Implement PemEncoding.WriteString

Co-authored-by: Jeremy Barton <[email protected]>

Author: vcsjones

src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs

@@ -1655,6 +1655,7 @@ public static partial class PemEncoding
         public static bool TryFind(System.ReadOnlySpan<char> pemData, out System.Security.Cryptography.PemFields fields) { throw null; }
         public static bool TryWrite(System.ReadOnlySpan<char> label, System.ReadOnlySpan<byte> data, System.Span<char> destination, out int charsWritten) { throw null; }
         public static char[] Write(System.ReadOnlySpan<char> label, System.ReadOnlySpan<byte> data) { throw null; }
+        public static string WriteString(System.ReadOnlySpan<char> label, System.ReadOnlySpan<byte> data) { throw null; }
     }
     public readonly partial struct PemFields
     {

src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/AsymmetricAlgorithm.cs

@@ -401,7 +401,7 @@ public unsafe string ExportPkcs8PrivateKeyPem()
             {
                 try
                 {
-                    return PemKeyHelpers.CreatePemFromData(PemLabels.Pkcs8PrivateKey, exported);
+                    return PemEncoding.WriteString(PemLabels.Pkcs8PrivateKey, exported);
                 }
                 finally
                 {
@@ -454,7 +454,7 @@ public unsafe string ExportEncryptedPkcs8PrivateKeyPem(ReadOnlySpan<char> passwo
             {
                 try
                 {
-                    return PemKeyHelpers.CreatePemFromData(PemLabels.EncryptedPkcs8PrivateKey, exported);
+                    return PemEncoding.WriteString(PemLabels.EncryptedPkcs8PrivateKey, exported);
                 }
                 finally
                 {
@@ -490,7 +490,7 @@ public unsafe string ExportEncryptedPkcs8PrivateKeyPem(ReadOnlySpan<char> passwo
         public string ExportSubjectPublicKeyInfoPem()
         {
             byte[] exported = ExportSubjectPublicKeyInfo();
-            return PemKeyHelpers.CreatePemFromData(PemLabels.SpkiPublicKey, exported);
+            return PemEncoding.WriteString(PemLabels.SpkiPublicKey, exported);
         }
 
         /// <summary>

src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/ECAlgorithm.cs

@@ -878,7 +878,7 @@ public unsafe string ExportECPrivateKeyPem()
             {
                 try
                 {
-                    return PemKeyHelpers.CreatePemFromData(PemLabels.EcPrivateKey, exported);
+                    return PemEncoding.WriteString(PemLabels.EcPrivateKey, exported);
                 }
                 finally
                 {

src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/PemEncoding.cs

@@ -422,6 +422,24 @@ public static int GetEncodedSize(int labelLength, int dataLength)
         /// <paramref name="label"/> contains invalid characters.
         /// </exception>
         public static bool TryWrite(ReadOnlySpan<char> label, ReadOnlySpan<byte> data, Span<char> destination, out int charsWritten)
+        {
+            if (!IsValidLabel(label))
+                throw new ArgumentException(SR.Argument_PemEncoding_InvalidLabel, nameof(label));
+
+            int encodedSize = GetEncodedSize(label.Length, data.Length);
+
+            if (destination.Length < encodedSize)
+            {
+                charsWritten = 0;
+                return false;
+            }
+
+            charsWritten = WriteCore(label, data, destination);
+            Debug.Assert(encodedSize == charsWritten);
+            return true;
+        }
+
+        private static int WriteCore(ReadOnlySpan<char> label, ReadOnlySpan<byte> data, Span<char> destination)
         {
             static int Write(ReadOnlySpan<char> str, Span<char> dest, int offset)
             {
@@ -442,20 +460,10 @@ static int WriteBase64(ReadOnlySpan<byte> bytes, Span<char> dest, int offset)
                 return base64Written;
             }
 
-            if (!IsValidLabel(label))
-                throw new ArgumentException(SR.Argument_PemEncoding_InvalidLabel, nameof(label));
-
             const string NewLine = "\n";
             const int BytesPerLine = 48;
-            int encodedSize = GetEncodedSize(label.Length, data.Length);
-
-            if (destination.Length < encodedSize)
-            {
-                charsWritten = 0;
-                return false;
-            }
 
-            charsWritten = 0;
+            int charsWritten = 0;
             charsWritten += Write(PreEBPrefix, destination, charsWritten);
             charsWritten += Write(label, destination, charsWritten);
             charsWritten += Write(Ending, destination, charsWritten);
@@ -481,7 +489,7 @@ static int WriteBase64(ReadOnlySpan<byte> bytes, Span<char> dest, int offset)
             charsWritten += Write(label, destination, charsWritten);
             charsWritten += Write(Ending, destination, charsWritten);
 
-            return true;
+            return charsWritten;
         }
 
         /// <summary>
@@ -522,14 +530,68 @@ public static char[] Write(ReadOnlySpan<char> label, ReadOnlySpan<byte> data)
             int encodedSize = GetEncodedSize(label.Length, data.Length);
             char[] buffer = new char[encodedSize];
 
-            if (!TryWrite(label, data, buffer, out int charsWritten))
-            {
-                Debug.Fail("TryWrite failed with a pre-sized buffer");
-                throw new ArgumentException(null, nameof(data));
-            }
-
+            int charsWritten = WriteCore(label, data, buffer);
             Debug.Assert(charsWritten == encodedSize);
             return buffer;
         }
+
+        /// <summary>
+        ///   Creates an encoded PEM with the given label and data.
+        /// </summary>
+        /// <param name="label">
+        ///   The label to encode.
+        /// </param>
+        /// <param name="data">
+        ///   The data to encode.
+        /// </param>
+        /// <returns>
+        ///   A string of the encoded PEM.
+        /// </returns>
+        /// <remarks>
+        ///   This method always wraps the base-64 encoded text to 64 characters, per the
+        ///   recommended wrapping of RFC-7468. Unix-style line endings are used for line breaks.
+        /// </remarks>
+        /// <exception cref="ArgumentOutOfRangeException">
+        ///   <paramref name="label"/> exceeds the maximum possible label length.
+        ///
+        ///   -or-
+        ///
+        ///   <paramref name="data"/> exceeds the maximum possible encoded data length.
+        /// </exception>
+        /// <exception cref="ArgumentException">
+        ///   The resulting PEM-encoded text is larger than <see cref="int.MaxValue"/>.
+        ///
+        ///   - or -
+        ///
+        ///   <paramref name="label"/> contains invalid characters.
+        /// </exception>
+        public static unsafe string WriteString(ReadOnlySpan<char> label, ReadOnlySpan<byte> data)
+        {
+            if (!IsValidLabel(label))
+                throw new ArgumentException(SR.Argument_PemEncoding_InvalidLabel, nameof(label));
+
+            int encodedSize = GetEncodedSize(label.Length, data.Length);
+
+            fixed (char* pLabel = label)
+            fixed (byte* pData = data)
+            {
+                return string.Create(
+                    encodedSize,
+                    (LabelPointer : new IntPtr(pLabel), LabelLength : label.Length, DataPointer : new IntPtr(pData), DataLength : data.Length),
+                    static (destination, state) =>
+                    {
+                        ReadOnlySpan<byte> data = new ReadOnlySpan<byte>(state.DataPointer.ToPointer(), state.DataLength);
+                        ReadOnlySpan<char> label = new ReadOnlySpan<char>(state.LabelPointer.ToPointer(), state.LabelLength);
+
+                        int charsWritten = WriteCore(label, data, destination);
+
+                        if (charsWritten != destination.Length)
+                        {
+                            Debug.Fail("WriteCore wrote the wrong amount of data");
+                            throw new CryptographicException();
+                        }
+                    });
+            }
+        }
     }
 }

src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/PemKeyHelpers.cs

@@ -90,23 +90,6 @@ public static unsafe bool TryExportToPem<T>(
             }
         }
 
-        internal static string CreatePemFromData(string label, ReadOnlyMemory<byte> data)
-        {
-            int pemSize = PemEncoding.GetEncodedSize(label.Length, data.Length);
-
-            return string.Create(pemSize, (label, data), static (destination, args) =>
-            {
-                (string label, ReadOnlyMemory<byte> data) = args;
-
-                if (!PemEncoding.TryWrite(label, data.Span, destination, out int charsWritten) ||
-                    charsWritten != destination.Length)
-                {
-                    Debug.Fail("Pre-allocated buffer was not the correct size.");
-                    throw new CryptographicException();
-                }
-            });
-        }
-
         public delegate void ImportKeyAction(ReadOnlySpan<byte> source, out int bytesRead);
         public delegate ImportKeyAction? FindImportActionFunc(ReadOnlySpan<char> label);
         public delegate void ImportEncryptedKeyAction<TPass>(

src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/RSA.cs

@@ -843,7 +843,7 @@ public unsafe string ExportRSAPrivateKeyPem()
             {
                 try
                 {
-                    return PemKeyHelpers.CreatePemFromData(PemLabels.RsaPrivateKey, exported);
+                    return PemEncoding.WriteString(PemLabels.RsaPrivateKey, exported);
                 }
                 finally
                 {
@@ -874,7 +874,7 @@ public unsafe string ExportRSAPrivateKeyPem()
         public string ExportRSAPublicKeyPem()
         {
             byte[] exported = ExportRSAPublicKey();
-            return PemKeyHelpers.CreatePemFromData(PemLabels.RsaPublicKey, exported);
+            return PemEncoding.WriteString(PemLabels.RsaPublicKey, exported);
         }
 
         /// <summary>

src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/CertificateData.ManagedDecode.cs

@@ -104,7 +104,7 @@ internal CertificateData(byte[] rawData)
         }
         catch (Exception e)
         {
-            string pem = new string(PemEncoding.Write(PemLabels.X509Certificate, rawData));
+            string pem = PemEncoding.WriteString(PemLabels.X509Certificate, rawData);
             throw new CryptographicException($"Error in reading certificate:{Environment.NewLine}{pem}", e);
         }
 #endif

src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs

@@ -1137,16 +1137,7 @@ public static X509Certificate2 CreateFromPem(ReadOnlySpan<char> certPem)
         /// </remarks>
         public string ExportCertificatePem()
         {
-            int pemSize = PemEncoding.GetEncodedSize(PemLabels.X509Certificate.Length, RawDataMemory.Length);
-
-            return string.Create(pemSize, this, static (destination, cert) => {
-                if (!cert.TryExportCertificatePem(destination, out int charsWritten) ||
-                    charsWritten != destination.Length)
-                {
-                    Debug.Fail("Pre-allocated buffer was not the correct size.");
-                    throw new CryptographicException();
-                }
-            });
+            return PemEncoding.WriteString(PemLabels.X509Certificate, RawDataMemory.Span);
         }
 
         /// <summary>

src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Certificate2Collection.cs

@@ -417,16 +417,7 @@ public string ExportPkcs7Pem()
                 throw new CryptographicException(SR.Cryptography_X509_ExportFailed);
             }
 
-            int encodedSize = PemEncoding.GetEncodedSize(PemLabels.Pkcs7Certificate.Length, pkcs7.Length);
-
-            return string.Create(encodedSize, pkcs7, static (destination, pkcs7) => {
-                if (!PemEncoding.TryWrite(PemLabels.Pkcs7Certificate, pkcs7, destination, out int written) ||
-                    written != destination.Length)
-                {
-                    Debug.Fail("Pre-allocated buffer was not the correct size.");
-                    throw new CryptographicException();
-                }
-            });
+            return PemEncoding.WriteString(PemLabels.Pkcs7Certificate, pkcs7);
         }
 
         /// <summary>