public static bool CertVerifyCertificateChainPolicy(
IntPtr pszPolicyOID,
SafeX509ChainHandle pChainContext,
ref CERT_CHAIN_POLICY_PARA pPolicyPara,
ref CERT_CHAIN_POLICY_STATUS pPolicyStatus)
{
return(true);
}
public static bool CertVerifyCertificateChainPolicy(
IntPtr pszPolicyOID,
SafeX509ChainHandle pChainContext,
ref CERT_CHAIN_POLICY_PARA pPolicyPara,
ref CERT_CHAIN_POLICY_STATUS pPolicyStatus)
{
return true;
}
/// <summary>
/// Does not throw on api error. Returns default(bool?) and sets "exception" instead.
/// </summary>
public bool?Verify(X509VerificationFlags flags, out Exception?exception)
{
exception = null;
unsafe
{
CERT_CHAIN_POLICY_PARA para = default;
para.cbSize = sizeof(CERT_CHAIN_POLICY_PARA);
para.dwFlags = (int)flags;
CERT_CHAIN_POLICY_STATUS status = default;
status.cbSize = sizeof(CERT_CHAIN_POLICY_STATUS);
if (!Interop.crypt32.CertVerifyCertificateChainPolicy(ChainPolicy.CERT_CHAIN_POLICY_BASE, _chain, ref para, ref status))
{
int errorCode = Marshal.GetLastWin32Error();
exception = errorCode.ToCryptographicException();
return(default(bool?));
}
return(status.dwError == 0);
}
}
/// <summary>
/// Does not throw on api error. Returns default(bool?) and sets "exception" instead.
/// </summary>
public bool?Verify(X509VerificationFlags flags, out Exception exception)
{
exception = null;
CERT_CHAIN_POLICY_PARA para = new CERT_CHAIN_POLICY_PARA()
{
cbSize = Marshal.SizeOf <CERT_CHAIN_POLICY_PARA>(),
dwFlags = (int)flags,
};
CERT_CHAIN_POLICY_STATUS status = new CERT_CHAIN_POLICY_STATUS()
{
cbSize = Marshal.SizeOf <CERT_CHAIN_POLICY_STATUS>(),
};
if (!Interop.crypt32.CertVerifyCertificateChainPolicy(ChainPolicy.CERT_CHAIN_POLICY_BASE, _chain, ref para, ref status))
{
int errorCode = Marshal.GetLastWin32Error();
exception = errorCode.ToCryptographicException();
return(default(bool?));
}
return(status.dwError == 0);
}
internal static partial bool CertVerifyCertificateChainPolicy(
IntPtr pszPolicyOID,
SafeX509ChainHandle pChainContext,
ref CERT_CHAIN_POLICY_PARA pPolicyPara,
ref CERT_CHAIN_POLICY_STATUS pPolicyStatus);
private static extern bool CertVerifyCertificateChainPolicy(IntPtr pszPolicyOID, SafeX509ChainHandle pChainContext, [In] ref CERT_CHAIN_POLICY_PARA pPolicyPara, [In, Out] ref CERT_CHAIN_POLICY_STATUS pPolicyStatus);
internal extern static bool CertVerifyCertificateChainPolicy(
[In] IntPtr pszPolicyOID,
[In] SafeCertChainHandle pChainContext,
[In] ref CERT_CHAIN_POLICY_PARA pPolicyPara,
[In, Out] ref CERT_CHAIN_POLICY_STATUS pPolicyStatus);
/*****************************************************************************
* wmain
*****************************************************************************/
static int Main(string[] args)
{
int i;
string pwszStoreName = "MY"; // by default, MY
CERT_CHAIN_PARA ChainPara = default;
CERT_CHAIN_POLICY_PARA ChainPolicy = default;
CERT_CHAIN_POLICY_STATUS PolicyStatus = default;
var dwFlags = CertChainFlags.CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
HRESULT hr = HRESULT.S_OK;
ChainPara.cbSize = (uint)Marshal.SizeOf(ChainPara);
ChainPolicy.cbSize = (uint)Marshal.SizeOf(ChainPolicy);
PolicyStatus.cbSize = (uint)Marshal.SizeOf(PolicyStatus);
//
// options
//
for (i = 0; i < args.Length; i++)
{
if (args[i] == "/?" || args[i] == "-?")
{
Usage("BuildChain.exe");
goto CleanUp;
}
if (args[i][0] != '-')
{
break;
}
if (args[i] == "-s")
{
if (i + 1 >= args.Length)
{
hr = HRESULT.E_INVALIDARG;
goto CleanUp;
}
pwszStoreName = args[++i];
}
else if (args[i] == "-f")
{
if (i + 1 >= args.Length)
{
hr = HRESULT.E_INVALIDARG;
goto CleanUp;
}
dwFlags = (CertChainFlags)(uint.TryParse(args[++i], out var r) ? r : 0);
}
}
if (i >= args.Length)
{
hr = HRESULT.E_INVALIDARG;
goto CleanUp;
}
var pwszCName = args[i];
//-------------------------------------------------------------------
// Find the test certificate to be validated and obtain a pointer to it
hr = HrFindCertificateBySubjectName(pwszStoreName, pwszCName, out var pcTestCertContext);
if (hr.Failed)
{
goto CleanUp;
}
//-------------------------------------------------------------------
// Build a chain using CertGetCertificateChain
if (!CertGetCertificateChain(default, // use the default chain engine
