public void Dispose()
{
SafeX509ChainHandle?chain = _chain;
if (chain != null)
{
_chain = null !;
chain.Dispose();
}
}
private byte[] PropagateKeyAlgorithmParametersFromChain()
{
unsafe
{
SafeX509ChainHandle?certChainContext = null;
try
{
int cbData = 0;
if (!Interop.Crypt32.CertGetCertificateContextProperty(_certContext, Interop.Crypt32.CertContextPropId.CERT_PUBKEY_ALG_PARA_PROP_ID, null, ref cbData))
{
CERT_CHAIN_PARA chainPara = default;
chainPara.cbSize = sizeof(CERT_CHAIN_PARA);
if (!Interop.crypt32.CertGetCertificateChain((IntPtr)ChainEngine.HCCE_CURRENT_USER, _certContext, null, SafeCertStoreHandle.InvalidHandle, ref chainPara, CertChainFlags.None, IntPtr.Zero, out certChainContext))
{
throw Marshal.GetHRForLastWin32Error().ToCryptographicException();
}
if (!Interop.Crypt32.CertGetCertificateContextProperty(_certContext, Interop.Crypt32.CertContextPropId.CERT_PUBKEY_ALG_PARA_PROP_ID, null, ref cbData))
{
throw Marshal.GetHRForLastWin32Error().ToCryptographicException();
}
}
byte[] keyAlgorithmParameters = new byte[cbData];
if (!Interop.Crypt32.CertGetCertificateContextProperty(_certContext, Interop.Crypt32.CertContextPropId.CERT_PUBKEY_ALG_PARA_PROP_ID, keyAlgorithmParameters, ref cbData))
{
throw Marshal.GetHRForLastWin32Error().ToCryptographicException();
}
return(keyAlgorithmParameters);
}
finally
{
if (certChainContext != null)
{
certChainContext.Dispose();
}
}
}
}
internal void OpenTrustHandle(
ICertificatePal leafCert,
X509Certificate2Collection?extraStore,
X509RevocationMode revocationMode,
X509Certificate2Collection customTrustStore,
X509ChainTrustMode trustMode)
{
_revocationMode = revocationMode;
SafeCreateHandle policiesArray = PreparePoliciesArray(revocationMode != X509RevocationMode.NoCheck);
SafeCreateHandle certsArray = PrepareCertsArray(leafCert, extraStore, customTrustStore, trustMode);
int osStatus;
SafeX509ChainHandle chain;
int ret = Interop.AppleCrypto.AppleCryptoNative_X509ChainCreate(
certsArray,
policiesArray,
out chain,
out osStatus);
if (ret == 1)
{
if (trustMode == X509ChainTrustMode.CustomRootTrust)
{
SafeCreateHandle customCertsArray = s_emptyArray;
if (customTrustStore != null && customTrustStore.Count > 0)
{
customCertsArray = PrepareCustomCertsArray(customTrustStore);
}
try
{
int error = Interop.AppleCrypto.X509ChainSetTrustAnchorCertificates(chain, customCertsArray);
if (error != 0)
{
throw Interop.AppleCrypto.CreateExceptionForOSStatus(error);
}
}
finally
{
if (customCertsArray != s_emptyArray)
{
customCertsArray.Dispose();
}
}
}
_chainHandle = chain;
return;
}
chain.Dispose();
if (ret == 0)
{
throw Interop.AppleCrypto.CreateExceptionForOSStatus(osStatus);
}
Debug.Fail($"AppleCryptoNative_X509ChainCreate returned unexpected return value {ret}");
throw new CryptographicException();
}
