public static SafeCertContextHandle GetCertificateContext(
this X509Certificate certificate)
{
GC.KeepAlive(certificate);
var certContext = X509Native.DuplicateCertContext(certificate.Handle);
return(certContext);
}
public static CngKey GetCngPrivateKey(
this X509Certificate2 certificate)
{
if (certificate == null)
{
throw new ArgumentNullException(nameof(certificate));
}
if (!certificate.HasPrivateKey ||
!certificate.HasCngKey())
{
return(null);
}
try
{
using (
var
certContext = certificate.GetCertificateContext())
{
using (
var privateKeyHandle =
X509Native.AcquireCngPrivateKey(certContext))
{
// We need to assert for full trust when opening the CNG key because
// CngKey.Open(SafeNCryptKeyHandle) does a full demand for full trust,
// and we want to allow access to a certificate's private key by
// anyone who has access to the certificate itself.
new PermissionSet(PermissionState.Unrestricted).Assert();
return(CngKey.Open(privateKeyHandle, CngKeyHandleOpenOptions.None));
}
}
}
catch (CryptographicException ex)
{
throw new CryptographicException(
"The private key for the certificate with serial number '" +
certificate.SerialNumber +
"' could not be found because it does not exist or" +
" cannot be accessed due to missing permissions.",
ex);
}
}
public static bool HasCngKey(
this X509Certificate certificate)
{
using (var certContext = certificate.GetCertificateContext())
{
if (!X509Native.HasCertificateProperty(
certContext,
NativeMethods.Crypt32.CertificateProperty.KeyProviderInfo))
{
return(false);
}
var keyProvInfo =
X509Native.GetCertificateProperty <X509Native.CryptKeyProvInfo>(
certContext,
NativeMethods.Crypt32.CertificateProperty.KeyProviderInfo
);
return(keyProvInfo.dwProvType == 0);
}
}