public byte[] CreateSignature(Certificate cert, byte[] hash)
{
int flags = 0, mustFree = 0, provider = 0, keySpec = 0, hashptr = 0, size = 0;
try {
if (!Environment.UserInteractive)
{
flags = SecurityConstants.CRYPT_ACQUIRE_SILENT_FLAG;
}
if (SspiProvider.CryptAcquireCertificatePrivateKey(cert.Handle, flags, IntPtr.Zero, ref provider, ref keySpec, ref mustFree) == 0)
{
throw new SslException(AlertDescription.InternalError, "Could not acquire private key.");
}
if (SspiProvider.CryptCreateHash(provider, SecurityConstants.CALG_SSL3_SHAMD5, 0, 0, out hashptr) == 0)
{
throw new CryptographicException("Unable to create the SHA-MD5 hash.");
}
if (SspiProvider.CryptSetHashParam(hashptr, SecurityConstants.HP_HASHVAL, hash, 0) == 0)
{
throw new CryptographicException("Unable to set the value of the SHA-MD5 hash.");
}
SspiProvider.CryptSignHash(hashptr, keySpec, IntPtr.Zero, 0, null, ref size);
if (size == 0)
{
throw new CryptographicException("Unable to sign the data.");
}
byte[] buffer = new byte[size];
if (SspiProvider.CryptSignHash(hashptr, keySpec, IntPtr.Zero, 0, buffer, ref size) == 0)
{
throw new CryptographicException("Unable to sign the data.");
}
Array.Reverse(buffer);
return(buffer);
} finally {
if (hashptr != 0)
{
SspiProvider.CryptDestroyHash(hashptr);
}
if (mustFree != 0 && provider != 0)
{
SspiProvider.CryptReleaseContext(provider, 0);
}
}
}
