private void CoSign(CmsSigner signer, bool silent)
{
CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer, silent);
try
{
SafeLocalAllocHandle localAllocHandle = CAPI.LocalAlloc(64U, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
try
{
Marshal.StructureToPtr((object)signerEncodeInfo, localAllocHandle.DangerousGetHandle(), false);
if (!CAPI.CryptMsgControl(this.m_safeCryptMsgHandle, 0U, 6U, localAllocHandle.DangerousGetHandle()))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
finally
{
Marshal.DestroyStructure(localAllocHandle.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
localAllocHandle.Dispose();
}
}
finally
{
signerEncodeInfo.Dispose();
}
int num = (int)PkcsUtils.AddCertsToMessage(this.m_safeCryptMsgHandle, this.Certificates, PkcsUtils.CreateBagOfCertificates(signer));
}
public void RemoveSignature(int index)
{
if (m_safeCryptMsgHandle == null || m_safeCryptMsgHandle.IsInvalid)
{
throw new InvalidOperationException(SecurityResources.GetResourceString("Cryptography_Cms_MessageNotSigned"));
}
unsafe {
uint dwSigners = 0;
uint cbCount = (uint)Marshal.SizeOf(typeof(uint));
if (!CAPI.CAPISafe.CryptMsgGetParam(m_safeCryptMsgHandle,
CAPI.CMSG_SIGNER_COUNT_PARAM,
0,
new IntPtr(&dwSigners),
new IntPtr(&cbCount)))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (index < 0 || index >= (int)dwSigners)
{
throw new ArgumentOutOfRangeException("index", SecurityResources.GetResourceString("ArgumentOutOfRange_Index"));
}
if (!CAPI.CryptMsgControl(m_safeCryptMsgHandle,
0,
CAPI.CMSG_CTRL_DEL_SIGNER,
new IntPtr(&index)))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
}
private void CoSign(CmsSigner signer, bool silent)
{
CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer, silent);
try {
SafeLocalAllocHandle pSignerEncodeInfo = CAPI.LocalAlloc(CAPI.LPTR, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
try {
// Marshal to unmanaged memory.
Marshal.StructureToPtr(signerEncodeInfo, pSignerEncodeInfo.DangerousGetHandle(), false);
// Add the signature.
if (!CAPI.CryptMsgControl(m_safeCryptMsgHandle,
0,
CAPI.CMSG_CTRL_ADD_SIGNER,
pSignerEncodeInfo.DangerousGetHandle()))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
finally {
Marshal.DestroyStructure(pSignerEncodeInfo.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
pSignerEncodeInfo.Dispose();
}
}
finally {
// and don't forget to dispose of resources allocated for the structure.
signerEncodeInfo.Dispose();
}
// Finally, add certs to bag of certs.
PkcsUtils.AddCertsToMessage(m_safeCryptMsgHandle, Certificates, PkcsUtils.CreateBagOfCertificates(signer));
}
public unsafe void CheckHash()
{
if (!CAPI.CryptMsgControl(this.m_signedCms.GetCryptMsgHandle(), 0U, 19U, new IntPtr((void *)&new CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA(Marshal.SizeOf(typeof(CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA)))
{
dwSignerType = 4U,
dwSignerIndex = (uint)PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0)
})))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
public void CheckHash()
{
int cvseSize = Marshal.SizeOf(typeof(CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA));
CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA cvse = new CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA(cvseSize);
cvse.dwSignerType = CAPI.CMSG_VERIFY_SIGNER_NULL;
cvse.dwSignerIndex = (uint)PkcsUtils.GetSignerIndex(m_signedCms.GetCryptMsgHandle(), this, 0);
unsafe {
if (!CAPI.CryptMsgControl(m_signedCms.GetCryptMsgHandle(),
0,
CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX,
new IntPtr(&cvse)))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
}
public unsafe void RemoveSignature(int index)
{
if (this.m_safeCryptMsgHandle == null || this.m_safeCryptMsgHandle.IsInvalid)
{
throw new InvalidOperationException(SecurityResources.GetResourceString("Cryptography_Cms_MessageNotSigned"));
}
uint num1 = 0U;
uint num2 = (uint)Marshal.SizeOf(typeof(uint));
if (!CAPI.CAPISafe.CryptMsgGetParam(this.m_safeCryptMsgHandle, 5U, 0U, new IntPtr((void *)&num1), new IntPtr((void *)&num2)))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (index < 0 || index >= (int)num1)
{
throw new ArgumentOutOfRangeException("index", SecurityResources.GetResourceString("ArgumentOutOfRange_Index"));
}
if (!CAPI.CryptMsgControl(this.m_safeCryptMsgHandle, 0U, 7U, new IntPtr((void *)&index)))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
internal static unsafe uint AddCertsToMessage(SafeCryptMsgHandle safeCryptMsgHandle, X509Certificate2Collection bagOfCerts, X509Certificate2Collection chainOfCerts)
{
uint num = 0U;
foreach (X509Certificate2 certificate in chainOfCerts)
{
if (bagOfCerts.Find(X509FindType.FindByThumbprint, (object)certificate.Thumbprint, false).Count == 0)
{
CAPI.CERT_CONTEXT certContext = *(CAPI.CERT_CONTEXT *)(void *) X509Utils.GetCertContext(certificate).DangerousGetHandle();
if (!CAPI.CryptMsgControl(safeCryptMsgHandle, 0U, 10U, new IntPtr((long)&new CAPI.CRYPTOAPI_BLOB()
{
cbData = certContext.cbCertEncoded,
pbData = certContext.pbCertEncoded
})))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
++num;
}
}
return(num);
}
private unsafe void RemoveCounterSignature(int parentIndex, int childIndex)
{
// Just make sure this is non-negative.
if (parentIndex < 0)
{
throw new ArgumentOutOfRangeException("parentIndex");
}
if (childIndex < 0)
{
throw new ArgumentOutOfRangeException("childIndex");
}
uint cbCmsgCmsSignerInfo = 0;
SafeLocalAllocHandle pbCmsgCmsSignerInfo = SafeLocalAllocHandle.InvalidHandle;
uint cbCmsgSignerInfo = 0;
SafeLocalAllocHandle pbCmsgSignerInfo = SafeLocalAllocHandle.InvalidHandle;
uint index = 0;
uint cAttr = 0;
IntPtr pAttr = IntPtr.Zero;
SafeCryptMsgHandle hMsg = m_signedCms.GetCryptMsgHandle();
if (PkcsUtils.CmsSupported())
{
PkcsUtils.GetParam(hMsg,
CAPI.CMSG_CMS_SIGNER_INFO_PARAM,
(uint)parentIndex,
out pbCmsgCmsSignerInfo,
out cbCmsgCmsSignerInfo);
CAPI.CMSG_CMS_SIGNER_INFO cmsgCmsSignerInfo = (CAPI.CMSG_CMS_SIGNER_INFO)Marshal.PtrToStructure(pbCmsgCmsSignerInfo.DangerousGetHandle(), typeof(CAPI.CMSG_CMS_SIGNER_INFO));
cAttr = cmsgCmsSignerInfo.UnauthAttrs.cAttr;
pAttr = new IntPtr((long)cmsgCmsSignerInfo.UnauthAttrs.rgAttr);
}
else
{
PkcsUtils.GetParam(hMsg,
CAPI.CMSG_SIGNER_INFO_PARAM,
(uint)parentIndex,
out pbCmsgSignerInfo,
out cbCmsgSignerInfo);
CAPI.CMSG_SIGNER_INFO cmsgSignerInfo = (CAPI.CMSG_SIGNER_INFO)Marshal.PtrToStructure(pbCmsgSignerInfo.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_INFO));
cAttr = cmsgSignerInfo.UnauthAttrs.cAttr;
pAttr = new IntPtr((long)cmsgSignerInfo.UnauthAttrs.rgAttr);
}
// Find index for counter signature attribute.
// Note: It is not guaranteed that CAPI will keep all counter signatures
// in one single unauthenticated attribute. So we need to find the correct
// unauthenticated attribute containing this counter signer which is
// identified by index.
for (index = 0; index < cAttr; index++)
{
checked {
CAPI.CRYPT_ATTRIBUTE attr = (CAPI.CRYPT_ATTRIBUTE)Marshal.PtrToStructure(pAttr, typeof(CAPI.CRYPT_ATTRIBUTE));
if (String.Compare(attr.pszObjId, CAPI.szOID_RSA_counterSign, StringComparison.OrdinalIgnoreCase) == 0)
{
if (attr.cValue > 0)
{
// Is it in this attribute?
if (childIndex < (int)attr.cValue)
{
// Found the desired counter signature attribute. So, first remove the
// entire attribute, then remove just the counter signature from the
// retrieved attribute, and finally add back the modified attribute,
// if necessary.
CAPI.CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA delPara = new CAPI.CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA(Marshal.SizeOf(typeof(CAPI.CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA)));
delPara.dwSignerIndex = (uint)parentIndex;
delPara.dwUnauthAttrIndex = index;
if (!CAPI.CryptMsgControl(hMsg,
0,
CAPI.CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR,
new IntPtr(&delPara)))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
// No need to add back if only one counter signature in this attribute.
if (attr.cValue > 1)
{
try {
// There were more than one counter signatures in this attribute, so
// need to add back a new counter signature attribute which includes
// the remaining counter signatures.
uint cbCounterSignatureValue = (uint)((attr.cValue - 1) * Marshal.SizeOf(typeof(CAPI.CRYPTOAPI_BLOB)));
SafeLocalAllocHandle pbCounterSignatureValue = CAPI.LocalAlloc(CAPI.LPTR, new IntPtr(cbCounterSignatureValue));
// Copy everything except the one being removed.
CAPI.CRYPTOAPI_BLOB *pOldValue = (CAPI.CRYPTOAPI_BLOB *)attr.rgValue;
CAPI.CRYPTOAPI_BLOB *pNewValue = (CAPI.CRYPTOAPI_BLOB *)pbCounterSignatureValue.DangerousGetHandle();
for (int i = 0; i < (int)attr.cValue; i++, pOldValue++, pNewValue++)
{
if (i != childIndex)
{
*pNewValue = *pOldValue;
}
}
// Encode the new counter signature attribute.
byte[] encodedNewAttribute;
CAPI.CRYPT_ATTRIBUTE newAttr = new CAPI.CRYPT_ATTRIBUTE();
newAttr.pszObjId = attr.pszObjId;
newAttr.cValue = attr.cValue - 1;
newAttr.rgValue = pbCounterSignatureValue.DangerousGetHandle();
SafeLocalAllocHandle pNewAttr = CAPI.LocalAlloc(CAPI.LPTR, new IntPtr(Marshal.SizeOf(typeof(CAPI.CRYPT_ATTRIBUTE))));
Marshal.StructureToPtr(newAttr, pNewAttr.DangerousGetHandle(), false);
try {
if (!CAPI.EncodeObject(new IntPtr(CAPI.PKCS_ATTRIBUTE),
pNewAttr.DangerousGetHandle(),
out encodedNewAttribute))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
finally {
Marshal.DestroyStructure(pNewAttr.DangerousGetHandle(), typeof(CAPI.CRYPT_ATTRIBUTE));
pNewAttr.Dispose();
}
// Finally, add it back.
fixed(byte *pbData = &encodedNewAttribute[0])
{
CAPI.CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA addPara = new CAPI.CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA(Marshal.SizeOf(typeof(CAPI.CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA)));
addPara.dwSignerIndex = (uint)parentIndex;
addPara.blob.cbData = (uint)encodedNewAttribute.Length;
addPara.blob.pbData = new IntPtr(pbData);
if (!CAPI.CryptMsgControl(hMsg,
0,
CAPI.CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR,
new IntPtr(&addPara)))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
// Keep alive.
pbCounterSignatureValue.Dispose();
}
catch (CryptographicException) {
// Roll back.
byte[] encodedAttribute;
if (CAPI.EncodeObject(new IntPtr(CAPI.PKCS_ATTRIBUTE),
pAttr,
out encodedAttribute))
{
fixed(byte *pbData = &encodedAttribute[0])
{
CAPI.CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA addPara = new CAPI.CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA(Marshal.SizeOf(typeof(CAPI.CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA)));
addPara.dwSignerIndex = (uint)parentIndex;
addPara.blob.cbData = (uint)encodedAttribute.Length;
addPara.blob.pbData = new IntPtr(pbData);
CAPI.CryptMsgControl(hMsg, 0, CAPI.CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR, new IntPtr(&addPara));
}
}
throw;
}
}
return;
}
childIndex -= (int)attr.cValue;
}
}
pAttr = new IntPtr((long)pAttr + (long)Marshal.SizeOf(typeof(CAPI.CRYPT_ATTRIBUTE)));
}
}
// Keep alive.
if (pbCmsgCmsSignerInfo != null && !pbCmsgCmsSignerInfo.IsInvalid)
{
pbCmsgCmsSignerInfo.Dispose();
}
if (pbCmsgSignerInfo != null && !pbCmsgSignerInfo.IsInvalid)
{
pbCmsgSignerInfo.Dispose();
}
throw new CryptographicException(CAPI.CRYPT_E_NO_SIGNER);
}
private unsafe void Verify(X509Certificate2Collection extraStore, X509Certificate2 certificate, bool verifySignatureOnly)
{
checked {
// We need to find out if DSS parameters inheritance is necessary. If so, we need to
// first build the chain to cause CAPI to inherit and set the parameters in the
// CERT_PUBKEY_ALG_PARA_PROP_ID extended property. Once we have the parameters in
// the property, we then need to retrieve a copy and point to it in the CERT_INFO
// structure.
SafeLocalAllocHandle pbParameters = SafeLocalAllocHandle.InvalidHandle;
CAPI.CERT_CONTEXT pCertContext = (CAPI.CERT_CONTEXT)Marshal.PtrToStructure(X509Utils.GetCertContext(certificate).DangerousGetHandle(), typeof(CAPI.CERT_CONTEXT));
// Point to SubjectPublicKeyInfo field inside the CERT_INFO structure.
IntPtr pSubjectPublicKeyInfo = new IntPtr((long)pCertContext.pCertInfo + (long)Marshal.OffsetOf(typeof(CAPI.CERT_INFO), "SubjectPublicKeyInfo"));
// Point to Algorithm field inside the SubjectPublicKeyInfo field.
IntPtr pAlgorithm = new IntPtr((long)pSubjectPublicKeyInfo + (long)Marshal.OffsetOf(typeof(CAPI.CERT_PUBLIC_KEY_INFO), "Algorithm"));
// Point to Parameters field inside the Algorithm field.
IntPtr pParameters = new IntPtr((long)pAlgorithm + (long)Marshal.OffsetOf(typeof(CAPI.CRYPT_ALGORITHM_IDENTIFIER), "Parameters"));
// Retrieve the pszObjId pointer.
IntPtr pObjId = Marshal.ReadIntPtr(pAlgorithm);
// Translate the OID to AlgId value.
CAPI.CRYPT_OID_INFO pOIDInfo = CAPI.CryptFindOIDInfo(CAPI.CRYPT_OID_INFO_OID_KEY, pObjId, CAPI.CRYPT_PUBKEY_ALG_OID_GROUP_ID);
// Is this DSS?
if (pOIDInfo.Algid == CAPI.CALG_DSS_SIGN)
{
bool inheritParameters = false;
// This is DSS, so inherit the parameters if necessary.
IntPtr pcbData = new IntPtr((long)pParameters + (long)Marshal.OffsetOf(typeof(CAPI.CRYPTOAPI_BLOB), "cbData"));
IntPtr ppbData = new IntPtr((long)pParameters + (long)Marshal.OffsetOf(typeof(CAPI.CRYPTOAPI_BLOB), "pbData"));
if (Marshal.ReadInt32(pcbData) == 0)
{
inheritParameters = true;
}
else
{
// Need to inherit if NULL pbData or *pbData is 0x05 (NULL ASN tag).
if (Marshal.ReadIntPtr(ppbData) == IntPtr.Zero)
{
inheritParameters = true;
}
else
{
IntPtr pbData = Marshal.ReadIntPtr(ppbData);
if ((uint)Marshal.ReadInt32(pbData) == CAPI.ASN_TAG_NULL)
{
inheritParameters = true;
}
}
}
// Do we need to copy inherited DSS parameters?
if (inheritParameters)
{
// Build the chain to force CAPI to propagate the parameters to
// CERT_PUBKEY_ALG_PARA_PROP_ID extended property.
SafeCertChainHandle pChainContext = SafeCertChainHandle.InvalidHandle;
X509Utils.BuildChain(new IntPtr(CAPI.HCCE_CURRENT_USER),
X509Utils.GetCertContext(certificate),
null,
null,
null,
X509RevocationMode.NoCheck,
X509RevocationFlag.ExcludeRoot,
DateTime.Now,
new TimeSpan(0, 0, 0), // default
ref pChainContext);
pChainContext.Dispose();
// The parameter is inherited in the extended property, but not copied
// to CERT_INFO, so we need to do it ourselves.
uint cbParameters = 0;
if (!CAPI.CAPISafe.CertGetCertificateContextProperty(X509Utils.GetCertContext(certificate),
CAPI.CERT_PUBKEY_ALG_PARA_PROP_ID,
pbParameters,
ref cbParameters))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (cbParameters > 0)
{
pbParameters = CAPI.LocalAlloc(CAPI.LPTR, new IntPtr(cbParameters));
if (!CAPI.CAPISafe.CertGetCertificateContextProperty(X509Utils.GetCertContext(certificate),
CAPI.CERT_PUBKEY_ALG_PARA_PROP_ID,
pbParameters,
ref cbParameters))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
Marshal.WriteInt32(pcbData, (int)cbParameters);
Marshal.WriteIntPtr(ppbData, pbParameters.DangerousGetHandle());
}
}
}
// Is this counter signer?
if (m_parentSignerInfo == null)
{
// Just plain signer.
if (!CAPI.CryptMsgControl(m_signedCms.GetCryptMsgHandle(),
0,
CAPI.CMSG_CTRL_VERIFY_SIGNATURE,
pCertContext.pCertInfo))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
else
{
// Counter signer, so need to first find parent signer's index.
int index = -1;
int lastWin32Error = 0;
// Since we allow the same signer to sign more than once,
// we must than try all signatures of the same signer.
while (true)
{
try {
// Find index of parent signer.
index = PkcsUtils.GetSignerIndex(m_signedCms.GetCryptMsgHandle(), m_parentSignerInfo, index + 1);
}
catch (CryptographicException) {
// Did we ever find a signature of the same signer?
if (lastWin32Error == 0)
{
// No. So we just re-throw, which is most likely CAPI.CRYPT_E_SIGNER_NOT_FOUND.
throw;
}
else
{
// Yes. Throw previous error, which is most likely CAPI.NTE_BAD_SIGNATURE.
throw new CryptographicException(lastWin32Error);
}
}
// Now get the parent encoded singer info.
uint cbParentEncodedSignerInfo = 0;
SafeLocalAllocHandle pbParentEncodedSignerInfo = SafeLocalAllocHandle.InvalidHandle;
PkcsUtils.GetParam(m_signedCms.GetCryptMsgHandle(),
CAPI.CMSG_ENCODED_SIGNER,
(uint)index,
out pbParentEncodedSignerInfo,
out cbParentEncodedSignerInfo);
// Try next signer if we can't get parent of this signer.
if (cbParentEncodedSignerInfo == 0)
{
lastWin32Error = CAPI.CRYPT_E_NO_SIGNER;
continue;
}
fixed(byte *pbEncodedSignerInfo = m_encodedSignerInfo)
{
if (!CAPI.CAPISafe.CryptMsgVerifyCountersignatureEncoded(IntPtr.Zero,
CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING,
pbParentEncodedSignerInfo.DangerousGetHandle(),
cbParentEncodedSignerInfo,
new IntPtr(pbEncodedSignerInfo),
(uint)m_encodedSignerInfo.Length,
pCertContext.pCertInfo))
{
// Cache the error, and try next signer.
lastWin32Error = Marshal.GetLastWin32Error();
continue;
}
}
// Keep alive.
pbParentEncodedSignerInfo.Dispose();
// The signature is successfully verified.
break;
}
}
// Verfiy the cert if requested.
if (!verifySignatureOnly)
{
int hr = VerifyCertificate(certificate, extraStore);
if (hr != CAPI.S_OK)
{
throw new CryptographicException(hr);
}
}
// Keep alive.
pbParameters.Dispose();
}
}
private unsafe void RemoveCounterSignature(int parentIndex, int childIndex)
{
if (parentIndex < 0)
{
throw new ArgumentOutOfRangeException("parentIndex");
}
if (childIndex < 0)
{
throw new ArgumentOutOfRangeException("childIndex");
}
uint cbData1 = 0U;
SafeLocalAllocHandle pvData1 = SafeLocalAllocHandle.InvalidHandle;
uint cbData2 = 0U;
SafeLocalAllocHandle pvData2 = SafeLocalAllocHandle.InvalidHandle;
IntPtr num1 = IntPtr.Zero;
SafeCryptMsgHandle cryptMsgHandle = this.m_signedCms.GetCryptMsgHandle();
uint num2;
if (PkcsUtils.CmsSupported())
{
PkcsUtils.GetParam(cryptMsgHandle, 39U, (uint)parentIndex, out pvData1, out cbData1);
CAPI.CMSG_CMS_SIGNER_INFO cmsgCmsSignerInfo = (CAPI.CMSG_CMS_SIGNER_INFO)Marshal.PtrToStructure(pvData1.DangerousGetHandle(), typeof(CAPI.CMSG_CMS_SIGNER_INFO));
num2 = cmsgCmsSignerInfo.UnauthAttrs.cAttr;
num1 = new IntPtr((long)cmsgCmsSignerInfo.UnauthAttrs.rgAttr);
}
else
{
PkcsUtils.GetParam(cryptMsgHandle, 6U, (uint)parentIndex, out pvData2, out cbData2);
CAPI.CMSG_SIGNER_INFO cmsgSignerInfo = (CAPI.CMSG_SIGNER_INFO)Marshal.PtrToStructure(pvData2.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_INFO));
num2 = cmsgSignerInfo.UnauthAttrs.cAttr;
num1 = new IntPtr((long)cmsgSignerInfo.UnauthAttrs.rgAttr);
}
for (uint index = 0U; index < num2; ++index)
{
CAPI.CRYPT_ATTRIBUTE cryptAttribute1 = (CAPI.CRYPT_ATTRIBUTE)Marshal.PtrToStructure(num1, typeof(CAPI.CRYPT_ATTRIBUTE));
if (string.Compare(cryptAttribute1.pszObjId, "1.2.840.113549.1.9.6", StringComparison.OrdinalIgnoreCase) == 0 && cryptAttribute1.cValue > 0U)
{
if (childIndex < (int)cryptAttribute1.cValue)
{
if (!CAPI.CryptMsgControl(cryptMsgHandle, 0U, 9U, new IntPtr((void *)&new CAPI.CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA(Marshal.SizeOf(typeof(CAPI.CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA)))
{
dwSignerIndex = (uint)parentIndex,
dwUnauthAttrIndex = index
})))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (cryptAttribute1.cValue <= 1U)
{
return;
}
try
{
SafeLocalAllocHandle localAllocHandle1 = CAPI.LocalAlloc(64U, new IntPtr((long)(uint)((ulong)(cryptAttribute1.cValue - 1U) * (ulong)Marshal.SizeOf(typeof(CAPI.CRYPTOAPI_BLOB)))));
CAPI.CRYPTOAPI_BLOB *cryptoapiBlobPtr1 = (CAPI.CRYPTOAPI_BLOB *)(void *) cryptAttribute1.rgValue;
CAPI.CRYPTOAPI_BLOB *cryptoapiBlobPtr2 = (CAPI.CRYPTOAPI_BLOB *)(void *) localAllocHandle1.DangerousGetHandle();
int num3 = 0;
while (num3 < (int)cryptAttribute1.cValue)
{
if (num3 != childIndex)
{
*cryptoapiBlobPtr2 = *cryptoapiBlobPtr1;
}
++num3;
++cryptoapiBlobPtr1;
++cryptoapiBlobPtr2;
}
CAPI.CRYPT_ATTRIBUTE cryptAttribute2 = new CAPI.CRYPT_ATTRIBUTE();
cryptAttribute2.pszObjId = cryptAttribute1.pszObjId;
cryptAttribute2.cValue = cryptAttribute1.cValue - 1U;
cryptAttribute2.rgValue = localAllocHandle1.DangerousGetHandle();
SafeLocalAllocHandle localAllocHandle2 = CAPI.LocalAlloc(64U, new IntPtr(Marshal.SizeOf(typeof(CAPI.CRYPT_ATTRIBUTE))));
Marshal.StructureToPtr((object)cryptAttribute2, localAllocHandle2.DangerousGetHandle(), false);
byte[] encodedData;
try
{
if (!CAPI.EncodeObject(new IntPtr(22L), localAllocHandle2.DangerousGetHandle(), out encodedData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
finally
{
Marshal.DestroyStructure(localAllocHandle2.DangerousGetHandle(), typeof(CAPI.CRYPT_ATTRIBUTE));
localAllocHandle2.Dispose();
}
fixed(byte *numPtr = &encodedData[0])
{
if (!CAPI.CryptMsgControl(cryptMsgHandle, 0U, 8U, new IntPtr((void *)&new CAPI.CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA(Marshal.SizeOf(typeof(CAPI.CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA)))
{
dwSignerIndex = (uint)parentIndex,
blob =
{
cbData = (uint)encodedData.Length,
pbData = new IntPtr((void *)numPtr)
}
})))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
localAllocHandle1.Dispose();
return;
}
catch (CryptographicException ex)
{
byte[] encodedData;
if (CAPI.EncodeObject(new IntPtr(22L), num1, out encodedData))
{
fixed(byte *numPtr = &encodedData[0])
CAPI.CryptMsgControl(cryptMsgHandle, 0U, 8U, new IntPtr((void *)&new CAPI.CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA(Marshal.SizeOf(typeof(CAPI.CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA)))
{
dwSignerIndex = (uint)parentIndex,
blob =
{
cbData = (uint)encodedData.Length,
pbData = new IntPtr((void *)numPtr)
}
}));
}
throw;
}
}
else
{
childIndex -= (int)cryptAttribute1.cValue;
}
}
num1 = new IntPtr((long)num1 + (long)Marshal.SizeOf(typeof(CAPI.CRYPT_ATTRIBUTE)));
}
if (pvData1 != null && !pvData1.IsInvalid)
{
pvData1.Dispose();
}
if (pvData2 != null && !pvData2.IsInvalid)
{
pvData2.Dispose();
}
throw new CryptographicException(-2146885618);
}
private unsafe void Verify(X509Certificate2Collection extraStore, X509Certificate2 certificate, bool verifySignatureOnly)
{
SafeLocalAllocHandle pvData1 = SafeLocalAllocHandle.InvalidHandle;
CAPI.CERT_CONTEXT certContext = (CAPI.CERT_CONTEXT)Marshal.PtrToStructure(X509Utils.GetCertContext(certificate).DangerousGetHandle(), typeof(CAPI.CERT_CONTEXT));
IntPtr ptr1 = new IntPtr((long)new IntPtr((long)certContext.pCertInfo + (long)Marshal.OffsetOf(typeof(CAPI.CERT_INFO), "SubjectPublicKeyInfo")) + (long)Marshal.OffsetOf(typeof(CAPI.CERT_PUBLIC_KEY_INFO), "Algorithm"));
IntPtr num1 = new IntPtr((long)ptr1 + (long)Marshal.OffsetOf(typeof(CAPI.CRYPT_ALGORITHM_IDENTIFIER), "Parameters"));
if ((int)CAPI.CryptFindOIDInfo(1U, Marshal.ReadIntPtr(ptr1), 3U).Algid == 8704)
{
bool flag = false;
IntPtr ptr2 = new IntPtr((long)num1 + (long)Marshal.OffsetOf(typeof(CAPI.CRYPTOAPI_BLOB), "cbData"));
IntPtr ptr3 = new IntPtr((long)num1 + (long)Marshal.OffsetOf(typeof(CAPI.CRYPTOAPI_BLOB), "pbData"));
if (Marshal.ReadInt32(ptr2) == 0)
{
flag = true;
}
else if (Marshal.ReadIntPtr(ptr3) == IntPtr.Zero)
{
flag = true;
}
else if (Marshal.ReadInt32(Marshal.ReadIntPtr(ptr3)) == 5)
{
flag = true;
}
if (flag)
{
SafeCertChainHandle invalidHandle = SafeCertChainHandle.InvalidHandle;
X509Utils.BuildChain(new IntPtr(0L), X509Utils.GetCertContext(certificate), (X509Certificate2Collection)null, (OidCollection)null, (OidCollection)null, X509RevocationMode.NoCheck, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), ref invalidHandle);
invalidHandle.Dispose();
uint pcbData = 0U;
if (!CAPI.CAPISafe.CertGetCertificateContextProperty(X509Utils.GetCertContext(certificate), 22U, pvData1, out pcbData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (pcbData > 0U)
{
pvData1 = CAPI.LocalAlloc(64U, new IntPtr((long)pcbData));
if (!CAPI.CAPISafe.CertGetCertificateContextProperty(X509Utils.GetCertContext(certificate), 22U, pvData1, out pcbData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
Marshal.WriteInt32(ptr2, (int)pcbData);
Marshal.WriteIntPtr(ptr3, pvData1.DangerousGetHandle());
}
}
}
if (this.m_parentSignerInfo == null)
{
if (!CAPI.CryptMsgControl(this.m_signedCms.GetCryptMsgHandle(), 0U, 1U, certContext.pCertInfo))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
else
{
int num2 = -1;
int hr = 0;
SafeLocalAllocHandle pvData2;
while (true)
{
try
{
num2 = PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this.m_parentSignerInfo, num2 + 1);
}
catch (CryptographicException ex)
{
if (hr != 0)
{
throw new CryptographicException(hr);
}
throw;
}
uint cbData = 0U;
pvData2 = SafeLocalAllocHandle.InvalidHandle;
PkcsUtils.GetParam(this.m_signedCms.GetCryptMsgHandle(), 28U, (uint)num2, out pvData2, out cbData);
if ((int)cbData == 0)
{
hr = -2146885618;
}
else
{
fixed(byte *numPtr = this.m_encodedSignerInfo)
{
if (!CAPI.CAPISafe.CryptMsgVerifyCountersignatureEncoded(IntPtr.Zero, 65537U, pvData2.DangerousGetHandle(), cbData, new IntPtr((void *)numPtr), (uint)this.m_encodedSignerInfo.Length, certContext.pCertInfo))
{
hr = Marshal.GetLastWin32Error();
}
else
{
break;
}
}
}
}
// ISSUE: fixed variable is out of scope
// ISSUE: __unpin statement
__unpin(numPtr);
pvData2.Dispose();
}
if (!verifySignatureOnly)
{
int hr = SignerInfo.VerifyCertificate(certificate, extraStore);
if (hr != 0)
{
throw new CryptographicException(hr);
}
}
pvData1.Dispose();
}
