequenceEqual("ENCRYPTED PRIVATE KEY"))
806 {
807 TAlg val = factory();
808 contents = readOnlySpan;
809 val.ImportFromEncryptedPem(contents[pemFields2.Location], password);
810 try
811 {
812 return import(val);
813 }
814 catch (ArgumentException inner)
815 {
816 throw new CryptographicException(System.SR.Cryptography_X509_NoOrMismatchedPemKey, inner);
817 }
818 }
819 }
820 throw new CryptographicException(System.SR.Cryptography_X509_NoOrMismatchedPemKey);
821 }
822
823 private static X509Extension CreateCustomExtensionIfAny(Oid oid)
824 {
825 return oid.Value switch
826 {
827 "2.5.29.10" => X509Pal.Instance.SupportsLegacyBasicConstraintsExtension ? new X509BasicConstraintsExtension() : null,
828 "2.5.29.19" => new X509BasicConstraintsExtension(),
829 "2.5.29.15" => new X509KeyUsageExtension(),
830 "2.5.29.37" => new X509EnhancedKeyUsageExtension(),
831 "2.5.29.14" => new X509SubjectKeyIdentifierExtension(),
832 _ => null,
833 };
834 }
835
836 private static bool HasECDiffieHellmanKeyUsage(X509Certificate2 certificate)
837 {
838 foreach (X509Extension extension in certificate.Extensions)
839 {
840 if (extension.Oid?.Value == "2.5.29.15" && extension is X509KeyUsageExtension x509KeyUsageExtension)
841 {
842 return (x509KeyUsageExtension.KeyUsages & X509KeyUsageFlags.KeyAgreement) != 0;
843 }
844 }
845 return true;
846 }
847}
Internal.Cryptography.Helpers.AreSamePublicECParameters
static bool AreSamePublicECParameters(ECParameters aParameters, ECParameters bParameters)
Definition Helpers.cs:194
System.Convert.TryFromBase64Chars
static bool TryFromBase64Chars(ReadOnlySpan< char > chars, Span< byte > bytes, out int bytesWritten)
Definition Convert.cs:2925
System.IO.File.ReadAllText
static string ReadAllText(string path)
Definition File.cs:246
System.IO.Path.GetFullPath
static string GetFullPath(string path)
Definition Path.cs:881
System.SR.Cryptography_X509_NoOrMismatchedPemKey
static string Cryptography_X509_NoOrMismatchedPemKey
Definition SR.cs:106
System.SR.Format
static string Format(string resourceFormat, object p1)
Definition SR.cs:118
System.SR.NotSupported_KeyAlgorithm
static string NotSupported_KeyAlgorithm
Definition SR.cs:114
System.SR.Cryptography_X509_NoPemCertificate
static string Cryptography_X509_NoPemCertificate
Definition SR.cs:104
System.SR.Cryptography_Cert_AlreadyHasPrivateKey
static string Cryptography_Cert_AlreadyHasPrivateKey
Definition SR.cs:40
System.SR.Cryptography_UnknownKeyAlgorithm
static string Cryptography_UnknownKeyAlgorithm
Definition SR.cs:90
System.SR.Cryptography_PrivateKey_WrongAlgorithm
static string Cryptography_PrivateKey_WrongAlgorithm
Definition SR.cs:86
System.SR.Cryptography_PrivateKey_DoesNotMatch
static string Cryptography_PrivateKey_DoesNotMatch
Definition SR.cs:84
System.SR.Arg_EmptyOrNullArray
static string Arg_EmptyOrNullArray
Definition SR.cs:14
System.SR
Definition SR.cs:7
System.Security.Cryptography.CryptoPool.Return
static void Return(byte[] array, int clearSize=-1)
Definition CryptoPool.cs:12
System.Security.Cryptography.CryptoPool.Rent
static byte[] Rent(int minimumLength)
Definition CryptoPool.cs:7
System.Security.Cryptography.DSA.Create
static new? DSA Create(string algName)
Definition DSA.cs:19
System.Security.Cryptography.ECDiffieHellman.Create
static new? ECDiffieHellman Create(string algorithm)
Definition ECDiffieHellman.cs:20
System.Security.Cryptography.ECDsa.Create
static new? ECDsa Create(string algorithm)
Definition ECDsa.cs:20
System.Security.Cryptography.RSA.Create
static new? RSA Create(string algName)
Definition RSA.cs:21
System.Security.Cryptography.X509Certificates.X509Certificate2.HasECDiffieHellmanKeyUsage
static bool HasECDiffieHellmanKeyUsage(X509Certificate2 certificate)
Definition X509Certificate2.cs:836
System.Security.Cryptography.X509Certificates.X509Certificate2.CreateFromPem
static X509Certificate2 CreateFromPem(ReadOnlySpan< char > certPem, ReadOnlySpan< char > keyPem)
Definition X509Certificate2.cs:661
System.Security.Cryptography.X509Certificates.X509Certificate2.CreateFromPemFile
static X509Certificate2 CreateFromPemFile(string certPemFilePath, string? keyPemFilePath=null)
Definition X509Certificate2.cs:639
System.Security.Cryptography.X509Certificates.X509Certificate2.CreateFromEncryptedPem
static X509Certificate2 CreateFromEncryptedPem(ReadOnlySpan< char > certPem, ReadOnlySpan< char > keyPem, ReadOnlySpan< char > password)
Definition X509Certificate2.cs:689
System.Security.Cryptography.X509Certificates.X509Certificate2.Import
override void Import(byte[] rawData, string? password, X509KeyStorageFlags keyStorageFlags)
Definition X509Certificate2.cs:561
System.Security.Cryptography.X509Certificates.X509Certificate2.X509Certificate2
X509Certificate2(string fileName, SecureString? password, X509KeyStorageFlags keyStorageFlags)
Definition X509Certificate2.cs:323
System.Security.Cryptography.X509Certificates.X509Certificate2.X509Certificate2
X509Certificate2(string fileName, ReadOnlySpan< char > password, X509KeyStorageFlags keyStorageFlags=X509KeyStorageFlags.DefaultKeySet)
Definition X509Certificate2.cs:328
System.Security.Cryptography.X509Certificates.X509Certificate2.X509Certificate2
X509Certificate2(SerializationInfo info, StreamingContext context)
Definition X509Certificate2.cs:338
System.Security.Cryptography.X509Certificates.X509Certificate2.Import
override void Import(string fileName, string? password, X509KeyStorageFlags keyStorageFlags)
Definition X509Certificate2.cs:580
System.Security.Cryptography.X509Certificates.X509Certificate2.GetCertContentType
static X509ContentType GetCertContentType(ReadOnlySpan< byte > rawData)
Definition X509Certificate2.cs:353
System.Security.Cryptography.X509Certificates.X509Certificate2.Import
override void Import(byte[] rawData, SecureString? password, X509KeyStorageFlags keyStorageFlags)
Definition X509Certificate2.cs:568
System.Security.Cryptography.X509Certificates.X509Certificate2.X509Certificate2
X509Certificate2(string fileName, string? password, X509KeyStorageFlags keyStorageFlags)
Definition X509Certificate2.cs:317
System.Security.Cryptography.X509Certificates.X509Certificate2.Import
override void Import(string fileName, SecureString? password, X509KeyStorageFlags keyStorageFlags)
Definition X509Certificate2.cs:587
System.Security.Cryptography.X509Certificates.X509Certificate2.X509Certificate2
X509Certificate2(byte[] rawData, string? password, X509KeyStorageFlags keyStorageFlags)
Definition X509Certificate2.cs:270
System.Security.Cryptography.X509Certificates.X509Certificate2.CopyWithPrivateKey
X509Certificate2 CopyWithPrivateKey(ECDiffieHellman privateKey)
Definition X509Certificate2.cs:614
System.Security.Cryptography.X509Certificates.X509Certificate2.X509Certificate2
X509Certificate2(string fileName, SecureString? password)
Definition X509Certificate2.cs:312
System.Security.Cryptography.X509Certificates.X509Certificate2.ExtractKeyFromEncryptedPem< TAlg >
static X509Certificate2 ExtractKeyFromEncryptedPem< TAlg >(ReadOnlySpan< char > keyPem, ReadOnlySpan< char > password, Func< TAlg > factory, Func< TAlg, X509Certificate2 > import)
Definition X509Certificate2.cs:795
System.Security.Cryptography.X509Certificates.X509Certificate2.X509Certificate2
X509Certificate2(ReadOnlySpan< byte > rawData, ReadOnlySpan< char > password, X509KeyStorageFlags keyStorageFlags=X509KeyStorageFlags.DefaultKeySet)
Definition X509Certificate2.cs:286
System.Security.Cryptography.X509Certificates.X509Certificate2.X509Certificate2
X509Certificate2(byte[] rawData, SecureString? password, X509KeyStorageFlags keyStorageFlags)
Definition X509Certificate2.cs:276
System.Security.Cryptography.X509Certificates.X509Certificate2.ExtractKeyFromPem< TAlg >
static X509Certificate2 ExtractKeyFromPem< TAlg >(ReadOnlySpan< char > keyPem, string[] labels, Func< TAlg > factory, Func< TAlg, X509Certificate2 > import)
Definition X509Certificate2.cs:764
System.Security.Cryptography.X509Certificates.X509Certificate2.CreateFromPem
static X509Certificate2 CreateFromPem(ReadOnlySpan< char > certPem)
Definition X509Certificate2.cs:729
System.Security.Cryptography.X509Certificates.X509Certificate2.CreateFromEncryptedPemFile
static X509Certificate2 CreateFromEncryptedPemFile(string certPemFilePath, ReadOnlySpan< char > password, string? keyPemFilePath=null)
Definition X509Certificate2.cs:650
System.Security.Cryptography.X509Certificates.X509Certificate2.GetNameInfo
string GetNameInfo(X509NameType nameType, bool forIssuer)
Definition X509Certificate2.cs:372
System.Security.Cryptography.X509Certificates.X509Certificate2.IsECDiffieHellman
static bool IsECDiffieHellman(X509Certificate2 certificate)
Definition X509Certificate2.cs:723
Internal.Cryptography.ICertificatePal.CopyWithPrivateKey
ICertificatePal CopyWithPrivateKey(DSA privateKey)
Internal.Cryptography.PemEnumerator.Enumerator.PemFieldItem.Deconstruct
void Deconstruct(out ReadOnlySpan< char > contents, out PemFields pemFields)
Definition PemEnumerator.cs:22
System.Security.Cryptography.X509Certificates.Asn1.CertificateAsn.Decode
static CertificateAsn Decode(ReadOnlyMemory< byte > encoded, AsnEncodingRules ruleSet)
Definition CertificateAsn.cs:28