/// <summary>
/// 安装资源文件中的证书
/// </summary>
public static string InstallCertificateFromResource(StoreName sn, byte[] certificatefile)
{
try
{
StorePermission sp = new StorePermission(StorePermissionFlags.AllFlags);
sp.Demand();
X509Certificate2 certificate = new X509Certificate2(certificatefile);
if (TryGetCertificate(sn, certificatefile) == null)
{
X509Store AuthRoot = new X509Store(sn, StoreLocation.LocalMachine);
AuthRoot.Open(OpenFlags.ReadWrite);
//AuthRoot.Remove(certificate);
AuthRoot.Add(certificate);
AuthRoot.Close();
}
return string.Empty;
}
catch(Exception ex)
{
return ex.Message;
}
}
bool CertSaveStore(
[In] SafeCertStoreHandle hCertStore,
[In] uint dwMsgAndCertEncodingType,
[In] uint dwSaveAs,
[In] uint dwSaveTo,
[In,Out] IntPtr pvSaveToPara,
[In] uint dwFlags) {
if (hCertStore == null)
throw new ArgumentNullException("hCertStore");
if (hCertStore.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "hCertStore");
#if !FEATURE_CORESYSTEM
StorePermission sp = new StorePermission(StorePermissionFlags.EnumerateCertificates);
sp.Demand();
#endif
if (dwSaveTo == CERT_STORE_SAVE_TO_FILENAME_A || dwSaveTo == CERT_STORE_SAVE_TO_FILENAME_W)
throw new ArgumentException(SR.GetString(SR.Security_InvalidValue), "pvSaveToPara");
return CAPIMethods.CertSaveStore(hCertStore,
dwMsgAndCertEncodingType,
dwSaveAs,
dwSaveTo,
pvSaveToPara,
dwFlags);
}
SafeCertStoreHandle CertOpenStore(
[In] IntPtr lpszStoreProvider,
[In] uint dwMsgAndCertEncodingType,
[In] IntPtr hCryptProv,
[In] uint dwFlags,
[In] string pvPara) {
if (lpszStoreProvider != new IntPtr(CERT_STORE_PROV_MEMORY) && lpszStoreProvider != new IntPtr(CERT_STORE_PROV_SYSTEM))
throw new ArgumentException(SR.GetString(SR.Security_InvalidValue), "lpszStoreProvider");
#if !FEATURE_CORESYSTEM
if ((dwFlags & CERT_SYSTEM_STORE_LOCAL_MACHINE) == CERT_SYSTEM_STORE_LOCAL_MACHINE ||
(dwFlags & CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY) == CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY ||
(dwFlags & CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE) == CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE) {
// We do not allow opening remote local machine stores if in semi-trusted environment.
if (pvPara != null && pvPara.StartsWith(@"\\", StringComparison.Ordinal))
new PermissionSet(PermissionState.Unrestricted).Demand();
}
if ((dwFlags & CERT_STORE_DELETE_FLAG) == CERT_STORE_DELETE_FLAG) {
StorePermission sp = new StorePermission(StorePermissionFlags.DeleteStore);
sp.Demand();
} else {
StorePermission sp = new StorePermission(StorePermissionFlags.OpenStore);
sp.Demand();
}
if ((dwFlags & CERT_STORE_CREATE_NEW_FLAG) == CERT_STORE_CREATE_NEW_FLAG) {
StorePermission sp = new StorePermission(StorePermissionFlags.CreateStore);
sp.Demand();
}
if ((dwFlags & CERT_STORE_OPEN_EXISTING_FLAG) == 0) {
StorePermission sp = new StorePermission(StorePermissionFlags.CreateStore);
sp.Demand();
}
#endif
return CAPIMethods.CertOpenStore(lpszStoreProvider,
dwMsgAndCertEncodingType,
hCryptProv,
dwFlags | CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG,
pvPara);
}
bool CertDeleteCertificateFromStore (
[In] SafeCertContextHandle pCertContext) {
if (pCertContext == null)
throw new ArgumentNullException("pCertContext");
if (pCertContext.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "pCertContext");
#if !FEATURE_CORESYSTEM
StorePermission sp = new StorePermission(StorePermissionFlags.RemoveFromStore);
sp.Demand();
#endif
return CAPIMethods.CertDeleteCertificateFromStore(pCertContext);
}
bool CertAddCertificateLinkToStore (
[In] SafeCertStoreHandle hCertStore,
[In] SafeCertContextHandle pCertContext,
[In] uint dwAddDisposition,
[In,Out] SafeCertContextHandle ppStoreContext) {
if (hCertStore == null)
throw new ArgumentNullException("hCertStore");
if (hCertStore.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "hCertStore");
if (pCertContext == null)
throw new ArgumentNullException("pCertContext");
if (pCertContext.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "pCertContext");
#if !FEATURE_CORESYSTEM
StorePermission sp = new StorePermission(StorePermissionFlags.AddToStore);
sp.Demand();
#endif
return CAPIMethods.CertAddCertificateLinkToStore(hCertStore,
pCertContext,
dwAddDisposition,
ppStoreContext);
}
SafeCertContextHandle CertEnumCertificatesInStore (
[In] SafeCertStoreHandle hCertStore,
[In] SafeCertContextHandle pPrevCertContext) {
if (hCertStore == null)
throw new ArgumentNullException("hCertStore");
if (hCertStore.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "hCertStore");
#if !FEATURE_CORESYSTEM
if (pPrevCertContext.IsInvalid) {
StorePermission sp = new StorePermission(StorePermissionFlags.EnumerateCertificates);
sp.Demand();
}
#endif
SafeCertContextHandle safeCertContextHandle = CAPIMethods.CertEnumCertificatesInStore(hCertStore, pPrevCertContext);
if (safeCertContextHandle == null || safeCertContextHandle.IsInvalid) {
int dwErrorCode = Marshal.GetLastWin32Error();
if (dwErrorCode != CRYPT_E_NOT_FOUND)
throw new CryptographicException(Marshal.GetLastWin32Error());
}
return safeCertContextHandle;
}
public bool Build (X509Certificate2 certificate) {
lock (m_syncRoot) {
if (certificate == null || certificate.CertContext.IsInvalid)
throw new ArgumentException(SR.GetString(SR.Cryptography_InvalidContextHandle), "certificate");
// Chain building opens and enumerates the root store to see if the root of the chain is trusted.
StorePermission sp = new StorePermission(StorePermissionFlags.OpenStore | StorePermissionFlags.EnumerateCertificates);
sp.Demand();
X509ChainPolicy chainPolicy = this.ChainPolicy;
if (chainPolicy.RevocationMode == X509RevocationMode.Online) {
if (certificate.Extensions[CAPI.szOID_CRL_DIST_POINTS] != null ||
certificate.Extensions[CAPI.szOID_AUTHORITY_INFO_ACCESS] != null) {
// If there is a CDP or AIA extension, we demand unrestricted network access and store add permission
// since CAPI can download certificates into the CA store from the network.
PermissionSet ps = new PermissionSet(PermissionState.None);
ps.AddPermission(new WebPermission(PermissionState.Unrestricted));
ps.AddPermission(new StorePermission(StorePermissionFlags.AddToStore));
ps.Demand();
}
}
Reset();
int hr = BuildChain(m_useMachineContext ? new IntPtr(CAPI.HCCE_LOCAL_MACHINE) : new IntPtr(CAPI.HCCE_CURRENT_USER),
certificate.CertContext,
chainPolicy.ExtraStore,
chainPolicy.ApplicationPolicy,
chainPolicy.CertificatePolicy,
chainPolicy.RevocationMode,
chainPolicy.RevocationFlag,
chainPolicy.VerificationTime,
chainPolicy.UrlRetrievalTimeout,
ref m_safeCertChainHandle);
if (hr != CAPI.S_OK)
return false;
// Init.
Init();
// Verify the chain using the specified policy.
CAPI.CERT_CHAIN_POLICY_PARA PolicyPara = new CAPI.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_POLICY_PARA)));
CAPI.CERT_CHAIN_POLICY_STATUS PolicyStatus = new CAPI.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_POLICY_STATUS)));
PolicyPara.dwFlags = (uint) chainPolicy.VerificationFlags;
if (!CAPI.CertVerifyCertificateChainPolicy(new IntPtr(CAPI.CERT_CHAIN_POLICY_BASE),
m_safeCertChainHandle,
ref PolicyPara,
ref PolicyStatus))
// The API failed.
throw new CryptographicException(Marshal.GetLastWin32Error());
CAPI.SetLastError(PolicyStatus.dwError);
return (PolicyStatus.dwError == 0);
}
}
IntPtr CertEnumCertificatesInStore (
[In] SafeCertStoreHandle hCertStore,
[In] IntPtr pPrevCertContext) {
if (hCertStore == null)
throw new ArgumentNullException("hCertStore");
if (hCertStore.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "hCertStore");
if (pPrevCertContext == IntPtr.Zero) {
StorePermission sp = new StorePermission(StorePermissionFlags.EnumerateCertificates);
sp.Demand();
}
IntPtr handle = CAPIMethods.CertEnumCertificatesInStore(hCertStore, pPrevCertContext);
if (handle == IntPtr.Zero) {
int dwErrorCode = Marshal.GetLastWin32Error();
if (dwErrorCode != CRYPT_E_NOT_FOUND) {
CAPIMethods.CertFreeCertificateContext(handle);
throw new CryptographicException(dwErrorCode);
}
}
return handle;
}
internal static bool CertAddCertificateLinkToStore (
[In] SafeCertStoreHandle hCertStore,
[In] SafeCertContextHandle pCertContext,
[In] uint dwAddDisposition,
[In,Out] SafeCertContextHandle ppStoreContext) {
if (hCertStore == null)
throw new ArgumentNullException("hCertStore");
if (hCertStore.IsInvalid)
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_InvalidHandle"), "hCertStore");
if (pCertContext == null)
throw new ArgumentNullException("pCertContext");
if (pCertContext.IsInvalid)
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_InvalidHandle"), "pCertContext");
StorePermission sp = new StorePermission(StorePermissionFlags.AddToStore);
sp.Demand();
return CAPIUnsafe.CertAddCertificateLinkToStore(hCertStore,
pCertContext,
dwAddDisposition,
ppStoreContext);
}
