/// <summary> /// 安装资源文件中的证书 /// </summary> public static string InstallCertificateFromResource(StoreName sn, byte[] certificatefile) { try { StorePermission sp = new StorePermission(StorePermissionFlags.AllFlags); sp.Demand(); X509Certificate2 certificate = new X509Certificate2(certificatefile); if (TryGetCertificate(sn, certificatefile) == null) { X509Store AuthRoot = new X509Store(sn, StoreLocation.LocalMachine); AuthRoot.Open(OpenFlags.ReadWrite); //AuthRoot.Remove(certificate); AuthRoot.Add(certificate); AuthRoot.Close(); } return string.Empty; } catch(Exception ex) { return ex.Message; } }
bool CertSaveStore( [In] SafeCertStoreHandle hCertStore, [In] uint dwMsgAndCertEncodingType, [In] uint dwSaveAs, [In] uint dwSaveTo, [In,Out] IntPtr pvSaveToPara, [In] uint dwFlags) { if (hCertStore == null) throw new ArgumentNullException("hCertStore"); if (hCertStore.IsInvalid) throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "hCertStore"); #if !FEATURE_CORESYSTEM StorePermission sp = new StorePermission(StorePermissionFlags.EnumerateCertificates); sp.Demand(); #endif if (dwSaveTo == CERT_STORE_SAVE_TO_FILENAME_A || dwSaveTo == CERT_STORE_SAVE_TO_FILENAME_W) throw new ArgumentException(SR.GetString(SR.Security_InvalidValue), "pvSaveToPara"); return CAPIMethods.CertSaveStore(hCertStore, dwMsgAndCertEncodingType, dwSaveAs, dwSaveTo, pvSaveToPara, dwFlags); }
SafeCertStoreHandle CertOpenStore( [In] IntPtr lpszStoreProvider, [In] uint dwMsgAndCertEncodingType, [In] IntPtr hCryptProv, [In] uint dwFlags, [In] string pvPara) { if (lpszStoreProvider != new IntPtr(CERT_STORE_PROV_MEMORY) && lpszStoreProvider != new IntPtr(CERT_STORE_PROV_SYSTEM)) throw new ArgumentException(SR.GetString(SR.Security_InvalidValue), "lpszStoreProvider"); #if !FEATURE_CORESYSTEM if ((dwFlags & CERT_SYSTEM_STORE_LOCAL_MACHINE) == CERT_SYSTEM_STORE_LOCAL_MACHINE || (dwFlags & CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY) == CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY || (dwFlags & CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE) == CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE) { // We do not allow opening remote local machine stores if in semi-trusted environment. if (pvPara != null && pvPara.StartsWith(@"\\", StringComparison.Ordinal)) new PermissionSet(PermissionState.Unrestricted).Demand(); } if ((dwFlags & CERT_STORE_DELETE_FLAG) == CERT_STORE_DELETE_FLAG) { StorePermission sp = new StorePermission(StorePermissionFlags.DeleteStore); sp.Demand(); } else { StorePermission sp = new StorePermission(StorePermissionFlags.OpenStore); sp.Demand(); } if ((dwFlags & CERT_STORE_CREATE_NEW_FLAG) == CERT_STORE_CREATE_NEW_FLAG) { StorePermission sp = new StorePermission(StorePermissionFlags.CreateStore); sp.Demand(); } if ((dwFlags & CERT_STORE_OPEN_EXISTING_FLAG) == 0) { StorePermission sp = new StorePermission(StorePermissionFlags.CreateStore); sp.Demand(); } #endif return CAPIMethods.CertOpenStore(lpszStoreProvider, dwMsgAndCertEncodingType, hCryptProv, dwFlags | CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, pvPara); }
bool CertDeleteCertificateFromStore ( [In] SafeCertContextHandle pCertContext) { if (pCertContext == null) throw new ArgumentNullException("pCertContext"); if (pCertContext.IsInvalid) throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "pCertContext"); #if !FEATURE_CORESYSTEM StorePermission sp = new StorePermission(StorePermissionFlags.RemoveFromStore); sp.Demand(); #endif return CAPIMethods.CertDeleteCertificateFromStore(pCertContext); }
bool CertAddCertificateLinkToStore ( [In] SafeCertStoreHandle hCertStore, [In] SafeCertContextHandle pCertContext, [In] uint dwAddDisposition, [In,Out] SafeCertContextHandle ppStoreContext) { if (hCertStore == null) throw new ArgumentNullException("hCertStore"); if (hCertStore.IsInvalid) throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "hCertStore"); if (pCertContext == null) throw new ArgumentNullException("pCertContext"); if (pCertContext.IsInvalid) throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "pCertContext"); #if !FEATURE_CORESYSTEM StorePermission sp = new StorePermission(StorePermissionFlags.AddToStore); sp.Demand(); #endif return CAPIMethods.CertAddCertificateLinkToStore(hCertStore, pCertContext, dwAddDisposition, ppStoreContext); }
SafeCertContextHandle CertEnumCertificatesInStore ( [In] SafeCertStoreHandle hCertStore, [In] SafeCertContextHandle pPrevCertContext) { if (hCertStore == null) throw new ArgumentNullException("hCertStore"); if (hCertStore.IsInvalid) throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "hCertStore"); #if !FEATURE_CORESYSTEM if (pPrevCertContext.IsInvalid) { StorePermission sp = new StorePermission(StorePermissionFlags.EnumerateCertificates); sp.Demand(); } #endif SafeCertContextHandle safeCertContextHandle = CAPIMethods.CertEnumCertificatesInStore(hCertStore, pPrevCertContext); if (safeCertContextHandle == null || safeCertContextHandle.IsInvalid) { int dwErrorCode = Marshal.GetLastWin32Error(); if (dwErrorCode != CRYPT_E_NOT_FOUND) throw new CryptographicException(Marshal.GetLastWin32Error()); } return safeCertContextHandle; }
public bool Build (X509Certificate2 certificate) { lock (m_syncRoot) { if (certificate == null || certificate.CertContext.IsInvalid) throw new ArgumentException(SR.GetString(SR.Cryptography_InvalidContextHandle), "certificate"); // Chain building opens and enumerates the root store to see if the root of the chain is trusted. StorePermission sp = new StorePermission(StorePermissionFlags.OpenStore | StorePermissionFlags.EnumerateCertificates); sp.Demand(); X509ChainPolicy chainPolicy = this.ChainPolicy; if (chainPolicy.RevocationMode == X509RevocationMode.Online) { if (certificate.Extensions[CAPI.szOID_CRL_DIST_POINTS] != null || certificate.Extensions[CAPI.szOID_AUTHORITY_INFO_ACCESS] != null) { // If there is a CDP or AIA extension, we demand unrestricted network access and store add permission // since CAPI can download certificates into the CA store from the network. PermissionSet ps = new PermissionSet(PermissionState.None); ps.AddPermission(new WebPermission(PermissionState.Unrestricted)); ps.AddPermission(new StorePermission(StorePermissionFlags.AddToStore)); ps.Demand(); } } Reset(); int hr = BuildChain(m_useMachineContext ? new IntPtr(CAPI.HCCE_LOCAL_MACHINE) : new IntPtr(CAPI.HCCE_CURRENT_USER), certificate.CertContext, chainPolicy.ExtraStore, chainPolicy.ApplicationPolicy, chainPolicy.CertificatePolicy, chainPolicy.RevocationMode, chainPolicy.RevocationFlag, chainPolicy.VerificationTime, chainPolicy.UrlRetrievalTimeout, ref m_safeCertChainHandle); if (hr != CAPI.S_OK) return false; // Init. Init(); // Verify the chain using the specified policy. CAPI.CERT_CHAIN_POLICY_PARA PolicyPara = new CAPI.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_POLICY_PARA))); CAPI.CERT_CHAIN_POLICY_STATUS PolicyStatus = new CAPI.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_POLICY_STATUS))); PolicyPara.dwFlags = (uint) chainPolicy.VerificationFlags; if (!CAPI.CertVerifyCertificateChainPolicy(new IntPtr(CAPI.CERT_CHAIN_POLICY_BASE), m_safeCertChainHandle, ref PolicyPara, ref PolicyStatus)) // The API failed. throw new CryptographicException(Marshal.GetLastWin32Error()); CAPI.SetLastError(PolicyStatus.dwError); return (PolicyStatus.dwError == 0); } }
IntPtr CertEnumCertificatesInStore ( [In] SafeCertStoreHandle hCertStore, [In] IntPtr pPrevCertContext) { if (hCertStore == null) throw new ArgumentNullException("hCertStore"); if (hCertStore.IsInvalid) throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "hCertStore"); if (pPrevCertContext == IntPtr.Zero) { StorePermission sp = new StorePermission(StorePermissionFlags.EnumerateCertificates); sp.Demand(); } IntPtr handle = CAPIMethods.CertEnumCertificatesInStore(hCertStore, pPrevCertContext); if (handle == IntPtr.Zero) { int dwErrorCode = Marshal.GetLastWin32Error(); if (dwErrorCode != CRYPT_E_NOT_FOUND) { CAPIMethods.CertFreeCertificateContext(handle); throw new CryptographicException(dwErrorCode); } } return handle; }
internal static bool CertAddCertificateLinkToStore ( [In] SafeCertStoreHandle hCertStore, [In] SafeCertContextHandle pCertContext, [In] uint dwAddDisposition, [In,Out] SafeCertContextHandle ppStoreContext) { if (hCertStore == null) throw new ArgumentNullException("hCertStore"); if (hCertStore.IsInvalid) throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_InvalidHandle"), "hCertStore"); if (pCertContext == null) throw new ArgumentNullException("pCertContext"); if (pCertContext.IsInvalid) throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_InvalidHandle"), "pCertContext"); StorePermission sp = new StorePermission(StorePermissionFlags.AddToStore); sp.Demand(); return CAPIUnsafe.CertAddCertificateLinkToStore(hCertStore, pCertContext, dwAddDisposition, ppStoreContext); }