public bool Build(X509Certificate2 certificate)
{
lock (this.m_syncRoot)
{
if ((certificate == null) || certificate.CertContext.IsInvalid)
{
throw new ArgumentException(SR.GetString("Cryptography_InvalidContextHandle"), "certificate");
}
new StorePermission(StorePermissionFlags.EnumerateCertificates | StorePermissionFlags.OpenStore).Demand();
X509ChainPolicy chainPolicy = this.ChainPolicy;
if ((chainPolicy.RevocationMode == X509RevocationMode.Online) && ((certificate.Extensions["2.5.29.31"] != null) || (certificate.Extensions["1.3.6.1.5.5.7.1.1"] != null)))
{
PermissionSet set = new PermissionSet(PermissionState.None);
set.AddPermission(new WebPermission(PermissionState.Unrestricted));
set.AddPermission(new StorePermission(StorePermissionFlags.AddToStore));
set.Demand();
}
this.Reset();
if (BuildChain(this.m_useMachineContext ? new IntPtr(1L) : new IntPtr(0L), certificate.CertContext, chainPolicy.ExtraStore, chainPolicy.ApplicationPolicy, chainPolicy.CertificatePolicy, chainPolicy.RevocationMode, chainPolicy.RevocationFlag, chainPolicy.VerificationTime, chainPolicy.UrlRetrievalTimeout, ref this.m_safeCertChainHandle) != 0)
{
return(false);
}
this.Init();
CAPIBase.CERT_CHAIN_POLICY_PARA pPolicyPara = new CAPIBase.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CAPIBase.CERT_CHAIN_POLICY_PARA)));
CAPIBase.CERT_CHAIN_POLICY_STATUS pPolicyStatus = new CAPIBase.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CAPIBase.CERT_CHAIN_POLICY_STATUS)));
pPolicyPara.dwFlags = (uint)chainPolicy.VerificationFlags;
if (!CAPISafe.CertVerifyCertificateChainPolicy(new IntPtr(1L), this.m_safeCertChainHandle, ref pPolicyPara, ref pPolicyStatus))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
CAPISafe.SetLastError(pPolicyStatus.dwError);
return(pPolicyStatus.dwError == 0);
}
}
internal static int VerifyCertificate(System.Security.Cryptography.SafeCertContextHandle pCertContext, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout, X509Certificate2Collection extraStore, IntPtr pszPolicy, IntPtr pdwErrorStatus)
{
if ((pCertContext == null) || pCertContext.IsInvalid)
{
throw new ArgumentException("pCertContext");
}
CAPIBase.CERT_CHAIN_POLICY_PARA pPolicyPara = new CAPIBase.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CAPIBase.CERT_CHAIN_POLICY_PARA)));
CAPIBase.CERT_CHAIN_POLICY_STATUS pPolicyStatus = new CAPIBase.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CAPIBase.CERT_CHAIN_POLICY_STATUS)));
SafeCertChainHandle invalidHandle = SafeCertChainHandle.InvalidHandle;
int num = X509Chain.BuildChain(new IntPtr(0L), pCertContext, extraStore, applicationPolicy, certificatePolicy, revocationMode, revocationFlag, verificationTime, timeout, ref invalidHandle);
if (num != 0)
{
return(num);
}
if (!CAPISafe.CertVerifyCertificateChainPolicy(pszPolicy, invalidHandle, ref pPolicyPara, ref pPolicyStatus))
{
return(Marshal.GetHRForLastWin32Error());
}
if (pdwErrorStatus != IntPtr.Zero)
{
pdwErrorStatus[0] = (IntPtr)pPolicyStatus.dwError;
}
if (pPolicyStatus.dwError == 0)
{
return(0);
}
return(1);
}
internal static extern bool CertVerifyCertificateChainPolicy([In] IntPtr pszPolicyOID, [In] SafeCertChainHandle pChainContext, [In] ref CAPIBase.CERT_CHAIN_POLICY_PARA pPolicyPara, [In, Out] ref CAPIBase.CERT_CHAIN_POLICY_STATUS pPolicyStatus);
