private static int VerifyCertChain(IntPtr storeCtxPtr, IntPtr curlPtr)
{
const int SuccessResult = 1, FailureResult = 0;
EasyRequest easy;
if (!TryGetEasyRequest(curlPtr, out easy))
{
EventSourceTrace("Could not find associated easy request: {0}", curlPtr);
return(FailureResult);
}
var storeCtx = new SafeX509StoreCtxHandle(storeCtxPtr, ownsHandle: false);
try
{
return(VerifyCertChain(storeCtx, easy) ? SuccessResult : FailureResult);
}
catch (Exception exc)
{
EventSourceTrace("Unexpected exception: {0}", exc, easy: easy);
easy.FailRequest(CreateHttpRequestException(new CurlException((int)CURLcode.CURLE_ABORTED_BY_CALLBACK, exc)));
return(FailureResult);
}
finally
{
storeCtx.Dispose();
}
}
public void Dispose()
{
_storeCtx?.Dispose();
_untrustedLookup?.Dispose();
_store?.Dispose();
// We don't own this one.
_leafHandle = null;
}
internal static OpenSslX509ChainProcessor InitiateChain(
SafeX509Handle leafHandle,
X509Certificate2Collection customTrustStore,
X509ChainTrustMode trustMode,
DateTime verificationTime,
TimeSpan remainingDownloadTime)
{
CachedSystemStoreProvider.GetNativeCollections(
out SafeX509StackHandle systemTrust,
out SafeX509StackHandle systemIntermediate);
SafeX509StoreHandle store = null;
SafeX509StackHandle untrusted = null;
SafeX509StoreCtxHandle storeCtx = null;
try
{
untrusted = Interop.Crypto.NewX509Stack();
Interop.Crypto.X509StackAddMultiple(untrusted, s_userIntermediateStore.GetNativeCollection());
Interop.Crypto.X509StackAddMultiple(untrusted, s_userPersonalStore.GetNativeCollection());
store = GetTrustStore(trustMode, customTrustStore, untrusted, systemTrust);
Interop.Crypto.X509StackAddMultiple(untrusted, systemIntermediate);
Interop.Crypto.X509StoreSetVerifyTime(store, verificationTime);
storeCtx = Interop.Crypto.X509StoreCtxCreate();
if (!Interop.Crypto.X509StoreCtxInit(storeCtx, store, leafHandle, untrusted))
{
throw Interop.Crypto.CreateOpenSslCryptographicException();
}
return(new OpenSslX509ChainProcessor(
leafHandle,
store,
untrusted,
storeCtx,
verificationTime,
remainingDownloadTime));
}
catch
{
store?.Dispose();
untrusted?.Dispose();
storeCtx?.Dispose();
throw;
}
}
internal static OpenSslX509ChainProcessor InitiateChain(
SafeX509Handle leafHandle,
DateTime verificationTime,
TimeSpan remainingDownloadTime)
{
SafeX509StackHandle systemTrust = StorePal.GetMachineRoot().GetNativeCollection();
SafeX509StackHandle systemIntermediate = StorePal.GetMachineIntermediate().GetNativeCollection();
SafeX509StoreHandle store = null;
SafeX509StackHandle untrusted = null;
SafeX509StoreCtxHandle storeCtx = null;
try
{
store = Interop.Crypto.X509ChainNew(systemTrust, s_userRootPath);
untrusted = Interop.Crypto.NewX509Stack();
Interop.Crypto.X509StackAddDirectoryStore(untrusted, s_userIntermediatePath);
Interop.Crypto.X509StackAddDirectoryStore(untrusted, s_userPersonalPath);
Interop.Crypto.X509StackAddMultiple(untrusted, systemIntermediate);
Interop.Crypto.X509StoreSetVerifyTime(store, verificationTime);
storeCtx = Interop.Crypto.X509StoreCtxCreate();
if (!Interop.Crypto.X509StoreCtxInit(storeCtx, store, leafHandle, untrusted))
{
throw Interop.Crypto.CreateOpenSslCryptographicException();
}
return(new OpenSslX509ChainProcessor(
leafHandle,
store,
untrusted,
storeCtx,
verificationTime,
remainingDownloadTime));
}
catch
{
store?.Dispose();
untrusted?.Dispose();
storeCtx?.Dispose();
throw;
}
}