public static void TestHandle()
{
//
// Ensure that the Handle property returns a valid CER_CONTEXT pointer.
//
using (X509Certificate2 c = new X509Certificate2(TestData.MsCertificate))
{
IntPtr h = c.Handle;
unsafe
{
Interop.Crypt32.CERT_CONTEXT *pCertContext = (Interop.Crypt32.CERT_CONTEXT *)h;
// Does the blob data match?
int cbCertEncoded = pCertContext->cbCertEncoded;
Assert.Equal(TestData.MsCertificate.Length, cbCertEncoded);
byte[] pCertEncoded = new byte[cbCertEncoded];
Marshal.Copy((IntPtr)(pCertContext->pbCertEncoded), pCertEncoded, 0, cbCertEncoded);
Assert.Equal(TestData.MsCertificate, pCertEncoded);
// Does the serial number match?
Interop.Crypt32.CERT_INFO *pCertInfo = pCertContext->pCertInfo;
byte[] serialNumber = pCertInfo->SerialNumber.ToByteArray();
byte[] expectedSerial = "b00000000100dd9f3bd08b0aaf11b000000033".HexToByteArray();
Assert.Equal(expectedSerial, serialNumber);
}
}
}
/// <summary>
/// A less error-prone wrapper for CertEnumCertificatesInStore().
///
/// To begin the enumeration, set pCertContext to null. Each iteration replaces pCertContext with
/// the next certificate in the iteration. The final call sets pCertContext to an invalid SafeCertStoreHandle
/// and returns "false" to indicate the end of the store has been reached.
/// </summary>
public static unsafe bool CertFindCertificateInStore(SafeCertStoreHandle hCertStore, Interop.Crypt32.CertFindType dwFindType, void *pvFindPara, [NotNull] ref SafeCertContextHandle?pCertContext)
{
Interop.Crypt32.CERT_CONTEXT *pPrevCertContext = null;
if (pCertContext != null)
{
pPrevCertContext = pCertContext.Disconnect();
pCertContext.Dispose();
}
pCertContext = Interop.Crypt32.CertFindCertificateInStore(hCertStore, Interop.Crypt32.CertEncodingType.All, Interop.Crypt32.CertFindFlags.None, dwFindType, pvFindPara, pPrevCertContext);
return(!pCertContext.IsInvalid);
}
public unsafe void Remove(ICertificatePal certificate)
{
using (SafeCertContextHandle existingCertContext = ((CertificatePal)certificate).GetCertContext())
{
SafeCertContextHandle? enumCertContext = null;
Interop.Crypt32.CERT_CONTEXT *pCertContext = existingCertContext.CertContext;
if (!Interop.crypt32.CertFindCertificateInStore(_certStore, Interop.Crypt32.CertFindType.CERT_FIND_EXISTING, pCertContext, ref enumCertContext))
{
return; // The certificate is not present in the store, simply return.
}
Interop.Crypt32.CERT_CONTEXT *pCertContextToDelete = enumCertContext.Disconnect(); // CertDeleteCertificateFromContext always frees the context (even on error)
enumCertContext.Dispose();
if (!Interop.Crypt32.CertDeleteCertificateFromStore(pCertContextToDelete))
{
throw Marshal.GetLastPInvokeError().ToCryptographicException();
}
}
}
internal static X509Certificate2Collection GetRemoteCertificatesFromStoreContext(IntPtr certContext)
{
X509Certificate2Collection result = new X509Certificate2Collection();
if (certContext == IntPtr.Zero)
{
return(result);
}
Interop.Crypt32.CERT_CONTEXT context;
unsafe
{
context = *(Interop.Crypt32.CERT_CONTEXT *)certContext;
}
if (context.hCertStore != IntPtr.Zero)
{
Interop.Crypt32.CERT_CONTEXT *last = null;
while (true)
{
Interop.Crypt32.CERT_CONTEXT *next =
Interop.Crypt32.CertEnumCertificatesInStore(context.hCertStore, last);
if (next == null)
{
break;
}
var cert = new X509Certificate2(new IntPtr(next));
if (NetEventSource.IsEnabled)
{
NetEventSource.Info(certContext, $"Adding remote certificate:{cert}");
}
result.Add(cert);
last = next;
}
}
return(result);
}
internal static X509Certificate2Collection GetRemoteCertificatesFromStoreContext(SafeFreeCertContext certContext)
{
X509Certificate2Collection result = new X509Certificate2Collection();
if (certContext.IsInvalid)
{
return(result);
}
Interop.Crypt32.CERT_CONTEXT context =
Marshal.PtrToStructure <Interop.Crypt32.CERT_CONTEXT>(certContext.DangerousGetHandle());
if (context.hCertStore != IntPtr.Zero)
{
Interop.Crypt32.CERT_CONTEXT *last = null;
while (true)
{
Interop.Crypt32.CERT_CONTEXT *next =
Interop.Crypt32.CertEnumCertificatesInStore(context.hCertStore, last);
if (next == null)
{
break;
}
var cert = new X509Certificate2(new IntPtr(next));
if (GlobalLog.IsEnabled)
{
GlobalLog.Print(
"UnmanagedCertificateContext::GetRemoteCertificatesFromStoreContext " +
"adding remote certificate:" + cert.Subject + cert.Thumbprint);
}
result.Add(cert);
last = next;
}
}
return(result);
}
internal static X509Certificate2Collection GetRemoteCertificatesFromStoreContext(SafeFreeCertContext certContext)
{
X509Certificate2Collection result = new X509Certificate2Collection();
if (certContext.IsInvalid)
{
return(result);
}
Interop.Crypt32.CERT_CONTEXT context =
Marshal.PtrToStructure <Interop.Crypt32.CERT_CONTEXT>(certContext.DangerousGetHandle());
if (context.hCertStore != IntPtr.Zero)
{
Interop.Crypt32.CERT_CONTEXT *last = null;
while (true)
{
Interop.Crypt32.CERT_CONTEXT *next =
Interop.Crypt32.CertEnumCertificatesInStore(context.hCertStore, last);
if (next == null)
{
break;
}
var cert = new X509Certificate2(new IntPtr(next));
if (NetEventSource.IsEnabled)
{
NetEventSource.Info(certContext, $"Adding remote certificate:{cert}");
}
result.Add(cert);
last = next;
}
}
return(result);
}
public static unsafe partial bool CertDeleteCertificateFromStore(Interop.Crypt32.CERT_CONTEXT *pCertContext);
private static unsafe partial SafeCertContextHandle CertFindCertificateInStore(SafeCertStoreHandle hCertStore, Interop.Crypt32.CertEncodingType dwCertEncodingType, CertFindFlags dwFindFlags, CertFindType dwFindType, void *pvFindPara, Interop.Crypt32.CERT_CONTEXT *pPrevCertContext);
