private static bool VerifyCertificateIgnoringErrors(SafeCertContextHandle pCertContext) { ChainPal chainPal = ChainPal.BuildChain( true, CertificatePal.FromHandle(pCertContext.DangerousGetHandle()), null, //extraStore null, //applicationPolicy null, //certificatePolicy X509RevocationMode.NoCheck, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0)); if (chainPal == null) { return(false); } using (chainPal) { Exception verificationException; bool? verified = chainPal.Verify(X509VerificationFlags.NoFlag, out verificationException); if (!(verified.HasValue && verified.Value)) { return(false); } } return(true); }
private static bool VerifyCertificateIgnoringErrors(SafeCertContextHandle pCertContext) { // This needs to be kept in sync with IsCertValid in the // Unix/OpenSSL PAL version (and potentially any other PALs that come about) ChainPal?chainPal = ChainPal.BuildChain( false, CertificatePal.FromHandle(pCertContext.DangerousGetHandle()), null, //extraStore null, //applicationPolicy null, //certificatePolicy X509RevocationMode.NoCheck, X509RevocationFlag.ExcludeRoot, null, X509ChainTrustMode.System, DateTime.Now, new TimeSpan(0, 0, 0)); if (chainPal == null) { return(false); } using (chainPal) { Exception?verificationException; bool? verified = chainPal.Verify(X509VerificationFlags.NoFlag, out verificationException); if (!verified.GetValueOrDefault()) { return(false); } } return(true); }
public void MoveTo(X509Certificate2Collection collection) { long longCount = Interop.CoreFoundation.CFArrayGetCount(_collectionHandle); if (longCount > int.MaxValue) { throw new CryptographicException(); } int count = (int)longCount; // Apple returns things in the opposite order from Windows, so read backwards. for (int i = count - 1; i >= 0; i--) { IntPtr handle = Interop.CoreFoundation.CFArrayGetValueAtIndex(_collectionHandle, i); if (handle != IntPtr.Zero) { ICertificatePal?certPal = CertificatePal.FromHandle(handle, throwOnFail: false); if (certPal != null) { X509Certificate2 cert = new X509Certificate2(certPal); collection.Add(cert); } } } }
private static bool TryReadPkcs7( SafePkcs7Handle pkcs7, bool single, out ICertificatePal?certPal, [NotNullWhen(true)] out List <ICertificatePal> certPals) { List <ICertificatePal>?readPals = single ? null : new List <ICertificatePal>(); using (SafeSharedX509StackHandle certs = Interop.Crypto.GetPkcs7Certificates(pkcs7)) { int count = Interop.Crypto.GetX509StackFieldCount(certs); if (single) { // In single mode for a PKCS#7 signed or signed-and-enveloped file we're supposed to return // the certificate which signed the PKCS#7 file. // // X509Certificate2Collection::Export(X509ContentType.Pkcs7) claims to be a signed PKCS#7, // but doesn't emit a signature block. So this is hard to test. // // TODO(2910): Figure out how to extract the signing certificate, when it's present. throw new CryptographicException(SR.Cryptography_X509_PKCS7_NoSigner); } Debug.Assert(readPals != null); // null if single == true for (int i = 0; i < count; i++) { // Use FromHandle to duplicate the handle since it would otherwise be freed when the PKCS7 // is Disposed. IntPtr certHandle = Interop.Crypto.GetX509StackField(certs, i); ICertificatePal pal = CertificatePal.FromHandle(certHandle); readPals.Add(pal); } } certPal = null; certPals = readPals; return(true); }
public static ILoaderPal FromBlob(ReadOnlySpan <byte> rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) { List <ICertificatePal>?certificateList = null; AppleCertificatePal.TryDecodePem( rawData, (derData, contentType) => { certificateList = certificateList ?? new List <ICertificatePal>(); certificateList.Add(AppleCertificatePal.FromDerBlob(derData, contentType, password, keyStorageFlags)); return(true); }); if (certificateList != null) { return(new CertCollectionLoader(certificateList)); } X509ContentType contentType = AppleCertificatePal.GetDerCertContentType(rawData); if (contentType == X509ContentType.Pkcs7) { throw new CryptographicException( SR.Cryptography_X509_PKCS7_Unsupported, new PlatformNotSupportedException(SR.Cryptography_X509_PKCS7_Unsupported)); } if (contentType == X509ContentType.Pkcs12) { ApplePkcs12Reader reader = new ApplePkcs12Reader(rawData); try { reader.Decrypt(password); return(new ApplePkcs12CertLoader(reader, password)); } catch { reader.Dispose(); throw; } } SafeCFArrayHandle certs = Interop.AppleCrypto.X509ImportCollection( rawData, contentType, password); using (certs) { long longCount = Interop.CoreFoundation.CFArrayGetCount(certs); if (longCount > int.MaxValue) { throw new CryptographicException(); } int count = (int)longCount; // Apple returns things in the opposite order from Windows, so read backwards. certificateList = new List <ICertificatePal>(count); for (int i = count - 1; i >= 0; i--) { IntPtr handle = Interop.CoreFoundation.CFArrayGetValueAtIndex(certs, i); if (handle != IntPtr.Zero) { ICertificatePal?certPal = CertificatePal.FromHandle(handle, throwOnFail: false); if (certPal != null) { certificateList.Add(certPal); } } } } return(new CertCollectionLoader(certificateList)); }