private static unsafe byte[] ExportCertificatesToBlob(System.Security.Cryptography.SafeCertStoreHandle safeCertStoreHandle, X509ContentType contentType, string password) { System.Security.Cryptography.SafeCertContextHandle invalidHandle = System.Security.Cryptography.SafeCertContextHandle.InvalidHandle; uint dwSaveAs = 2; byte[] destination = null; CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob = new CAPIBase.CRYPTOAPI_BLOB(); SafeLocalAllocHandle pbElement = SafeLocalAllocHandle.InvalidHandle; switch (contentType) { case X509ContentType.Cert: invalidHandle = CAPI.CertEnumCertificatesInStore(safeCertStoreHandle, invalidHandle); if ((invalidHandle != null) && !invalidHandle.IsInvalid) { CAPIBase.CERT_CONTEXT cert_context = *((CAPIBase.CERT_CONTEXT *)invalidHandle.DangerousGetHandle()); destination = new byte[cert_context.cbCertEncoded]; Marshal.Copy(cert_context.pbCertEncoded, destination, 0, destination.Length); } break; case X509ContentType.SerializedCert: { invalidHandle = CAPI.CertEnumCertificatesInStore(safeCertStoreHandle, invalidHandle); uint num2 = 0; if ((invalidHandle != null) && !invalidHandle.IsInvalid) { if (!CAPISafe.CertSerializeCertificateStoreElement(invalidHandle, 0, pbElement, new IntPtr((void *)&num2))) { throw new CryptographicException(Marshal.GetLastWin32Error()); } pbElement = CAPI.LocalAlloc(0, new IntPtr((long)num2)); if (!CAPISafe.CertSerializeCertificateStoreElement(invalidHandle, 0, pbElement, new IntPtr((void *)&num2))) { throw new CryptographicException(Marshal.GetLastWin32Error()); } destination = new byte[num2]; Marshal.Copy(pbElement.DangerousGetHandle(), destination, 0, destination.Length); break; } break; } case X509ContentType.Pfx: if (!CAPI.PFXExportCertStore(safeCertStoreHandle, new IntPtr((void *)&cryptoapi_blob), password, 6)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } cryptoapi_blob.pbData = CAPI.LocalAlloc(0, new IntPtr((long)cryptoapi_blob.cbData)).DangerousGetHandle(); if (!CAPI.PFXExportCertStore(safeCertStoreHandle, new IntPtr((void *)&cryptoapi_blob), password, 6)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } destination = new byte[cryptoapi_blob.cbData]; Marshal.Copy(cryptoapi_blob.pbData, destination, 0, destination.Length); break; case X509ContentType.SerializedStore: case X509ContentType.Pkcs7: if (contentType == X509ContentType.SerializedStore) { dwSaveAs = 1; } if (!CAPI.CertSaveStore(safeCertStoreHandle, 0x10001, dwSaveAs, 2, new IntPtr((void *)&cryptoapi_blob), 0)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } pbElement = CAPI.LocalAlloc(0, new IntPtr((long)cryptoapi_blob.cbData)); cryptoapi_blob.pbData = pbElement.DangerousGetHandle(); if (!CAPI.CertSaveStore(safeCertStoreHandle, 0x10001, dwSaveAs, 2, new IntPtr((void *)&cryptoapi_blob), 0)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } destination = new byte[cryptoapi_blob.cbData]; Marshal.Copy(cryptoapi_blob.pbData, destination, 0, destination.Length); break; default: throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidContentType")); } pbElement.Dispose(); invalidHandle.Dispose(); return(destination); }