internal static int VerifyCertificate(System.Security.Cryptography.SafeCertContextHandle pCertContext, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout, X509Certificate2Collection extraStore, IntPtr pszPolicy, IntPtr pdwErrorStatus) { if ((pCertContext == null) || pCertContext.IsInvalid) { throw new ArgumentException("pCertContext"); } System.Security.Cryptography.CAPI.CERT_CHAIN_POLICY_PARA pPolicyPara = new System.Security.Cryptography.CAPI.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CERT_CHAIN_POLICY_PARA))); System.Security.Cryptography.CAPI.CERT_CHAIN_POLICY_STATUS pPolicyStatus = new System.Security.Cryptography.CAPI.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CERT_CHAIN_POLICY_STATUS))); System.Security.Cryptography.SafeCertChainHandle invalidHandle = System.Security.Cryptography.SafeCertChainHandle.InvalidHandle; int num = BuildChain(new IntPtr(0L), pCertContext, extraStore, applicationPolicy, certificatePolicy, revocationMode, revocationFlag, verificationTime, timeout, ref invalidHandle); if (num != 0) { return(num); } if (!System.Security.Cryptography.CAPI.CAPISafe.CertVerifyCertificateChainPolicy(pszPolicy, invalidHandle, ref pPolicyPara, ref pPolicyStatus)) { return(Marshal.GetHRForLastWin32Error()); } if (pdwErrorStatus != IntPtr.Zero) { pdwErrorStatus[0] = (IntPtr)pPolicyStatus.dwError; } if (pPolicyStatus.dwError == 0) { return(0); } return(1); }
public X509Chain(bool useMachineContext) { this.m_syncRoot = new object(); this.m_status = 0; this.m_chainPolicy = null; this.m_chainStatus = null; this.m_chainElementCollection = new X509ChainElementCollection(); this.m_safeCertChainHandle = SafeCertChainHandle.InvalidHandle; this.m_useMachineContext = useMachineContext; }
public X509Chain(IntPtr chainContext) { this.m_syncRoot = new object(); if (chainContext == IntPtr.Zero) { throw new ArgumentNullException("chainContext"); } this.m_safeCertChainHandle = CAPISafe.CertDuplicateCertificateChain(chainContext); if ((this.m_safeCertChainHandle == null) || (this.m_safeCertChainHandle == SafeCertChainHandle.InvalidHandle)) { throw new CryptographicException(SR.GetString("Cryptography_InvalidContextHandle"), "chainContext"); } this.Init(); }
internal static unsafe int BuildChain (IntPtr hChainEngine, SafeCertContextHandle pCertContext, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout, ref SafeCertChainHandle ppChainContext) { if (pCertContext == null || pCertContext.IsInvalid) throw new ArgumentException(SecurityResources.GetResourceString("Cryptography_InvalidContextHandle"), "pCertContext"); SafeCertStoreHandle hCertStore = SafeCertStoreHandle.InvalidHandle; if (extraStore != null && extraStore.Count > 0) hCertStore = X509Utils.ExportToMemoryStore(extraStore); CAPI.CERT_CHAIN_PARA ChainPara = new CAPI.CERT_CHAIN_PARA(); // Initialize the structure size. ChainPara.cbSize = (uint) Marshal.SizeOf(ChainPara); // Application policy SafeLocalAllocHandle applicationPolicyHandle = SafeLocalAllocHandle.InvalidHandle; if (applicationPolicy != null && applicationPolicy.Count > 0) { ChainPara.RequestedUsage.dwType = CAPI.USAGE_MATCH_TYPE_AND; ChainPara.RequestedUsage.Usage.cUsageIdentifier = (uint) applicationPolicy.Count; applicationPolicyHandle = X509Utils.CopyOidsToUnmanagedMemory(applicationPolicy); ChainPara.RequestedUsage.Usage.rgpszUsageIdentifier = applicationPolicyHandle.DangerousGetHandle(); } // Certificate policy SafeLocalAllocHandle certificatePolicyHandle = SafeLocalAllocHandle.InvalidHandle; if (certificatePolicy != null && certificatePolicy.Count > 0) { ChainPara.RequestedIssuancePolicy.dwType = CAPI.USAGE_MATCH_TYPE_AND; ChainPara.RequestedIssuancePolicy.Usage.cUsageIdentifier = (uint) certificatePolicy.Count; certificatePolicyHandle = X509Utils.CopyOidsToUnmanagedMemory(certificatePolicy); ChainPara.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = certificatePolicyHandle.DangerousGetHandle(); } ChainPara.dwUrlRetrievalTimeout = (uint) timeout.Milliseconds; _FILETIME ft = new _FILETIME(); *((long*) &ft) = verificationTime.ToFileTime(); uint flags = X509Utils.MapRevocationFlags(revocationMode, revocationFlag); // Build the chain. if (!CAPI.CAPISafe.CertGetCertificateChain(hChainEngine, pCertContext, ref ft, hCertStore, ref ChainPara, flags, IntPtr.Zero, ref ppChainContext)) return Marshal.GetHRForLastWin32Error(); applicationPolicyHandle.Dispose(); certificatePolicyHandle.Dispose(); return CAPI.S_OK; }
internal static unsafe int BuildChain(IntPtr hChainEngine, System.Security.Cryptography.SafeCertContextHandle pCertContext, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout, ref SafeCertChainHandle ppChainContext) { CAPIBase.CERT_CHAIN_PARA cert_chain_para; if ((pCertContext == null) || pCertContext.IsInvalid) { throw new ArgumentException(SR.GetString("Cryptography_InvalidContextHandle"), "pCertContext"); } System.Security.Cryptography.SafeCertStoreHandle invalidHandle = System.Security.Cryptography.SafeCertStoreHandle.InvalidHandle; if ((extraStore != null) && (extraStore.Count > 0)) { invalidHandle = System.Security.Cryptography.X509Certificates.X509Utils.ExportToMemoryStore(extraStore); } cert_chain_para = new CAPIBase.CERT_CHAIN_PARA { cbSize = (uint) Marshal.SizeOf(cert_chain_para) }; SafeLocalAllocHandle handle2 = SafeLocalAllocHandle.InvalidHandle; if ((applicationPolicy != null) && (applicationPolicy.Count > 0)) { cert_chain_para.RequestedUsage.dwType = 0; cert_chain_para.RequestedUsage.Usage.cUsageIdentifier = (uint) applicationPolicy.Count; handle2 = System.Security.Cryptography.X509Certificates.X509Utils.CopyOidsToUnmanagedMemory(applicationPolicy); cert_chain_para.RequestedUsage.Usage.rgpszUsageIdentifier = handle2.DangerousGetHandle(); } SafeLocalAllocHandle handle3 = SafeLocalAllocHandle.InvalidHandle; if ((certificatePolicy != null) && (certificatePolicy.Count > 0)) { cert_chain_para.RequestedIssuancePolicy.dwType = 0; cert_chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = (uint) certificatePolicy.Count; handle3 = System.Security.Cryptography.X509Certificates.X509Utils.CopyOidsToUnmanagedMemory(certificatePolicy); cert_chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = handle3.DangerousGetHandle(); } cert_chain_para.dwUrlRetrievalTimeout = (uint) timeout.Milliseconds; System.Runtime.InteropServices.ComTypes.FILETIME pTime = new System.Runtime.InteropServices.ComTypes.FILETIME(); *((long*) &pTime) = verificationTime.ToFileTime(); uint dwFlags = System.Security.Cryptography.X509Certificates.X509Utils.MapRevocationFlags(revocationMode, revocationFlag); if (!CAPISafe.CertGetCertificateChain(hChainEngine, pCertContext, ref pTime, invalidHandle, ref cert_chain_para, dwFlags, IntPtr.Zero, ref ppChainContext)) { return Marshal.GetHRForLastWin32Error(); } handle2.Dispose(); handle3.Dispose(); return 0; }
public void Reset() { this.m_status = 0; this.m_chainStatus = null; this.m_chainElementCollection = new X509ChainElementCollection(); if (!this.m_safeCertChainHandle.IsInvalid) { this.m_safeCertChainHandle.Dispose(); this.m_safeCertChainHandle = SafeCertChainHandle.InvalidHandle; } }
public X509Chain (bool useMachineContext) { m_status = 0; m_chainPolicy = null; m_chainStatus = null; m_chainElementCollection = new X509ChainElementCollection(); m_safeCertChainHandle = SafeCertChainHandle.InvalidHandle; m_useMachineContext = useMachineContext; }
public X509Chain (IntPtr chainContext) { if (chainContext == IntPtr.Zero) throw new ArgumentNullException("chainContext"); m_safeCertChainHandle = CAPI.CertDuplicateCertificateChain(chainContext); if (m_safeCertChainHandle == null || m_safeCertChainHandle == SafeCertChainHandle.InvalidHandle) throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidContextHandle), "chainContext"); Init(); }
internal static extern bool CertVerifyCertificateChainPolicy([In] IntPtr pszPolicyOID, [In] SafeCertChainHandle pChainContext, [In] ref CAPIBase.CERT_CHAIN_POLICY_PARA pPolicyPara, [In, Out] ref CAPIBase.CERT_CHAIN_POLICY_STATUS pPolicyStatus);
internal static extern bool CertGetCertificateChain([In] IntPtr hChainEngine, [In] SafeCertContextHandle pCertContext, [In] ref System.Runtime.InteropServices.ComTypes.FILETIME pTime, [In] SafeCertStoreHandle hAdditionalStore, [In] ref CAPIBase.CERT_CHAIN_PARA pChainPara, [In] uint dwFlags, [In] IntPtr pvReserved, [In, Out] ref SafeCertChainHandle ppChainContext);
internal static extern SafeCertChainHandle CertDuplicateCertificateChain([In] SafeCertChainHandle pChainContext);
static unsafe void BuildChain(IntPtr hChainEngine, IntPtr pCertContext, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout, out SafeCertChainHandle ppChainContext) { SafeCertStoreHandle hCertStore = ExportToMemoryStore(extraStore, pCertContext); CAPI.CERT_CHAIN_PARA ChainPara = new CAPI.CERT_CHAIN_PARA(); ChainPara.cbSize = (uint)Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_PARA)); // Application policy SafeHGlobalHandle applicationPolicyHandle = SafeHGlobalHandle.InvalidHandle; SafeHGlobalHandle certificatePolicyHandle = SafeHGlobalHandle.InvalidHandle; try { if (applicationPolicy != null && applicationPolicy.Count > 0) { ChainPara.RequestedUsage.dwType = CAPI.USAGE_MATCH_TYPE_AND; ChainPara.RequestedUsage.Usage.cUsageIdentifier = (uint)applicationPolicy.Count; applicationPolicyHandle = CopyOidsToUnmanagedMemory(applicationPolicy); ChainPara.RequestedUsage.Usage.rgpszUsageIdentifier = applicationPolicyHandle.DangerousGetHandle(); } // Certificate policy if (certificatePolicy != null && certificatePolicy.Count > 0) { ChainPara.RequestedIssuancePolicy.dwType = CAPI.USAGE_MATCH_TYPE_AND; ChainPara.RequestedIssuancePolicy.Usage.cUsageIdentifier = (uint)certificatePolicy.Count; certificatePolicyHandle = CopyOidsToUnmanagedMemory(certificatePolicy); ChainPara.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = certificatePolicyHandle.DangerousGetHandle(); } ChainPara.dwUrlRetrievalTimeout = (uint)timeout.Milliseconds; FILETIME ft = new FILETIME(); *((long*)&ft) = verificationTime.ToFileTime(); uint flags = MapRevocationFlags(revocationMode, revocationFlag); // Build the chain. if (!CAPI.CertGetCertificateChain(hChainEngine, pCertContext, ref ft, hCertStore, ref ChainPara, flags, IntPtr.Zero, out ppChainContext)) { int error = Marshal.GetLastWin32Error(); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(error)); } } finally { if (applicationPolicyHandle != null) applicationPolicyHandle.Dispose(); if (certificatePolicyHandle != null) certificatePolicyHandle.Dispose(); hCertStore.Close(); } }
private unsafe void Verify(X509Certificate2Collection extraStore, X509Certificate2 certificate, bool verifySignatureOnly) { System.Security.Cryptography.SafeLocalAllocHandle invalidHandle = System.Security.Cryptography.SafeLocalAllocHandle.InvalidHandle; System.Security.Cryptography.CAPI.CERT_CONTEXT cert_context = (System.Security.Cryptography.CAPI.CERT_CONTEXT)Marshal.PtrToStructure(System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(certificate).DangerousGetHandle(), typeof(System.Security.Cryptography.CAPI.CERT_CONTEXT)); IntPtr ptr = new IntPtr(((long)cert_context.pCertInfo) + ((long)Marshal.OffsetOf(typeof(System.Security.Cryptography.CAPI.CERT_INFO), "SubjectPublicKeyInfo"))); IntPtr ptr2 = new IntPtr(((long)ptr) + ((long)Marshal.OffsetOf(typeof(System.Security.Cryptography.CAPI.CERT_PUBLIC_KEY_INFO), "Algorithm"))); IntPtr ptr3 = new IntPtr(((long)ptr2) + ((long)Marshal.OffsetOf(typeof(System.Security.Cryptography.CAPI.CRYPT_ALGORITHM_IDENTIFIER), "Parameters"))); IntPtr pvKey = Marshal.ReadIntPtr(ptr2); if (System.Security.Cryptography.CAPI.CryptFindOIDInfo(1, pvKey, 3).Algid == 0x2200) { bool flag = false; IntPtr ptr5 = new IntPtr(((long)ptr3) + ((long)Marshal.OffsetOf(typeof(System.Security.Cryptography.CAPI.CRYPTOAPI_BLOB), "cbData"))); IntPtr ptr6 = new IntPtr(((long)ptr3) + ((long)Marshal.OffsetOf(typeof(System.Security.Cryptography.CAPI.CRYPTOAPI_BLOB), "pbData"))); if (Marshal.ReadInt32(ptr5) == 0) { flag = true; } else if (Marshal.ReadIntPtr(ptr6) == IntPtr.Zero) { flag = true; } else if (Marshal.ReadInt32(Marshal.ReadIntPtr(ptr6)) == 5) { flag = true; } if (flag) { System.Security.Cryptography.SafeCertChainHandle ppChainContext = System.Security.Cryptography.SafeCertChainHandle.InvalidHandle; System.Security.Cryptography.X509Certificates.X509Utils.BuildChain(new IntPtr(0L), System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(certificate), null, null, null, X509RevocationMode.NoCheck, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), ref ppChainContext); ppChainContext.Dispose(); uint pcbData = 0; if (!System.Security.Cryptography.CAPI.CAPISafe.CertGetCertificateContextProperty(System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(certificate), 0x16, invalidHandle, ref pcbData)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } if (pcbData > 0) { invalidHandle = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr((long)pcbData)); if (!System.Security.Cryptography.CAPI.CAPISafe.CertGetCertificateContextProperty(System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(certificate), 0x16, invalidHandle, ref pcbData)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } Marshal.WriteInt32(ptr5, (int)pcbData); Marshal.WriteIntPtr(ptr6, invalidHandle.DangerousGetHandle()); } } } if (this.m_parentSignerInfo == null) { if (!System.Security.Cryptography.CAPI.CryptMsgControl(this.m_signedCms.GetCryptMsgHandle(), 0, 1, cert_context.pCertInfo)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } goto Label_02F4; } int num2 = -1; int hr = 0; Label_022F: try { num2 = PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this.m_parentSignerInfo, num2 + 1); } catch (CryptographicException) { if (hr == 0) { throw; } throw new CryptographicException(hr); } uint cbData = 0; System.Security.Cryptography.SafeLocalAllocHandle pvData = System.Security.Cryptography.SafeLocalAllocHandle.InvalidHandle; PkcsUtils.GetParam(this.m_signedCms.GetCryptMsgHandle(), 0x1c, (uint)num2, out pvData, out cbData); if (cbData == 0) { hr = -2146885618; goto Label_022F; } fixed(byte *numRef = this.m_encodedSignerInfo) { if (!System.Security.Cryptography.CAPI.CAPISafe.CryptMsgVerifyCountersignatureEncoded(IntPtr.Zero, 0x10001, pvData.DangerousGetHandle(), cbData, new IntPtr((void *)numRef), (uint)this.m_encodedSignerInfo.Length, cert_context.pCertInfo)) { hr = Marshal.GetLastWin32Error(); goto Label_022F; } } pvData.Dispose(); Label_02F4: if (!verifySignatureOnly) { int num5 = VerifyCertificate(certificate, extraStore); if (num5 != 0) { throw new CryptographicException(num5); } } invalidHandle.Dispose(); }
internal static unsafe int BuildChain(IntPtr hChainEngine, System.Security.Cryptography.SafeCertContextHandle pCertContext, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout, ref System.Security.Cryptography.SafeCertChainHandle ppChainContext) { System.Security.Cryptography.CAPI.CERT_CHAIN_PARA cert_chain_para; if ((pCertContext == null) || pCertContext.IsInvalid) { throw new ArgumentException(SecurityResources.GetResourceString("Cryptography_InvalidContextHandle"), "pCertContext"); } System.Security.Cryptography.SafeCertStoreHandle invalidHandle = System.Security.Cryptography.SafeCertStoreHandle.InvalidHandle; if ((extraStore != null) && (extraStore.Count > 0)) { invalidHandle = ExportToMemoryStore(extraStore); } cert_chain_para = new System.Security.Cryptography.CAPI.CERT_CHAIN_PARA { cbSize = (uint)Marshal.SizeOf(cert_chain_para) }; System.Security.Cryptography.SafeLocalAllocHandle handle2 = System.Security.Cryptography.SafeLocalAllocHandle.InvalidHandle; if ((applicationPolicy != null) && (applicationPolicy.Count > 0)) { cert_chain_para.RequestedUsage.dwType = 0; cert_chain_para.RequestedUsage.Usage.cUsageIdentifier = (uint)applicationPolicy.Count; handle2 = CopyOidsToUnmanagedMemory(applicationPolicy); cert_chain_para.RequestedUsage.Usage.rgpszUsageIdentifier = handle2.DangerousGetHandle(); } System.Security.Cryptography.SafeLocalAllocHandle handle3 = System.Security.Cryptography.SafeLocalAllocHandle.InvalidHandle; if ((certificatePolicy != null) && (certificatePolicy.Count > 0)) { cert_chain_para.RequestedIssuancePolicy.dwType = 0; cert_chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = (uint)certificatePolicy.Count; handle3 = CopyOidsToUnmanagedMemory(certificatePolicy); cert_chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = handle3.DangerousGetHandle(); } cert_chain_para.dwUrlRetrievalTimeout = (uint)timeout.Milliseconds; System.Runtime.InteropServices.ComTypes.FILETIME pTime = new System.Runtime.InteropServices.ComTypes.FILETIME(); *((long *)&pTime) = verificationTime.ToFileTime(); uint dwFlags = MapRevocationFlags(revocationMode, revocationFlag); if (!System.Security.Cryptography.CAPI.CAPISafe.CertGetCertificateChain(hChainEngine, pCertContext, ref pTime, invalidHandle, ref cert_chain_para, dwFlags, IntPtr.Zero, ref ppChainContext)) { return(Marshal.GetHRForLastWin32Error()); } handle2.Dispose(); handle3.Dispose(); return(0); }