Пример #1
0
 /// <summary>
 ///     Get a property of a certificate formatted as a structure
 /// </summary>
 public static T GetCertificateProperty <T>(this SafeCertContextHandle certificateContext,
                                            WindowsX509Native.CertificateProperty property) where T : struct
 {
     return(CertificatePal.GetCertificateProperty <T>(certificateContext.DangerousGetHandle(), property));
 }
        /// <summary>
        /// Unlike X509Store.Remove() this function also cleans up private-keys
        /// </summary>
        public static void RemoveCertificateFromStore(string thumbprint, StoreLocation storeLocation, string storeName)
        {
            var store = new X509Store(storeName, storeLocation);

            store.Open(OpenFlags.ReadWrite);

            var found = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);

            if (found.Count == 0)
            {
                return;
            }

            var certificate       = found[0];
            var certificateHandle = new SafeCertContextHandle(found[0].Handle, false);

            // If the certificate has a private-key, remove it
            if (certificateHandle.HasPrivateKey())
            {
                var keyProvInfo = certificateHandle.GetCertificateProperty <KeyProviderInfo>(CertificateProperty.KeyProviderInfo);

                // If it is a CNG key
                if (keyProvInfo.dwProvType == 0)
                {
                    try
                    {
                        var key = CertificatePal.GetCngPrivateKey(certificateHandle);
                        CertificatePal.DeleteCngKey(key);
                    }
                    catch (Exception ex)
                    {
                        throw new Exception("Exception while deleting CNG private key", ex);
                    }
                }
                else // CAPI key
                {
                    try
                    {
                        IntPtr providerHandle;
                        var    acquireContextFlags = CryptAcquireContextFlags.Delete | CryptAcquireContextFlags.Silent;
                        if (storeLocation == StoreLocation.LocalMachine)
                        {
                            acquireContextFlags = acquireContextFlags | CryptAcquireContextFlags.MachineKeySet;
                        }

                        var success = Native.CryptAcquireContext(out providerHandle, keyProvInfo.pwszContainerName,
                                                                 keyProvInfo.pwszProvName,
                                                                 keyProvInfo.dwProvType, acquireContextFlags);

                        if (!success)
                        {
                            throw new CryptographicException(Marshal.GetLastWin32Error());
                        }
                    }
                    catch (Exception ex)
                    {
                        // Swallow keyset does not exist
                        if (!(ex is CryptographicException && ex.Message.Contains("Keyset does not exist")))
                        {
                            throw new Exception("Exception while deleting CAPI private key", ex);
                        }
                    }
                }
            }

            store.Remove(certificate);
            store.Close();
        }
Пример #3
0
 public static bool HasProperty(this SafeCertContextHandle certificateContext,
                                WindowsX509Native.CertificateProperty property)
 {
     return(CertificatePal.HasProperty(certificateContext.DangerousGetHandle(), property));
 }