private void CounterSign(CmsSigner signer) { CspParameters parameters = new CspParameters(); if (!X509Utils.GetPrivateKeyInfo(X509Utils.GetCertContext(signer.Certificate), ref parameters)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags); KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Sign); containerPermission.AccessEntries.Add(accessEntry); containerPermission.Demand(); uint dwIndex = (uint)PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0); SafeLocalAllocHandle localAllocHandle = CAPI.LocalAlloc(64U, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO)))); CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer); try { Marshal.StructureToPtr((object)signerEncodeInfo, localAllocHandle.DangerousGetHandle(), false); if (!CAPI.CryptMsgCountersign(this.m_signedCms.GetCryptMsgHandle(), dwIndex, 1U, localAllocHandle.DangerousGetHandle())) { throw new CryptographicException(Marshal.GetLastWin32Error()); } this.m_signedCms.ReopenToDecode(); } finally { Marshal.DestroyStructure(localAllocHandle.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO)); localAllocHandle.Dispose(); signerEncodeInfo.Dispose(); } int num = (int)PkcsUtils.AddCertsToMessage(this.m_signedCms.GetCryptMsgHandle(), this.m_signedCms.Certificates, PkcsUtils.CreateBagOfCertificates(signer)); }
public void ComputeSignature(CmsSigner signer, bool silent) { if (signer == null) { throw new ArgumentNullException("signer"); } if (this.ContentInfo.Content.Length == 0) { throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Sign_Empty_Content")); } if (SubjectIdentifierType.NoSignature == signer.SignerIdentifierType) { if (this.m_safeCryptMsgHandle != null && !this.m_safeCryptMsgHandle.IsInvalid) { throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Sign_No_Signature_First_Signer")); } this.Sign(signer, silent); } else { if (signer.Certificate == null) { if (silent) { throw new InvalidOperationException(SecurityResources.GetResourceString("Cryptography_Cms_RecipientCertificateNotFound")); } signer.Certificate = PkcsUtils.SelectSignerCertificate(); } if (!signer.Certificate.HasPrivateKey) { throw new CryptographicException(-2146893811); } CspParameters parameters = new CspParameters(); if (!X509Utils.GetPrivateKeyInfo(X509Utils.GetCertContext(signer.Certificate), ref parameters)) { throw new CryptographicException(SignedCms.SafeGetLastWin32Error()); } KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags); KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Sign); containerPermission.AccessEntries.Add(accessEntry); containerPermission.Demand(); if (this.m_safeCryptMsgHandle == null || this.m_safeCryptMsgHandle.IsInvalid) { this.Sign(signer, silent); } else { this.CoSign(signer, silent); } } }
internal static unsafe SafeLocalAllocHandle CreateEncodedCertBlob(X509Certificate2Collection certificates) { SafeLocalAllocHandle localAllocHandle = SafeLocalAllocHandle.InvalidHandle; if (certificates.Count > 0) { localAllocHandle = CAPI.LocalAlloc(0U, new IntPtr(certificates.Count * Marshal.SizeOf(typeof(CAPI.CRYPTOAPI_BLOB)))); CAPI.CRYPTOAPI_BLOB *cryptoapiBlobPtr = (CAPI.CRYPTOAPI_BLOB *)(void *) localAllocHandle.DangerousGetHandle(); foreach (X509Certificate2 certificate in certificates) { CAPI.CERT_CONTEXT certContext = *(CAPI.CERT_CONTEXT *)(void *) X509Utils.GetCertContext(certificate).DangerousGetHandle(); cryptoapiBlobPtr->cbData = certContext.cbCertEncoded; cryptoapiBlobPtr->pbData = certContext.pbCertEncoded; ++cryptoapiBlobPtr; } } return(localAllocHandle); }
internal static SafeCertStoreHandle ExportToMemoryStore(X509Certificate2Collection collection) { new StorePermission(StorePermissionFlags.CreateStore | StorePermissionFlags.DeleteStore | StorePermissionFlags.EnumerateStores | StorePermissionFlags.OpenStore | StorePermissionFlags.AddToStore | StorePermissionFlags.RemoveFromStore | StorePermissionFlags.EnumerateCertificates).Assert(); SafeCertStoreHandle invalidHandle = SafeCertStoreHandle.InvalidHandle; SafeCertStoreHandle hCertStore = CAPI.CertOpenStore(new IntPtr(2L), 65537U, IntPtr.Zero, 8704U, (string)null); if (hCertStore == null || hCertStore.IsInvalid) { throw new CryptographicException(Marshal.GetLastWin32Error()); } foreach (X509Certificate2 certificate in collection) { if (!CAPI.CertAddCertificateLinkToStore(hCertStore, X509Utils.GetCertContext(certificate), 4U, System.Security.Cryptography.SafeCertContextHandle.InvalidHandle)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } } return(hCertStore); }
internal static unsafe uint AddCertsToMessage(SafeCryptMsgHandle safeCryptMsgHandle, X509Certificate2Collection bagOfCerts, X509Certificate2Collection chainOfCerts) { uint num = 0U; foreach (X509Certificate2 certificate in chainOfCerts) { if (bagOfCerts.Find(X509FindType.FindByThumbprint, (object)certificate.Thumbprint, false).Count == 0) { CAPI.CERT_CONTEXT certContext = *(CAPI.CERT_CONTEXT *)(void *) X509Utils.GetCertContext(certificate).DangerousGetHandle(); if (!CAPI.CryptMsgControl(safeCryptMsgHandle, 0U, 10U, new IntPtr((long)&new CAPI.CRYPTOAPI_BLOB() { cbData = certContext.cbCertEncoded, pbData = certContext.pbCertEncoded }))) { throw new CryptographicException(Marshal.GetLastWin32Error()); } ++num; } } return(num); }
private static unsafe int VerifyCertificate(X509Certificate2 certificate, X509Certificate2Collection extraStore) { int num1; int num2 = X509Utils.VerifyCertificate(X509Utils.GetCertContext(certificate), (OidCollection)null, (OidCollection)null, X509RevocationMode.Online, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), extraStore, new IntPtr(1L), new IntPtr((void *)&num1)); if (num2 != 0) { return(num1); } foreach (X509Extension x509Extension in certificate.Extensions) { if (string.Compare(x509Extension.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension keyUsageExtension = new X509KeyUsageExtension(); keyUsageExtension.CopyFrom((AsnEncodedData)x509Extension); if ((keyUsageExtension.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.None && (keyUsageExtension.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.None) { num2 = -2146762480; break; } } } return(num2); }
private unsafe void Verify(X509Certificate2Collection extraStore, X509Certificate2 certificate, bool verifySignatureOnly) { SafeLocalAllocHandle pvData1 = SafeLocalAllocHandle.InvalidHandle; CAPI.CERT_CONTEXT certContext = (CAPI.CERT_CONTEXT)Marshal.PtrToStructure(X509Utils.GetCertContext(certificate).DangerousGetHandle(), typeof(CAPI.CERT_CONTEXT)); IntPtr ptr1 = new IntPtr((long)new IntPtr((long)certContext.pCertInfo + (long)Marshal.OffsetOf(typeof(CAPI.CERT_INFO), "SubjectPublicKeyInfo")) + (long)Marshal.OffsetOf(typeof(CAPI.CERT_PUBLIC_KEY_INFO), "Algorithm")); IntPtr num1 = new IntPtr((long)ptr1 + (long)Marshal.OffsetOf(typeof(CAPI.CRYPT_ALGORITHM_IDENTIFIER), "Parameters")); if ((int)CAPI.CryptFindOIDInfo(1U, Marshal.ReadIntPtr(ptr1), 3U).Algid == 8704) { bool flag = false; IntPtr ptr2 = new IntPtr((long)num1 + (long)Marshal.OffsetOf(typeof(CAPI.CRYPTOAPI_BLOB), "cbData")); IntPtr ptr3 = new IntPtr((long)num1 + (long)Marshal.OffsetOf(typeof(CAPI.CRYPTOAPI_BLOB), "pbData")); if (Marshal.ReadInt32(ptr2) == 0) { flag = true; } else if (Marshal.ReadIntPtr(ptr3) == IntPtr.Zero) { flag = true; } else if (Marshal.ReadInt32(Marshal.ReadIntPtr(ptr3)) == 5) { flag = true; } if (flag) { SafeCertChainHandle invalidHandle = SafeCertChainHandle.InvalidHandle; X509Utils.BuildChain(new IntPtr(0L), X509Utils.GetCertContext(certificate), (X509Certificate2Collection)null, (OidCollection)null, (OidCollection)null, X509RevocationMode.NoCheck, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), ref invalidHandle); invalidHandle.Dispose(); uint pcbData = 0U; if (!CAPI.CAPISafe.CertGetCertificateContextProperty(X509Utils.GetCertContext(certificate), 22U, pvData1, out pcbData)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } if (pcbData > 0U) { pvData1 = CAPI.LocalAlloc(64U, new IntPtr((long)pcbData)); if (!CAPI.CAPISafe.CertGetCertificateContextProperty(X509Utils.GetCertContext(certificate), 22U, pvData1, out pcbData)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } Marshal.WriteInt32(ptr2, (int)pcbData); Marshal.WriteIntPtr(ptr3, pvData1.DangerousGetHandle()); } } } if (this.m_parentSignerInfo == null) { if (!CAPI.CryptMsgControl(this.m_signedCms.GetCryptMsgHandle(), 0U, 1U, certContext.pCertInfo)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } } else { int num2 = -1; int hr = 0; SafeLocalAllocHandle pvData2; while (true) { try { num2 = PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this.m_parentSignerInfo, num2 + 1); } catch (CryptographicException ex) { if (hr != 0) { throw new CryptographicException(hr); } throw; } uint cbData = 0U; pvData2 = SafeLocalAllocHandle.InvalidHandle; PkcsUtils.GetParam(this.m_signedCms.GetCryptMsgHandle(), 28U, (uint)num2, out pvData2, out cbData); if ((int)cbData == 0) { hr = -2146885618; } else { fixed(byte *numPtr = this.m_encodedSignerInfo) { if (!CAPI.CAPISafe.CryptMsgVerifyCountersignatureEncoded(IntPtr.Zero, 65537U, pvData2.DangerousGetHandle(), cbData, new IntPtr((void *)numPtr), (uint)this.m_encodedSignerInfo.Length, certContext.pCertInfo)) { hr = Marshal.GetLastWin32Error(); } else { break; } } } } // ISSUE: fixed variable is out of scope // ISSUE: __unpin statement __unpin(numPtr); pvData2.Dispose(); } if (!verifySignatureOnly) { int hr = SignerInfo.VerifyCertificate(certificate, extraStore); if (hr != 0) { throw new CryptographicException(hr); } } pvData1.Dispose(); }
internal static unsafe CAPI.CMSG_SIGNER_ENCODE_INFO CreateSignerEncodeInfo(CmsSigner signer, bool silent) { CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = new CAPI.CMSG_SIGNER_ENCODE_INFO(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))); SafeCryptProvHandle invalidHandle1 = SafeCryptProvHandle.InvalidHandle; uint pdwKeySpec = 0U; bool pfCallerFreeProv = false; signerEncodeInfo.HashAlgorithm.pszObjId = signer.DigestAlgorithm.Value; if (string.Compare(signer.Certificate.PublicKey.Oid.Value, "1.2.840.10040.4.1", StringComparison.Ordinal) == 0) { signerEncodeInfo.HashEncryptionAlgorithm.pszObjId = "1.2.840.10040.4.3"; } signerEncodeInfo.cAuthAttr = (uint)signer.SignedAttributes.Count; signerEncodeInfo.rgAuthAttr = PkcsUtils.CreateCryptAttributes(signer.SignedAttributes); signerEncodeInfo.cUnauthAttr = (uint)signer.UnsignedAttributes.Count; signerEncodeInfo.rgUnauthAttr = PkcsUtils.CreateCryptAttributes(signer.UnsignedAttributes); if (signer.SignerIdentifierType == SubjectIdentifierType.NoSignature) { signerEncodeInfo.HashEncryptionAlgorithm.pszObjId = "1.3.6.1.5.5.7.6.2"; signerEncodeInfo.pCertInfo = IntPtr.Zero; signerEncodeInfo.dwKeySpec = pdwKeySpec; if (!CAPI.CryptAcquireContext(out invalidHandle1, (string)null, (string)null, 1U, 4026531840U)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } signerEncodeInfo.hCryptProv = invalidHandle1.DangerousGetHandle(); GC.SuppressFinalize((object)invalidHandle1); signerEncodeInfo.SignerId.dwIdChoice = 1U; X500DistinguishedName distinguishedName = new X500DistinguishedName("CN=Dummy Signer"); distinguishedName.Oid = new Oid("1.3.6.1.4.1.311.21.9"); signerEncodeInfo.SignerId.Value.IssuerSerialNumber.Issuer.cbData = (uint)distinguishedName.RawData.Length; SafeLocalAllocHandle localAllocHandle1 = CAPI.LocalAlloc(64U, new IntPtr((long)signerEncodeInfo.SignerId.Value.IssuerSerialNumber.Issuer.cbData)); Marshal.Copy(distinguishedName.RawData, 0, localAllocHandle1.DangerousGetHandle(), distinguishedName.RawData.Length); signerEncodeInfo.SignerId.Value.IssuerSerialNumber.Issuer.pbData = localAllocHandle1.DangerousGetHandle(); GC.SuppressFinalize((object)localAllocHandle1); signerEncodeInfo.SignerId.Value.IssuerSerialNumber.SerialNumber.cbData = 1U; SafeLocalAllocHandle localAllocHandle2 = CAPI.LocalAlloc(64U, new IntPtr((long)signerEncodeInfo.SignerId.Value.IssuerSerialNumber.SerialNumber.cbData)); *(sbyte *)(void *)localAllocHandle2.DangerousGetHandle() = (sbyte)0; signerEncodeInfo.SignerId.Value.IssuerSerialNumber.SerialNumber.pbData = localAllocHandle2.DangerousGetHandle(); GC.SuppressFinalize((object)localAllocHandle2); return(signerEncodeInfo); } else { System.Security.Cryptography.SafeCertContextHandle certContext1 = X509Utils.GetCertContext(signer.Certificate); if (!CAPI.CAPISafe.CryptAcquireCertificatePrivateKey(certContext1, silent ? 70U : 6U, IntPtr.Zero, out invalidHandle1, out pdwKeySpec, out pfCallerFreeProv)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } signerEncodeInfo.dwKeySpec = pdwKeySpec; signerEncodeInfo.hCryptProv = invalidHandle1.DangerousGetHandle(); GC.SuppressFinalize((object)invalidHandle1); CAPI.CERT_CONTEXT certContext2 = *(CAPI.CERT_CONTEXT *)(void *) certContext1.DangerousGetHandle(); signerEncodeInfo.pCertInfo = certContext2.pCertInfo; if (signer.SignerIdentifierType == SubjectIdentifierType.SubjectKeyIdentifier) { uint pcbData = 0U; SafeLocalAllocHandle invalidHandle2 = SafeLocalAllocHandle.InvalidHandle; if (!CAPI.CAPISafe.CertGetCertificateContextProperty(certContext1, 20U, invalidHandle2, out pcbData)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } if (pcbData > 0U) { SafeLocalAllocHandle pvData = CAPI.LocalAlloc(64U, new IntPtr((long)pcbData)); if (!CAPI.CAPISafe.CertGetCertificateContextProperty(certContext1, 20U, pvData, out pcbData)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } signerEncodeInfo.SignerId.dwIdChoice = 2U; signerEncodeInfo.SignerId.Value.KeyId.cbData = pcbData; signerEncodeInfo.SignerId.Value.KeyId.pbData = pvData.DangerousGetHandle(); GC.SuppressFinalize((object)pvData); } } return(signerEncodeInfo); } }
internal static RecipientInfoType GetRecipientInfoType(X509Certificate2 certificate) { RecipientInfoType recipientInfoType = RecipientInfoType.Unknown; if (certificate != null) { switch (X509Utils.OidToAlgId(((CAPI.CERT_INFO)Marshal.PtrToStructure(((CAPI.CERT_CONTEXT)Marshal.PtrToStructure(X509Utils.GetCertContext(certificate).DangerousGetHandle(), typeof(CAPI.CERT_CONTEXT))).pCertInfo, typeof(CAPI.CERT_INFO))).SubjectPublicKeyInfo.Algorithm.pszObjId)) { case 41984U: recipientInfoType = RecipientInfoType.KeyTransport; break; case 43521U: case 43522U: recipientInfoType = RecipientInfoType.KeyAgreement; break; default: recipientInfoType = RecipientInfoType.Unknown; break; } } return(recipientInfoType); }