new internal static SafeLocalAllocHandle LocalAlloc(uint uFlags, uint sizetdwBytes) { SafeLocalAllocHandle safeLocalAllocHandle = CAPIMethods.LocalAlloc(uFlags, sizetdwBytes); if (safeLocalAllocHandle == null || safeLocalAllocHandle.IsInvalid) { throw new OutOfMemoryException(); } return(safeLocalAllocHandle); }
internal static bool CertSetKeyProviderInfoProperty(IntPtr pCert, SafeLocalAllocHandle handle) { if (pCert == null) { throw new ArgumentNullException(nameof(pCert)); } if (handle.IsInvalid) { throw new ArgumentException(nameof(handle)); } new PermissionSet(PermissionState.Unrestricted).Demand(); return(CertSetCertificateContextProperty(pCert, CAPI.CERT_KEY_PROV_INFO_PROP_ID, 0, handle)); }
/// <summary> /// If the certificate has private key, this cert can be used for signing, if it does not, /// try to access private key stored in the CSP, if CSP provider or key container name /// is not provided, certificate can't be used for signing. /// </summary> /// <param name="certificate">Certificate</param> /// <param name="cryptoProviderName">Crypto provider name</param> /// <param name="keyContainerName">Key container name</param> /// <param name="providerType">Provider type</param> /// <returns></returns> public static bool SetPrivateKeyIfNeeded(X509Certificate2 certificate, string cryptoProviderName, string keyContainerName, int providerType = -1) { if (Certificate.HasPrivateKey(certificate)) { // We got a .pfx file. // Silently ignore CSP name or key container if either was provided with a .pfx fle. return(true); } // If provider and key container names are specified, try to access private key. if (cryptoProviderName != null && keyContainerName != null) { try { bool result = true; if (providerType == PROV_UNINITIALIZED) { providerType = Certificate.GetCspType(cryptoProviderName); } if (providerType == PROV_UNINITIALIZED) { return(false); } // The following code will modify state of certificates from x509Store, // make sure to assign private keys only to certificates that were created from a .cer files if (providerType != 0) { CspParameters parameters; parameters = new CspParameters { ProviderName = cryptoProviderName, ProviderType = providerType, KeyContainerName = keyContainerName, KeyNumber = (int)KeyNumber.Signature, // Make sure key creation is not attempted. Flags = CspProviderFlags.UseExistingKey }; if (IsMachineCryptKey(cryptoProviderName, (uint)providerType, keyContainerName)) { // Search only Machine key store for this private key, if not set we search only user store. parameters.Flags |= CspProviderFlags.UseMachineKeyStore; } certificate.PrivateKey = new RSACryptoServiceProvider(parameters); } else { CAPI.CRYPT_KEY_PROV_INFO keyProvInfo = new CAPI.CRYPT_KEY_PROV_INFO { pwszProvName = cryptoProviderName, pwszContainerName = keyContainerName, dwProvType = (uint)providerType, dwKeySpec = (int)KeyNumber.Signature, dwFlags = IsMachineNCryptKey(cryptoProviderName, keyContainerName) ? NCryptMethods.NCRYPT_MACHINE_KEY_FLAG : (uint)0 }; using (SafeLocalAllocHandle pKeyProvInfo = CAPI.LocalAlloc(CAPI.LPTR, (uint)Marshal.SizeOf(typeof(CAPI.CRYPT_KEY_PROV_INFO)))) { Marshal.StructureToPtr(keyProvInfo, pKeyProvInfo.DangerousGetHandle(), false); result = CAPI.CertSetKeyProviderInfoProperty(certificate.Handle, pKeyProvInfo); Marshal.DestroyStructure(pKeyProvInfo.DangerousGetHandle(), typeof(CAPI.CRYPT_KEY_PROV_INFO)); } } return(result); } catch (Exception e) { if (Misc.IsCriticalException(e)) { throw; } // Caller displays an error message. System.Diagnostics.Debug.WriteLine(e.Message); } } return(false); }
internal static extern bool CertSetCertificateContextProperty( IntPtr pCertContext, int dwPropId, int dwFlags, SafeLocalAllocHandle pvData);