public void Remove(ICertificatePal certPal) { if (!Directory.Exists(_storePath)) { return; } OpenSslX509CertificateReader cert = (OpenSslX509CertificateReader)certPal; using (X509Certificate2 copy = new X509Certificate2(cert.DuplicateHandles())) { string?currentFilename; do { bool hadCandidates; currentFilename = FindExistingFilename(copy, _storePath, out hadCandidates); if (currentFilename != null) { if (_readOnly) { // Windows compatibility, the readonly check isn't done until after a match is found. throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly); } File.Delete(currentFilename); ChainPal.FlushStores(); } } while (currentFilename != null); } }
internal bool Build(X509Certificate2 certificate, bool throwOnException) { lock (_syncRoot) { if (certificate == null || certificate.Pal == null) { throw new ArgumentException(SR.Cryptography_InvalidContextHandle, nameof(certificate)); } Reset(); X509ChainPolicy chainPolicy = ChainPolicy; _pal = ChainPal.BuildChain( _useMachineContext, certificate.Pal, chainPolicy.ExtraStore, chainPolicy.ApplicationPolicy, chainPolicy.CertificatePolicy, chainPolicy.RevocationMode, chainPolicy.RevocationFlag, chainPolicy.VerificationTime, chainPolicy.UrlRetrievalTimeout ); if (_pal == null) { return(false); } _chainElements = new X509ChainElementCollection(_pal.ChainElements); Exception verificationException; bool? verified = _pal.Verify(chainPolicy.VerificationFlags, out verificationException); if (!verified.HasValue) { if (throwOnException) { throw verificationException; } else { verified = false; } } return(verified.Value); } }
internal static partial IChainPal FromHandle(IntPtr chainContext) { if (chainContext == IntPtr.Zero) { throw new ArgumentNullException(nameof(chainContext)); } SafeX509ChainHandle certChainHandle = Interop.Crypt32.CertDuplicateCertificateChain(chainContext); if (certChainHandle == null || certChainHandle.IsInvalid) { throw new CryptographicException(SR.Cryptography_InvalidContextHandle, nameof(chainContext)); } var pal = new ChainPal(certChainHandle); return(pal); }
public void Add(ICertificatePal certPal) { if (_readOnly) { // Windows compatibility: Remove only throws when it needs to do work, add throws always. throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly); } try { AddCertToStore(certPal); ChainPal.FlushStores(); } catch (CryptographicException) { throw; } catch (Exception e) { throw new CryptographicException(SR.Cryptography_X509_StoreAddFailure, e); } }
public X509Chain(IntPtr chainContext) { _pal = ChainPal.FromHandle(chainContext); Debug.Assert(_pal != null); _chainElements = new X509ChainElementCollection(_pal.ChainElements); }
internal bool Build(X509Certificate2 certificate, bool throwOnException) { lock (_syncRoot) { if (certificate == null || certificate.Pal == null) { throw new ArgumentException(SR.Cryptography_InvalidContextHandle, nameof(certificate)); } if (_chainPolicy != null && _chainPolicy.CustomTrustStore != null) { if (_chainPolicy.TrustMode == X509ChainTrustMode.System && _chainPolicy.CustomTrustStore.Count > 0) { throw new CryptographicException(SR.Cryptography_CustomTrustCertsInSystemMode, nameof(_chainPolicy.TrustMode)); } foreach (X509Certificate2 customCertificate in _chainPolicy.CustomTrustStore) { if (customCertificate == null || customCertificate.Handle == IntPtr.Zero) { throw new CryptographicException(SR.Cryptography_InvalidTrustCertificate, nameof(_chainPolicy.CustomTrustStore)); } } } Reset(); X509ChainPolicy chainPolicy = ChainPolicy; _pal = ChainPal.BuildChain( _useMachineContext, certificate.Pal, chainPolicy._extraStore, chainPolicy._applicationPolicy, chainPolicy._certificatePolicy, chainPolicy.RevocationMode, chainPolicy.RevocationFlag, chainPolicy.CustomTrustStore, chainPolicy.TrustMode, chainPolicy.VerificationTime, chainPolicy.UrlRetrievalTimeout ); if (_pal == null) { return(false); } _chainElements = new X509ChainElementCollection(_pal.ChainElements); Exception verificationException; bool? verified = _pal.Verify(chainPolicy.VerificationFlags, out verificationException); if (!verified.HasValue) { if (throwOnException) { throw verificationException; } else { verified = false; } } return(verified.Value); } }