Exemple #1
0
        internal static int VerifyCertificate(System.Security.Cryptography.SafeCertContextHandle pCertContext, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout, X509Certificate2Collection extraStore, IntPtr pszPolicy, IntPtr pdwErrorStatus)
        {
            if ((pCertContext == null) || pCertContext.IsInvalid)
            {
                throw new ArgumentException("pCertContext");
            }
            CAPIBase.CERT_CHAIN_POLICY_PARA   pPolicyPara   = new CAPIBase.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CAPIBase.CERT_CHAIN_POLICY_PARA)));
            CAPIBase.CERT_CHAIN_POLICY_STATUS pPolicyStatus = new CAPIBase.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CAPIBase.CERT_CHAIN_POLICY_STATUS)));
            SafeCertChainHandle invalidHandle = SafeCertChainHandle.InvalidHandle;
            int num = X509Chain.BuildChain(new IntPtr(0L), pCertContext, extraStore, applicationPolicy, certificatePolicy, revocationMode, revocationFlag, verificationTime, timeout, ref invalidHandle);

            if (num != 0)
            {
                return(num);
            }
            if (!CAPISafe.CertVerifyCertificateChainPolicy(pszPolicy, invalidHandle, ref pPolicyPara, ref pPolicyStatus))
            {
                return(Marshal.GetHRForLastWin32Error());
            }
            if (pdwErrorStatus != IntPtr.Zero)
            {
                pdwErrorStatus[0] = (IntPtr)pPolicyStatus.dwError;
            }
            if (pPolicyStatus.dwError == 0)
            {
                return(0);
            }
            return(1);
        }
Exemple #2
0
        //
        // Verifies whether a certificate is valid for the specified policy.
        // S_OK means the certificate is valid for the specified policy.
        // S_FALSE means the certificate is invalid for the specified policy.
        // Anything else is an error.
        //

        internal static unsafe int VerifyCertificate(SafeCertContextHandle pCertContext,
                                                     OidCollection applicationPolicy,
                                                     OidCollection certificatePolicy,
                                                     X509RevocationMode revocationMode,
                                                     X509RevocationFlag revocationFlag,
                                                     DateTime verificationTime,
                                                     TimeSpan timeout,
                                                     X509Certificate2Collection extraStore,
                                                     IntPtr pszPolicy,
                                                     IntPtr pdwErrorStatus)
        {
            if (pCertContext == null || pCertContext.IsInvalid)
            {
                throw new ArgumentException("pCertContext");
            }

            CAPI.CERT_CHAIN_POLICY_PARA   PolicyPara   = new CAPI.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_POLICY_PARA)));
            CAPI.CERT_CHAIN_POLICY_STATUS PolicyStatus = new CAPI.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_POLICY_STATUS)));

            // Build the chain.
            SafeCertChainHandle pChainContext = SafeCertChainHandle.InvalidHandle;
            int hr = X509Chain.BuildChain(new IntPtr(CAPI.HCCE_CURRENT_USER),
                                          pCertContext,
                                          extraStore,
                                          applicationPolicy,
                                          certificatePolicy,
                                          revocationMode,
                                          revocationFlag,
                                          verificationTime,
                                          timeout,
                                          ref pChainContext);

            if (hr != CAPI.S_OK)
            {
                return(hr);
            }

            // Verify the chain using the specified policy.
            if (CAPI.CertVerifyCertificateChainPolicy(pszPolicy, pChainContext, ref PolicyPara, ref PolicyStatus))
            {
                if (pdwErrorStatus != IntPtr.Zero)
                {
                    *(uint *)pdwErrorStatus = PolicyStatus.dwError;
                }

                if (PolicyStatus.dwError != 0)
                {
                    return(CAPI.S_FALSE);
                }
            }
            else
            {
                // The API failed.
                return(Marshal.GetHRForLastWin32Error());
            }

            return(CAPI.S_OK);
        }