internal static unsafe int VerifyCertificate(System.Security.Cryptography.SafeCertContextHandle pCertContext, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout, X509Certificate2Collection extraStore, IntPtr pszPolicy, IntPtr pdwErrorStatus)
{
if (pCertContext == null || pCertContext.IsInvalid)
{
throw new ArgumentException("pCertContext");
}
CAPI.CERT_CHAIN_POLICY_PARA pPolicyPara = new CAPI.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_POLICY_PARA)));
CAPI.CERT_CHAIN_POLICY_STATUS pPolicyStatus = new CAPI.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_POLICY_STATUS)));
SafeCertChainHandle invalidHandle = SafeCertChainHandle.InvalidHandle;
int num = X509Utils.BuildChain(new IntPtr(0L), pCertContext, extraStore, applicationPolicy, certificatePolicy, revocationMode, revocationFlag, verificationTime, timeout, ref invalidHandle);
if (num != 0)
{
return(num);
}
if (!CAPI.CAPISafe.CertVerifyCertificateChainPolicy(pszPolicy, invalidHandle, ref pPolicyPara, out pPolicyStatus))
{
return(Marshal.GetHRForLastWin32Error());
}
if (pdwErrorStatus != IntPtr.Zero)
{
*(int *)(void *)pdwErrorStatus = (int)pPolicyStatus.dwError;
}
return((int)pPolicyStatus.dwError != 0 ? 1 : 0);
}
private unsafe void Verify(X509Certificate2Collection extraStore, X509Certificate2 certificate, bool verifySignatureOnly)
{
SafeLocalAllocHandle pvData1 = SafeLocalAllocHandle.InvalidHandle;
CAPI.CERT_CONTEXT certContext = (CAPI.CERT_CONTEXT)Marshal.PtrToStructure(X509Utils.GetCertContext(certificate).DangerousGetHandle(), typeof(CAPI.CERT_CONTEXT));
IntPtr ptr1 = new IntPtr((long)new IntPtr((long)certContext.pCertInfo + (long)Marshal.OffsetOf(typeof(CAPI.CERT_INFO), "SubjectPublicKeyInfo")) + (long)Marshal.OffsetOf(typeof(CAPI.CERT_PUBLIC_KEY_INFO), "Algorithm"));
IntPtr num1 = new IntPtr((long)ptr1 + (long)Marshal.OffsetOf(typeof(CAPI.CRYPT_ALGORITHM_IDENTIFIER), "Parameters"));
if ((int)CAPI.CryptFindOIDInfo(1U, Marshal.ReadIntPtr(ptr1), 3U).Algid == 8704)
{
bool flag = false;
IntPtr ptr2 = new IntPtr((long)num1 + (long)Marshal.OffsetOf(typeof(CAPI.CRYPTOAPI_BLOB), "cbData"));
IntPtr ptr3 = new IntPtr((long)num1 + (long)Marshal.OffsetOf(typeof(CAPI.CRYPTOAPI_BLOB), "pbData"));
if (Marshal.ReadInt32(ptr2) == 0)
{
flag = true;
}
else if (Marshal.ReadIntPtr(ptr3) == IntPtr.Zero)
{
flag = true;
}
else if (Marshal.ReadInt32(Marshal.ReadIntPtr(ptr3)) == 5)
{
flag = true;
}
if (flag)
{
SafeCertChainHandle invalidHandle = SafeCertChainHandle.InvalidHandle;
X509Utils.BuildChain(new IntPtr(0L), X509Utils.GetCertContext(certificate), (X509Certificate2Collection)null, (OidCollection)null, (OidCollection)null, X509RevocationMode.NoCheck, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), ref invalidHandle);
invalidHandle.Dispose();
uint pcbData = 0U;
if (!CAPI.CAPISafe.CertGetCertificateContextProperty(X509Utils.GetCertContext(certificate), 22U, pvData1, out pcbData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (pcbData > 0U)
{
pvData1 = CAPI.LocalAlloc(64U, new IntPtr((long)pcbData));
if (!CAPI.CAPISafe.CertGetCertificateContextProperty(X509Utils.GetCertContext(certificate), 22U, pvData1, out pcbData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
Marshal.WriteInt32(ptr2, (int)pcbData);
Marshal.WriteIntPtr(ptr3, pvData1.DangerousGetHandle());
}
}
}
if (this.m_parentSignerInfo == null)
{
if (!CAPI.CryptMsgControl(this.m_signedCms.GetCryptMsgHandle(), 0U, 1U, certContext.pCertInfo))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
else
{
int num2 = -1;
int hr = 0;
SafeLocalAllocHandle pvData2;
while (true)
{
try
{
num2 = PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this.m_parentSignerInfo, num2 + 1);
}
catch (CryptographicException ex)
{
if (hr != 0)
{
throw new CryptographicException(hr);
}
throw;
}
uint cbData = 0U;
pvData2 = SafeLocalAllocHandle.InvalidHandle;
PkcsUtils.GetParam(this.m_signedCms.GetCryptMsgHandle(), 28U, (uint)num2, out pvData2, out cbData);
if ((int)cbData == 0)
{
hr = -2146885618;
}
else
{
fixed(byte *numPtr = this.m_encodedSignerInfo)
{
if (!CAPI.CAPISafe.CryptMsgVerifyCountersignatureEncoded(IntPtr.Zero, 65537U, pvData2.DangerousGetHandle(), cbData, new IntPtr((void *)numPtr), (uint)this.m_encodedSignerInfo.Length, certContext.pCertInfo))
{
hr = Marshal.GetLastWin32Error();
}
else
{
break;
}
}
}
}
// ISSUE: fixed variable is out of scope
// ISSUE: __unpin statement
__unpin(numPtr);
pvData2.Dispose();
}
if (!verifySignatureOnly)
{
int hr = SignerInfo.VerifyCertificate(certificate, extraStore);
if (hr != 0)
{
throw new CryptographicException(hr);
}
}
pvData1.Dispose();
}
internal static unsafe int BuildChain(IntPtr hChainEngine, System.Security.Cryptography.SafeCertContextHandle pCertContext, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout, ref SafeCertChainHandle ppChainContext)
{
if (pCertContext == null || pCertContext.IsInvalid)
{
throw new ArgumentException(SecurityResources.GetResourceString("Cryptography_InvalidContextHandle"), "pCertContext");
}
SafeCertStoreHandle hAdditionalStore = SafeCertStoreHandle.InvalidHandle;
if (extraStore != null && extraStore.Count > 0)
{
hAdditionalStore = X509Utils.ExportToMemoryStore(extraStore);
}
CAPI.CERT_CHAIN_PARA pChainPara = new CAPI.CERT_CHAIN_PARA();
pChainPara.cbSize = (uint)Marshal.SizeOf((object)pChainPara);
SafeLocalAllocHandle localAllocHandle1 = SafeLocalAllocHandle.InvalidHandle;
if (applicationPolicy != null && applicationPolicy.Count > 0)
{
pChainPara.RequestedUsage.dwType = 0U;
pChainPara.RequestedUsage.Usage.cUsageIdentifier = (uint)applicationPolicy.Count;
localAllocHandle1 = X509Utils.CopyOidsToUnmanagedMemory(applicationPolicy);
pChainPara.RequestedUsage.Usage.rgpszUsageIdentifier = localAllocHandle1.DangerousGetHandle();
}
SafeLocalAllocHandle localAllocHandle2 = SafeLocalAllocHandle.InvalidHandle;
if (certificatePolicy != null && certificatePolicy.Count > 0)
{
pChainPara.RequestedIssuancePolicy.dwType = 0U;
pChainPara.RequestedIssuancePolicy.Usage.cUsageIdentifier = (uint)certificatePolicy.Count;
localAllocHandle2 = X509Utils.CopyOidsToUnmanagedMemory(certificatePolicy);
pChainPara.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = localAllocHandle2.DangerousGetHandle();
}
pChainPara.dwUrlRetrievalTimeout = (uint)timeout.Milliseconds;
System.Runtime.InteropServices.ComTypes.FILETIME pTime = new System.Runtime.InteropServices.ComTypes.FILETIME();
*(long *)&pTime = verificationTime.ToFileTime();
uint dwFlags = X509Utils.MapRevocationFlags(revocationMode, revocationFlag);
if (!CAPI.CAPISafe.CertGetCertificateChain(hChainEngine, pCertContext, ref pTime, hAdditionalStore, ref pChainPara, dwFlags, IntPtr.Zero, out ppChainContext))
{
return(Marshal.GetHRForLastWin32Error());
}
localAllocHandle1.Dispose();
localAllocHandle2.Dispose();
return(0);
}
protected override bool ReleaseHandle()
{
SafeCertChainHandle.CertFreeCertificateChain(this.handle);
return(true);
}
