internal SubjectIdentifierOrKey(CAPI.CERT_ID certId)
{
switch (certId.dwIdChoice)
{
case CAPI.CERT_ID_ISSUER_SERIAL_NUMBER:
X509IssuerSerial issuerSerial = PkcsUtils.DecodeIssuerSerial(certId.Value.IssuerSerialNumber);
Reset(SubjectIdentifierOrKeyType.IssuerAndSerialNumber, issuerSerial);
break;
case CAPI.CERT_ID_KEY_IDENTIFIER:
byte[] ski = new byte[certId.Value.KeyId.cbData];
Marshal.Copy(certId.Value.KeyId.pbData, ski, 0, ski.Length);
Reset(SubjectIdentifierOrKeyType.SubjectKeyIdentifier, X509Utils.EncodeHexString(ski));
break;
default:
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type"), certId.dwIdChoice.ToString(CultureInfo.InvariantCulture));
}
}
internal static X509Certificate2Collection BuildBagOfCerts(KeyInfoX509Data keyInfoX509Data, CertUsageType certUsageType)
{
X509Certificate2Collection collection = new X509Certificate2Collection();
ArrayList decryptionIssuerSerials = (certUsageType == CertUsageType.Decryption ? new ArrayList() : null);
if (keyInfoX509Data.Certificates != null)
{
foreach (X509Certificate2 certificate in keyInfoX509Data.Certificates)
{
switch (certUsageType)
{
case CertUsageType.Verification:
collection.Add(certificate);
break;
case CertUsageType.Decryption:
decryptionIssuerSerials.Add(new X509IssuerSerial(certificate.IssuerName.Name, certificate.SerialNumber));
break;
}
}
}
if (keyInfoX509Data.SubjectNames == null && keyInfoX509Data.IssuerSerials == null &&
keyInfoX509Data.SubjectKeyIds == null && decryptionIssuerSerials == null)
{
return(collection);
}
// Open LocalMachine and CurrentUser "Other People"/"My" stores.
// Assert OpenStore since we are not giving back any certificates to the user.
StorePermission sp = new StorePermission(StorePermissionFlags.OpenStore);
sp.Assert();
X509Store[] stores = new X509Store[2];
string storeName = (certUsageType == CertUsageType.Verification ? "AddressBook" : "My");
stores[0] = new X509Store(storeName, StoreLocation.CurrentUser);
stores[1] = new X509Store(storeName, StoreLocation.LocalMachine);
for (int index = 0; index < stores.Length; index++)
{
if (stores[index] != null)
{
X509Certificate2Collection filters = null;
// We don't care if we can't open the store.
try {
stores[index].Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
filters = stores[index].Certificates;
stores[index].Close();
if (keyInfoX509Data.SubjectNames != null)
{
foreach (string subjectName in keyInfoX509Data.SubjectNames)
{
filters = filters.Find(X509FindType.FindBySubjectDistinguishedName, subjectName, false);
}
}
if (keyInfoX509Data.IssuerSerials != null)
{
foreach (X509IssuerSerial issuerSerial in keyInfoX509Data.IssuerSerials)
{
filters = filters.Find(X509FindType.FindByIssuerDistinguishedName, issuerSerial.IssuerName, false);
filters = filters.Find(X509FindType.FindBySerialNumber, issuerSerial.SerialNumber, false);
}
}
if (keyInfoX509Data.SubjectKeyIds != null)
{
foreach (byte[] ski in keyInfoX509Data.SubjectKeyIds)
{
string hex = X509Utils.EncodeHexString(ski);
filters = filters.Find(X509FindType.FindBySubjectKeyIdentifier, hex, false);
}
}
if (decryptionIssuerSerials != null)
{
foreach (X509IssuerSerial issuerSerial in decryptionIssuerSerials)
{
filters = filters.Find(X509FindType.FindByIssuerDistinguishedName, issuerSerial.IssuerName, false);
filters = filters.Find(X509FindType.FindBySerialNumber, issuerSerial.SerialNumber, false);
}
}
}
catch (CryptographicException) {}
if (filters != null)
{
collection.AddRange(filters);
}
}
}
return(collection);
}
internal unsafe SubjectIdentifier(CAPI.CRYPTOAPI_BLOB issuer, CAPI.CRYPTOAPI_BLOB serialNumber)
{
// If serial number is 0, then it is the special SKI encoding or NoSignature
bool isSKIorHashOnly = true;
byte *pb = (byte *)serialNumber.pbData;
for (uint i = 0; i < serialNumber.cbData; i++)
{
if (*pb++ != (byte)0)
{
isSKIorHashOnly = false;
break;
}
}
if (isSKIorHashOnly)
{
byte[] issuerBytes = new byte[issuer.cbData];
Marshal.Copy(issuer.pbData, issuerBytes, 0, issuerBytes.Length);
X500DistinguishedName dummyName = new X500DistinguishedName(issuerBytes);
if (String.Compare(CAPI.DummySignerCommonName, dummyName.Name, StringComparison.OrdinalIgnoreCase) == 0)
{
Reset(SubjectIdentifierType.NoSignature, null);
return;
}
}
if (isSKIorHashOnly)
{
// Decode disguised SKI in issuer field (See WinCrypt.h for more info). Note that some certificates may contain
// an all-zero serial number but not be encoded with an szOID_KEYID_RDN. In order to allow use of signatures created
// using these certificates, we will first try to find the szOID_KEYID_RDN, but if it does not exist, fall back to just
// decoding the incoming issuer and serial number.
m_type = SubjectIdentifierType.SubjectKeyIdentifier;
m_value = String.Empty;
uint cbCertNameInfo = 0;
SafeLocalAllocHandle pbCertNameInfo = SafeLocalAllocHandle.InvalidHandle;
if (CAPI.DecodeObject(new IntPtr(CAPI.X509_NAME),
issuer.pbData,
issuer.cbData,
out pbCertNameInfo,
out cbCertNameInfo))
{
using (pbCertNameInfo) {
checked {
CAPI.CERT_NAME_INFO certNameInfo = (CAPI.CERT_NAME_INFO)Marshal.PtrToStructure(pbCertNameInfo.DangerousGetHandle(), typeof(CAPI.CERT_NAME_INFO));
for (uint i = 0; i < certNameInfo.cRDN; i++)
{
CAPI.CERT_RDN certRdn = (CAPI.CERT_RDN)Marshal.PtrToStructure(new IntPtr((long)certNameInfo.rgRDN + (long)(i * Marshal.SizeOf(typeof(CAPI.CERT_RDN)))), typeof(CAPI.CERT_RDN));
for (uint j = 0; j < certRdn.cRDNAttr; j++)
{
CAPI.CERT_RDN_ATTR certRdnAttr = (CAPI.CERT_RDN_ATTR)Marshal.PtrToStructure(new IntPtr((long)certRdn.rgRDNAttr + (long)(j * Marshal.SizeOf(typeof(CAPI.CERT_RDN_ATTR)))), typeof(CAPI.CERT_RDN_ATTR));
if (String.Compare(CAPI.szOID_KEYID_RDN, certRdnAttr.pszObjId, StringComparison.OrdinalIgnoreCase) == 0)
{
if (certRdnAttr.dwValueType == CAPI.CERT_RDN_OCTET_STRING)
{
byte[] ski = new byte[certRdnAttr.Value.cbData];
Marshal.Copy(certRdnAttr.Value.pbData, ski, 0, ski.Length);
Reset(SubjectIdentifierType.SubjectKeyIdentifier, X509Utils.EncodeHexString(ski));
return;
}
}
}
}
}
}
}
}
CAPI.CERT_ISSUER_SERIAL_NUMBER IssuerAndSerial;
IssuerAndSerial.Issuer = issuer;
IssuerAndSerial.SerialNumber = serialNumber;
X509IssuerSerial issuerSerial = PkcsUtils.DecodeIssuerSerial(IssuerAndSerial);
Reset(SubjectIdentifierType.IssuerAndSerialNumber, issuerSerial);
}