/// <summary>
/// attempts to decode the outer layer of a BLOB as a Personal Information Exchange (PFX) packet and to decrypt it
/// with the given password.
/// </summary>
/// <param name="rawData">A byte array that the method will attempt to decode as a PFX packet</param>
/// <param name="password">String password to be checked. For this function to succeed, this password must be exactly the same
/// as the password used to encrypt the packet.
/// <para>If you set this value to an empty string or <strong>NULL</strong>, this function typically attempts to decrypt the
/// password embedded in the PFX BLOB by using the empty string or <strong>NULL</strong>.</para>
/// <para>However, beginning with Windows 8 and Windows Server 2012, if a <strong>NULL</strong> or empty password was specified
/// when the PFX BLOB was created and the application also specified that the password should be protected to an Active
/// Directory (AD) principal, the Cryptography API (CAPI) randomly generates a password, encrypts it to the AD principal
/// and embeds it in the PFX BLOB. The PFXVerifyPassword function will then try to use the specified AD principal (current
/// user, computer, or AD group member) to decrypt the password.</para>
/// </param>
/// <exception cref="ArgumentNullException">If the <strong>rawData</strong> parameter is null.</exception>
/// <returns>The method return <strong>TRUE</strong> if the password appears correct; otherwise,
/// it returns <strong>FALSE</strong>.
/// </returns>
public static Boolean PfxVerifyPassword(Byte[] rawData, String password)
{
if (rawData != null)
{
IntPtr ptr = Marshal.AllocHGlobal(rawData.Length);
Marshal.Copy(rawData, 0, ptr, rawData.Length);
Wincrypt.CRYPTOAPI_BLOB PPfx = new Wincrypt.CRYPTOAPI_BLOB {
cbData = (UInt32)rawData.Length,
pbData = ptr
};
Boolean result = Crypt32.PFXVerifyPassword(PPfx, password, 0);
Marshal.FreeHGlobal(ptr);
return(result);
}
throw new ArgumentNullException(nameof(rawData));
}
