private static SafeChainEngineHandle GetChainEngine(
X509ChainTrustMode trustMode,
X509Certificate2Collection?customTrustStore,
bool useMachineContext)
{
SafeChainEngineHandle chainEngineHandle;
if (trustMode == X509ChainTrustMode.CustomRootTrust)
{
// Need to get a valid SafeCertStoreHandle otherwise the default stores will be trusted
using (SafeCertStoreHandle customTrustStoreHandle = ConvertStoreToSafeHandle(customTrustStore, true))
{
CERT_CHAIN_ENGINE_CONFIG customChainEngine = default;
customChainEngine.cbSize = Marshal.SizeOf <CERT_CHAIN_ENGINE_CONFIG>();
customChainEngine.hExclusiveRoot = customTrustStoreHandle.DangerousGetHandle();
chainEngineHandle = Interop.crypt32.CertCreateCertificateChainEngine(ref customChainEngine);
}
}
else
{
chainEngineHandle = useMachineContext ? SafeChainEngineHandle.MachineChainEngine : SafeChainEngineHandle.UserChainEngine;
}
return(chainEngineHandle);
}
internal static SafeChainEngineHandle CertCreateCertificateChainEngine(ref CERT_CHAIN_ENGINE_CONFIG config)
{
if (!CertCreateCertificateChainEngine(ref config, out SafeChainEngineHandle chainEngineHandle))
{
int errorCode = Marshal.GetLastWin32Error();
throw errorCode.ToCryptographicException();
}
return(chainEngineHandle);
}
internal static partial bool CertCreateCertificateChainEngine(ref CERT_CHAIN_ENGINE_CONFIG pConfig, out SafeChainEngineHandle hChainEngineHandle);
private static extern bool CertCreateCertificateChainEngine(ref CERT_CHAIN_ENGINE_CONFIG pConfig, out SafeChainEngineHandle hChainEngineHandle);
