internal static SafeSharedX509StackHandle GetPkcs7Certificates(SafePkcs7Handle p7) { if (p7 == null || p7.IsInvalid) { return SafeSharedX509StackHandle.InvalidHandle; } SafeSharedX509StackHandle certs; int result = GetPkcs7Certificates(p7, out certs); if (result != 1) { throw Interop.Crypto.CreateOpenSslCryptographicException(); } // Track the parent relationship for the interior pointer so lifetime is well-managed. certs.SetParent(p7); return certs; }
private static bool TryReadPkcs7( SafePkcs7Handle pkcs7, bool single, out ICertificatePal certPal, out List<ICertificatePal> certPals) { List<ICertificatePal> readPals = single ? null : new List<ICertificatePal>(); using (SafeSharedX509StackHandle certs = Interop.Crypto.GetPkcs7Certificates(pkcs7)) { int count = Interop.Crypto.GetX509StackFieldCount(certs); if (single) { // In single mode for a PKCS#7 signed or signed-and-enveloped file we're supposed to return // the certificate which signed the PKCS#7 file. // // X509Certificate2Collection::Export(X509ContentType.Pkcs7) claims to be a signed PKCS#7, // but doesn't emit a signature block. So this is hard to test. // // TODO(2910): Figure out how to extract the signing certificate, when it's present. throw new CryptographicException(SR.Cryptography_X509_PKCS7_NoSigner); } for (int i = 0; i < count; i++) { // Use FromHandle to duplicate the handle since it would otherwise be freed when the PKCS7 // is Disposed. IntPtr certHandle = Interop.Crypto.GetX509StackField(certs, i); ICertificatePal pal = CertificatePal.FromHandle(certHandle); readPals.Add(pal); } } certPal = null; certPals = readPals; return true; }
internal static extern int EncodePkcs7(SafePkcs7Handle p7, byte[] buf);
internal static extern int GetPkcs7DerSize(SafePkcs7Handle p7);
internal static extern bool Pkcs7AddCertificate(SafePkcs7Handle p7, IntPtr x509);
private static extern int GetPkcs7Certificates(SafePkcs7Handle p7, out SafeSharedX509StackHandle certs);