internal static unsafe int VerifyCertificate(Cryptography.SafeCertContextHandle pCertContext, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout, X509Certificate2Collection extraStore, IntPtr pszPolicy, IntPtr pdwErrorStatus) { if (pCertContext == null || pCertContext.IsInvalid) { throw new ArgumentException("pCertContext"); } CAPI.CERT_CHAIN_POLICY_PARA PolicyPara = new CAPI.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_POLICY_PARA))); CAPI.CERT_CHAIN_POLICY_STATUS PolicyStatus = new CAPI.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_POLICY_STATUS))); // Build the chain. SafeX509ChainHandle pChainContext = SafeX509ChainHandle.InvalidHandle; int hr = X509Chain.BuildChain(new IntPtr(CAPI.HCCE_CURRENT_USER), pCertContext, extraStore, applicationPolicy, certificatePolicy, revocationMode, revocationFlag, verificationTime, timeout, ref pChainContext); if (hr != CAPI.S_OK) { return(hr); } // Verify the chain using the specified policy. if (CAPI.CertVerifyCertificateChainPolicy(pszPolicy, pChainContext, ref PolicyPara, ref PolicyStatus)) { if (pdwErrorStatus != IntPtr.Zero) { *(uint *)pdwErrorStatus = PolicyStatus.dwError; } if (PolicyStatus.dwError != 0) { return(CAPI.S_FALSE); } } else { // The API failed. return(Marshal.GetHRForLastWin32Error()); } return(CAPI.S_OK); }
internal unsafe X509ExtensionCollection(Cryptography.SafeCertContextHandle safeCertContextHandle) { using (Cryptography.SafeCertContextHandle certContext = CAPI.CertDuplicateCertificateContext(safeCertContextHandle)) { CAPI.CERT_CONTEXT pCertContext = *((CAPI.CERT_CONTEXT *)certContext.DangerousGetHandle()); CAPI.CERT_INFO pCertInfo = (CAPI.CERT_INFO)Marshal.PtrToStructure(pCertContext.pCertInfo, typeof(CAPI.CERT_INFO)); uint cExtensions = pCertInfo.cExtension; IntPtr rgExtensions = pCertInfo.rgExtension; for (uint index = 0; index < cExtensions; index++) { X509Extension extension = new X509Extension(new IntPtr((long)rgExtensions + (index * Marshal.SizeOf(typeof(CAPI.CERT_EXTENSION))))); X509Extension customExtension = CryptoConfig.CreateFromName(extension.Oid.Value) as X509Extension; if (customExtension != null) { customExtension.CopyFrom(extension); extension = customExtension; } Add(extension); } } }
private static void RemoveCertificateFromStore(Cryptography.SafeCertStoreHandle safeCertStoreHandle, Cryptography.SafeCertContextHandle safeCertContext) { if (safeCertContext == null || safeCertContext.IsInvalid) { return; } if (safeCertStoreHandle == null || safeCertStoreHandle.IsInvalid || safeCertStoreHandle.IsClosed) { throw new CryptographicException(SR.GetString(SR.Cryptography_X509_StoreNotOpen)); } // Find the certificate in the store. Cryptography.SafeCertContextHandle safeCertContext2 = CAPI.CertFindCertificateInStore(safeCertStoreHandle, CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING, 0, CAPI.CERT_FIND_EXISTING, safeCertContext.DangerousGetHandle(), Cryptography.SafeCertContextHandle.InvalidHandle); // The certificate is not present in the store, simply return. if (safeCertContext2 == null || safeCertContext2.IsInvalid) { return; } // CertDeleteCertificateFromStore always releases the context regardless of success // or failure so we don't need to manually release it GC.SuppressFinalize(safeCertContext2); // Remove from the store. if (!CAPI.CertDeleteCertificateFromStore(safeCertContext2)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } }
protected X509Certificate2(SerializationInfo info, StreamingContext context) : base(info, context) { m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle); }
public X509Certificate2 (X509Certificate certificate) : base(certificate) { m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle); }
public X509Certificate2 (IntPtr handle) : base (handle) { m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle); }
public X509Certificate2 (string fileName, SecureString password, X509KeyStorageFlags keyStorageFlags) : base (fileName, password, keyStorageFlags) { m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle); }
public X509Certificate2 (string fileName, SecureString password) : base (fileName, password) { m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle); }
public override void Import(byte[] rawData) { Reset(); base.Import(rawData); m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle); }
public X509Certificate2 (byte[] rawData, SecureString password, X509KeyStorageFlags keyStorageFlags) : base (rawData, password, keyStorageFlags) { m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle); }
public X509Certificate2 (byte[] rawData, SecureString password) : base (rawData, password) { m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle); }
public X509Certificate2 (byte[] rawData) : base (rawData) { m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle); }
public override void Reset () { m_version = 0; m_notBefore = DateTime.MinValue; m_notAfter = DateTime.MinValue; m_privateKey = null; m_publicKey = null; m_extensions = null; m_signatureAlgorithm = null; m_subjectName = null; m_issuerName = null; if (!m_safeCertContext.IsInvalid) { // Free the current certificate handle m_safeCertContext.Dispose(); m_safeCertContext = Cryptography.SafeCertContextHandle.InvalidHandle; } base.Reset(); }
public override void Import(string fileName, SecureString password, X509KeyStorageFlags keyStorageFlags) { Reset(); base.Import(fileName, password, keyStorageFlags); m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle); }
public override void Import(string fileName) { Reset(); base.Import(fileName); m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle); }
public override void Import(byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags) { Reset(); base.Import(rawData, password, keyStorageFlags); m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle); }
public X509Certificate2 (string fileName) : base (fileName) { m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle); }
internal static unsafe int BuildChain(IntPtr hChainEngine, Cryptography.SafeCertContextHandle pCertContext, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout, ref SafeX509ChainHandle ppChainContext) { if (pCertContext == null || pCertContext.IsInvalid) { throw new ArgumentException(SR.GetString(SR.Cryptography_InvalidContextHandle), "pCertContext"); } Cryptography.SafeCertStoreHandle hCertStore = Cryptography.SafeCertStoreHandle.InvalidHandle; if (extraStore != null && extraStore.Count > 0) { hCertStore = X509Utils.ExportToMemoryStore(extraStore); } CAPI.CERT_CHAIN_PARA ChainPara = new CAPI.CERT_CHAIN_PARA(); // Initialize the structure size. ChainPara.cbSize = (uint)Marshal.SizeOf(ChainPara); Cryptography.SafeLocalAllocHandle applicationPolicyHandle = Cryptography.SafeLocalAllocHandle.InvalidHandle; Cryptography.SafeLocalAllocHandle certificatePolicyHandle = Cryptography.SafeLocalAllocHandle.InvalidHandle; try { // Application policy if (applicationPolicy != null && applicationPolicy.Count > 0) { ChainPara.RequestedUsage.dwType = CAPI.USAGE_MATCH_TYPE_AND; ChainPara.RequestedUsage.Usage.cUsageIdentifier = (uint)applicationPolicy.Count; applicationPolicyHandle = X509Utils.CopyOidsToUnmanagedMemory(applicationPolicy); ChainPara.RequestedUsage.Usage.rgpszUsageIdentifier = applicationPolicyHandle.DangerousGetHandle(); } // Certificate policy if (certificatePolicy != null && certificatePolicy.Count > 0) { ChainPara.RequestedIssuancePolicy.dwType = CAPI.USAGE_MATCH_TYPE_AND; ChainPara.RequestedIssuancePolicy.Usage.cUsageIdentifier = (uint)certificatePolicy.Count; certificatePolicyHandle = X509Utils.CopyOidsToUnmanagedMemory(certificatePolicy); ChainPara.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = certificatePolicyHandle.DangerousGetHandle(); } ChainPara.dwUrlRetrievalTimeout = (uint)Math.Floor(timeout.TotalMilliseconds); _FILETIME ft = new _FILETIME(); *((long *)&ft) = verificationTime.ToFileTime(); uint flags = X509Utils.MapRevocationFlags(revocationMode, revocationFlag); // Build the chain. if (!CAPI.CertGetCertificateChain(hChainEngine, pCertContext, ref ft, hCertStore, ref ChainPara, flags, IntPtr.Zero, ref ppChainContext)) { return(Marshal.GetHRForLastWin32Error()); } } finally { applicationPolicyHandle.Dispose(); certificatePolicyHandle.Dispose(); } return(CAPI.S_OK); }