add all
This commit is contained in:
600
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/security/JksStore.cs
vendored
Normal file
600
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/security/JksStore.cs
vendored
Normal file
@@ -0,0 +1,600 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Text;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1.Pkcs;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1.X509;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Crypto.IO;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Pkcs;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities.Collections;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities.Date;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities.IO;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.X509;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.Security
|
||||
{
|
||||
public class JksStore
|
||||
{
|
||||
private static readonly int Magic = unchecked((int)0xFEEDFEED);
|
||||
|
||||
private static readonly AlgorithmIdentifier JksObfuscationAlg = new AlgorithmIdentifier(
|
||||
new DerObjectIdentifier("1.3.6.1.4.1.42.2.17.1.1"), DerNull.Instance);
|
||||
|
||||
private readonly Dictionary<string, JksTrustedCertEntry> m_certificateEntries =
|
||||
new Dictionary<string, JksTrustedCertEntry>(StringComparer.OrdinalIgnoreCase);
|
||||
private readonly Dictionary<string, JksKeyEntry> m_keyEntries =
|
||||
new Dictionary<string, JksKeyEntry>(StringComparer.OrdinalIgnoreCase);
|
||||
|
||||
public JksStore()
|
||||
{
|
||||
}
|
||||
|
||||
/// <exception cref="IOException"/>
|
||||
public bool Probe(Stream stream)
|
||||
{
|
||||
using (var br = new BinaryReader(stream))
|
||||
try
|
||||
{
|
||||
return Magic == BinaryReaders.ReadInt32BigEndian(br);
|
||||
}
|
||||
catch (EndOfStreamException)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/// <exception cref="IOException"/>
|
||||
public AsymmetricKeyParameter GetKey(string alias, char[] password)
|
||||
{
|
||||
if (alias == null)
|
||||
throw new ArgumentNullException(nameof(alias));
|
||||
if (password == null)
|
||||
throw new ArgumentNullException(nameof(password));
|
||||
|
||||
if (!m_keyEntries.TryGetValue(alias, out JksKeyEntry keyEntry))
|
||||
return null;
|
||||
|
||||
if (!JksObfuscationAlg.Equals(keyEntry.keyData.EncryptionAlgorithm))
|
||||
throw new IOException("unknown encryption algorithm");
|
||||
|
||||
byte[] encryptedData = keyEntry.keyData.GetEncryptedData();
|
||||
|
||||
// key length is encryptedData - salt - checksum
|
||||
int pkcs8Len = encryptedData.Length - 40;
|
||||
|
||||
IDigest digest = DigestUtilities.GetDigest("SHA-1");
|
||||
|
||||
// key decryption
|
||||
byte[] keyStream = CalculateKeyStream(digest, password, encryptedData, pkcs8Len);
|
||||
byte[] pkcs8Key = new byte[pkcs8Len];
|
||||
for (int i = 0; i < pkcs8Len; ++i)
|
||||
{
|
||||
pkcs8Key[i] = (byte)(encryptedData[20 + i] ^ keyStream[i]);
|
||||
}
|
||||
Array.Clear(keyStream, 0, keyStream.Length);
|
||||
|
||||
// integrity check
|
||||
byte[] checksum = GetKeyChecksum(digest, password, pkcs8Key);
|
||||
|
||||
if (!Arrays.ConstantTimeAreEqual(20, encryptedData, pkcs8Len + 20, checksum, 0))
|
||||
throw new IOException("cannot recover key");
|
||||
|
||||
return PrivateKeyFactory.CreateKey(pkcs8Key);
|
||||
}
|
||||
|
||||
private byte[] GetKeyChecksum(IDigest digest, char[] password, byte[] pkcs8Key)
|
||||
{
|
||||
AddPassword(digest, password);
|
||||
|
||||
return DigestUtilities.DoFinal(digest, pkcs8Key);
|
||||
}
|
||||
|
||||
private byte[] CalculateKeyStream(IDigest digest, char[] password, byte[] salt, int count)
|
||||
{
|
||||
byte[] keyStream = new byte[count];
|
||||
byte[] hash = Arrays.CopyOf(salt, 20);
|
||||
|
||||
int index = 0;
|
||||
while (index < count)
|
||||
{
|
||||
AddPassword(digest, password);
|
||||
|
||||
digest.BlockUpdate(hash, 0, hash.Length);
|
||||
digest.DoFinal(hash, 0);
|
||||
|
||||
int length = System.Math.Min(hash.Length, keyStream.Length - index);
|
||||
Array.Copy(hash, 0, keyStream, index, length);
|
||||
index += length;
|
||||
}
|
||||
|
||||
return keyStream;
|
||||
}
|
||||
|
||||
public X509Certificate[] GetCertificateChain(string alias)
|
||||
{
|
||||
if (m_keyEntries.TryGetValue(alias, out var keyEntry))
|
||||
return CloneChain(keyEntry.chain);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
public X509Certificate GetCertificate(string alias)
|
||||
{
|
||||
if (m_certificateEntries.TryGetValue(alias, out var certEntry))
|
||||
return certEntry.cert;
|
||||
|
||||
if (m_keyEntries.TryGetValue(alias, out var keyEntry))
|
||||
return keyEntry.chain?[0];
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
public DateTime? GetCreationDate(string alias)
|
||||
{
|
||||
if (m_certificateEntries.TryGetValue(alias, out var certEntry))
|
||||
return certEntry.date;
|
||||
|
||||
if (m_keyEntries.TryGetValue(alias, out var keyEntry))
|
||||
return keyEntry.date;
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
/// <exception cref="IOException"/>
|
||||
public void SetKeyEntry(string alias, AsymmetricKeyParameter key, char[] password, X509Certificate[] chain)
|
||||
{
|
||||
alias = ConvertAlias(alias);
|
||||
|
||||
if (ContainsAlias(alias))
|
||||
throw new IOException("alias [" + alias + "] already in use");
|
||||
|
||||
byte[] pkcs8Key = PrivateKeyInfoFactory.CreatePrivateKeyInfo(key).GetEncoded();
|
||||
byte[] protectedKey = new byte[pkcs8Key.Length + 40];
|
||||
|
||||
SecureRandom rnd = CryptoServicesRegistrar.GetSecureRandom();
|
||||
rnd.NextBytes(protectedKey, 0, 20);
|
||||
|
||||
IDigest digest = DigestUtilities.GetDigest("SHA-1");
|
||||
|
||||
byte[] checksum = GetKeyChecksum(digest, password, pkcs8Key);
|
||||
Array.Copy(checksum, 0, protectedKey, 20 + pkcs8Key.Length, 20);
|
||||
|
||||
byte[] keyStream = CalculateKeyStream(digest, password, protectedKey, pkcs8Key.Length);
|
||||
for (int i = 0; i != keyStream.Length; i++)
|
||||
{
|
||||
protectedKey[20 + i] = (byte)(pkcs8Key[i] ^ keyStream[i]);
|
||||
}
|
||||
Array.Clear(keyStream, 0, keyStream.Length);
|
||||
|
||||
try
|
||||
{
|
||||
var epki = new EncryptedPrivateKeyInfo(JksObfuscationAlg, protectedKey);
|
||||
m_keyEntries.Add(alias, new JksKeyEntry(DateTime.UtcNow, epki.GetEncoded(), CloneChain(chain)));
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
throw new IOException("unable to encode encrypted private key", e);
|
||||
}
|
||||
}
|
||||
|
||||
/// <exception cref="IOException"/>
|
||||
public void SetKeyEntry(string alias, byte[] key, X509Certificate[] chain)
|
||||
{
|
||||
alias = ConvertAlias(alias);
|
||||
|
||||
if (ContainsAlias(alias))
|
||||
throw new IOException("alias [" + alias + "] already in use");
|
||||
|
||||
m_keyEntries.Add(alias, new JksKeyEntry(DateTime.UtcNow, key, CloneChain(chain)));
|
||||
}
|
||||
|
||||
/// <exception cref="IOException"/>
|
||||
public void SetCertificateEntry(string alias, X509Certificate cert)
|
||||
{
|
||||
alias = ConvertAlias(alias);
|
||||
|
||||
if (ContainsAlias(alias))
|
||||
throw new IOException("alias [" + alias + "] already in use");
|
||||
|
||||
m_certificateEntries.Add(alias, new JksTrustedCertEntry(DateTime.UtcNow, cert));
|
||||
}
|
||||
|
||||
public void DeleteEntry(string alias)
|
||||
{
|
||||
if (!m_keyEntries.Remove(alias))
|
||||
{
|
||||
m_certificateEntries.Remove(alias);
|
||||
}
|
||||
}
|
||||
|
||||
public IEnumerable<string> Aliases
|
||||
{
|
||||
get
|
||||
{
|
||||
var aliases = new HashSet<string>(m_certificateEntries.Keys);
|
||||
aliases.UnionWith(m_keyEntries.Keys);
|
||||
return CollectionUtilities.Proxy(aliases);
|
||||
}
|
||||
}
|
||||
|
||||
public bool ContainsAlias(string alias)
|
||||
{
|
||||
return IsCertificateEntry(alias) || IsKeyEntry(alias);
|
||||
}
|
||||
|
||||
public int Count
|
||||
{
|
||||
get { return m_certificateEntries.Count + m_keyEntries.Count; }
|
||||
}
|
||||
|
||||
public bool IsKeyEntry(string alias)
|
||||
{
|
||||
return m_keyEntries.ContainsKey(alias);
|
||||
}
|
||||
|
||||
public bool IsCertificateEntry(string alias)
|
||||
{
|
||||
return m_certificateEntries.ContainsKey(alias);
|
||||
}
|
||||
|
||||
public string GetCertificateAlias(X509Certificate cert)
|
||||
{
|
||||
foreach (var entry in m_certificateEntries)
|
||||
{
|
||||
if (entry.Value.cert.Equals(cert))
|
||||
return entry.Key;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/// <exception cref="IOException"/>
|
||||
public void Save(Stream stream, char[] password)
|
||||
{
|
||||
if (stream == null)
|
||||
throw new ArgumentNullException(nameof(stream));
|
||||
if (password == null)
|
||||
throw new ArgumentNullException(nameof(password));
|
||||
|
||||
IDigest checksumDigest = CreateChecksumDigest(password);
|
||||
BinaryWriter bw = new BinaryWriter(new DigestStream(stream, null, checksumDigest));
|
||||
|
||||
BinaryWriters.WriteInt32BigEndian(bw, Magic);
|
||||
BinaryWriters.WriteInt32BigEndian(bw, 2);
|
||||
|
||||
BinaryWriters.WriteInt32BigEndian(bw, Count);
|
||||
|
||||
foreach (var entry in m_keyEntries)
|
||||
{
|
||||
string alias = entry.Key;
|
||||
JksKeyEntry keyEntry = entry.Value;
|
||||
|
||||
BinaryWriters.WriteInt32BigEndian(bw, 1);
|
||||
WriteUtf(bw, alias);
|
||||
WriteDateTime(bw, keyEntry.date);
|
||||
WriteBufferWithInt32Length(bw, keyEntry.keyData.GetEncoded());
|
||||
|
||||
X509Certificate[] chain = keyEntry.chain;
|
||||
int chainLength = chain == null ? 0 : chain.Length;
|
||||
BinaryWriters.WriteInt32BigEndian(bw, chainLength);
|
||||
for (int i = 0; i < chainLength; ++i)
|
||||
{
|
||||
WriteTypedCertificate(bw, chain[i]);
|
||||
}
|
||||
}
|
||||
|
||||
foreach (var entry in m_certificateEntries)
|
||||
{
|
||||
string alias = entry.Key;
|
||||
JksTrustedCertEntry certEntry = entry.Value;
|
||||
|
||||
BinaryWriters.WriteInt32BigEndian(bw, 2);
|
||||
WriteUtf(bw, alias);
|
||||
WriteDateTime(bw, certEntry.date);
|
||||
WriteTypedCertificate(bw, certEntry.cert);
|
||||
}
|
||||
|
||||
byte[] checksum = DigestUtilities.DoFinal(checksumDigest);
|
||||
bw.Write(checksum);
|
||||
bw.Flush();
|
||||
}
|
||||
|
||||
/// <exception cref="IOException"/>
|
||||
public void Load(Stream stream, char[] password)
|
||||
{
|
||||
if (stream == null)
|
||||
throw new ArgumentNullException(nameof(stream));
|
||||
|
||||
m_certificateEntries.Clear();
|
||||
m_keyEntries.Clear();
|
||||
|
||||
using (var storeStream = ValidateStream(stream, password))
|
||||
{
|
||||
BinaryReader br = new BinaryReader(storeStream);
|
||||
|
||||
int magic = BinaryReaders.ReadInt32BigEndian(br);
|
||||
int storeVersion = BinaryReaders.ReadInt32BigEndian(br);
|
||||
|
||||
if (!(magic == Magic && (storeVersion == 1 || storeVersion == 2)))
|
||||
throw new IOException("Invalid keystore format");
|
||||
|
||||
int numEntries = BinaryReaders.ReadInt32BigEndian(br);
|
||||
|
||||
for (int t = 0; t < numEntries; t++)
|
||||
{
|
||||
int tag = BinaryReaders.ReadInt32BigEndian(br);
|
||||
|
||||
switch (tag)
|
||||
{
|
||||
case 1: // keys
|
||||
{
|
||||
string alias = ReadUtf(br);
|
||||
DateTime date = ReadDateTime(br);
|
||||
|
||||
// encrypted key data
|
||||
byte[] keyData = ReadBufferWithInt32Length(br);
|
||||
|
||||
// certificate chain
|
||||
int chainLength = BinaryReaders.ReadInt32BigEndian(br);
|
||||
X509Certificate[] chain = null;
|
||||
if (chainLength > 0)
|
||||
{
|
||||
var certs = new List<X509Certificate>(System.Math.Min(10, chainLength));
|
||||
for (int certNo = 0; certNo != chainLength; certNo++)
|
||||
{
|
||||
certs.Add(ReadTypedCertificate(br, storeVersion));
|
||||
}
|
||||
chain = certs.ToArray();
|
||||
}
|
||||
m_keyEntries.Add(alias, new JksKeyEntry(date, keyData, chain));
|
||||
break;
|
||||
}
|
||||
case 2: // certificate
|
||||
{
|
||||
string alias = ReadUtf(br);
|
||||
DateTime date = ReadDateTime(br);
|
||||
|
||||
X509Certificate cert = ReadTypedCertificate(br, storeVersion);
|
||||
|
||||
m_certificateEntries.Add(alias, new JksTrustedCertEntry(date, cert));
|
||||
break;
|
||||
}
|
||||
default:
|
||||
throw new IOException("unable to discern entry type");
|
||||
}
|
||||
}
|
||||
|
||||
if (storeStream.Position != storeStream.Length)
|
||||
throw new IOException("password incorrect or store tampered with");
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Validate password takes the checksum of the store and will either.
|
||||
* 1. If password is null, load the store into memory, return the result.
|
||||
* 2. If password is not null, load the store into memory, test the checksum, and if successful return
|
||||
* a new input stream instance of the store.
|
||||
* 3. Fail if there is a password and an invalid checksum.
|
||||
*
|
||||
* @param inputStream The input stream.
|
||||
* @param password the password.
|
||||
* @return Either the passed in input stream or a new input stream.
|
||||
*/
|
||||
/// <exception cref="IOException"/>
|
||||
private ErasableByteStream ValidateStream(Stream inputStream, char[] password)
|
||||
{
|
||||
byte[] rawStore = Streams.ReadAll(inputStream);
|
||||
int checksumPos = rawStore.Length - 20;
|
||||
|
||||
if (password != null)
|
||||
{
|
||||
byte[] checksum = CalculateChecksum(password, rawStore, 0, checksumPos);
|
||||
|
||||
if (!Arrays.ConstantTimeAreEqual(20, checksum, 0, rawStore, checksumPos))
|
||||
{
|
||||
Array.Clear(rawStore, 0, rawStore.Length);
|
||||
throw new IOException("password incorrect or store tampered with");
|
||||
}
|
||||
}
|
||||
|
||||
return new ErasableByteStream(rawStore, 0, checksumPos);
|
||||
}
|
||||
|
||||
private static void AddPassword(IDigest digest, char[] password)
|
||||
{
|
||||
// Encoding.BigEndianUnicode
|
||||
for (int i = 0; i < password.Length; ++i)
|
||||
{
|
||||
digest.Update((byte)(password[i] >> 8));
|
||||
digest.Update((byte)password[i]);
|
||||
}
|
||||
}
|
||||
|
||||
private static byte[] CalculateChecksum(char[] password, byte[] buffer, int offset, int length)
|
||||
{
|
||||
IDigest checksumDigest = CreateChecksumDigest(password);
|
||||
checksumDigest.BlockUpdate(buffer, offset, length);
|
||||
return DigestUtilities.DoFinal(checksumDigest);
|
||||
}
|
||||
|
||||
private static X509Certificate[] CloneChain(X509Certificate[] chain)
|
||||
{
|
||||
return (X509Certificate[])chain?.Clone();
|
||||
}
|
||||
|
||||
private static string ConvertAlias(string alias)
|
||||
{
|
||||
return alias.ToLowerInvariant();
|
||||
}
|
||||
|
||||
private static IDigest CreateChecksumDigest(char[] password)
|
||||
{
|
||||
IDigest digest = DigestUtilities.GetDigest("SHA-1");
|
||||
AddPassword(digest, password);
|
||||
|
||||
//
|
||||
// This "Mighty Aphrodite" string goes all the way back to the
|
||||
// first java betas in the mid 90's, why who knows? But see
|
||||
// https://cryptosense.com/mighty-aphrodite-dark-secrets-of-the-java-keystore/
|
||||
//
|
||||
byte[] prefix = Encoding.UTF8.GetBytes("Mighty Aphrodite");
|
||||
digest.BlockUpdate(prefix, 0, prefix.Length);
|
||||
return digest;
|
||||
}
|
||||
|
||||
private static byte[] ReadBufferWithInt16Length(BinaryReader br)
|
||||
{
|
||||
int length = BinaryReaders.ReadInt16BigEndian(br);
|
||||
return BinaryReaders.ReadBytesFully(br, length);
|
||||
}
|
||||
|
||||
private static byte[] ReadBufferWithInt32Length(BinaryReader br)
|
||||
{
|
||||
int length = BinaryReaders.ReadInt32BigEndian(br);
|
||||
return BinaryReaders.ReadBytesFully(br, length);
|
||||
}
|
||||
|
||||
private static DateTime ReadDateTime(BinaryReader br)
|
||||
{
|
||||
long unixMS = BinaryReaders.ReadInt64BigEndian(br);
|
||||
return DateTimeUtilities.UnixMsToDateTime(unixMS);
|
||||
}
|
||||
|
||||
private static X509Certificate ReadTypedCertificate(BinaryReader br, int storeVersion)
|
||||
{
|
||||
if (storeVersion == 2)
|
||||
{
|
||||
string certFormat = ReadUtf(br);
|
||||
if ("X.509" != certFormat)
|
||||
throw new IOException("Unsupported certificate format: " + certFormat);
|
||||
}
|
||||
|
||||
byte[] certData = ReadBufferWithInt32Length(br);
|
||||
try
|
||||
{
|
||||
return new X509Certificate(certData);
|
||||
}
|
||||
finally
|
||||
{
|
||||
Array.Clear(certData, 0, certData.Length);
|
||||
}
|
||||
}
|
||||
|
||||
private static string ReadUtf(BinaryReader br)
|
||||
{
|
||||
byte[] utfBytes = ReadBufferWithInt16Length(br);
|
||||
|
||||
/*
|
||||
* FIXME JKS actually uses a "modified UTF-8" format. For the moment we will just support single-byte
|
||||
* encodings that aren't null bytes.
|
||||
*/
|
||||
for (int i = 0; i < utfBytes.Length; ++i)
|
||||
{
|
||||
byte utfByte = utfBytes[i];
|
||||
if (utfByte == 0 || (utfByte & 0x80) != 0)
|
||||
throw new NotSupportedException("Currently missing support for modified UTF-8 encoding in JKS");
|
||||
}
|
||||
|
||||
return Encoding.UTF8.GetString(utfBytes);
|
||||
}
|
||||
|
||||
private static void WriteBufferWithInt16Length(BinaryWriter bw, byte[] buffer)
|
||||
{
|
||||
BinaryWriters.WriteInt16BigEndian(bw, Convert.ToInt16(buffer.Length));
|
||||
bw.Write(buffer);
|
||||
}
|
||||
|
||||
private static void WriteBufferWithInt32Length(BinaryWriter bw, byte[] buffer)
|
||||
{
|
||||
BinaryWriters.WriteInt32BigEndian(bw, buffer.Length);
|
||||
bw.Write(buffer);
|
||||
}
|
||||
|
||||
private static void WriteDateTime(BinaryWriter bw, DateTime dateTime)
|
||||
{
|
||||
long unixMS = DateTimeUtilities.DateTimeToUnixMs(dateTime);
|
||||
BinaryWriters.WriteInt64BigEndian(bw, unixMS);
|
||||
}
|
||||
|
||||
private static void WriteTypedCertificate(BinaryWriter bw, X509Certificate cert)
|
||||
{
|
||||
WriteUtf(bw, "X.509");
|
||||
WriteBufferWithInt32Length(bw, cert.GetEncoded());
|
||||
}
|
||||
|
||||
private static void WriteUtf(BinaryWriter bw, string s)
|
||||
{
|
||||
byte[] utfBytes = Encoding.UTF8.GetBytes(s);
|
||||
|
||||
/*
|
||||
* FIXME JKS actually uses a "modified UTF-8" format. For the moment we will just support single-byte
|
||||
* encodings that aren't null bytes.
|
||||
*/
|
||||
for (int i = 0; i < utfBytes.Length; ++i)
|
||||
{
|
||||
byte utfByte = utfBytes[i];
|
||||
if (utfByte == 0 || (utfByte & 0x80) != 0)
|
||||
throw new NotSupportedException("Currently missing support for modified UTF-8 encoding in JKS");
|
||||
}
|
||||
|
||||
WriteBufferWithInt16Length(bw, utfBytes);
|
||||
}
|
||||
|
||||
/**
|
||||
* JksTrustedCertEntry is a internal container for the certificate entry.
|
||||
*/
|
||||
private sealed class JksTrustedCertEntry
|
||||
{
|
||||
internal readonly DateTime date;
|
||||
internal readonly X509Certificate cert;
|
||||
|
||||
internal JksTrustedCertEntry(DateTime date, X509Certificate cert)
|
||||
{
|
||||
this.date = date;
|
||||
this.cert = cert;
|
||||
}
|
||||
}
|
||||
|
||||
private sealed class JksKeyEntry
|
||||
{
|
||||
internal readonly DateTime date;
|
||||
internal readonly EncryptedPrivateKeyInfo keyData;
|
||||
internal readonly X509Certificate[] chain;
|
||||
|
||||
internal JksKeyEntry(DateTime date, byte[] keyData, X509Certificate[] chain)
|
||||
{
|
||||
this.date = date;
|
||||
this.keyData = EncryptedPrivateKeyInfo.GetInstance(Asn1Sequence.GetInstance(keyData));
|
||||
this.chain = chain;
|
||||
}
|
||||
}
|
||||
|
||||
private sealed class ErasableByteStream
|
||||
: MemoryStream
|
||||
{
|
||||
internal ErasableByteStream(byte[] buffer, int index, int count)
|
||||
: base(buffer, index, count, false, true)
|
||||
{
|
||||
}
|
||||
|
||||
protected override void Dispose(bool disposing)
|
||||
{
|
||||
if (disposing)
|
||||
{
|
||||
Position = 0L;
|
||||
|
||||
byte[] rawStore = GetBuffer();
|
||||
Array.Clear(rawStore, 0, rawStore.Length);
|
||||
}
|
||||
base.Dispose(disposing);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
Reference in New Issue
Block a user