internal static unsafe int VerifyCertificate(Cryptography.SafeCertContextHandle pCertContext,
OidCollection applicationPolicy,
OidCollection certificatePolicy,
X509RevocationMode revocationMode,
X509RevocationFlag revocationFlag,
DateTime verificationTime,
TimeSpan timeout,
X509Certificate2Collection extraStore,
IntPtr pszPolicy,
IntPtr pdwErrorStatus)
{
if (pCertContext == null || pCertContext.IsInvalid)
{
throw new ArgumentException("pCertContext");
}
CAPI.CERT_CHAIN_POLICY_PARA PolicyPara = new CAPI.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_POLICY_PARA)));
CAPI.CERT_CHAIN_POLICY_STATUS PolicyStatus = new CAPI.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_POLICY_STATUS)));
// Build the chain.
SafeX509ChainHandle pChainContext = SafeX509ChainHandle.InvalidHandle;
int hr = X509Chain.BuildChain(new IntPtr(CAPI.HCCE_CURRENT_USER),
pCertContext,
extraStore,
applicationPolicy,
certificatePolicy,
revocationMode,
revocationFlag,
verificationTime,
timeout,
ref pChainContext);
if (hr != CAPI.S_OK)
{
return(hr);
}
// Verify the chain using the specified policy.
if (CAPI.CertVerifyCertificateChainPolicy(pszPolicy, pChainContext, ref PolicyPara, ref PolicyStatus))
{
if (pdwErrorStatus != IntPtr.Zero)
{
*(uint *)pdwErrorStatus = PolicyStatus.dwError;
}
if (PolicyStatus.dwError != 0)
{
return(CAPI.S_FALSE);
}
}
else
{
// The API failed.
return(Marshal.GetHRForLastWin32Error());
}
return(CAPI.S_OK);
}
internal unsafe X509ExtensionCollection(Cryptography.SafeCertContextHandle safeCertContextHandle)
{
using (Cryptography.SafeCertContextHandle certContext = CAPI.CertDuplicateCertificateContext(safeCertContextHandle)) {
CAPI.CERT_CONTEXT pCertContext = *((CAPI.CERT_CONTEXT *)certContext.DangerousGetHandle());
CAPI.CERT_INFO pCertInfo = (CAPI.CERT_INFO)Marshal.PtrToStructure(pCertContext.pCertInfo, typeof(CAPI.CERT_INFO));
uint cExtensions = pCertInfo.cExtension;
IntPtr rgExtensions = pCertInfo.rgExtension;
for (uint index = 0; index < cExtensions; index++)
{
X509Extension extension = new X509Extension(new IntPtr((long)rgExtensions + (index * Marshal.SizeOf(typeof(CAPI.CERT_EXTENSION)))));
X509Extension customExtension = CryptoConfig.CreateFromName(extension.Oid.Value) as X509Extension;
if (customExtension != null)
{
customExtension.CopyFrom(extension);
extension = customExtension;
}
Add(extension);
}
}
}
private static void RemoveCertificateFromStore(Cryptography.SafeCertStoreHandle safeCertStoreHandle, Cryptography.SafeCertContextHandle safeCertContext)
{
if (safeCertContext == null || safeCertContext.IsInvalid)
{
return;
}
if (safeCertStoreHandle == null || safeCertStoreHandle.IsInvalid || safeCertStoreHandle.IsClosed)
{
throw new CryptographicException(SR.GetString(SR.Cryptography_X509_StoreNotOpen));
}
// Find the certificate in the store.
Cryptography.SafeCertContextHandle safeCertContext2 = CAPI.CertFindCertificateInStore(safeCertStoreHandle,
CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING,
0,
CAPI.CERT_FIND_EXISTING,
safeCertContext.DangerousGetHandle(),
Cryptography.SafeCertContextHandle.InvalidHandle);
// The certificate is not present in the store, simply return.
if (safeCertContext2 == null || safeCertContext2.IsInvalid)
{
return;
}
// CertDeleteCertificateFromStore always releases the context regardless of success
// or failure so we don't need to manually release it
GC.SuppressFinalize(safeCertContext2);
// Remove from the store.
if (!CAPI.CertDeleteCertificateFromStore(safeCertContext2))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
protected X509Certificate2(SerializationInfo info, StreamingContext context) : base(info, context) {
m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle);
}
public X509Certificate2 (X509Certificate certificate) : base(certificate) {
m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle);
}
public X509Certificate2 (IntPtr handle) : base (handle) {
m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle);
}
public X509Certificate2 (string fileName, SecureString password, X509KeyStorageFlags keyStorageFlags) : base (fileName, password, keyStorageFlags) {
m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle);
}
public X509Certificate2 (string fileName, SecureString password) : base (fileName, password) {
m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle);
}
public override void Import(byte[] rawData) {
Reset();
base.Import(rawData);
m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle);
}
public X509Certificate2 (byte[] rawData, SecureString password, X509KeyStorageFlags keyStorageFlags) : base (rawData, password, keyStorageFlags) {
m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle);
}
public X509Certificate2 (byte[] rawData, SecureString password) : base (rawData, password) {
m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle);
}
public X509Certificate2 (byte[] rawData) : base (rawData) {
m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle);
}
public override void Reset () {
m_version = 0;
m_notBefore = DateTime.MinValue;
m_notAfter = DateTime.MinValue;
m_privateKey = null;
m_publicKey = null;
m_extensions = null;
m_signatureAlgorithm = null;
m_subjectName = null;
m_issuerName = null;
if (!m_safeCertContext.IsInvalid) {
// Free the current certificate handle
m_safeCertContext.Dispose();
m_safeCertContext = Cryptography.SafeCertContextHandle.InvalidHandle;
}
base.Reset();
}
public override void Import(string fileName, SecureString password, X509KeyStorageFlags keyStorageFlags) {
Reset();
base.Import(fileName, password, keyStorageFlags);
m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle);
}
public override void Import(string fileName) {
Reset();
base.Import(fileName);
m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle);
}
public override void Import(byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags) {
Reset();
base.Import(rawData, password, keyStorageFlags);
m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle);
}
public X509Certificate2 (string fileName) : base (fileName) {
m_safeCertContext = CAPI.CertDuplicateCertificateContext(this.Handle);
}
internal static unsafe int BuildChain(IntPtr hChainEngine,
Cryptography.SafeCertContextHandle pCertContext,
X509Certificate2Collection extraStore,
OidCollection applicationPolicy,
OidCollection certificatePolicy,
X509RevocationMode revocationMode,
X509RevocationFlag revocationFlag,
DateTime verificationTime,
TimeSpan timeout,
ref SafeX509ChainHandle ppChainContext)
{
if (pCertContext == null || pCertContext.IsInvalid)
{
throw new ArgumentException(SR.GetString(SR.Cryptography_InvalidContextHandle), "pCertContext");
}
Cryptography.SafeCertStoreHandle hCertStore = Cryptography.SafeCertStoreHandle.InvalidHandle;
if (extraStore != null && extraStore.Count > 0)
{
hCertStore = X509Utils.ExportToMemoryStore(extraStore);
}
CAPI.CERT_CHAIN_PARA ChainPara = new CAPI.CERT_CHAIN_PARA();
// Initialize the structure size.
ChainPara.cbSize = (uint)Marshal.SizeOf(ChainPara);
Cryptography.SafeLocalAllocHandle applicationPolicyHandle = Cryptography.SafeLocalAllocHandle.InvalidHandle;
Cryptography.SafeLocalAllocHandle certificatePolicyHandle = Cryptography.SafeLocalAllocHandle.InvalidHandle;
try {
// Application policy
if (applicationPolicy != null && applicationPolicy.Count > 0)
{
ChainPara.RequestedUsage.dwType = CAPI.USAGE_MATCH_TYPE_AND;
ChainPara.RequestedUsage.Usage.cUsageIdentifier = (uint)applicationPolicy.Count;
applicationPolicyHandle = X509Utils.CopyOidsToUnmanagedMemory(applicationPolicy);
ChainPara.RequestedUsage.Usage.rgpszUsageIdentifier = applicationPolicyHandle.DangerousGetHandle();
}
// Certificate policy
if (certificatePolicy != null && certificatePolicy.Count > 0)
{
ChainPara.RequestedIssuancePolicy.dwType = CAPI.USAGE_MATCH_TYPE_AND;
ChainPara.RequestedIssuancePolicy.Usage.cUsageIdentifier = (uint)certificatePolicy.Count;
certificatePolicyHandle = X509Utils.CopyOidsToUnmanagedMemory(certificatePolicy);
ChainPara.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = certificatePolicyHandle.DangerousGetHandle();
}
ChainPara.dwUrlRetrievalTimeout = (uint)Math.Floor(timeout.TotalMilliseconds);
_FILETIME ft = new _FILETIME();
*((long *)&ft) = verificationTime.ToFileTime();
uint flags = X509Utils.MapRevocationFlags(revocationMode, revocationFlag);
// Build the chain.
if (!CAPI.CertGetCertificateChain(hChainEngine,
pCertContext,
ref ft,
hCertStore,
ref ChainPara,
flags,
IntPtr.Zero,
ref ppChainContext))
{
return(Marshal.GetHRForLastWin32Error());
}
}
finally {
applicationPolicyHandle.Dispose();
certificatePolicyHandle.Dispose();
}
return(CAPI.S_OK);
}
