public EnhancedKeyUsageProperty(X509Certificate2 cert)
{
EnhancedKeyUsageRepresentation enhancedKeyUsageRepresentation;
this.ekuList = new List <EnhancedKeyUsageRepresentation>();
if (DownLevelHelper.IsWin8AndAbove())
{
Collection <string> certEKU = SecuritySupport.GetCertEKU(cert);
foreach (string str in certEKU)
{
if (string.IsNullOrEmpty(str))
{
continue;
}
IntPtr hGlobalAnsi = Marshal.StringToHGlobalAnsi(str);
IntPtr intPtr = NativeMethods.CryptFindOIDInfo(1, hGlobalAnsi, 0);
if (intPtr == IntPtr.Zero)
{
enhancedKeyUsageRepresentation = new EnhancedKeyUsageRepresentation(null, str);
}
else
{
NativeMethods.CRYPT_OID_INFO structure = (NativeMethods.CRYPT_OID_INFO)Marshal.PtrToStructure(intPtr, typeof(NativeMethods.CRYPT_OID_INFO));
enhancedKeyUsageRepresentation = new EnhancedKeyUsageRepresentation(structure.pwszName, str);
}
this.ekuList.Add(enhancedKeyUsageRepresentation);
}
}
}
public DnsNameProperty(X509Certificate2 cert)
{
this.dnsList = new List <DnsNameRepresentation>();
if (DownLevelHelper.IsWin8AndAbove() && cert != null)
{
this.dnsList = this.GetCertNames(cert.Handle, NativeMethods.AltNameType.CERT_ALT_NAME_DNS_NAME);
}
}
public static bool ReadSendAsTrustedIssuerProperty(X509Certificate2 cert)
{
bool flag = false;
if (DownLevelHelper.IsWin8AndAbove())
{
int num = 0;
if (!NativeMethods.CertGetCertificateContextProperty(cert.Handle, NativeMethods.CertPropertyId.CERT_SEND_AS_TRUSTED_ISSUER_PROP_ID, IntPtr.Zero, ref num))
{
int lastWin32Error = Marshal.GetLastWin32Error();
if (lastWin32Error != -2146885628)
{
throw new Win32Exception(lastWin32Error);
}
}
else
{
flag = true;
}
}
return(flag);
}
protected override void ProcessRecord()
{
string sddlForm;
ObjectSecurity objectSecurity = this.securityDescriptor as ObjectSecurity;
if (this.inputObject == null)
{
if (this.Path != null)
{
if (objectSecurity != null)
{
if ((this.CentralAccessPolicy != null || this.ClearCentralAccessPolicy) && !DownLevelHelper.IsWin8AndAbove())
{
Exception parameterBindingException = new ParameterBindingException();
base.WriteError(new ErrorRecord(parameterBindingException, "SetAcl_OperationNotSupported", ErrorCategory.InvalidArgument, null));
return;
}
else
{
if (this.CentralAccessPolicy == null || !this.ClearCentralAccessPolicy)
{
IntPtr zero = IntPtr.Zero;
NativeMethods.TOKEN_PRIVILEGE tOKENPRIVILEGE = new NativeMethods.TOKEN_PRIVILEGE();
try
{
if (this.CentralAccessPolicy == null)
{
if (this.ClearCentralAccessPolicy)
{
zero = this.GetEmptySacl();
if (zero == IntPtr.Zero)
{
SystemException systemException = new SystemException(UtilsStrings.GetEmptySaclFail);
base.WriteError(new ErrorRecord(systemException, "SetAcl_ClearCentralAccessPolicy", ErrorCategory.InvalidResult, null));
return;
}
}
}
else
{
zero = this.GetSaclWithCapId(this.CentralAccessPolicy);
if (zero == IntPtr.Zero)
{
SystemException systemException1 = new SystemException(UtilsStrings.GetSaclWithCapIdFail);
base.WriteError(new ErrorRecord(systemException1, "SetAcl_CentralAccessPolicy", ErrorCategory.InvalidResult, null));
return;
}
}
string[] path = this.Path;
for (int i = 0; i < (int)path.Length; i++)
{
string str = path[i];
Collection <PathInfo> pathInfos = new Collection <PathInfo>();
CmdletProviderContext cmdletProviderContext = base.CmdletProviderContext;
cmdletProviderContext.PassThru = this.Passthru;
if (!this.isLiteralPath)
{
pathInfos = base.SessionState.Path.GetResolvedPSPathFromPSPath(str, base.CmdletProviderContext);
}
else
{
ProviderInfo providerInfo = null;
PSDriveInfo pSDriveInfo = null;
string unresolvedProviderPathFromPSPath = base.SessionState.Path.GetUnresolvedProviderPathFromPSPath(str, out providerInfo, out pSDriveInfo);
pathInfos.Add(new PathInfo(pSDriveInfo, providerInfo, unresolvedProviderPathFromPSPath, base.SessionState));
cmdletProviderContext.SuppressWildcardExpansion = true;
}
foreach (PathInfo pathInfo in pathInfos)
{
if (!base.ShouldProcess(pathInfo.Path))
{
continue;
}
try
{
base.InvokeProvider.SecurityDescriptor.Set(pathInfo.Path, objectSecurity, cmdletProviderContext);
if (this.CentralAccessPolicy != null || this.ClearCentralAccessPolicy)
{
if (pathInfo.Provider.NameEquals(base.Context.ProviderNames.FileSystem))
{
IntPtr tokenWithEnabledPrivilege = this.GetTokenWithEnabledPrivilege("SeSecurityPrivilege", tOKENPRIVILEGE);
if (tokenWithEnabledPrivilege != IntPtr.Zero)
{
int num = NativeMethods.SetNamedSecurityInfo(pathInfo.ProviderPath, NativeMethods.SeObjectType.SE_FILE_OBJECT, NativeMethods.SecurityInformation.SCOPE_SECURITY_INFORMATION, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, zero);
if (tokenWithEnabledPrivilege != IntPtr.Zero)
{
NativeMethods.TOKEN_PRIVILEGE tOKENPRIVILEGE1 = new NativeMethods.TOKEN_PRIVILEGE();
uint num1 = 0;
NativeMethods.AdjustTokenPrivileges(tokenWithEnabledPrivilege, false, ref tOKENPRIVILEGE, Marshal.SizeOf(tOKENPRIVILEGE1), ref tOKENPRIVILEGE1, ref num1);
NativeMethods.CloseHandle(tokenWithEnabledPrivilege);
}
if (num != 0)
{
SystemException win32Exception = new Win32Exception(num, UtilsStrings.SetCentralAccessPolicyFail);
base.WriteError(new ErrorRecord(win32Exception, "SetAcl_SetNamedSecurityInfo", ErrorCategory.InvalidResult, null));
}
}
else
{
SystemException systemException2 = new SystemException(UtilsStrings.GetTokenWithEnabledPrivilegeFail);
base.WriteError(new ErrorRecord(systemException2, "SetAcl_AdjustTokenPrivileges", ErrorCategory.InvalidResult, null));
return;
}
}
else
{
Exception argumentException = new ArgumentException("Path");
base.WriteError(new ErrorRecord(argumentException, "SetAcl_Path", ErrorCategory.InvalidArgument, this.AclObject));
continue;
}
}
}
catch (NotSupportedException notSupportedException)
{
object[] objArray = new object[1];
objArray[0] = pathInfo.Path;
ErrorRecord errorRecord = SecurityUtils.CreateNotSupportedErrorRecord(UtilsStrings.OperationNotSupportedOnPath, "SetAcl_OperationNotSupported", objArray);
base.WriteError(errorRecord);
}
}
}
return;
}
finally
{
Marshal.FreeHGlobal(zero);
}
}
else
{
Exception exception = new ArgumentException(UtilsStrings.InvalidCentralAccessPolicyParameters);
ErrorRecord errorRecord1 = SecurityUtils.CreateInvalidArgumentErrorRecord(exception, "SetAcl_OperationNotSupported");
base.WriteError(errorRecord1);
return;
}
}
}
else
{
Exception argumentException1 = new ArgumentException("AclObject");
base.WriteError(new ErrorRecord(argumentException1, "SetAcl_AclObject", ErrorCategory.InvalidArgument, this.AclObject));
return;
}
}
else
{
Exception exception1 = new ArgumentException("Path");
base.WriteError(new ErrorRecord(exception1, "SetAcl_Path", ErrorCategory.InvalidArgument, this.AclObject));
}
}
else
{
PSMethodInfo item = this.inputObject.Methods["SetSecurityDescriptor"];
if (item == null)
{
ErrorRecord errorRecord2 = SecurityUtils.CreateNotSupportedErrorRecord(UtilsStrings.SetMethodNotFound, "SetAcl_OperationNotSupported", new object[0]);
base.WriteError(errorRecord2);
return;
}
else
{
CommonSecurityDescriptor commonSecurityDescriptor = this.securityDescriptor as CommonSecurityDescriptor;
if (objectSecurity == null)
{
if (commonSecurityDescriptor == null)
{
Exception argumentException2 = new ArgumentException("AclObject");
base.WriteError(new ErrorRecord(argumentException2, "SetAcl_AclObject", ErrorCategory.InvalidArgument, this.AclObject));
return;
}
else
{
sddlForm = commonSecurityDescriptor.GetSddlForm(AccessControlSections.All);
}
}
else
{
sddlForm = objectSecurity.GetSecurityDescriptorSddlForm(AccessControlSections.All);
}
try
{
object[] objArray1 = new object[1];
objArray1[0] = sddlForm;
item.Invoke(objArray1);
return;
}
catch (Exception exception3)
{
Exception exception2 = exception3;
CommandProcessorBase.CheckForSevereException(exception2);
ErrorRecord errorRecord3 = SecurityUtils.CreateNotSupportedErrorRecord(UtilsStrings.MethodInvokeFail, "SetAcl_OperationNotSupported", new object[0]);
base.WriteError(errorRecord3);
}
}
}
}
static X509NativeStore()
{
X509NativeStore.fIsWin8AndAbove = DownLevelHelper.IsWin8AndAbove();
}
public static void WriteSendAsTrustedIssuerProperty(X509Certificate2 cert, string certPath, bool addProperty)
{
IntPtr handle;
StoreLocation storeLocation;
if (!DownLevelHelper.IsWin8AndAbove())
{
throw Marshal.GetExceptionForHR(-2146893783);
}
else
{
IntPtr zero = IntPtr.Zero;
NativeMethods.CRYPT_DATA_BLOB cRYPTDATABLOB = new NativeMethods.CRYPT_DATA_BLOB();
cRYPTDATABLOB.cbData = 0;
cRYPTDATABLOB.pbData = IntPtr.Zero;
X509Certificate x509Certificate2 = null;
try
{
if (certPath != null)
{
string[] pathElements = SendAsTrustedIssuerProperty.GetPathElements(certPath);
bool flag = string.Equals(pathElements[0], "CurrentUser", StringComparison.OrdinalIgnoreCase);
if (flag)
{
storeLocation = StoreLocation.CurrentUser;
}
else
{
storeLocation = StoreLocation.LocalMachine;
}
X509StoreLocation x509StoreLocation = new X509StoreLocation(storeLocation);
X509NativeStore x509NativeStore = new X509NativeStore(x509StoreLocation, pathElements[1]);
x509NativeStore.Open(true);
IntPtr certByName = x509NativeStore.GetCertByName(pathElements[2]);
if (certByName != IntPtr.Zero)
{
x509Certificate2 = new X509Certificate2(certByName);
x509NativeStore.FreeCert(certByName);
}
}
if (addProperty)
{
zero = Marshal.AllocHGlobal(Marshal.SizeOf(cRYPTDATABLOB));
Marshal.StructureToPtr(cRYPTDATABLOB, zero, false);
}
if (x509Certificate2 != null)
{
handle = x509Certificate2.Handle;
}
else
{
handle = cert.Handle;
}
if (!NativeMethods.CertSetCertificateContextProperty(handle, NativeMethods.CertPropertyId.CERT_SEND_AS_TRUSTED_ISSUER_PROP_ID, 0, zero))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
finally
{
if (zero != IntPtr.Zero)
{
Marshal.FreeHGlobal(zero);
}
}
return;
}
}
