private static CspParameters GetCspKeyContainerInfoPatameters(CspKeyContainerInfo cspKeyContainerInfo)
{
CspParameters result = null;
if (_cspKeyContainerInfoPatametersField == null)
{
lock (CspKeyContainerInfoPatametersFieldSync)
{
if (_cspKeyContainerInfoPatametersField == null)
{
_cspKeyContainerInfoPatametersField = typeof(CspKeyContainerInfo).GetField("m_parameters", BindingFlags.Instance | BindingFlags.NonPublic);
}
}
}
if (_cspKeyContainerInfoPatametersField != null)
{
result = _cspKeyContainerInfoPatametersField.GetValue(cspKeyContainerInfo) as CspParameters;
}
return result;
}
public void AppendPrivateKeyInfo(StringBuilder sb)
{
if (HasPrivateKey)
{
// Similar to the Unix implementation, in UWP merely acknowledge that there -is- a private key.
sb.AppendLine();
sb.AppendLine();
sb.AppendLine("[Private Key]");
}
#if NETNATIVE
// Similar to the Unix implementation, in UWP merely acknowledge that there -is- a private key.
#else
CspKeyContainerInfo cspKeyContainerInfo = null;
try
{
if (HasPrivateKey)
{
CspParameters parameters = GetPrivateKeyCsp();
cspKeyContainerInfo = new CspKeyContainerInfo(parameters);
}
}
// We could not access the key container. Just return.
catch (CryptographicException) { }
// Ephemeral keys will not have container information.
if (cspKeyContainerInfo == null)
return;
sb.Append(Environment.NewLine + " Key Store: ");
sb.Append(cspKeyContainerInfo.MachineKeyStore ? "Machine" : "User");
sb.Append(Environment.NewLine + " Provider Name: ");
sb.Append(cspKeyContainerInfo.ProviderName);
sb.Append(Environment.NewLine + " Provider type: ");
sb.Append(cspKeyContainerInfo.ProviderType);
sb.Append(Environment.NewLine + " Key Spec: ");
sb.Append(cspKeyContainerInfo.KeyNumber);
sb.Append(Environment.NewLine + " Key Container Name: ");
sb.Append(cspKeyContainerInfo.KeyContainerName);
try
{
string uniqueKeyContainer = cspKeyContainerInfo.UniqueKeyContainerName;
sb.Append(Environment.NewLine + " Unique Key Container Name: ");
sb.Append(uniqueKeyContainer);
}
catch (CryptographicException) { }
catch (NotSupportedException) { }
bool b = false;
try
{
b = cspKeyContainerInfo.HardwareDevice;
sb.Append(Environment.NewLine + " Hardware Device: ");
sb.Append(b);
}
catch (CryptographicException) { }
try
{
b = cspKeyContainerInfo.Removable;
sb.Append(Environment.NewLine + " Removable: ");
sb.Append(b);
}
catch (CryptographicException) { }
try
{
b = cspKeyContainerInfo.Protected;
sb.Append(Environment.NewLine + " Protected: ");
sb.Append(b);
}
catch (CryptographicException) { }
catch (NotSupportedException) { }
#endif // #if NETNATIVE / #else
}
/// <summary>
/// returns the information for the key container associated with the certificate.
/// </summary>
private static CspKeyContainerInfo GetCspKeyContainerInfo(
IntPtr hStore,
string thumbprint,
string symbolicName,
WindowsStoreType storeType)
{
CRYPT_KEY_PROV_INFO pInfo;
IntPtr pData = IntPtr.Zero;
IntPtr pCertContext = IntPtr.Zero;
try
{
// get the certificates.
pCertContext = FindCertificate(hStore, thumbprint);
if (pCertContext == IntPtr.Zero)
{
return null;
}
// get size of the private key provider info struct.
int dwInfoSize = 0;
int bResult = NativeMethods.CertGetCertificateContextProperty(
pCertContext,
CERT_KEY_PROV_INFO_PROP_ID,
pData,
ref dwInfoSize);
if (bResult == 0)
{
// property must not exist.
return null;
}
// get private key provider info.
pData = Marshal.AllocHGlobal(dwInfoSize);
bResult = NativeMethods.CertGetCertificateContextProperty(
pCertContext,
CERT_KEY_PROV_INFO_PROP_ID,
pData,
ref dwInfoSize);
if (bResult == 0)
{
int dwError = Marshal.GetLastWin32Error();
throw ServiceResultException.Create(
StatusCodes.BadUnexpectedError,
"Could not get the provider info for certificate. Error={0:X8}",
dwError);
}
try
{
pInfo = (CRYPT_KEY_PROV_INFO)Marshal.PtrToStructure(pData, typeof(CRYPT_KEY_PROV_INFO));
}
finally
{
Marshal.DestroyStructure(pData, typeof(CRYPT_KEY_PROV_INFO));
}
string name1 = Marshal.PtrToStringUni(pInfo.pwszProvName);
string name2 = Marshal.PtrToStringUni(pInfo.pwszContainerName);
Marshal.FreeHGlobal(pData);
pData = IntPtr.Zero;
// create the crypto service provide parameters.
CspParameters cps = new CspParameters(
pInfo.dwProvType,
name1,
name2);
cps.Flags = CspProviderFlags.UseExistingKey;
if (storeType != WindowsStoreType.CurrentUser)
{
cps.Flags |= CspProviderFlags.UseMachineKeyStore;
}
// get the container information.
CspKeyContainerInfo container = new CspKeyContainerInfo(cps);
// get the access rules on the file.
return container;
}
finally
{
if (pCertContext != IntPtr.Zero)
{
NativeMethods.CertFreeCertificateContext(pCertContext);
}
if (pData != IntPtr.Zero)
{
Marshal.FreeHGlobal(pData);
}
}
}
private void AppendPrivateKeyInfo (StringBuilder sb) {
CspKeyContainerInfo cspKeyContainerInfo = null;
try {
if (this.HasPrivateKey) {
CspParameters parameters = new CspParameters();
if (GetPrivateKeyInfo(m_safeCertContext, ref parameters))
cspKeyContainerInfo = new CspKeyContainerInfo(parameters);
}
}
// We don't have the permission to access the key container. Just return.
catch (SecurityException) {}
// We could not access the key container. Just return.
catch (CryptographicException) {}
if (cspKeyContainerInfo == null)
return;
sb.Append(Environment.NewLine + Environment.NewLine + "[Private Key]");
sb.Append(Environment.NewLine + " Key Store: ");
sb.Append(cspKeyContainerInfo.MachineKeyStore ? "Machine" : "User");
sb.Append(Environment.NewLine + " Provider Name: ");
sb.Append(cspKeyContainerInfo.ProviderName);
sb.Append(Environment.NewLine + " Provider type: ");
sb.Append(cspKeyContainerInfo.ProviderType);
sb.Append(Environment.NewLine + " Key Spec: ");
sb.Append(cspKeyContainerInfo.KeyNumber);
sb.Append(Environment.NewLine + " Key Container Name: ");
sb.Append(cspKeyContainerInfo.KeyContainerName);
try {
string uniqueKeyContainer = cspKeyContainerInfo.UniqueKeyContainerName;
sb.Append(Environment.NewLine + " Unique Key Container Name: ");
sb.Append(uniqueKeyContainer);
}
catch (CryptographicException) {}
catch (NotSupportedException) {}
bool b = false;
try {
b = cspKeyContainerInfo.HardwareDevice;
sb.Append(Environment.NewLine + " Hardware Device: ");
sb.Append(b);
}
catch (CryptographicException) {}
try {
b = cspKeyContainerInfo.Removable;
sb.Append(Environment.NewLine + " Removable: ");
sb.Append(b);
}
catch (CryptographicException) {}
try {
b = cspKeyContainerInfo.Protected;
sb.Append(Environment.NewLine + " Protected: ");
sb.Append(b);
}
catch (CryptographicException) {}
catch (NotSupportedException) {}
}
private void AppendPrivateKeyInfo(StringBuilder sb)
{
CspKeyContainerInfo info = null;
try
{
if (this.HasPrivateKey)
{
CspParameters parameters = new CspParameters();
if (GetPrivateKeyInfo(this.m_safeCertContext, ref parameters))
{
info = new CspKeyContainerInfo(parameters);
}
}
}
catch (SecurityException)
{
}
catch (CryptographicException)
{
}
if (info != null)
{
sb.Append(Environment.NewLine + Environment.NewLine + "[Private Key]");
sb.Append(Environment.NewLine + " Key Store: ");
sb.Append(info.MachineKeyStore ? "Machine" : "User");
sb.Append(Environment.NewLine + " Provider Name: ");
sb.Append(info.ProviderName);
sb.Append(Environment.NewLine + " Provider type: ");
sb.Append(info.ProviderType);
sb.Append(Environment.NewLine + " Key Spec: ");
sb.Append(info.KeyNumber);
sb.Append(Environment.NewLine + " Key Container Name: ");
sb.Append(info.KeyContainerName);
try
{
string uniqueKeyContainerName = info.UniqueKeyContainerName;
sb.Append(Environment.NewLine + " Unique Key Container Name: ");
sb.Append(uniqueKeyContainerName);
}
catch (CryptographicException)
{
}
catch (NotSupportedException)
{
}
bool hardwareDevice = false;
try
{
hardwareDevice = info.HardwareDevice;
sb.Append(Environment.NewLine + " Hardware Device: ");
sb.Append(hardwareDevice);
}
catch (CryptographicException)
{
}
try
{
hardwareDevice = info.Removable;
sb.Append(Environment.NewLine + " Removable: ");
sb.Append(hardwareDevice);
}
catch (CryptographicException)
{
}
try
{
hardwareDevice = info.Protected;
sb.Append(Environment.NewLine + " Protected: ");
sb.Append(hardwareDevice);
}
catch (CryptographicException)
{
}
catch (NotSupportedException)
{
}
}
}
// This method could throw any exception, because RSACryptoServiceProvider ctor could do so
// We will escalate the exceptions to the callers who will be more sensible on how to deal with them
void CommitCryptoKeySecurity(CspKeyContainerInfo info, CryptoKeySecurity keySec)
{
CspParameters cspParams = new CspParameters(
info.ProviderType, info.ProviderName,
info.KeyContainerName);
cspParams.CryptoKeySecurity = keySec;
// Important flag, or the security setting will silently fail
cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
// The RSACryptoServiceProvider ctor will automatically apply DACLs set in CSP's securtiy info
new RSACryptoServiceProvider(cspParams);
}
