public EnhancedKeyUsageProperty(X509Certificate2 cert) { EnhancedKeyUsageRepresentation enhancedKeyUsageRepresentation; this.ekuList = new List <EnhancedKeyUsageRepresentation>(); if (DownLevelHelper.IsWin8AndAbove()) { Collection <string> certEKU = SecuritySupport.GetCertEKU(cert); foreach (string str in certEKU) { if (string.IsNullOrEmpty(str)) { continue; } IntPtr hGlobalAnsi = Marshal.StringToHGlobalAnsi(str); IntPtr intPtr = NativeMethods.CryptFindOIDInfo(1, hGlobalAnsi, 0); if (intPtr == IntPtr.Zero) { enhancedKeyUsageRepresentation = new EnhancedKeyUsageRepresentation(null, str); } else { NativeMethods.CRYPT_OID_INFO structure = (NativeMethods.CRYPT_OID_INFO)Marshal.PtrToStructure(intPtr, typeof(NativeMethods.CRYPT_OID_INFO)); enhancedKeyUsageRepresentation = new EnhancedKeyUsageRepresentation(structure.pwszName, str); } this.ekuList.Add(enhancedKeyUsageRepresentation); } } }
public DnsNameProperty(X509Certificate2 cert) { this.dnsList = new List <DnsNameRepresentation>(); if (DownLevelHelper.IsWin8AndAbove() && cert != null) { this.dnsList = this.GetCertNames(cert.Handle, NativeMethods.AltNameType.CERT_ALT_NAME_DNS_NAME); } }
public static bool ReadSendAsTrustedIssuerProperty(X509Certificate2 cert) { bool flag = false; if (DownLevelHelper.IsWin8AndAbove()) { int num = 0; if (!NativeMethods.CertGetCertificateContextProperty(cert.Handle, NativeMethods.CertPropertyId.CERT_SEND_AS_TRUSTED_ISSUER_PROP_ID, IntPtr.Zero, ref num)) { int lastWin32Error = Marshal.GetLastWin32Error(); if (lastWin32Error != -2146885628) { throw new Win32Exception(lastWin32Error); } } else { flag = true; } } return(flag); }
protected override void ProcessRecord() { string sddlForm; ObjectSecurity objectSecurity = this.securityDescriptor as ObjectSecurity; if (this.inputObject == null) { if (this.Path != null) { if (objectSecurity != null) { if ((this.CentralAccessPolicy != null || this.ClearCentralAccessPolicy) && !DownLevelHelper.IsWin8AndAbove()) { Exception parameterBindingException = new ParameterBindingException(); base.WriteError(new ErrorRecord(parameterBindingException, "SetAcl_OperationNotSupported", ErrorCategory.InvalidArgument, null)); return; } else { if (this.CentralAccessPolicy == null || !this.ClearCentralAccessPolicy) { IntPtr zero = IntPtr.Zero; NativeMethods.TOKEN_PRIVILEGE tOKENPRIVILEGE = new NativeMethods.TOKEN_PRIVILEGE(); try { if (this.CentralAccessPolicy == null) { if (this.ClearCentralAccessPolicy) { zero = this.GetEmptySacl(); if (zero == IntPtr.Zero) { SystemException systemException = new SystemException(UtilsStrings.GetEmptySaclFail); base.WriteError(new ErrorRecord(systemException, "SetAcl_ClearCentralAccessPolicy", ErrorCategory.InvalidResult, null)); return; } } } else { zero = this.GetSaclWithCapId(this.CentralAccessPolicy); if (zero == IntPtr.Zero) { SystemException systemException1 = new SystemException(UtilsStrings.GetSaclWithCapIdFail); base.WriteError(new ErrorRecord(systemException1, "SetAcl_CentralAccessPolicy", ErrorCategory.InvalidResult, null)); return; } } string[] path = this.Path; for (int i = 0; i < (int)path.Length; i++) { string str = path[i]; Collection <PathInfo> pathInfos = new Collection <PathInfo>(); CmdletProviderContext cmdletProviderContext = base.CmdletProviderContext; cmdletProviderContext.PassThru = this.Passthru; if (!this.isLiteralPath) { pathInfos = base.SessionState.Path.GetResolvedPSPathFromPSPath(str, base.CmdletProviderContext); } else { ProviderInfo providerInfo = null; PSDriveInfo pSDriveInfo = null; string unresolvedProviderPathFromPSPath = base.SessionState.Path.GetUnresolvedProviderPathFromPSPath(str, out providerInfo, out pSDriveInfo); pathInfos.Add(new PathInfo(pSDriveInfo, providerInfo, unresolvedProviderPathFromPSPath, base.SessionState)); cmdletProviderContext.SuppressWildcardExpansion = true; } foreach (PathInfo pathInfo in pathInfos) { if (!base.ShouldProcess(pathInfo.Path)) { continue; } try { base.InvokeProvider.SecurityDescriptor.Set(pathInfo.Path, objectSecurity, cmdletProviderContext); if (this.CentralAccessPolicy != null || this.ClearCentralAccessPolicy) { if (pathInfo.Provider.NameEquals(base.Context.ProviderNames.FileSystem)) { IntPtr tokenWithEnabledPrivilege = this.GetTokenWithEnabledPrivilege("SeSecurityPrivilege", tOKENPRIVILEGE); if (tokenWithEnabledPrivilege != IntPtr.Zero) { int num = NativeMethods.SetNamedSecurityInfo(pathInfo.ProviderPath, NativeMethods.SeObjectType.SE_FILE_OBJECT, NativeMethods.SecurityInformation.SCOPE_SECURITY_INFORMATION, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, zero); if (tokenWithEnabledPrivilege != IntPtr.Zero) { NativeMethods.TOKEN_PRIVILEGE tOKENPRIVILEGE1 = new NativeMethods.TOKEN_PRIVILEGE(); uint num1 = 0; NativeMethods.AdjustTokenPrivileges(tokenWithEnabledPrivilege, false, ref tOKENPRIVILEGE, Marshal.SizeOf(tOKENPRIVILEGE1), ref tOKENPRIVILEGE1, ref num1); NativeMethods.CloseHandle(tokenWithEnabledPrivilege); } if (num != 0) { SystemException win32Exception = new Win32Exception(num, UtilsStrings.SetCentralAccessPolicyFail); base.WriteError(new ErrorRecord(win32Exception, "SetAcl_SetNamedSecurityInfo", ErrorCategory.InvalidResult, null)); } } else { SystemException systemException2 = new SystemException(UtilsStrings.GetTokenWithEnabledPrivilegeFail); base.WriteError(new ErrorRecord(systemException2, "SetAcl_AdjustTokenPrivileges", ErrorCategory.InvalidResult, null)); return; } } else { Exception argumentException = new ArgumentException("Path"); base.WriteError(new ErrorRecord(argumentException, "SetAcl_Path", ErrorCategory.InvalidArgument, this.AclObject)); continue; } } } catch (NotSupportedException notSupportedException) { object[] objArray = new object[1]; objArray[0] = pathInfo.Path; ErrorRecord errorRecord = SecurityUtils.CreateNotSupportedErrorRecord(UtilsStrings.OperationNotSupportedOnPath, "SetAcl_OperationNotSupported", objArray); base.WriteError(errorRecord); } } } return; } finally { Marshal.FreeHGlobal(zero); } } else { Exception exception = new ArgumentException(UtilsStrings.InvalidCentralAccessPolicyParameters); ErrorRecord errorRecord1 = SecurityUtils.CreateInvalidArgumentErrorRecord(exception, "SetAcl_OperationNotSupported"); base.WriteError(errorRecord1); return; } } } else { Exception argumentException1 = new ArgumentException("AclObject"); base.WriteError(new ErrorRecord(argumentException1, "SetAcl_AclObject", ErrorCategory.InvalidArgument, this.AclObject)); return; } } else { Exception exception1 = new ArgumentException("Path"); base.WriteError(new ErrorRecord(exception1, "SetAcl_Path", ErrorCategory.InvalidArgument, this.AclObject)); } } else { PSMethodInfo item = this.inputObject.Methods["SetSecurityDescriptor"]; if (item == null) { ErrorRecord errorRecord2 = SecurityUtils.CreateNotSupportedErrorRecord(UtilsStrings.SetMethodNotFound, "SetAcl_OperationNotSupported", new object[0]); base.WriteError(errorRecord2); return; } else { CommonSecurityDescriptor commonSecurityDescriptor = this.securityDescriptor as CommonSecurityDescriptor; if (objectSecurity == null) { if (commonSecurityDescriptor == null) { Exception argumentException2 = new ArgumentException("AclObject"); base.WriteError(new ErrorRecord(argumentException2, "SetAcl_AclObject", ErrorCategory.InvalidArgument, this.AclObject)); return; } else { sddlForm = commonSecurityDescriptor.GetSddlForm(AccessControlSections.All); } } else { sddlForm = objectSecurity.GetSecurityDescriptorSddlForm(AccessControlSections.All); } try { object[] objArray1 = new object[1]; objArray1[0] = sddlForm; item.Invoke(objArray1); return; } catch (Exception exception3) { Exception exception2 = exception3; CommandProcessorBase.CheckForSevereException(exception2); ErrorRecord errorRecord3 = SecurityUtils.CreateNotSupportedErrorRecord(UtilsStrings.MethodInvokeFail, "SetAcl_OperationNotSupported", new object[0]); base.WriteError(errorRecord3); } } } }
static X509NativeStore() { X509NativeStore.fIsWin8AndAbove = DownLevelHelper.IsWin8AndAbove(); }
public static void WriteSendAsTrustedIssuerProperty(X509Certificate2 cert, string certPath, bool addProperty) { IntPtr handle; StoreLocation storeLocation; if (!DownLevelHelper.IsWin8AndAbove()) { throw Marshal.GetExceptionForHR(-2146893783); } else { IntPtr zero = IntPtr.Zero; NativeMethods.CRYPT_DATA_BLOB cRYPTDATABLOB = new NativeMethods.CRYPT_DATA_BLOB(); cRYPTDATABLOB.cbData = 0; cRYPTDATABLOB.pbData = IntPtr.Zero; X509Certificate x509Certificate2 = null; try { if (certPath != null) { string[] pathElements = SendAsTrustedIssuerProperty.GetPathElements(certPath); bool flag = string.Equals(pathElements[0], "CurrentUser", StringComparison.OrdinalIgnoreCase); if (flag) { storeLocation = StoreLocation.CurrentUser; } else { storeLocation = StoreLocation.LocalMachine; } X509StoreLocation x509StoreLocation = new X509StoreLocation(storeLocation); X509NativeStore x509NativeStore = new X509NativeStore(x509StoreLocation, pathElements[1]); x509NativeStore.Open(true); IntPtr certByName = x509NativeStore.GetCertByName(pathElements[2]); if (certByName != IntPtr.Zero) { x509Certificate2 = new X509Certificate2(certByName); x509NativeStore.FreeCert(certByName); } } if (addProperty) { zero = Marshal.AllocHGlobal(Marshal.SizeOf(cRYPTDATABLOB)); Marshal.StructureToPtr(cRYPTDATABLOB, zero, false); } if (x509Certificate2 != null) { handle = x509Certificate2.Handle; } else { handle = cert.Handle; } if (!NativeMethods.CertSetCertificateContextProperty(handle, NativeMethods.CertPropertyId.CERT_SEND_AS_TRUSTED_ISSUER_PROP_ID, 0, zero)) { throw new Win32Exception(Marshal.GetLastWin32Error()); } } finally { if (zero != IntPtr.Zero) { Marshal.FreeHGlobal(zero); } } return; } }