internal static SafeSharedX509StackHandle GetPkcs7Certificates(SafePkcs7Handle p7)
{
if (p7 == null || p7.IsInvalid)
{
return SafeSharedX509StackHandle.InvalidHandle;
}
SafeSharedX509StackHandle certs;
int result = GetPkcs7Certificates(p7, out certs);
if (result != 1)
{
throw Interop.Crypto.CreateOpenSslCryptographicException();
}
// Track the parent relationship for the interior pointer so lifetime is well-managed.
certs.SetParent(p7);
return certs;
}
private static bool TryReadPkcs7(
SafePkcs7Handle pkcs7,
bool single,
out ICertificatePal certPal,
out List<ICertificatePal> certPals)
{
List<ICertificatePal> readPals = single ? null : new List<ICertificatePal>();
using (SafeSharedX509StackHandle certs = Interop.Crypto.GetPkcs7Certificates(pkcs7))
{
int count = Interop.Crypto.GetX509StackFieldCount(certs);
if (single)
{
// In single mode for a PKCS#7 signed or signed-and-enveloped file we're supposed to return
// the certificate which signed the PKCS#7 file.
//
// X509Certificate2Collection::Export(X509ContentType.Pkcs7) claims to be a signed PKCS#7,
// but doesn't emit a signature block. So this is hard to test.
//
// TODO(2910): Figure out how to extract the signing certificate, when it's present.
throw new CryptographicException(SR.Cryptography_X509_PKCS7_NoSigner);
}
for (int i = 0; i < count; i++)
{
// Use FromHandle to duplicate the handle since it would otherwise be freed when the PKCS7
// is Disposed.
IntPtr certHandle = Interop.Crypto.GetX509StackField(certs, i);
ICertificatePal pal = CertificatePal.FromHandle(certHandle);
readPals.Add(pal);
}
}
certPal = null;
certPals = readPals;
return true;
}
internal static extern int EncodePkcs7(SafePkcs7Handle p7, byte[] buf);
internal static extern int GetPkcs7DerSize(SafePkcs7Handle p7);
internal static extern bool Pkcs7AddCertificate(SafePkcs7Handle p7, IntPtr x509);
private static extern int GetPkcs7Certificates(SafePkcs7Handle p7, out SafeSharedX509StackHandle certs);
