|
public static FromHandle ( |
||
| handle | ||
| return | ICertificatePal | |
private static bool VerifyCertificateIgnoringErrors(SafeCertContextHandle pCertContext)
{
ChainPal chainPal = ChainPal.BuildChain(
true,
CertificatePal.FromHandle(pCertContext.DangerousGetHandle()),
null, //extraStore
null, //applicationPolicy
null, //certificatePolicy
X509RevocationMode.NoCheck,
X509RevocationFlag.ExcludeRoot,
DateTime.Now,
new TimeSpan(0, 0, 0));
if (chainPal == null)
{
return(false);
}
using (chainPal)
{
Exception verificationException;
bool? verified = chainPal.Verify(X509VerificationFlags.NoFlag, out verificationException);
if (!(verified.HasValue && verified.Value))
{
return(false);
}
}
return(true);
}
private static bool VerifyCertificateIgnoringErrors(SafeCertContextHandle pCertContext)
{
// This needs to be kept in sync with IsCertValid in the
// Unix/OpenSSL PAL version (and potentially any other PALs that come about)
ChainPal?chainPal = ChainPal.BuildChain(
false,
CertificatePal.FromHandle(pCertContext.DangerousGetHandle()),
null, //extraStore
null, //applicationPolicy
null, //certificatePolicy
X509RevocationMode.NoCheck,
X509RevocationFlag.ExcludeRoot,
null,
X509ChainTrustMode.System,
DateTime.Now,
new TimeSpan(0, 0, 0));
if (chainPal == null)
{
return(false);
}
using (chainPal)
{
Exception?verificationException;
bool? verified = chainPal.Verify(X509VerificationFlags.NoFlag, out verificationException);
if (!verified.GetValueOrDefault())
{
return(false);
}
}
return(true);
}
public void MoveTo(X509Certificate2Collection collection)
{
long longCount = Interop.CoreFoundation.CFArrayGetCount(_collectionHandle);
if (longCount > int.MaxValue)
{
throw new CryptographicException();
}
int count = (int)longCount;
// Apple returns things in the opposite order from Windows, so read backwards.
for (int i = count - 1; i >= 0; i--)
{
IntPtr handle = Interop.CoreFoundation.CFArrayGetValueAtIndex(_collectionHandle, i);
if (handle != IntPtr.Zero)
{
ICertificatePal?certPal = CertificatePal.FromHandle(handle, throwOnFail: false);
if (certPal != null)
{
X509Certificate2 cert = new X509Certificate2(certPal);
collection.Add(cert);
}
}
}
}
private static bool TryReadPkcs7(
SafePkcs7Handle pkcs7,
bool single,
out ICertificatePal?certPal,
[NotNullWhen(true)] out List <ICertificatePal> certPals)
{
List <ICertificatePal>?readPals = single ? null : new List <ICertificatePal>();
using (SafeSharedX509StackHandle certs = Interop.Crypto.GetPkcs7Certificates(pkcs7))
{
int count = Interop.Crypto.GetX509StackFieldCount(certs);
if (single)
{
// In single mode for a PKCS#7 signed or signed-and-enveloped file we're supposed to return
// the certificate which signed the PKCS#7 file.
//
// X509Certificate2Collection::Export(X509ContentType.Pkcs7) claims to be a signed PKCS#7,
// but doesn't emit a signature block. So this is hard to test.
//
// TODO(2910): Figure out how to extract the signing certificate, when it's present.
throw new CryptographicException(SR.Cryptography_X509_PKCS7_NoSigner);
}
Debug.Assert(readPals != null); // null if single == true
for (int i = 0; i < count; i++)
{
// Use FromHandle to duplicate the handle since it would otherwise be freed when the PKCS7
// is Disposed.
IntPtr certHandle = Interop.Crypto.GetX509StackField(certs, i);
ICertificatePal pal = CertificatePal.FromHandle(certHandle);
readPals.Add(pal);
}
}
certPal = null;
certPals = readPals;
return(true);
}
public static ILoaderPal FromBlob(ReadOnlySpan <byte> rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
{
List <ICertificatePal>?certificateList = null;
AppleCertificatePal.TryDecodePem(
rawData,
(derData, contentType) =>
{
certificateList = certificateList ?? new List <ICertificatePal>();
certificateList.Add(AppleCertificatePal.FromDerBlob(derData, contentType, password, keyStorageFlags));
return(true);
});
if (certificateList != null)
{
return(new CertCollectionLoader(certificateList));
}
X509ContentType contentType = AppleCertificatePal.GetDerCertContentType(rawData);
if (contentType == X509ContentType.Pkcs7)
{
throw new CryptographicException(
SR.Cryptography_X509_PKCS7_Unsupported,
new PlatformNotSupportedException(SR.Cryptography_X509_PKCS7_Unsupported));
}
if (contentType == X509ContentType.Pkcs12)
{
ApplePkcs12Reader reader = new ApplePkcs12Reader(rawData);
try
{
reader.Decrypt(password);
return(new ApplePkcs12CertLoader(reader, password));
}
catch
{
reader.Dispose();
throw;
}
}
SafeCFArrayHandle certs = Interop.AppleCrypto.X509ImportCollection(
rawData,
contentType,
password);
using (certs)
{
long longCount = Interop.CoreFoundation.CFArrayGetCount(certs);
if (longCount > int.MaxValue)
{
throw new CryptographicException();
}
int count = (int)longCount;
// Apple returns things in the opposite order from Windows, so read backwards.
certificateList = new List <ICertificatePal>(count);
for (int i = count - 1; i >= 0; i--)
{
IntPtr handle = Interop.CoreFoundation.CFArrayGetValueAtIndex(certs, i);
if (handle != IntPtr.Zero)
{
ICertificatePal?certPal = CertificatePal.FromHandle(handle, throwOnFail: false);
if (certPal != null)
{
certificateList.Add(certPal);
}
}
}
}
return(new CertCollectionLoader(certificateList));
}