Implement PKCS12 Export in terms of Pkcs12Builder for non-Windows #111823
Conversation
|
Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones |
| #if BUILDING_PKCS | ||
| public | ||
| #else | ||
| #pragma warning disable CA1510, CA1512 |
There was a problem hiding this comment.
Why do we need to suppress these if we are in System.Security.Cryptography?
Because S.S.C.Pkcs targets netstandard, the analyzer that tells you to use the throw helpers does not kick in. However when this is pulled in to S.S.Cryptography, the analyzer lights up because it is unaware the source file is being pulled in to a non-net project.
| @@ -287,7 +292,7 @@ public IEnumerable<Pkcs12SafeBag> GetBags() | |||
|
|
|||
| if (_bags == null) | |||
| { | |||
| return Enumerable.Empty<Pkcs12SafeBag>(); | |||
| return []; | |||
There was a problem hiding this comment.
Enumerable.Empty is in System.Linq. S.S.Cryptography does not have a reference to Linq, and it didn't seem worth it for this one case. An empty collection expression is probably "right" these days anyway.
|
Do we need any unit tests for this, Kevin? I am open to suggestions. |
vcsjones
added
the
cryptographic-docs-impact
Currently, the
UnixExportProvideris implemented by putting together ASN.1 data in a bit of an ad-hoc fashion using the serializers.In order to support #80314 and #111560, we will soon want to offer the capability to export in PKCS12 with different configurations for PBES, like PBES2-AES256-SHA256.
Rather than try to tack on PBES2, PBKDF2, etc in to the ad-hoc encoder, this pulls in
Pkcs12Builderin to System.Security.Cryptography. Because it is currently inSystem.Security.Cryptography.Pkcs, we can't use it directly because it is a package, and even if we ship the package, we have a circular reference problem.To address that, this puts
Pkcs12Builderand its dependencies in Common. This is, essentially:BUILDING_PKCSdefine to change the visibility. If we are building the public API, its visibility is public, otherwise it is internal.PkcsHelpersneeded to be split.SignedCmsneeded to be moved toPkcsHelpersbecause we don't want to pull inSignedCms.Contributes to #80314.