private void CounterSign(CmsSigner signer)
{
CspParameters parameters = new CspParameters();
if (!X509Utils.GetPrivateKeyInfo(X509Utils.GetCertContext(signer.Certificate), ref parameters))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Sign);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
uint dwIndex = (uint)PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0);
SafeLocalAllocHandle localAllocHandle = CAPI.LocalAlloc(64U, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer);
try
{
Marshal.StructureToPtr((object)signerEncodeInfo, localAllocHandle.DangerousGetHandle(), false);
if (!CAPI.CryptMsgCountersign(this.m_signedCms.GetCryptMsgHandle(), dwIndex, 1U, localAllocHandle.DangerousGetHandle()))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
this.m_signedCms.ReopenToDecode();
}
finally
{
Marshal.DestroyStructure(localAllocHandle.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
localAllocHandle.Dispose();
signerEncodeInfo.Dispose();
}
int num = (int)PkcsUtils.AddCertsToMessage(this.m_signedCms.GetCryptMsgHandle(), this.m_signedCms.Certificates, PkcsUtils.CreateBagOfCertificates(signer));
}
public void ComputeSignature(CmsSigner signer, bool silent)
{
if (signer == null)
{
throw new ArgumentNullException("signer");
}
if (this.ContentInfo.Content.Length == 0)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Sign_Empty_Content"));
}
if (SubjectIdentifierType.NoSignature == signer.SignerIdentifierType)
{
if (this.m_safeCryptMsgHandle != null && !this.m_safeCryptMsgHandle.IsInvalid)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Sign_No_Signature_First_Signer"));
}
this.Sign(signer, silent);
}
else
{
if (signer.Certificate == null)
{
if (silent)
{
throw new InvalidOperationException(SecurityResources.GetResourceString("Cryptography_Cms_RecipientCertificateNotFound"));
}
signer.Certificate = PkcsUtils.SelectSignerCertificate();
}
if (!signer.Certificate.HasPrivateKey)
{
throw new CryptographicException(-2146893811);
}
CspParameters parameters = new CspParameters();
if (!X509Utils.GetPrivateKeyInfo(X509Utils.GetCertContext(signer.Certificate), ref parameters))
{
throw new CryptographicException(SignedCms.SafeGetLastWin32Error());
}
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Sign);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
if (this.m_safeCryptMsgHandle == null || this.m_safeCryptMsgHandle.IsInvalid)
{
this.Sign(signer, silent);
}
else
{
this.CoSign(signer, silent);
}
}
}
internal static unsafe SafeLocalAllocHandle CreateEncodedCertBlob(X509Certificate2Collection certificates)
{
SafeLocalAllocHandle localAllocHandle = SafeLocalAllocHandle.InvalidHandle;
if (certificates.Count > 0)
{
localAllocHandle = CAPI.LocalAlloc(0U, new IntPtr(certificates.Count * Marshal.SizeOf(typeof(CAPI.CRYPTOAPI_BLOB))));
CAPI.CRYPTOAPI_BLOB *cryptoapiBlobPtr = (CAPI.CRYPTOAPI_BLOB *)(void *) localAllocHandle.DangerousGetHandle();
foreach (X509Certificate2 certificate in certificates)
{
CAPI.CERT_CONTEXT certContext = *(CAPI.CERT_CONTEXT *)(void *) X509Utils.GetCertContext(certificate).DangerousGetHandle();
cryptoapiBlobPtr->cbData = certContext.cbCertEncoded;
cryptoapiBlobPtr->pbData = certContext.pbCertEncoded;
++cryptoapiBlobPtr;
}
}
return(localAllocHandle);
}
internal static SafeCertStoreHandle ExportToMemoryStore(X509Certificate2Collection collection)
{
new StorePermission(StorePermissionFlags.CreateStore | StorePermissionFlags.DeleteStore | StorePermissionFlags.EnumerateStores | StorePermissionFlags.OpenStore | StorePermissionFlags.AddToStore | StorePermissionFlags.RemoveFromStore | StorePermissionFlags.EnumerateCertificates).Assert();
SafeCertStoreHandle invalidHandle = SafeCertStoreHandle.InvalidHandle;
SafeCertStoreHandle hCertStore = CAPI.CertOpenStore(new IntPtr(2L), 65537U, IntPtr.Zero, 8704U, (string)null);
if (hCertStore == null || hCertStore.IsInvalid)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
foreach (X509Certificate2 certificate in collection)
{
if (!CAPI.CertAddCertificateLinkToStore(hCertStore, X509Utils.GetCertContext(certificate), 4U, System.Security.Cryptography.SafeCertContextHandle.InvalidHandle))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
return(hCertStore);
}
internal static unsafe uint AddCertsToMessage(SafeCryptMsgHandle safeCryptMsgHandle, X509Certificate2Collection bagOfCerts, X509Certificate2Collection chainOfCerts)
{
uint num = 0U;
foreach (X509Certificate2 certificate in chainOfCerts)
{
if (bagOfCerts.Find(X509FindType.FindByThumbprint, (object)certificate.Thumbprint, false).Count == 0)
{
CAPI.CERT_CONTEXT certContext = *(CAPI.CERT_CONTEXT *)(void *) X509Utils.GetCertContext(certificate).DangerousGetHandle();
if (!CAPI.CryptMsgControl(safeCryptMsgHandle, 0U, 10U, new IntPtr((long)&new CAPI.CRYPTOAPI_BLOB()
{
cbData = certContext.cbCertEncoded,
pbData = certContext.pbCertEncoded
})))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
++num;
}
}
return(num);
}
private static unsafe int VerifyCertificate(X509Certificate2 certificate, X509Certificate2Collection extraStore)
{
int num1;
int num2 = X509Utils.VerifyCertificate(X509Utils.GetCertContext(certificate), (OidCollection)null, (OidCollection)null, X509RevocationMode.Online, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), extraStore, new IntPtr(1L), new IntPtr((void *)&num1));
if (num2 != 0)
{
return(num1);
}
foreach (X509Extension x509Extension in certificate.Extensions)
{
if (string.Compare(x509Extension.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0)
{
X509KeyUsageExtension keyUsageExtension = new X509KeyUsageExtension();
keyUsageExtension.CopyFrom((AsnEncodedData)x509Extension);
if ((keyUsageExtension.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.None && (keyUsageExtension.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.None)
{
num2 = -2146762480;
break;
}
}
}
return(num2);
}
private unsafe void Verify(X509Certificate2Collection extraStore, X509Certificate2 certificate, bool verifySignatureOnly)
{
SafeLocalAllocHandle pvData1 = SafeLocalAllocHandle.InvalidHandle;
CAPI.CERT_CONTEXT certContext = (CAPI.CERT_CONTEXT)Marshal.PtrToStructure(X509Utils.GetCertContext(certificate).DangerousGetHandle(), typeof(CAPI.CERT_CONTEXT));
IntPtr ptr1 = new IntPtr((long)new IntPtr((long)certContext.pCertInfo + (long)Marshal.OffsetOf(typeof(CAPI.CERT_INFO), "SubjectPublicKeyInfo")) + (long)Marshal.OffsetOf(typeof(CAPI.CERT_PUBLIC_KEY_INFO), "Algorithm"));
IntPtr num1 = new IntPtr((long)ptr1 + (long)Marshal.OffsetOf(typeof(CAPI.CRYPT_ALGORITHM_IDENTIFIER), "Parameters"));
if ((int)CAPI.CryptFindOIDInfo(1U, Marshal.ReadIntPtr(ptr1), 3U).Algid == 8704)
{
bool flag = false;
IntPtr ptr2 = new IntPtr((long)num1 + (long)Marshal.OffsetOf(typeof(CAPI.CRYPTOAPI_BLOB), "cbData"));
IntPtr ptr3 = new IntPtr((long)num1 + (long)Marshal.OffsetOf(typeof(CAPI.CRYPTOAPI_BLOB), "pbData"));
if (Marshal.ReadInt32(ptr2) == 0)
{
flag = true;
}
else if (Marshal.ReadIntPtr(ptr3) == IntPtr.Zero)
{
flag = true;
}
else if (Marshal.ReadInt32(Marshal.ReadIntPtr(ptr3)) == 5)
{
flag = true;
}
if (flag)
{
SafeCertChainHandle invalidHandle = SafeCertChainHandle.InvalidHandle;
X509Utils.BuildChain(new IntPtr(0L), X509Utils.GetCertContext(certificate), (X509Certificate2Collection)null, (OidCollection)null, (OidCollection)null, X509RevocationMode.NoCheck, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), ref invalidHandle);
invalidHandle.Dispose();
uint pcbData = 0U;
if (!CAPI.CAPISafe.CertGetCertificateContextProperty(X509Utils.GetCertContext(certificate), 22U, pvData1, out pcbData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (pcbData > 0U)
{
pvData1 = CAPI.LocalAlloc(64U, new IntPtr((long)pcbData));
if (!CAPI.CAPISafe.CertGetCertificateContextProperty(X509Utils.GetCertContext(certificate), 22U, pvData1, out pcbData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
Marshal.WriteInt32(ptr2, (int)pcbData);
Marshal.WriteIntPtr(ptr3, pvData1.DangerousGetHandle());
}
}
}
if (this.m_parentSignerInfo == null)
{
if (!CAPI.CryptMsgControl(this.m_signedCms.GetCryptMsgHandle(), 0U, 1U, certContext.pCertInfo))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
else
{
int num2 = -1;
int hr = 0;
SafeLocalAllocHandle pvData2;
while (true)
{
try
{
num2 = PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this.m_parentSignerInfo, num2 + 1);
}
catch (CryptographicException ex)
{
if (hr != 0)
{
throw new CryptographicException(hr);
}
throw;
}
uint cbData = 0U;
pvData2 = SafeLocalAllocHandle.InvalidHandle;
PkcsUtils.GetParam(this.m_signedCms.GetCryptMsgHandle(), 28U, (uint)num2, out pvData2, out cbData);
if ((int)cbData == 0)
{
hr = -2146885618;
}
else
{
fixed(byte *numPtr = this.m_encodedSignerInfo)
{
if (!CAPI.CAPISafe.CryptMsgVerifyCountersignatureEncoded(IntPtr.Zero, 65537U, pvData2.DangerousGetHandle(), cbData, new IntPtr((void *)numPtr), (uint)this.m_encodedSignerInfo.Length, certContext.pCertInfo))
{
hr = Marshal.GetLastWin32Error();
}
else
{
break;
}
}
}
}
// ISSUE: fixed variable is out of scope
// ISSUE: __unpin statement
__unpin(numPtr);
pvData2.Dispose();
}
if (!verifySignatureOnly)
{
int hr = SignerInfo.VerifyCertificate(certificate, extraStore);
if (hr != 0)
{
throw new CryptographicException(hr);
}
}
pvData1.Dispose();
}
internal static unsafe CAPI.CMSG_SIGNER_ENCODE_INFO CreateSignerEncodeInfo(CmsSigner signer, bool silent)
{
CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = new CAPI.CMSG_SIGNER_ENCODE_INFO(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO)));
SafeCryptProvHandle invalidHandle1 = SafeCryptProvHandle.InvalidHandle;
uint pdwKeySpec = 0U;
bool pfCallerFreeProv = false;
signerEncodeInfo.HashAlgorithm.pszObjId = signer.DigestAlgorithm.Value;
if (string.Compare(signer.Certificate.PublicKey.Oid.Value, "1.2.840.10040.4.1", StringComparison.Ordinal) == 0)
{
signerEncodeInfo.HashEncryptionAlgorithm.pszObjId = "1.2.840.10040.4.3";
}
signerEncodeInfo.cAuthAttr = (uint)signer.SignedAttributes.Count;
signerEncodeInfo.rgAuthAttr = PkcsUtils.CreateCryptAttributes(signer.SignedAttributes);
signerEncodeInfo.cUnauthAttr = (uint)signer.UnsignedAttributes.Count;
signerEncodeInfo.rgUnauthAttr = PkcsUtils.CreateCryptAttributes(signer.UnsignedAttributes);
if (signer.SignerIdentifierType == SubjectIdentifierType.NoSignature)
{
signerEncodeInfo.HashEncryptionAlgorithm.pszObjId = "1.3.6.1.5.5.7.6.2";
signerEncodeInfo.pCertInfo = IntPtr.Zero;
signerEncodeInfo.dwKeySpec = pdwKeySpec;
if (!CAPI.CryptAcquireContext(out invalidHandle1, (string)null, (string)null, 1U, 4026531840U))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
signerEncodeInfo.hCryptProv = invalidHandle1.DangerousGetHandle();
GC.SuppressFinalize((object)invalidHandle1);
signerEncodeInfo.SignerId.dwIdChoice = 1U;
X500DistinguishedName distinguishedName = new X500DistinguishedName("CN=Dummy Signer");
distinguishedName.Oid = new Oid("1.3.6.1.4.1.311.21.9");
signerEncodeInfo.SignerId.Value.IssuerSerialNumber.Issuer.cbData = (uint)distinguishedName.RawData.Length;
SafeLocalAllocHandle localAllocHandle1 = CAPI.LocalAlloc(64U, new IntPtr((long)signerEncodeInfo.SignerId.Value.IssuerSerialNumber.Issuer.cbData));
Marshal.Copy(distinguishedName.RawData, 0, localAllocHandle1.DangerousGetHandle(), distinguishedName.RawData.Length);
signerEncodeInfo.SignerId.Value.IssuerSerialNumber.Issuer.pbData = localAllocHandle1.DangerousGetHandle();
GC.SuppressFinalize((object)localAllocHandle1);
signerEncodeInfo.SignerId.Value.IssuerSerialNumber.SerialNumber.cbData = 1U;
SafeLocalAllocHandle localAllocHandle2 = CAPI.LocalAlloc(64U, new IntPtr((long)signerEncodeInfo.SignerId.Value.IssuerSerialNumber.SerialNumber.cbData));
*(sbyte *)(void *)localAllocHandle2.DangerousGetHandle() = (sbyte)0;
signerEncodeInfo.SignerId.Value.IssuerSerialNumber.SerialNumber.pbData = localAllocHandle2.DangerousGetHandle();
GC.SuppressFinalize((object)localAllocHandle2);
return(signerEncodeInfo);
}
else
{
System.Security.Cryptography.SafeCertContextHandle certContext1 = X509Utils.GetCertContext(signer.Certificate);
if (!CAPI.CAPISafe.CryptAcquireCertificatePrivateKey(certContext1, silent ? 70U : 6U, IntPtr.Zero, out invalidHandle1, out pdwKeySpec, out pfCallerFreeProv))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
signerEncodeInfo.dwKeySpec = pdwKeySpec;
signerEncodeInfo.hCryptProv = invalidHandle1.DangerousGetHandle();
GC.SuppressFinalize((object)invalidHandle1);
CAPI.CERT_CONTEXT certContext2 = *(CAPI.CERT_CONTEXT *)(void *) certContext1.DangerousGetHandle();
signerEncodeInfo.pCertInfo = certContext2.pCertInfo;
if (signer.SignerIdentifierType == SubjectIdentifierType.SubjectKeyIdentifier)
{
uint pcbData = 0U;
SafeLocalAllocHandle invalidHandle2 = SafeLocalAllocHandle.InvalidHandle;
if (!CAPI.CAPISafe.CertGetCertificateContextProperty(certContext1, 20U, invalidHandle2, out pcbData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (pcbData > 0U)
{
SafeLocalAllocHandle pvData = CAPI.LocalAlloc(64U, new IntPtr((long)pcbData));
if (!CAPI.CAPISafe.CertGetCertificateContextProperty(certContext1, 20U, pvData, out pcbData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
signerEncodeInfo.SignerId.dwIdChoice = 2U;
signerEncodeInfo.SignerId.Value.KeyId.cbData = pcbData;
signerEncodeInfo.SignerId.Value.KeyId.pbData = pvData.DangerousGetHandle();
GC.SuppressFinalize((object)pvData);
}
}
return(signerEncodeInfo);
}
}
internal static RecipientInfoType GetRecipientInfoType(X509Certificate2 certificate)
{
RecipientInfoType recipientInfoType = RecipientInfoType.Unknown;
if (certificate != null)
{
switch (X509Utils.OidToAlgId(((CAPI.CERT_INFO)Marshal.PtrToStructure(((CAPI.CERT_CONTEXT)Marshal.PtrToStructure(X509Utils.GetCertContext(certificate).DangerousGetHandle(), typeof(CAPI.CERT_CONTEXT))).pCertInfo, typeof(CAPI.CERT_INFO))).SubjectPublicKeyInfo.Algorithm.pszObjId))
{
case 41984U:
recipientInfoType = RecipientInfoType.KeyTransport;
break;
case 43521U:
case 43522U:
recipientInfoType = RecipientInfoType.KeyAgreement;
break;
default:
recipientInfoType = RecipientInfoType.Unknown;
break;
}
}
return(recipientInfoType);
}
