private static unsafe byte[] EncodeExtension(byte[] subjectKeyIdentifier) { if (subjectKeyIdentifier == null) { throw new ArgumentNullException("subjectKeyIdentifier"); } if (subjectKeyIdentifier.Length == 0) { throw new ArgumentException("subjectKeyIdentifier"); } byte[] encodedData = null; fixed(byte *numRef = subjectKeyIdentifier) { CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob = new CAPIBase.CRYPTOAPI_BLOB { pbData = new IntPtr((void *)numRef), cbData = (uint)subjectKeyIdentifier.Length }; if (!CAPI.EncodeObject("2.5.29.14", new IntPtr((void *)&cryptoapi_blob), out encodedData)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } } return(encodedData); }
internal static byte[] BlobToByteArray(IntPtr pBlob) { CAPIBase.CRYPTOAPI_BLOB blob = (CAPIBase.CRYPTOAPI_BLOB)Marshal.PtrToStructure(pBlob, typeof(CAPIBase.CRYPTOAPI_BLOB)); if (blob.cbData == 0) { return(new byte[0]); } return(BlobToByteArray(blob)); }
internal static byte[] BlobToByteArray(CAPIBase.CRYPTOAPI_BLOB blob) { if (blob.cbData == 0) { return(new byte[0]); } byte[] destination = new byte[blob.cbData]; Marshal.Copy(blob.pbData, destination, 0, destination.Length); return(destination); }
internal static unsafe System.Security.Cryptography.SafeCertStoreHandle PFXImportCertStore([In] uint dwObjectType, [In] object pvObject, [In] string szPassword, [In] uint dwFlags, [In] bool persistKeyContainers) { if (pvObject == null) { throw new ArgumentNullException("pvObject"); } byte[] buffer = null; if (dwObjectType == 1) { buffer = File.ReadAllBytes((string)pvObject); } else { buffer = (byte[])pvObject; } if (persistKeyContainers) { new KeyContainerPermission(KeyContainerPermissionFlags.Create).Demand(); } System.Security.Cryptography.SafeCertStoreHandle invalidHandle = System.Security.Cryptography.SafeCertStoreHandle.InvalidHandle; GCHandle handle2 = GCHandle.Alloc(buffer, GCHandleType.Pinned); IntPtr ptr = handle2.AddrOfPinnedObject(); try { CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob; cryptoapi_blob.cbData = (uint)buffer.Length; cryptoapi_blob.pbData = ptr; invalidHandle = CAPIUnsafe.PFXImportCertStore(new IntPtr((void *)&cryptoapi_blob), szPassword, dwFlags); } finally { if (handle2.IsAllocated) { handle2.Free(); } } if (!invalidHandle.IsInvalid && !persistKeyContainers) { for (IntPtr ptr2 = CertEnumCertificatesInStore(invalidHandle, IntPtr.Zero); ptr2 != IntPtr.Zero; ptr2 = CertEnumCertificatesInStore(invalidHandle, ptr2)) { CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob2 = new CAPIBase.CRYPTOAPI_BLOB(); if (!CertSetCertificateContextProperty(ptr2, 0x65, 0x40000000, new IntPtr((void *)&cryptoapi_blob2))) { throw new CryptographicException(Marshal.GetLastWin32Error()); } } } return(invalidHandle); }
private static unsafe void SetFriendlyNameExtendedProperty(System.Security.Cryptography.SafeCertContextHandle safeCertContextHandle, string name) { SafeLocalAllocHandle handle = System.Security.Cryptography.X509Certificates.X509Utils.StringToUniPtr(name); using (handle) { CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob = new CAPIBase.CRYPTOAPI_BLOB { cbData = (uint)(2 * (name.Length + 1)), pbData = handle.DangerousGetHandle() }; if (!CAPI.CertSetCertificateContextProperty(safeCertContextHandle, 11, 0, new IntPtr((void *)&cryptoapi_blob))) { throw new CryptographicException(Marshal.GetLastWin32Error()); } } }
private void DecodeExtension() { uint cbDecodedValue = 0; SafeLocalAllocHandle decodedValue = null; SafeLocalAllocHandle handle2 = System.Security.Cryptography.X509Certificates.X509Utils.StringToAnsiPtr("2.5.29.14"); if (!CAPI.DecodeObject(handle2.DangerousGetHandle(), base.m_rawData, out decodedValue, out cbDecodedValue)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } CAPIBase.CRYPTOAPI_BLOB blob = (CAPIBase.CRYPTOAPI_BLOB)Marshal.PtrToStructure(decodedValue.DangerousGetHandle(), typeof(CAPIBase.CRYPTOAPI_BLOB)); byte[] sArray = CAPI.BlobToByteArray(blob); this.m_subjectKeyIdentifier = System.Security.Cryptography.X509Certificates.X509Utils.EncodeHexString(sArray); this.m_decoded = true; decodedValue.Dispose(); handle2.Dispose(); }
private void DecodeExtension() { uint cbDecodedValue = 0; SafeLocalAllocHandle decodedValue = null; if (!CAPI.DecodeObject(new IntPtr(14L), base.m_rawData, out decodedValue, out cbDecodedValue)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob = (CAPIBase.CRYPTOAPI_BLOB)Marshal.PtrToStructure(decodedValue.DangerousGetHandle(), typeof(CAPIBase.CRYPTOAPI_BLOB)); if (cryptoapi_blob.cbData > 4) { cryptoapi_blob.cbData = 4; } byte[] destination = new byte[4]; if (cryptoapi_blob.pbData != IntPtr.Zero) { Marshal.Copy(cryptoapi_blob.pbData, destination, 0, (int)cryptoapi_blob.cbData); } this.m_keyUsages = BitConverter.ToUInt32(destination, 0); this.m_decoded = true; decodedValue.Dispose(); }
private static byte[] ConstructDSSPubKeyCspBlob(SafeLocalAllocHandle decodedKeyValue, SafeLocalAllocHandle decodedParameters) { CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob = (CAPIBase.CRYPTOAPI_BLOB)Marshal.PtrToStructure(decodedKeyValue.DangerousGetHandle(), typeof(CAPIBase.CRYPTOAPI_BLOB)); CAPIBase.CERT_DSS_PARAMETERS cert_dss_parameters = (CAPIBase.CERT_DSS_PARAMETERS)Marshal.PtrToStructure(decodedParameters.DangerousGetHandle(), typeof(CAPIBase.CERT_DSS_PARAMETERS)); uint cbData = cert_dss_parameters.p.cbData; if (cbData == 0) { throw new CryptographicException(-2146893803); } uint num2 = ((((0x10 + cbData) + 20) + cbData) + cbData) + 0x18; MemoryStream output = new MemoryStream((int)num2); BinaryWriter writer = new BinaryWriter(output); writer.Write((byte)6); writer.Write((byte)2); writer.Write((short)0); writer.Write((uint)0x2200); writer.Write((uint)0x31535344); writer.Write((uint)(cbData * 8)); byte[] destination = new byte[cert_dss_parameters.p.cbData]; Marshal.Copy(cert_dss_parameters.p.pbData, destination, 0, destination.Length); writer.Write(destination); uint num3 = cert_dss_parameters.q.cbData; if ((num3 == 0) || (num3 > 20)) { throw new CryptographicException(-2146893803); } byte[] buffer2 = new byte[cert_dss_parameters.q.cbData]; Marshal.Copy(cert_dss_parameters.q.pbData, buffer2, 0, buffer2.Length); writer.Write(buffer2); if (20 > num3) { writer.Write(new byte[20 - num3]); } num3 = cert_dss_parameters.g.cbData; if ((num3 == 0) || (num3 > cbData)) { throw new CryptographicException(-2146893803); } byte[] buffer3 = new byte[cert_dss_parameters.g.cbData]; Marshal.Copy(cert_dss_parameters.g.pbData, buffer3, 0, buffer3.Length); writer.Write(buffer3); if (cbData > num3) { writer.Write(new byte[cbData - num3]); } num3 = cryptoapi_blob.cbData; if ((num3 == 0) || (num3 > cbData)) { throw new CryptographicException(-2146893803); } byte[] buffer4 = new byte[cryptoapi_blob.cbData]; Marshal.Copy(cryptoapi_blob.pbData, buffer4, 0, buffer4.Length); writer.Write(buffer4); if (cbData > num3) { writer.Write(new byte[cbData - num3]); } writer.Write(uint.MaxValue); writer.Write(new byte[20]); return(output.ToArray()); }
internal AsnEncodedData(string oid, CAPIBase.CRYPTOAPI_BLOB encodedBlob) : this(oid, CAPI.BlobToByteArray(encodedBlob)) { }
internal AsnEncodedData(System.Security.Cryptography.Oid oid, CAPIBase.CRYPTOAPI_BLOB encodedBlob) : this(oid, CAPI.BlobToByteArray(encodedBlob)) { }
internal X500DistinguishedName(CAPIBase.CRYPTOAPI_BLOB encodedDistinguishedNameBlob) : base(new Oid(), encodedDistinguishedNameBlob) { }
private static unsafe System.Security.Cryptography.SafeCertStoreHandle FindCertInStore(System.Security.Cryptography.SafeCertStoreHandle safeSourceStoreHandle, X509FindType findType, object findValue, bool validOnly) { string str; string str2; System.Security.Cryptography.SafeCertStoreHandle handle2; if (findValue == null) { throw new ArgumentNullException("findValue"); } IntPtr zero = IntPtr.Zero; object dwKeyUsageBit = null; object obj3 = null; FindProcDelegate delegate2 = null; FindProcDelegate delegate3 = null; uint dwFindType = 0; CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob = new CAPIBase.CRYPTOAPI_BLOB(); SafeLocalAllocHandle invalidHandle = SafeLocalAllocHandle.InvalidHandle; System.Runtime.InteropServices.ComTypes.FILETIME filetime = new System.Runtime.InteropServices.ComTypes.FILETIME(); string keyValue = null; switch (findType) { case X509FindType.FindByThumbprint: { if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } byte[] managed = System.Security.Cryptography.X509Certificates.X509Utils.DecodeHexString((string)findValue); cryptoapi_blob.pbData = System.Security.Cryptography.X509Certificates.X509Utils.ByteToPtr(managed).DangerousGetHandle(); cryptoapi_blob.cbData = (uint)managed.Length; dwFindType = 0x10000; zero = new IntPtr((void *)&cryptoapi_blob); goto Label_0703; } case X509FindType.FindBySubjectName: if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } str = (string)findValue; dwFindType = 0x80007; zero = System.Security.Cryptography.X509Certificates.X509Utils.StringToUniPtr(str).DangerousGetHandle(); goto Label_0703; case X509FindType.FindBySubjectDistinguishedName: if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } str = (string)findValue; delegate2 = new FindProcDelegate(X509Certificate2Collection.FindSubjectDistinguishedNameCallback); dwKeyUsageBit = str; goto Label_0703; case X509FindType.FindByIssuerName: if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } str2 = (string)findValue; dwFindType = 0x80004; invalidHandle = System.Security.Cryptography.X509Certificates.X509Utils.StringToUniPtr(str2); zero = invalidHandle.DangerousGetHandle(); goto Label_0703; case X509FindType.FindByIssuerDistinguishedName: if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } str2 = (string)findValue; delegate2 = new FindProcDelegate(X509Certificate2Collection.FindIssuerDistinguishedNameCallback); dwKeyUsageBit = str2; goto Label_0703; case X509FindType.FindBySerialNumber: { if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } delegate2 = new FindProcDelegate(X509Certificate2Collection.FindSerialNumberCallback); delegate3 = new FindProcDelegate(X509Certificate2Collection.FindSerialNumberCallback); BigInt num2 = new BigInt(); num2.FromHexadecimal((string)findValue); dwKeyUsageBit = num2.ToByteArray(); num2.FromDecimal((string)findValue); obj3 = num2.ToByteArray(); goto Label_0703; } case X509FindType.FindByTimeValid: if (findValue.GetType() != typeof(DateTime)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } *((long *)&filetime) = ((DateTime)findValue).ToFileTime(); delegate2 = new FindProcDelegate(X509Certificate2Collection.FindTimeValidCallback); dwKeyUsageBit = filetime; goto Label_0703; case X509FindType.FindByTimeNotYetValid: if (findValue.GetType() != typeof(DateTime)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } *((long *)&filetime) = ((DateTime)findValue).ToFileTime(); delegate2 = new FindProcDelegate(X509Certificate2Collection.FindTimeNotBeforeCallback); dwKeyUsageBit = filetime; goto Label_0703; case X509FindType.FindByTimeExpired: if (findValue.GetType() != typeof(DateTime)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } *((long *)&filetime) = ((DateTime)findValue).ToFileTime(); delegate2 = new FindProcDelegate(X509Certificate2Collection.FindTimeNotAfterCallback); dwKeyUsageBit = filetime; goto Label_0703; case X509FindType.FindByTemplateName: if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } dwKeyUsageBit = (string)findValue; delegate2 = new FindProcDelegate(X509Certificate2Collection.FindTemplateNameCallback); goto Label_0703; case X509FindType.FindByApplicationPolicy: if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } keyValue = System.Security.Cryptography.X509Certificates.X509Utils.FindOidInfo(2, (string)findValue, System.Security.Cryptography.OidGroup.Policy); if (keyValue == null) { keyValue = (string)findValue; System.Security.Cryptography.X509Certificates.X509Utils.ValidateOidValue(keyValue); } dwKeyUsageBit = keyValue; delegate2 = new FindProcDelegate(X509Certificate2Collection.FindApplicationPolicyCallback); goto Label_0703; case X509FindType.FindByCertificatePolicy: if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } keyValue = System.Security.Cryptography.X509Certificates.X509Utils.FindOidInfo(2, (string)findValue, System.Security.Cryptography.OidGroup.Policy); if (keyValue == null) { keyValue = (string)findValue; System.Security.Cryptography.X509Certificates.X509Utils.ValidateOidValue(keyValue); } dwKeyUsageBit = keyValue; delegate2 = new FindProcDelegate(X509Certificate2Collection.FindCertificatePolicyCallback); goto Label_0703; case X509FindType.FindByExtension: if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } keyValue = System.Security.Cryptography.X509Certificates.X509Utils.FindOidInfo(2, (string)findValue, System.Security.Cryptography.OidGroup.ExtensionOrAttribute); if (keyValue == null) { keyValue = (string)findValue; System.Security.Cryptography.X509Certificates.X509Utils.ValidateOidValue(keyValue); } dwKeyUsageBit = keyValue; delegate2 = new FindProcDelegate(X509Certificate2Collection.FindExtensionCallback); goto Label_0703; case X509FindType.FindByKeyUsage: { if (!(findValue.GetType() == typeof(string))) { if (findValue.GetType() == typeof(X509KeyUsageFlags)) { dwKeyUsageBit = findValue; } else { if (!(findValue.GetType() == typeof(uint)) && !(findValue.GetType() == typeof(int))) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindType")); } dwKeyUsageBit = findValue; } goto Label_06A2; } CAPIBase.KEY_USAGE_STRUCT[] key_usage_structArray = new CAPIBase.KEY_USAGE_STRUCT[] { new CAPIBase.KEY_USAGE_STRUCT("DigitalSignature", 0x80), new CAPIBase.KEY_USAGE_STRUCT("NonRepudiation", 0x40), new CAPIBase.KEY_USAGE_STRUCT("KeyEncipherment", 0x20), new CAPIBase.KEY_USAGE_STRUCT("DataEncipherment", 0x10), new CAPIBase.KEY_USAGE_STRUCT("KeyAgreement", 8), new CAPIBase.KEY_USAGE_STRUCT("KeyCertSign", 4), new CAPIBase.KEY_USAGE_STRUCT("CrlSign", 2), new CAPIBase.KEY_USAGE_STRUCT("EncipherOnly", 1), new CAPIBase.KEY_USAGE_STRUCT("DecipherOnly", 0x8000) }; for (uint i = 0; i < key_usage_structArray.Length; i++) { if (string.Compare(key_usage_structArray[i].pwszKeyUsage, (string)findValue, StringComparison.OrdinalIgnoreCase) == 0) { dwKeyUsageBit = key_usage_structArray[i].dwKeyUsageBit; break; } } break; } case X509FindType.FindBySubjectKeyIdentifier: if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } dwKeyUsageBit = System.Security.Cryptography.X509Certificates.X509Utils.DecodeHexString((string)findValue); delegate2 = new FindProcDelegate(X509Certificate2Collection.FindSubjectKeyIdentifierCallback); goto Label_0703; default: throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindType")); } if (dwKeyUsageBit == null) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindType")); } Label_06A2: delegate2 = new FindProcDelegate(X509Certificate2Collection.FindKeyUsageCallback); Label_0703: handle2 = CAPI.CertOpenStore(new IntPtr(2L), 0x10001, IntPtr.Zero, 0x2200, null); if ((handle2 == null) || handle2.IsInvalid) { throw new CryptographicException(Marshal.GetLastWin32Error()); } FindByCert(safeSourceStoreHandle, dwFindType, zero, validOnly, delegate2, delegate3, dwKeyUsageBit, obj3, handle2); invalidHandle.Dispose(); return(handle2); }
private static unsafe byte[] ExportCertificatesToBlob(System.Security.Cryptography.SafeCertStoreHandle safeCertStoreHandle, X509ContentType contentType, string password) { System.Security.Cryptography.SafeCertContextHandle invalidHandle = System.Security.Cryptography.SafeCertContextHandle.InvalidHandle; uint dwSaveAs = 2; byte[] destination = null; CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob = new CAPIBase.CRYPTOAPI_BLOB(); SafeLocalAllocHandle pbElement = SafeLocalAllocHandle.InvalidHandle; switch (contentType) { case X509ContentType.Cert: invalidHandle = CAPI.CertEnumCertificatesInStore(safeCertStoreHandle, invalidHandle); if ((invalidHandle != null) && !invalidHandle.IsInvalid) { CAPIBase.CERT_CONTEXT cert_context = *((CAPIBase.CERT_CONTEXT *)invalidHandle.DangerousGetHandle()); destination = new byte[cert_context.cbCertEncoded]; Marshal.Copy(cert_context.pbCertEncoded, destination, 0, destination.Length); } break; case X509ContentType.SerializedCert: { invalidHandle = CAPI.CertEnumCertificatesInStore(safeCertStoreHandle, invalidHandle); uint num2 = 0; if ((invalidHandle != null) && !invalidHandle.IsInvalid) { if (!CAPISafe.CertSerializeCertificateStoreElement(invalidHandle, 0, pbElement, new IntPtr((void *)&num2))) { throw new CryptographicException(Marshal.GetLastWin32Error()); } pbElement = CAPI.LocalAlloc(0, new IntPtr((long)num2)); if (!CAPISafe.CertSerializeCertificateStoreElement(invalidHandle, 0, pbElement, new IntPtr((void *)&num2))) { throw new CryptographicException(Marshal.GetLastWin32Error()); } destination = new byte[num2]; Marshal.Copy(pbElement.DangerousGetHandle(), destination, 0, destination.Length); break; } break; } case X509ContentType.Pfx: if (!CAPI.PFXExportCertStore(safeCertStoreHandle, new IntPtr((void *)&cryptoapi_blob), password, 6)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } cryptoapi_blob.pbData = CAPI.LocalAlloc(0, new IntPtr((long)cryptoapi_blob.cbData)).DangerousGetHandle(); if (!CAPI.PFXExportCertStore(safeCertStoreHandle, new IntPtr((void *)&cryptoapi_blob), password, 6)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } destination = new byte[cryptoapi_blob.cbData]; Marshal.Copy(cryptoapi_blob.pbData, destination, 0, destination.Length); break; case X509ContentType.SerializedStore: case X509ContentType.Pkcs7: if (contentType == X509ContentType.SerializedStore) { dwSaveAs = 1; } if (!CAPI.CertSaveStore(safeCertStoreHandle, 0x10001, dwSaveAs, 2, new IntPtr((void *)&cryptoapi_blob), 0)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } pbElement = CAPI.LocalAlloc(0, new IntPtr((long)cryptoapi_blob.cbData)); cryptoapi_blob.pbData = pbElement.DangerousGetHandle(); if (!CAPI.CertSaveStore(safeCertStoreHandle, 0x10001, dwSaveAs, 2, new IntPtr((void *)&cryptoapi_blob), 0)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } destination = new byte[cryptoapi_blob.cbData]; Marshal.Copy(cryptoapi_blob.pbData, destination, 0, destination.Length); break; default: throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidContentType")); } pbElement.Dispose(); invalidHandle.Dispose(); return(destination); }