Added EllipticCurve S/MIME unit tests and fixed bugs that resulted

Completes the fix for issue #998

Author: jstedfast

MimeKit/Cryptography/BouncyCastleSecureMimeContext.cs

@@ -1327,17 +1327,17 @@ void CmsEnvelopeAddEllipticCurve (CmsEnvelopedDataGenerator cms, CmsRecipient re
 				var subjectKeyIdentifier = recipient.Certificate.GetExtensionValue (X509Extensions.SubjectKeyIdentifier);
 				cms.AddKeyAgreementRecipient (
 					CmsEnvelopedGenerator.ECDHSha1Kdf,
-					keyPair.Public,
 					keyPair.Private,
+					keyPair.Public,
 					subjectKeyIdentifier.GetOctets (),
 					publicKey,
 					CmsEnvelopedGenerator.Aes128Wrap
 				);
 			} else {
 				cms.AddKeyAgreementRecipient (
 					CmsEnvelopedGenerator.ECDHSha1Kdf,
-					keyPair.Public,
 					keyPair.Private,
+					keyPair.Public,
 					certificate,
 					CmsEnvelopedGenerator.Aes128Wrap
 				);
@@ -1355,7 +1355,7 @@ Stream Envelope (CmsRecipientCollection recipients, Stream content, Cancellation
 					var certificate = recipient.Certificate;
 					var pub = certificate.GetPublicKey ();
 
-					if (pub is RsaKeyParameters || pub is DsaKeyParameters) {
+					if (pub is RsaKeyParameters) {
 						// Bouncy Castle dispatches OAEP based on the certificate type. However, MimeKit users
 						// expect to be able to specify the use of OAEP in S/MIME with certificates that have
 						// PKCS#1v1.5 OIDs as these tend to be more broadly compatible across the ecosystem.
@@ -1366,7 +1366,7 @@ Stream Envelope (CmsRecipientCollection recipients, Stream content, Cancellation
 					} else {
 						var oid = certificate.SubjectPublicKeyInfo.Algorithm.Algorithm.ToString ();
 
-						throw new ArgumentException ($"Unknown type of recipient certificate: {pub.GetType ().Name} (SubjectPublicKeyInfo OID = {oid})");
+						throw new NotSupportedException ($"Unsupported type of recipient certificate: {pub.GetType ().Name} (SubjectPublicKeyInfo OID = {oid})");
 					}
 
 					count++;

MimeKit/Cryptography/DefaultSecureMimeContext.cs

@@ -615,17 +615,20 @@ public override void Import (X509Certificate2 certificate, CancellationToken can
 				X509CertificateRecord record;
 
 				if ((record = dbase.Find (cert, ImportPkcs12Fields)) == null) {
-					record = new X509CertificateRecord (cert, privateKey) {
-						Algorithms = EnabledEncryptionAlgorithms,
-						AlgorithmsUpdated = DateTime.UtcNow,
-						IsTrusted = true
-					};
+					if (privateKey != null)
+						record = new X509CertificateRecord (cert, privateKey);
+					else
+						record = new X509CertificateRecord (cert);
+
+					record.Algorithms = EnabledEncryptionAlgorithms;
+					record.AlgorithmsUpdated = DateTime.UtcNow;
+					record.IsTrusted = privateKey != null;
 					dbase.Add (record);
 				} else {
 					record.AlgorithmsUpdated = DateTime.UtcNow;
 					record.Algorithms = EnabledEncryptionAlgorithms;
 					record.PrivateKey ??= privateKey;
-					record.IsTrusted = true;
+					record.IsTrusted = record.IsTrusted || privateKey != null;
 					dbase.Update (record, ImportPkcs12Fields);
 				}
 			} else {

MimeKit/Cryptography/X509Certificate2Extensions.cs

@@ -172,12 +172,22 @@ public static AsymmetricKeyParameter GetPrivateKeyAsAsymmetricKeyParameter (this
 				throw new ArgumentNullException (nameof (certificate));
 
 #if NET6_0_OR_GREATER
-			AsymmetricAlgorithm privateKey;
+			AsymmetricAlgorithm privateKey = null;
 
-			privateKey = certificate.GetRSAPrivateKey ();
-			privateKey ??= certificate.GetDSAPrivateKey ();
-			privateKey ??= certificate.GetECDsaPrivateKey ();
-			privateKey ??= certificate.GetECDiffieHellmanPrivateKey ();
+			if (certificate.HasPrivateKey) {
+				switch (GetPublicKeyAlgorithm (certificate)) {
+				case PublicKeyAlgorithm.Dsa:
+					privateKey = certificate.GetDSAPrivateKey ();
+					break;
+				case PublicKeyAlgorithm.RsaGeneral:
+					privateKey = certificate.GetRSAPrivateKey ();
+					break;
+				case PublicKeyAlgorithm.EllipticCurve:
+					//privateKey = certificate.GetECDsaPrivateKey ();
+					privateKey = certificate.GetECDiffieHellmanPrivateKey ();
+					break;
+				}
+			}
 
 			return privateKey?.AsAsymmetricKeyParameter ();
 #else