public static IChainPal BuildChain( bool useMachineContext, ICertificatePal cert, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout) { // An input value of 0 on the timeout is "take all the time you need". if (timeout == TimeSpan.Zero) { timeout = TimeSpan.MaxValue; } // Let Unspecified mean Local, so only convert if the source was UTC. // // Converge on Local instead of UTC because OpenSSL is going to assume we gave it // local time. if (verificationTime.Kind == DateTimeKind.Utc) { verificationTime = verificationTime.ToLocalTime(); } TimeSpan remainingDownloadTime = timeout; X509Certificate2 leaf = new X509Certificate2(cert.Handle); List <X509Certificate2> downloaded = new List <X509Certificate2>(); List <X509Certificate2> systemTrusted = new List <X509Certificate2>(); List <X509Certificate2> candidates = OpenSslX509ChainProcessor.FindCandidates( leaf, extraStore, downloaded, systemTrusted, ref remainingDownloadTime); IChainPal chain = OpenSslX509ChainProcessor.BuildChain( leaf, candidates, downloaded, systemTrusted, applicationPolicy, certificatePolicy, revocationMode, revocationFlag, verificationTime, ref remainingDownloadTime); if (chain.ChainStatus.Length == 0 && downloaded.Count > 0) { SaveIntermediateCertificates(chain.ChainElements, downloaded); } return(chain); }
private void Reset() { _lazyChainStatus = null; _chainElements = new X509ChainElementCollection(); IChainPal pal = _pal; _pal = null; if (pal != null) { pal.Dispose(); } }
public void Reset() { // _chainPolicy is not reset for .NET Framework compat _lazyChainStatus = null; _chainElements = null; _useMachineContext = false; IChainPal pal = _pal; _pal = null; if (pal != null) { pal.Dispose(); } }
internal bool Build(X509Certificate2 certificate, bool throwOnException) { lock (_syncRoot) { if (certificate == null || certificate.Pal == null) { throw new ArgumentException(SR.Cryptography_InvalidContextHandle, nameof(certificate)); } Reset(); X509ChainPolicy chainPolicy = ChainPolicy; _pal = ChainPal.BuildChain( _useMachineContext, certificate.Pal, chainPolicy.ExtraStore, chainPolicy.ApplicationPolicy, chainPolicy.CertificatePolicy, chainPolicy.RevocationMode, chainPolicy.RevocationFlag, chainPolicy.VerificationTime, chainPolicy.UrlRetrievalTimeout ); if (_pal == null) { return(false); } _chainElements = new X509ChainElementCollection(_pal.ChainElements); Exception verificationException; bool? verified = _pal.Verify(chainPolicy.VerificationFlags, out verificationException); if (!verified.HasValue) { if (throwOnException) { throw verificationException; } else { verified = false; } } return(verified.Value); } }
public static IChainPal BuildChain( bool useMachineContext, ICertificatePal cert, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout) { CheckRevocationMode(revocationMode); // An input value of 0 on the timeout is "take all the time you need". if (timeout == TimeSpan.Zero) { timeout = TimeSpan.MaxValue; } TimeSpan remainingDownloadTime = timeout; X509Certificate2 leaf = new X509Certificate2(cert.Handle); List <X509Certificate2> downloaded = new List <X509Certificate2>(); List <X509Certificate2> candidates = OpenSslX509ChainProcessor.FindCandidates( leaf, extraStore, downloaded, ref remainingDownloadTime); IChainPal chain = OpenSslX509ChainProcessor.BuildChain( leaf, candidates, downloaded, applicationPolicy, certificatePolicy, verificationTime); if (chain.ChainStatus.Length == 0 && downloaded.Count > 0) { SaveIntermediateCertificates(chain.ChainElements, downloaded); } return(chain); }
public X509Chain(IntPtr chainContext) { _pal = ChainPal.FromHandle(chainContext); Debug.Assert(_pal != null); _chainElements = new X509ChainElementCollection(_pal.ChainElements); }
internal bool Build(X509Certificate2 certificate, bool throwOnException) { lock (_syncRoot) { if (certificate == null || certificate.Pal == null) { throw new ArgumentException(SR.Cryptography_InvalidContextHandle, nameof(certificate)); } if (_chainPolicy != null && _chainPolicy.CustomTrustStore != null) { if (_chainPolicy.TrustMode == X509ChainTrustMode.System && _chainPolicy.CustomTrustStore.Count > 0) { throw new CryptographicException(SR.Cryptography_CustomTrustCertsInSystemMode, nameof(_chainPolicy.TrustMode)); } foreach (X509Certificate2 customCertificate in _chainPolicy.CustomTrustStore) { if (customCertificate == null || customCertificate.Handle == IntPtr.Zero) { throw new CryptographicException(SR.Cryptography_InvalidTrustCertificate, nameof(_chainPolicy.CustomTrustStore)); } } } Reset(); X509ChainPolicy chainPolicy = ChainPolicy; _pal = ChainPal.BuildChain( _useMachineContext, certificate.Pal, chainPolicy._extraStore, chainPolicy._applicationPolicy, chainPolicy._certificatePolicy, chainPolicy.RevocationMode, chainPolicy.RevocationFlag, chainPolicy.CustomTrustStore, chainPolicy.TrustMode, chainPolicy.VerificationTime, chainPolicy.UrlRetrievalTimeout ); if (_pal == null) { return(false); } _chainElements = new X509ChainElementCollection(_pal.ChainElements); Exception verificationException; bool? verified = _pal.Verify(chainPolicy.VerificationFlags, out verificationException); if (!verified.HasValue) { if (throwOnException) { throw verificationException; } else { verified = false; } } return(verified.Value); } }
public static IChainPal BuildChain( bool useMachineContext, ICertificatePal cert, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout) { // An input value of 0 on the timeout is "take all the time you need". if (timeout == TimeSpan.Zero) { timeout = TimeSpan.MaxValue; } // Let Unspecified mean Local, so only convert if the source was UTC. // // Converge on Local instead of UTC because OpenSSL is going to assume we gave it // local time. if (verificationTime.Kind == DateTimeKind.Utc) { verificationTime = verificationTime.ToLocalTime(); } TimeSpan remainingDownloadTime = timeout; using (var leaf = new X509Certificate2(cert.Handle)) { var downloaded = new HashSet <X509Certificate2>(); var systemTrusted = new HashSet <X509Certificate2>(); HashSet <X509Certificate2> candidates = OpenSslX509ChainProcessor.FindCandidates( leaf, extraStore, downloaded, systemTrusted, ref remainingDownloadTime); IChainPal chain = OpenSslX509ChainProcessor.BuildChain( leaf, candidates, downloaded, systemTrusted, applicationPolicy, certificatePolicy, revocationMode, revocationFlag, verificationTime, ref remainingDownloadTime); #if DEBUG if (chain.ChainElements.Length > 0) { X509Certificate2 reportedLeaf = chain.ChainElements[0].Certificate; Debug.Assert(reportedLeaf != null, "reportedLeaf != null"); Debug.Assert(reportedLeaf.Equals(leaf), "reportedLeaf.Equals(leaf)"); Debug.Assert(!ReferenceEquals(reportedLeaf, leaf), "!ReferenceEquals(reportedLeaf, leaf)"); } #endif if (chain.ChainStatus.Length == 0 && downloaded.Count > 0) { SaveIntermediateCertificates(chain.ChainElements, downloaded); } // Everything we put into the chain has been cloned, dispose all the originals. systemTrusted.DisposeAll(); downloaded.DisposeAll(); // Candidate certs which came from extraStore should NOT be disposed, since they came // from outside. var extraStoreByReference = new HashSet <X509Certificate2>( ReferenceEqualityComparer <X509Certificate2> .Instance); foreach (X509Certificate2 extraCert in extraStore) { extraStoreByReference.Add(extraCert); } foreach (X509Certificate2 candidate in candidates) { if (!extraStoreByReference.Contains(candidate)) { candidate.Dispose(); } } return(chain); } }
internal bool Build(X509Certificate2 certificate, bool throwOnException) { lock (_syncRoot) { if (certificate == null) throw new ArgumentException(SR.Cryptography_InvalidContextHandle, nameof(certificate)); Reset(); X509ChainPolicy chainPolicy = ChainPolicy; _pal = ChainPal.BuildChain( _useMachineContext, certificate.Pal, chainPolicy.ExtraStore, chainPolicy.ApplicationPolicy, chainPolicy.CertificatePolicy, chainPolicy.RevocationMode, chainPolicy.RevocationFlag, chainPolicy.VerificationTime, chainPolicy.UrlRetrievalTimeout ); if (_pal == null) return false; _chainElements = new X509ChainElementCollection(_pal.ChainElements); Exception verificationException; bool? verified = _pal.Verify(chainPolicy.VerificationFlags, out verificationException); if (!verified.HasValue) { if (throwOnException) { throw verificationException; } else { verified = false; } } return verified.Value; } }
public void Reset() { // _chainPolicy is not reset for desktop compat _lazyChainStatus = null; _chainElements = null; _useMachineContext = false; IChainPal pal = _pal; _pal = null; if (pal != null) pal.Dispose(); }