public bool Build(X509Certificate2 certificate) { lock (this.m_syncRoot) { if ((certificate == null) || certificate.CertContext.IsInvalid) { throw new ArgumentException(SR.GetString("Cryptography_InvalidContextHandle"), "certificate"); } new StorePermission(StorePermissionFlags.EnumerateCertificates | StorePermissionFlags.OpenStore).Demand(); X509ChainPolicy chainPolicy = this.ChainPolicy; if ((chainPolicy.RevocationMode == X509RevocationMode.Online) && ((certificate.Extensions["2.5.29.31"] != null) || (certificate.Extensions["1.3.6.1.5.5.7.1.1"] != null))) { PermissionSet set = new PermissionSet(PermissionState.None); set.AddPermission(new WebPermission(PermissionState.Unrestricted)); set.AddPermission(new StorePermission(StorePermissionFlags.AddToStore)); set.Demand(); } this.Reset(); if (BuildChain(this.m_useMachineContext ? new IntPtr(1L) : new IntPtr(0L), certificate.CertContext, chainPolicy.ExtraStore, chainPolicy.ApplicationPolicy, chainPolicy.CertificatePolicy, chainPolicy.RevocationMode, chainPolicy.RevocationFlag, chainPolicy.VerificationTime, chainPolicy.UrlRetrievalTimeout, ref this.m_safeCertChainHandle) != 0) { return(false); } this.Init(); CAPIBase.CERT_CHAIN_POLICY_PARA pPolicyPara = new CAPIBase.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CAPIBase.CERT_CHAIN_POLICY_PARA))); CAPIBase.CERT_CHAIN_POLICY_STATUS pPolicyStatus = new CAPIBase.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CAPIBase.CERT_CHAIN_POLICY_STATUS))); pPolicyPara.dwFlags = (uint)chainPolicy.VerificationFlags; if (!CAPISafe.CertVerifyCertificateChainPolicy(new IntPtr(1L), this.m_safeCertChainHandle, ref pPolicyPara, ref pPolicyStatus)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } CAPISafe.SetLastError(pPolicyStatus.dwError); return(pPolicyStatus.dwError == 0); } }
internal static int VerifyCertificate(System.Security.Cryptography.SafeCertContextHandle pCertContext, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout, X509Certificate2Collection extraStore, IntPtr pszPolicy, IntPtr pdwErrorStatus) { if ((pCertContext == null) || pCertContext.IsInvalid) { throw new ArgumentException("pCertContext"); } CAPIBase.CERT_CHAIN_POLICY_PARA pPolicyPara = new CAPIBase.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CAPIBase.CERT_CHAIN_POLICY_PARA))); CAPIBase.CERT_CHAIN_POLICY_STATUS pPolicyStatus = new CAPIBase.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CAPIBase.CERT_CHAIN_POLICY_STATUS))); SafeCertChainHandle invalidHandle = SafeCertChainHandle.InvalidHandle; int num = X509Chain.BuildChain(new IntPtr(0L), pCertContext, extraStore, applicationPolicy, certificatePolicy, revocationMode, revocationFlag, verificationTime, timeout, ref invalidHandle); if (num != 0) { return(num); } if (!CAPISafe.CertVerifyCertificateChainPolicy(pszPolicy, invalidHandle, ref pPolicyPara, ref pPolicyStatus)) { return(Marshal.GetHRForLastWin32Error()); } if (pdwErrorStatus != IntPtr.Zero) { pdwErrorStatus[0] = (IntPtr)pPolicyStatus.dwError; } if (pPolicyStatus.dwError == 0) { return(0); } return(1); }
internal static extern bool CertVerifyCertificateChainPolicy([In] IntPtr pszPolicyOID, [In] SafeCertChainHandle pChainContext, [In] ref CAPIBase.CERT_CHAIN_POLICY_PARA pPolicyPara, [In, Out] ref CAPIBase.CERT_CHAIN_POLICY_STATUS pPolicyStatus);