private static uint OidToAlgorithmId(Oid oid) { using (SafeLocalAllocHandle oidHandle = X509Utils.StringToAnsiPtr(oid.Value)) { CapiNative.CRYPT_OID_INFO oidInfo = CapiNative.CryptFindOIDInfo(CapiNative.CRYPT_OID_INFO_OID_KEY, oidHandle, 0); return(oidInfo.Algid); } }
internal static SafeLocalAllocHandle StringToUniPtr(string s) { byte[] arr = new byte[2 * (s.Length + 1)]; Encoding.Unicode.GetBytes(s, 0, s.Length, arr, 0); SafeLocalAllocHandle pb = CAPI.LocalAlloc(CAPI.LMEM_FIXED, new IntPtr(arr.Length)); Marshal.Copy(arr, 0, pb.DangerousGetHandle(), arr.Length); return(pb); }
internal static SafeLocalAllocHandle StringToUniPtr(string s) { byte[] bytes = new byte[2 * (s.Length + 1)]; Encoding.Unicode.GetBytes(s, 0, s.Length, bytes, 0); SafeLocalAllocHandle handle = CAPI.LocalAlloc(0, new IntPtr(bytes.Length)); Marshal.Copy(bytes, 0, handle.DangerousGetHandle(), bytes.Length); return(handle); }
private static unsafe int FindTemplateNameCallback(System.Security.Cryptography.SafeCertContextHandle safeCertContextHandle, object pvCallbackData) { IntPtr zero = IntPtr.Zero; IntPtr ptr = IntPtr.Zero; CAPIBase.CERT_CONTEXT cert_context = *((CAPIBase.CERT_CONTEXT *)safeCertContextHandle.DangerousGetHandle()); CAPIBase.CERT_INFO cert_info = (CAPIBase.CERT_INFO)Marshal.PtrToStructure(cert_context.pCertInfo, typeof(CAPIBase.CERT_INFO)); zero = CAPISafe.CertFindExtension("1.3.6.1.4.1.311.20.2", cert_info.cExtension, cert_info.rgExtension); ptr = CAPISafe.CertFindExtension("1.3.6.1.4.1.311.21.7", cert_info.cExtension, cert_info.rgExtension); if ((zero != IntPtr.Zero) || (ptr != IntPtr.Zero)) { if (zero != IntPtr.Zero) { CAPIBase.CERT_EXTENSION cert_extension = (CAPIBase.CERT_EXTENSION)Marshal.PtrToStructure(zero, typeof(CAPIBase.CERT_EXTENSION)); byte[] destination = new byte[cert_extension.Value.cbData]; Marshal.Copy(cert_extension.Value.pbData, destination, 0, destination.Length); uint cbDecodedValue = 0; SafeLocalAllocHandle decodedValue = null; if (CAPI.DecodeObject(new IntPtr(0x18L), destination, out decodedValue, out cbDecodedValue)) { CAPIBase.CERT_NAME_VALUE cert_name_value = (CAPIBase.CERT_NAME_VALUE)Marshal.PtrToStructure(decodedValue.DangerousGetHandle(), typeof(CAPIBase.CERT_NAME_VALUE)); if (string.Compare(Marshal.PtrToStringUni(cert_name_value.Value.pbData), (string)pvCallbackData, StringComparison.OrdinalIgnoreCase) == 0) { return(0); } } } if (ptr != IntPtr.Zero) { CAPIBase.CERT_EXTENSION cert_extension2 = (CAPIBase.CERT_EXTENSION)Marshal.PtrToStructure(ptr, typeof(CAPIBase.CERT_EXTENSION)); byte[] buffer2 = new byte[cert_extension2.Value.cbData]; Marshal.Copy(cert_extension2.Value.pbData, buffer2, 0, buffer2.Length); uint num2 = 0; SafeLocalAllocHandle handle2 = null; if (CAPI.DecodeObject(new IntPtr(0x40L), buffer2, out handle2, out num2)) { CAPIBase.CERT_TEMPLATE_EXT cert_template_ext = (CAPIBase.CERT_TEMPLATE_EXT)Marshal.PtrToStructure(handle2.DangerousGetHandle(), typeof(CAPIBase.CERT_TEMPLATE_EXT)); string strB = System.Security.Cryptography.X509Certificates.X509Utils.FindOidInfo(2, (string)pvCallbackData, System.Security.Cryptography.OidGroup.Template); if (strB == null) { strB = (string)pvCallbackData; } if (string.Compare(cert_template_ext.pszObjId, strB, StringComparison.OrdinalIgnoreCase) == 0) { return(0); } } } } return(1); }
private void DecodeExtension() { uint cbDecoded = 0; SafeLocalAllocHandle decoded = null; if (Oid.Value == CAPI.szOID_BASIC_CONSTRAINTS) { bool result = CAPI.DecodeObject(new IntPtr(CAPI.X509_BASIC_CONSTRAINTS), m_rawData, out decoded, out cbDecoded); if (result == false) { throw new CryptographicException(Marshal.GetLastWin32Error()); } CAPI.CERT_BASIC_CONSTRAINTS_INFO pBasicConstraints = (CAPI.CERT_BASIC_CONSTRAINTS_INFO)Marshal.PtrToStructure(decoded.DangerousGetHandle(), typeof(CAPI.CERT_BASIC_CONSTRAINTS_INFO)); // take the first byte. byte[] isCA = new byte[1]; Marshal.Copy(pBasicConstraints.SubjectType.pbData, isCA, 0, 1); m_isCA = (isCA[0] & CAPI.CERT_CA_SUBJECT_FLAG) != 0 ? true : false; m_hasPathLenConstraint = pBasicConstraints.fPathLenConstraint; m_pathLenConstraint = (int)pBasicConstraints.dwPathLenConstraint; } else { bool result = CAPI.DecodeObject(new IntPtr(CAPI.X509_BASIC_CONSTRAINTS2), m_rawData, out decoded, out cbDecoded); if (result == false) { throw new CryptographicException(Marshal.GetLastWin32Error()); } CAPI.CERT_BASIC_CONSTRAINTS2_INFO pBasicConstraints2 = (CAPI.CERT_BASIC_CONSTRAINTS2_INFO)Marshal.PtrToStructure(decoded.DangerousGetHandle(), typeof(CAPI.CERT_BASIC_CONSTRAINTS2_INFO)); m_isCA = pBasicConstraints2.fCA == 0 ? false : true; m_hasPathLenConstraint = pBasicConstraints2.fPathLenConstraint == 0 ? false : true; m_pathLenConstraint = (int)pBasicConstraints2.dwPathLenConstraint; } m_decoded = true; decoded.Dispose(); }
internal static bool GetPrivateKeyInfo(SafeCertContextHandle safeCertContext, ref CspParameters parameters) { SafeLocalAllocHandle ptr = SafeLocalAllocHandle.InvalidHandle; uint cbData = 0; if (!CAPI.CAPISafe.CertGetCertificateContextProperty(safeCertContext, CAPI.CERT_KEY_PROV_INFO_PROP_ID, ptr, ref cbData)) { int dwErrorCode = Marshal.GetLastWin32Error(); if (dwErrorCode == CAPI.CRYPT_E_NOT_FOUND) { return(false); } else { throw new CryptographicException(Marshal.GetLastWin32Error()); } } ptr = CAPI.LocalAlloc(CAPI.LMEM_FIXED, new IntPtr(cbData)); if (!CAPI.CAPISafe.CertGetCertificateContextProperty(safeCertContext, CAPI.CERT_KEY_PROV_INFO_PROP_ID, ptr, ref cbData)) { int dwErrorCode = Marshal.GetLastWin32Error(); if (dwErrorCode == CAPI.CRYPT_E_NOT_FOUND) { return(false); } else { throw new CryptographicException(Marshal.GetLastWin32Error()); } } CAPI.CRYPT_KEY_PROV_INFO pKeyProvInfo = (CAPI.CRYPT_KEY_PROV_INFO)Marshal.PtrToStructure(ptr.DangerousGetHandle(), typeof(CAPI.CRYPT_KEY_PROV_INFO)); parameters.ProviderName = pKeyProvInfo.pwszProvName; parameters.KeyContainerName = pKeyProvInfo.pwszContainerName; parameters.ProviderType = (int)pKeyProvInfo.dwProvType; parameters.KeyNumber = (int)pKeyProvInfo.dwKeySpec; parameters.Flags = (CspProviderFlags)((pKeyProvInfo.dwFlags & CAPI.CRYPT_MACHINE_KEYSET) == CAPI.CRYPT_MACHINE_KEYSET ? CspProviderFlags.UseMachineKeyStore : 0); ptr.Dispose(); return(true); }
private static void DecodePublicKeyObject(uint aiPubKey, byte[] encodedKeyValue, byte[] encodedParameters, out byte[] decodedData) { decodedData = null; IntPtr zero = IntPtr.Zero; switch (aiPubKey) { case 0xaa01: case 0xaa02: throw new NotSupportedException(SR.GetString("NotSupported_KeyAlgorithm")); case 0xa400: case 0x2400: zero = new IntPtr(0x13L); break; case 0x2200: zero = new IntPtr(0x26L); break; default: throw new NotSupportedException(SR.GetString("NotSupported_KeyAlgorithm")); } SafeLocalAllocHandle decodedValue = null; uint cbDecodedValue = 0; if (!CAPI.DecodeObject(zero, encodedKeyValue, out decodedValue, out cbDecodedValue)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } if (((int)zero) == 0x13) { decodedData = new byte[cbDecodedValue]; Marshal.Copy(decodedValue.DangerousGetHandle(), decodedData, 0, decodedData.Length); } else if (((int)zero) == 0x26) { SafeLocalAllocHandle handle2 = null; uint num2 = 0; if (!CAPI.DecodeObject(new IntPtr(0x27L), encodedParameters, out handle2, out num2)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } decodedData = ConstructDSSPubKeyCspBlob(decodedValue, handle2); handle2.Dispose(); } decodedValue.Dispose(); }
private static unsafe void SetFriendlyNameExtendedProperty(System.Security.Cryptography.SafeCertContextHandle safeCertContextHandle, string name) { SafeLocalAllocHandle handle = System.Security.Cryptography.X509Certificates.X509Utils.StringToUniPtr(name); using (handle) { CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob = new CAPIBase.CRYPTOAPI_BLOB { cbData = (uint)(2 * (name.Length + 1)), pbData = handle.DangerousGetHandle() }; if (!CAPI.CertSetCertificateContextProperty(safeCertContextHandle, 11, 0, new IntPtr((void *)&cryptoapi_blob))) { throw new CryptographicException(Marshal.GetLastWin32Error()); } } }
internal static unsafe int BuildChain(IntPtr hChainEngine, System.Security.Cryptography.SafeCertContextHandle pCertContext, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout, ref SafeCertChainHandle ppChainContext) { CAPIBase.CERT_CHAIN_PARA cert_chain_para; if ((pCertContext == null) || pCertContext.IsInvalid) { throw new ArgumentException(SR.GetString("Cryptography_InvalidContextHandle"), "pCertContext"); } System.Security.Cryptography.SafeCertStoreHandle invalidHandle = System.Security.Cryptography.SafeCertStoreHandle.InvalidHandle; if ((extraStore != null) && (extraStore.Count > 0)) { invalidHandle = System.Security.Cryptography.X509Certificates.X509Utils.ExportToMemoryStore(extraStore); } cert_chain_para = new CAPIBase.CERT_CHAIN_PARA { cbSize = (uint)Marshal.SizeOf(cert_chain_para) }; SafeLocalAllocHandle handle2 = SafeLocalAllocHandle.InvalidHandle; if ((applicationPolicy != null) && (applicationPolicy.Count > 0)) { cert_chain_para.RequestedUsage.dwType = 0; cert_chain_para.RequestedUsage.Usage.cUsageIdentifier = (uint)applicationPolicy.Count; handle2 = System.Security.Cryptography.X509Certificates.X509Utils.CopyOidsToUnmanagedMemory(applicationPolicy); cert_chain_para.RequestedUsage.Usage.rgpszUsageIdentifier = handle2.DangerousGetHandle(); } SafeLocalAllocHandle handle3 = SafeLocalAllocHandle.InvalidHandle; if ((certificatePolicy != null) && (certificatePolicy.Count > 0)) { cert_chain_para.RequestedIssuancePolicy.dwType = 0; cert_chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = (uint)certificatePolicy.Count; handle3 = System.Security.Cryptography.X509Certificates.X509Utils.CopyOidsToUnmanagedMemory(certificatePolicy); cert_chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = handle3.DangerousGetHandle(); } cert_chain_para.dwUrlRetrievalTimeout = (uint)timeout.Milliseconds; System.Runtime.InteropServices.ComTypes.FILETIME pTime = new System.Runtime.InteropServices.ComTypes.FILETIME(); *((long *)&pTime) = verificationTime.ToFileTime(); uint dwFlags = System.Security.Cryptography.X509Certificates.X509Utils.MapRevocationFlags(revocationMode, revocationFlag); if (!CAPISafe.CertGetCertificateChain(hChainEngine, pCertContext, ref pTime, invalidHandle, ref cert_chain_para, dwFlags, IntPtr.Zero, ref ppChainContext)) { return(Marshal.GetHRForLastWin32Error()); } handle2.Dispose(); handle3.Dispose(); return(0); }
private void DecodeExtension() { uint cbDecodedValue = 0; SafeLocalAllocHandle decodedValue = null; SafeLocalAllocHandle handle2 = System.Security.Cryptography.X509Certificates.X509Utils.StringToAnsiPtr("2.5.29.14"); if (!CAPI.DecodeObject(handle2.DangerousGetHandle(), base.m_rawData, out decodedValue, out cbDecodedValue)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } CAPIBase.CRYPTOAPI_BLOB blob = (CAPIBase.CRYPTOAPI_BLOB)Marshal.PtrToStructure(decodedValue.DangerousGetHandle(), typeof(CAPIBase.CRYPTOAPI_BLOB)); byte[] sArray = CAPI.BlobToByteArray(blob); this.m_subjectKeyIdentifier = System.Security.Cryptography.X509Certificates.X509Utils.EncodeHexString(sArray); this.m_decoded = true; decodedValue.Dispose(); handle2.Dispose(); }
internal static string FindOidInfo(uint keyType, string keyValue, OidGroup oidGroup) { if (keyValue == null) { throw new ArgumentNullException("keyValue"); } if (keyValue.Length == 0) { return(null); } SafeLocalAllocHandle pvKey = SafeLocalAllocHandle.InvalidHandle; try { switch (keyType) { case CAPI.CRYPT_OID_INFO_OID_KEY: pvKey = StringToAnsiPtr(keyValue); break; case CAPI.CRYPT_OID_INFO_NAME_KEY: pvKey = StringToUniPtr(keyValue); break; default: Debug.Assert(false); break; } CAPI.CRYPT_OID_INFO pOidInfo = CAPI.CryptFindOIDInfo(keyType, pvKey, oidGroup); if (keyType == CAPI.CRYPT_OID_INFO_OID_KEY) { return(pOidInfo.pwszName); } else { return(pOidInfo.pszOID); } } finally { pvKey.Dispose(); } }
private void DecodeExtension() { uint cbDecodedValue = 0; SafeLocalAllocHandle decodedValue = null; if (!CAPI.DecodeObject(new IntPtr(0x24L), base.m_rawData, out decodedValue, out cbDecodedValue)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } CAPIBase.CERT_ENHKEY_USAGE cert_enhkey_usage = (CAPIBase.CERT_ENHKEY_USAGE)Marshal.PtrToStructure(decodedValue.DangerousGetHandle(), typeof(CAPIBase.CERT_ENHKEY_USAGE)); this.m_enhancedKeyUsages = new OidCollection(); for (int i = 0; i < cert_enhkey_usage.cUsageIdentifier; i++) { Oid oid = new Oid(Marshal.PtrToStringAnsi(Marshal.ReadIntPtr(new IntPtr(((long)cert_enhkey_usage.rgpszUsageIdentifier) + (i * Marshal.SizeOf(typeof(IntPtr)))))), System.Security.Cryptography.OidGroup.ExtensionOrAttribute, false); this.m_enhancedKeyUsages.Add(oid); } this.m_decoded = true; decodedValue.Dispose(); }
internal static SafeLocalAllocHandle CopyOidsToUnmanagedMemory(OidCollection oids) { SafeLocalAllocHandle safeLocalAllocHandle = SafeLocalAllocHandle.InvalidHandle; if (oids == null || oids.Count == 0) { return(safeLocalAllocHandle); } // Copy the oid strings to a local list to prevent a security race condition where // the OidCollection or individual oids can be modified by another thread and // potentially cause a buffer overflow List <string> oidStrs = new List <string>(); foreach (Oid oid in oids) { oidStrs.Add(oid.Value); } IntPtr pOid = IntPtr.Zero; // Needs to be checked to avoid having large sets of oids overflow the sizes and allow // a potential buffer overflow checked { int ptrSize = oidStrs.Count * Marshal.SizeOf(typeof(IntPtr)); int oidSize = 0; foreach (string oidStr in oidStrs) { oidSize += (oidStr.Length + 1); } safeLocalAllocHandle = CAPI.LocalAlloc(CAPI.LPTR, new IntPtr((uint)ptrSize + (uint)oidSize)); pOid = new IntPtr((long)safeLocalAllocHandle.DangerousGetHandle() + ptrSize); } for (int index = 0; index < oidStrs.Count; index++) { Marshal.WriteIntPtr(new IntPtr((long)safeLocalAllocHandle.DangerousGetHandle() + index * Marshal.SizeOf(typeof(IntPtr))), pOid); byte[] ansiOid = Encoding.ASCII.GetBytes(oidStrs[index]); Marshal.Copy(ansiOid, 0, pOid, ansiOid.Length); pOid = new IntPtr((long)pOid + oidStrs[index].Length + 1); } return(safeLocalAllocHandle); }
private static unsafe byte[] EncodeExtension(OidCollection enhancedKeyUsages) { if (enhancedKeyUsages == null) { throw new ArgumentNullException("enhancedKeyUsages"); } SafeLocalAllocHandle handle = System.Security.Cryptography.X509Certificates.X509Utils.CopyOidsToUnmanagedMemory(enhancedKeyUsages); byte[] encodedData = null; using (handle) { CAPIBase.CERT_ENHKEY_USAGE cert_enhkey_usage = new CAPIBase.CERT_ENHKEY_USAGE { cUsageIdentifier = (uint)enhancedKeyUsages.Count, rgpszUsageIdentifier = handle.DangerousGetHandle() }; if (!CAPI.EncodeObject("2.5.29.37", new IntPtr((void *)&cert_enhkey_usage), out encodedData)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } } return(encodedData); }
private static unsafe byte[] EncodeExtension(OidCollection enhancedKeyUsages) { if (enhancedKeyUsages == null) { throw new ArgumentNullException("enhancedKeyUsages"); } SafeLocalAllocHandle safeLocalAllocHandle = X509Utils.CopyOidsToUnmanagedMemory(enhancedKeyUsages); byte[] encodedEnhancedKeyUsages = null; using (safeLocalAllocHandle) { CAPI.CERT_ENHKEY_USAGE pEnhKeyUsage = new CAPI.CERT_ENHKEY_USAGE(); pEnhKeyUsage.cUsageIdentifier = (uint)enhancedKeyUsages.Count; pEnhKeyUsage.rgpszUsageIdentifier = safeLocalAllocHandle.DangerousGetHandle(); if (!CAPI.EncodeObject(CAPI.szOID_ENHANCED_KEY_USAGE, new IntPtr(&pEnhKeyUsage), out encodedEnhancedKeyUsages)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } } return(encodedEnhancedKeyUsages); }
public string Decode(X500DistinguishedNameFlags flag) { uint dwStrType = CAPI.CERT_X500_NAME_STR | MapNameToStrFlag(flag); unsafe { byte[] encodedDistinguishedName = this.m_rawData; fixed(byte *pbEncoded = encodedDistinguishedName) { CAPI.CRYPTOAPI_BLOB nameBlob; IntPtr pNameBlob = new IntPtr(&nameBlob); nameBlob.cbData = (uint)encodedDistinguishedName.Length; nameBlob.pbData = new IntPtr(pbEncoded); uint cchDecoded = CAPI.CertNameToStrW(CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING, pNameBlob, dwStrType, SafeLocalAllocHandle.InvalidHandle, 0); if (cchDecoded == 0) { throw new CryptographicException(CAPI.CERT_E_INVALID_NAME); } using (SafeLocalAllocHandle pwszDecodeName = CAPI.LocalAlloc(CAPI.LPTR, new IntPtr(2 * cchDecoded))) { if (CAPI.CertNameToStrW(CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING, pNameBlob, dwStrType, pwszDecodeName, cchDecoded) == 0) { throw new CryptographicException(CAPI.CERT_E_INVALID_NAME); } return(Marshal.PtrToStringUni(pwszDecodeName.DangerousGetHandle())); } } } }
private void DecodeExtension() { uint cbDecodedValue = 0; SafeLocalAllocHandle decodedValue = null; if (!CAPI.DecodeObject(new IntPtr(14L), base.m_rawData, out decodedValue, out cbDecodedValue)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob = (CAPIBase.CRYPTOAPI_BLOB)Marshal.PtrToStructure(decodedValue.DangerousGetHandle(), typeof(CAPIBase.CRYPTOAPI_BLOB)); if (cryptoapi_blob.cbData > 4) { cryptoapi_blob.cbData = 4; } byte[] destination = new byte[4]; if (cryptoapi_blob.pbData != IntPtr.Zero) { Marshal.Copy(cryptoapi_blob.pbData, destination, 0, (int)cryptoapi_blob.cbData); } this.m_keyUsages = BitConverter.ToUInt32(destination, 0); this.m_decoded = true; decodedValue.Dispose(); }
private static unsafe SafeLocalAllocHandle EncodePublicKey(PublicKey key) { SafeLocalAllocHandle publicKeyInfo = SafeLocalAllocHandle.InvalidHandle; CAPI.CERT_PUBLIC_KEY_INFO2 *pPublicKeyInfo = null; string objId = key.Oid.Value; byte[] encodedParameters = key.EncodedParameters.RawData; byte[] encodedKeyValue = key.EncodedKeyValue.RawData; uint cbPublicKeyInfo = (uint)(Marshal.SizeOf(typeof(CAPI.CERT_PUBLIC_KEY_INFO2)) + X509Utils.AlignedLength((uint)(objId.Length + 1)) + X509Utils.AlignedLength((uint)encodedParameters.Length) + encodedKeyValue.Length); publicKeyInfo = CAPI.LocalAlloc(CAPI.LPTR, new IntPtr(cbPublicKeyInfo)); pPublicKeyInfo = (CAPI.CERT_PUBLIC_KEY_INFO2 *)publicKeyInfo.DangerousGetHandle(); IntPtr pszObjId = new IntPtr((long)pPublicKeyInfo + Marshal.SizeOf(typeof(CAPI.CERT_PUBLIC_KEY_INFO2))); IntPtr pbParameters = new IntPtr((long)pszObjId + X509Utils.AlignedLength(((uint)(objId.Length + 1)))); IntPtr pbPublicKey = new IntPtr((long)pbParameters + X509Utils.AlignedLength((uint)encodedParameters.Length)); pPublicKeyInfo->Algorithm.pszObjId = pszObjId; byte[] szObjId = new byte[objId.Length + 1]; Encoding.ASCII.GetBytes(objId, 0, objId.Length, szObjId, 0); Marshal.Copy(szObjId, 0, pszObjId, szObjId.Length); if (encodedParameters.Length > 0) { pPublicKeyInfo->Algorithm.Parameters.cbData = (uint)encodedParameters.Length; pPublicKeyInfo->Algorithm.Parameters.pbData = pbParameters; Marshal.Copy(encodedParameters, 0, pbParameters, encodedParameters.Length); } pPublicKeyInfo->PublicKey.cbData = (uint)encodedKeyValue.Length; pPublicKeyInfo->PublicKey.pbData = pbPublicKey; Marshal.Copy(encodedKeyValue, 0, pbPublicKey, encodedKeyValue.Length); return(publicKeyInfo); }
private void DecodeExtension() { uint cbDecoded = 0; SafeLocalAllocHandle decoded = null; SafeLocalAllocHandle pb = X509Utils.StringToAnsiPtr(CAPI.szOID_SUBJECT_KEY_IDENTIFIER); bool result = CAPI.DecodeObject(pb.DangerousGetHandle(), m_rawData, out decoded, out cbDecoded); if (!result) { throw new CryptographicException(Marshal.GetLastWin32Error()); } CAPI.CRYPTOAPI_BLOB pSubjectKeyIdentifier = (CAPI.CRYPTOAPI_BLOB)Marshal.PtrToStructure(decoded.DangerousGetHandle(), typeof(CAPI.CRYPTOAPI_BLOB)); byte[] hexArray = CAPI.BlobToByteArray(pSubjectKeyIdentifier); m_subjectKeyIdentifier = X509Utils.EncodeHexString(hexArray); m_decoded = true; decoded.Dispose(); pb.Dispose(); }
internal static uint OidToAlgId(string value) { SafeLocalAllocHandle pvKey = StringToAnsiPtr(value); return(CAPI.CryptFindOIDInfo(1, pvKey, System.Security.Cryptography.OidGroup.AllGroups).Algid); }
private static unsafe byte[] ExportCertificatesToBlob(System.Security.Cryptography.SafeCertStoreHandle safeCertStoreHandle, X509ContentType contentType, string password) { System.Security.Cryptography.SafeCertContextHandle invalidHandle = System.Security.Cryptography.SafeCertContextHandle.InvalidHandle; uint dwSaveAs = 2; byte[] destination = null; CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob = new CAPIBase.CRYPTOAPI_BLOB(); SafeLocalAllocHandle pbElement = SafeLocalAllocHandle.InvalidHandle; switch (contentType) { case X509ContentType.Cert: invalidHandle = CAPI.CertEnumCertificatesInStore(safeCertStoreHandle, invalidHandle); if ((invalidHandle != null) && !invalidHandle.IsInvalid) { CAPIBase.CERT_CONTEXT cert_context = *((CAPIBase.CERT_CONTEXT *)invalidHandle.DangerousGetHandle()); destination = new byte[cert_context.cbCertEncoded]; Marshal.Copy(cert_context.pbCertEncoded, destination, 0, destination.Length); } break; case X509ContentType.SerializedCert: { invalidHandle = CAPI.CertEnumCertificatesInStore(safeCertStoreHandle, invalidHandle); uint num2 = 0; if ((invalidHandle != null) && !invalidHandle.IsInvalid) { if (!CAPISafe.CertSerializeCertificateStoreElement(invalidHandle, 0, pbElement, new IntPtr((void *)&num2))) { throw new CryptographicException(Marshal.GetLastWin32Error()); } pbElement = CAPI.LocalAlloc(0, new IntPtr((long)num2)); if (!CAPISafe.CertSerializeCertificateStoreElement(invalidHandle, 0, pbElement, new IntPtr((void *)&num2))) { throw new CryptographicException(Marshal.GetLastWin32Error()); } destination = new byte[num2]; Marshal.Copy(pbElement.DangerousGetHandle(), destination, 0, destination.Length); break; } break; } case X509ContentType.Pfx: if (!CAPI.PFXExportCertStore(safeCertStoreHandle, new IntPtr((void *)&cryptoapi_blob), password, 6)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } cryptoapi_blob.pbData = CAPI.LocalAlloc(0, new IntPtr((long)cryptoapi_blob.cbData)).DangerousGetHandle(); if (!CAPI.PFXExportCertStore(safeCertStoreHandle, new IntPtr((void *)&cryptoapi_blob), password, 6)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } destination = new byte[cryptoapi_blob.cbData]; Marshal.Copy(cryptoapi_blob.pbData, destination, 0, destination.Length); break; case X509ContentType.SerializedStore: case X509ContentType.Pkcs7: if (contentType == X509ContentType.SerializedStore) { dwSaveAs = 1; } if (!CAPI.CertSaveStore(safeCertStoreHandle, 0x10001, dwSaveAs, 2, new IntPtr((void *)&cryptoapi_blob), 0)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } pbElement = CAPI.LocalAlloc(0, new IntPtr((long)cryptoapi_blob.cbData)); cryptoapi_blob.pbData = pbElement.DangerousGetHandle(); if (!CAPI.CertSaveStore(safeCertStoreHandle, 0x10001, dwSaveAs, 2, new IntPtr((void *)&cryptoapi_blob), 0)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } destination = new byte[cryptoapi_blob.cbData]; Marshal.Copy(cryptoapi_blob.pbData, destination, 0, destination.Length); break; default: throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidContentType")); } pbElement.Dispose(); invalidHandle.Dispose(); return(destination); }
public static DSA GetDSAPublicKey(this X509Certificate2 certificate) { if (certificate == null) { throw new ArgumentNullException("certificate"); } if (!IsDSA(certificate)) { return(null); } unsafe { DSAParameters dp = new DSAParameters(); SafeLocalAllocHandle dssKeyLocalAlloc = null; try { byte[] encodedPublicKey = certificate.PublicKey.EncodedKeyValue.RawData; uint cbDSSKey; if (!CapiNative.DecodeObject((IntPtr)(CapiNative.X509_DSS_PUBLICKEY), encodedPublicKey, out dssKeyLocalAlloc, out cbDSSKey)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } if (cbDSSKey < Marshal.SizeOf(typeof(CapiNative.CRYPTOAPI_BLOB))) { throw new CryptographicException(); } CapiNative.CRYPTOAPI_BLOB *pDssKeyBlob = (CapiNative.CRYPTOAPI_BLOB *)(dssKeyLocalAlloc.DangerousGetHandle()); dp.Y = ToBigEndianByteArray(*pDssKeyBlob); } finally { if (dssKeyLocalAlloc != null) { dssKeyLocalAlloc.Dispose(); dssKeyLocalAlloc = null; } } SafeLocalAllocHandle dssParametersLocalHandle = null; try { byte[] encodedKeyAlgorithmParameters = certificate.GetKeyAlgorithmParameters(); uint cbDSSParams; if (!CapiNative.DecodeObject((IntPtr)(CapiNative.X509_DSS_PARAMETERS), encodedKeyAlgorithmParameters, out dssParametersLocalHandle, out cbDSSParams)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } if (cbDSSParams < Marshal.SizeOf(typeof(CapiNative.CERT_DSS_PARAMETERS))) { throw new CryptographicException(); } CapiNative.CERT_DSS_PARAMETERS *pDssParameters = (CapiNative.CERT_DSS_PARAMETERS *)(dssParametersLocalHandle.DangerousGetHandle()); dp.P = ToBigEndianByteArray(pDssParameters->p); dp.Q = ToBigEndianByteArray(pDssParameters->q); dp.G = ToBigEndianByteArray(pDssParameters->g); } finally { if (dssParametersLocalHandle != null) { dssParametersLocalHandle.Dispose(); dssParametersLocalHandle = null; } } DSACng dsaCng = new DSACng(); dsaCng.ImportParameters(dp); return(dsaCng); } }
// // Builds a certificate chain. // internal static unsafe int BuildChain(IntPtr hChainEngine, SafeCertContextHandle pCertContext, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout, ref SafeCertChainHandle ppChainContext) { if (pCertContext == null || pCertContext.IsInvalid) { throw new ArgumentException(SR.GetString(SR.Cryptography_InvalidContextHandle), "pCertContext"); } SafeCertStoreHandle hCertStore = SafeCertStoreHandle.InvalidHandle; if (extraStore != null && extraStore.Count > 0) { hCertStore = X509Utils.ExportToMemoryStore(extraStore); } CAPI.CERT_CHAIN_PARA ChainPara = new CAPI.CERT_CHAIN_PARA(); // Initialize the structure size. ChainPara.cbSize = (uint)Marshal.SizeOf(ChainPara); SafeLocalAllocHandle applicationPolicyHandle = SafeLocalAllocHandle.InvalidHandle; SafeLocalAllocHandle certificatePolicyHandle = SafeLocalAllocHandle.InvalidHandle; try { // Application policy if (applicationPolicy != null && applicationPolicy.Count > 0) { ChainPara.RequestedUsage.dwType = CAPI.USAGE_MATCH_TYPE_AND; ChainPara.RequestedUsage.Usage.cUsageIdentifier = (uint)applicationPolicy.Count; applicationPolicyHandle = X509Utils.CopyOidsToUnmanagedMemory(applicationPolicy); ChainPara.RequestedUsage.Usage.rgpszUsageIdentifier = applicationPolicyHandle.DangerousGetHandle(); } // Certificate policy if (certificatePolicy != null && certificatePolicy.Count > 0) { ChainPara.RequestedIssuancePolicy.dwType = CAPI.USAGE_MATCH_TYPE_AND; ChainPara.RequestedIssuancePolicy.Usage.cUsageIdentifier = (uint)certificatePolicy.Count; certificatePolicyHandle = X509Utils.CopyOidsToUnmanagedMemory(certificatePolicy); ChainPara.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = certificatePolicyHandle.DangerousGetHandle(); } ChainPara.dwUrlRetrievalTimeout = (uint)Math.Floor(timeout.TotalMilliseconds); _FILETIME ft = new _FILETIME(); *((long *)&ft) = verificationTime.ToFileTime(); uint flags = X509Utils.MapRevocationFlags(revocationMode, revocationFlag); // Build the chain. if (!CAPI.CertGetCertificateChain(hChainEngine, pCertContext, ref ft, hCertStore, ref ChainPara, flags, IntPtr.Zero, ref ppChainContext)) { return(Marshal.GetHRForLastWin32Error()); } } finally { applicationPolicyHandle.Dispose(); certificatePolicyHandle.Dispose(); } return(CAPI.S_OK); }
private static unsafe System.Security.Cryptography.SafeCertStoreHandle FindCertInStore(System.Security.Cryptography.SafeCertStoreHandle safeSourceStoreHandle, X509FindType findType, object findValue, bool validOnly) { string str; string str2; System.Security.Cryptography.SafeCertStoreHandle handle2; if (findValue == null) { throw new ArgumentNullException("findValue"); } IntPtr zero = IntPtr.Zero; object dwKeyUsageBit = null; object obj3 = null; FindProcDelegate delegate2 = null; FindProcDelegate delegate3 = null; uint dwFindType = 0; CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob = new CAPIBase.CRYPTOAPI_BLOB(); SafeLocalAllocHandle invalidHandle = SafeLocalAllocHandle.InvalidHandle; System.Runtime.InteropServices.ComTypes.FILETIME filetime = new System.Runtime.InteropServices.ComTypes.FILETIME(); string keyValue = null; switch (findType) { case X509FindType.FindByThumbprint: { if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } byte[] managed = System.Security.Cryptography.X509Certificates.X509Utils.DecodeHexString((string)findValue); cryptoapi_blob.pbData = System.Security.Cryptography.X509Certificates.X509Utils.ByteToPtr(managed).DangerousGetHandle(); cryptoapi_blob.cbData = (uint)managed.Length; dwFindType = 0x10000; zero = new IntPtr((void *)&cryptoapi_blob); goto Label_0703; } case X509FindType.FindBySubjectName: if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } str = (string)findValue; dwFindType = 0x80007; zero = System.Security.Cryptography.X509Certificates.X509Utils.StringToUniPtr(str).DangerousGetHandle(); goto Label_0703; case X509FindType.FindBySubjectDistinguishedName: if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } str = (string)findValue; delegate2 = new FindProcDelegate(X509Certificate2Collection.FindSubjectDistinguishedNameCallback); dwKeyUsageBit = str; goto Label_0703; case X509FindType.FindByIssuerName: if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } str2 = (string)findValue; dwFindType = 0x80004; invalidHandle = System.Security.Cryptography.X509Certificates.X509Utils.StringToUniPtr(str2); zero = invalidHandle.DangerousGetHandle(); goto Label_0703; case X509FindType.FindByIssuerDistinguishedName: if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } str2 = (string)findValue; delegate2 = new FindProcDelegate(X509Certificate2Collection.FindIssuerDistinguishedNameCallback); dwKeyUsageBit = str2; goto Label_0703; case X509FindType.FindBySerialNumber: { if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } delegate2 = new FindProcDelegate(X509Certificate2Collection.FindSerialNumberCallback); delegate3 = new FindProcDelegate(X509Certificate2Collection.FindSerialNumberCallback); BigInt num2 = new BigInt(); num2.FromHexadecimal((string)findValue); dwKeyUsageBit = num2.ToByteArray(); num2.FromDecimal((string)findValue); obj3 = num2.ToByteArray(); goto Label_0703; } case X509FindType.FindByTimeValid: if (findValue.GetType() != typeof(DateTime)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } *((long *)&filetime) = ((DateTime)findValue).ToFileTime(); delegate2 = new FindProcDelegate(X509Certificate2Collection.FindTimeValidCallback); dwKeyUsageBit = filetime; goto Label_0703; case X509FindType.FindByTimeNotYetValid: if (findValue.GetType() != typeof(DateTime)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } *((long *)&filetime) = ((DateTime)findValue).ToFileTime(); delegate2 = new FindProcDelegate(X509Certificate2Collection.FindTimeNotBeforeCallback); dwKeyUsageBit = filetime; goto Label_0703; case X509FindType.FindByTimeExpired: if (findValue.GetType() != typeof(DateTime)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } *((long *)&filetime) = ((DateTime)findValue).ToFileTime(); delegate2 = new FindProcDelegate(X509Certificate2Collection.FindTimeNotAfterCallback); dwKeyUsageBit = filetime; goto Label_0703; case X509FindType.FindByTemplateName: if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } dwKeyUsageBit = (string)findValue; delegate2 = new FindProcDelegate(X509Certificate2Collection.FindTemplateNameCallback); goto Label_0703; case X509FindType.FindByApplicationPolicy: if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } keyValue = System.Security.Cryptography.X509Certificates.X509Utils.FindOidInfo(2, (string)findValue, System.Security.Cryptography.OidGroup.Policy); if (keyValue == null) { keyValue = (string)findValue; System.Security.Cryptography.X509Certificates.X509Utils.ValidateOidValue(keyValue); } dwKeyUsageBit = keyValue; delegate2 = new FindProcDelegate(X509Certificate2Collection.FindApplicationPolicyCallback); goto Label_0703; case X509FindType.FindByCertificatePolicy: if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } keyValue = System.Security.Cryptography.X509Certificates.X509Utils.FindOidInfo(2, (string)findValue, System.Security.Cryptography.OidGroup.Policy); if (keyValue == null) { keyValue = (string)findValue; System.Security.Cryptography.X509Certificates.X509Utils.ValidateOidValue(keyValue); } dwKeyUsageBit = keyValue; delegate2 = new FindProcDelegate(X509Certificate2Collection.FindCertificatePolicyCallback); goto Label_0703; case X509FindType.FindByExtension: if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } keyValue = System.Security.Cryptography.X509Certificates.X509Utils.FindOidInfo(2, (string)findValue, System.Security.Cryptography.OidGroup.ExtensionOrAttribute); if (keyValue == null) { keyValue = (string)findValue; System.Security.Cryptography.X509Certificates.X509Utils.ValidateOidValue(keyValue); } dwKeyUsageBit = keyValue; delegate2 = new FindProcDelegate(X509Certificate2Collection.FindExtensionCallback); goto Label_0703; case X509FindType.FindByKeyUsage: { if (!(findValue.GetType() == typeof(string))) { if (findValue.GetType() == typeof(X509KeyUsageFlags)) { dwKeyUsageBit = findValue; } else { if (!(findValue.GetType() == typeof(uint)) && !(findValue.GetType() == typeof(int))) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindType")); } dwKeyUsageBit = findValue; } goto Label_06A2; } CAPIBase.KEY_USAGE_STRUCT[] key_usage_structArray = new CAPIBase.KEY_USAGE_STRUCT[] { new CAPIBase.KEY_USAGE_STRUCT("DigitalSignature", 0x80), new CAPIBase.KEY_USAGE_STRUCT("NonRepudiation", 0x40), new CAPIBase.KEY_USAGE_STRUCT("KeyEncipherment", 0x20), new CAPIBase.KEY_USAGE_STRUCT("DataEncipherment", 0x10), new CAPIBase.KEY_USAGE_STRUCT("KeyAgreement", 8), new CAPIBase.KEY_USAGE_STRUCT("KeyCertSign", 4), new CAPIBase.KEY_USAGE_STRUCT("CrlSign", 2), new CAPIBase.KEY_USAGE_STRUCT("EncipherOnly", 1), new CAPIBase.KEY_USAGE_STRUCT("DecipherOnly", 0x8000) }; for (uint i = 0; i < key_usage_structArray.Length; i++) { if (string.Compare(key_usage_structArray[i].pwszKeyUsage, (string)findValue, StringComparison.OrdinalIgnoreCase) == 0) { dwKeyUsageBit = key_usage_structArray[i].dwKeyUsageBit; break; } } break; } case X509FindType.FindBySubjectKeyIdentifier: if (findValue.GetType() != typeof(string)) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindValue")); } dwKeyUsageBit = System.Security.Cryptography.X509Certificates.X509Utils.DecodeHexString((string)findValue); delegate2 = new FindProcDelegate(X509Certificate2Collection.FindSubjectKeyIdentifierCallback); goto Label_0703; default: throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindType")); } if (dwKeyUsageBit == null) { throw new CryptographicException(SR.GetString("Cryptography_X509_InvalidFindType")); } Label_06A2: delegate2 = new FindProcDelegate(X509Certificate2Collection.FindKeyUsageCallback); Label_0703: handle2 = CAPI.CertOpenStore(new IntPtr(2L), 0x10001, IntPtr.Zero, 0x2200, null); if ((handle2 == null) || handle2.IsInvalid) { throw new CryptographicException(Marshal.GetLastWin32Error()); } FindByCert(safeSourceStoreHandle, dwFindType, zero, validOnly, delegate2, delegate3, dwKeyUsageBit, obj3, handle2); invalidHandle.Dispose(); return(handle2); }
private static unsafe byte[] EncodePublicKey(PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm) { if (key == null) { throw new ArgumentNullException("key"); } // Construct CERT_PUBLIC_KEY_INFO2 in unmanged memory from given encoded blobs. SafeLocalAllocHandle publicKeyInfo = EncodePublicKey(key); CAPI.CERT_PUBLIC_KEY_INFO2 *pPublicKeyInfo = (CAPI.CERT_PUBLIC_KEY_INFO2 *)publicKeyInfo.DangerousGetHandle(); byte [] buffer = new byte[20]; byte [] identifier = null; fixed(byte *pBuffer = buffer) { uint cbData = (uint)buffer.Length; IntPtr pbData = new IntPtr(pBuffer); try { if ((X509SubjectKeyIdentifierHashAlgorithm.Sha1 == algorithm) || (X509SubjectKeyIdentifierHashAlgorithm.ShortSha1 == algorithm)) { //+================================================================= // (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of // the value of the BIT STRING subjectPublicKey (excluding the tag, // length, and number of unused bits). if (!CAPI.CryptHashCertificate( IntPtr.Zero, // hCryptProv CAPI.CALG_SHA1, 0, // dwFlags, pPublicKeyInfo->PublicKey.pbData, pPublicKeyInfo->PublicKey.cbData, pbData, new IntPtr(&cbData))) { throw new CryptographicException(Marshal.GetHRForLastWin32Error()); } } //+================================================================= // Microsoft convention: The keyIdentifier is composed of the // 160-bit SHA-1 hash of the encoded subjectPublicKey BITSTRING // (including the tag, length, and number of unused bits). else if (X509SubjectKeyIdentifierHashAlgorithm.CapiSha1 == algorithm) { if (!CAPI.CryptHashPublicKeyInfo( IntPtr.Zero, // hCryptProv CAPI.CALG_SHA1, 0, // dwFlags, CAPI.X509_ASN_ENCODING, new IntPtr(pPublicKeyInfo), pbData, new IntPtr(&cbData))) { throw new CryptographicException(Marshal.GetHRForLastWin32Error()); } } else { throw new ArgumentException("algorithm"); } //+================================================================= // (2) The keyIdentifier is composed of a four bit type field with // the value 0100 followed by the least significant 60 bits of the // SHA-1 hash of the value of the BIT STRING subjectPublicKey // (excluding the tag, length, and number of unused bit string bits) if (X509SubjectKeyIdentifierHashAlgorithm.ShortSha1 == algorithm) { identifier = new byte[8]; Array.Copy(buffer, buffer.Length - 8, identifier, 0, identifier.Length); identifier[0] &= 0x0f; identifier[0] |= 0x40; } else { identifier = buffer; // return the meaningful part only if (buffer.Length > (int)cbData) { identifier = new byte[cbData]; Array.Copy(buffer, 0, identifier, 0, identifier.Length); } } } finally { publicKeyInfo.Dispose(); } } return(EncodeExtension(identifier)); }
public unsafe string GetNameInfo(X509NameType nameType, bool forIssuer) { uint dwFlags = forIssuer ? 1 : 0; uint dwDisplayType = System.Security.Cryptography.X509Certificates.X509Utils.MapNameType(nameType); switch (dwDisplayType) { case 1: return(CAPI.GetCertNameInfo(this.m_safeCertContext, dwFlags, dwDisplayType)); case 4: return(CAPI.GetCertNameInfo(this.m_safeCertContext, dwFlags, dwDisplayType)); } string str = string.Empty; CAPIBase.CERT_CONTEXT cert_context = *((CAPIBase.CERT_CONTEXT *) this.m_safeCertContext.DangerousGetHandle()); CAPIBase.CERT_INFO cert_info = (CAPIBase.CERT_INFO)Marshal.PtrToStructure(cert_context.pCertInfo, typeof(CAPIBase.CERT_INFO)); IntPtr[] ptrArray = new IntPtr[] { CAPISafe.CertFindExtension(forIssuer ? "2.5.29.8" : "2.5.29.7", cert_info.cExtension, cert_info.rgExtension), CAPISafe.CertFindExtension(forIssuer ? "2.5.29.18" : "2.5.29.17", cert_info.cExtension, cert_info.rgExtension) }; for (int i = 0; i < ptrArray.Length; i++) { if (ptrArray[i] != IntPtr.Zero) { CAPIBase.CERT_EXTENSION cert_extension = (CAPIBase.CERT_EXTENSION)Marshal.PtrToStructure(ptrArray[i], typeof(CAPIBase.CERT_EXTENSION)); byte[] destination = new byte[cert_extension.Value.cbData]; Marshal.Copy(cert_extension.Value.pbData, destination, 0, destination.Length); uint cbDecodedValue = 0; SafeLocalAllocHandle decodedValue = null; SafeLocalAllocHandle handle2 = System.Security.Cryptography.X509Certificates.X509Utils.StringToAnsiPtr(cert_extension.pszObjId); bool flag = CAPI.DecodeObject(handle2.DangerousGetHandle(), destination, out decodedValue, out cbDecodedValue); handle2.Dispose(); if (flag) { CAPIBase.CERT_ALT_NAME_INFO cert_alt_name_info = (CAPIBase.CERT_ALT_NAME_INFO)Marshal.PtrToStructure(decodedValue.DangerousGetHandle(), typeof(CAPIBase.CERT_ALT_NAME_INFO)); for (int j = 0; j < cert_alt_name_info.cAltEntry; j++) { IntPtr ptr = new IntPtr(((long)cert_alt_name_info.rgAltEntry) + (j * Marshal.SizeOf(typeof(CAPIBase.CERT_ALT_NAME_ENTRY)))); CAPIBase.CERT_ALT_NAME_ENTRY cert_alt_name_entry = (CAPIBase.CERT_ALT_NAME_ENTRY)Marshal.PtrToStructure(ptr, typeof(CAPIBase.CERT_ALT_NAME_ENTRY)); switch (dwDisplayType) { case 6: if (cert_alt_name_entry.dwAltNameChoice == 3) { str = Marshal.PtrToStringUni(cert_alt_name_entry.Value.pwszDNSName); } break; case 7: if (cert_alt_name_entry.dwAltNameChoice == 7) { str = Marshal.PtrToStringUni(cert_alt_name_entry.Value.pwszURL); } break; case 8: if (cert_alt_name_entry.dwAltNameChoice == 1) { CAPIBase.CERT_OTHER_NAME cert_other_name = (CAPIBase.CERT_OTHER_NAME)Marshal.PtrToStructure(cert_alt_name_entry.Value.pOtherName, typeof(CAPIBase.CERT_OTHER_NAME)); if (cert_other_name.pszObjId == "1.3.6.1.4.1.311.20.2.3") { uint num6 = 0; SafeLocalAllocHandle handle3 = null; if (CAPI.DecodeObject(new IntPtr(0x18L), System.Security.Cryptography.X509Certificates.X509Utils.PtrToByte(cert_other_name.Value.pbData, cert_other_name.Value.cbData), out handle3, out num6)) { CAPIBase.CERT_NAME_VALUE cert_name_value = (CAPIBase.CERT_NAME_VALUE)Marshal.PtrToStructure(handle3.DangerousGetHandle(), typeof(CAPIBase.CERT_NAME_VALUE)); if (System.Security.Cryptography.X509Certificates.X509Utils.IsCertRdnCharString(cert_name_value.dwValueType)) { str = Marshal.PtrToStringUni(cert_name_value.Value.pbData); } handle3.Dispose(); } } } break; } } decodedValue.Dispose(); } } } if ((nameType != X509NameType.DnsName) || ((str != null) && (str.Length != 0))) { return(str); } return(CAPI.GetCertNameInfo(this.m_safeCertContext, dwFlags, 3)); }
private static unsafe byte[] EncodePublicKey(PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm) { if (key == null) { throw new ArgumentNullException("key"); } SafeLocalAllocHandle handle = EncodePublicKey(key); CAPIBase.CERT_PUBLIC_KEY_INFO2 *cert_public_key_infoPtr = (CAPIBase.CERT_PUBLIC_KEY_INFO2 *)handle.DangerousGetHandle(); byte[] sourceArray = new byte[20]; byte[] destinationArray = null; fixed(byte *numRef = sourceArray) { uint length = (uint)sourceArray.Length; IntPtr pbComputedHash = new IntPtr((void *)numRef); try { if ((algorithm == X509SubjectKeyIdentifierHashAlgorithm.Sha1) || (X509SubjectKeyIdentifierHashAlgorithm.ShortSha1 == algorithm)) { if (!CAPISafe.CryptHashCertificate(IntPtr.Zero, 0x8004, 0, cert_public_key_infoPtr->PublicKey.pbData, cert_public_key_infoPtr->PublicKey.cbData, pbComputedHash, new IntPtr((void *)&length))) { throw new CryptographicException(Marshal.GetHRForLastWin32Error()); } } else { if (X509SubjectKeyIdentifierHashAlgorithm.CapiSha1 != algorithm) { throw new ArgumentException("algorithm"); } if (!CAPISafe.CryptHashPublicKeyInfo(IntPtr.Zero, 0x8004, 0, 1, new IntPtr((void *)cert_public_key_infoPtr), pbComputedHash, new IntPtr((void *)&length))) { throw new CryptographicException(Marshal.GetHRForLastWin32Error()); } } if (X509SubjectKeyIdentifierHashAlgorithm.ShortSha1 == algorithm) { destinationArray = new byte[8]; Array.Copy(sourceArray, sourceArray.Length - 8, destinationArray, 0, destinationArray.Length); destinationArray[0] = (byte)(destinationArray[0] & 15); destinationArray[0] = (byte)(destinationArray[0] | 0x40); } else { destinationArray = sourceArray; if (sourceArray.Length > length) { destinationArray = new byte[length]; Array.Copy(sourceArray, 0, destinationArray, 0, destinationArray.Length); } } } finally { handle.Dispose(); } } return(EncodeExtension(destinationArray)); }
private static byte[] ConstructDSSPubKeyCspBlob(SafeLocalAllocHandle decodedKeyValue, SafeLocalAllocHandle decodedParameters) { CAPIBase.CRYPTOAPI_BLOB cryptoapi_blob = (CAPIBase.CRYPTOAPI_BLOB)Marshal.PtrToStructure(decodedKeyValue.DangerousGetHandle(), typeof(CAPIBase.CRYPTOAPI_BLOB)); CAPIBase.CERT_DSS_PARAMETERS cert_dss_parameters = (CAPIBase.CERT_DSS_PARAMETERS)Marshal.PtrToStructure(decodedParameters.DangerousGetHandle(), typeof(CAPIBase.CERT_DSS_PARAMETERS)); uint cbData = cert_dss_parameters.p.cbData; if (cbData == 0) { throw new CryptographicException(-2146893803); } uint num2 = ((((0x10 + cbData) + 20) + cbData) + cbData) + 0x18; MemoryStream output = new MemoryStream((int)num2); BinaryWriter writer = new BinaryWriter(output); writer.Write((byte)6); writer.Write((byte)2); writer.Write((short)0); writer.Write((uint)0x2200); writer.Write((uint)0x31535344); writer.Write((uint)(cbData * 8)); byte[] destination = new byte[cert_dss_parameters.p.cbData]; Marshal.Copy(cert_dss_parameters.p.pbData, destination, 0, destination.Length); writer.Write(destination); uint num3 = cert_dss_parameters.q.cbData; if ((num3 == 0) || (num3 > 20)) { throw new CryptographicException(-2146893803); } byte[] buffer2 = new byte[cert_dss_parameters.q.cbData]; Marshal.Copy(cert_dss_parameters.q.pbData, buffer2, 0, buffer2.Length); writer.Write(buffer2); if (20 > num3) { writer.Write(new byte[20 - num3]); } num3 = cert_dss_parameters.g.cbData; if ((num3 == 0) || (num3 > cbData)) { throw new CryptographicException(-2146893803); } byte[] buffer3 = new byte[cert_dss_parameters.g.cbData]; Marshal.Copy(cert_dss_parameters.g.pbData, buffer3, 0, buffer3.Length); writer.Write(buffer3); if (cbData > num3) { writer.Write(new byte[cbData - num3]); } num3 = cryptoapi_blob.cbData; if ((num3 == 0) || (num3 > cbData)) { throw new CryptographicException(-2146893803); } byte[] buffer4 = new byte[cryptoapi_blob.cbData]; Marshal.Copy(cryptoapi_blob.pbData, buffer4, 0, buffer4.Length); writer.Write(buffer4); if (cbData > num3) { writer.Write(new byte[cbData - num3]); } writer.Write(uint.MaxValue); writer.Write(new byte[20]); return(output.ToArray()); }