|
// ==++==
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// ==--==
//
// CryptoApi.cs
//
namespace System.Security.Cryptography {
using Microsoft.Win32.SafeHandles;
using System.Diagnostics.CodeAnalysis;
using System.Globalization;
using System.IO;
using System.Runtime.InteropServices;
using System.Runtime.InteropServices.ComTypes;
using System.Runtime.CompilerServices;
using System.Runtime.ConstrainedExecution;
using System.Runtime.Versioning;
using System.Security;
using System.Security.Cryptography.X509Certificates;
using System.Security.Permissions;
using System.Text;
using _FILETIME = System.Runtime.InteropServices.ComTypes.FILETIME;
internal abstract class CAPIBase {
//
// PInvoke dll's.
//
internal const String ADVAPI32 = "advapi32.dll";
internal const String CRYPT32 = "crypt32.dll";
internal const String KERNEL32 = "kernel32.dll";
//
// Constants
//
internal const uint LMEM_FIXED = 0x0000;
internal const uint LMEM_ZEROINIT = 0x0040;
internal const uint LPTR = (LMEM_FIXED | LMEM_ZEROINIT);
internal const int S_OK = 0;
internal const int S_FALSE = 1;
internal const uint FORMAT_MESSAGE_FROM_SYSTEM = 0x00001000;
internal const uint FORMAT_MESSAGE_IGNORE_INSERTS = 0x00000200;
internal const uint VER_PLATFORM_WIN32s = 0;
internal const uint VER_PLATFORM_WIN32_WINDOWS = 1;
internal const uint VER_PLATFORM_WIN32_NT = 2;
internal const uint VER_PLATFORM_WINCE = 3;
// ASN.
internal const uint ASN_TAG_NULL = 0x05;
internal const uint ASN_TAG_OBJID = 0x06;
// cert query object types.
internal const uint CERT_QUERY_OBJECT_FILE = 1;
internal const uint CERT_QUERY_OBJECT_BLOB = 2;
// cert query content types.
internal const uint CERT_QUERY_CONTENT_CERT = 1;
internal const uint CERT_QUERY_CONTENT_CTL = 2;
internal const uint CERT_QUERY_CONTENT_CRL = 3;
internal const uint CERT_QUERY_CONTENT_SERIALIZED_STORE = 4;
internal const uint CERT_QUERY_CONTENT_SERIALIZED_CERT = 5;
internal const uint CERT_QUERY_CONTENT_SERIALIZED_CTL = 6;
internal const uint CERT_QUERY_CONTENT_SERIALIZED_CRL = 7;
internal const uint CERT_QUERY_CONTENT_PKCS7_SIGNED = 8;
internal const uint CERT_QUERY_CONTENT_PKCS7_UNSIGNED = 9;
internal const uint CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED = 10;
internal const uint CERT_QUERY_CONTENT_PKCS10 = 11;
internal const uint CERT_QUERY_CONTENT_PFX = 12;
internal const uint CERT_QUERY_CONTENT_CERT_PAIR = 13;
// cert query content flags.
internal const uint CERT_QUERY_CONTENT_FLAG_CERT = (1 << (int) CERT_QUERY_CONTENT_CERT);
internal const uint CERT_QUERY_CONTENT_FLAG_CTL = (1 << (int) CERT_QUERY_CONTENT_CTL);
internal const uint CERT_QUERY_CONTENT_FLAG_CRL = (1 << (int) CERT_QUERY_CONTENT_CRL);
internal const uint CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE = (1 << (int) CERT_QUERY_CONTENT_SERIALIZED_STORE);
internal const uint CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT = (1 << (int) CERT_QUERY_CONTENT_SERIALIZED_CERT);
internal const uint CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL = (1 << (int) CERT_QUERY_CONTENT_SERIALIZED_CTL);
internal const uint CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL = (1 << (int) CERT_QUERY_CONTENT_SERIALIZED_CRL);
internal const uint CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED = (1 << (int) CERT_QUERY_CONTENT_PKCS7_SIGNED);
internal const uint CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED = (1 << (int) CERT_QUERY_CONTENT_PKCS7_UNSIGNED);
internal const uint CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED = (1 << (int) CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED);
internal const uint CERT_QUERY_CONTENT_FLAG_PKCS10 = (1 << (int) CERT_QUERY_CONTENT_PKCS10);
internal const uint CERT_QUERY_CONTENT_FLAG_PFX = (1 << (int) CERT_QUERY_CONTENT_PFX);
internal const uint CERT_QUERY_CONTENT_FLAG_CERT_PAIR = (1 << (int) CERT_QUERY_CONTENT_CERT_PAIR);
internal const uint CERT_QUERY_CONTENT_FLAG_ALL =
(CERT_QUERY_CONTENT_FLAG_CERT |
CERT_QUERY_CONTENT_FLAG_CTL |
CERT_QUERY_CONTENT_FLAG_CRL |
CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE |
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT |
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL |
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL |
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED |
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED |
CERT_QUERY_CONTENT_FLAG_PKCS10 |
CERT_QUERY_CONTENT_FLAG_PFX |
CERT_QUERY_CONTENT_FLAG_CERT_PAIR);
internal const uint CERT_QUERY_FORMAT_BINARY = 1;
internal const uint CERT_QUERY_FORMAT_BASE64_ENCODED = 2;
internal const uint CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED = 3;
internal const uint CERT_QUERY_FORMAT_FLAG_BINARY = (1 << (int) CERT_QUERY_FORMAT_BINARY);
internal const uint CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED = (1 << (int) CERT_QUERY_FORMAT_BASE64_ENCODED);
internal const uint CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED = (1 << (int) CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED);
internal const uint CERT_QUERY_FORMAT_FLAG_ALL =
(CERT_QUERY_FORMAT_FLAG_BINARY |
CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED |
CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED);
// OID key type.
internal const uint CRYPT_OID_INFO_OID_KEY = 1;
internal const uint CRYPT_OID_INFO_NAME_KEY = 2;
internal const uint CRYPT_OID_INFO_ALGID_KEY = 3;
internal const uint CRYPT_OID_INFO_SIGN_KEY = 4;
// OID group Id's.
internal const uint CRYPT_HASH_ALG_OID_GROUP_ID = 1;
internal const uint CRYPT_ENCRYPT_ALG_OID_GROUP_ID = 2;
internal const uint CRYPT_PUBKEY_ALG_OID_GROUP_ID = 3;
internal const uint CRYPT_SIGN_ALG_OID_GROUP_ID = 4;
internal const uint CRYPT_RDN_ATTR_OID_GROUP_ID = 5;
internal const uint CRYPT_EXT_OR_ATTR_OID_GROUP_ID = 6;
internal const uint CRYPT_ENHKEY_USAGE_OID_GROUP_ID = 7;
internal const uint CRYPT_POLICY_OID_GROUP_ID = 8;
internal const uint CRYPT_TEMPLATE_OID_GROUP_ID = 9;
internal const uint CRYPT_LAST_OID_GROUP_ID = 9;
internal const uint CRYPT_FIRST_ALG_OID_GROUP_ID = CRYPT_HASH_ALG_OID_GROUP_ID;
internal const uint CRYPT_LAST_ALG_OID_GROUP_ID = CRYPT_SIGN_ALG_OID_GROUP_ID;
// cert encoding flags.
internal const uint CRYPT_ASN_ENCODING = 0x00000001;
internal const uint CRYPT_NDR_ENCODING = 0x00000002;
internal const uint X509_ASN_ENCODING = 0x00000001;
internal const uint X509_NDR_ENCODING = 0x00000002;
internal const uint PKCS_7_ASN_ENCODING = 0x00010000;
internal const uint PKCS_7_NDR_ENCODING = 0x00020000;
internal const uint PKCS_7_OR_X509_ASN_ENCODING = (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING);
// cert store provider
internal const uint CERT_STORE_PROV_MSG = 1;
internal const uint CERT_STORE_PROV_MEMORY = 2;
internal const uint CERT_STORE_PROV_FILE = 3;
internal const uint CERT_STORE_PROV_REG = 4;
internal const uint CERT_STORE_PROV_PKCS7 = 5;
internal const uint CERT_STORE_PROV_SERIALIZED = 6;
internal const uint CERT_STORE_PROV_FILENAME_A = 7;
internal const uint CERT_STORE_PROV_FILENAME_W = 8;
internal const uint CERT_STORE_PROV_FILENAME = CERT_STORE_PROV_FILENAME_W;
internal const uint CERT_STORE_PROV_SYSTEM_A = 9;
internal const uint CERT_STORE_PROV_SYSTEM_W = 10;
internal const uint CERT_STORE_PROV_SYSTEM = CERT_STORE_PROV_SYSTEM_W;
internal const uint CERT_STORE_PROV_COLLECTION = 11;
internal const uint CERT_STORE_PROV_SYSTEM_REGISTRY_A = 12;
internal const uint CERT_STORE_PROV_SYSTEM_REGISTRY_W = 13;
internal const uint CERT_STORE_PROV_SYSTEM_REGISTRY = CERT_STORE_PROV_SYSTEM_REGISTRY_W;
internal const uint CERT_STORE_PROV_PHYSICAL_W = 14;
internal const uint CERT_STORE_PROV_PHYSICAL = CERT_STORE_PROV_PHYSICAL_W;
internal const uint CERT_STORE_PROV_SMART_CARD_W = 15;
internal const uint CERT_STORE_PROV_SMART_CARD = CERT_STORE_PROV_SMART_CARD_W;
internal const uint CERT_STORE_PROV_LDAP_W = 16;
internal const uint CERT_STORE_PROV_LDAP = CERT_STORE_PROV_LDAP_W;
// cert store flags
internal const uint CERT_STORE_NO_CRYPT_RELEASE_FLAG = 0x00000001;
internal const uint CERT_STORE_SET_LOCALIZED_NAME_FLAG = 0x00000002;
internal const uint CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG = 0x00000004;
internal const uint CERT_STORE_DELETE_FLAG = 0x00000010;
internal const uint CERT_STORE_SHARE_STORE_FLAG = 0x00000040;
internal const uint CERT_STORE_SHARE_CONTEXT_FLAG = 0x00000080;
internal const uint CERT_STORE_MANIFOLD_FLAG = 0x00000100;
internal const uint CERT_STORE_ENUM_ARCHIVED_FLAG = 0x00000200;
internal const uint CERT_STORE_UPDATE_KEYID_FLAG = 0x00000400;
internal const uint CERT_STORE_BACKUP_RESTORE_FLAG = 0x00000800;
internal const uint CERT_STORE_READONLY_FLAG = 0x00008000;
internal const uint CERT_STORE_OPEN_EXISTING_FLAG = 0x00004000;
internal const uint CERT_STORE_CREATE_NEW_FLAG = 0x00002000;
internal const uint CERT_STORE_MAXIMUM_ALLOWED_FLAG = 0x00001000;
// cert store location
internal const uint CERT_SYSTEM_STORE_UNPROTECTED_FLAG = 0x40000000;
internal const uint CERT_SYSTEM_STORE_LOCATION_MASK = 0x00FF0000;
internal const uint CERT_SYSTEM_STORE_LOCATION_SHIFT = 16;
internal const uint CERT_SYSTEM_STORE_CURRENT_USER_ID = 1;
internal const uint CERT_SYSTEM_STORE_LOCAL_MACHINE_ID = 2;
internal const uint CERT_SYSTEM_STORE_CURRENT_SERVICE_ID = 4;
internal const uint CERT_SYSTEM_STORE_SERVICES_ID = 5;
internal const uint CERT_SYSTEM_STORE_USERS_ID = 6;
internal const uint CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY_ID = 7;
internal const uint CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY_ID = 8;
internal const uint CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE_ID = 9;
internal const uint CERT_SYSTEM_STORE_CURRENT_USER = ((int) CERT_SYSTEM_STORE_CURRENT_USER_ID << (int) CERT_SYSTEM_STORE_LOCATION_SHIFT);
internal const uint CERT_SYSTEM_STORE_LOCAL_MACHINE = ((int) CERT_SYSTEM_STORE_LOCAL_MACHINE_ID << (int) CERT_SYSTEM_STORE_LOCATION_SHIFT);
internal const uint CERT_SYSTEM_STORE_CURRENT_SERVICE = ((int) CERT_SYSTEM_STORE_CURRENT_SERVICE_ID << (int) CERT_SYSTEM_STORE_LOCATION_SHIFT);
internal const uint CERT_SYSTEM_STORE_SERVICES = ((int) CERT_SYSTEM_STORE_SERVICES_ID << (int) CERT_SYSTEM_STORE_LOCATION_SHIFT);
internal const uint CERT_SYSTEM_STORE_USERS = ((int) CERT_SYSTEM_STORE_USERS_ID << (int) CERT_SYSTEM_STORE_LOCATION_SHIFT);
internal const uint CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY = ((int) CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY_ID << (int) CERT_SYSTEM_STORE_LOCATION_SHIFT);
internal const uint CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY = ((int) CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY_ID << (int) CERT_SYSTEM_STORE_LOCATION_SHIFT);
internal const uint CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE = ((int) CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE_ID << (int) CERT_SYSTEM_STORE_LOCATION_SHIFT);
// cert name types.
internal const uint CERT_NAME_EMAIL_TYPE = 1;
internal const uint CERT_NAME_RDN_TYPE = 2;
internal const uint CERT_NAME_ATTR_TYPE = 3;
internal const uint CERT_NAME_SIMPLE_DISPLAY_TYPE = 4;
internal const uint CERT_NAME_FRIENDLY_DISPLAY_TYPE = 5;
internal const uint CERT_NAME_DNS_TYPE = 6;
internal const uint CERT_NAME_URL_TYPE = 7;
internal const uint CERT_NAME_UPN_TYPE = 8;
// cert name flags.
internal const uint CERT_SIMPLE_NAME_STR = 1;
internal const uint CERT_OID_NAME_STR = 2;
internal const uint CERT_X500_NAME_STR = 3;
internal const uint CERT_NAME_STR_SEMICOLON_FLAG = 0x40000000;
internal const uint CERT_NAME_STR_NO_PLUS_FLAG = 0x20000000;
internal const uint CERT_NAME_STR_NO_QUOTING_FLAG = 0x10000000;
internal const uint CERT_NAME_STR_CRLF_FLAG = 0x08000000;
internal const uint CERT_NAME_STR_COMMA_FLAG = 0x04000000;
internal const uint CERT_NAME_STR_REVERSE_FLAG = 0x02000000;
internal const uint CERT_NAME_ISSUER_FLAG = 0x1;
internal const uint CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG = 0x00010000;
internal const uint CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG = 0x00020000;
internal const uint CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG = 0x00040000;
internal const uint CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG = 0x00080000;
// cert context property Id's.
internal const uint CERT_KEY_PROV_HANDLE_PROP_ID = 1;
internal const uint CERT_KEY_PROV_INFO_PROP_ID = 2;
internal const uint CERT_SHA1_HASH_PROP_ID = 3;
internal const uint CERT_MD5_HASH_PROP_ID = 4;
internal const uint CERT_HASH_PROP_ID = CERT_SHA1_HASH_PROP_ID;
internal const uint CERT_KEY_CONTEXT_PROP_ID = 5;
internal const uint CERT_KEY_SPEC_PROP_ID = 6;
internal const uint CERT_IE30_RESERVED_PROP_ID = 7;
internal const uint CERT_PUBKEY_HASH_RESERVED_PROP_ID = 8;
internal const uint CERT_ENHKEY_USAGE_PROP_ID = 9;
internal const uint CERT_CTL_USAGE_PROP_ID = CERT_ENHKEY_USAGE_PROP_ID;
internal const uint CERT_NEXT_UPDATE_LOCATION_PROP_ID = 10;
internal const uint CERT_FRIENDLY_NAME_PROP_ID = 11;
internal const uint CERT_PVK_FILE_PROP_ID = 12;
internal const uint CERT_DESCRIPTION_PROP_ID = 13;
internal const uint CERT_ACCESS_STATE_PROP_ID = 14;
internal const uint CERT_SIGNATURE_HASH_PROP_ID = 15;
internal const uint CERT_SMART_CARD_DATA_PROP_ID = 16;
internal const uint CERT_EFS_PROP_ID = 17;
internal const uint CERT_FORTEZZA_DATA_PROP_ID = 18;
internal const uint CERT_ARCHIVED_PROP_ID = 19;
internal const uint CERT_KEY_IDENTIFIER_PROP_ID = 20;
internal const uint CERT_AUTO_ENROLL_PROP_ID = 21;
internal const uint CERT_PUBKEY_ALG_PARA_PROP_ID = 22;
internal const uint CERT_CROSS_CERT_DIST_POINTS_PROP_ID = 23;
internal const uint CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID = 24;
internal const uint CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID = 25;
internal const uint CERT_ENROLLMENT_PROP_ID = 26;
internal const uint CERT_DATE_STAMP_PROP_ID = 27;
internal const uint CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID = 28;
internal const uint CERT_SUBJECT_NAME_MD5_HASH_PROP_ID = 29;
internal const uint CERT_EXTENDED_ERROR_INFO_PROP_ID = 30;
internal const uint CERT_RENEWAL_PROP_ID = 64;
internal const uint CERT_ARCHIVED_KEY_HASH_PROP_ID = 65;
internal const uint CERT_FIRST_RESERVED_PROP_ID = 66;
internal const uint CERT_NCRYPT_KEY_HANDLE_PROP_ID = 78;
// This value shall be defined in wincrypt.h so we avoid conflicts
internal const uint CERT_DELETE_KEYSET_PROP_ID = 101;
// CertSetCertificateContextProperty flags.
internal const uint CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG = 0x80000000;
internal const uint CERT_SET_PROPERTY_INHIBIT_PERSIST_FLAG = 0x40000000;
// cert info flags.
internal const uint CERT_INFO_VERSION_FLAG = 1;
internal const uint CERT_INFO_SERIAL_NUMBER_FLAG = 2;
internal const uint CERT_INFO_SIGNATURE_ALGORITHM_FLAG = 3;
internal const uint CERT_INFO_ISSUER_FLAG = 4;
internal const uint CERT_INFO_NOT_BEFORE_FLAG = 5;
internal const uint CERT_INFO_NOT_AFTER_FLAG = 6;
internal const uint CERT_INFO_SUBJECT_FLAG = 7;
internal const uint CERT_INFO_SUBJECT_PUBLIC_KEY_INFO_FLAG = 8;
internal const uint CERT_INFO_ISSUER_UNIQUE_ID_FLAG = 9;
internal const uint CERT_INFO_SUBJECT_UNIQUE_ID_FLAG = 10;
internal const uint CERT_INFO_EXTENSION_FLAG = 11;
// cert compare flags.
internal const uint CERT_COMPARE_MASK = 0xFFFF;
internal const uint CERT_COMPARE_SHIFT = 16;
internal const uint CERT_COMPARE_ANY = 0;
internal const uint CERT_COMPARE_SHA1_HASH = 1;
internal const uint CERT_COMPARE_NAME = 2;
internal const uint CERT_COMPARE_ATTR = 3;
internal const uint CERT_COMPARE_MD5_HASH = 4;
internal const uint CERT_COMPARE_PROPERTY = 5;
internal const uint CERT_COMPARE_PUBLIC_KEY = 6;
internal const uint CERT_COMPARE_HASH = CERT_COMPARE_SHA1_HASH;
internal const uint CERT_COMPARE_NAME_STR_A = 7;
internal const uint CERT_COMPARE_NAME_STR_W = 8;
internal const uint CERT_COMPARE_KEY_SPEC = 9;
internal const uint CERT_COMPARE_ENHKEY_USAGE = 10;
internal const uint CERT_COMPARE_CTL_USAGE = CERT_COMPARE_ENHKEY_USAGE;
internal const uint CERT_COMPARE_SUBJECT_CERT = 11;
internal const uint CERT_COMPARE_ISSUER_OF = 12;
internal const uint CERT_COMPARE_EXISTING = 13;
internal const uint CERT_COMPARE_SIGNATURE_HASH = 14;
internal const uint CERT_COMPARE_KEY_IDENTIFIER = 15;
internal const uint CERT_COMPARE_CERT_ID = 16;
internal const uint CERT_COMPARE_CROSS_CERT_DIST_POINTS = 17;
internal const uint CERT_COMPARE_PUBKEY_MD5_HASH = 18;
// cert find flags.
internal const uint CERT_FIND_ANY = ((int) CERT_COMPARE_ANY << (int) CERT_COMPARE_SHIFT);
internal const uint CERT_FIND_SHA1_HASH = ((int) CERT_COMPARE_SHA1_HASH << (int) CERT_COMPARE_SHIFT);
internal const uint CERT_FIND_MD5_HASH = ((int) CERT_COMPARE_MD5_HASH << (int) CERT_COMPARE_SHIFT);
internal const uint CERT_FIND_SIGNATURE_HASH = ((int) CERT_COMPARE_SIGNATURE_HASH << (int) CERT_COMPARE_SHIFT);
internal const uint CERT_FIND_KEY_IDENTIFIER = ((int) CERT_COMPARE_KEY_IDENTIFIER << (int) CERT_COMPARE_SHIFT);
internal const uint CERT_FIND_HASH = CERT_FIND_SHA1_HASH;
internal const uint CERT_FIND_PROPERTY = ((int) CERT_COMPARE_PROPERTY << (int) CERT_COMPARE_SHIFT);
internal const uint CERT_FIND_PUBLIC_KEY = ((int) CERT_COMPARE_PUBLIC_KEY << (int) CERT_COMPARE_SHIFT);
internal const uint CERT_FIND_SUBJECT_NAME = ((int) CERT_COMPARE_NAME << (int) CERT_COMPARE_SHIFT | (int) CERT_INFO_SUBJECT_FLAG);
internal const uint CERT_FIND_SUBJECT_ATTR = ((int) CERT_COMPARE_ATTR << (int) CERT_COMPARE_SHIFT | (int) CERT_INFO_SUBJECT_FLAG);
internal const uint CERT_FIND_ISSUER_NAME = ((int) CERT_COMPARE_NAME << (int) CERT_COMPARE_SHIFT | (int) CERT_INFO_ISSUER_FLAG);
internal const uint CERT_FIND_ISSUER_ATTR = ((int) CERT_COMPARE_ATTR << (int) CERT_COMPARE_SHIFT | (int) CERT_INFO_ISSUER_FLAG);
internal const uint CERT_FIND_SUBJECT_STR_A = ((int) CERT_COMPARE_NAME_STR_A << (int) CERT_COMPARE_SHIFT | (int) CERT_INFO_SUBJECT_FLAG);
internal const uint CERT_FIND_SUBJECT_STR_W = ((int) CERT_COMPARE_NAME_STR_W << (int) CERT_COMPARE_SHIFT | (int) CERT_INFO_SUBJECT_FLAG);
internal const uint CERT_FIND_SUBJECT_STR = CERT_FIND_SUBJECT_STR_W;
internal const uint CERT_FIND_ISSUER_STR_A = ((int) CERT_COMPARE_NAME_STR_A << (int) CERT_COMPARE_SHIFT | (int) CERT_INFO_ISSUER_FLAG);
internal const uint CERT_FIND_ISSUER_STR_W = ((int) CERT_COMPARE_NAME_STR_W << (int) CERT_COMPARE_SHIFT | (int) CERT_INFO_ISSUER_FLAG);
internal const uint CERT_FIND_ISSUER_STR = CERT_FIND_ISSUER_STR_W;
internal const uint CERT_FIND_KEY_SPEC = ((int) CERT_COMPARE_KEY_SPEC << (int) CERT_COMPARE_SHIFT);
internal const uint CERT_FIND_ENHKEY_USAGE = ((int) CERT_COMPARE_ENHKEY_USAGE << (int) CERT_COMPARE_SHIFT);
internal const uint CERT_FIND_CTL_USAGE = CERT_FIND_ENHKEY_USAGE;
internal const uint CERT_FIND_SUBJECT_CERT = ((int) CERT_COMPARE_SUBJECT_CERT << (int) CERT_COMPARE_SHIFT);
internal const uint CERT_FIND_ISSUER_OF = ((int) CERT_COMPARE_ISSUER_OF << (int) CERT_COMPARE_SHIFT);
internal const uint CERT_FIND_EXISTING = ((int) CERT_COMPARE_EXISTING << (int) CERT_COMPARE_SHIFT);
internal const uint CERT_FIND_CERT_ID = ((int) CERT_COMPARE_CERT_ID << (int) CERT_COMPARE_SHIFT);
internal const uint CERT_FIND_CROSS_CERT_DIST_POINTS = ((int) CERT_COMPARE_CROSS_CERT_DIST_POINTS << (int) CERT_COMPARE_SHIFT);
internal const uint CERT_FIND_PUBKEY_MD5_HASH = ((int) CERT_COMPARE_PUBKEY_MD5_HASH << (int) CERT_COMPARE_SHIFT);
// cert key usage flags.
internal const uint CERT_ENCIPHER_ONLY_KEY_USAGE = 0x0001;
internal const uint CERT_CRL_SIGN_KEY_USAGE = 0x0002;
internal const uint CERT_KEY_CERT_SIGN_KEY_USAGE = 0x0004;
internal const uint CERT_KEY_AGREEMENT_KEY_USAGE = 0x0008;
internal const uint CERT_DATA_ENCIPHERMENT_KEY_USAGE = 0x0010;
internal const uint CERT_KEY_ENCIPHERMENT_KEY_USAGE = 0x0020;
internal const uint CERT_NON_REPUDIATION_KEY_USAGE = 0x0040;
internal const uint CERT_DIGITAL_SIGNATURE_KEY_USAGE = 0x0080;
internal const uint CERT_DECIPHER_ONLY_KEY_USAGE = 0x8000;
// Add certificate/CRL, encoded, context or element disposition values.
internal const uint CERT_STORE_ADD_NEW = 1;
internal const uint CERT_STORE_ADD_USE_EXISTING = 2;
internal const uint CERT_STORE_ADD_REPLACE_EXISTING = 3;
internal const uint CERT_STORE_ADD_ALWAYS = 4;
internal const uint CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES = 5;
internal const uint CERT_STORE_ADD_NEWER = 6;
internal const uint CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES = 7;
// constants for dwFormatStrType of function CryptFormatObject
internal const uint CRYPT_FORMAT_STR_MULTI_LINE = 0x0001;
internal const uint CRYPT_FORMAT_STR_NO_HEX = 0x0010;
// store save as type.
internal const uint CERT_STORE_SAVE_AS_STORE = 1;
internal const uint CERT_STORE_SAVE_AS_PKCS7 = 2;
// store save to type.
internal const uint CERT_STORE_SAVE_TO_FILE = 1;
internal const uint CERT_STORE_SAVE_TO_MEMORY = 2;
internal const uint CERT_STORE_SAVE_TO_FILENAME_A = 3;
internal const uint CERT_STORE_SAVE_TO_FILENAME_W = 4;
internal const uint CERT_STORE_SAVE_TO_FILENAME = CERT_STORE_SAVE_TO_FILENAME_W;
// flags for CERT_BASIC_CONSTRAINTS_INFO.SubjectType
internal const uint CERT_CA_SUBJECT_FLAG = 0x80;
internal const uint CERT_END_ENTITY_SUBJECT_FLAG = 0x40;
// dwFlags definitions for PFXExportCertStoreEx.
internal const uint REPORT_NO_PRIVATE_KEY = 0x0001;
internal const uint REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY = 0x0002;
internal const uint EXPORT_PRIVATE_KEYS = 0x0004;
internal const uint PKCS12_EXPORT_RESERVED_MASK = 0xffff0000;
// Predefined primitive data structures that can be encoded / decoded.
internal const uint RSA_CSP_PUBLICKEYBLOB = 19;
internal const uint X509_MULTI_BYTE_UINT = 38;
internal const uint X509_DSS_PUBLICKEY = X509_MULTI_BYTE_UINT;
internal const uint X509_DSS_PARAMETERS = 39;
internal const uint X509_DSS_SIGNATURE = 40;
// Object Identifiers short hand.
internal const uint X509_EXTENSIONS = 5;
internal const uint X509_NAME_VALUE = 6;
internal const uint X509_NAME = 7;
internal const uint X509_AUTHORITY_KEY_ID = 9;
internal const uint X509_KEY_USAGE_RESTRICTION = 11;
internal const uint X509_BASIC_CONSTRAINTS = 13;
internal const uint X509_KEY_USAGE = 14;
internal const uint X509_BASIC_CONSTRAINTS2 = 15;
internal const uint X509_CERT_POLICIES = 16;
internal const uint PKCS_UTC_TIME = 17;
internal const uint PKCS_ATTRIBUTE = 22;
internal const uint X509_UNICODE_NAME_VALUE = 24;
internal const uint X509_OCTET_STRING = 25;
internal const uint X509_BITS = 26;
internal const uint X509_ANY_STRING = X509_NAME_VALUE;
internal const uint X509_UNICODE_ANY_STRING = X509_UNICODE_NAME_VALUE;
internal const uint X509_ENHANCED_KEY_USAGE = 36;
internal const uint PKCS_RC2_CBC_PARAMETERS = 41;
internal const uint X509_CERTIFICATE_TEMPLATE = 64;
internal const uint PKCS7_SIGNER_INFO = 500;
internal const uint CMS_SIGNER_INFO = 501;
internal const string szOID_COMMON_NAME = "2.5.4.3";
internal const string szOID_AUTHORITY_KEY_IDENTIFIER = "2.5.29.1";
internal const string szOID_KEY_USAGE_RESTRICTION = "2.5.29.4";
internal const string szOID_SUBJECT_ALT_NAME = "2.5.29.7";
internal const string szOID_ISSUER_ALT_NAME = "2.5.29.8";
internal const string szOID_BASIC_CONSTRAINTS = "2.5.29.10";
internal const string szOID_SUBJECT_KEY_IDENTIFIER = "2.5.29.14";
internal const string szOID_KEY_USAGE = "2.5.29.15";
internal const string szOID_SUBJECT_ALT_NAME2 = "2.5.29.17";
internal const string szOID_ISSUER_ALT_NAME2 = "2.5.29.18";
internal const string szOID_BASIC_CONSTRAINTS2 = "2.5.29.19";
internal const string szOID_CRL_DIST_POINTS = "2.5.29.31";
internal const string szOID_CERT_POLICIES = "2.5.29.32";
internal const string szOID_ENHANCED_KEY_USAGE = "2.5.29.37";
internal const string szOID_KEYID_RDN = "1.3.6.1.4.1.311.10.7.1";
internal const string szOID_ENROLL_CERTTYPE_EXTENSION = "1.3.6.1.4.1.311.20.2";
internal const string szOID_NT_PRINCIPAL_NAME = "1.3.6.1.4.1.311.20.2.3";
internal const string szOID_CERTIFICATE_TEMPLATE = "1.3.6.1.4.1.311.21.7";
internal const string szOID_RDN_DUMMY_SIGNER = "1.3.6.1.4.1.311.21.9";
internal const string szOID_AUTHORITY_INFO_ACCESS = "1.3.6.1.5.5.7.1.1";
// Predefined verify chain policies
internal const uint CERT_CHAIN_POLICY_BASE = 1;
internal const uint CERT_CHAIN_POLICY_AUTHENTICODE = 2;
internal const uint CERT_CHAIN_POLICY_AUTHENTICODE_TS = 3;
internal const uint CERT_CHAIN_POLICY_SSL = 4;
internal const uint CERT_CHAIN_POLICY_BASIC_CONSTRAINTS = 5;
internal const uint CERT_CHAIN_POLICY_NT_AUTH = 6;
internal const uint CERT_CHAIN_POLICY_MICROSOFT_ROOT = 7;
// Default usage match type is AND with value zero
internal const uint USAGE_MATCH_TYPE_AND = 0x00000000;
internal const uint USAGE_MATCH_TYPE_OR = 0x00000001;
// Common chain policy flags.
internal const uint CERT_CHAIN_REVOCATION_CHECK_END_CERT = 0x10000000;
internal const uint CERT_CHAIN_REVOCATION_CHECK_CHAIN = 0x20000000;
internal const uint CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT = 0x40000000;
internal const uint CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY = 0x80000000;
internal const uint CERT_CHAIN_REVOCATION_ACCUMULATIVE_TIMEOUT = 0x08000000;
// These can be applied to certificates and chains
internal const uint CERT_TRUST_NO_ERROR = 0x00000000;
internal const uint CERT_TRUST_IS_NOT_TIME_VALID = 0x00000001;
internal const uint CERT_TRUST_IS_NOT_TIME_NESTED = 0x00000002;
internal const uint CERT_TRUST_IS_REVOKED = 0x00000004;
internal const uint CERT_TRUST_IS_NOT_SIGNATURE_VALID = 0x00000008;
internal const uint CERT_TRUST_IS_NOT_VALID_FOR_USAGE = 0x00000010;
internal const uint CERT_TRUST_IS_UNTRUSTED_ROOT = 0x00000020;
internal const uint CERT_TRUST_REVOCATION_STATUS_UNKNOWN = 0x00000040;
internal const uint CERT_TRUST_IS_CYCLIC = 0x00000080;
internal const uint CERT_TRUST_INVALID_EXTENSION = 0x00000100;
internal const uint CERT_TRUST_INVALID_POLICY_CONSTRAINTS = 0x00000200;
internal const uint CERT_TRUST_INVALID_BASIC_CONSTRAINTS = 0x00000400;
internal const uint CERT_TRUST_INVALID_NAME_CONSTRAINTS = 0x00000800;
internal const uint CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT = 0x00001000;
internal const uint CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT = 0x00002000;
internal const uint CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT = 0x00004000;
internal const uint CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT = 0x00008000;
internal const uint CERT_TRUST_IS_OFFLINE_REVOCATION = 0x01000000;
internal const uint CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY = 0x02000000;
internal const uint CERT_TRUST_IS_EXPLICIT_DISTRUST = 0x04000000;
internal const uint CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT = 0x08000000;
internal const uint CERT_TRUST_HAS_WEAK_SIGNATURE = 0x00100000;
// These can be applied to chains only
internal const uint CERT_TRUST_IS_PARTIAL_CHAIN = 0x00010000;
internal const uint CERT_TRUST_CTL_IS_NOT_TIME_VALID = 0x00020000;
internal const uint CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID = 0x00040000;
internal const uint CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE = 0x00080000;
// Common chain policy flags
internal const uint CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG = 0x00000001;
internal const uint CERT_CHAIN_POLICY_IGNORE_CTL_NOT_TIME_VALID_FLAG = 0x00000002;
internal const uint CERT_CHAIN_POLICY_IGNORE_NOT_TIME_NESTED_FLAG = 0x00000004;
internal const uint CERT_CHAIN_POLICY_IGNORE_INVALID_BASIC_CONSTRAINTS_FLAG = 0x00000008;
internal const uint CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG = 0x00000010;
internal const uint CERT_CHAIN_POLICY_IGNORE_WRONG_USAGE_FLAG = 0x00000020;
internal const uint CERT_CHAIN_POLICY_IGNORE_INVALID_NAME_FLAG = 0x00000040;
internal const uint CERT_CHAIN_POLICY_IGNORE_INVALID_POLICY_FLAG = 0x00000080;
internal const uint CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG = 0x00000100;
internal const uint CERT_CHAIN_POLICY_IGNORE_CTL_SIGNER_REV_UNKNOWN_FLAG = 0x00000200;
internal const uint CERT_CHAIN_POLICY_IGNORE_CA_REV_UNKNOWN_FLAG = 0x00000400;
internal const uint CERT_CHAIN_POLICY_IGNORE_ROOT_REV_UNKNOWN_FLAG = 0x00000800;
internal const uint CERT_CHAIN_POLICY_IGNORE_ALL_REV_UNKNOWN_FLAGS = (
CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG |
CERT_CHAIN_POLICY_IGNORE_CTL_SIGNER_REV_UNKNOWN_FLAG |
CERT_CHAIN_POLICY_IGNORE_CA_REV_UNKNOWN_FLAG |
CERT_CHAIN_POLICY_IGNORE_ROOT_REV_UNKNOWN_FLAG);
// The following are info status bits
// These can be applied to certificates only
internal const uint CERT_TRUST_HAS_EXACT_MATCH_ISSUER = 0x00000001;
internal const uint CERT_TRUST_HAS_KEY_MATCH_ISSUER = 0x00000002;
internal const uint CERT_TRUST_HAS_NAME_MATCH_ISSUER = 0x00000004;
internal const uint CERT_TRUST_IS_SELF_SIGNED = 0x00000008;
// These can be applied to certificates and chains
internal const uint CERT_TRUST_HAS_PREFERRED_ISSUER = 0x00000100;
internal const uint CERT_TRUST_HAS_ISSUANCE_CHAIN_POLICY = 0x00000200;
internal const uint CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS = 0x00000400;
// These can be applied to chains only
internal const uint CERT_TRUST_IS_COMPLEX_CHAIN = 0x00010000;
// Signature value that only contains the hash octets. The parameters for
// this algorithm must be present and must be encoded as NULL.
internal const string szOID_PKIX_NO_SIGNATURE = "1.3.6.1.5.5.7.6.2";
// Consistent key usage bits: DIGITAL_SIGNATURE, KEY_ENCIPHERMENT or KEY_AGREEMENT
internal const string szOID_PKIX_KP_SERVER_AUTH = "1.3.6.1.5.5.7.3.1";
// Consistent key usage bits: DIGITAL_SIGNATURE
internal const string szOID_PKIX_KP_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2";
// Consistent key usage bits: DIGITAL_SIGNATURE
internal const string szOID_PKIX_KP_CODE_SIGNING = "1.3.6.1.5.5.7.3.3";
// Consistent key usage bits: DIGITAL_SIGNATURE, NON_REPUDIATION and/or (KEY_ENCIPHERMENT or KEY_AGREEMENT)
internal const string szOID_PKIX_KP_EMAIL_PROTECTION = "1.3.6.1.5.5.7.3.4";
internal const string SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID = "1.3.6.1.4.1.311.2.1.21";
internal const string SPC_COMMERCIAL_SP_KEY_PURPOSE_OBJID = "1.3.6.1.4.1.311.2.1.22";
// CertGetCertificateChain chain engine handles.
internal const uint HCCE_CURRENT_USER = 0x0;
internal const uint HCCE_LOCAL_MACHINE = 0x1;
// PKCS.
internal const string szOID_PKCS_1 = "1.2.840.113549.1.1";
internal const string szOID_PKCS_2 = "1.2.840.113549.1.2";
internal const string szOID_PKCS_3 = "1.2.840.113549.1.3";
internal const string szOID_PKCS_4 = "1.2.840.113549.1.4";
internal const string szOID_PKCS_5 = "1.2.840.113549.1.5";
internal const string szOID_PKCS_6 = "1.2.840.113549.1.6";
internal const string szOID_PKCS_7 = "1.2.840.113549.1.7";
internal const string szOID_PKCS_8 = "1.2.840.113549.1.8";
internal const string szOID_PKCS_9 = "1.2.840.113549.1.9";
internal const string szOID_PKCS_10 = "1.2.840.113549.1.10";
internal const string szOID_PKCS_12 = "1.2.840.113549.1.12";
// PKCS7 Content Types.
internal const string szOID_RSA_data = "1.2.840.113549.1.7.1";
internal const string szOID_RSA_signedData = "1.2.840.113549.1.7.2";
internal const string szOID_RSA_envelopedData = "1.2.840.113549.1.7.3";
internal const string szOID_RSA_signEnvData = "1.2.840.113549.1.7.4";
internal const string szOID_RSA_digestedData = "1.2.840.113549.1.7.5";
internal const string szOID_RSA_hashedData = "1.2.840.113549.1.7.5";
internal const string szOID_RSA_encryptedData = "1.2.840.113549.1.7.6";
// PKCS9 Attributes.
internal const string szOID_RSA_emailAddr = "1.2.840.113549.1.9.1";
internal const string szOID_RSA_unstructName = "1.2.840.113549.1.9.2";
internal const string szOID_RSA_contentType = "1.2.840.113549.1.9.3";
internal const string szOID_RSA_messageDigest = "1.2.840.113549.1.9.4";
internal const string szOID_RSA_signingTime = "1.2.840.113549.1.9.5";
internal const string szOID_RSA_counterSign = "1.2.840.113549.1.9.6";
internal const string szOID_RSA_challengePwd = "1.2.840.113549.1.9.7";
internal const string szOID_RSA_unstructAddr = "1.2.840.113549.1.9.8";
internal const string szOID_RSA_extCertAttrs = "1.2.840.113549.1.9.9";
internal const string szOID_RSA_SMIMECapabilities = "1.2.840.113549.1.9.15";
internal const string szOID_CAPICOM = "1.3.6.1.4.1.311.88"; // Reserved for CAPICOM.
internal const string szOID_CAPICOM_version = "1.3.6.1.4.1.311.88.1"; // CAPICOM version
internal const string szOID_CAPICOM_attribute = "1.3.6.1.4.1.311.88.2"; // CAPICOM attribute
internal const string szOID_CAPICOM_documentName = "1.3.6.1.4.1.311.88.2.1"; // Document type attribute
internal const string szOID_CAPICOM_documentDescription = "1.3.6.1.4.1.311.88.2.2"; // Document description attribute
internal const string szOID_CAPICOM_encryptedData = "1.3.6.1.4.1.311.88.3"; // CAPICOM encrypted data message.
internal const string szOID_CAPICOM_encryptedContent = "1.3.6.1.4.1.311.88.3.1"; // CAPICOM content of encrypted data.
// Digest Algorithms
internal const string szOID_OIWSEC_sha1 = "1.3.14.3.2.26";
internal const string szOID_RSA_MD5 = "1.2.840.113549.2.5";
internal const string szOID_OIWSEC_SHA256 = "2.16.840.1.101.3.4.1";
internal const string szOID_OIWSEC_SHA384 = "2.16.840.1.101.3.4.2";
internal const string szOID_OIWSEC_SHA512 = "2.16.840.1.101.3.4.3";
// Encryption Algorithms
internal const string szOID_RSA_RC2CBC = "1.2.840.113549.3.2";
internal const string szOID_RSA_RC4 = "1.2.840.113549.3.4";
internal const string szOID_RSA_DES_EDE3_CBC = "1.2.840.113549.3.7";
internal const string szOID_OIWSEC_desCBC = "1.3.14.3.2.7";
// Key encryption algorithms
internal const string szOID_RSA_SMIMEalg = "1.2.840.113549.1.9.16.3";
internal const string szOID_RSA_SMIMEalgESDH = "1.2.840.113549.1.9.16.3.5";
internal const string szOID_RSA_SMIMEalgCMS3DESwrap = "1.2.840.113549.1.9.16.3.6";
internal const string szOID_RSA_SMIMEalgCMSRC2wrap = "1.2.840.113549.1.9.16.3.7";
// DSA signing algorithms
internal const string szOID_X957_DSA = "1.2.840.10040.4.1";
internal const string szOID_X957_sha1DSA = "1.2.840.10040.4.3";
// RSA signing algorithms
internal const string szOID_OIWSEC_sha1RSASign = "1.3.14.3.2.29";
// Alt Name Types.
internal const uint CERT_ALT_NAME_OTHER_NAME = 1;
internal const uint CERT_ALT_NAME_RFC822_NAME = 2;
internal const uint CERT_ALT_NAME_DNS_NAME = 3;
internal const uint CERT_ALT_NAME_X400_ADDRESS = 4;
internal const uint CERT_ALT_NAME_DIRECTORY_NAME = 5;
internal const uint CERT_ALT_NAME_EDI_PARTY_NAME = 6;
internal const uint CERT_ALT_NAME_URL = 7;
internal const uint CERT_ALT_NAME_IP_ADDRESS = 8;
internal const uint CERT_ALT_NAME_REGISTERED_ID = 9;
// CERT_RDN Attribute Value Types
internal const uint CERT_RDN_ANY_TYPE = 0;
internal const uint CERT_RDN_ENCODED_BLOB = 1;
internal const uint CERT_RDN_OCTET_STRING = 2;
internal const uint CERT_RDN_NUMERIC_STRING = 3;
internal const uint CERT_RDN_PRINTABLE_STRING = 4;
internal const uint CERT_RDN_TELETEX_STRING = 5;
internal const uint CERT_RDN_T61_STRING = 5;
internal const uint CERT_RDN_VIDEOTEX_STRING = 6;
internal const uint CERT_RDN_IA5_STRING = 7;
internal const uint CERT_RDN_GRAPHIC_STRING = 8;
internal const uint CERT_RDN_VISIBLE_STRING = 9;
internal const uint CERT_RDN_ISO646_STRING = 9;
internal const uint CERT_RDN_GENERAL_STRING = 10;
internal const uint CERT_RDN_UNIVERSAL_STRING = 11;
internal const uint CERT_RDN_INT4_STRING = 11;
internal const uint CERT_RDN_BMP_STRING = 12;
internal const uint CERT_RDN_UNICODE_STRING = 12;
internal const uint CERT_RDN_UTF8_STRING = 13;
internal const uint CERT_RDN_TYPE_MASK = 0x000000FF;
internal const uint CERT_RDN_FLAGS_MASK = 0xFF000000;
// Certificate Store control types
internal const uint CERT_STORE_CTRL_RESYNC = 1;
internal const uint CERT_STORE_CTRL_NOTIFY_CHANGE = 2;
internal const uint CERT_STORE_CTRL_COMMIT = 3;
internal const uint CERT_STORE_CTRL_AUTO_RESYNC = 4;
internal const uint CERT_STORE_CTRL_CANCEL_NOTIFY = 5;
// Certificate Identifier
internal const uint CERT_ID_ISSUER_SERIAL_NUMBER = 1;
internal const uint CERT_ID_KEY_IDENTIFIER = 2;
internal const uint CERT_ID_SHA1_HASH = 3;
// MS provider names.
internal const string MS_ENHANCED_PROV = "Microsoft Enhanced Cryptographic Provider v1.0";
internal const string MS_STRONG_PROV = "Microsoft Strong Cryptographic Provider";
internal const string MS_DEF_PROV = "Microsoft Base Cryptographic Provider v1.0";
internal const string MS_DEF_DSS_DH_PROV = "Microsoft Base DSS and Diffie-Hellman Cryptographic Provider";
internal const string MS_ENH_DSS_DH_PROV = "Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider";
// HashOnly Signature
internal const string DummySignerCommonName = "CN=Dummy Signer";
// CSP types.
internal const uint PROV_RSA_FULL = 1;
internal const uint PROV_DSS_DH = 13;
// Algorithm types
internal const uint ALG_TYPE_ANY = (0);
internal const uint ALG_TYPE_DSS = (1 << 9);
internal const uint ALG_TYPE_RSA = (2 << 9);
internal const uint ALG_TYPE_BLOCK = (3 << 9);
internal const uint ALG_TYPE_STREAM = (4 << 9);
internal const uint ALG_TYPE_DH = (5 << 9);
internal const uint ALG_TYPE_SECURECHANNEL = (6 << 9);
// Algorithm classes
internal const uint ALG_CLASS_ANY = (0);
internal const uint ALG_CLASS_SIGNATURE = (1 << 13);
internal const uint ALG_CLASS_MSG_ENCRYPT = (2 << 13);
internal const uint ALG_CLASS_DATA_ENCRYPT = (3 << 13);
internal const uint ALG_CLASS_HASH = (4 << 13);
internal const uint ALG_CLASS_KEY_EXCHANGE = (5 << 13);
internal const uint ALG_CLASS_ALL = (7 << 13);
internal const uint ALG_SID_ANY = (0);
// Some RSA sub-ids
internal const uint ALG_SID_RSA_ANY = 0;
internal const uint ALG_SID_RSA_PKCS = 1;
internal const uint ALG_SID_RSA_MSATWORK = 2;
internal const uint ALG_SID_RSA_ENTRUST = 3;
internal const uint ALG_SID_RSA_PGP = 4;
// Some DSS sub-ids
internal const uint ALG_SID_DSS_ANY = 0;
internal const uint ALG_SID_DSS_PKCS = 1;
internal const uint ALG_SID_DSS_DMS = 2;
// Block cipher sub ids
// DES sub_ids
internal const uint ALG_SID_DES = 1;
internal const uint ALG_SID_3DES = 3;
internal const uint ALG_SID_DESX = 4;
internal const uint ALG_SID_IDEA = 5;
internal const uint ALG_SID_CAST = 6;
internal const uint ALG_SID_SAFERSK64 = 7;
internal const uint ALG_SID_SAFERSK128 = 8;
internal const uint ALG_SID_3DES_112 = 9;
internal const uint ALG_SID_CYLINK_MEK = 12;
internal const uint ALG_SID_RC5 = 13;
internal const uint ALG_SID_AES_128 = 14;
internal const uint ALG_SID_AES_192 = 15;
internal const uint ALG_SID_AES_256 = 16;
internal const uint ALG_SID_AES = 17;
// Fortezza sub-ids
internal const uint ALG_SID_SKIPJACK = 10;
internal const uint ALG_SID_TEK = 11;
// RC2 sub-ids
internal const uint ALG_SID_RC2 = 2;
// Stream cipher sub-ids
internal const uint ALG_SID_RC4 = 1;
internal const uint ALG_SID_SEAL = 2;
// Diffie-Hellman sub-ids
internal const uint ALG_SID_DH_SANDF = 1;
internal const uint ALG_SID_DH_EPHEM = 2;
internal const uint ALG_SID_AGREED_KEY_ANY = 3;
internal const uint ALG_SID_KEA = 4;
// Hash sub ids
internal const uint ALG_SID_MD2 = 1;
internal const uint ALG_SID_MD4 = 2;
internal const uint ALG_SID_MD5 = 3;
internal const uint ALG_SID_SHA = 4;
internal const uint ALG_SID_SHA1 = 4;
internal const uint ALG_SID_MAC = 5;
internal const uint ALG_SID_RIPEMD = 6;
internal const uint ALG_SID_RIPEMD160 = 7;
internal const uint ALG_SID_SSL3SHAMD5 = 8;
internal const uint ALG_SID_HMAC = 9;
internal const uint ALG_SID_TLS1PRF = 10;
internal const uint ALG_SID_HASH_REPLACE_OWF = 11;
// secure channel sub ids
internal const uint ALG_SID_SSL3_MASTER = 1;
internal const uint ALG_SID_SCHANNEL_MASTER_HASH = 2;
internal const uint ALG_SID_SCHANNEL_MAC_KEY = 3;
internal const uint ALG_SID_PCT1_MASTER = 4;
internal const uint ALG_SID_SSL2_MASTER = 5;
internal const uint ALG_SID_TLS1_MASTER = 6;
internal const uint ALG_SID_SCHANNEL_ENC_KEY = 7;
// algorithm identifier definitions
internal const uint CALG_MD2 = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD2);
internal const uint CALG_MD4 = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD4);
internal const uint CALG_MD5 = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD5);
internal const uint CALG_SHA = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA);
internal const uint CALG_SHA1 = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA1);
internal const uint CALG_MAC = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MAC);
internal const uint CALG_RSA_SIGN = (ALG_CLASS_SIGNATURE | ALG_TYPE_RSA | ALG_SID_RSA_ANY);
internal const uint CALG_DSS_SIGN = (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_DSS_ANY);
internal const uint CALG_NO_SIGN = (ALG_CLASS_SIGNATURE | ALG_TYPE_ANY | ALG_SID_ANY);
internal const uint CALG_RSA_KEYX = (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_RSA|ALG_SID_RSA_ANY);
internal const uint CALG_DES = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_DES);
internal const uint CALG_3DES_112 = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3DES_112);
internal const uint CALG_3DES = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3DES);
internal const uint CALG_DESX = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_DESX);
internal const uint CALG_RC2 = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_RC2);
internal const uint CALG_RC4 = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_RC4);
internal const uint CALG_SEAL = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_SEAL);
internal const uint CALG_DH_SF = (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_DH_SANDF);
internal const uint CALG_DH_EPHEM = (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_DH_EPHEM);
internal const uint CALG_AGREEDKEY_ANY = (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_AGREED_KEY_ANY);
internal const uint CALG_KEA_KEYX = (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_KEA);
internal const uint CALG_HUGHES_MD5 = (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_ANY|ALG_SID_MD5);
internal const uint CALG_SKIPJACK = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_SKIPJACK);
internal const uint CALG_TEK = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_TEK);
internal const uint CALG_CYLINK_MEK = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_CYLINK_MEK);
internal const uint CALG_SSL3_SHAMD5 = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SSL3SHAMD5);
internal const uint CALG_SSL3_MASTER = (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SSL3_MASTER);
internal const uint CALG_SCHANNEL_MASTER_HASH = (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SCHANNEL_MASTER_HASH);
internal const uint CALG_SCHANNEL_MAC_KEY = (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SCHANNEL_MAC_KEY);
internal const uint CALG_SCHANNEL_ENC_KEY = (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SCHANNEL_ENC_KEY);
internal const uint CALG_PCT1_MASTER = (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_PCT1_MASTER);
internal const uint CALG_SSL2_MASTER = (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SSL2_MASTER);
internal const uint CALG_TLS1_MASTER = (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_TLS1_MASTER);
internal const uint CALG_RC5 = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_RC5);
internal const uint CALG_HMAC = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HMAC);
internal const uint CALG_TLS1PRF = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_TLS1PRF);
internal const uint CALG_HASH_REPLACE_OWF = (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HASH_REPLACE_OWF);
internal const uint CALG_AES_128 = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES_128);
internal const uint CALG_AES_192 = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES_192);
internal const uint CALG_AES_256 = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES_256);
internal const uint CALG_AES = (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES);
// CryptGetProvParam flags
internal const uint CRYPT_FIRST = 1;
internal const uint CRYPT_NEXT = 2;
internal const uint PP_ENUMALGS_EX = 22;
// dwFlags definitions for CryptAcquireContext
internal const uint CRYPT_VERIFYCONTEXT = 0xF0000000;
internal const uint CRYPT_NEWKEYSET = 0x00000008;
internal const uint CRYPT_DELETEKEYSET = 0x00000010;
internal const uint CRYPT_MACHINE_KEYSET = 0x00000020;
internal const uint CRYPT_SILENT = 0x00000040;
internal const uint CRYPT_USER_KEYSET = 0x00001000;
// dwFlags for PFXImportCertStore which aren't also valid to CryptAcquireContext
internal const uint PKCS12_ALWAYS_CNG_KSP = 0x00000200;
internal const uint PKCS12_NO_PERSIST_KEY = 0x00008000;
// dwFlag definitions for CryptGenKey
internal const uint CRYPT_EXPORTABLE = 0x00000001;
internal const uint CRYPT_USER_PROTECTED = 0x00000002;
internal const uint CRYPT_CREATE_SALT = 0x00000004;
internal const uint CRYPT_UPDATE_KEY = 0x00000008;
internal const uint CRYPT_NO_SALT = 0x00000010;
internal const uint CRYPT_PREGEN = 0x00000040;
internal const uint CRYPT_RECIPIENT = 0x00000010;
internal const uint CRYPT_INITIATOR = 0x00000040;
internal const uint CRYPT_ONLINE = 0x00000080;
internal const uint CRYPT_SF = 0x00000100;
internal const uint CRYPT_CREATE_IV = 0x00000200;
internal const uint CRYPT_KEK = 0x00000400;
internal const uint CRYPT_DATA_KEY = 0x00000800;
internal const uint CRYPT_VOLATILE = 0x00001000;
internal const uint CRYPT_SGCKEY = 0x00002000;
internal const uint CRYPT_ARCHIVABLE = 0x00004000;
internal const byte CUR_BLOB_VERSION = 2;
// Exported key blob definitions
internal const byte SIMPLEBLOB = 0x1;
internal const byte PUBLICKEYBLOB = 0x6;
internal const byte PRIVATEKEYBLOB = 0x7;
internal const byte PLAINTEXTKEYBLOB = 0x8;
internal const byte OPAQUEKEYBLOB = 0x9;
internal const byte PUBLICKEYBLOBEX = 0xA;
internal const byte SYMMETRICWRAPKEYBLOB = 0xB;
// Magic constants
internal const uint DSS_MAGIC = 0x31535344;
internal const uint DSS_PRIVATE_MAGIC = 0x32535344;
internal const uint DSS_PUB_MAGIC_VER3 = 0x33535344;
internal const uint DSS_PRIV_MAGIC_VER3 = 0x34535344;
internal const uint RSA_PUB_MAGIC = 0x31415352;
internal const uint RSA_PRIV_MAGIC = 0x32415352;
// CryptAcquireCertificatePrivateKey dwFlags
internal const uint CRYPT_ACQUIRE_CACHE_FLAG = 0x00000001;
internal const uint CRYPT_ACQUIRE_USE_PROV_INFO_FLAG = 0x00000002;
internal const uint CRYPT_ACQUIRE_COMPARE_KEY_FLAG = 0x00000004;
internal const uint CRYPT_ACQUIRE_SILENT_FLAG = 0x00000040;
// CryptMsgOpenToDecode dwFlags
internal const uint CMSG_BARE_CONTENT_FLAG = 0x00000001;
internal const uint CMSG_LENGTH_ONLY_FLAG = 0x00000002;
internal const uint CMSG_DETACHED_FLAG = 0x00000004;
internal const uint CMSG_AUTHENTICATED_ATTRIBUTES_FLAG = 0x00000008;
internal const uint CMSG_CONTENTS_OCTETS_FLAG = 0x00000010;
internal const uint CMSG_MAX_LENGTH_FLAG = 0x00000020;
// Get parameter types and their corresponding data structure definitions.
internal const uint CMSG_TYPE_PARAM = 1;
internal const uint CMSG_CONTENT_PARAM = 2;
internal const uint CMSG_BARE_CONTENT_PARAM = 3;
internal const uint CMSG_INNER_CONTENT_TYPE_PARAM = 4;
internal const uint CMSG_SIGNER_COUNT_PARAM = 5;
internal const uint CMSG_SIGNER_INFO_PARAM = 6;
internal const uint CMSG_SIGNER_CERT_INFO_PARAM = 7;
internal const uint CMSG_SIGNER_HASH_ALGORITHM_PARAM = 8;
internal const uint CMSG_SIGNER_AUTH_ATTR_PARAM = 9;
internal const uint CMSG_SIGNER_UNAUTH_ATTR_PARAM = 10;
internal const uint CMSG_CERT_COUNT_PARAM = 11;
internal const uint CMSG_CERT_PARAM = 12;
internal const uint CMSG_CRL_COUNT_PARAM = 13;
internal const uint CMSG_CRL_PARAM = 14;
internal const uint CMSG_ENVELOPE_ALGORITHM_PARAM = 15;
internal const uint CMSG_RECIPIENT_COUNT_PARAM = 17;
internal const uint CMSG_RECIPIENT_INDEX_PARAM = 18;
internal const uint CMSG_RECIPIENT_INFO_PARAM = 19;
internal const uint CMSG_HASH_ALGORITHM_PARAM = 20;
internal const uint CMSG_HASH_DATA_PARAM = 21;
internal const uint CMSG_COMPUTED_HASH_PARAM = 22;
internal const uint CMSG_ENCRYPT_PARAM = 26;
internal const uint CMSG_ENCRYPTED_DIGEST = 27;
internal const uint CMSG_ENCODED_SIGNER = 28;
internal const uint CMSG_ENCODED_MESSAGE = 29;
internal const uint CMSG_VERSION_PARAM = 30;
internal const uint CMSG_ATTR_CERT_COUNT_PARAM = 31;
internal const uint CMSG_ATTR_CERT_PARAM = 32;
internal const uint CMSG_CMS_RECIPIENT_COUNT_PARAM = 33;
internal const uint CMSG_CMS_RECIPIENT_INDEX_PARAM = 34;
internal const uint CMSG_CMS_RECIPIENT_ENCRYPTED_KEY_INDEX_PARAM = 35;
internal const uint CMSG_CMS_RECIPIENT_INFO_PARAM = 36;
internal const uint CMSG_UNPROTECTED_ATTR_PARAM = 37;
internal const uint CMSG_SIGNER_CERT_ID_PARAM = 38;
internal const uint CMSG_CMS_SIGNER_INFO_PARAM = 39;
// Message control types.
internal const uint CMSG_CTRL_VERIFY_SIGNATURE = 1;
internal const uint CMSG_CTRL_DECRYPT = 2;
internal const uint CMSG_CTRL_VERIFY_HASH = 5;
internal const uint CMSG_CTRL_ADD_SIGNER = 6;
internal const uint CMSG_CTRL_DEL_SIGNER = 7;
internal const uint CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR = 8;
internal const uint CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR = 9;
internal const uint CMSG_CTRL_ADD_CERT = 10;
internal const uint CMSG_CTRL_DEL_CERT = 11;
internal const uint CMSG_CTRL_ADD_CRL = 12;
internal const uint CMSG_CTRL_DEL_CRL = 13;
internal const uint CMSG_CTRL_ADD_ATTR_CERT = 14;
internal const uint CMSG_CTRL_DEL_ATTR_CERT = 15;
internal const uint CMSG_CTRL_KEY_TRANS_DECRYPT = 16;
internal const uint CMSG_CTRL_KEY_AGREE_DECRYPT = 17;
internal const uint CMSG_CTRL_MAIL_LIST_DECRYPT = 18;
internal const uint CMSG_CTRL_VERIFY_SIGNATURE_EX = 19;
internal const uint CMSG_CTRL_ADD_CMS_SIGNER_INFO = 20;
// Signer Types
internal const uint CMSG_VERIFY_SIGNER_PUBKEY = 1; // pvSigner: PCERT_PUBLIC_KEY_INFO
internal const uint CMSG_VERIFY_SIGNER_CERT = 2; // pvSigner: PCCERT_CONTEXT
internal const uint CMSG_VERIFY_SIGNER_CHAIN = 3; // pvSigner: PCCERT_CHAIN_CONTEXT
internal const uint CMSG_VERIFY_SIGNER_NULL = 4; // pvSigner: NULL
// Message types.
internal const uint CMSG_DATA = 1;
internal const uint CMSG_SIGNED = 2;
internal const uint CMSG_ENVELOPED = 3;
internal const uint CMSG_SIGNED_AND_ENVELOPED = 4;
internal const uint CMSG_HASHED = 5;
internal const uint CMSG_ENCRYPTED = 6;
// Recipient types
internal const uint CMSG_KEY_TRANS_RECIPIENT = 1;
internal const uint CMSG_KEY_AGREE_RECIPIENT = 2;
internal const uint CMSG_MAIL_LIST_RECIPIENT = 3;
// Key agree type
internal const uint CMSG_KEY_AGREE_ORIGINATOR_CERT = 1;
internal const uint CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY = 2;
// Key agree choices
internal const uint CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE = 1;
internal const uint CMSG_KEY_AGREE_STATIC_KEY_CHOICE = 2;
// dwVersion numbers for the KeyTrans, KeyAgree and MailList recipients
internal const uint CMSG_ENVELOPED_RECIPIENT_V0 = 0;
internal const uint CMSG_ENVELOPED_RECIPIENT_V2 = 2;
internal const uint CMSG_ENVELOPED_RECIPIENT_V3 = 3;
internal const uint CMSG_ENVELOPED_RECIPIENT_V4 = 4;
internal const uint CMSG_KEY_TRANS_PKCS_1_5_VERSION = CMSG_ENVELOPED_RECIPIENT_V0;
internal const uint CMSG_KEY_TRANS_CMS_VERSION = CMSG_ENVELOPED_RECIPIENT_V2;
internal const uint CMSG_KEY_AGREE_VERSION = CMSG_ENVELOPED_RECIPIENT_V3;
internal const uint CMSG_MAIL_LIST_VERSION = CMSG_ENVELOPED_RECIPIENT_V4;
// RC2 encryption algorithm version (key length).
internal const uint CRYPT_RC2_40BIT_VERSION = 160;
internal const uint CRYPT_RC2_56BIT_VERSION = 52;
internal const uint CRYPT_RC2_64BIT_VERSION = 120;
internal const uint CRYPT_RC2_128BIT_VERSION = 58;
// Error codes.
internal const int E_NOTIMPL = unchecked((int) 0x80000001); // Not implemented.
internal const int E_OUTOFMEMORY = unchecked((int) 0x8007000E); // Ran out of memory.
internal const int NTE_NO_KEY = unchecked((int) 0x8009000D); // Key does not exist.
internal const int NTE_BAD_PUBLIC_KEY = unchecked((int) 0x80090015); // Provider's public key is invalid.
internal const int NTE_BAD_KEYSET = unchecked((int) 0x80090016); // Keyset does not exist
internal const int CRYPT_E_MSG_ERROR = unchecked((int) 0x80091001); // An error occurred while performing an operation on a cryptographic message.
internal const int CRYPT_E_UNKNOWN_ALGO = unchecked((int) 0x80091002); // Unknown cryptographic algorithm.
internal const int CRYPT_E_INVALID_MSG_TYPE = unchecked((int) 0x80091004); // Invalid cryptographic message type.
internal const int CRYPT_E_RECIPIENT_NOT_FOUND = unchecked((int) 0x8009100B); // The enveloped-data message does not contain the specified recipient.
internal const int CRYPT_E_ISSUER_SERIALNUMBER = unchecked((int) 0x8009100D); // Invalid issuer and/or serial number.
internal const int CRYPT_E_SIGNER_NOT_FOUND = unchecked((int) 0x8009100E); // Cannot find the original signer.
internal const int CRYPT_E_ATTRIBUTES_MISSING = unchecked((int) 0x8009100F); // The cryptographic message does not contain all of the requested attributes.
internal const int CRYPT_E_BAD_ENCODE = unchecked((int) 0x80092002); // An error occurred during encode or decode operation.
internal const int CRYPT_E_NOT_FOUND = unchecked((int) 0x80092004); // Cannot find object or property.
internal const int CRYPT_E_NO_MATCH = unchecked((int) 0x80092009); // Cannot find the requested object.
internal const int CRYPT_E_NO_SIGNER = unchecked((int) 0x8009200E); // The signed cryptographic message does not have a signer for the specified signer index.
internal const int CRYPT_E_REVOKED = unchecked((int) 0x80092010); // The certificate is revoked.
internal const int CRYPT_E_NO_REVOCATION_CHECK = unchecked((int) 0x80092012); // The revocation function was unable to check revocation for the certificate.
internal const int CRYPT_E_REVOCATION_OFFLINE = unchecked((int) 0x80092013); // The revocation function was unable to check revocation
// because the revocation server was offline.
internal const int CRYPT_E_ASN1_BADTAG = unchecked((int) 0x8009310B); // ASN1 bad tag value met.
internal const int CERTSRV_E_WEAK_SIGNATURE_OR_KEY = unchecked((int) 0x80094016); // A signature algorithm or public key length does not meet the system's
// minimum required strength.
internal const int TRUST_E_CERT_SIGNATURE = unchecked((int) 0x80096004); // The signature of the certificate can not be verified.
internal const int TRUST_E_BASIC_CONSTRAINTS = unchecked((int) 0x80096019); // A certificate's basic constraint extension has not been observed.
internal const int CERT_E_EXPIRED = unchecked((int) 0x800B0101); // A required certificate is not within its validity period when verifying against
// the current system clock or the timestamp in the signed file.
internal const int CERT_E_VALIDITYPERIODNESTING = unchecked((int) 0x800B0102); // The validity periods of the certification chain do not nest correctly.
internal const int CERT_E_CRITICAL = unchecked((int) 0x800B0105); // A certificate contains an unknown extension that is marked 'critical'.
internal const int CERT_E_UNTRUSTEDROOT = unchecked((int) 0x800B0109); // A certificate chain processed, but terminated in a root
// certificate which is not trusted by the trust provider.
internal const int CERT_E_CHAINING = unchecked((int) 0x800B010A); // An internal certificate chaining error has occurred.
internal const int TRUST_E_FAIL = unchecked((int) 0x800B010B); // Generic trust failure.
internal const int CERT_E_REVOKED = unchecked((int) 0x800B010C); // A certificate was explicitly revoked by its issuer.
internal const int CERT_E_UNTRUSTEDTESTROOT = unchecked((int) 0x800B010D); // The certification path terminates with the test root which
// is not trusted with the current policy settings.
internal const int CERT_E_REVOCATION_FAILURE = unchecked((int) 0x800B010E); // The revocation process could not continue - the certificate(s) could not be checked.
internal const int CERT_E_WRONG_USAGE = unchecked((int) 0x800B0110); // The certificate is not valid for the requested usage.
internal const int TRUST_E_EXPLICIT_DISTRUST = unchecked((int) 0x800B0111); // The certificate was explicitly marked as untrusted by the user.
internal const int CERT_E_INVALID_POLICY = unchecked((int) 0x800B0113); // The certificate has invalid policy.
internal const int CERT_E_INVALID_NAME = unchecked((int) 0x800B0114); // The certificate has an invalid name. The name is not included
// in the permitted list or is explicitly excluded.
internal const int ERROR_SUCCESS = 0; // The operation completed successfully.
internal const int ERROR_CALL_NOT_IMPLEMENTED = 120; // This function is not supported on this system.
internal const int ERROR_CANCELLED = 1223; // The operation was canceled by the user.
//
// Structures
//
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct BLOBHEADER {
internal byte bType;
internal byte bVersion;
internal short reserved;
internal uint aiKeyAlg;
};
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_ALT_NAME_INFO {
internal uint cAltEntry;
internal IntPtr rgAltEntry; // PCERT_ALT_NAME_ENTRY
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_ALT_NAME_ENTRY {
internal uint dwAltNameChoice;
internal CERT_ALT_NAME_ENTRY_UNION Value;
}
[StructLayout(LayoutKind.Explicit, CharSet=CharSet.Unicode)]
internal struct CERT_ALT_NAME_ENTRY_UNION {
[FieldOffset(0)]
internal IntPtr pOtherName;
[FieldOffset(0)]
internal IntPtr pwszRfc822Name;
[FieldOffset(0)]
internal IntPtr pwszDNSName;
[FieldOffset(0)]
internal CRYPTOAPI_BLOB DirectoryName;
[FieldOffset(0)]
internal IntPtr pwszURL;
[FieldOffset(0)]
internal CRYPTOAPI_BLOB IPAddress;
[FieldOffset(0)]
internal IntPtr pszRegisteredID;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_BASIC_CONSTRAINTS_INFO {
internal CRYPT_BIT_BLOB SubjectType;
internal bool fPathLenConstraint;
internal uint dwPathLenConstraint;
internal uint cSubtreesConstraint;
internal IntPtr rgSubtreesConstraint; // PCERT_NAME_BLOB
};
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_BASIC_CONSTRAINTS2_INFO {
internal int fCA;
internal int fPathLenConstraint;
internal uint dwPathLenConstraint;
};
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_CHAIN_CONTEXT {
internal CERT_CHAIN_CONTEXT(int size) {
cbSize = (uint) size;
dwErrorStatus = 0;
dwInfoStatus = 0;
cChain = 0;
rgpChain = IntPtr.Zero;
cLowerQualityChainContext = 0;
rgpLowerQualityChainContext = IntPtr.Zero;
fHasRevocationFreshnessTime = 0;
dwRevocationFreshnessTime = 0;
}
internal uint cbSize;
internal uint dwErrorStatus; // serialized CERT_TRUST_STATUS
internal uint dwInfoStatus; // serialized CERT_TRUST_STATUS
internal uint cChain;
internal IntPtr rgpChain; // PCERT_SIMPLE_CHAIN*
internal uint cLowerQualityChainContext;
internal IntPtr rgpLowerQualityChainContext; // PCCERT_CHAIN_CONTEXT*
internal uint fHasRevocationFreshnessTime; // Note that we declare the field as a uint here since we are manipulating
// the structure manually and a bool is only 1 byte in the managed world.
internal uint dwRevocationFreshnessTime; // seconds
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_CHAIN_ELEMENT {
internal CERT_CHAIN_ELEMENT(int size) {
cbSize = (uint) size;
pCertContext = IntPtr.Zero;
dwErrorStatus = 0;
dwInfoStatus = 0;
pRevocationInfo = IntPtr.Zero;
pIssuanceUsage = IntPtr.Zero;
pApplicationUsage = IntPtr.Zero;
pwszExtendedErrorInfo = IntPtr.Zero;
}
internal uint cbSize;
internal IntPtr pCertContext;
internal uint dwErrorStatus; // serialized CERT_TRUST_STATUS
internal uint dwInfoStatus; // serialized CERT_TRUST_STATUS
internal IntPtr pRevocationInfo;
internal IntPtr pIssuanceUsage;
internal IntPtr pApplicationUsage;
internal IntPtr pwszExtendedErrorInfo;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_CHAIN_PARA {
internal uint cbSize;
internal CERT_USAGE_MATCH RequestedUsage;
internal CERT_USAGE_MATCH RequestedIssuancePolicy;
internal uint dwUrlRetrievalTimeout; // milliseconds
internal bool fCheckRevocationFreshnessTime;
internal uint dwRevocationFreshnessTime;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_CHAIN_POLICY_PARA {
internal CERT_CHAIN_POLICY_PARA(int size) {
cbSize = (uint) size;
dwFlags = 0;
pvExtraPolicyPara = IntPtr.Zero;
}
internal uint cbSize;
internal uint dwFlags;
internal IntPtr pvExtraPolicyPara;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_CHAIN_POLICY_STATUS {
internal CERT_CHAIN_POLICY_STATUS(int size) {
cbSize = (uint) size;
dwError = 0;
lChainIndex = IntPtr.Zero;
lElementIndex = IntPtr.Zero;
pvExtraPolicyStatus = IntPtr.Zero;
}
internal uint cbSize;
internal uint dwError;
internal IntPtr lChainIndex;
internal IntPtr lElementIndex;
internal IntPtr pvExtraPolicyStatus;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_CONTEXT {
internal uint dwCertEncodingType;
internal IntPtr pbCertEncoded;
internal uint cbCertEncoded;
internal IntPtr pCertInfo;
internal IntPtr hCertStore;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_DSS_PARAMETERS {
internal CRYPTOAPI_BLOB p;
internal CRYPTOAPI_BLOB q;
internal CRYPTOAPI_BLOB g;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_ENHKEY_USAGE {
internal uint cUsageIdentifier;
internal IntPtr rgpszUsageIdentifier; // LPSTR*
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_EXTENSION {
[MarshalAs(UnmanagedType.LPStr)]
internal string pszObjId;
internal bool fCritical;
internal CRYPTOAPI_BLOB Value;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_ID {
internal uint dwIdChoice;
internal CERT_ID_UNION Value;
}
[StructLayout(LayoutKind.Explicit, CharSet=CharSet.Unicode)]
internal struct CERT_ID_UNION {
[FieldOffset(0)]
internal CERT_ISSUER_SERIAL_NUMBER IssuerSerialNumber; // CERT_ID_ISSUER_SERIAL_NUMBER
[FieldOffset(0)]
internal CRYPTOAPI_BLOB KeyId; // CERT_ID_KEY_IDENTIFIER
[FieldOffset(0)]
internal CRYPTOAPI_BLOB HashId; // CERT_ID_SHA1_HASH
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_ISSUER_SERIAL_NUMBER {
internal CRYPTOAPI_BLOB Issuer;
internal CRYPTOAPI_BLOB SerialNumber;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_INFO {
internal uint dwVersion;
internal CRYPTOAPI_BLOB SerialNumber;
internal CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
internal CRYPTOAPI_BLOB Issuer;
internal _FILETIME NotBefore;
internal _FILETIME NotAfter;
internal CRYPTOAPI_BLOB Subject;
internal CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
internal CRYPT_BIT_BLOB IssuerUniqueId;
internal CRYPT_BIT_BLOB SubjectUniqueId;
internal uint cExtension;
internal IntPtr rgExtension; // PCERT_EXTENSION
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_KEY_USAGE_RESTRICTION_INFO {
internal uint cCertPolicyId;
internal IntPtr rgCertPolicyId; // LPSTR*
internal CRYPT_BIT_BLOB RestrictedKeyUsage;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_NAME_INFO {
internal uint cRDN;
internal IntPtr rgRDN; // PCERT_RDN
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_NAME_VALUE {
internal uint dwValueType;
internal CRYPTOAPI_BLOB Value;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_OTHER_NAME {
[MarshalAs(UnmanagedType.LPStr)]
internal string pszObjId;
internal CRYPTOAPI_BLOB Value;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_POLICY_ID {
internal uint cCertPolicyElementId;
internal IntPtr rgpszCertPolicyElementId; // LPSTR*
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_POLICIES_INFO {
internal uint cPolicyInfo;
internal IntPtr rgPolicyInfo; // PCERT_POLICY_INFO
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_POLICY_INFO {
[MarshalAs(UnmanagedType.LPStr)]
internal string pszPolicyIdentifier;
internal uint cPolicyQualifier;
internal IntPtr rgPolicyQualifier; // PCERT_POLICY_QUALIFIER_INFO
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_POLICY_QUALIFIER_INFO {
[MarshalAs(UnmanagedType.LPStr)]
internal string pszPolicyQualifierId;
CRYPTOAPI_BLOB Qualifier;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_PUBLIC_KEY_INFO {
internal CRYPT_ALGORITHM_IDENTIFIER Algorithm;
internal CRYPT_BIT_BLOB PublicKey;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_PUBLIC_KEY_INFO2 {
internal CRYPT_ALGORITHM_IDENTIFIER2 Algorithm;
internal CRYPT_BIT_BLOB PublicKey;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_RDN {
internal uint cRDNAttr;
internal IntPtr rgRDNAttr; // PCERT_RDN_ATTR
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_RDN_ATTR {
[MarshalAs(UnmanagedType.LPStr)]
internal string pszObjId;
internal uint dwValueType;
internal CRYPTOAPI_BLOB Value;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_SIMPLE_CHAIN {
internal CERT_SIMPLE_CHAIN(int size) {
cbSize = (uint) size;
dwErrorStatus = 0;
dwInfoStatus = 0;
cElement = 0;
rgpElement = IntPtr.Zero;
pTrustListInfo = IntPtr.Zero;
fHasRevocationFreshnessTime = 0;
dwRevocationFreshnessTime = 0;
}
internal uint cbSize;
internal uint dwErrorStatus; // serialized CERT_TRUST_STATUS
internal uint dwInfoStatus; // serialized CERT_TRUST_STATUS
internal uint cElement;
internal IntPtr rgpElement; // PCERT_CHAIN_ELEMENT*
internal IntPtr pTrustListInfo;
internal uint fHasRevocationFreshnessTime; // Note that we declare the field as a uint here since we are manipulating
// the structure manually and a bool is only 1 byte in the managed world.
internal uint dwRevocationFreshnessTime;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_TEMPLATE_EXT {
[MarshalAs(UnmanagedType.LPStr)]
internal string pszObjId;
internal uint dwMajorVersion;
bool fMinorVersion;
uint dwMinorVersion;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_TRUST_STATUS {
internal uint dwErrorStatus;
internal uint dwInfoStatus;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CERT_USAGE_MATCH {
internal uint dwType;
internal CERT_ENHKEY_USAGE Usage;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_CMS_RECIPIENT_INFO {
internal uint dwRecipientChoice;
// union {
// PCMSG_KEY_TRANS_RECIPIENT_INFO pKeyTrans; // CMSG_KEY_TRANS_RECIPIENT
// PCMSG_KEY_AGREE_RECIPIENT_INFO pKeyAgree; // CMSG_KEY_AGREE_RECIPIENT
// PCMSG_MAIL_LIST_RECIPIENT_INFO pMailList; // CMSG_MAIL_LIST_RECIPIENT
// }
//
internal IntPtr pRecipientInfo;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_CMS_SIGNER_INFO {
internal uint dwVersion;
internal CERT_ID SignerId;
internal CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
internal CRYPT_ALGORITHM_IDENTIFIER HashEncryptionAlgorithm;
internal CRYPTOAPI_BLOB EncryptedHash;
internal CRYPT_ATTRIBUTES AuthAttrs;
internal CRYPT_ATTRIBUTES UnauthAttrs;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA {
internal CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA(int size) {
cbSize = (uint) size;
dwSignerIndex = 0;
blob = new CRYPTOAPI_BLOB();
}
internal uint cbSize;
internal uint dwSignerIndex;
internal CRYPTOAPI_BLOB blob;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_CTRL_DECRYPT_PARA {
internal CMSG_CTRL_DECRYPT_PARA(int size) {
cbSize = (uint) size;
hCryptProv = IntPtr.Zero;
dwKeySpec = 0;
dwRecipientIndex = 0;
}
internal uint cbSize;
internal IntPtr hCryptProv;
internal uint dwKeySpec;
internal uint dwRecipientIndex;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA {
internal CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA(int size) {
cbSize = (uint) size;
dwSignerIndex = 0;
dwUnauthAttrIndex = 0;
}
internal uint cbSize;
internal uint dwSignerIndex;
internal uint dwUnauthAttrIndex;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_CTRL_KEY_TRANS_DECRYPT_PARA {
internal uint cbSize;
internal SafeCryptProvHandle hCryptProv;
internal uint dwKeySpec;
internal IntPtr pKeyTrans; // PCMSG_KEY_TRANS_RECIPIENT_INFO
internal uint dwRecipientIndex;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO {
internal uint cbSize;
internal CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;
internal IntPtr pvKeyEncryptionAuxInfo;
internal CRYPT_ALGORITHM_IDENTIFIER KeyWrapAlgorithm;
internal IntPtr pvKeyWrapAuxInfo;
// The following hCryptProv and dwKeySpec must be specified for the
// CMSG_KEY_AGREE_STATIC_KEY_CHOICE.
//
// For CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE, dwKeySpec isn't applicable
// and hCryptProv is optional.
internal IntPtr hCryptProv; // HCRYPTPROV
internal uint dwKeySpec;
internal uint dwKeyChoice;
// union {
// PCRYPT_ALGORITHM_IDENTIFIER // for CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE
// PCERT_ID // for CMSG_KEY_AGREE_STATIC_KEY_CHOICE
// }
//
internal IntPtr pEphemeralAlgorithmOrSenderId; // PCRYPT_ALGORITHM_IDENTIFIER or PCERT_ID
internal CRYPTOAPI_BLOB UserKeyingMaterial; // OPTIONAL
internal uint cRecipientEncryptedKeys;
internal IntPtr rgpRecipientEncryptedKeys; // PCMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO *
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO {
internal uint cbSize;
internal CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;
internal IntPtr pvKeyEncryptionAuxInfo;
internal IntPtr hCryptProv; // HCRYPTPROV
internal CRYPT_BIT_BLOB RecipientPublicKey;
internal CERT_ID RecipientId;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_RC2_AUX_INFO {
internal CMSG_RC2_AUX_INFO(int size) {
cbSize = (uint) size;
dwBitLen = 0;
}
internal uint cbSize;
internal uint dwBitLen;
}
internal struct CMSG_RECIPIENT_ENCODE_INFO {
internal uint dwRecipientChoice;
// union {
// PCMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO pKeyTrans; // CMSG_KEY_TRANS_RECIPIENT
// PCMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO pKeyAgree; // CMSG_KEY_AGREE_RECIPIENT
// PCMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO pMailList; // CMSG_MAIL_LIST_RECIPIENT
// }
//
internal IntPtr pRecipientInfo;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO {
internal uint cbSize;
internal CRYPT_BIT_BLOB RecipientPublicKey;
internal CERT_ID RecipientId;
// Following fields are optional and only applicable to KEY_IDENTIFIER CERT_IDs.
internal _FILETIME Date;
internal IntPtr pOtherAttr; // PCRYPT_ATTRIBUTE_TYPE_VALUE
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_ENVELOPED_ENCODE_INFO {
internal CMSG_ENVELOPED_ENCODE_INFO(int size) {
cbSize = (uint) size;
hCryptProv = IntPtr.Zero;
ContentEncryptionAlgorithm = new CRYPT_ALGORITHM_IDENTIFIER();
pvEncryptionAuxInfo = IntPtr.Zero;
cRecipients = 0;
rgpRecipients = IntPtr.Zero;
rgCmsRecipients = IntPtr.Zero;
cCertEncoded = 0;
rgCertEncoded = IntPtr.Zero;
cCrlEncoded = 0;
rgCrlEncoded = IntPtr.Zero;
cAttrCertEncoded = 0;
rgAttrCertEncoded = IntPtr.Zero;
cUnprotectedAttr = 0;
rgUnprotectedAttr = IntPtr.Zero;
}
internal uint cbSize;
internal IntPtr hCryptProv;
internal CRYPT_ALGORITHM_IDENTIFIER ContentEncryptionAlgorithm;
internal IntPtr pvEncryptionAuxInfo;
internal uint cRecipients;
internal IntPtr rgpRecipients; // PCERT_INFO
// If rgCmsRecipients != NULL, then, the above rgpRecipients must be NULL.
internal IntPtr rgCmsRecipients; // PCMSG_RECIPIENT_ENCODE_INFO
internal uint cCertEncoded;
internal IntPtr rgCertEncoded; // PCERT_BLOB
internal uint cCrlEncoded;
internal IntPtr rgCrlEncoded; // PCRL_BLOB
internal uint cAttrCertEncoded;
internal IntPtr rgAttrCertEncoded; // PCERT_BLOB
internal uint cUnprotectedAttr;
internal IntPtr rgUnprotectedAttr; // PCRYPT_ATTRIBUTE
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_CTRL_KEY_AGREE_DECRYPT_PARA {
internal CMSG_CTRL_KEY_AGREE_DECRYPT_PARA(int size) {
cbSize = (uint) size;
hCryptProv = IntPtr.Zero;
dwKeySpec = 0;
pKeyAgree = IntPtr.Zero;
dwRecipientIndex = 0;
dwRecipientEncryptedKeyIndex = 0;
OriginatorPublicKey = new CRYPT_BIT_BLOB();
}
internal uint cbSize;
internal IntPtr hCryptProv;
internal uint dwKeySpec;
internal IntPtr pKeyAgree; // PCMSG_KEY_AGREE_RECIPIENT_INFO
internal uint dwRecipientIndex;
internal uint dwRecipientEncryptedKeyIndex;
internal CRYPT_BIT_BLOB OriginatorPublicKey;
}
// CLR marshaller can't handle this kind of union (with managed type in structures within
// the union (OriginatorPublicKeyInfo.Algorithm.pszObjId is declared as managed string type).
// So break it up into different structures ourselves, and marshal accordingly.
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_KEY_AGREE_RECIPIENT_INFO {
internal uint dwVersion;
internal uint dwOriginatorChoice;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_KEY_AGREE_CERT_ID_RECIPIENT_INFO {
internal uint dwVersion;
internal uint dwOriginatorChoice; // CMSG_KEY_AGREE_ORIGINATOR_CERT
internal CERT_ID OriginatorCertId; // CERT_ID
internal IntPtr Padding; // Padded to the size of CERT_PUBLIC_KEY_INFO
internal CRYPTOAPI_BLOB UserKeyingMaterial;
internal CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;
internal uint cRecipientEncryptedKeys;
internal IntPtr rgpRecipientEncryptedKeys; // PCMSG_RECIPIENT_ENCRYPTED_KEY_INFO*
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_KEY_AGREE_PUBLIC_KEY_RECIPIENT_INFO {
internal uint dwVersion;
internal uint dwOriginatorChoice; // CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY
internal CERT_PUBLIC_KEY_INFO OriginatorPublicKeyInfo; // CERT_PUBLIC_KEY_INFO
internal CRYPTOAPI_BLOB UserKeyingMaterial;
internal CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;
internal uint cRecipientEncryptedKeys;
internal IntPtr rgpRecipientEncryptedKeys; // PCMSG_RECIPIENT_ENCRYPTED_KEY_INFO *
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_RECIPIENT_ENCRYPTED_KEY_INFO {
// Currently, only ISSUER_SERIAL_NUMBER or KEYID choices
internal CERT_ID RecipientId;
internal CRYPTOAPI_BLOB EncryptedKey;
// The following optional fields are only applicable to KEYID choice
internal _FILETIME Date;
internal IntPtr pOtherAttr; //PCRYPT_ATTRIBUTE_TYPE_VALUE
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA {
internal CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA(int size) {
cbSize = (uint) size;
hCryptProv = IntPtr.Zero;
dwSignerIndex = 0;
dwSignerType = 0;
pvSigner = IntPtr.Zero;
}
internal uint cbSize;
internal IntPtr hCryptProv; // HCRYPTPROV
internal uint dwSignerIndex;
internal uint dwSignerType;
internal IntPtr pvSigner;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_KEY_TRANS_RECIPIENT_INFO {
internal uint dwVersion;
// Currently, only ISSUER_SERIAL_NUMBER or KEYID choices
internal CERT_ID RecipientId;
internal CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;
internal CRYPTOAPI_BLOB EncryptedKey;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_SIGNED_ENCODE_INFO {
internal CMSG_SIGNED_ENCODE_INFO(int size) {
cbSize = (uint) size;
cSigners = 0;
rgSigners = IntPtr.Zero;
cCertEncoded = 0;
rgCertEncoded = IntPtr.Zero;
cCrlEncoded = 0;
rgCrlEncoded = IntPtr.Zero;
cAttrCertEncoded = 0;
rgAttrCertEncoded = IntPtr.Zero;
}
internal uint cbSize;
internal uint cSigners;
internal IntPtr rgSigners;
internal uint cCertEncoded;
internal IntPtr rgCertEncoded;
internal uint cCrlEncoded;
internal IntPtr rgCrlEncoded;
internal uint cAttrCertEncoded;
internal IntPtr rgAttrCertEncoded;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_SIGNER_ENCODE_INFO {
[DllImport(KERNEL32, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
IntPtr LocalFree(IntPtr hMem);
[DllImport(ADVAPI32, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
bool CryptReleaseContext (
[In] IntPtr hProv,
[In] uint dwFlags);
internal CMSG_SIGNER_ENCODE_INFO(int size) {
cbSize = (uint) size;
pCertInfo = IntPtr.Zero;
hCryptProv = IntPtr.Zero;
dwKeySpec = 0;
HashAlgorithm = new CRYPT_ALGORITHM_IDENTIFIER();
pvHashAuxInfo = IntPtr.Zero;
cAuthAttr = 0;
rgAuthAttr = IntPtr.Zero;
cUnauthAttr = 0;
rgUnauthAttr = IntPtr.Zero;
SignerId = new CERT_ID();
HashEncryptionAlgorithm = new CRYPT_ALGORITHM_IDENTIFIER();
pvHashEncryptionAuxInfo = IntPtr.Zero;
}
internal void Dispose() {
// Free hCryptProv
if (hCryptProv != IntPtr.Zero) {
CryptReleaseContext(hCryptProv, 0);
}
// Free SignerId.KeyId.pbData
if (SignerId.Value.KeyId.pbData != IntPtr.Zero) {
LocalFree(SignerId.Value.KeyId.pbData);
}
// Free rgAuthAttr and rgUnauthAttr
if (rgAuthAttr != IntPtr.Zero) {
LocalFree(rgAuthAttr);
}
if (rgUnauthAttr != IntPtr.Zero) {
LocalFree(rgUnauthAttr);
}
}
internal uint cbSize;
internal IntPtr pCertInfo;
internal IntPtr hCryptProv;
internal uint dwKeySpec;
internal CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
internal IntPtr pvHashAuxInfo;
internal uint cAuthAttr;
internal IntPtr rgAuthAttr;
internal uint cUnauthAttr;
internal IntPtr rgUnauthAttr;
internal CERT_ID SignerId;
internal CRYPT_ALGORITHM_IDENTIFIER HashEncryptionAlgorithm;
internal IntPtr pvHashEncryptionAuxInfo;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CMSG_SIGNER_INFO {
internal uint dwVersion;
internal CRYPTOAPI_BLOB Issuer;
internal CRYPTOAPI_BLOB SerialNumber;
internal CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
internal CRYPT_ALGORITHM_IDENTIFIER HashEncryptionAlgorithm;
internal CRYPTOAPI_BLOB EncryptedHash;
internal CRYPT_ATTRIBUTES AuthAttrs;
internal CRYPT_ATTRIBUTES UnauthAttrs;
}
internal delegate bool PFN_CMSG_STREAM_OUTPUT(IntPtr pvArg, IntPtr pbData, uint cbData, bool fFinal);
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal class CMSG_STREAM_INFO {
internal CMSG_STREAM_INFO (uint cbContent, PFN_CMSG_STREAM_OUTPUT pfnStreamOutput, IntPtr pvArg) {
this.cbContent = cbContent;
this.pfnStreamOutput = pfnStreamOutput;
this.pvArg = pvArg;
}
internal uint cbContent;
internal PFN_CMSG_STREAM_OUTPUT pfnStreamOutput;
internal IntPtr pvArg;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CRYPT_ALGORITHM_IDENTIFIER {
[MarshalAs(UnmanagedType.LPStr)]
internal string pszObjId;
internal CRYPTOAPI_BLOB Parameters;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CRYPT_ALGORITHM_IDENTIFIER2 {
internal IntPtr pszObjId;
internal CRYPTOAPI_BLOB Parameters;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CRYPT_ATTRIBUTE {
[MarshalAs(UnmanagedType.LPStr)]
internal string pszObjId;
internal uint cValue;
internal IntPtr rgValue; // PCRYPT_ATTR_BLOB
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CRYPT_ATTRIBUTES {
internal uint cAttr;
internal IntPtr rgAttr; // PCRYPT_ATTRIBUTE
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CRYPT_ATTRIBUTE_TYPE_VALUE {
[MarshalAs(UnmanagedType.LPStr)]
internal string pszObjId;
internal CRYPTOAPI_BLOB Value;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CRYPT_BIT_BLOB {
internal uint cbData;
internal IntPtr pbData;
internal uint cUnusedBits;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CRYPT_KEY_PROV_INFO {
internal string pwszContainerName;
internal string pwszProvName;
internal uint dwProvType;
internal uint dwFlags;
internal uint cProvParam;
internal IntPtr rgProvParam;
internal uint dwKeySpec;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CRYPT_OID_INFO {
internal CRYPT_OID_INFO(int size) {
cbSize = (uint) size;
pszOID = null;
pwszName = null;
dwGroupId = 0;
Algid = 0;
ExtraInfo = new CRYPTOAPI_BLOB();
}
internal uint cbSize;
[MarshalAs(UnmanagedType.LPStr)]
internal string pszOID;
internal string pwszName;
internal uint dwGroupId;
internal uint Algid;
internal CRYPTOAPI_BLOB ExtraInfo;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CRYPT_RC2_CBC_PARAMETERS {
internal uint dwVersion;
internal bool fIV; // set if has following IV
[MarshalAs(UnmanagedType.ByValArray,SizeConst=8)]
internal byte[] rgbIV;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct CRYPTOAPI_BLOB {
internal uint cbData;
internal IntPtr pbData;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct DSSPUBKEY {
internal uint magic;
internal uint bitlen;
}
// Mapping from key usage friendly name to actual key usage values.
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct KEY_USAGE_STRUCT {
internal KEY_USAGE_STRUCT(string pwszKeyUsage, uint dwKeyUsageBit) {
this.pwszKeyUsage = pwszKeyUsage;
this.dwKeyUsageBit = dwKeyUsageBit;
}
internal string pwszKeyUsage;
internal uint dwKeyUsageBit;
};
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct PROV_ENUMALGS_EX {
internal uint aiAlgid; // ALG_ID
internal uint dwDefaultLen;
internal uint dwMinLen;
internal uint dwMaxLen;
internal uint dwProtocols;
internal uint dwNameLen;
[MarshalAs(UnmanagedType.ByValArray,SizeConst=20)]
internal byte[] szName;
internal uint dwLongNameLen;
[MarshalAs(UnmanagedType.ByValArray,SizeConst=40)]
internal byte[] szLongName;
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
internal struct RSAPUBKEY {
internal uint magic;
internal uint bitlen;
internal uint pubexp;
};
}
///+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
///
/// <summary>
///
/// Class : CAPINative.
///
/// Synopsis: CAPI wrapper class containing only static methods to wrap
/// native CAPI through P/Invoke.
///
/// All methods within this group require caller to have
/// unmanaged code permission. So, it is fine to put any method in
/// here without worry of security breach.
///
/// </summary>
///
///-------------------------------------------------------------------------
internal abstract class CAPINative : CAPIBase {
}
///+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
///
/// <summary>
///
/// Class : CAPISafe.
///
/// Synopsis: CAPI wrapper class containing only static methods to wrap
/// safe CAPI through P/Invoke.
///
/// All methods within this class will suppress unmanaged code
/// permission and demand NO other permission, which means it is
/// OK to be called by anyone.
///
/// !!! DANGER !!!!
///
/// Only in very specific situations you should place your method in
/// this class. You MUST be absolutely sure that the method is
/// safe to be called by anyone.
///
/// For example, CryptDecodeObject() would be fine to be in this
/// class. On the other hand, CertOpenStore() definitely should
/// NOT, especially when called with CERT_STORE_DELETE_FLAG.
///
/// </summary>
///
///-------------------------------------------------------------------------
[SuppressUnmanagedCodeSecurityAttribute()]
internal abstract class CAPISafe : CAPINative {
[DllImport(KERNEL32, CharSet=CharSet.Auto, SetLastError=true, BestFitMapping=false)]
[ResourceExposure(ResourceScope.None)]
internal static extern
uint FormatMessage(
[In] uint dwFlags,
[In] IntPtr lpSource,
[In] uint dwMessageId,
[In] uint dwLanguageId,
[In,Out] StringBuilder lpBuffer,
[In] uint nSize,
[In] IntPtr Arguments);
[DllImport(KERNEL32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
public static extern
bool FreeLibrary(
[In] IntPtr hModule);
[DllImport(KERNEL32, CharSet=CharSet.Auto, SetLastError=true, BestFitMapping=false)]
[ResourceExposure(ResourceScope.None)]
internal static extern
IntPtr GetProcAddress(
[In] IntPtr hModule,
[In] [MarshalAs(UnmanagedType.LPStr)] string lpProcName);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(KERNEL32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
SafeLocalAllocHandle LocalAlloc(
[In] uint uFlags,
[In] IntPtr sizetdwBytes);
[DllImport(KERNEL32, CharSet=CharSet.Auto, SetLastError=true, BestFitMapping=false, EntryPoint="LoadLibraryA")]
[ResourceExposure(ResourceScope.Machine)]
internal static extern
IntPtr LoadLibrary(
[In] [MarshalAs(UnmanagedType.LPStr)] string lpFileName);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.Machine)] // This is a way of recovering from process SxS problems.
internal static extern
bool CertControlStore (
[In] SafeCertStoreHandle hCertStore,
[In] uint dwFlags,
[In] uint dwCtrlType,
[In] IntPtr pvCtrlPara);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
SafeCertContextHandle CertCreateCertificateContext (
[In] uint dwCertEncodingType,
[In] SafeLocalAllocHandle pbCertEncoded,
[In] uint cbCertEncoded);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
SafeCertContextHandle CertDuplicateCertificateContext(
[In] IntPtr pCertContext);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
SafeCertContextHandle CertDuplicateCertificateContext(
[In] SafeCertContextHandle pCertContext);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
SafeX509ChainHandle CertDuplicateCertificateChain(
[In] IntPtr pChainContext);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
SafeX509ChainHandle CertDuplicateCertificateChain(
[In] SafeX509ChainHandle pChainContext);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
SafeCertStoreHandle CertDuplicateStore(
[In] IntPtr hCertStore);
[DllImport(CRYPT32, CharSet=CharSet.Auto,SetLastError=true,BestFitMapping=false)]
[ResourceExposure(ResourceScope.None)]
internal static extern
IntPtr CertFindExtension(
[In] [MarshalAs(UnmanagedType.LPStr)] string pszObjId,
[In] uint cExtensions,
[In] IntPtr rgExtensions);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected static extern
bool CertFreeCertificateContext (
[In] IntPtr pCertContext);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
bool CertGetCertificateChain(
[In] IntPtr hChainEngine,
[In] SafeCertContextHandle pCertContext,
[In] ref _FILETIME pTime,
[In] SafeCertStoreHandle hAdditionalStore,
[In] ref CERT_CHAIN_PARA pChainPara,
[In] uint dwFlags,
[In] IntPtr pvReserved,
[In,Out] ref SafeX509ChainHandle ppChainContext);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
bool CertGetCertificateContextProperty(
[In] SafeCertContextHandle pCertContext,
[In] uint dwPropId,
[In,Out] SafeLocalAllocHandle pvData,
[In,Out] ref uint pcbData);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
bool CertGetIntendedKeyUsage(
[In] uint dwCertEncodingType,
[In] IntPtr pCertInfo,
[In] IntPtr pbKeyUsage,
[In,Out] uint cbKeyUsage);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Unicode, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
uint CertGetNameStringW(
[In] SafeCertContextHandle pCertContext,
[In] uint dwType,
[In] uint dwFlags,
[In] IntPtr pvTypePara,
[In,Out] SafeLocalAllocHandle pszNameString,
[In] uint cchNameString);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
uint CertGetPublicKeyLength(
[In] uint dwCertEncodingType,
[In] IntPtr pPublicKey); // PCERT_PUBLIC_KEY_INFO
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
bool CertGetValidUsages(
[In] uint cCerts,
[In] IntPtr rghCerts,
[Out] IntPtr cNumOIDs,
[In,Out] SafeLocalAllocHandle rghOIDs,
[In,Out] IntPtr pcbOIDs);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
uint CertNameToStrW(
[In] uint dwCertEncodingType,
[In] IntPtr pName,
[In] uint dwStrType,
[In,Out] SafeLocalAllocHandle psz,
[In] uint csz);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
bool CertSerializeCertificateStoreElement(
[In] SafeCertContextHandle pCertContext,
[In] uint dwFlags,
[In,Out] SafeLocalAllocHandle pbElement,
[In,Out] IntPtr pcbElement);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true, BestFitMapping=false)]
[ResourceExposure(ResourceScope.None)]
internal static extern
bool CertStrToNameW(
[In] uint dwCertEncodingType,
[In] string pszX500,
[In] uint dwStrType,
[In] IntPtr pvReserved,
[In,Out] IntPtr pbEncoded,
[In,Out] ref uint pcbEncoded,
[In,Out] IntPtr ppszError);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
int CertVerifyTimeValidity (
[In,Out] ref _FILETIME pTimeToVerify,
[In] IntPtr pCertInfo);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
bool CertVerifyCertificateChainPolicy(
[In] IntPtr pszPolicyOID,
[In] SafeX509ChainHandle pChainContext,
[In] ref CERT_CHAIN_POLICY_PARA pPolicyPara,
[In,Out] ref CERT_CHAIN_POLICY_STATUS pPolicyStatus);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
bool CryptAcquireCertificatePrivateKey(
[In] SafeCertContextHandle pCert,
[In] uint dwFlags,
[In] IntPtr pvReserved,
[In,Out] ref SafeCryptProvHandle phCryptProv,
[In,Out] ref uint pdwKeySpec,
[In,Out] ref bool pfCallerFreeProv);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
bool CryptDecodeObject(
[In] uint dwCertEncodingType,
[In] IntPtr lpszStructType,
[In] IntPtr pbEncoded,
[In] uint cbEncoded,
[In] uint dwFlags,
[In,Out] SafeLocalAllocHandle pvStructInfo,
[In,Out] IntPtr pcbStructInfo);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
bool CryptDecodeObject(
[In] uint dwCertEncodingType,
[In] IntPtr lpszStructType,
[In] byte[] pbEncoded,
[In] uint cbEncoded,
[In] uint dwFlags,
[In,Out] SafeLocalAllocHandle pvStructInfo,
[In,Out] IntPtr pcbStructInfo);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
bool CryptEncodeObject(
[In] uint dwCertEncodingType,
[In] IntPtr lpszStructType,
[In] IntPtr pvStructInfo,
[In,Out] SafeLocalAllocHandle pbEncoded,
[In,Out] IntPtr pcbEncoded);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true, BestFitMapping=false)]
[ResourceExposure(ResourceScope.None)]
internal static extern
bool CryptEncodeObject(
[In] uint dwCertEncodingType,
[In] [MarshalAs(UnmanagedType.LPStr)] string lpszStructType,
[In] IntPtr pvStructInfo,
[In,Out] SafeLocalAllocHandle pbEncoded,
[In,Out] IntPtr pcbEncoded);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
IntPtr CryptFindOIDInfo(
[In] uint dwKeyType,
[In] IntPtr pvKey,
[In] OidGroup dwGroupId);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
IntPtr CryptFindOIDInfo(
[In] uint dwKeyType,
[In] SafeLocalAllocHandle pvKey,
[In] OidGroup dwGroupId);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true, BestFitMapping=false)]
[ResourceExposure(ResourceScope.None)]
internal extern static
bool CryptFormatObject(
[In] uint dwCertEncodingType,
[In] uint dwFormatType,
[In] uint dwFormatStrType,
[In] IntPtr pFormatStruct,
[In] [MarshalAs(UnmanagedType.LPStr)] string lpszStructType,
[In] byte[] pbEncoded,
[In] uint cbEncoded,
[In,Out] SafeLocalAllocHandle pbFormat,
[In,Out] IntPtr pcbFormat);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
bool CryptFormatObject(
[In] uint dwCertEncodingType,
[In] uint dwFormatType,
[In] uint dwFormatStrType,
[In] IntPtr pFormatStruct,
[In] IntPtr lpszStructType,
[In] byte[] pbEncoded,
[In] uint cbEncoded,
[In,Out] SafeLocalAllocHandle pbFormat,
[In,Out] IntPtr pcbFormat);
[DllImport(ADVAPI32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
bool CryptGetProvParam(
[In] SafeCryptProvHandle hProv,
[In] uint dwParam,
[In] IntPtr pbData,
[In] IntPtr pdwDataLen,
[In] uint dwFlags);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
bool CryptHashCertificate(
[In] IntPtr hCryptProv, // HCRYPTPROV
[In] uint Algid, // ALG_ID
[In] uint dwFlags,
[In] IntPtr pbEncoded,
[In] uint cbEncoded,
[Out] IntPtr pbComputedHash,
[In, Out] IntPtr pcbComputedHash);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
bool CryptHashPublicKeyInfo(
[In] IntPtr hCryptProv, // HCRYPTPROV
[In] uint Algid, // ALG_ID
[In] uint dwFlags,
[In] uint dwCertEncodingType,
[In] IntPtr pInfo,
[Out] IntPtr pbComputedHash,
[In, Out] IntPtr pcbComputedHash);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
bool CryptMsgGetParam(
[In] SafeCryptMsgHandle hCryptMsg,
[In] uint dwParamType,
[In] uint dwIndex,
[In, Out] IntPtr pvData,
[In, Out] IntPtr pcbData);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
bool CryptMsgGetParam(
[In] SafeCryptMsgHandle hCryptMsg,
[In] uint dwParamType,
[In] uint dwIndex,
[In, Out] SafeLocalAllocHandle pvData,
[In, Out] IntPtr pcbData);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
SafeCryptMsgHandle CryptMsgOpenToDecode(
[In] uint dwMsgEncodingType,
[In] uint dwFlags,
[In] uint dwMsgType,
[In] IntPtr hCryptProv,
[In] IntPtr pRecipientInfo,
[In] IntPtr pStreamInfo);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
bool CryptMsgUpdate(
[In] SafeCryptMsgHandle hCryptMsg,
[In] byte[] pbData,
[In] uint cbData,
[In] bool fFinal);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
bool CryptMsgUpdate(
[In] SafeCryptMsgHandle hCryptMsg,
[In] IntPtr pbData,
[In] uint cbData,
[In] bool fFinal);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
bool CryptMsgVerifyCountersignatureEncoded(
[In] IntPtr hCryptProv,
[In] uint dwEncodingType,
[In] IntPtr pbSignerInfo,
[In] uint cbSignerInfo,
[In] IntPtr pbSignerInfoCountersignature,
[In] uint cbSignerInfoCountersignature,
[In] IntPtr pciCountersigner);
[DllImport(KERNEL32, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal extern static
void SetLastError(uint dwErrorCode);
[DllImport(KERNEL32, SetLastError=true)]
#if !FEATURE_CORESYSTEM
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
#endif
[ResourceExposure(ResourceScope.None)]
internal static extern
IntPtr LocalFree(IntPtr handle);
[DllImport(KERNEL32, SetLastError=true)]
#if !FEATURE_CORESYSTEM
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
#endif
[ResourceExposure(ResourceScope.None)]
internal static extern
void ZeroMemory(IntPtr handle, uint length);
[DllImport(ADVAPI32, SetLastError=true)]
#if !FEATURE_CORESYSTEM
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
#endif
[ResourceExposure(ResourceScope.None)]
internal static extern
int LsaNtStatusToWinError (
[In] int status);
}
///+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
///
/// <summary>
///
/// Class : CAPIUnsafe.
///
/// Synopsis: CAPI wrapper class containing only static methods to wrap
/// unsafe CAPI through P/Invoke.
///
/// All methods within this class will suppress unmanaged code
/// permission but should in turn demand for other appropriate
/// permission(s).
///
/// !!! WARNING !!!!
///
/// You should first consider whether the method should go into
/// the Native class above.
///
/// If you are convinced that the method does belong in this
/// class, you MUST:
///
/// (1) declare the method as "protected internal" here.
///
/// (2) override the method in CAPI class below.
///
/// (3) demand appropriate permission(s) in your override.
///
/// (4) properly validate all parameters.
///
/// For example, if you decide to put any method that will create
/// a file on disk, such as CertSaveStore() with the
/// CERT_STORE_SAVE_TO_FILENAME flag, you then better demand
/// FileIOPermission for Write, and make sure to also validate
/// the filename (think about what will happen if the filename is
/// C:\boot.ini?).
///
/// </summary>
///
///-------------------------------------------------------------------------
[SuppressUnmanagedCodeSecurityAttribute()]
internal abstract class CAPIUnsafe : CAPISafe {
[DllImport(ADVAPI32, CharSet=CharSet.Auto, BestFitMapping=false, EntryPoint="CryptAcquireContextA")]
[ResourceExposure(ResourceScope.Machine)]
internal protected extern static
bool CryptAcquireContext(
[In,Out] ref SafeCryptProvHandle hCryptProv,
[In] [MarshalAs(UnmanagedType.LPStr)] string pszContainer,
[In] [MarshalAs(UnmanagedType.LPStr)] string pszProvider,
[In] uint dwProvType,
[In] uint dwFlags);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected extern static
bool CertAddCertificateContextToStore (
[In] SafeCertStoreHandle hCertStore,
[In] SafeCertContextHandle pCertContext,
[In] uint dwAddDisposition,
[In,Out] SafeCertContextHandle ppStoreContext);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected extern static
bool CertAddCertificateLinkToStore (
[In] SafeCertStoreHandle hCertStore,
[In] SafeCertContextHandle pCertContext,
[In] uint dwAddDisposition,
[In,Out] SafeCertContextHandle ppStoreContext);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected extern static
bool CertDeleteCertificateFromStore (
[In] SafeCertContextHandle pCertContext);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport (CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected static extern
IntPtr CertEnumCertificatesInStore(
[In] SafeCertStoreHandle hCertStore,
[In] IntPtr pPrevCertContext);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport (CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected static extern
SafeCertContextHandle CertEnumCertificatesInStore (
[In] SafeCertStoreHandle hCertStore,
[In] SafeCertContextHandle pPrevCertContext);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport (CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected static extern
SafeCertContextHandle CertFindCertificateInStore(
[In] SafeCertStoreHandle hCertStore,
[In] uint dwCertEncodingType,
[In] uint dwFindFlags,
[In] uint dwFindType,
[In] IntPtr pvFindPara,
[In] SafeCertContextHandle pPrevCertContext);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Unicode, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected static extern
SafeCertStoreHandle CertOpenStore(
[In] IntPtr lpszStoreProvider,
[In] uint dwMsgAndCertEncodingType,
[In] IntPtr hCryptProv,
[In] uint dwFlags,
[In] string pvPara); // we want this always as a Unicode string.
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport (CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected static extern
bool CertSaveStore(
[In] SafeCertStoreHandle hCertStore,
[In] uint dwMsgAndCertEncodingType,
[In] uint dwSaveAs,
[In] uint dwSaveTo,
[In,Out] IntPtr pvSaveToPara,
[In] uint dwFlags);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected extern static
bool CertSetCertificateContextProperty (
[In] IntPtr pCertContext,
[In] uint dwPropId,
[In] uint dwFlags,
[In] IntPtr pvData);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected extern static
bool CertSetCertificateContextProperty (
[In] SafeCertContextHandle pCertContext,
[In] uint dwPropId,
[In] uint dwFlags,
[In] IntPtr pvData);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected extern static
bool CertSetCertificateContextProperty (
[In] SafeCertContextHandle pCertContext,
[In] uint dwPropId,
[In] uint dwFlags,
[In] SafeLocalAllocHandle safeLocalAllocHandle);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected extern static
SafeCertContextHandle CertCreateSelfSignCertificate(
[In] SafeCryptProvHandle hProv,
[In] IntPtr pSubjectIssuerBlob,
[In] uint dwFlags,
[In] IntPtr pKeyProvInfo,
[In] IntPtr pSignatureAlgorithm,
[In] IntPtr pStartTime,
[In] IntPtr pEndTime,
[In] IntPtr pExtensions);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected extern static
bool CryptMsgControl(
[In] SafeCryptMsgHandle hCryptMsg,
[In] uint dwFlags,
[In] uint dwCtrlType,
[In] IntPtr pvCtrlPara);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected extern static
bool CryptMsgCountersign(
[In] SafeCryptMsgHandle hCryptMsg,
[In] uint dwIndex,
[In] uint cCountersigners,
[In] IntPtr rgCountersigners);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected extern static
SafeCryptMsgHandle CryptMsgOpenToEncode(
[In] uint dwMsgEncodingType,
[In] uint dwFlags,
[In] uint dwMsgType,
[In] IntPtr pvMsgEncodeInfo,
[In] IntPtr pszInnerContentObjID,
[In] IntPtr pStreamInfo);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true, BestFitMapping=false)]
[ResourceExposure(ResourceScope.None)]
internal protected extern static
SafeCryptMsgHandle CryptMsgOpenToEncode(
[In] uint dwMsgEncodingType,
[In] uint dwFlags,
[In] uint dwMsgType,
[In] IntPtr pvMsgEncodeInfo,
[In] [MarshalAs(UnmanagedType.LPStr)] string pszInnerContentObjID,
[In] IntPtr pStreamInfo);
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected static extern
bool CryptQueryObject (
[In] uint dwObjectType,
[In] IntPtr pvObject,
[In] uint dwExpectedContentTypeFlags,
[In] uint dwExpectedFormatTypeFlags,
[In] uint dwFlags,
[Out] IntPtr pdwMsgAndCertEncodingType,
[Out] IntPtr pdwContentType,
[Out] IntPtr pdwFormatType,
[In,Out] IntPtr phCertStore,
[In,Out] IntPtr phMsg,
[In,Out] IntPtr ppvContext);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Auto, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected static extern
bool CryptQueryObject (
[In] uint dwObjectType,
[In] IntPtr pvObject,
[In] uint dwExpectedContentTypeFlags,
[In] uint dwExpectedFormatTypeFlags,
[In] uint dwFlags,
[Out] IntPtr pdwMsgAndCertEncodingType,
[Out] IntPtr pdwContentType,
[Out] IntPtr pdwFormatType,
[In,Out] ref SafeCertStoreHandle phCertStore,
[In,Out] IntPtr phMsg,
[In,Out] IntPtr ppvContext);
[DllImport(CRYPT32, CharSet=CharSet.Unicode, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
bool CryptProtectData (
[In] IntPtr pDataIn,
[In] string szDataDescr,
[In] IntPtr pOptionalEntropy,
[In] IntPtr pvReserved,
[In] IntPtr pPromptStruct,
[In] uint dwFlags,
[In,Out] IntPtr pDataBlob);
[DllImport(CRYPT32, CharSet=CharSet.Unicode, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal static extern
bool CryptUnprotectData (
[In] IntPtr pDataIn,
[In] IntPtr ppszDataDescr,
[In] IntPtr pOptionalEntropy,
[In] IntPtr pvReserved,
[In] IntPtr pPromptStruct,
[In] uint dwFlags,
[In,Out] IntPtr pDataBlob);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport (CRYPT32, CharSet=CharSet.Unicode, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected static extern
bool PFXExportCertStore(
[In] SafeCertStoreHandle hStore,
[In,Out] IntPtr pPFX,
[In] string szPassword,
[In] uint dwFlags);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[DllImport(CRYPT32, CharSet=CharSet.Unicode, SetLastError=true)]
[ResourceExposure(ResourceScope.None)]
internal protected static extern
SafeCertStoreHandle PFXImportCertStore (
[In] IntPtr pPFX,
[In] string szPassword,
[In] uint dwFlags);
}
///+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
///
/// <summary>
///
/// Class : CAPIMethods.
///
/// Synopsis: Dummy layer.
///
/// </summary>
///
///-------------------------------------------------------------------------
internal abstract class CAPIMethods : CAPIUnsafe {
}
///+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
///
/// <summary>
///
/// Class : CAPI.
///
/// Synopsis: This class provides overrides for above classes.
///
/// </summary>
///
///-------------------------------------------------------------------------
[SuppressMessage("Microsoft.Performance","CA1812:AvoidUninstantiatedInternalClasses", Justification="by design; fixing requires changing class hierarchy")]
internal sealed class CAPI : CAPIMethods {
internal static
byte[] BlobToByteArray(IntPtr pBlob) {
CAPI.CRYPTOAPI_BLOB blob = (CAPI.CRYPTOAPI_BLOB) Marshal.PtrToStructure(pBlob, typeof(CAPI.CRYPTOAPI_BLOB));
if (blob.cbData == 0)
return new byte[0];
return BlobToByteArray(blob);
}
#if FEATURE_CORESYSTEM
[SecuritySafeCritical]
#endif
internal static
byte[] BlobToByteArray(CAPI.CRYPTOAPI_BLOB blob) {
if (blob.cbData == 0)
return new byte[0];
byte[] data = new byte[blob.cbData];
Marshal.Copy(blob.pbData, data, 0, data.Length);
return data;
}
internal static unsafe
bool DecodeObject(IntPtr pszStructType,
IntPtr pbEncoded,
uint cbEncoded,
out SafeLocalAllocHandle decodedValue,
out uint cbDecodedValue) {
// Initialize out parameters
decodedValue = SafeLocalAllocHandle.InvalidHandle;
cbDecodedValue = 0;
// Decode
uint cbDecoded = 0;
SafeLocalAllocHandle ptr = SafeLocalAllocHandle.InvalidHandle;
bool result = CAPIMethods.CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
pszStructType,
pbEncoded,
cbEncoded,
0,
ptr,
new IntPtr(&cbDecoded));
if (result == false)
return false;
ptr = CAPI.LocalAlloc(CAPI.LMEM_FIXED, new IntPtr(cbDecoded));
result = CAPIMethods.CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
pszStructType,
pbEncoded,
cbEncoded,
0,
ptr,
new IntPtr(&cbDecoded));
if (result == false)
return false;
// Return decoded values
decodedValue = ptr;
cbDecodedValue = cbDecoded;
return true;
}
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
internal static unsafe
bool DecodeObject(IntPtr pszStructType,
byte[] pbEncoded,
out SafeLocalAllocHandle decodedValue,
out uint cbDecodedValue) {
// Initialize out parameters
decodedValue = SafeLocalAllocHandle.InvalidHandle;
cbDecodedValue = 0;
// Decode
uint cbDecoded = 0;
SafeLocalAllocHandle pbDecoded = SafeLocalAllocHandle.InvalidHandle;
if (!CAPIMethods.CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
pszStructType,
pbEncoded,
(uint) pbEncoded.Length,
0,
pbDecoded,
new IntPtr(&cbDecoded)))
return false;
pbDecoded = CAPI.LocalAlloc(CAPI.LMEM_FIXED, new IntPtr(cbDecoded));
if (!CAPIMethods.CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
pszStructType,
pbEncoded,
(uint) pbEncoded.Length,
0,
pbDecoded,
new IntPtr(&cbDecoded)))
return false;
// Return decoded values
decodedValue = pbDecoded;
cbDecodedValue = cbDecoded;
return true;
}
internal static unsafe
bool EncodeObject(IntPtr lpszStructType,
IntPtr pvStructInfo,
out byte[] encodedData) {
// Initialize out parameter
encodedData = new byte[0];
// Encode
uint cbEncoded = 0;
SafeLocalAllocHandle pbEncoded = SafeLocalAllocHandle.InvalidHandle;
if (!CAPIMethods.CryptEncodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
lpszStructType,
pvStructInfo,
pbEncoded,
new IntPtr(&cbEncoded)))
return false;
pbEncoded = CAPI.LocalAlloc(CAPI.LMEM_FIXED, new IntPtr(cbEncoded));
if (!CAPIMethods.CryptEncodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
lpszStructType,
pvStructInfo,
pbEncoded,
new IntPtr(&cbEncoded)))
return false;
// Return encoded data
encodedData = new byte[cbEncoded];
Marshal.Copy(pbEncoded.DangerousGetHandle(), encodedData, 0, (int) cbEncoded);
pbEncoded.Dispose();
return true;
}
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
internal static unsafe
bool EncodeObject(string lpszStructType,
IntPtr pvStructInfo,
out byte[] encodedData) {
// Initialize out parameter
encodedData = new byte[0];
// Encode
uint cbEncoded = 0;
SafeLocalAllocHandle pbEncoded = SafeLocalAllocHandle.InvalidHandle;
if (!CAPIMethods.CryptEncodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
lpszStructType,
pvStructInfo,
pbEncoded,
new IntPtr(&cbEncoded)))
return false;
pbEncoded = CAPI.LocalAlloc(CAPI.LMEM_FIXED, new IntPtr(cbEncoded));
if (!CAPIMethods.CryptEncodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
lpszStructType,
pvStructInfo,
pbEncoded,
new IntPtr(&cbEncoded)))
return false;
// Return encoded data
encodedData = new byte[cbEncoded];
Marshal.Copy(pbEncoded.DangerousGetHandle(), encodedData, 0, (int) cbEncoded);
pbEncoded.Dispose();
return true;
}
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
internal static unsafe
string GetCertNameInfo(
[In] SafeCertContextHandle safeCertContext,
[In] uint dwFlags,
[In] uint dwDisplayType) {
if (safeCertContext == null)
throw new ArgumentNullException("pCertContext");
if (safeCertContext.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "safeCertContext");
uint dwStrType = CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG;
SafeLocalAllocHandle pszCommonName = SafeLocalAllocHandle.InvalidHandle;
if (dwDisplayType == CAPI.CERT_NAME_ATTR_TYPE)
pszCommonName = X509Utils.StringToAnsiPtr(CAPI.szOID_COMMON_NAME);
uint cchCount = 0;
SafeLocalAllocHandle ptr = SafeLocalAllocHandle.InvalidHandle;
cchCount = CertGetNameStringW(safeCertContext,
dwDisplayType,
dwFlags,
(dwDisplayType == CAPI.CERT_NAME_ATTR_TYPE ? pszCommonName.DangerousGetHandle() : new IntPtr(&dwStrType)),
ptr,
0);
if (cchCount == 0)
throw new CryptographicException(Marshal.GetLastWin32Error());
ptr = CAPI.LocalAlloc(CAPI.LMEM_FIXED, new IntPtr(2 * cchCount));
if (CertGetNameStringW(safeCertContext,
dwDisplayType,
dwFlags,
(dwDisplayType == CAPI.CERT_NAME_ATTR_TYPE ? pszCommonName.DangerousGetHandle() : new IntPtr(&dwStrType)),
ptr,
cchCount) == 0)
throw new CryptographicException(Marshal.GetLastWin32Error());
string name = Marshal.PtrToStringUni(ptr.DangerousGetHandle());
ptr.Dispose();
pszCommonName.Dispose();
return name;
}
#if FEATURE_CORESYSTEM
[SecuritySafeCritical]
#endif
new internal static
SafeLocalAllocHandle LocalAlloc(uint uFlags, IntPtr sizetdwBytes) {
SafeLocalAllocHandle safeLocalAllocHandle = CAPIMethods.LocalAlloc(uFlags, sizetdwBytes);
if (safeLocalAllocHandle == null || safeLocalAllocHandle.IsInvalid)
throw new OutOfMemoryException();
return safeLocalAllocHandle;
}
[ResourceExposure(ResourceScope.Machine)]
#if !FEATURE_CORESYSTEM
[ResourceConsumption(ResourceScope.Machine)]
#endif
new internal static
bool CryptAcquireContext(
[In,Out] ref SafeCryptProvHandle hCryptProv,
[In] [MarshalAs(UnmanagedType.LPStr)] string pwszContainer,
[In] [MarshalAs(UnmanagedType.LPStr)] string pwszProvider,
[In] uint dwProvType,
[In] uint dwFlags) {
CspParameters parameters = new CspParameters();
parameters.ProviderName = pwszProvider;
parameters.KeyContainerName = pwszContainer;
parameters.ProviderType = (int) dwProvType;
parameters.KeyNumber = -1;
parameters.Flags = (CspProviderFlags) ((dwFlags & CAPI.CRYPT_MACHINE_KEYSET) == CAPI.CRYPT_MACHINE_KEYSET ? CspProviderFlags.UseMachineKeyStore : 0);
#if !FEATURE_CORESYSTEM
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open);
kp.AccessEntries.Add(entry);
kp.Demand();
}
#endif
bool rc = CAPIMethods.CryptAcquireContext(ref hCryptProv,
pwszContainer,
pwszProvider,
dwProvType,
dwFlags);
if (!rc && Marshal.GetLastWin32Error() == CAPI.NTE_BAD_KEYSET) {
rc = CAPIMethods.CryptAcquireContext(ref hCryptProv,
pwszContainer,
pwszProvider,
dwProvType,
dwFlags | CAPI.CRYPT_NEWKEYSET);
}
return rc;
}
[ResourceExposure(ResourceScope.Machine)]
#if !FEATURE_CORESYSTEM
[ResourceConsumption(ResourceScope.Machine)]
#endif
internal static
bool CryptAcquireContext(
ref SafeCryptProvHandle hCryptProv,
IntPtr pwszContainer,
IntPtr pwszProvider,
uint dwProvType,
uint dwFlags) {
string container = null;
if (pwszContainer != IntPtr.Zero) {
container = Marshal.PtrToStringUni(pwszContainer);
}
string provider = null;
if (pwszProvider != IntPtr.Zero) {
provider = Marshal.PtrToStringUni(pwszProvider);
}
return CryptAcquireContext(ref hCryptProv,
container,
provider,
dwProvType,
dwFlags);
}
#if FEATURE_CORESYSTEM
[SecuritySafeCritical]
#endif
new internal static
CRYPT_OID_INFO CryptFindOIDInfo(
[In] uint dwKeyType,
[In] IntPtr pvKey,
[In] OidGroup dwGroupId) {
if (pvKey == IntPtr.Zero)
throw new ArgumentNullException("pvKey");
CRYPT_OID_INFO pOIDInfo = new CRYPT_OID_INFO(Marshal.SizeOf(typeof(CRYPT_OID_INFO)));
IntPtr pv = CAPIMethods.CryptFindOIDInfo(dwKeyType,
pvKey,
dwGroupId);
if (pv != IntPtr.Zero)
pOIDInfo = (CRYPT_OID_INFO) Marshal.PtrToStructure(pv, typeof(CAPI.CRYPT_OID_INFO));
return pOIDInfo;
}
#if FEATURE_CORESYSTEM
[SecuritySafeCritical]
#endif
new internal static
CRYPT_OID_INFO CryptFindOIDInfo(
[In] uint dwKeyType,
[In] SafeLocalAllocHandle pvKey,
[In] OidGroup dwGroupId) {
if (pvKey == null)
throw new ArgumentNullException("pvKey");
if (pvKey.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "pvKey");
CRYPT_OID_INFO pOIDInfo = new CRYPT_OID_INFO(Marshal.SizeOf(typeof(CRYPT_OID_INFO)));
IntPtr pv = CAPIMethods.CryptFindOIDInfo(dwKeyType,
pvKey,
dwGroupId);
if (pv != IntPtr.Zero)
pOIDInfo = (CRYPT_OID_INFO) Marshal.PtrToStructure(pv, typeof(CAPI.CRYPT_OID_INFO));
return pOIDInfo;
}
#if FEATURE_CORESYSTEM
[SecuritySafeCritical]
#endif
internal static unsafe
string CryptFormatObject(
[In] uint dwCertEncodingType,
[In] uint dwFormatStrType,
[In] string lpszStructType,
[In] byte[] rawData) {
if (rawData == null)
throw new ArgumentNullException("rawData");
uint cbFormat = 0;
SafeLocalAllocHandle pbFormat = SafeLocalAllocHandle.InvalidHandle;
//
// This method will never throw an exception. If the call to CryptFormatObject fails
// we'll just return a hex representation of the ASN data.
//
if (!CAPIMethods.CryptFormatObject(dwCertEncodingType,
0,
dwFormatStrType,
IntPtr.Zero,
lpszStructType,
rawData,
(uint) rawData.Length,
pbFormat,
new IntPtr(&cbFormat)))
return X509Utils.EncodeHexString(rawData);
pbFormat = CAPI.LocalAlloc(CAPI.LMEM_FIXED, new IntPtr(cbFormat));
if (!CAPIMethods.CryptFormatObject(dwCertEncodingType,
0,
dwFormatStrType,
IntPtr.Zero,
lpszStructType,
rawData,
(uint) rawData.Length,
pbFormat,
new IntPtr(&cbFormat)))
return X509Utils.EncodeHexString(rawData);
string s = Marshal.PtrToStringUni(pbFormat.DangerousGetHandle());
pbFormat.Dispose();
return s;
}
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
internal static unsafe
string CryptFormatObject(
[In] uint dwCertEncodingType,
[In] uint dwFormatStrType,
[In] IntPtr lpszStructType,
[In] byte[] rawData) {
if (rawData == null)
throw new ArgumentNullException("rawData");
uint cbFormat = 0;
SafeLocalAllocHandle pbFormat = SafeLocalAllocHandle.InvalidHandle;
//
// This method will never throw an exception. If the call to CryptFormatObject fails
// we'll just return a hex representation of the ASN data.
//
if (!CAPIMethods.CryptFormatObject(dwCertEncodingType,
0,
dwFormatStrType,
IntPtr.Zero,
lpszStructType,
rawData,
(uint) rawData.Length,
pbFormat,
new IntPtr(&cbFormat)))
return X509Utils.EncodeHexString(rawData);
pbFormat = CAPI.LocalAlloc(CAPI.LMEM_FIXED, new IntPtr(cbFormat));
if (!CAPIMethods.CryptFormatObject(dwCertEncodingType,
0,
dwFormatStrType,
IntPtr.Zero,
lpszStructType,
rawData,
(uint) rawData.Length,
pbFormat,
new IntPtr(&cbFormat)))
return X509Utils.EncodeHexString(rawData);
string s = Marshal.PtrToStringUni(pbFormat.DangerousGetHandle());
pbFormat.Dispose();
return s;
}
new internal static
bool CryptMsgControl(
[In] SafeCryptMsgHandle hCryptMsg,
[In] uint dwFlags,
[In] uint dwCtrlType,
[In] IntPtr pvCtrlPara) {
// We are supposed to demand Open and Sign permissions for the key container here
// for the CMSG_CTRL_DECRYPT class of parameters. For now, the caller should demand,
// as to do the demand here will be more complicated and expensive since the CSP
// parameters are not readily available here.
//
return CAPIMethods.CryptMsgControl(hCryptMsg,
dwFlags,
dwCtrlType,
pvCtrlPara);
}
new internal static
bool CryptMsgCountersign(
[In] SafeCryptMsgHandle hCryptMsg,
[In] uint dwIndex,
[In] uint cCountersigners,
[In] IntPtr rgCountersigners) {
//
// We are supposed to demand Open and Sign permissions for the key container here.
// For now, the caller should demand, as to do the demand here will be more
// complicated since the CSP parameters are not readily available here.
//
return CAPIMethods.CryptMsgCountersign(hCryptMsg,
dwIndex,
cCountersigners,
rgCountersigners);
}
new internal static
SafeCryptMsgHandle CryptMsgOpenToEncode(
[In] uint dwMsgEncodingType,
[In] uint dwFlags,
[In] uint dwMsgType,
[In] IntPtr pvMsgEncodeInfo,
[In] IntPtr pszInnerContentObjID,
[In] IntPtr pStreamInfo) {
//
// We are supposed to demand Open and Sign permissions for the key container here.
// For now, the caller should demand, as to do the demand here will be more
// complicated since the CSP parameters are not readily available here.
//
return CAPIMethods.CryptMsgOpenToEncode(dwMsgEncodingType,
dwFlags,
dwMsgType,
pvMsgEncodeInfo,
pszInnerContentObjID,
pStreamInfo);
}
new internal static
SafeCryptMsgHandle CryptMsgOpenToEncode(
[In] uint dwMsgEncodingType,
[In] uint dwFlags,
[In] uint dwMsgType,
[In] IntPtr pvMsgEncodeInfo,
[In] string pszInnerContentObjID,
[In] IntPtr pStreamInfo) {
//
// We are supposed to demand Open and Sign permissions for the key container here.
// For now, the caller should demand, as to do the demand here will be more
// complicated and expensive since the CSP parameters are not readily available
// here.
//
return CAPIMethods.CryptMsgOpenToEncode(dwMsgEncodingType,
dwFlags,
dwMsgType,
pvMsgEncodeInfo,
pszInnerContentObjID,
pStreamInfo);
}
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
new internal static
bool CertSetCertificateContextProperty (
[In] IntPtr pCertContext,
[In] uint dwPropId,
[In] uint dwFlags,
[In] IntPtr pvData) {
if (pvData == IntPtr.Zero)
throw new ArgumentNullException("pvData");
if (dwPropId != CERT_ARCHIVED_PROP_ID && dwPropId != CERT_FRIENDLY_NAME_PROP_ID &&
dwPropId != CERT_DELETE_KEYSET_PROP_ID && dwPropId != CERT_KEY_PROV_INFO_PROP_ID)
throw new ArgumentException(SR.GetString(SR.Security_InvalidValue), "dwFlags");
#if !FEATURE_CORESYSTEM
// We do not want semi-trusted code to archive or set the friendly name property of a cert.
if (dwPropId == CERT_ARCHIVED_PROP_ID || dwPropId == CERT_FRIENDLY_NAME_PROP_ID || dwPropId == CERT_KEY_PROV_INFO_PROP_ID)
new PermissionSet(PermissionState.Unrestricted).Demand();
#endif
return CAPIMethods.CertSetCertificateContextProperty(pCertContext, dwPropId, dwFlags, pvData);
}
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
new internal static
bool CertSetCertificateContextProperty (
[In] SafeCertContextHandle pCertContext,
[In] uint dwPropId,
[In] uint dwFlags,
[In] IntPtr pvData) {
if (pvData == IntPtr.Zero)
throw new ArgumentNullException("pvData");
if (dwPropId != CERT_ARCHIVED_PROP_ID && dwPropId != CERT_FRIENDLY_NAME_PROP_ID &&
dwPropId != CERT_DELETE_KEYSET_PROP_ID && dwPropId != CERT_KEY_PROV_INFO_PROP_ID)
throw new ArgumentException(SR.GetString(SR.Security_InvalidValue), "dwFlags");
#if !FEATURE_CORESYSTEM
// We do not want semi-trusted code to archive or set the friendly name property of a cert.
if (dwPropId == CERT_ARCHIVED_PROP_ID || dwPropId == CERT_FRIENDLY_NAME_PROP_ID || dwPropId == CERT_KEY_PROV_INFO_PROP_ID)
new PermissionSet(PermissionState.Unrestricted).Demand();
#endif
return CAPIMethods.CertSetCertificateContextProperty(pCertContext, dwPropId, dwFlags, pvData);
}
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
new internal static
bool CertSetCertificateContextProperty (
[In] SafeCertContextHandle pCertContext,
[In] uint dwPropId,
[In] uint dwFlags,
[In] SafeLocalAllocHandle safeLocalAllocHandle) {
if (pCertContext == null)
throw new ArgumentNullException("pCertContext");
if (pCertContext.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "pCertContext");
if (dwPropId != CERT_ARCHIVED_PROP_ID && dwPropId != CERT_FRIENDLY_NAME_PROP_ID &&
dwPropId != CERT_DELETE_KEYSET_PROP_ID && dwPropId != CERT_KEY_PROV_INFO_PROP_ID)
throw new ArgumentException(SR.GetString(SR.Security_InvalidValue), "dwFlags");
#if !FEATURE_CORESYSTEM
// We do not want semi-trusted code to archive or set the friendly name property of a cert.
if (dwPropId == CERT_ARCHIVED_PROP_ID || dwPropId == CERT_FRIENDLY_NAME_PROP_ID || dwPropId == CERT_KEY_PROV_INFO_PROP_ID)
new PermissionSet(PermissionState.Unrestricted).Demand();
#endif
return CAPIMethods.CertSetCertificateContextProperty(pCertContext, dwPropId, dwFlags, safeLocalAllocHandle);
}
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
new internal static
SafeCertContextHandle CertDuplicateCertificateContext (
[In] IntPtr pCertContext) {
if (pCertContext == IntPtr.Zero)
return SafeCertContextHandle.InvalidHandle;
return CAPIMethods.CertDuplicateCertificateContext(pCertContext);
}
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
new internal static
SafeCertContextHandle CertDuplicateCertificateContext (
[In] SafeCertContextHandle pCertContext) {
if (pCertContext == null || pCertContext.IsInvalid)
return SafeCertContextHandle.InvalidHandle;
return CAPIMethods.CertDuplicateCertificateContext(pCertContext);
}
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
new internal static
IntPtr CertEnumCertificatesInStore (
[In] SafeCertStoreHandle hCertStore,
[In] IntPtr pPrevCertContext) {
if (hCertStore == null)
throw new ArgumentNullException("hCertStore");
if (hCertStore.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "hCertStore");
#if !FEATURE_CORESYSTEM
if (pPrevCertContext == IntPtr.Zero) {
StorePermission sp = new StorePermission(StorePermissionFlags.EnumerateCertificates);
sp.Demand();
}
#endif
IntPtr handle = CAPIMethods.CertEnumCertificatesInStore(hCertStore, pPrevCertContext);
if (handle == IntPtr.Zero) {
int dwErrorCode = Marshal.GetLastWin32Error();
if (dwErrorCode != CRYPT_E_NOT_FOUND) {
CAPIMethods.CertFreeCertificateContext(handle);
throw new CryptographicException(dwErrorCode);
}
}
return handle;
}
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
new internal static
SafeCertContextHandle CertEnumCertificatesInStore (
[In] SafeCertStoreHandle hCertStore,
[In] SafeCertContextHandle pPrevCertContext) {
if (hCertStore == null)
throw new ArgumentNullException("hCertStore");
if (hCertStore.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "hCertStore");
#if !FEATURE_CORESYSTEM
if (pPrevCertContext.IsInvalid) {
StorePermission sp = new StorePermission(StorePermissionFlags.EnumerateCertificates);
sp.Demand();
}
#endif
SafeCertContextHandle safeCertContextHandle = CAPIMethods.CertEnumCertificatesInStore(hCertStore, pPrevCertContext);
if (safeCertContextHandle == null || safeCertContextHandle.IsInvalid) {
int dwErrorCode = Marshal.GetLastWin32Error();
if (dwErrorCode != CRYPT_E_NOT_FOUND)
throw new CryptographicException(Marshal.GetLastWin32Error());
}
return safeCertContextHandle;
}
//
// This override demands FileIOPermission.Read if dwObjectType is CERT_QUERY_OBJECT_FILE.
//
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[ResourceExposure(ResourceScope.Machine)] // If you pass in a file name
#if !FEATURE_CORESYSTEM
[ResourceConsumption(ResourceScope.Machine)]
#endif
internal static unsafe
bool CryptQueryObject (
[In] uint dwObjectType,
[In] object pvObject,
[In] uint dwExpectedContentTypeFlags,
[In] uint dwExpectedFormatTypeFlags,
[In] uint dwFlags,
[Out] IntPtr pdwMsgAndCertEncodingType,
[Out] IntPtr pdwContentType,
[Out] IntPtr pdwFormatType,
[In,Out] IntPtr phCertStore,
[In,Out] IntPtr phMsg,
[In,Out] IntPtr ppvContext) {
bool result = false;
GCHandle handle = GCHandle.Alloc(pvObject, GCHandleType.Pinned);
IntPtr pbData = handle.AddrOfPinnedObject();
CRYPTOAPI_BLOB certBlob;
try {
if (pvObject == null)
throw new ArgumentNullException("pvObject");
if (dwObjectType == CERT_QUERY_OBJECT_FILE) {
#if !FEATURE_CORESYSTEM
string fullPath = Path.GetFullPath((string) pvObject);
new FileIOPermission(FileIOPermissionAccess.Read, fullPath).Demand();
#endif
} else {
certBlob.cbData = (uint) ((byte[]) pvObject).Length;
certBlob.pbData = pbData;
pbData = new IntPtr(&certBlob);
}
result = CAPIMethods.CryptQueryObject(dwObjectType,
pbData,
dwExpectedContentTypeFlags,
dwExpectedFormatTypeFlags,
dwFlags,
pdwMsgAndCertEncodingType,
pdwContentType,
pdwFormatType,
phCertStore,
phMsg,
ppvContext);
}
finally {
if (handle.IsAllocated)
handle.Free();
}
return result;
}
//
// This override demands FileIOPermission.Read if dwObjectType is CERT_QUERY_OBJECT_FILE.
//
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[ResourceExposure(ResourceScope.Machine)] // If you passed in a file name
#if !FEATURE_CORESYSTEM
[ResourceConsumption(ResourceScope.Machine)]
#endif
internal static unsafe
bool CryptQueryObject (
[In] uint dwObjectType,
[In] object pvObject,
[In] uint dwExpectedContentTypeFlags,
[In] uint dwExpectedFormatTypeFlags,
[In] uint dwFlags,
[Out] IntPtr pdwMsgAndCertEncodingType,
[Out] IntPtr pdwContentType,
[Out] IntPtr pdwFormatType,
[In,Out] ref SafeCertStoreHandle phCertStore,
[In,Out] IntPtr phMsg,
[In,Out] IntPtr ppvContext) {
bool result = false;
GCHandle handle = GCHandle.Alloc(pvObject, GCHandleType.Pinned);
IntPtr pbData = handle.AddrOfPinnedObject();
CRYPTOAPI_BLOB certBlob;
try {
if (pvObject == null)
throw new ArgumentNullException("pvObject");
if (dwObjectType == CERT_QUERY_OBJECT_FILE) {
#if !FEATURE_CORESYSTEM
string fullPath = Path.GetFullPath((string) pvObject);
new FileIOPermission(FileIOPermissionAccess.Read, fullPath).Demand();
#endif
} else {
certBlob.cbData = (uint) ((byte[]) pvObject).Length;
certBlob.pbData = pbData;
pbData = new IntPtr(&certBlob);
}
result = CAPIMethods.CryptQueryObject(dwObjectType,
pbData,
dwExpectedContentTypeFlags,
dwExpectedFormatTypeFlags,
dwFlags,
pdwMsgAndCertEncodingType,
pdwContentType,
pdwFormatType,
ref phCertStore,
phMsg,
ppvContext);
}
finally {
if (handle.IsAllocated)
handle.Free();
}
return result;
}
//
// This override demands FileIOPermission.Read if dwObjectType is CERT_QUERY_OBJECT_FILE.
//
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
[ResourceExposure(ResourceScope.Machine)] // If you pass in a file name
#if !FEATURE_CORESYSTEM
[ResourceConsumption(ResourceScope.Machine)]
#endif
internal static unsafe
SafeCertStoreHandle PFXImportCertStore(
[In] uint dwObjectType,
[In] object pvObject,
[In] string szPassword,
[In] uint dwFlags,
[In] bool persistKeyContainers) {
if (pvObject == null)
throw new ArgumentNullException("pvObject");
byte[] pbData = null;
if (dwObjectType == CERT_QUERY_OBJECT_FILE) {
pbData = File.ReadAllBytes((string)pvObject);
} else {
pbData = (byte[]) pvObject;
}
#if !FEATURE_CORESYSTEM
if (persistKeyContainers) {
//
// Right now, we always demand KeyContainerPermission regardless of whether the PFX contains a private key or not.
// We could avoid that by looping through the certs in the store and find out whether there are actually private keys.
//
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.Create);
kp.Demand();
}
}
#endif
SafeCertStoreHandle safeCertStoreHandle = SafeCertStoreHandle.InvalidHandle;
GCHandle handle = GCHandle.Alloc(pbData, GCHandleType.Pinned);
IntPtr ptr = handle.AddrOfPinnedObject();
try {
CRYPTOAPI_BLOB certBlob;
certBlob.cbData = (uint) pbData.Length;
certBlob.pbData = ptr;
safeCertStoreHandle = CAPIMethods.PFXImportCertStore(new IntPtr(&certBlob),
szPassword,
dwFlags);
}
finally {
if (handle.IsAllocated)
handle.Free();
}
if (!safeCertStoreHandle.IsInvalid) {
//
// If the user did not want us to persist private keys, then we should loop through all
// the certificates in the collection and set our custom CERT_DELETE_KEYSET_PROP_ID property
// so the key container will be deleted when the cert contexts will go away.
//
if (persistKeyContainers == false) {
IntPtr pEnumContext = CAPI.CertEnumCertificatesInStore(safeCertStoreHandle, IntPtr.Zero);
while (pEnumContext != IntPtr.Zero) {
CAPI.CRYPTOAPI_BLOB blob = new CAPI.CRYPTOAPI_BLOB();
if (!CAPI.CertSetCertificateContextProperty(pEnumContext,
CERT_DELETE_KEYSET_PROP_ID,
CERT_SET_PROPERTY_INHIBIT_PERSIST_FLAG, // we don't want this property to be persisted.
new IntPtr(&blob)))
throw new CryptographicException(Marshal.GetLastWin32Error());
pEnumContext = CAPI.CertEnumCertificatesInStore(safeCertStoreHandle, pEnumContext);
}
}
}
return safeCertStoreHandle;
}
//
// This override demands StorePermission.AddToStore.
//
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
new internal static
bool CertAddCertificateContextToStore (
[In] SafeCertStoreHandle hCertStore,
[In] SafeCertContextHandle pCertContext,
[In] uint dwAddDisposition,
[In,Out] SafeCertContextHandle ppStoreContext) {
if (hCertStore == null)
throw new ArgumentNullException("hCertStore");
if (hCertStore.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "hCertStore");
if (pCertContext == null)
throw new ArgumentNullException("pCertContext");
if (pCertContext.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "pCertContext");
#if !FEATURE_CORESYSTEM
StorePermission sp = new StorePermission(StorePermissionFlags.AddToStore);
sp.Demand();
#endif
return CAPIMethods.CertAddCertificateContextToStore(hCertStore,
pCertContext,
dwAddDisposition,
ppStoreContext);
}
//
// This override demands StorePermission.AddToStore.
//
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
new internal static
bool CertAddCertificateLinkToStore (
[In] SafeCertStoreHandle hCertStore,
[In] SafeCertContextHandle pCertContext,
[In] uint dwAddDisposition,
[In,Out] SafeCertContextHandle ppStoreContext) {
if (hCertStore == null)
throw new ArgumentNullException("hCertStore");
if (hCertStore.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "hCertStore");
if (pCertContext == null)
throw new ArgumentNullException("pCertContext");
if (pCertContext.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "pCertContext");
#if !FEATURE_CORESYSTEM
StorePermission sp = new StorePermission(StorePermissionFlags.AddToStore);
sp.Demand();
#endif
return CAPIMethods.CertAddCertificateLinkToStore(hCertStore,
pCertContext,
dwAddDisposition,
ppStoreContext);
}
//
// This override demands StorePermission.RemoveFromStore.
//
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
new internal static
bool CertDeleteCertificateFromStore (
[In] SafeCertContextHandle pCertContext) {
if (pCertContext == null)
throw new ArgumentNullException("pCertContext");
if (pCertContext.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "pCertContext");
#if !FEATURE_CORESYSTEM
StorePermission sp = new StorePermission(StorePermissionFlags.RemoveFromStore);
sp.Demand();
#endif
return CAPIMethods.CertDeleteCertificateFromStore(pCertContext);
}
//
// This override demands StorePermission.OpenStore.
//
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
new internal static
SafeCertStoreHandle CertOpenStore(
[In] IntPtr lpszStoreProvider,
[In] uint dwMsgAndCertEncodingType,
[In] IntPtr hCryptProv,
[In] uint dwFlags,
[In] string pvPara) {
if (lpszStoreProvider != new IntPtr(CERT_STORE_PROV_MEMORY) && lpszStoreProvider != new IntPtr(CERT_STORE_PROV_SYSTEM))
throw new ArgumentException(SR.GetString(SR.Security_InvalidValue), "lpszStoreProvider");
#if !FEATURE_CORESYSTEM
if ((dwFlags & CERT_SYSTEM_STORE_LOCAL_MACHINE) == CERT_SYSTEM_STORE_LOCAL_MACHINE ||
(dwFlags & CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY) == CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY ||
(dwFlags & CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE) == CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE) {
// We do not allow opening remote local machine stores if in semi-trusted environment.
if (pvPara != null && pvPara.StartsWith(@"\\", StringComparison.Ordinal))
new PermissionSet(PermissionState.Unrestricted).Demand();
}
if ((dwFlags & CERT_STORE_DELETE_FLAG) == CERT_STORE_DELETE_FLAG) {
StorePermission sp = new StorePermission(StorePermissionFlags.DeleteStore);
sp.Demand();
} else {
StorePermission sp = new StorePermission(StorePermissionFlags.OpenStore);
sp.Demand();
}
if ((dwFlags & CERT_STORE_CREATE_NEW_FLAG) == CERT_STORE_CREATE_NEW_FLAG) {
StorePermission sp = new StorePermission(StorePermissionFlags.CreateStore);
sp.Demand();
}
if ((dwFlags & CERT_STORE_OPEN_EXISTING_FLAG) == 0) {
StorePermission sp = new StorePermission(StorePermissionFlags.CreateStore);
sp.Demand();
}
#endif
return CAPIMethods.CertOpenStore(lpszStoreProvider,
dwMsgAndCertEncodingType,
hCryptProv,
dwFlags | CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG,
pvPara);
}
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
new internal static
SafeCertContextHandle CertFindCertificateInStore(
[In] SafeCertStoreHandle hCertStore,
[In] uint dwCertEncodingType,
[In] uint dwFindFlags,
[In] uint dwFindType,
[In] IntPtr pvFindPara,
[In] SafeCertContextHandle pPrevCertContext) {
if (hCertStore == null)
throw new ArgumentNullException("hCertStore");
if (hCertStore.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "hCertStore");
// Note we do not demand EnumerateCertificates flag of StorePermission since we only call this method
// for a memory store and we don't want to incur the cost of a demand. Ideally, we should be doing that.
return CAPIMethods.CertFindCertificateInStore(hCertStore,
dwCertEncodingType,
dwFindFlags,
dwFindType,
pvFindPara,
pPrevCertContext);
}
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
new internal static
bool PFXExportCertStore(
[In] SafeCertStoreHandle hCertStore,
[In,Out] IntPtr pPFX,
[In] string szPassword,
[In] uint dwFlags) {
if (hCertStore == null)
throw new ArgumentNullException("hCertStore");
if (hCertStore.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "hCertStore");
#if !FEATURE_CORESYSTEM
//
// Right now, we always demand KeyContainerPermission regardless of whether the PFX contains a private key or not.
// We could avoid that by looping through the certs in the store and find out whether there are actually private keys.
//
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Export);
kp.Demand();
}
#endif
return CAPIMethods.PFXExportCertStore(hCertStore,
pPFX,
szPassword,
dwFlags);
}
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
new internal static
bool CertSaveStore(
[In] SafeCertStoreHandle hCertStore,
[In] uint dwMsgAndCertEncodingType,
[In] uint dwSaveAs,
[In] uint dwSaveTo,
[In,Out] IntPtr pvSaveToPara,
[In] uint dwFlags) {
if (hCertStore == null)
throw new ArgumentNullException("hCertStore");
if (hCertStore.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "hCertStore");
#if !FEATURE_CORESYSTEM
StorePermission sp = new StorePermission(StorePermissionFlags.EnumerateCertificates);
sp.Demand();
#endif
if (dwSaveTo == CERT_STORE_SAVE_TO_FILENAME_A || dwSaveTo == CERT_STORE_SAVE_TO_FILENAME_W)
throw new ArgumentException(SR.GetString(SR.Security_InvalidValue), "pvSaveToPara");
return CAPIMethods.CertSaveStore(hCertStore,
dwMsgAndCertEncodingType,
dwSaveAs,
dwSaveTo,
pvSaveToPara,
dwFlags);
}
}
internal sealed class SafeLibraryHandle : SafeHandleZeroOrMinusOneIsInvalid
{
private SafeLibraryHandle() : base(true) { }
[DllImport(CAPI.KERNEL32, SetLastError = true),
SuppressUnmanagedCodeSecurity,
ResourceExposure(ResourceScope.None)]
#if !FEATURE_CORESYSTEM
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
#endif
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool FreeLibrary([In] IntPtr hModule);
protected override bool ReleaseHandle()
{
return FreeLibrary(handle);
}
}
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
internal sealed class SafeLocalAllocHandle : SafeHandleZeroOrMinusOneIsInvalid
{
private SafeLocalAllocHandle () : base(true) {}
// 0 is an Invalid Handle
internal SafeLocalAllocHandle (IntPtr handle) : base (true) {
SetHandle(handle);
}
internal static SafeLocalAllocHandle InvalidHandle {
get {
SafeLocalAllocHandle invalidHandle = new SafeLocalAllocHandle(IntPtr.Zero);
// This is valid since we don't expose any way to replace the handle value
GC.SuppressFinalize(invalidHandle);
return invalidHandle;
}
}
[DllImport(CAPI.KERNEL32, SetLastError=true),
SuppressUnmanagedCodeSecurity]
#if !FEATURE_CORESYSTEM
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
#endif
[ResourceExposure(ResourceScope.None)]
private static extern IntPtr LocalFree(IntPtr handle);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
override protected bool ReleaseHandle()
{
return LocalFree(handle) == IntPtr.Zero;
}
}
internal sealed class SafeCryptProvHandle : SafeHandleZeroOrMinusOneIsInvalid {
private SafeCryptProvHandle() : base (true) {}
// 0 is an Invalid Handle
internal SafeCryptProvHandle(IntPtr handle) : base (true) {
SetHandle(handle);
}
internal static SafeCryptProvHandle InvalidHandle {
get {
SafeCryptProvHandle invalidHandle = new SafeCryptProvHandle(IntPtr.Zero);
// This is valid since we don't expose any way to replace the handle value
GC.SuppressFinalize(invalidHandle);
return invalidHandle;
}
}
[DllImport(CAPI.ADVAPI32, SetLastError=true),
SuppressUnmanagedCodeSecurity,
ResourceExposure(ResourceScope.None)]
#if !FEATURE_CORESYSTEM
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
#endif
private static extern bool CryptReleaseContext(IntPtr hCryptProv, uint dwFlags);
override protected bool ReleaseHandle()
{
return CryptReleaseContext(handle, 0);
}
}
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
internal sealed class SafeCertContextHandle : SafeHandleZeroOrMinusOneIsInvalid {
private SafeCertContextHandle() : base (true) {}
// 0 is an Invalid Handle
internal SafeCertContextHandle(IntPtr handle) : base (true) {
SetHandle(handle);
}
internal static SafeCertContextHandle InvalidHandle {
get {
SafeCertContextHandle invalidHandle = new SafeCertContextHandle(IntPtr.Zero);
// This is valid since we don't expose any way to replace the handle value
GC.SuppressFinalize(invalidHandle);
return invalidHandle;
}
}
[DllImport(CAPI.CRYPT32, SetLastError=true),
SuppressUnmanagedCodeSecurity,
ResourceExposure(ResourceScope.None)]
#if !FEATURE_CORESYSTEM
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
#endif
private static extern bool CertFreeCertificateContext (IntPtr pCertContext);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
override protected bool ReleaseHandle()
{
return CertFreeCertificateContext(handle);
}
}
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
internal sealed class SafeCertStoreHandle : SafeHandleZeroOrMinusOneIsInvalid {
private SafeCertStoreHandle() : base (true) {}
// 0 is an Invalid Handle
internal SafeCertStoreHandle(IntPtr handle) : base (true) {
SetHandle(handle);
}
internal static SafeCertStoreHandle InvalidHandle {
get {
SafeCertStoreHandle invalidHandle = new SafeCertStoreHandle(IntPtr.Zero);
// This is valid since we don't expose any way to replace the handle value
GC.SuppressFinalize(invalidHandle);
return invalidHandle;
}
}
[DllImport(CAPI.CRYPT32, SetLastError=true),
SuppressUnmanagedCodeSecurity,
ResourceExposure(ResourceScope.None)]
#if !FEATURE_CORESYSTEM
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
#endif
private static extern bool CertCloseStore (IntPtr hCertStore, uint dwFlags);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
override protected bool ReleaseHandle()
{
return CertCloseStore(handle, 0);
}
}
internal sealed class SafeCryptMsgHandle : SafeHandleZeroOrMinusOneIsInvalid {
private SafeCryptMsgHandle () : base(true) {}
internal SafeCryptMsgHandle (IntPtr handle) : base (true) {
SetHandle(handle);
}
internal static SafeCryptMsgHandle InvalidHandle {
get {
SafeCryptMsgHandle invalidHandle = new SafeCryptMsgHandle(IntPtr.Zero);
// This is valid since we don't expose any way to replace the handle value
GC.SuppressFinalize(invalidHandle);
return invalidHandle;
}
}
[DllImport(CAPI.CRYPT32, SetLastError=true),
SuppressUnmanagedCodeSecurity,
ResourceExposure(ResourceScope.None)]
#if !FEATURE_CORESYSTEM
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
#endif
private static extern bool CryptMsgClose(IntPtr handle);
#if FEATURE_CORESYSTEM
[SecurityCritical]
#endif
override protected bool ReleaseHandle()
{
return CryptMsgClose(handle);
}
}
}
namespace Microsoft.Win32.SafeHandles {
using System;
using System.Runtime.InteropServices;
using System.Runtime.ConstrainedExecution;
using System.Runtime.Versioning;
using System.Security;
using System.Security.Cryptography;
[SecurityCritical]
public sealed class SafeX509ChainHandle : SafeHandleZeroOrMinusOneIsInvalid {
private SafeX509ChainHandle () : base(true) {}
internal SafeX509ChainHandle (IntPtr handle) : base (true) {
SetHandle(handle);
}
internal static SafeX509ChainHandle InvalidHandle {
get {
SafeX509ChainHandle invalidHandle = new SafeX509ChainHandle(IntPtr.Zero);
// This is valid since we don't expose any way to replace the handle value
GC.SuppressFinalize(invalidHandle);
return invalidHandle;
}
}
[DllImport(CAPI.CRYPT32, SetLastError=true),
SuppressUnmanagedCodeSecurity,
ResourceExposure(ResourceScope.None)]
#if !FEATURE_CORESYSTEM
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
#endif
private static extern void CertFreeCertificateChain(IntPtr handle);
[SecurityCritical]
override protected bool ReleaseHandle()
{
CertFreeCertificateChain(handle);
return true;
}
}
}
|