/// <summary>
/// Obtains the private key for a certificate. This function is used to obtain access to a user's private key when the user's certificate is available, but the handle of the user's key container is not available. This function can only be used by the owner of a private key and not by any other user.
/// If a CSP handle and the key container containing a user's private key are available, the CryptGetUserKey function should be used instead.
/// </summary>
/// <param name="pCert">The address of a CERT_CONTEXT structure that contains the certificate context for which a private key will be obtained.</param>
/// <param name="dwFlags">A set of flags that modify the behavior of this function. This can be zero or a combination of one or more of <see cref="CryptAcquireCertificatePrivateKeyFlags"/> values.</param>
/// <param name="pvParameters">
/// If the <see cref="CryptAcquireCertificatePrivateKeyFlags.CRYPT_ACQUIRE_WINDOW_HANDLE_FLAG"/> is set, then this is the address of an HWND. If the <see cref="CryptAcquireCertificatePrivateKeyFlags.CRYPT_ACQUIRE_WINDOW_HANDLE_FLAG"/> is not set, then this parameter must be NULL.
/// Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This parameter was named pvReserved and reserved for future use and must be NULL.
/// </param>
/// <param name="cryptHandle">
/// Receives a safe handle to either CNG key handle of type NCRYPT_KEY_HANDLE or CryptoAPI provider handle of type HCRYPTPROV.
/// </param>
/// <returns>
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero.
/// </returns>
public static unsafe bool CryptAcquireCertificatePrivateKey(
IntPtr pCert,
CryptAcquireCertificatePrivateKeyFlags dwFlags,
IntPtr pvParameters,
out SafeHandle cryptHandle)
{
IntPtr cryptProvOrNCryptKey;
uint keySpec;
bool callerFreeProvOrNCryptKey;
if (!CryptAcquireCertificatePrivateKey(
pCert,
dwFlags,
(void*)pvParameters,
out cryptProvOrNCryptKey,
out keySpec,
out callerFreeProvOrNCryptKey))
{
cryptHandle = AdvApi32.SafeCryptographicProviderHandle.Null;
return false;
}
if (keySpec == CERT_NCRYPT_KEY_SPEC)
{
cryptHandle = new NCrypt.SafeKeyHandle(cryptProvOrNCryptKey, callerFreeProvOrNCryptKey);
}
else
{
cryptHandle = new AdvApi32.SafeCryptographicProviderHandle(cryptProvOrNCryptKey, callerFreeProvOrNCryptKey);
}
return true;
}
/// <summary>
/// Obtains the private key for a certificate. This function is used to obtain access to a user's private key when the user's certificate is available, but the handle of the user's key container is not available. This function can only be used by the owner of a private key and not by any other user.
/// If a CSP handle and the key container containing a user's private key are available, the CryptGetUserKey function should be used instead.
/// </summary>
/// <param name="pCert">The address of a CERT_CONTEXT structure that contains the certificate context for which a private key will be obtained.</param>
/// <param name="dwFlags">A set of flags that modify the behavior of this function. This can be zero or a combination of one or more of <see cref="CryptAcquireCertificatePrivateKeyFlags"/> values.</param>
/// <param name="pvParameters">
/// If the <see cref="CryptAcquireCertificatePrivateKeyFlags.CRYPT_ACQUIRE_WINDOW_HANDLE_FLAG"/> is set, then this is the address of an HWND. If the <see cref="CryptAcquireCertificatePrivateKeyFlags.CRYPT_ACQUIRE_WINDOW_HANDLE_FLAG"/> is not set, then this parameter must be NULL.
/// Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This parameter was named pvReserved and reserved for future use and must be NULL.
/// </param>
/// <param name="cryptHandle">
/// Receives a safe handle to either CNG key handle of type NCRYPT_KEY_HANDLE or CryptoAPI provider handle of type HCRYPTPROV.
/// </param>
/// <returns>
/// If the function succeeds, the return value is nonzero.
/// If the function fails, the return value is zero.
/// </returns>
public static unsafe bool CryptAcquireCertificatePrivateKey(
IntPtr pCert,
CryptAcquireCertificatePrivateKeyFlags dwFlags,
IntPtr pvParameters,
out SafeHandle cryptHandle)
{
IntPtr cryptProvOrNCryptKey;
uint keySpec;
bool callerFreeProvOrNCryptKey;
if (!CryptAcquireCertificatePrivateKey(
pCert,
dwFlags,
(void *)pvParameters,
out cryptProvOrNCryptKey,
out keySpec,
out callerFreeProvOrNCryptKey))
{
cryptHandle = AdvApi32.SafeCryptographicProviderHandle.Null;
return(false);
}
if (keySpec == CERT_NCRYPT_KEY_SPEC)
{
cryptHandle = new NCrypt.SafeKeyHandle(cryptProvOrNCryptKey, callerFreeProvOrNCryptKey);
}
else
{
cryptHandle = new AdvApi32.SafeCryptographicProviderHandle(cryptProvOrNCryptKey, callerFreeProvOrNCryptKey);
}
return(true);
}
