public static extern IntPtr CertCreateSelfSignCertificate( IntPtr hProv, ref CERT_NAME_BLOB pSubjectIssuerBlob, uint dwFlagsm, ref CRYPT_KEY_PROV_INFO pKeyProvInfo, IntPtr pSignatureAlgorithm, IntPtr pStartTime, IntPtr pEndTime, IntPtr other) ;
public static extern IntPtr CertCreateSelfSignCertificate(
IntPtr hProv,
ref CERT_NAME_BLOB pSubjectIssuerBlob,
uint dwFlagsm,
ref CRYPT_KEY_PROV_INFO pKeyProvInfo,
IntPtr pSignatureAlgorithm,
IntPtr pStartTime,
IntPtr pEndTime,
IntPtr other);
private static IntPtr CreateUnsignedCertCntxt(
string keycontainer,
string provider,
uint KEYSPEC,
uint cspflags,
string DN)
{
IntPtr zero = IntPtr.Zero;
byte[] numArray = (byte[])null;
uint pcbEncoded = 0;
if (provider != "Microsoft Base Cryptographic Provider v1.0" && provider != "Microsoft Strong Cryptographic Provider" && provider != "Microsoft Enhanced Cryptographic Provider v1.0" || (keycontainer == "" || KEYSPEC != 2U && KEYSPEC != 1U) || (cspflags != 0U && cspflags != 32U || DN == ""))
{
return(IntPtr.Zero);
}
if (Win32.CertStrToName(1U, DN, 3U, IntPtr.Zero, (byte[])null, ref pcbEncoded, IntPtr.Zero))
{
numArray = new byte[pcbEncoded];
Win32.CertStrToName(1U, DN, 3U, IntPtr.Zero, numArray, ref pcbEncoded, IntPtr.Zero);
}
CERT_NAME_BLOB pSubjectIssuerBlob = new CERT_NAME_BLOB();
pSubjectIssuerBlob.pbData = Marshal.AllocHGlobal(numArray.Length);
Marshal.Copy(numArray, 0, pSubjectIssuerBlob.pbData, numArray.Length);
pSubjectIssuerBlob.cbData = numArray.Length;
var x = new CRYPT_KEY_PROV_INFO()
{
pwszContainerName = keycontainer,
pwszProvName = provider,
dwProvType = 1U,
dwFlags = cspflags,
cProvParam = 0U,
rgProvParam = IntPtr.Zero,
dwKeySpec = KEYSPEC
};
IntPtr selfSignCertificate = Win32.CertCreateSelfSignCertificate(IntPtr.Zero, ref pSubjectIssuerBlob, 1U, ref x, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero);
if (selfSignCertificate == IntPtr.Zero)
{
opensslkey.showWin32Error(Marshal.GetLastWin32Error());
}
Marshal.FreeHGlobal(pSubjectIssuerBlob.pbData);
return(selfSignCertificate);
}
private static IntPtr CreateUnsignedCertCntxt(String keycontainer, String provider, uint KEYSPEC, uint cspflags, String DN)
{
const uint AT_KEYEXCHANGE = 0x00000001;
const uint AT_SIGNATURE = 0x00000002;
const uint CRYPT_MACHINE_KEYSET = 0x00000020;
const uint PROV_RSA_FULL = 0x00000001;
const String MS_DEF_PROV = "Microsoft Base Cryptographic Provider v1.0";
const String MS_STRONG_PROV = "Microsoft Strong Cryptographic Provider";
const String MS_ENHANCED_PROV = "Microsoft Enhanced Cryptographic Provider v1.0";
const uint CERT_CREATE_SELFSIGN_NO_SIGN = 1 ;
const uint X509_ASN_ENCODING = 0x00000001;
const uint CERT_X500_NAME_STR = 3;
IntPtr hCertCntxt = IntPtr.Zero;
byte[] encodedName = null;
uint cbName = 0;
if( provider != MS_DEF_PROV && provider != MS_STRONG_PROV && provider != MS_ENHANCED_PROV)
return IntPtr.Zero;
if(keycontainer == "")
return IntPtr.Zero;
if( KEYSPEC != AT_SIGNATURE && KEYSPEC != AT_KEYEXCHANGE)
return IntPtr.Zero;
if(cspflags != 0 && cspflags != CRYPT_MACHINE_KEYSET) //only 0 (Current User) keyset is currently used.
return IntPtr.Zero;
if (DN == "")
return IntPtr.Zero;
if(Win32.CertStrToName(X509_ASN_ENCODING, DN, CERT_X500_NAME_STR, IntPtr.Zero, null, ref cbName, IntPtr.Zero))
{
encodedName = new byte[cbName] ;
Win32.CertStrToName(X509_ASN_ENCODING, DN, CERT_X500_NAME_STR, IntPtr.Zero, encodedName, ref cbName, IntPtr.Zero);
}
CERT_NAME_BLOB subjectblob = new CERT_NAME_BLOB();
subjectblob.pbData = Marshal.AllocHGlobal(encodedName.Length);
Marshal.Copy(encodedName, 0, subjectblob.pbData, encodedName.Length);
subjectblob.cbData = encodedName.Length;
CRYPT_KEY_PROV_INFO pInfo = new CRYPT_KEY_PROV_INFO();
pInfo.pwszContainerName = keycontainer;
pInfo.pwszProvName = provider;
pInfo.dwProvType = PROV_RSA_FULL;
pInfo.dwFlags = cspflags;
pInfo.cProvParam = 0;
pInfo.rgProvParam = IntPtr.Zero;
pInfo.dwKeySpec = KEYSPEC;
hCertCntxt = Win32.CertCreateSelfSignCertificate(IntPtr.Zero, ref subjectblob, CERT_CREATE_SELFSIGN_NO_SIGN, ref pInfo, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero);
if(hCertCntxt == IntPtr.Zero)
showWin32Error(Marshal.GetLastWin32Error());
Marshal.FreeHGlobal(subjectblob.pbData);
return hCertCntxt ;
}
private bool GetRecipientPVKProps(String searchstr)
{
IntPtr hSysStore = IntPtr.Zero;
IntPtr hCertCntxt = IntPtr.Zero;
IntPtr pProvInfo = IntPtr.Zero;
uint provinfosize = 0;
string searchstore = "MY"; //only include MY store
bool gotpvkprops = false;
uint openflags = CERT_SYSTEM_STORE_CURRENT_USER |
CERT_STORE_READONLY_FLAG |
CERT_STORE_OPEN_EXISTING_FLAG;
hSysStore = Win32.CertOpenStore("System", ENCODING_TYPE, IntPtr.Zero, openflags, searchstore);
if (hSysStore == IntPtr.Zero)
{
Console.WriteLine("Failed to open system store {0}", searchstore);
return(false);
}
//--- only accept the first matching certificate ----
hCertCntxt = Win32.CertFindCertificateInStore(
hSysStore,
ENCODING_TYPE,
0,
CERT_FIND_SUBJECT_STR,
searchstr,
IntPtr.Zero);
if (hCertCntxt == IntPtr.Zero)
{
Win32.CertCloseStore(hSysStore, 0);
return(gotpvkprops);
}
if (!Win32.CertGetCertificateContextProperty(hCertCntxt, CERT_KEY_PROV_INFO_PROP_ID, IntPtr.Zero, ref provinfosize))
{
if (hCertCntxt != IntPtr.Zero)
{
Win32.CertFreeCertificateContext(hCertCntxt);
}
Win32.CertCloseStore(hSysStore, 0);
return(gotpvkprops);
}
pProvInfo = Marshal.AllocHGlobal((int)provinfosize);
if (Win32.CertGetCertificateContextProperty(hCertCntxt, CERT_KEY_PROV_INFO_PROP_ID, pProvInfo, ref provinfosize))
{
CRYPT_KEY_PROV_INFO ckinfo = (CRYPT_KEY_PROV_INFO)Marshal.PtrToStructure(pProvInfo, typeof(CRYPT_KEY_PROV_INFO));
Marshal.FreeHGlobal(pProvInfo);
this.recipcert = new X509Certificate(hCertCntxt);
this.keycontainer = ckinfo.ContainerName;
this.RSAkeytype = (int)ckinfo.KeySpec;
gotpvkprops = true; // only way for valid return
}
else
{
Marshal.FreeHGlobal(pProvInfo);
}
//------- Clean Up -----------
if (hCertCntxt != IntPtr.Zero)
{
Win32.CertFreeCertificateContext(hCertCntxt);
}
if (hSysStore != IntPtr.Zero)
{
Win32.CertCloseStore(hSysStore, 0);
}
return(gotpvkprops);
}
