/// <summary>
/// Does not throw on error. Returns null ChainPal instead.
/// </summary>
internal static partial IChainPal?BuildChain(
bool useMachineContext,
ICertificatePal cert,
X509Certificate2Collection?extraStore,
OidCollection?applicationPolicy,
OidCollection?certificatePolicy,
X509RevocationMode revocationMode,
X509RevocationFlag revocationFlag,
X509Certificate2Collection?customTrustStore,
X509ChainTrustMode trustMode,
DateTime verificationTime,
TimeSpan timeout,
bool disableAia)
{
CertificatePal certificatePal = (CertificatePal)cert;
unsafe
{
using (SafeChainEngineHandle storeHandle = GetChainEngine(trustMode, customTrustStore, useMachineContext))
using (SafeCertStoreHandle extraStoreHandle = ConvertStoreToSafeHandle(extraStore))
{
Interop.Crypt32.CERT_CHAIN_PARA chainPara = default;
chainPara.cbSize = Marshal.SizeOf <Interop.Crypt32.CERT_CHAIN_PARA>();
int applicationPolicyCount;
using (SafeHandle applicationPolicyOids = applicationPolicy !.ToLpstrArray(out applicationPolicyCount))
{
if (!applicationPolicyOids.IsInvalid)
{
chainPara.RequestedUsage.dwType = Interop.Crypt32.CertUsageMatchType.USAGE_MATCH_TYPE_AND;
chainPara.RequestedUsage.Usage.cUsageIdentifier = applicationPolicyCount;
chainPara.RequestedUsage.Usage.rgpszUsageIdentifier = applicationPolicyOids.DangerousGetHandle();
}
int certificatePolicyCount;
using (SafeHandle certificatePolicyOids = certificatePolicy !.ToLpstrArray(out certificatePolicyCount))
{
if (!certificatePolicyOids.IsInvalid)
{
chainPara.RequestedIssuancePolicy.dwType = Interop.Crypt32.CertUsageMatchType.USAGE_MATCH_TYPE_AND;
chainPara.RequestedIssuancePolicy.Usage.cUsageIdentifier = certificatePolicyCount;
chainPara.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = certificatePolicyOids.DangerousGetHandle();
}
chainPara.dwUrlRetrievalTimeout = (int)Math.Floor(timeout.TotalMilliseconds);
Interop.Crypt32.FILETIME ft = Interop.Crypt32.FILETIME.FromDateTime(verificationTime);
Interop.Crypt32.CertChainFlags flags = MapRevocationFlags(revocationMode, revocationFlag, disableAia);
SafeX509ChainHandle chain;
if (!Interop.Crypt32.CertGetCertificateChain(storeHandle.DangerousGetHandle(), certificatePal.CertContext, &ft, extraStoreHandle, ref chainPara, flags, IntPtr.Zero, out chain))
{
return(null);
}
return(new ChainPal(chain));
}
}
}
}
}
public static unsafe partial int CertVerifyTimeValidity(ref Interop.Crypt32.FILETIME pTimeToVerify, Interop.Crypt32.CERT_INFO *pCertInfo);
