public void Remove(ICertificatePal certPal)
{
if (!Directory.Exists(_storePath))
{
return;
}
OpenSslX509CertificateReader cert = (OpenSslX509CertificateReader)certPal;
using (X509Certificate2 copy = new X509Certificate2(cert.DuplicateHandles()))
{
string?currentFilename;
do
{
bool hadCandidates;
currentFilename = FindExistingFilename(copy, _storePath, out hadCandidates);
if (currentFilename != null)
{
if (_readOnly)
{
// Windows compatibility, the readonly check isn't done until after a match is found.
throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly);
}
File.Delete(currentFilename);
ChainPal.FlushStores();
}
} while (currentFilename != null);
}
}
internal bool Build(X509Certificate2 certificate, bool throwOnException)
{
lock (_syncRoot)
{
if (certificate == null || certificate.Pal == null)
{
throw new ArgumentException(SR.Cryptography_InvalidContextHandle, nameof(certificate));
}
Reset();
X509ChainPolicy chainPolicy = ChainPolicy;
_pal = ChainPal.BuildChain(
_useMachineContext,
certificate.Pal,
chainPolicy.ExtraStore,
chainPolicy.ApplicationPolicy,
chainPolicy.CertificatePolicy,
chainPolicy.RevocationMode,
chainPolicy.RevocationFlag,
chainPolicy.VerificationTime,
chainPolicy.UrlRetrievalTimeout
);
if (_pal == null)
{
return(false);
}
_chainElements = new X509ChainElementCollection(_pal.ChainElements);
Exception verificationException;
bool? verified = _pal.Verify(chainPolicy.VerificationFlags, out verificationException);
if (!verified.HasValue)
{
if (throwOnException)
{
throw verificationException;
}
else
{
verified = false;
}
}
return(verified.Value);
}
}
internal static partial IChainPal FromHandle(IntPtr chainContext)
{
if (chainContext == IntPtr.Zero)
{
throw new ArgumentNullException(nameof(chainContext));
}
SafeX509ChainHandle certChainHandle = Interop.Crypt32.CertDuplicateCertificateChain(chainContext);
if (certChainHandle == null || certChainHandle.IsInvalid)
{
throw new CryptographicException(SR.Cryptography_InvalidContextHandle, nameof(chainContext));
}
var pal = new ChainPal(certChainHandle);
return(pal);
}
public void Add(ICertificatePal certPal)
{
if (_readOnly)
{
// Windows compatibility: Remove only throws when it needs to do work, add throws always.
throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly);
}
try
{
AddCertToStore(certPal);
ChainPal.FlushStores();
}
catch (CryptographicException)
{
throw;
}
catch (Exception e)
{
throw new CryptographicException(SR.Cryptography_X509_StoreAddFailure, e);
}
}
public X509Chain(IntPtr chainContext)
{
_pal = ChainPal.FromHandle(chainContext);
Debug.Assert(_pal != null);
_chainElements = new X509ChainElementCollection(_pal.ChainElements);
}
internal bool Build(X509Certificate2 certificate, bool throwOnException)
{
lock (_syncRoot)
{
if (certificate == null || certificate.Pal == null)
{
throw new ArgumentException(SR.Cryptography_InvalidContextHandle, nameof(certificate));
}
if (_chainPolicy != null && _chainPolicy.CustomTrustStore != null)
{
if (_chainPolicy.TrustMode == X509ChainTrustMode.System && _chainPolicy.CustomTrustStore.Count > 0)
{
throw new CryptographicException(SR.Cryptography_CustomTrustCertsInSystemMode, nameof(_chainPolicy.TrustMode));
}
foreach (X509Certificate2 customCertificate in _chainPolicy.CustomTrustStore)
{
if (customCertificate == null || customCertificate.Handle == IntPtr.Zero)
{
throw new CryptographicException(SR.Cryptography_InvalidTrustCertificate, nameof(_chainPolicy.CustomTrustStore));
}
}
}
Reset();
X509ChainPolicy chainPolicy = ChainPolicy;
_pal = ChainPal.BuildChain(
_useMachineContext,
certificate.Pal,
chainPolicy._extraStore,
chainPolicy._applicationPolicy,
chainPolicy._certificatePolicy,
chainPolicy.RevocationMode,
chainPolicy.RevocationFlag,
chainPolicy.CustomTrustStore,
chainPolicy.TrustMode,
chainPolicy.VerificationTime,
chainPolicy.UrlRetrievalTimeout
);
if (_pal == null)
{
return(false);
}
_chainElements = new X509ChainElementCollection(_pal.ChainElements);
Exception verificationException;
bool? verified = _pal.Verify(chainPolicy.VerificationFlags, out verificationException);
if (!verified.HasValue)
{
if (throwOnException)
{
throw verificationException;
}
else
{
verified = false;
}
}
return(verified.Value);
}
}
