public static RSA GetRSAPublicKey(this X509Certificate2 certificate)
{
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
if (!IsRSA(certificate))
{
return(null);
}
PublicKey publicKey = certificate.PublicKey;
AsnEncodedData asn = publicKey.EncodedKeyValue;
IntPtr structType = new IntPtr(CapiNative.CNG_RSA_PUBLIC_KEY_BLOB);
SafeLocalAllocHandle cngBlobHandle;
uint cngBlobLength;
bool result = CapiNative.DecodeObject(structType, asn.RawData, out cngBlobHandle, out cngBlobLength);
if (!result)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
byte[] cngBlob = new byte[cngBlobLength];
using (cngBlobHandle)
{
Marshal.Copy(cngBlobHandle.DangerousGetHandle(), cngBlob, 0, cngBlob.Length);
}
CngKey key = CngKey.Import(cngBlob, CngKeyBlobFormat.GenericPublicBlob);
return(new RSACng(key));
}
private static uint OidToAlgorithmId(Oid oid)
{
using (SafeLocalAllocHandle oidHandle = X509Utils.StringToAnsiPtr(oid.Value))
{
CapiNative.CRYPT_OID_INFO oidInfo = CapiNative.CryptFindOIDInfo(CapiNative.CRYPT_OID_INFO_OID_KEY, oidHandle, 0);
return(oidInfo.Algid);
}
}
internal static X509AlternateName FromAltNameEntry(X509Native.CERT_ALT_NAME_ENTRY altNameEntry)
{
switch (altNameEntry.dwAltNameChoice)
{
case AlternateNameType.DirectoryName:
return(new X509AlternateNameBlob(altNameEntry.dwAltNameChoice,
CapiNative.ReadBlob(altNameEntry.altName.DirectoryName)));
case AlternateNameType.DnsName:
return(new X509AlternateNameString(altNameEntry.dwAltNameChoice,
Marshal.PtrToStringUni(altNameEntry.altName.pwszDNSName)));
case AlternateNameType.EdiPartyName:
return(new X509AlternateNameString(altNameEntry.dwAltNameChoice,
Marshal.PtrToStringUni(altNameEntry.altName.pEdiPartyName)));
case AlternateNameType.IPAddress:
IPAddress ipAddress = new IPAddress(CapiNative.ReadBlob(altNameEntry.altName.IPAddress));
return(new X509AlternateNameIPAddress(altNameEntry.dwAltNameChoice,
ipAddress));
case AlternateNameType.OtherName:
X509Native.CERT_OTHER_NAME otherName =
(X509Native.CERT_OTHER_NAME)Marshal.PtrToStructure(altNameEntry.altName.pOtherName, typeof(X509Native.CERT_OTHER_NAME));
Oid2 otherNameOid = Oid2.FindByValue(otherName.pszObjId);
return(new X509AlternateNameOther(CapiNative.ReadBlob(otherName.Value), otherNameOid));
case AlternateNameType.RegisteredId:
return(new X509AlternateNameString(altNameEntry.dwAltNameChoice,
Marshal.PtrToStringAnsi(altNameEntry.altName.pszRegisteredID)));
case AlternateNameType.Rfc822Name:
return(new X509AlternateNameString(altNameEntry.dwAltNameChoice,
Marshal.PtrToStringUni(altNameEntry.altName.pwszRfc822Name)));
case AlternateNameType.Url:
return(new X509AlternateNameString(altNameEntry.dwAltNameChoice,
Marshal.PtrToStringUni(altNameEntry.altName.pwszURL)));
case AlternateNameType.X400Address:
return(new X509AlternateNameBlob(altNameEntry.dwAltNameChoice,
CapiNative.ReadBlob(altNameEntry.altName.x400Address)));
default:
return(new X509AlternateName(altNameEntry.dwAltNameChoice));
}
}
public static DSA GetDSAPublicKey(this X509Certificate2 certificate)
{
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
if (!IsDSA(certificate))
{
return(null);
}
unsafe
{
DSAParameters dp = new DSAParameters();
SafeLocalAllocHandle dssKeyLocalAlloc = null;
try
{
byte[] encodedPublicKey = certificate.PublicKey.EncodedKeyValue.RawData;
uint cbDSSKey;
if (!CapiNative.DecodeObject((IntPtr)(CapiNative.X509_DSS_PUBLICKEY), encodedPublicKey, out dssKeyLocalAlloc, out cbDSSKey))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (cbDSSKey < Marshal.SizeOf(typeof(CapiNative.CRYPTOAPI_BLOB)))
{
throw new CryptographicException();
}
CapiNative.CRYPTOAPI_BLOB *pDssKeyBlob = (CapiNative.CRYPTOAPI_BLOB *)(dssKeyLocalAlloc.DangerousGetHandle());
dp.Y = ToBigEndianByteArray(*pDssKeyBlob);
}
finally
{
if (dssKeyLocalAlloc != null)
{
dssKeyLocalAlloc.Dispose();
dssKeyLocalAlloc = null;
}
}
SafeLocalAllocHandle dssParametersLocalHandle = null;
try
{
byte[] encodedKeyAlgorithmParameters = certificate.GetKeyAlgorithmParameters();
uint cbDSSParams;
if (!CapiNative.DecodeObject((IntPtr)(CapiNative.X509_DSS_PARAMETERS), encodedKeyAlgorithmParameters, out dssParametersLocalHandle, out cbDSSParams))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (cbDSSParams < Marshal.SizeOf(typeof(CapiNative.CERT_DSS_PARAMETERS)))
{
throw new CryptographicException();
}
CapiNative.CERT_DSS_PARAMETERS *pDssParameters = (CapiNative.CERT_DSS_PARAMETERS *)(dssParametersLocalHandle.DangerousGetHandle());
dp.P = ToBigEndianByteArray(pDssParameters->p);
dp.Q = ToBigEndianByteArray(pDssParameters->q);
dp.G = ToBigEndianByteArray(pDssParameters->g);
}
finally
{
if (dssParametersLocalHandle != null)
{
dssParametersLocalHandle.Dispose();
dssParametersLocalHandle = null;
}
}
DSACng dsaCng = new DSACng();
dsaCng.ImportParameters(dp);
return(dsaCng);
}
}
public static extern int CertVerifyAuthenticodeLicense(ref CapiNative.CRYPTOAPI_BLOB pLicenseBlob,
AxlVerificationFlags dwFlags,
[In, Out] ref AXL_AUTHENTICODE_SIGNER_INFO pSignerInfo,
[In, Out] ref AXL_AUTHENTICODE_TIMESTAMPER_INFO pTimestamperInfo);
/// <summary>
/// Unpack a CAPI CRYPT_OID_INFO structure into an Oid2
/// </summary>
private Oid2(CapiNative.CRYPT_OID_INFO oidInfo)
{
m_oid = oidInfo.pszOID ?? String.Empty;
m_name = oidInfo.pwszName ?? String.Empty;
m_group = oidInfo.dwGroupId;
// Algorithm information is only set for specific OID groups
if (oidInfo.dwGroupId == OidGroup.EncryptionAlgorithm ||
oidInfo.dwGroupId == OidGroup.HashAlgorithm ||
oidInfo.dwGroupId == OidGroup.PublicKeyAlgorithm ||
oidInfo.dwGroupId == OidGroup.SignatureAlgorithm)
{
// Values of 0 or -1 indicate that there is no CAPI algorithm mapping
if (oidInfo.dwValue != 0 && oidInfo.dwValue != -1)
{
m_algorithmId = oidInfo.dwValue;
}
if (!String.IsNullOrEmpty(oidInfo.pwszCNGAlgid))
{
m_cngAlgorithm = new CngAlgorithm(oidInfo.pwszCNGAlgid);
}
if (!String.IsNullOrEmpty(oidInfo.pwszCNGExtraAlgid))
{
m_cngExtraAlgorithm = new CngAlgorithm(oidInfo.pwszCNGExtraAlgid);
}
}
}
