private static unsafe byte[] EncodeExtension(byte[] subjectKeyIdentifier)
{
if (subjectKeyIdentifier == null)
{
throw new ArgumentNullException("subjectKeyIdentifier");
}
if (subjectKeyIdentifier.Length == 0)
{
throw new ArgumentException("subjectKeyIdentifier");
}
byte[] encodedData = null;
fixed(byte *numRef = subjectKeyIdentifier)
{
CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob = new CAPIBase.CRYPTOAPI_BLOB {
pbData = new IntPtr((void *)numRef),
cbData = (uint)subjectKeyIdentifier.Length
};
if (!CAPI.EncodeObject("2.5.29.14", new IntPtr((void *)&cryptoapi_blob), out encodedData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
return(encodedData);
}
internal static byte[] BlobToByteArray(IntPtr pBlob)
{
CAPIBase.CRYPTOAPI_BLOB blob = (CAPIBase.CRYPTOAPI_BLOB)Marshal.PtrToStructure(pBlob, typeof(CAPIBase.CRYPTOAPI_BLOB));
if (blob.cbData == 0)
{
return(new byte[0]);
}
return(BlobToByteArray(blob));
}
internal static byte[] BlobToByteArray(CAPIBase.CRYPTOAPI_BLOB blob)
{
if (blob.cbData == 0)
{
return(new byte[0]);
}
byte[] destination = new byte[blob.cbData];
Marshal.Copy(blob.pbData, destination, 0, destination.Length);
return(destination);
}
internal static unsafe System.Security.Cryptography.SafeCertStoreHandle PFXImportCertStore([In] uint dwObjectType, [In] object pvObject, [In] string szPassword, [In] uint dwFlags, [In] bool persistKeyContainers)
{
if (pvObject == null)
{
throw new ArgumentNullException("pvObject");
}
byte[] buffer = null;
if (dwObjectType == 1)
{
buffer = File.ReadAllBytes((string)pvObject);
}
else
{
buffer = (byte[])pvObject;
}
if (persistKeyContainers)
{
new KeyContainerPermission(KeyContainerPermissionFlags.Create).Demand();
}
System.Security.Cryptography.SafeCertStoreHandle invalidHandle = System.Security.Cryptography.SafeCertStoreHandle.InvalidHandle;
GCHandle handle2 = GCHandle.Alloc(buffer, GCHandleType.Pinned);
IntPtr ptr = handle2.AddrOfPinnedObject();
try
{
CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob;
cryptoapi_blob.cbData = (uint)buffer.Length;
cryptoapi_blob.pbData = ptr;
invalidHandle = CAPIUnsafe.PFXImportCertStore(new IntPtr((void *)&cryptoapi_blob), szPassword, dwFlags);
}
finally
{
if (handle2.IsAllocated)
{
handle2.Free();
}
}
if (!invalidHandle.IsInvalid && !persistKeyContainers)
{
for (IntPtr ptr2 = CertEnumCertificatesInStore(invalidHandle, IntPtr.Zero); ptr2 != IntPtr.Zero; ptr2 = CertEnumCertificatesInStore(invalidHandle, ptr2))
{
CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob2 = new CAPIBase.CRYPTOAPI_BLOB();
if (!CertSetCertificateContextProperty(ptr2, 0x65, 0x40000000, new IntPtr((void *)&cryptoapi_blob2)))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
}
return(invalidHandle);
}
private static unsafe void SetFriendlyNameExtendedProperty(System.Security.Cryptography.SafeCertContextHandle safeCertContextHandle, string name)
{
SafeLocalAllocHandle handle = System.Security.Cryptography.X509Certificates.X509Utils.StringToUniPtr(name);
using (handle)
{
CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob = new CAPIBase.CRYPTOAPI_BLOB {
cbData = (uint)(2 * (name.Length + 1)),
pbData = handle.DangerousGetHandle()
};
if (!CAPI.CertSetCertificateContextProperty(safeCertContextHandle, 11, 0, new IntPtr((void *)&cryptoapi_blob)))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
}
private void DecodeExtension()
{
uint cbDecodedValue = 0;
SafeLocalAllocHandle decodedValue = null;
SafeLocalAllocHandle handle2 = System.Security.Cryptography.X509Certificates.X509Utils.StringToAnsiPtr("2.5.29.14");
if (!CAPI.DecodeObject(handle2.DangerousGetHandle(), base.m_rawData, out decodedValue, out cbDecodedValue))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
CAPIBase.CRYPTOAPI_BLOB blob = (CAPIBase.CRYPTOAPI_BLOB)Marshal.PtrToStructure(decodedValue.DangerousGetHandle(), typeof(CAPIBase.CRYPTOAPI_BLOB));
byte[] sArray = CAPI.BlobToByteArray(blob);
this.m_subjectKeyIdentifier = System.Security.Cryptography.X509Certificates.X509Utils.EncodeHexString(sArray);
this.m_decoded = true;
decodedValue.Dispose();
handle2.Dispose();
}
private void DecodeExtension()
{
uint cbDecodedValue = 0;
SafeLocalAllocHandle decodedValue = null;
if (!CAPI.DecodeObject(new IntPtr(14L), base.m_rawData, out decodedValue, out cbDecodedValue))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob = (CAPIBase.CRYPTOAPI_BLOB)Marshal.PtrToStructure(decodedValue.DangerousGetHandle(), typeof(CAPIBase.CRYPTOAPI_BLOB));
if (cryptoapi_blob.cbData > 4)
{
cryptoapi_blob.cbData = 4;
}
byte[] destination = new byte[4];
if (cryptoapi_blob.pbData != IntPtr.Zero)
{
Marshal.Copy(cryptoapi_blob.pbData, destination, 0, (int)cryptoapi_blob.cbData);
}
this.m_keyUsages = BitConverter.ToUInt32(destination, 0);
this.m_decoded = true;
decodedValue.Dispose();
}
private static byte[] ConstructDSSPubKeyCspBlob(SafeLocalAllocHandle decodedKeyValue, SafeLocalAllocHandle decodedParameters)
{
CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob = (CAPIBase.CRYPTOAPI_BLOB)Marshal.PtrToStructure(decodedKeyValue.DangerousGetHandle(), typeof(CAPIBase.CRYPTOAPI_BLOB));
CAPIBase.CERT_DSS_PARAMETERS cert_dss_parameters = (CAPIBase.CERT_DSS_PARAMETERS)Marshal.PtrToStructure(decodedParameters.DangerousGetHandle(), typeof(CAPIBase.CERT_DSS_PARAMETERS));
uint cbData = cert_dss_parameters.p.cbData;
if (cbData == 0)
{
throw new CryptographicException(-2146893803);
}
uint num2 = ((((0x10 + cbData) + 20) + cbData) + cbData) + 0x18;
MemoryStream output = new MemoryStream((int)num2);
BinaryWriter writer = new BinaryWriter(output);
writer.Write((byte)6);
writer.Write((byte)2);
writer.Write((short)0);
writer.Write((uint)0x2200);
writer.Write((uint)0x31535344);
writer.Write((uint)(cbData * 8));
byte[] destination = new byte[cert_dss_parameters.p.cbData];
Marshal.Copy(cert_dss_parameters.p.pbData, destination, 0, destination.Length);
writer.Write(destination);
uint num3 = cert_dss_parameters.q.cbData;
if ((num3 == 0) || (num3 > 20))
{
throw new CryptographicException(-2146893803);
}
byte[] buffer2 = new byte[cert_dss_parameters.q.cbData];
Marshal.Copy(cert_dss_parameters.q.pbData, buffer2, 0, buffer2.Length);
writer.Write(buffer2);
if (20 > num3)
{
writer.Write(new byte[20 - num3]);
}
num3 = cert_dss_parameters.g.cbData;
if ((num3 == 0) || (num3 > cbData))
{
throw new CryptographicException(-2146893803);
}
byte[] buffer3 = new byte[cert_dss_parameters.g.cbData];
Marshal.Copy(cert_dss_parameters.g.pbData, buffer3, 0, buffer3.Length);
writer.Write(buffer3);
if (cbData > num3)
{
writer.Write(new byte[cbData - num3]);
}
num3 = cryptoapi_blob.cbData;
if ((num3 == 0) || (num3 > cbData))
{
throw new CryptographicException(-2146893803);
}
byte[] buffer4 = new byte[cryptoapi_blob.cbData];
Marshal.Copy(cryptoapi_blob.pbData, buffer4, 0, buffer4.Length);
writer.Write(buffer4);
if (cbData > num3)
{
writer.Write(new byte[cbData - num3]);
}
writer.Write(uint.MaxValue);
writer.Write(new byte[20]);
return(output.ToArray());
}
internal AsnEncodedData(string oid, CAPIBase.CRYPTOAPI_BLOB encodedBlob) : this(oid, CAPI.BlobToByteArray(encodedBlob))
{
}
internal AsnEncodedData(System.Security.Cryptography.Oid oid, CAPIBase.CRYPTOAPI_BLOB encodedBlob) : this(oid, CAPI.BlobToByteArray(encodedBlob))
{
}
internal X500DistinguishedName(CAPIBase.CRYPTOAPI_BLOB encodedDistinguishedNameBlob) : base(new Oid(), encodedDistinguishedNameBlob)
{
}
private static unsafe System.Security.Cryptography.SafeCertStoreHandle FindCertInStore(System.Security.Cryptography.SafeCertStoreHandle safeSourceStoreHandle, X509FindType findType, object findValue, bool validOnly)
{
string str;
string str2;
System.Security.Cryptography.SafeCertStoreHandle handle2;
if (findValue == null)
{
throw new ArgumentNullException("findValue");
}
IntPtr zero = IntPtr.Zero;
object dwKeyUsageBit = null;
object obj3 = null;
FindProcDelegate delegate2 = null;
FindProcDelegate delegate3 = null;
uint dwFindType = 0;
CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob = new CAPIBase.CRYPTOAPI_BLOB();
SafeLocalAllocHandle invalidHandle = SafeLocalAllocHandle.InvalidHandle;
System.Runtime.InteropServices.ComTypes.FILETIME filetime = new System.Runtime.InteropServices.ComTypes.FILETIME();
string keyValue = null;
switch (findType)
{
case X509FindType.FindByThumbprint:
{
if (findValue.GetType() != typeof(string))
{
throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue"));
}
byte[] managed = System.Security.Cryptography.X509Certificates.X509Utils.DecodeHexString((string)findValue);
cryptoapi_blob.pbData = System.Security.Cryptography.X509Certificates.X509Utils.ByteToPtr(managed).DangerousGetHandle();
cryptoapi_blob.cbData = (uint)managed.Length;
dwFindType = 0x10000;
zero = new IntPtr((void *)&cryptoapi_blob);
goto Label_0703;
}
case X509FindType.FindBySubjectName:
if (findValue.GetType() != typeof(string))
{
throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue"));
}
str = (string)findValue;
dwFindType = 0x80007;
zero = System.Security.Cryptography.X509Certificates.X509Utils.StringToUniPtr(str).DangerousGetHandle();
goto Label_0703;
case X509FindType.FindBySubjectDistinguishedName:
if (findValue.GetType() != typeof(string))
{
throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue"));
}
str = (string)findValue;
delegate2 = new FindProcDelegate(X509Certificate2Collection.FindSubjectDistinguishedNameCallback);
dwKeyUsageBit = str;
goto Label_0703;
case X509FindType.FindByIssuerName:
if (findValue.GetType() != typeof(string))
{
throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue"));
}
str2 = (string)findValue;
dwFindType = 0x80004;
invalidHandle = System.Security.Cryptography.X509Certificates.X509Utils.StringToUniPtr(str2);
zero = invalidHandle.DangerousGetHandle();
goto Label_0703;
case X509FindType.FindByIssuerDistinguishedName:
if (findValue.GetType() != typeof(string))
{
throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue"));
}
str2 = (string)findValue;
delegate2 = new FindProcDelegate(X509Certificate2Collection.FindIssuerDistinguishedNameCallback);
dwKeyUsageBit = str2;
goto Label_0703;
case X509FindType.FindBySerialNumber:
{
if (findValue.GetType() != typeof(string))
{
throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue"));
}
delegate2 = new FindProcDelegate(X509Certificate2Collection.FindSerialNumberCallback);
delegate3 = new FindProcDelegate(X509Certificate2Collection.FindSerialNumberCallback);
BigInt num2 = new BigInt();
num2.FromHexadecimal((string)findValue);
dwKeyUsageBit = num2.ToByteArray();
num2.FromDecimal((string)findValue);
obj3 = num2.ToByteArray();
goto Label_0703;
}
case X509FindType.FindByTimeValid:
if (findValue.GetType() != typeof(DateTime))
{
throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue"));
}
*((long *)&filetime) = ((DateTime)findValue).ToFileTime();
delegate2 = new FindProcDelegate(X509Certificate2Collection.FindTimeValidCallback);
dwKeyUsageBit = filetime;
goto Label_0703;
case X509FindType.FindByTimeNotYetValid:
if (findValue.GetType() != typeof(DateTime))
{
throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue"));
}
*((long *)&filetime) = ((DateTime)findValue).ToFileTime();
delegate2 = new FindProcDelegate(X509Certificate2Collection.FindTimeNotBeforeCallback);
dwKeyUsageBit = filetime;
goto Label_0703;
case X509FindType.FindByTimeExpired:
if (findValue.GetType() != typeof(DateTime))
{
throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue"));
}
*((long *)&filetime) = ((DateTime)findValue).ToFileTime();
delegate2 = new FindProcDelegate(X509Certificate2Collection.FindTimeNotAfterCallback);
dwKeyUsageBit = filetime;
goto Label_0703;
case X509FindType.FindByTemplateName:
if (findValue.GetType() != typeof(string))
{
throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue"));
}
dwKeyUsageBit = (string)findValue;
delegate2 = new FindProcDelegate(X509Certificate2Collection.FindTemplateNameCallback);
goto Label_0703;
case X509FindType.FindByApplicationPolicy:
if (findValue.GetType() != typeof(string))
{
throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue"));
}
keyValue = System.Security.Cryptography.X509Certificates.X509Utils.FindOidInfo(2, (string)findValue, System.Security.Cryptography.OidGroup.Policy);
if (keyValue == null)
{
keyValue = (string)findValue;
System.Security.Cryptography.X509Certificates.X509Utils.ValidateOidValue(keyValue);
}
dwKeyUsageBit = keyValue;
delegate2 = new FindProcDelegate(X509Certificate2Collection.FindApplicationPolicyCallback);
goto Label_0703;
case X509FindType.FindByCertificatePolicy:
if (findValue.GetType() != typeof(string))
{
throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue"));
}
keyValue = System.Security.Cryptography.X509Certificates.X509Utils.FindOidInfo(2, (string)findValue, System.Security.Cryptography.OidGroup.Policy);
if (keyValue == null)
{
keyValue = (string)findValue;
System.Security.Cryptography.X509Certificates.X509Utils.ValidateOidValue(keyValue);
}
dwKeyUsageBit = keyValue;
delegate2 = new FindProcDelegate(X509Certificate2Collection.FindCertificatePolicyCallback);
goto Label_0703;
case X509FindType.FindByExtension:
if (findValue.GetType() != typeof(string))
{
throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue"));
}
keyValue = System.Security.Cryptography.X509Certificates.X509Utils.FindOidInfo(2, (string)findValue, System.Security.Cryptography.OidGroup.ExtensionOrAttribute);
if (keyValue == null)
{
keyValue = (string)findValue;
System.Security.Cryptography.X509Certificates.X509Utils.ValidateOidValue(keyValue);
}
dwKeyUsageBit = keyValue;
delegate2 = new FindProcDelegate(X509Certificate2Collection.FindExtensionCallback);
goto Label_0703;
case X509FindType.FindByKeyUsage:
{
if (!(findValue.GetType() == typeof(string)))
{
if (findValue.GetType() == typeof(X509KeyUsageFlags))
{
dwKeyUsageBit = findValue;
}
else
{
if (!(findValue.GetType() == typeof(uint)) && !(findValue.GetType() == typeof(int)))
{
throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindType"));
}
dwKeyUsageBit = findValue;
}
goto Label_06A2;
}
CAPIBase.KEY_USAGE_STRUCT[] key_usage_structArray = new CAPIBase.KEY_USAGE_STRUCT[] { new CAPIBase.KEY_USAGE_STRUCT("DigitalSignature", 0x80), new CAPIBase.KEY_USAGE_STRUCT("NonRepudiation", 0x40), new CAPIBase.KEY_USAGE_STRUCT("KeyEncipherment", 0x20), new CAPIBase.KEY_USAGE_STRUCT("DataEncipherment", 0x10), new CAPIBase.KEY_USAGE_STRUCT("KeyAgreement", 8), new CAPIBase.KEY_USAGE_STRUCT("KeyCertSign", 4), new CAPIBase.KEY_USAGE_STRUCT("CrlSign", 2), new CAPIBase.KEY_USAGE_STRUCT("EncipherOnly", 1), new CAPIBase.KEY_USAGE_STRUCT("DecipherOnly", 0x8000) };
for (uint i = 0; i < key_usage_structArray.Length; i++)
{
if (string.Compare(key_usage_structArray[i].pwszKeyUsage, (string)findValue, StringComparison.OrdinalIgnoreCase) == 0)
{
dwKeyUsageBit = key_usage_structArray[i].dwKeyUsageBit;
break;
}
}
break;
}
case X509FindType.FindBySubjectKeyIdentifier:
if (findValue.GetType() != typeof(string))
{
throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue"));
}
dwKeyUsageBit = System.Security.Cryptography.X509Certificates.X509Utils.DecodeHexString((string)findValue);
delegate2 = new FindProcDelegate(X509Certificate2Collection.FindSubjectKeyIdentifierCallback);
goto Label_0703;
default:
throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindType"));
}
if (dwKeyUsageBit == null)
{
throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindType"));
}
Label_06A2:
delegate2 = new FindProcDelegate(X509Certificate2Collection.FindKeyUsageCallback);
Label_0703:
handle2 = CAPI.CertOpenStore(new IntPtr(2L), 0x10001, IntPtr.Zero, 0x2200, null);
if ((handle2 == null) || handle2.IsInvalid)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
FindByCert(safeSourceStoreHandle, dwFindType, zero, validOnly, delegate2, delegate3, dwKeyUsageBit, obj3, handle2);
invalidHandle.Dispose();
return(handle2);
}
private static unsafe byte[] ExportCertificatesToBlob(System.Security.Cryptography.SafeCertStoreHandle safeCertStoreHandle, X509ContentType contentType, string password)
{
System.Security.Cryptography.SafeCertContextHandle invalidHandle = System.Security.Cryptography.SafeCertContextHandle.InvalidHandle;
uint dwSaveAs = 2;
byte[] destination = null;
CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob = new CAPIBase.CRYPTOAPI_BLOB();
SafeLocalAllocHandle pbElement = SafeLocalAllocHandle.InvalidHandle;
switch (contentType)
{
case X509ContentType.Cert:
invalidHandle = CAPI.CertEnumCertificatesInStore(safeCertStoreHandle, invalidHandle);
if ((invalidHandle != null) && !invalidHandle.IsInvalid)
{
CAPIBase.CERT_CONTEXT cert_context = *((CAPIBase.CERT_CONTEXT *)invalidHandle.DangerousGetHandle());
destination = new byte[cert_context.cbCertEncoded];
Marshal.Copy(cert_context.pbCertEncoded, destination, 0, destination.Length);
}
break;
case X509ContentType.SerializedCert:
{
invalidHandle = CAPI.CertEnumCertificatesInStore(safeCertStoreHandle, invalidHandle);
uint num2 = 0;
if ((invalidHandle != null) && !invalidHandle.IsInvalid)
{
if (!CAPISafe.CertSerializeCertificateStoreElement(invalidHandle, 0, pbElement, new IntPtr((void *)&num2)))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
pbElement = CAPI.LocalAlloc(0, new IntPtr((long)num2));
if (!CAPISafe.CertSerializeCertificateStoreElement(invalidHandle, 0, pbElement, new IntPtr((void *)&num2)))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
destination = new byte[num2];
Marshal.Copy(pbElement.DangerousGetHandle(), destination, 0, destination.Length);
break;
}
break;
}
case X509ContentType.Pfx:
if (!CAPI.PFXExportCertStore(safeCertStoreHandle, new IntPtr((void *)&cryptoapi_blob), password, 6))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
cryptoapi_blob.pbData = CAPI.LocalAlloc(0, new IntPtr((long)cryptoapi_blob.cbData)).DangerousGetHandle();
if (!CAPI.PFXExportCertStore(safeCertStoreHandle, new IntPtr((void *)&cryptoapi_blob), password, 6))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
destination = new byte[cryptoapi_blob.cbData];
Marshal.Copy(cryptoapi_blob.pbData, destination, 0, destination.Length);
break;
case X509ContentType.SerializedStore:
case X509ContentType.Pkcs7:
if (contentType == X509ContentType.SerializedStore)
{
dwSaveAs = 1;
}
if (!CAPI.CertSaveStore(safeCertStoreHandle, 0x10001, dwSaveAs, 2, new IntPtr((void *)&cryptoapi_blob), 0))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
pbElement = CAPI.LocalAlloc(0, new IntPtr((long)cryptoapi_blob.cbData));
cryptoapi_blob.pbData = pbElement.DangerousGetHandle();
if (!CAPI.CertSaveStore(safeCertStoreHandle, 0x10001, dwSaveAs, 2, new IntPtr((void *)&cryptoapi_blob), 0))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
destination = new byte[cryptoapi_blob.cbData];
Marshal.Copy(cryptoapi_blob.pbData, destination, 0, destination.Length);
break;
default:
throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidContentType"));
}
pbElement.Dispose();
invalidHandle.Dispose();
return(destination);
}
