예제 #1
0
        internal static SafeOcspRequestHandle X509ChainBuildOcspRequest(SafeX509StoreCtxHandle storeCtx, int chainDepth)
        {
            SafeOcspRequestHandle req = CryptoNative_X509ChainBuildOcspRequest(storeCtx, chainDepth);

            if (req.IsInvalid)
            {
                req.Dispose();
                throw CreateOpenSslCryptographicException();
            }

            return(req);
        }
예제 #2
0
        internal static X509VerifyStatusCode X509ChainGetCachedOcspStatus(SafeX509StoreCtxHandle ctx, string cachePath, int chainDepth)
        {
            X509VerifyStatusCode response = CryptoNative_X509ChainGetCachedOcspStatus(ctx, cachePath, chainDepth);

            if (response < 0)
            {
                Debug.Fail($"Unexpected response from X509ChainGetCachedOcspSuccess: {response}");
                throw new CryptographicException();
            }

            return(response);
        }
예제 #3
0
            private static int VerifyCertChain(IntPtr storeCtxPtr, IntPtr arg)
            {
                List <X509Certificate2> otherCerts;
                bool success;

                using (SafeX509StoreCtxHandle storeCtx = new SafeX509StoreCtxHandle(storeCtxPtr, ownsHandle: false))
                    using (X509Chain chain = new X509Chain())
                    {
                        chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
                        chain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;

                        IntPtr leafCertPtr = Interop.Crypto.X509StoreCtxGetTargetCert(storeCtx);

                        if (IntPtr.Zero == leafCertPtr)
                        {
                            Debug.Fail("Invalid target certificate");
                            return(-1);
                        }

                        using (SafeSharedX509StackHandle extraStack = Interop.Crypto.X509StoreCtxGetSharedUntrusted(storeCtx))
                        {
                            int extraSize = extraStack.IsInvalid ? 0 : Interop.Crypto.GetX509StackFieldCount(extraStack);
                            otherCerts = new List <X509Certificate2>(extraSize);

                            for (int i = 0; i < extraSize; i++)
                            {
                                IntPtr certPtr = Interop.Crypto.GetX509StackField(extraStack, i);

                                if (certPtr != IntPtr.Zero)
                                {
                                    X509Certificate2 cert = new X509Certificate2(certPtr);
                                    otherCerts.Add(cert);
                                    chain.ChainPolicy.ExtraStore.Add(cert);
                                }
                            }
                        }

                        using (X509Certificate2 leafCert = new X509Certificate2(leafCertPtr))
                        {
                            success = chain.Build(leafCert);
                            AddChannelBindingToken(leafCert, arg);
                        }
                    }

                foreach (X509Certificate2 otherCert in otherCerts)
                {
                    otherCert.Dispose();
                }

                return(success ? 1 : 0);
            }
예제 #4
0
        internal static OpenSslX509ChainProcessor InitiateChain(
            SafeX509Handle leafHandle,
            X509Certificate2Collection customTrustStore,
            X509ChainTrustMode trustMode,
            DateTime verificationTime,
            TimeSpan remainingDownloadTime)
        {
            CachedSystemStoreProvider.GetNativeCollections(
                out SafeX509StackHandle systemTrust,
                out SafeX509StackHandle systemIntermediate);

            SafeX509StoreHandle    store     = null;
            SafeX509StackHandle    untrusted = null;
            SafeX509StoreCtxHandle storeCtx  = null;

            try
            {
                untrusted = Interop.Crypto.NewX509Stack();
                Interop.Crypto.X509StackAddMultiple(untrusted, s_userIntermediateStore.GetNativeCollection());
                Interop.Crypto.X509StackAddMultiple(untrusted, s_userPersonalStore.GetNativeCollection());

                store = GetTrustStore(trustMode, customTrustStore, untrusted, systemTrust);

                Interop.Crypto.X509StackAddMultiple(untrusted, systemIntermediate);
                Interop.Crypto.X509StoreSetVerifyTime(store, verificationTime);

                storeCtx = Interop.Crypto.X509StoreCtxCreate();

                if (!Interop.Crypto.X509StoreCtxInit(storeCtx, store, leafHandle, untrusted))
                {
                    throw Interop.Crypto.CreateOpenSslCryptographicException();
                }

                return(new OpenSslX509ChainProcessor(
                           leafHandle,
                           store,
                           untrusted,
                           storeCtx,
                           verificationTime,
                           remainingDownloadTime));
            }
            catch
            {
                store?.Dispose();
                untrusted?.Dispose();
                storeCtx?.Dispose();
                throw;
            }
        }
예제 #5
0
 private OpenSslX509ChainProcessor(
     SafeX509Handle leafHandle,
     SafeX509StoreHandle store,
     SafeX509StackHandle untrusted,
     SafeX509StoreCtxHandle storeCtx,
     DateTime verificationTime,
     TimeSpan remainingDownloadTime)
 {
     _leafHandle            = leafHandle;
     _store                 = store;
     _untrustedLookup       = untrusted;
     _storeCtx              = storeCtx;
     _verificationTime      = verificationTime;
     _remainingDownloadTime = remainingDownloadTime;
 }
예제 #6
0
        internal static void X509StoreCtxResetForSignatureError(
            SafeX509StoreCtxHandle ctx,
            out SafeX509StoreHandle?newStore)
        {
            if (CryptoNative_X509StoreCtxResetForSignatureError(ctx, out newStore) != 1)
            {
                newStore.Dispose();
                newStore = null;
                throw CreateOpenSslCryptographicException();
            }

            if (newStore.IsInvalid)
            {
                newStore.Dispose();
                newStore = null;
            }
        }
예제 #7
0
        internal static OpenSslX509ChainProcessor InitiateChain(
            SafeX509Handle leafHandle,
            DateTime verificationTime,
            TimeSpan remainingDownloadTime)
        {
            SafeX509StackHandle systemTrust        = StorePal.GetMachineRoot().GetNativeCollection();
            SafeX509StackHandle systemIntermediate = StorePal.GetMachineIntermediate().GetNativeCollection();

            SafeX509StoreHandle    store     = null;
            SafeX509StackHandle    untrusted = null;
            SafeX509StoreCtxHandle storeCtx  = null;

            try
            {
                store = Interop.Crypto.X509ChainNew(systemTrust, s_userRootPath);

                untrusted = Interop.Crypto.NewX509Stack();
                Interop.Crypto.X509StackAddDirectoryStore(untrusted, s_userIntermediatePath);
                Interop.Crypto.X509StackAddDirectoryStore(untrusted, s_userPersonalPath);
                Interop.Crypto.X509StackAddMultiple(untrusted, systemIntermediate);
                Interop.Crypto.X509StoreSetVerifyTime(store, verificationTime);

                storeCtx = Interop.Crypto.X509StoreCtxCreate();

                if (!Interop.Crypto.X509StoreCtxInit(storeCtx, store, leafHandle, untrusted))
                {
                    throw Interop.Crypto.CreateOpenSslCryptographicException();
                }

                return(new OpenSslX509ChainProcessor(
                           leafHandle,
                           store,
                           untrusted,
                           storeCtx,
                           verificationTime,
                           remainingDownloadTime));
            }
            catch
            {
                store?.Dispose();
                untrusted?.Dispose();
                storeCtx?.Dispose();
                throw;
            }
        }
예제 #8
0
        internal static void SetX509ChainVerifyTime(SafeX509StoreCtxHandle ctx, DateTime verifyTime)
        {
            // OpenSSL is going to convert our input time to universal, so we should be in Local or
            // Unspecified (local-assumed).
            Debug.Assert(verifyTime.Kind != DateTimeKind.Utc, "UTC verifyTime should have been normalized to Local");

            int succeeded = SetX509ChainVerifyTime(
                ctx,
                verifyTime.Year,
                verifyTime.Month,
                verifyTime.Day,
                verifyTime.Hour,
                verifyTime.Minute,
                verifyTime.Second,
                verifyTime.IsDaylightSavingTime());

            if (succeeded != 1)
            {
                throw Interop.Crypto.CreateOpenSslCryptographicException();
            }
        }
            internal int VerifyCallback(int ok, IntPtr ctx)
            {
                if (ok != 0)
                {
                    return(ok);
                }

                try
                {
                    using (var storeCtx = new SafeX509StoreCtxHandle(ctx, ownsHandle: false))
                    {
                        Interop.Crypto.X509VerifyStatusCode errorCode = Interop.Crypto.X509StoreCtxGetError(storeCtx);
                        int errorDepth = Interop.Crypto.X509StoreCtxGetErrorDepth(storeCtx);

                        // We don't report "OK" as an error.
                        // For compatibility with Windows / .NET Framework, do not report X509_V_CRL_NOT_YET_VALID.
                        if (errorCode != Interop.Crypto.X509VerifyStatusCode.X509_V_OK &&
                            errorCode != Interop.Crypto.X509VerifyStatusCode.X509_V_ERR_CRL_NOT_YET_VALID)
                        {
                            while (Errors.Count <= errorDepth)
                            {
                                Errors.Add(null);
                            }

                            if (Errors[errorDepth] == null)
                            {
                                Errors[errorDepth] = new List <Interop.Crypto.X509VerifyStatusCode>();
                            }

                            Errors[errorDepth].Add(errorCode);
                        }
                    }

                    return(1);
                }
                catch
                {
                    return(-1);
                }
            }
예제 #10
0
        internal static void SetX509ChainVerifyTime(SafeX509StoreCtxHandle ctx, DateTime verifyTime)
        {
            // Let Unspecified mean Local, so only convert if the source was UTC.
            if (verifyTime.Kind == DateTimeKind.Utc)
            {
                verifyTime = verifyTime.ToLocalTime();
            }

            int succeeded = SetX509ChainVerifyTime(
                ctx,
                verifyTime.Year,
                verifyTime.Month,
                verifyTime.Day,
                verifyTime.Hour,
                verifyTime.Minute,
                verifyTime.Second,
                verifyTime.IsDaylightSavingTime());

            if (succeeded != 1)
            {
                throw Interop.libcrypto.CreateOpenSslCryptographicException();
            }
        }
예제 #11
0
            internal int VerifyCallback(int ok, IntPtr ctx)
            {
                if (ok < 0)
                {
                    return(ok);
                }

                try
                {
                    using (var storeCtx = new SafeX509StoreCtxHandle(ctx, ownsHandle: false))
                    {
                        Interop.Crypto.X509VerifyStatusCode errorCode = Interop.Crypto.X509StoreCtxGetError(storeCtx);
                        int errorDepth = Interop.Crypto.X509StoreCtxGetErrorDepth(storeCtx);

                        if (errorCode != Interop.Crypto.X509VerifyStatusCode.X509_V_OK)
                        {
                            while (Errors.Count <= errorDepth)
                            {
                                Errors.Add(null);
                            }

                            if (Errors[errorDepth] == null)
                            {
                                Errors[errorDepth] = new List <Interop.Crypto.X509VerifyStatusCode>();
                            }

                            Errors[errorDepth].Add(errorCode);
                        }
                    }

                    return(1);
                }
                catch
                {
                    return(-1);
                }
            }
예제 #12
0
 private static partial int CryptoNative_X509ChainVerifyOcsp(
     SafeX509StoreCtxHandle ctx,
     SafeOcspRequestHandle req,
     SafeOcspResponseHandle resp,
     string cachePath,
     int chainDepth);
예제 #13
0
 private static partial int CryptoNative_X509ChainGetCachedOcspStatus(
     SafeX509StoreCtxHandle ctx,
     string cachePath,
     int chainDepth);
예제 #14
0
 internal static extern void X509StoreCtxSetVerifyCallback(SafeX509StoreCtxHandle ctx, X509StoreVerifyCallback callback);
예제 #15
0
 internal static extern int X509StoreCtxGetErrorDepth(SafeX509StoreCtxHandle ctx);
예제 #16
0
 private static extern int CryptoNative_X509StoreCtxRebuildChain(SafeX509StoreCtxHandle ctx);
예제 #17
0
 private static extern int CryptoNative_X509StoreCtxReset(SafeX509StoreCtxHandle ctx);
예제 #18
0
 internal static extern X509VerifyStatusCode X509StoreCtxGetError(SafeX509StoreCtxHandle ctx);
예제 #19
0
 private static extern int CryptoNative_X509VerifyCert(SafeX509StoreCtxHandle ctx);
예제 #20
0
 internal static extern bool X509_STORE_CTX_init(SafeX509StoreCtxHandle ctx, SafeX509StoreHandle store, SafeX509Handle x509, IntPtr zero);
예제 #21
0
 internal static extern X509VerifyStatusCode X509_STORE_CTX_get_error(SafeX509StoreCtxHandle ctx);
예제 #22
0
 private static partial SafeOcspRequestHandle CryptoNative_X509ChainBuildOcspRequest(
     SafeX509StoreCtxHandle storeCtx,
     int chainDepth);
예제 #23
0
 internal static extern SafeX509StackHandle X509StoreCtxGetChain(SafeX509StoreCtxHandle ctx);
예제 #24
0
 internal static extern bool X509StoreCtxInit(SafeX509StoreCtxHandle ctx, SafeX509StoreHandle store, SafeX509Handle x509);
예제 #25
0
 internal static extern SafeX509StackHandle X509_STORE_CTX_get1_chain(SafeX509StoreCtxHandle ctx);
예제 #26
0
 internal static extern int X509VerifyCert(SafeX509StoreCtxHandle ctx);
예제 #27
0
 internal static extern int X509_STORE_CTX_get_error_depth(SafeX509StoreCtxHandle ctx);
예제 #28
0
 private static partial int CryptoNative_X509ChainHasStapledOcsp(SafeX509StoreCtxHandle storeCtx);
예제 #29
0
 internal static extern int X509_verify_cert(SafeX509StoreCtxHandle ctx);
예제 #30
0
 internal static extern bool X509StoreCtxInit(
     SafeX509StoreCtxHandle ctx,
     SafeX509StoreHandle store,
     SafeX509Handle x509,
     SafeX509StackHandle extraCerts);