protected override void ProcessRecord()

in src/PFXImportPowershell/PFXImportPS/cmdlets/NewUserPFXCertificate.cs [84:221]

• 128 lines of code
• 14 McCabe index (conditional complexity)

        protected override void ProcessRecord()
        {

            byte[] pfxData;
            if (this.ParameterSetName == PFXBase64String)
            {
                pfxData = Convert.FromBase64String(Base64EncodedPfx);
            }
            else
            {
                pfxData = File.ReadAllBytes(PathToPfxFile);
            }

            X509Certificate2 pfxCert = new X509Certificate2();
            try
            {
                pfxCert.Import(pfxData, PfxPassword, X509KeyStorageFlags.DefaultKeySet);
            }
            catch (CryptographicException ex)
            {
                if (ex.HResult == ErrorCodeCantOpenFile)
                {
                    ThrowTerminatingError(
                        new ErrorRecord(
                            new ArgumentException(
                                string.Format("Could not Read Thumbprint on file at path: '{0}'. File must be a certificate.", PathToPfxFile), ex),
                            Guid.NewGuid().ToString(),
                            ErrorCategory.InvalidArgument,
                            null));
                }
                else if (ex.HResult == ErrorCodeNetworkPasswordIncorrect)
                {
                    ThrowTerminatingError(
                        new ErrorRecord(
                            new ArgumentException("Could not Read Thumbprint. Verify Password is Correct.", ex),
                            Guid.NewGuid().ToString(),
                            ErrorCategory.InvalidArgument,
                            null));
                }
                else
                {
                    ThrowTerminatingError(
                        new ErrorRecord(
                            new ArgumentException("Could not Read Thumbprint. Unknown Cause", ex),
                            Guid.NewGuid().ToString(),
                            ErrorCategory.InvalidArgument,
                            null));
                }
            }

            ManagedRSAEncryption encryptUtility = new ManagedRSAEncryption();
            byte[] password = new byte[PfxPassword.Length];
            GCHandle pinnedPasswordHandle = GCHandle.Alloc(password, GCHandleType.Pinned);
            byte[] encryptedPassword = null;
            try
            {
                ConvertSecureStringToByteArray(PfxPassword, ref password);

                string hashAlgorithm;
                int paddingFlags;

#pragma warning disable CS0618 // Type or member is obsolete
                switch (PaddingScheme)
#pragma warning restore CS0618 // Type or member is obsolete
                {
#pragma warning disable CS0618 // Type or member is obsolete
                    case UserPfxPaddingScheme.Pkcs1:
                    case UserPfxPaddingScheme.OaepSha1:
                        ThrowTerminatingError(
                            new ErrorRecord(
                                new ArgumentException("Pkcs1 and OaepSha1 are no longer supported."),
                                Guid.NewGuid().ToString(),
                                ErrorCategory.InvalidArgument,
                                null));
                        return;
#pragma warning restore CS0618 // Type or member is obsolete
                    case UserPfxPaddingScheme.OaepSha256:
                        hashAlgorithm = PaddingHashAlgorithmNames.SHA256;
                        paddingFlags = PaddingFlags.OAEPPadding;
                        break;
                    case UserPfxPaddingScheme.OaepSha384:
                        hashAlgorithm = PaddingHashAlgorithmNames.SHA384;
                        paddingFlags = PaddingFlags.OAEPPadding;
                        break;
                    case UserPfxPaddingScheme.None:
#pragma warning disable CS0618 // Type or member is obsolete
                        PaddingScheme = UserPfxPaddingScheme.OaepSha512;
#pragma warning restore CS0618 // Type or member is obsolete
                        goto default;   // Since C# doesn't allow switch-case fall-through!
                    case UserPfxPaddingScheme.OaepSha512:
                    default:
                        hashAlgorithm = PaddingHashAlgorithmNames.SHA512;
                        paddingFlags = PaddingFlags.OAEPPadding;
                        break;
                }

                if (KeyFilePath != null)
                {
                    encryptedPassword = encryptUtility.EncryptWithFileKey(KeyFilePath, password, hashAlgorithm, paddingFlags);
                }
                else
                {
                    encryptedPassword = encryptUtility.EncryptWithLocalKey(ProviderName, KeyName, password, hashAlgorithm, paddingFlags);
                }
            }
            finally
            {
                if(password != null)
                {
                    password.ZeroFill();
                }

                if (pinnedPasswordHandle.IsAllocated)
                {
                    pinnedPasswordHandle.Free();
                }
            }

            string encryptedPasswordString = Convert.ToBase64String(encryptedPassword);

            UserPFXCertificate userPfxCertifiate = new UserPFXCertificate();
            userPfxCertifiate.Thumbprint = pfxCert.Thumbprint.ToLowerInvariant();
            userPfxCertifiate.IntendedPurpose = (UserPfxIntendedPurpose)IntendedPurpose;
#pragma warning disable CS0618 // Type or member is obsolete
            userPfxCertifiate.PaddingScheme = (UserPfxPaddingScheme)PaddingScheme;
#pragma warning restore CS0618 // Type or member is obsolete
            userPfxCertifiate.KeyName = KeyName;
            userPfxCertifiate.UserPrincipalName = UPN;
            userPfxCertifiate.ProviderName = ProviderName;
            userPfxCertifiate.StartDateTime = Convert.ToDateTime(pfxCert.GetEffectiveDateString(), CultureInfo.CurrentCulture);
            userPfxCertifiate.ExpirationDateTime = Convert.ToDateTime(pfxCert.GetExpirationDateString(), CultureInfo.CurrentCulture);
            userPfxCertifiate.CreatedDateTime = DateTime.Now;
            userPfxCertifiate.LastModifiedDateTime = DateTime.Now;
            userPfxCertifiate.EncryptedPfxPassword = encryptedPasswordString;
            userPfxCertifiate.EncryptedPfxBlob = pfxData;

            WriteObject(userPfxCertifiate);
        }