internal static int VerifyCertificate(System.Security.Cryptography.SafeCertContextHandle pCertContext, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout, X509Certificate2Collection extraStore, IntPtr pszPolicy, IntPtr pdwErrorStatus)
{
if ((pCertContext == null) || pCertContext.IsInvalid)
{
throw new ArgumentException("pCertContext");
}
System.Security.Cryptography.CAPI.CERT_CHAIN_POLICY_PARA pPolicyPara = new System.Security.Cryptography.CAPI.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CERT_CHAIN_POLICY_PARA)));
System.Security.Cryptography.CAPI.CERT_CHAIN_POLICY_STATUS pPolicyStatus = new System.Security.Cryptography.CAPI.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CERT_CHAIN_POLICY_STATUS)));
System.Security.Cryptography.SafeCertChainHandle invalidHandle = System.Security.Cryptography.SafeCertChainHandle.InvalidHandle;
int num = BuildChain(new IntPtr(0L), pCertContext, extraStore, applicationPolicy, certificatePolicy, revocationMode, revocationFlag, verificationTime, timeout, ref invalidHandle);
if (num != 0)
{
return(num);
}
if (!System.Security.Cryptography.CAPI.CAPISafe.CertVerifyCertificateChainPolicy(pszPolicy, invalidHandle, ref pPolicyPara, ref pPolicyStatus))
{
return(Marshal.GetHRForLastWin32Error());
}
if (pdwErrorStatus != IntPtr.Zero)
{
pdwErrorStatus[0] = (IntPtr)pPolicyStatus.dwError;
}
if (pPolicyStatus.dwError == 0)
{
return(0);
}
return(1);
}
public X509Chain(bool useMachineContext)
{
this.m_syncRoot = new object();
this.m_status = 0;
this.m_chainPolicy = null;
this.m_chainStatus = null;
this.m_chainElementCollection = new X509ChainElementCollection();
this.m_safeCertChainHandle = SafeCertChainHandle.InvalidHandle;
this.m_useMachineContext = useMachineContext;
}
public X509Chain(IntPtr chainContext)
{
this.m_syncRoot = new object();
if (chainContext == IntPtr.Zero)
{
throw new ArgumentNullException("chainContext");
}
this.m_safeCertChainHandle = CAPISafe.CertDuplicateCertificateChain(chainContext);
if ((this.m_safeCertChainHandle == null) || (this.m_safeCertChainHandle == SafeCertChainHandle.InvalidHandle))
{
throw new CryptographicException(SR.GetString("Cryptography_InvalidContextHandle"), "chainContext");
}
this.Init();
}
internal static unsafe int BuildChain (IntPtr hChainEngine,
SafeCertContextHandle pCertContext,
X509Certificate2Collection extraStore,
OidCollection applicationPolicy,
OidCollection certificatePolicy,
X509RevocationMode revocationMode,
X509RevocationFlag revocationFlag,
DateTime verificationTime,
TimeSpan timeout,
ref SafeCertChainHandle ppChainContext) {
if (pCertContext == null || pCertContext.IsInvalid)
throw new ArgumentException(SecurityResources.GetResourceString("Cryptography_InvalidContextHandle"), "pCertContext");
SafeCertStoreHandle hCertStore = SafeCertStoreHandle.InvalidHandle;
if (extraStore != null && extraStore.Count > 0)
hCertStore = X509Utils.ExportToMemoryStore(extraStore);
CAPI.CERT_CHAIN_PARA ChainPara = new CAPI.CERT_CHAIN_PARA();
// Initialize the structure size.
ChainPara.cbSize = (uint) Marshal.SizeOf(ChainPara);
// Application policy
SafeLocalAllocHandle applicationPolicyHandle = SafeLocalAllocHandle.InvalidHandle;
if (applicationPolicy != null && applicationPolicy.Count > 0) {
ChainPara.RequestedUsage.dwType = CAPI.USAGE_MATCH_TYPE_AND;
ChainPara.RequestedUsage.Usage.cUsageIdentifier = (uint) applicationPolicy.Count;
applicationPolicyHandle = X509Utils.CopyOidsToUnmanagedMemory(applicationPolicy);
ChainPara.RequestedUsage.Usage.rgpszUsageIdentifier = applicationPolicyHandle.DangerousGetHandle();
}
// Certificate policy
SafeLocalAllocHandle certificatePolicyHandle = SafeLocalAllocHandle.InvalidHandle;
if (certificatePolicy != null && certificatePolicy.Count > 0) {
ChainPara.RequestedIssuancePolicy.dwType = CAPI.USAGE_MATCH_TYPE_AND;
ChainPara.RequestedIssuancePolicy.Usage.cUsageIdentifier = (uint) certificatePolicy.Count;
certificatePolicyHandle = X509Utils.CopyOidsToUnmanagedMemory(certificatePolicy);
ChainPara.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = certificatePolicyHandle.DangerousGetHandle();
}
ChainPara.dwUrlRetrievalTimeout = (uint) timeout.Milliseconds;
_FILETIME ft = new _FILETIME();
*((long*) &ft) = verificationTime.ToFileTime();
uint flags = X509Utils.MapRevocationFlags(revocationMode, revocationFlag);
// Build the chain.
if (!CAPI.CAPISafe.CertGetCertificateChain(hChainEngine,
pCertContext,
ref ft,
hCertStore,
ref ChainPara,
flags,
IntPtr.Zero,
ref ppChainContext))
return Marshal.GetHRForLastWin32Error();
applicationPolicyHandle.Dispose();
certificatePolicyHandle.Dispose();
return CAPI.S_OK;
}
internal static unsafe int BuildChain(IntPtr hChainEngine, System.Security.Cryptography.SafeCertContextHandle pCertContext, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout, ref SafeCertChainHandle ppChainContext)
{
CAPIBase.CERT_CHAIN_PARA cert_chain_para;
if ((pCertContext == null) || pCertContext.IsInvalid)
{
throw new ArgumentException(SR.GetString("Cryptography_InvalidContextHandle"), "pCertContext");
}
System.Security.Cryptography.SafeCertStoreHandle invalidHandle = System.Security.Cryptography.SafeCertStoreHandle.InvalidHandle;
if ((extraStore != null) && (extraStore.Count > 0))
{
invalidHandle = System.Security.Cryptography.X509Certificates.X509Utils.ExportToMemoryStore(extraStore);
}
cert_chain_para = new CAPIBase.CERT_CHAIN_PARA {
cbSize = (uint) Marshal.SizeOf(cert_chain_para)
};
SafeLocalAllocHandle handle2 = SafeLocalAllocHandle.InvalidHandle;
if ((applicationPolicy != null) && (applicationPolicy.Count > 0))
{
cert_chain_para.RequestedUsage.dwType = 0;
cert_chain_para.RequestedUsage.Usage.cUsageIdentifier = (uint) applicationPolicy.Count;
handle2 = System.Security.Cryptography.X509Certificates.X509Utils.CopyOidsToUnmanagedMemory(applicationPolicy);
cert_chain_para.RequestedUsage.Usage.rgpszUsageIdentifier = handle2.DangerousGetHandle();
}
SafeLocalAllocHandle handle3 = SafeLocalAllocHandle.InvalidHandle;
if ((certificatePolicy != null) && (certificatePolicy.Count > 0))
{
cert_chain_para.RequestedIssuancePolicy.dwType = 0;
cert_chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = (uint) certificatePolicy.Count;
handle3 = System.Security.Cryptography.X509Certificates.X509Utils.CopyOidsToUnmanagedMemory(certificatePolicy);
cert_chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = handle3.DangerousGetHandle();
}
cert_chain_para.dwUrlRetrievalTimeout = (uint) timeout.Milliseconds;
System.Runtime.InteropServices.ComTypes.FILETIME pTime = new System.Runtime.InteropServices.ComTypes.FILETIME();
*((long*) &pTime) = verificationTime.ToFileTime();
uint dwFlags = System.Security.Cryptography.X509Certificates.X509Utils.MapRevocationFlags(revocationMode, revocationFlag);
if (!CAPISafe.CertGetCertificateChain(hChainEngine, pCertContext, ref pTime, invalidHandle, ref cert_chain_para, dwFlags, IntPtr.Zero, ref ppChainContext))
{
return Marshal.GetHRForLastWin32Error();
}
handle2.Dispose();
handle3.Dispose();
return 0;
}
public void Reset()
{
this.m_status = 0;
this.m_chainStatus = null;
this.m_chainElementCollection = new X509ChainElementCollection();
if (!this.m_safeCertChainHandle.IsInvalid)
{
this.m_safeCertChainHandle.Dispose();
this.m_safeCertChainHandle = SafeCertChainHandle.InvalidHandle;
}
}
public X509Chain (bool useMachineContext) {
m_status = 0;
m_chainPolicy = null;
m_chainStatus = null;
m_chainElementCollection = new X509ChainElementCollection();
m_safeCertChainHandle = SafeCertChainHandle.InvalidHandle;
m_useMachineContext = useMachineContext;
}
public X509Chain (IntPtr chainContext) {
if (chainContext == IntPtr.Zero)
throw new ArgumentNullException("chainContext");
m_safeCertChainHandle = CAPI.CertDuplicateCertificateChain(chainContext);
if (m_safeCertChainHandle == null || m_safeCertChainHandle == SafeCertChainHandle.InvalidHandle)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidContextHandle), "chainContext");
Init();
}
internal static extern bool CertVerifyCertificateChainPolicy([In] IntPtr pszPolicyOID, [In] SafeCertChainHandle pChainContext, [In] ref CAPIBase.CERT_CHAIN_POLICY_PARA pPolicyPara, [In, Out] ref CAPIBase.CERT_CHAIN_POLICY_STATUS pPolicyStatus);
internal static extern bool CertGetCertificateChain([In] IntPtr hChainEngine, [In] SafeCertContextHandle pCertContext, [In] ref System.Runtime.InteropServices.ComTypes.FILETIME pTime, [In] SafeCertStoreHandle hAdditionalStore, [In] ref CAPIBase.CERT_CHAIN_PARA pChainPara, [In] uint dwFlags, [In] IntPtr pvReserved, [In, Out] ref SafeCertChainHandle ppChainContext);
internal static extern SafeCertChainHandle CertDuplicateCertificateChain([In] SafeCertChainHandle pChainContext);
static unsafe void BuildChain(IntPtr hChainEngine,
IntPtr pCertContext,
X509Certificate2Collection extraStore,
OidCollection applicationPolicy,
OidCollection certificatePolicy,
X509RevocationMode revocationMode,
X509RevocationFlag revocationFlag,
DateTime verificationTime,
TimeSpan timeout,
out SafeCertChainHandle ppChainContext)
{
SafeCertStoreHandle hCertStore = ExportToMemoryStore(extraStore, pCertContext);
CAPI.CERT_CHAIN_PARA ChainPara = new CAPI.CERT_CHAIN_PARA();
ChainPara.cbSize = (uint)Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_PARA));
// Application policy
SafeHGlobalHandle applicationPolicyHandle = SafeHGlobalHandle.InvalidHandle;
SafeHGlobalHandle certificatePolicyHandle = SafeHGlobalHandle.InvalidHandle;
try
{
if (applicationPolicy != null && applicationPolicy.Count > 0)
{
ChainPara.RequestedUsage.dwType = CAPI.USAGE_MATCH_TYPE_AND;
ChainPara.RequestedUsage.Usage.cUsageIdentifier = (uint)applicationPolicy.Count;
applicationPolicyHandle = CopyOidsToUnmanagedMemory(applicationPolicy);
ChainPara.RequestedUsage.Usage.rgpszUsageIdentifier = applicationPolicyHandle.DangerousGetHandle();
}
// Certificate policy
if (certificatePolicy != null && certificatePolicy.Count > 0)
{
ChainPara.RequestedIssuancePolicy.dwType = CAPI.USAGE_MATCH_TYPE_AND;
ChainPara.RequestedIssuancePolicy.Usage.cUsageIdentifier = (uint)certificatePolicy.Count;
certificatePolicyHandle = CopyOidsToUnmanagedMemory(certificatePolicy);
ChainPara.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = certificatePolicyHandle.DangerousGetHandle();
}
ChainPara.dwUrlRetrievalTimeout = (uint)timeout.Milliseconds;
FILETIME ft = new FILETIME();
*((long*)&ft) = verificationTime.ToFileTime();
uint flags = MapRevocationFlags(revocationMode, revocationFlag);
// Build the chain.
if (!CAPI.CertGetCertificateChain(hChainEngine,
pCertContext,
ref ft,
hCertStore,
ref ChainPara,
flags,
IntPtr.Zero,
out ppChainContext))
{
int error = Marshal.GetLastWin32Error();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(error));
}
}
finally
{
if (applicationPolicyHandle != null)
applicationPolicyHandle.Dispose();
if (certificatePolicyHandle != null)
certificatePolicyHandle.Dispose();
hCertStore.Close();
}
}
private unsafe void Verify(X509Certificate2Collection extraStore, X509Certificate2 certificate, bool verifySignatureOnly)
{
System.Security.Cryptography.SafeLocalAllocHandle invalidHandle = System.Security.Cryptography.SafeLocalAllocHandle.InvalidHandle;
System.Security.Cryptography.CAPI.CERT_CONTEXT cert_context = (System.Security.Cryptography.CAPI.CERT_CONTEXT)Marshal.PtrToStructure(System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(certificate).DangerousGetHandle(), typeof(System.Security.Cryptography.CAPI.CERT_CONTEXT));
IntPtr ptr = new IntPtr(((long)cert_context.pCertInfo) + ((long)Marshal.OffsetOf(typeof(System.Security.Cryptography.CAPI.CERT_INFO), "SubjectPublicKeyInfo")));
IntPtr ptr2 = new IntPtr(((long)ptr) + ((long)Marshal.OffsetOf(typeof(System.Security.Cryptography.CAPI.CERT_PUBLIC_KEY_INFO), "Algorithm")));
IntPtr ptr3 = new IntPtr(((long)ptr2) + ((long)Marshal.OffsetOf(typeof(System.Security.Cryptography.CAPI.CRYPT_ALGORITHM_IDENTIFIER), "Parameters")));
IntPtr pvKey = Marshal.ReadIntPtr(ptr2);
if (System.Security.Cryptography.CAPI.CryptFindOIDInfo(1, pvKey, 3).Algid == 0x2200)
{
bool flag = false;
IntPtr ptr5 = new IntPtr(((long)ptr3) + ((long)Marshal.OffsetOf(typeof(System.Security.Cryptography.CAPI.CRYPTOAPI_BLOB), "cbData")));
IntPtr ptr6 = new IntPtr(((long)ptr3) + ((long)Marshal.OffsetOf(typeof(System.Security.Cryptography.CAPI.CRYPTOAPI_BLOB), "pbData")));
if (Marshal.ReadInt32(ptr5) == 0)
{
flag = true;
}
else if (Marshal.ReadIntPtr(ptr6) == IntPtr.Zero)
{
flag = true;
}
else if (Marshal.ReadInt32(Marshal.ReadIntPtr(ptr6)) == 5)
{
flag = true;
}
if (flag)
{
System.Security.Cryptography.SafeCertChainHandle ppChainContext = System.Security.Cryptography.SafeCertChainHandle.InvalidHandle;
System.Security.Cryptography.X509Certificates.X509Utils.BuildChain(new IntPtr(0L), System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(certificate), null, null, null, X509RevocationMode.NoCheck, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), ref ppChainContext);
ppChainContext.Dispose();
uint pcbData = 0;
if (!System.Security.Cryptography.CAPI.CAPISafe.CertGetCertificateContextProperty(System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(certificate), 0x16, invalidHandle, ref pcbData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (pcbData > 0)
{
invalidHandle = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr((long)pcbData));
if (!System.Security.Cryptography.CAPI.CAPISafe.CertGetCertificateContextProperty(System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(certificate), 0x16, invalidHandle, ref pcbData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
Marshal.WriteInt32(ptr5, (int)pcbData);
Marshal.WriteIntPtr(ptr6, invalidHandle.DangerousGetHandle());
}
}
}
if (this.m_parentSignerInfo == null)
{
if (!System.Security.Cryptography.CAPI.CryptMsgControl(this.m_signedCms.GetCryptMsgHandle(), 0, 1, cert_context.pCertInfo))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
goto Label_02F4;
}
int num2 = -1;
int hr = 0;
Label_022F:
try
{
num2 = PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this.m_parentSignerInfo, num2 + 1);
}
catch (CryptographicException)
{
if (hr == 0)
{
throw;
}
throw new CryptographicException(hr);
}
uint cbData = 0;
System.Security.Cryptography.SafeLocalAllocHandle pvData = System.Security.Cryptography.SafeLocalAllocHandle.InvalidHandle;
PkcsUtils.GetParam(this.m_signedCms.GetCryptMsgHandle(), 0x1c, (uint)num2, out pvData, out cbData);
if (cbData == 0)
{
hr = -2146885618;
goto Label_022F;
}
fixed(byte *numRef = this.m_encodedSignerInfo)
{
if (!System.Security.Cryptography.CAPI.CAPISafe.CryptMsgVerifyCountersignatureEncoded(IntPtr.Zero, 0x10001, pvData.DangerousGetHandle(), cbData, new IntPtr((void *)numRef), (uint)this.m_encodedSignerInfo.Length, cert_context.pCertInfo))
{
hr = Marshal.GetLastWin32Error();
goto Label_022F;
}
}
pvData.Dispose();
Label_02F4:
if (!verifySignatureOnly)
{
int num5 = VerifyCertificate(certificate, extraStore);
if (num5 != 0)
{
throw new CryptographicException(num5);
}
}
invalidHandle.Dispose();
}
internal static unsafe int BuildChain(IntPtr hChainEngine, System.Security.Cryptography.SafeCertContextHandle pCertContext, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout, ref System.Security.Cryptography.SafeCertChainHandle ppChainContext)
{
System.Security.Cryptography.CAPI.CERT_CHAIN_PARA cert_chain_para;
if ((pCertContext == null) || pCertContext.IsInvalid)
{
throw new ArgumentException(SecurityResources.GetResourceString("Cryptography_InvalidContextHandle"), "pCertContext");
}
System.Security.Cryptography.SafeCertStoreHandle invalidHandle = System.Security.Cryptography.SafeCertStoreHandle.InvalidHandle;
if ((extraStore != null) && (extraStore.Count > 0))
{
invalidHandle = ExportToMemoryStore(extraStore);
}
cert_chain_para = new System.Security.Cryptography.CAPI.CERT_CHAIN_PARA {
cbSize = (uint)Marshal.SizeOf(cert_chain_para)
};
System.Security.Cryptography.SafeLocalAllocHandle handle2 = System.Security.Cryptography.SafeLocalAllocHandle.InvalidHandle;
if ((applicationPolicy != null) && (applicationPolicy.Count > 0))
{
cert_chain_para.RequestedUsage.dwType = 0;
cert_chain_para.RequestedUsage.Usage.cUsageIdentifier = (uint)applicationPolicy.Count;
handle2 = CopyOidsToUnmanagedMemory(applicationPolicy);
cert_chain_para.RequestedUsage.Usage.rgpszUsageIdentifier = handle2.DangerousGetHandle();
}
System.Security.Cryptography.SafeLocalAllocHandle handle3 = System.Security.Cryptography.SafeLocalAllocHandle.InvalidHandle;
if ((certificatePolicy != null) && (certificatePolicy.Count > 0))
{
cert_chain_para.RequestedIssuancePolicy.dwType = 0;
cert_chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = (uint)certificatePolicy.Count;
handle3 = CopyOidsToUnmanagedMemory(certificatePolicy);
cert_chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = handle3.DangerousGetHandle();
}
cert_chain_para.dwUrlRetrievalTimeout = (uint)timeout.Milliseconds;
System.Runtime.InteropServices.ComTypes.FILETIME pTime = new System.Runtime.InteropServices.ComTypes.FILETIME();
*((long *)&pTime) = verificationTime.ToFileTime();
uint dwFlags = MapRevocationFlags(revocationMode, revocationFlag);
if (!System.Security.Cryptography.CAPI.CAPISafe.CertGetCertificateChain(hChainEngine, pCertContext, ref pTime, invalidHandle, ref cert_chain_para, dwFlags, IntPtr.Zero, ref ppChainContext))
{
return(Marshal.GetHRForLastWin32Error());
}
handle2.Dispose();
handle3.Dispose();
return(0);
}
