private static bool TryReadPkcs7(
SafePkcs7Handle pkcs7,
bool single,
out ICertificatePal?certPal,
[NotNullWhen(true)] out List <ICertificatePal> certPals)
{
List <ICertificatePal>?readPals = single ? null : new List <ICertificatePal>();
using (SafeSharedX509StackHandle certs = Interop.Crypto.GetPkcs7Certificates(pkcs7))
{
int count = Interop.Crypto.GetX509StackFieldCount(certs);
if (single)
{
// In single mode for a PKCS#7 signed or signed-and-enveloped file we're supposed to return
// the certificate which signed the PKCS#7 file.
//
// X509Certificate2Collection::Export(X509ContentType.Pkcs7) claims to be a signed PKCS#7,
// but doesn't emit a signature block. So this is hard to test.
//
// TODO(2910): Figure out how to extract the signing certificate, when it's present.
throw new CryptographicException(SR.Cryptography_X509_PKCS7_NoSigner);
}
Debug.Assert(readPals != null); // null if single == true
for (int i = 0; i < count; i++)
{
// Use FromHandle to duplicate the handle since it would otherwise be freed when the PKCS7
// is Disposed.
IntPtr certHandle = Interop.Crypto.GetX509StackField(certs, i);
ICertificatePal pal = CertificatePal.FromHandle(certHandle);
readPals.Add(pal);
}
}
certPal = null;
certPals = readPals;
return(true);
}
public X509Certificate(IntPtr handle)
{
Pal = CertificatePal.FromHandle(handle);
}
