private static SafeChainEngineHandle GetChainEngine(
X509ChainTrustMode trustMode,
X509Certificate2Collection?customTrustStore,
bool useMachineContext)
{
SafeChainEngineHandle chainEngineHandle;
if (trustMode == X509ChainTrustMode.CustomRootTrust)
{
// Need to get a valid SafeCertStoreHandle otherwise the default stores will be trusted
using (SafeCertStoreHandle customTrustStoreHandle = ConvertStoreToSafeHandle(customTrustStore, true))
{
Interop.Crypt32.CERT_CHAIN_ENGINE_CONFIG customChainEngine = default;
customChainEngine.cbSize = Marshal.SizeOf <Interop.Crypt32.CERT_CHAIN_ENGINE_CONFIG>();
customChainEngine.hExclusiveRoot = customTrustStoreHandle.DangerousGetHandle();
chainEngineHandle = Interop.crypt32.CertCreateCertificateChainEngine(ref customChainEngine);
}
}
else
{
chainEngineHandle = useMachineContext ? SafeChainEngineHandle.MachineChainEngine : SafeChainEngineHandle.UserChainEngine;
}
return(chainEngineHandle);
}
internal static SafeChainEngineHandle CertCreateCertificateChainEngine(ref Interop.Crypt32.CERT_CHAIN_ENGINE_CONFIG config)
{
if (!Interop.Crypt32.CertCreateCertificateChainEngine(ref config, out SafeChainEngineHandle chainEngineHandle))
{
int errorCode = Marshal.GetLastWin32Error();
throw errorCode.ToCryptographicException();
}
return(chainEngineHandle);
}
internal static SafeChainEngineHandle CertCreateCertificateChainEngine(ref Interop.Crypt32.CERT_CHAIN_ENGINE_CONFIG config)
{
if (!Interop.Crypt32.CertCreateCertificateChainEngine(ref config, out SafeChainEngineHandle chainEngineHandle))
{
Exception e = Marshal.GetLastPInvokeError().ToCryptographicException();
chainEngineHandle.Dispose();
throw e;
}
return(chainEngineHandle);
}
