1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
|
/*
* Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License
*/
using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using static Interop;
namespace Tizen.Security.SecureRepository
{
/// <summary>
/// Class that represents a PKCS#12 contents.
/// It has a private key or its certificate or all the members of a chain of trust.
/// </summary>
public class Pkcs12 : SafeHandle
{
/// <summary>
/// Load Pkcs12 from the given PKCS#12 file path.
/// </summary>
/// <param name="filePath">The path of PKCS12 file to be loaded.</param>
/// <param name="filePassword">The passphrase used to decrypt the PCKS12 file.
/// If PKCS12 file is not encrypted, passphrase can be null.</param>
/// <exception cref="ArgumentException">filePath is null.</exception>
/// <exception cref="InvalidOperationException">
/// No file on filePath.
/// No permission to access file.
/// File is invalid PKCS12 format.
/// File cannot be extracted with provided filePassword.
/// </exception>
static public Pkcs12 Load(string filePath, string filePassword)
{
IntPtr ptr = new IntPtr();
int ret = Interop.CkmcTypes.Pkcs12Load(filePath, filePassword, out ptr);
Interop.CheckNThrowException(ret, "Failed to load PKCS12. file=" + filePath);
return new Pkcs12(ptr);
}
/// <summary>
/// A constructor of Key that takes a private key.
/// </summary>
/// <param name="privateKey">A private key.</param>
public Pkcs12(Key privateKey) : base(IntPtr.Zero, true)
{
this.SetHandle(IntPtr.Zero);
this.PrivateKey = privateKey;
this.Certificate = null;
this.CaChain = null;
}
/// <summary>
/// A constructor of Key that takes a private key, its corresponding certicate, and CA's certificate chain.
/// </summary>
/// <param name="privateKey">A private key.</param>
/// <param name="certificate">A certificate corresponding the private key</param>
/// <param name="caChain">A certificate chain of CA(Certificate Authority) that issued the certificate.</param>
public Pkcs12(Key privateKey, Certificate certificate, IEnumerable<Certificate> caChain) : base(IntPtr.Zero, true)
{
this.SetHandle(IntPtr.Zero);
this.PrivateKey = privateKey;
this.Certificate = certificate;
this.CaChain = caChain;
}
internal Pkcs12(IntPtr ptrCkmcPkcs12, bool ownsHandle = true) : base(IntPtr.Zero, ownsHandle)
{
this.SetHandle(ptrCkmcPkcs12);
CkmcPkcs12 ckmcPkcs12 = Marshal.PtrToStructure<CkmcPkcs12>(handle);
this.PrivateKey = new Key(ckmcPkcs12.privateKey, false);
if (ckmcPkcs12.certificate != IntPtr.Zero)
this.Certificate = new Certificate(ckmcPkcs12.certificate, false);
if (ckmcPkcs12.caChain != IntPtr.Zero)
this.CaChain = new SafeCertificateListHandle(ckmcPkcs12.caChain, false).Certificates;
}
internal IntPtr GetHandle()
{
if (this.PrivateKey == null)
return IntPtr.Zero;
IntPtr keyPtr = this.PrivateKey.GetHandle();
IntPtr certPtr = this.Certificate != null ?
this.Certificate.GetHandle() : IntPtr.Zero;
if (this.handle == IntPtr.Zero)
{
var caCerts = new SafeCertificateListHandle(this.CaChain);
int ret = Interop.CkmcTypes.Pkcs12New(keyPtr,
certPtr,
caCerts.ToCkmcCertificateListPtr(),
out this.handle);
Interop.CheckNThrowException(ret, "Failed to create pkcs12");
}
return this.handle;
}
/// <summary>
/// A private key.
/// </summary>
public Key PrivateKey
{
get; set;
}
/// <summary>
/// A certificate corresponding the private key.
/// </summary>
public Certificate Certificate
{
get; set;
}
/// <summary>
/// A certificate chain of CA(Certificate Authority) that issued the certificate.
/// </summary>
public IEnumerable<Certificate> CaChain
{
get; set;
}
internal CkmcPkcs12 ToCkmcPkcs12()
{
SafeCertificateListHandle ckmcCaCerts = new SafeCertificateListHandle(CaChain);
return new Interop.CkmcPkcs12(PrivateKey.GetHandle(),
Certificate.GetHandle(),
ckmcCaCerts.ToCkmcCertificateListPtr());
}
/// <summary>
/// Gets a value that indicates whether the handle is invalid.
/// </summary>
public override bool IsInvalid
{
get { return handle == IntPtr.Zero; }
}
/// <summary>
/// When overridden in a derived class, executes the code required to free the handle.
/// </summary>
/// <returns>true if the handle is released successfully</returns>
protected override bool ReleaseHandle()
{
if (IsInvalid) // do not release
return true;
Interop.CkmcTypes.Pkcs12Free(handle);
this.SetHandle(IntPtr.Zero);
return true;
}
}
}
|
