sean-m
/
Vanara
mirror of https://github.com/dahall/Vanara.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Added nullability to Vanara.PInvoke.Cryptography

nullableenabled
David Hall 2023-02-20 15:35:21 -07:00
parent 20011e1970
commit 523b1a5e75
27 changed files with 58657 additions and 58650 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19882
PInvoke/Cryptography/BCrypt/BCrypt.cs
View File

File diff suppressed because it is too large Load Diff

7203
PInvoke/Cryptography/Crypt32/Wincrypt.Cert.cs
View File

File diff suppressed because it is too large Load Diff

2929
PInvoke/Cryptography/Crypt32/Wincrypt.Conv.cs
View File

File diff suppressed because it is too large Load Diff

12290
PInvoke/Cryptography/Crypt32/Wincrypt.DataMgmt.cs
View File

File diff suppressed because it is too large Load Diff

1835
PInvoke/Cryptography/Crypt32/Wincrypt.Key.cs
View File

File diff suppressed because it is too large Load Diff

10662
PInvoke/Cryptography/Crypt32/Wincrypt.Msg.cs
View File

File diff suppressed because it is too large Load Diff

30
PInvoke/Cryptography/Crypt32/Wincrypt.OID.cs
View File

@ -182,7 +182,7 @@ public static partial class Crypt32
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "aa2fba03-183b-4b74-b306-8f4592995897")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptEnumOIDFunction(CertEncodingType dwEncodingType, [Optional, MarshalAs(UnmanagedType.LPStr)] string pszFuncName, [Optional, In] SafeOID pszOID,
public static extern bool CryptEnumOIDFunction(CertEncodingType dwEncodingType, [Optional, MarshalAs(UnmanagedType.LPStr)] string? pszFuncName, [Optional, In] SafeOID pszOID,
[Optional] uint dwFlags, [In, Out, Optional] IntPtr pvArg, PFN_CRYPT_ENUM_OID_FUNC pfnEnumOIDFunc);
/// <summary>
@ -709,7 +709,7 @@ public static partial class Crypt32
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "3977368c-ad13-43f9-859b-10c7f170f482")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptGetDefaultOIDFunctionAddress([In] HCRYPTOIDFUNCSET hFuncSet, CertEncodingType dwEncodingType, [Optional, MarshalAs(UnmanagedType.LPWStr)] string pwszDll,
public static extern bool CryptGetDefaultOIDFunctionAddress([In] HCRYPTOIDFUNCSET hFuncSet, CertEncodingType dwEncodingType, [Optional, MarshalAs(UnmanagedType.LPWStr)] string? pwszDll,
[Optional] uint dwFlags, out IntPtr ppvFuncAddr, ref HCRYPTOIDFUNCADDR phFuncAddr);
/// <summary>
@ -883,7 +883,7 @@ public static partial class Crypt32
[PInvokeData("wincrypt.h", MSDNShortId = "14eb7f10-f42a-4496-9699-62eeb9878ea2")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptGetOIDFunctionValue(CertEncodingType dwEncodingType, [MarshalAs(UnmanagedType.LPStr)] string pszFuncName,
[In] SafeOID pszOID, [Optional, MarshalAs(UnmanagedType.LPWStr)] string pwszValueName, out REG_VALUE_TYPE pdwValueType,
[In] SafeOID pszOID, [Optional, MarshalAs(UnmanagedType.LPWStr)] string? pwszValueName, out REG_VALUE_TYPE pdwValueType,
[Out] IntPtr pbValueData, ref uint pcbValueData);
/// <summary>
@ -967,7 +967,7 @@ public static partial class Crypt32
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "9633cce4-538e-490e-8a5a-6b28f161a09d")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptRegisterDefaultOIDFunction(CertEncodingType dwEncodingType, [MarshalAs(UnmanagedType.LPStr)] string pszFuncName, uint dwIndex, [Optional, MarshalAs(UnmanagedType.LPWStr)] string pwszDll);
public static extern bool CryptRegisterDefaultOIDFunction(CertEncodingType dwEncodingType, [MarshalAs(UnmanagedType.LPStr)] string pszFuncName, uint dwIndex, [Optional, MarshalAs(UnmanagedType.LPWStr)] string? pwszDll);
/// <summary>
/// <para>
@ -1018,7 +1018,7 @@ public static partial class Crypt32
[PInvokeData("wincrypt.h", MSDNShortId = "b625597d-28fd-4a40-afbe-a09201d36512")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptRegisterOIDFunction(CertEncodingType dwEncodingType, [MarshalAs(UnmanagedType.LPStr)] string pszFuncName, SafeOID pszOID,
[MarshalAs(UnmanagedType.LPWStr)] string pwszDll, [Optional, MarshalAs(UnmanagedType.LPStr)] string pszOverrideFuncName);
[MarshalAs(UnmanagedType.LPWStr)] string pwszDll, [Optional, MarshalAs(UnmanagedType.LPStr)] string? pszOverrideFuncName);
/// <summary>
/// <para>
@ -1124,7 +1124,7 @@ public static partial class Crypt32
[PInvokeData("wincrypt.h", MSDNShortId = "3e167c5d-0000-4359-a7b0-9b3e4e64c50c")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptSetOIDFunctionValue(CertEncodingType dwEncodingType, [MarshalAs(UnmanagedType.LPStr)] string pszFuncName,
SafeOID pszOID, [Optional, MarshalAs(UnmanagedType.LPWStr)] string pwszValueName, REG_VALUE_TYPE dwValueType, [In, Optional] IntPtr pbValueData, uint cbValueData);
SafeOID pszOID, [Optional, MarshalAs(UnmanagedType.LPWStr)] string? pwszValueName, REG_VALUE_TYPE dwValueType, [In, Optional] IntPtr pbValueData, uint cbValueData);
/// <summary>
/// The <c>CryptUnregisterDefaultOIDFunction</c> removes the registration of a DLL containing the default function to be called for
@ -1484,7 +1484,7 @@ public static partial class Crypt32
public HCRYPTOIDFUNCADDR(IntPtr preexistingHandle) => handle = preexistingHandle;
/// <summary>Returns an invalid handle by instantiating a <see cref="HCRYPTOIDFUNCADDR"/> object with <see cref="IntPtr.Zero"/>.</summary>
public static HCRYPTOIDFUNCADDR NULL => new HCRYPTOIDFUNCADDR(IntPtr.Zero);
public static HCRYPTOIDFUNCADDR NULL => new(IntPtr.Zero);
/// <summary>Gets a value indicating whether this instance is a null handle.</summary>
public bool IsNull => handle == IntPtr.Zero;
@ -1497,7 +1497,7 @@ public static partial class Crypt32
/// <summary>Performs an implicit conversion from <see cref="IntPtr"/> to <see cref="HCRYPTOIDFUNCADDR"/>.</summary>
/// <param name="h">The pointer to a handle.</param>
/// <returns>The result of the conversion.</returns>
public static implicit operator HCRYPTOIDFUNCADDR(IntPtr h) => new HCRYPTOIDFUNCADDR(h);
public static implicit operator HCRYPTOIDFUNCADDR(IntPtr h) => new(h);
/// <summary>Implements the operator !=.</summary>
/// <param name="h1">The first handle.</param>
@ -1512,7 +1512,7 @@ public static partial class Crypt32
public static bool operator ==(HCRYPTOIDFUNCADDR h1, HCRYPTOIDFUNCADDR h2) => h1.Equals(h2);
/// <inheritdoc/>
public override bool Equals(object obj) => obj is HCRYPTOIDFUNCADDR h ? handle == h.handle : false;
public override bool Equals(object? obj) => obj is HCRYPTOIDFUNCADDR h && handle == h.handle;
/// <inheritdoc/>
public override int GetHashCode() => handle.GetHashCode();
@ -1532,7 +1532,7 @@ public static partial class Crypt32
public HCRYPTOIDFUNCSET(IntPtr preexistingHandle) => handle = preexistingHandle;
/// <summary>Returns an invalid handle by instantiating a <see cref="HCRYPTOIDFUNCSET"/> object with <see cref="IntPtr.Zero"/>.</summary>
public static HCRYPTOIDFUNCSET NULL => new HCRYPTOIDFUNCSET(IntPtr.Zero);
public static HCRYPTOIDFUNCSET NULL => new(IntPtr.Zero);
/// <summary>Gets a value indicating whether this instance is a null handle.</summary>
public bool IsNull => handle == IntPtr.Zero;
@ -1545,7 +1545,7 @@ public static partial class Crypt32
/// <summary>Performs an implicit conversion from <see cref="IntPtr"/> to <see cref="HCRYPTOIDFUNCSET"/>.</summary>
/// <param name="h">The pointer to a handle.</param>
/// <returns>The result of the conversion.</returns>
public static implicit operator HCRYPTOIDFUNCSET(IntPtr h) => new HCRYPTOIDFUNCSET(h);
public static implicit operator HCRYPTOIDFUNCSET(IntPtr h) => new(h);
/// <summary>Implements the operator !=.</summary>
/// <param name="h1">The first handle.</param>
@ -1560,7 +1560,7 @@ public static partial class Crypt32
public static bool operator ==(HCRYPTOIDFUNCSET h1, HCRYPTOIDFUNCSET h2) => h1.Equals(h2);
/// <inheritdoc/>
public override bool Equals(object obj) => obj is HCRYPTOIDFUNCSET h ? handle == h.handle : false;
public override bool Equals(object? obj) => obj is HCRYPTOIDFUNCSET h && handle == h.handle;
/// <inheritdoc/>
public override int GetHashCode() => handle.GetHashCode();
@ -1580,7 +1580,7 @@ public static partial class Crypt32
public PCCRYPT_OID_INFO(IntPtr preexistingHandle) => handle = preexistingHandle;
/// <summary>Returns an invalid handle by instantiating a <see cref="PCCRYPT_OID_INFO"/> object with <see cref="IntPtr.Zero"/>.</summary>
public static PCCRYPT_OID_INFO NULL => new PCCRYPT_OID_INFO(IntPtr.Zero);
public static PCCRYPT_OID_INFO NULL => new(IntPtr.Zero);
/// <summary>Gets a value indicating whether this instance is a null handle.</summary>
public bool IsNull => handle == IntPtr.Zero;
@ -1593,7 +1593,7 @@ public static partial class Crypt32
/// <summary>Performs an implicit conversion from <see cref="IntPtr"/> to <see cref="PCCRYPT_OID_INFO"/>.</summary>
/// <param name="h">The pointer to a handle.</param>
/// <returns>The result of the conversion.</returns>
public static implicit operator PCCRYPT_OID_INFO(IntPtr h) => new PCCRYPT_OID_INFO(h);
public static implicit operator PCCRYPT_OID_INFO(IntPtr h) => new(h);
/// <summary>Performs an explicit conversion from <see cref="PCCRYPT_OID_INFO"/> to <see cref="CRYPT_OID_INFO"/>.</summary>
/// <param name="h">The handle.</param>
@ -1613,7 +1613,7 @@ public static partial class Crypt32
public static bool operator ==(PCCRYPT_OID_INFO h1, PCCRYPT_OID_INFO h2) => h1.Equals(h2);
/// <inheritdoc/>
public override bool Equals(object obj) => obj is PCCRYPT_OID_INFO h ? handle == h.handle : false;
public override bool Equals(object? obj) => obj is PCCRYPT_OID_INFO h && handle == h.handle;
/// <inheritdoc/>
public override int GetHashCode() => handle.GetHashCode();

2699
PInvoke/Cryptography/Crypt32/Wincrypt.Obj.cs
View File

File diff suppressed because it is too large Load Diff

973
PInvoke/Cryptography/Crypt32/Wincrypt.PFX.cs
View File

@ -1,513 +1,512 @@
using System;
using System.Runtime.InteropServices;
namespace Vanara.PInvoke
namespace Vanara.PInvoke;
/// <summary>Methods and data types found in Crypt32.dll.</summary>
public static partial class Crypt32
{
/// <summary>Methods and data types found in Crypt32.dll.</summary>
public static partial class Crypt32
/// <summary>Flags for <see cref="PFXExportCertStore"/> and <see cref="PFXExportCertStoreEx"/></summary>
[PInvokeData("wincrypt.h", MSDNShortId = "003602c6-d6c9-4695-9c60-ffaf0aa02266")]
[Flags]
public enum PFXExportFlags : uint
{
/// <summary>Flags for <see cref="PFXExportCertStore"/> and <see cref="PFXExportCertStoreEx"/></summary>
[PInvokeData("wincrypt.h", MSDNShortId = "003602c6-d6c9-4695-9c60-ffaf0aa02266")]
[Flags]
public enum PFXExportFlags : uint
{
/// <summary>
/// If a certificate is encountered that has no associated private key, the function returns FALSE with the last error set to
/// either CRYPT_E_NOT_FOUND or NTE_NO_KEY.
/// </summary>
REPORT_NO_PRIVATE_KEY = 0x0001,
/// <summary>
/// If a certificate is encountered that has a non-exportable private key, the function returns FALSE and the last error set to
/// NTE_BAD_KEY, NTE_BAD_KEY_STATE, or NTE_PERM.
/// </summary>
REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY = 0x0002,
/// <summary>Private keys are exported as well as the certificates.</summary>
EXPORT_PRIVATE_KEYS = 0x0004,
/// <summary>
/// Export all extended properties on the certificate.
/// <para>Windows Server 2003 and Windows XP: This value is not supported.</para>
/// </summary>
PKCS12_INCLUDE_EXTENDED_PROPERTIES = 0x0010,
/// <summary>
/// The PFX BLOB contains an embedded password that will be protected to the Active Directory (AD) protection descriptor pointed
/// to by the pvPara parameter. If the szPassword parameter is not NULL or empty, the specified password is protected. If,
/// however, the szPassword parameter is NULL or an empty string, a random forty (40) character password is created and protected.
/// <para>
/// PFXImportCertStore uses the specified protection descriptor to decrypt the embedded password, whether specified by the user
/// or randomly generated, and then uses the password to decrypt the PFX BLOB.
/// </para>
/// <para>Windows 8 and Windows Server 2012: Support for this flag begins.</para>
/// </summary>
PKCS12_PROTECT_TO_DOMAIN_SIDS = 0x0020,
/// <summary/>
PKCS12_EXPORT_SILENT = 0x0040,
/// <summary/>
PKCS12_EXPORT_PBES2_PARAMS = 0x0080,
/// <summary/>
PKCS12_DISABLE_ENCRYPT_CERTIFICATES = 0x0100,
/// <summary/>
PKCS12_ENCRYPT_CERTIFICATES = 0x0200,
/// <summary/>
PKCS12_EXPORT_ECC_CURVE_PARAMETERS = 0x1000,
/// <summary/>
PKCS12_EXPORT_ECC_CURVE_OID = 0x2000,
/// <summary/>
PKCS12_EXPORT_RESERVED_MASK = 0xffff0000,
}
/// <summary>Flags for <see cref="PFXImportCertStore"/>.</summary>
[PInvokeData("wincrypt.h", MSDNShortId = "2c83774a-f2df-4d28-9abd-e39aa507ba88")]
[Flags]
public enum PFXImportFlags : uint
{
/// <summary>
/// Imported keys are marked as exportable. If this flag is not used, calls to the CryptExportKey function with the key handle fail.
/// </summary>
CRYPT_EXPORTABLE = 0x00000001,
/// <summary>
/// The user is to be notified through a dialog box or other method when certain attempts to use this key are made. The precise
/// behavior is specified by the cryptographic service provider (CSP) being used.
/// <para>
/// Prior to Internet Explorer 4.0, Microsoft cryptographic service providers ignored this flag. Starting with Internet Explorer
/// 4.0, Microsoft providers support this flag.
/// </para>
/// <para>
/// If the provider context was opened with the CRYPT_SILENT flag set, using this flag causes a failure and the last error is
/// set to NTE_SILENT_CONTEXT.
/// </para>
/// </summary>
CRYPT_USER_PROTECTED = 0x00000002,
/// <summary>The private keys are stored under the local computer and not under the current user.</summary>
CRYPT_MACHINE_KEYSET = 0x00000020,
/// <summary>
/// The private keys are stored under the current user and not under the local computer even if the PFX BLOB specifies that they
/// should go into the local computer.
/// </summary>
CRYPT_USER_KEYSET = 0x00001000,
/// <summary>
/// Indicates that the CNG key storage provider (KSP) is preferred. If the CSP is specified in the PFX file, then the CSP is
/// used, otherwise the KSP is preferred. If the CNG KSP is unavailable, the PFXImportCertStore function will fail.
/// <para>Windows Server 2003 and Windows XP: This value is not supported.</para>
/// </summary>
PKCS12_PREFER_CNG_KSP = 0x00000100,
/// <summary>
/// Indicates that the CNG KSP is always used. When specified, PFXImportCertStore attempts to use the CNG KSP irrespective of
/// provider information in the PFX file. If the CNG KSP is unavailable, the import will not fail.
/// <para>Windows Server 2003 and Windows XP: This value is not supported.</para>
/// </summary>
PKCS12_ALWAYS_CNG_KSP = 0x00000200,
/// <summary>
/// Allow overwrite of the existing key. Specify this flag when you encounter a scenario in which you must import a PFX file
/// that contains a key name that already exists. For example, when you import a PFX file, it is possible that a container of
/// the same name is already present because there is no unique namespace for key containers. If you have created a "TestKey" on
/// your computer, and then you import a PFX file that also has "TestKey" as the key container, the PKCS12_ALLOW_OVERWRITE_KEY
/// setting allows the key to be overwritten.
/// <para>Windows Server 2003 and Windows XP: This value is not supported.</para>
/// </summary>
PKCS12_ALLOW_OVERWRITE_KEY = 0x00004000,
/// <summary>
/// Do not persist the key. Specify this flag when you do not want to persist the key. For example, if it is not necessary to
/// store the key after verification, then instead of creating a container and then deleting it, you can specify this flag to
/// dispose of the key immediately.
/// <para>
/// Note If the PKCS12_NO_PERSIST_KEY flag is not set, keys are persisted on disk. If you do not want to persist the keys beyond
/// their usage, you must delete them by calling the CryptAcquireContext function with the CRYPT_DELETEKEYSET flag set in the
/// dwFlags parameter.
/// </para>
/// <para>Windows Server 2003 and Windows XP: This value is not supported.</para>
/// </summary>
PKCS12_NO_PERSIST_KEY = 0x00008000,
/// <summary>
/// Import all extended properties on the certificate that were saved on the certificate when it was exported.
/// <para>Windows Server 2003 and Windows XP: This value is not supported.</para>
/// </summary>
PKCS12_INCLUDE_EXTENDED_PROPERTIES = 0x0010,
/// <summary>Unpack but do not persist the results.</summary>
PKCS12_UNPACK_RESULTS_ONLY = 0x10000000,
/// <summary/>
CRYPT_USER_PROTECTED_STRONG = 0x00100000,
/// <summary/>
PKCS12_IMPORT_SILENT = 0x00000040,
/// <summary/>
PKCS12_ONLY_CERTIFICATES = 0x00000400,
/// <summary/>
PKCS12_ONLY_NOT_ENCRYPTED_CERTIFICATES = 0x00000800,
/// <summary/>
PKCS12_VIRTUAL_ISOLATION_KEY = 0x00010000,
/// <summary/>
PKCS12_IMPORT_RESERVED_MASK = 0xffff0000,
/// <summary/>
PKCS12_OBJECT_LOCATOR_ALL_IMPORT_FLAGS = (PKCS12_ALWAYS_CNG_KSP | PKCS12_NO_PERSIST_KEY | PKCS12_IMPORT_SILENT | PKCS12_INCLUDE_EXTENDED_PROPERTIES),
}
/// <summary>
/// If a certificate is encountered that has no associated private key, the function returns FALSE with the last error set to
/// either CRYPT_E_NOT_FOUND or NTE_NO_KEY.
/// </summary>
REPORT_NO_PRIVATE_KEY = 0x0001,
/// <summary>
/// The <c>PFXExportCertStore</c> function exports the certificates and, if available, the associated private keys from the
/// referenced certificate store. This is an old function kept for compatibility with Internet Explorer 4.0 clients. New
/// applications should use the PfxExportCertStoreEx function that provides enhanced private key security.
/// </summary>
/// <param name="hStore">Handle of the certificate store containing the certificates to be exported.</param>
/// <param name="pPFX">
/// A pointer to a CRYPT_DATA_BLOB structure to contain the PFX packet with the exported certificates and keys. If pPFX-&gt;pbData
/// is <c>NULL</c>, the function calculates the number of bytes needed for the encoded BLOB and returns this in pPFX-&gt;cbData.
/// When the function is called with pPFX-&gt;pbData pointing to an allocated buffer of the needed size, the function copies the
/// encoded bytes into the buffer and updates pPFX-&gt;cbData with the encode byte length.
/// </param>
/// <param name="szPassword">
/// String password used to encrypt and verify the PFX packet. When you have finished using the password, clear the password from
/// memory by calling the SecureZeroMemory function. For more information about protecting passwords, see Handling Passwords.
/// </param>
/// <param name="dwFlags">
/// <para>Flag values can be set to any combination of the following.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>EXPORT_PRIVATE_KEYS</term>
/// <term>Private keys are exported as well as the certificates.</term>
/// </item>
/// <item>
/// <term>REPORT_NO_PRIVATE_KEY</term>
/// <term>
/// If a certificate is encountered that has no associated private key, the function returns FALSE with the last error set to either
/// CRYPT_E_NOT_FOUND or NTE_NO_KEY.
/// </term>
/// </item>
/// <item>
/// <term>REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY</term>
/// <term>
/// If a certificate is encountered that has a non-exportable private key, the function returns FALSE and the last error set to
/// NTE_BAD_KEY, NTE_BAD_KEY_STATE, or NTE_PERM.
/// </term>
/// </item>
/// </list>
/// </param>
/// <returns>
/// Returns <c>TRUE</c> (nonzero) if the function succeeds, and <c>FALSE</c> (zero) if the function fails. For extended error
/// information, call GetLastError.
/// </returns>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-pfxexportcertstore BOOL PFXExportCertStore( HCERTSTORE
// hStore, CRYPT_DATA_BLOB *pPFX, LPCWSTR szPassword, DWORD dwFlags );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "003602c6-d6c9-4695-9c60-ffaf0aa02266")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool PFXExportCertStore([In] HCERTSTORE hStore, ref CRYPTOAPI_BLOB pPFX, [MarshalAs(UnmanagedType.LPWStr)] string szPassword, PFXExportFlags dwFlags);
/// </summary>
REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY = 0x0002,
/// <summary>Private keys are exported as well as the certificates.</summary>
EXPORT_PRIVATE_KEYS = 0x0004,
/// <summary>
/// The <c>PFXExportCertStoreEx</c> function exports the certificates and, if available, their associated private keys from the
/// referenced certificate store. This function replaces the older PfxExportCertStore function. It should be used for its enhanced
/// private key security. The PFX BLOB created by this function is protected by a password.
/// Export all extended properties on the certificate.
/// <para>Windows Server 2003 and Windows XP: This value is not supported.</para>
/// </summary>
/// <param name="hStore">Handle of the certificate store containing the certificates to be exported.</param>
/// <param name="pPFX">
/// A pointer to a CRYPT_DATA_BLOB structure to contain the PFX packet with the exported certificates and keys. If pPFX-&gt;pbData
/// is <c>NULL</c>, the function calculates the number of bytes needed for the encoded BLOB and returns this in pPFX-&gt;cbData.
/// When the function is called with pPFX-&gt;pbData pointing to an allocated buffer of the needed size, the function copies the
/// encoded bytes into the buffer and updates pPFX-&gt;cbData with the encode byte length.
/// </param>
/// <param name="szPassword">
/// String password used to encrypt and verify the PFX packet. When you have finished using the password, clear the password from
/// memory by calling the SecureZeroMemory function. For more information about protecting passwords, see Handling Passwords.
/// </param>
/// <param name="pvPara">
/// <para>
/// This parameter must be <c>NULL</c> if the dwFlags parameter does not contain <c>PKCS12_PROTECT_TO_DOMAIN_SIDS</c>. Prior to
/// Windows 8 and Windows Server 2012, therefore, this parameter must be <c>NULL</c>.
/// </para>
/// <para>
/// Beginning with Windows 8 and Windows Server 2012, if the dwFlags parameter contains <c>PKCS12_PROTECT_TO_DOMAIN_SIDS</c>, you
/// can set the pvPara parameter to point to an <c>NCRYPT_DESCRIPTOR_HANDLE</c> value to identify which Active Directory principal
/// the PFX password will be protected to inside of the PFX BLOB. Currently, the password can be protected to an Active Directory
/// user, computer, or group. For more information about protection descriptors, see NCryptCreateProtectionDescriptor.
/// </para>
/// </param>
/// <param name="dwFlags">
/// <para>Flag values can be set to any combination of the following.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>EXPORT_PRIVATE_KEYS 0x0004</term>
/// <term>Private keys are exported as well as the certificates.</term>
/// </item>
/// <item>
/// <term>REPORT_NO_PRIVATE_KEY 0x0001</term>
/// <term>
/// If a certificate is encountered that has no associated private key, the function returns FALSE with the last error set to either
/// CRYPT_E_NOT_FOUND or NTE_NO_KEY.
/// </term>
/// </item>
/// <item>
/// <term>REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY 0x0002</term>
/// <term>
/// If a certificate is encountered that has a non-exportable private key, the function returns FALSE and the last error set to
/// NTE_BAD_KEY, NTE_BAD_KEY_STATE, or NTE_PERM.
/// </term>
/// </item>
/// <item>
/// <term>PKCS12_INCLUDE_EXTENDED_PROPERTIES 0x0010</term>
/// <term>Export all extended properties on the certificate. Windows Server 2003 and Windows XP: This value is not supported.</term>
/// </item>
/// <item>
/// <term>PKCS12_PROTECT_TO_DOMAIN_SIDS 0x0020</term>
/// <term>
/// The PFX BLOB contains an embedded password that will be protected to the Active Directory (AD) protection descriptor pointed to
/// by the pvPara parameter. If the szPassword parameter is not NULL or empty, the specified password is protected. If, however, the
/// szPassword parameter is NULL or an empty string, a random forty (40) character password is created and protected.
/// PFXImportCertStore uses the specified protection descriptor to decrypt the embedded password, whether specified by the user or
/// randomly generated, and then uses the password to decrypt the PFX BLOB. Windows 8 and Windows Server 2012: Support for this flag begins.
/// </term>
/// </item>
/// </list>
/// </param>
/// <returns>
/// Returns <c>TRUE</c> (nonzero) if the function succeeds, and <c>FALSE</c> (zero) if the function fails. For extended error
/// information, call GetLastError.
/// </returns>
/// <remarks>
/// Beginning with Windows 8 and Windows Server 2012, you can protect the PFX password to an Active Directory user, computer, or
/// group. If you choose to do so but do not create a password, a temporary password will be randomly selected. The password is
/// encrypted by using the Active Directory principal and then embedded in the PFX BLOB. For more information, see the pvPara
/// parameter and the <c>PKCS12_PROTECT_TO_DOMAIN_SIDS</c> flag.
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-pfxexportcertstoreex BOOL PFXExportCertStoreEx(
// HCERTSTORE hStore, CRYPT_DATA_BLOB *pPFX, LPCWSTR szPassword, void *pvPara, DWORD dwFlags );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "e8bd54b1-946f-4c65-8a86-96f0dbec07ff")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool PFXExportCertStoreEx([In] HCERTSTORE hStore, ref CRYPTOAPI_BLOB pPFX, [MarshalAs(UnmanagedType.LPWStr)] string szPassword, [In] IntPtr pvPara, PFXExportFlags dwFlags);
PKCS12_INCLUDE_EXTENDED_PROPERTIES = 0x0010,
/// <summary>
/// The <c>PFXImportCertStore</c> function imports a PFX BLOB and returns the handle of a store that contains certificates and any
/// associated private keys.
/// The PFX BLOB contains an embedded password that will be protected to the Active Directory (AD) protection descriptor pointed
/// to by the pvPara parameter. If the szPassword parameter is not NULL or empty, the specified password is protected. If,
/// however, the szPassword parameter is NULL or an empty string, a random forty (40) character password is created and protected.
/// <para>
/// PFXImportCertStore uses the specified protection descriptor to decrypt the embedded password, whether specified by the user
/// or randomly generated, and then uses the password to decrypt the PFX BLOB.
/// </para>
/// <para>Windows 8 and Windows Server 2012: Support for this flag begins.</para>
/// </summary>
/// <param name="pPFX">
/// A pointer to a CRYPT_DATA_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys.
/// </param>
/// <param name="szPassword">
/// <para>
/// A string password used to decrypt and verify the PFX packet. Whether set to a string of length greater than zero or set to an
/// empty string or to <c>NULL</c>, this value must be exactly the same as the value that was used to encrypt the packet.
/// </para>
/// <para>
/// Beginning with Windows 8 and Windows Server 2012, if the PFX packet was created in the PFXExportCertStoreEx function by using
/// the <c>PKCS12_PROTECT_TO_DOMAIN_SIDS</c> flag, the <c>PFXImportCertStore</c> function attempts to decrypt the password by using
/// the Active Directory (AD) principal that was used to encrypt it. The AD principal is specified in the pvPara parameter. If the
/// szPassword parameter in the <c>PFXExportCertStoreEx</c> function was an empty string or <c>NULL</c> and the dwFlags parameter
/// was set to <c>PKCS12_PROTECT_TO_DOMAIN_SIDS</c>, that function randomly generated a password and encrypted it to the AD
/// principal specified in the pvPara parameter. In that case you should set the password to the value, empty string or <c>NULL</c>,
/// that was used when the PFX packet was created. The <c>PFXImportCertStore</c> function will use the AD principal to decrypt the
/// random password, and the randomly generated password will be used to decrypt the PFX certificate.
/// </para>
/// <para>
/// When you have finished using the password, clear it from memory by calling the SecureZeroMemory function. For more information
/// about protecting passwords, see Handling Passwords.
/// </para>
/// </param>
/// <param name="dwFlags">
/// <para>This parameter can be one of the following values.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CRYPT_EXPORTABLE 0x00000001</term>
/// <term>
PKCS12_PROTECT_TO_DOMAIN_SIDS = 0x0020,
/// <summary/>
PKCS12_EXPORT_SILENT = 0x0040,
/// <summary/>
PKCS12_EXPORT_PBES2_PARAMS = 0x0080,
/// <summary/>
PKCS12_DISABLE_ENCRYPT_CERTIFICATES = 0x0100,
/// <summary/>
PKCS12_ENCRYPT_CERTIFICATES = 0x0200,
/// <summary/>
PKCS12_EXPORT_ECC_CURVE_PARAMETERS = 0x1000,
/// <summary/>
PKCS12_EXPORT_ECC_CURVE_OID = 0x2000,
/// <summary/>
PKCS12_EXPORT_RESERVED_MASK = 0xffff0000,
}
/// <summary>Flags for <see cref="PFXImportCertStore"/>.</summary>
[PInvokeData("wincrypt.h", MSDNShortId = "2c83774a-f2df-4d28-9abd-e39aa507ba88")]
[Flags]
public enum PFXImportFlags : uint
{
/// <summary>
/// Imported keys are marked as exportable. If this flag is not used, calls to the CryptExportKey function with the key handle fail.
/// </term>
/// </item>
/// <item>
/// <term>CRYPT_USER_PROTECTED 0x00000002</term>
/// <term>
/// </summary>
CRYPT_EXPORTABLE = 0x00000001,
/// <summary>
/// The user is to be notified through a dialog box or other method when certain attempts to use this key are made. The precise
/// behavior is specified by the cryptographic service provider (CSP) being used. Prior to Internet Explorer 4.0, Microsoft
/// cryptographic service providers ignored this flag. Starting with Internet Explorer 4.0, Microsoft providers support this flag.
/// If the provider context was opened with the CRYPT_SILENT flag set, using this flag causes a failure and the last error is set to NTE_SILENT_CONTEXT.
/// </term>
/// </item>
/// <item>
/// <term>CRYPT_MACHINE_KEYSET 0x00000020</term>
/// <term>The private keys are stored under the local computer and not under the current user.</term>
/// </item>
/// <item>
/// <term>CRYPT_USER_KEYSET 0x00001000</term>
/// <term>
/// behavior is specified by the cryptographic service provider (CSP) being used.
/// <para>
/// Prior to Internet Explorer 4.0, Microsoft cryptographic service providers ignored this flag. Starting with Internet Explorer
/// 4.0, Microsoft providers support this flag.
/// </para>
/// <para>
/// If the provider context was opened with the CRYPT_SILENT flag set, using this flag causes a failure and the last error is
/// set to NTE_SILENT_CONTEXT.
/// </para>
/// </summary>
CRYPT_USER_PROTECTED = 0x00000002,
/// <summary>The private keys are stored under the local computer and not under the current user.</summary>
CRYPT_MACHINE_KEYSET = 0x00000020,
/// <summary>
/// The private keys are stored under the current user and not under the local computer even if the PFX BLOB specifies that they
/// should go into the local computer.
/// </term>
/// </item>
/// <item>
/// <term>PKCS12_PREFER_CNG_KSP 0x00000100</term>
/// <term>
/// Indicates that the CNG key storage provider (KSP) is preferred. If the CSP is specified in the PFX file, then the CSP is used,
/// otherwise the KSP is preferred. If the CNG KSP is unavailable, the PFXImportCertStore function will fail. Windows Server 2003
/// and Windows XP: This value is not supported.
/// </term>
/// </item>
/// <item>
/// <term>PKCS12_ALWAYS_CNG_KSP 0x00000200</term>
/// <term>
/// Indicates that the CNG KSP is always used. When specified, PFXImportCertStore attempts to use the CNG KSP irrespective of
/// provider information in the PFX file. If the CNG KSP is unavailable, the import will not fail. Windows Server 2003 and Windows
/// XP: This value is not supported.
/// </term>
/// </item>
/// <item>
/// <term>PKCS12_ALLOW_OVERWRITE_KEY 0x00004000</term>
/// <term>
/// Allow overwrite of the existing key. Specify this flag when you encounter a scenario in which you must import a PFX file that
/// contains a key name that already exists. For example, when you import a PFX file, it is possible that a container of the same
/// name is already present because there is no unique namespace for key containers. If you have created a "TestKey" on your
/// computer, and then you import a PFX file that also has "TestKey" as the key container, the PKCS12_ALLOW_OVERWRITE_KEY setting
/// allows the key to be overwritten. Windows Server 2003 and Windows XP: This value is not supported.
/// </term>
/// </item>
/// <item>
/// <term>PKCS12_NO_PERSIST_KEY 0x00008000</term>
/// <term>
/// Do not persist the key. Specify this flag when you do not want to persist the key. For example, if it is not necessary to store
/// the key after verification, then instead of creating a container and then deleting it, you can specify this flag to dispose of
/// the key immediately. Windows Server 2003 and Windows XP: This value is not supported.
/// </term>
/// </item>
/// <item>
/// <term>PKCS12_INCLUDE_EXTENDED_PROPERTIES 0x0010</term>
/// <term>
/// Import all extended properties on the certificate that were saved on the certificate when it was exported. Windows Server 2003
/// and Windows XP: This value is not supported.
/// </term>
/// </item>
/// <item>
/// <term>0x10000000</term>
/// <term>Unpack but do not persist the results.</term>
/// </item>
/// </list>
/// </param>
/// <returns>
/// <para>
/// If the function succeeds, the function returns a handle to a certificate store that contains the imported certificates,
/// including available private keys.
/// </para>
/// <para>
/// If the function fails, that is, if the password parameter does not contain an exact match with the password used to encrypt the
/// exported packet or if there were any other problems decoding the PFX BLOB, the function returns <c>NULL</c>, and an error code
/// can be found by calling the GetLastError function.
/// </para>
/// </returns>
/// <remarks>
/// <para>
/// The <c>PFXImportCertStore</c> function opens a temporary store. If the function succeeds, you should close the handle to the
/// store by calling the CertCloseStore function.
/// </para>
/// <para>
/// When you import a certificate from the PFX packet, the CSP/KSP container name is determined by using the AttributeId with OID
/// 1.3.6.1.4.1.311.17.1 of the PKCS8ShroudedKeyBag SafeBag [bagId: 1.2.840.113549.1.12.10.1.2] (see PKCS #12 for details about the
/// ASN.1 structure of this).
/// </para>
/// <para>
/// If the AttributeId is not present and the PREFER_CNG flag is passed, MS_KEY_STORAGE_PROVIDER is picked. If the AttributeId is
/// not present and the PREFER_CNG flag is not passed, the provider name is determined based on the public key algorithm (that is,
/// the public key algorithm is determined by the AlgorithmIdentifier in PKCS #8):
/// </para>
/// <para>Similarly, the key specification is determined by using the AttributeId with OID 2.5.29.15 (szOID_KEY_USAGE) as follows:</para>
/// <para>
/// If the AttributeId is not present, then the CAPI key value is set to AT_KEYEXCHANGE for RSA or DH and the algorithm is
/// determined by the AlgorithmIdentifier in PKCS #8; otherwise, the algorithm is set to AT_SIGNATURE. For the CNG key value, all
/// ncrypt key usage is set.
/// </para>
/// <para>
/// <c>Note</c> If an invalid provider name is present in the PFX packet, or the base or enhanced cryptography provider is not
/// present in this registry key: <c>HKEY_LOCAL_MACHINE</c>\ <c>SOFTWARE</c>\ <c>Microsoft</c>\ <c>Cryptography</c>\
/// <c>Defaults</c>\ <c>Provider</c>, then a provider lookup is performed by the provider type using this registry subkey:
/// <c>HKEY_LOCAL_MACHINE</c>\ <c>SOFTWARE</c>\ <c>Microsoft</c>\ <c>Cryptography</c>\ <c>Defaults</c>\ <c>Provider Types</c>.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-pfximportcertstore HCERTSTORE PFXImportCertStore(
// CRYPT_DATA_BLOB *pPFX, LPCWSTR szPassword, DWORD dwFlags );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "2c83774a-f2df-4d28-9abd-e39aa507ba88")]
public static extern HCERTSTORE PFXImportCertStore(in CRYPTOAPI_BLOB pPFX, [MarshalAs(UnmanagedType.LPWStr)] string szPassword, PFXImportFlags dwFlags);
/// <summary>The <c>PFXIsPFXBlob</c> function attempts to decode the outer layer of a BLOB as a PFX packet.</summary>
/// <param name="pPFX">A pointer to a CRYPT_DATA_BLOB structure that the function will attempt to decode as a PFX packet.</param>
/// <returns>
/// The function returns <c>TRUE</c> if the BLOB can be decoded as a PFX packet. If the outer layer of the BLOB cannot be decoded as
/// a PFX packet, the function returns <c>FALSE</c>.
/// </returns>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-pfxispfxblob BOOL PFXIsPFXBlob( CRYPT_DATA_BLOB *pPFX );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "28984407-0a28-48e1-9d67-37a6e9db7601")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool PFXIsPFXBlob(in CRYPTOAPI_BLOB pPFX);
/// </summary>
CRYPT_USER_KEYSET = 0x00001000,
/// <summary>
/// <para>
/// The <c>PFXVerifyPassword</c> function attempts to decode the outer layer of a BLOB as a Personal Information Exchange (PFX)
/// packet and to decrypt it with the given password. No data from the BLOB is imported.
/// </para>
/// <para>The PFX format is also known as the Public-Key Cryptography Standards #12 (PKCS #12) format.</para>
/// Indicates that the CNG key storage provider (KSP) is preferred. If the CSP is specified in the PFX file, then the CSP is
/// used, otherwise the KSP is preferred. If the CNG KSP is unavailable, the PFXImportCertStore function will fail.
/// <para>Windows Server 2003 and Windows XP: This value is not supported.</para>
/// </summary>
/// <param name="pPFX">A pointer to a CRYPT_DATA_BLOB structure that the function will attempt to decode as a PFX packet.</param>
/// <param name="szPassword">
PKCS12_PREFER_CNG_KSP = 0x00000100,
/// <summary>
/// Indicates that the CNG KSP is always used. When specified, PFXImportCertStore attempts to use the CNG KSP irrespective of
/// provider information in the PFX file. If the CNG KSP is unavailable, the import will not fail.
/// <para>Windows Server 2003 and Windows XP: This value is not supported.</para>
/// </summary>
PKCS12_ALWAYS_CNG_KSP = 0x00000200,
/// <summary>
/// Allow overwrite of the existing key. Specify this flag when you encounter a scenario in which you must import a PFX file
/// that contains a key name that already exists. For example, when you import a PFX file, it is possible that a container of
/// the same name is already present because there is no unique namespace for key containers. If you have created a "TestKey" on
/// your computer, and then you import a PFX file that also has "TestKey" as the key container, the PKCS12_ALLOW_OVERWRITE_KEY
/// setting allows the key to be overwritten.
/// <para>Windows Server 2003 and Windows XP: This value is not supported.</para>
/// </summary>
PKCS12_ALLOW_OVERWRITE_KEY = 0x00004000,
/// <summary>
/// Do not persist the key. Specify this flag when you do not want to persist the key. For example, if it is not necessary to
/// store the key after verification, then instead of creating a container and then deleting it, you can specify this flag to
/// dispose of the key immediately.
/// <para>
/// String password to be checked. For this function to succeed, this password must be exactly the same as the password used to
/// encrypt the packet.
/// Note If the PKCS12_NO_PERSIST_KEY flag is not set, keys are persisted on disk. If you do not want to persist the keys beyond
/// their usage, you must delete them by calling the CryptAcquireContext function with the CRYPT_DELETEKEYSET flag set in the
/// dwFlags parameter.
/// </para>
/// <para>
/// If you set this value to an empty string or <c>NULL</c>, this function typically attempts to decrypt the password embedded in
/// the PFX BLOB by using the empty string or <c>NULL</c>.
/// </para>
/// <para>
/// However, beginning with Windows 8 and Windows Server 2012, if a <c>NULL</c> or empty password was specified when the PFX BLOB
/// was created and the application also specified that the password should be protected to an Active Directory (AD) principal, the
/// Cryptography API (CAPI) randomly generates a password, encrypts it to the AD principal and embeds it in the PFX BLOB. The
/// <c>PFXVerifyPassword</c> function will then try to use the specified AD principal (current user, computer, or AD group member)
/// to decrypt the password. For more information about protecting PFX to an AD principal, see the pvPara parameter and the
/// <c>PKCS12_PROTECT_TO_DOMAIN_SIDS</c> flag of the PFXExportCertStoreEx function.
/// </para>
/// <para>
/// When you have finished using the password, clear the password from memory by calling the SecureZeroMemory function. For more
/// information about protecting passwords, see Handling Passwords.
/// </para>
/// </param>
/// <param name="dwFlags">Reserved for future use.</param>
/// <returns>The function return <c>TRUE</c> if the password appears correct; otherwise, it returns <c>FALSE</c>.</returns>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-pfxverifypassword BOOL PFXVerifyPassword( CRYPT_DATA_BLOB
// *pPFX, LPCWSTR szPassword, DWORD dwFlags );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "47560192-547e-4440-9f10-43327355e1a0")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool PFXVerifyPassword(in CRYPTOAPI_BLOB pPFX, [MarshalAs(UnmanagedType.LPWStr)] string szPassword, uint dwFlags = 0);
/// <para>Windows Server 2003 and Windows XP: This value is not supported.</para>
/// </summary>
PKCS12_NO_PERSIST_KEY = 0x00008000,
/// <summary>
/// Import all extended properties on the certificate that were saved on the certificate when it was exported.
/// <para>Windows Server 2003 and Windows XP: This value is not supported.</para>
/// </summary>
PKCS12_INCLUDE_EXTENDED_PROPERTIES = 0x0010,
/// <summary>Unpack but do not persist the results.</summary>
PKCS12_UNPACK_RESULTS_ONLY = 0x10000000,
/// <summary/>
CRYPT_USER_PROTECTED_STRONG = 0x00100000,
/// <summary/>
PKCS12_IMPORT_SILENT = 0x00000040,
/// <summary/>
PKCS12_ONLY_CERTIFICATES = 0x00000400,
/// <summary/>
PKCS12_ONLY_NOT_ENCRYPTED_CERTIFICATES = 0x00000800,
/// <summary/>
PKCS12_VIRTUAL_ISOLATION_KEY = 0x00010000,
/// <summary/>
PKCS12_IMPORT_RESERVED_MASK = 0xffff0000,
/// <summary/>
PKCS12_OBJECT_LOCATOR_ALL_IMPORT_FLAGS = (PKCS12_ALWAYS_CNG_KSP | PKCS12_NO_PERSIST_KEY | PKCS12_IMPORT_SILENT | PKCS12_INCLUDE_EXTENDED_PROPERTIES),
}
/// <summary>
/// The <c>PFXExportCertStore</c> function exports the certificates and, if available, the associated private keys from the
/// referenced certificate store. This is an old function kept for compatibility with Internet Explorer 4.0 clients. New
/// applications should use the PfxExportCertStoreEx function that provides enhanced private key security.
/// </summary>
/// <param name="hStore">Handle of the certificate store containing the certificates to be exported.</param>
/// <param name="pPFX">
/// A pointer to a CRYPT_DATA_BLOB structure to contain the PFX packet with the exported certificates and keys. If pPFX-&gt;pbData
/// is <c>NULL</c>, the function calculates the number of bytes needed for the encoded BLOB and returns this in pPFX-&gt;cbData.
/// When the function is called with pPFX-&gt;pbData pointing to an allocated buffer of the needed size, the function copies the
/// encoded bytes into the buffer and updates pPFX-&gt;cbData with the encode byte length.
/// </param>
/// <param name="szPassword">
/// String password used to encrypt and verify the PFX packet. When you have finished using the password, clear the password from
/// memory by calling the SecureZeroMemory function. For more information about protecting passwords, see Handling Passwords.
/// </param>
/// <param name="dwFlags">
/// <para>Flag values can be set to any combination of the following.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>EXPORT_PRIVATE_KEYS</term>
/// <term>Private keys are exported as well as the certificates.</term>
/// </item>
/// <item>
/// <term>REPORT_NO_PRIVATE_KEY</term>
/// <term>
/// If a certificate is encountered that has no associated private key, the function returns FALSE with the last error set to either
/// CRYPT_E_NOT_FOUND or NTE_NO_KEY.
/// </term>
/// </item>
/// <item>
/// <term>REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY</term>
/// <term>
/// If a certificate is encountered that has a non-exportable private key, the function returns FALSE and the last error set to
/// NTE_BAD_KEY, NTE_BAD_KEY_STATE, or NTE_PERM.
/// </term>
/// </item>
/// </list>
/// </param>
/// <returns>
/// Returns <c>TRUE</c> (nonzero) if the function succeeds, and <c>FALSE</c> (zero) if the function fails. For extended error
/// information, call GetLastError.
/// </returns>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-pfxexportcertstore BOOL PFXExportCertStore( HCERTSTORE
// hStore, CRYPT_DATA_BLOB *pPFX, LPCWSTR szPassword, DWORD dwFlags );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "003602c6-d6c9-4695-9c60-ffaf0aa02266")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool PFXExportCertStore([In] HCERTSTORE hStore, ref CRYPTOAPI_BLOB pPFX, [MarshalAs(UnmanagedType.LPWStr)] string szPassword, PFXExportFlags dwFlags);
/// <summary>
/// The <c>PFXExportCertStoreEx</c> function exports the certificates and, if available, their associated private keys from the
/// referenced certificate store. This function replaces the older PfxExportCertStore function. It should be used for its enhanced
/// private key security. The PFX BLOB created by this function is protected by a password.
/// </summary>
/// <param name="hStore">Handle of the certificate store containing the certificates to be exported.</param>
/// <param name="pPFX">
/// A pointer to a CRYPT_DATA_BLOB structure to contain the PFX packet with the exported certificates and keys. If pPFX-&gt;pbData
/// is <c>NULL</c>, the function calculates the number of bytes needed for the encoded BLOB and returns this in pPFX-&gt;cbData.
/// When the function is called with pPFX-&gt;pbData pointing to an allocated buffer of the needed size, the function copies the
/// encoded bytes into the buffer and updates pPFX-&gt;cbData with the encode byte length.
/// </param>
/// <param name="szPassword">
/// String password used to encrypt and verify the PFX packet. When you have finished using the password, clear the password from
/// memory by calling the SecureZeroMemory function. For more information about protecting passwords, see Handling Passwords.
/// </param>
/// <param name="pvPara">
/// <para>
/// This parameter must be <c>NULL</c> if the dwFlags parameter does not contain <c>PKCS12_PROTECT_TO_DOMAIN_SIDS</c>. Prior to
/// Windows 8 and Windows Server 2012, therefore, this parameter must be <c>NULL</c>.
/// </para>
/// <para>
/// Beginning with Windows 8 and Windows Server 2012, if the dwFlags parameter contains <c>PKCS12_PROTECT_TO_DOMAIN_SIDS</c>, you
/// can set the pvPara parameter to point to an <c>NCRYPT_DESCRIPTOR_HANDLE</c> value to identify which Active Directory principal
/// the PFX password will be protected to inside of the PFX BLOB. Currently, the password can be protected to an Active Directory
/// user, computer, or group. For more information about protection descriptors, see NCryptCreateProtectionDescriptor.
/// </para>
/// </param>
/// <param name="dwFlags">
/// <para>Flag values can be set to any combination of the following.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>EXPORT_PRIVATE_KEYS 0x0004</term>
/// <term>Private keys are exported as well as the certificates.</term>
/// </item>
/// <item>
/// <term>REPORT_NO_PRIVATE_KEY 0x0001</term>
/// <term>
/// If a certificate is encountered that has no associated private key, the function returns FALSE with the last error set to either
/// CRYPT_E_NOT_FOUND or NTE_NO_KEY.
/// </term>
/// </item>
/// <item>
/// <term>REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY 0x0002</term>
/// <term>
/// If a certificate is encountered that has a non-exportable private key, the function returns FALSE and the last error set to
/// NTE_BAD_KEY, NTE_BAD_KEY_STATE, or NTE_PERM.
/// </term>
/// </item>
/// <item>
/// <term>PKCS12_INCLUDE_EXTENDED_PROPERTIES 0x0010</term>
/// <term>Export all extended properties on the certificate. Windows Server 2003 and Windows XP: This value is not supported.</term>
/// </item>
/// <item>
/// <term>PKCS12_PROTECT_TO_DOMAIN_SIDS 0x0020</term>
/// <term>
/// The PFX BLOB contains an embedded password that will be protected to the Active Directory (AD) protection descriptor pointed to
/// by the pvPara parameter. If the szPassword parameter is not NULL or empty, the specified password is protected. If, however, the
/// szPassword parameter is NULL or an empty string, a random forty (40) character password is created and protected.
/// PFXImportCertStore uses the specified protection descriptor to decrypt the embedded password, whether specified by the user or
/// randomly generated, and then uses the password to decrypt the PFX BLOB. Windows 8 and Windows Server 2012: Support for this flag begins.
/// </term>
/// </item>
/// </list>
/// </param>
/// <returns>
/// Returns <c>TRUE</c> (nonzero) if the function succeeds, and <c>FALSE</c> (zero) if the function fails. For extended error
/// information, call GetLastError.
/// </returns>
/// <remarks>
/// Beginning with Windows 8 and Windows Server 2012, you can protect the PFX password to an Active Directory user, computer, or
/// group. If you choose to do so but do not create a password, a temporary password will be randomly selected. The password is
/// encrypted by using the Active Directory principal and then embedded in the PFX BLOB. For more information, see the pvPara
/// parameter and the <c>PKCS12_PROTECT_TO_DOMAIN_SIDS</c> flag.
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-pfxexportcertstoreex BOOL PFXExportCertStoreEx(
// HCERTSTORE hStore, CRYPT_DATA_BLOB *pPFX, LPCWSTR szPassword, void *pvPara, DWORD dwFlags );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "e8bd54b1-946f-4c65-8a86-96f0dbec07ff")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool PFXExportCertStoreEx([In] HCERTSTORE hStore, ref CRYPTOAPI_BLOB pPFX, [MarshalAs(UnmanagedType.LPWStr)] string szPassword, [In] IntPtr pvPara, PFXExportFlags dwFlags);
/// <summary>
/// The <c>PFXImportCertStore</c> function imports a PFX BLOB and returns the handle of a store that contains certificates and any
/// associated private keys.
/// </summary>
/// <param name="pPFX">
/// A pointer to a CRYPT_DATA_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys.
/// </param>
/// <param name="szPassword">
/// <para>
/// A string password used to decrypt and verify the PFX packet. Whether set to a string of length greater than zero or set to an
/// empty string or to <c>NULL</c>, this value must be exactly the same as the value that was used to encrypt the packet.
/// </para>
/// <para>
/// Beginning with Windows 8 and Windows Server 2012, if the PFX packet was created in the PFXExportCertStoreEx function by using
/// the <c>PKCS12_PROTECT_TO_DOMAIN_SIDS</c> flag, the <c>PFXImportCertStore</c> function attempts to decrypt the password by using
/// the Active Directory (AD) principal that was used to encrypt it. The AD principal is specified in the pvPara parameter. If the
/// szPassword parameter in the <c>PFXExportCertStoreEx</c> function was an empty string or <c>NULL</c> and the dwFlags parameter
/// was set to <c>PKCS12_PROTECT_TO_DOMAIN_SIDS</c>, that function randomly generated a password and encrypted it to the AD
/// principal specified in the pvPara parameter. In that case you should set the password to the value, empty string or <c>NULL</c>,
/// that was used when the PFX packet was created. The <c>PFXImportCertStore</c> function will use the AD principal to decrypt the
/// random password, and the randomly generated password will be used to decrypt the PFX certificate.
/// </para>
/// <para>
/// When you have finished using the password, clear it from memory by calling the SecureZeroMemory function. For more information
/// about protecting passwords, see Handling Passwords.
/// </para>
/// </param>
/// <param name="dwFlags">
/// <para>This parameter can be one of the following values.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CRYPT_EXPORTABLE 0x00000001</term>
/// <term>
/// Imported keys are marked as exportable. If this flag is not used, calls to the CryptExportKey function with the key handle fail.
/// </term>
/// </item>
/// <item>
/// <term>CRYPT_USER_PROTECTED 0x00000002</term>
/// <term>
/// The user is to be notified through a dialog box or other method when certain attempts to use this key are made. The precise
/// behavior is specified by the cryptographic service provider (CSP) being used. Prior to Internet Explorer 4.0, Microsoft
/// cryptographic service providers ignored this flag. Starting with Internet Explorer 4.0, Microsoft providers support this flag.
/// If the provider context was opened with the CRYPT_SILENT flag set, using this flag causes a failure and the last error is set to NTE_SILENT_CONTEXT.
/// </term>
/// </item>
/// <item>
/// <term>CRYPT_MACHINE_KEYSET 0x00000020</term>
/// <term>The private keys are stored under the local computer and not under the current user.</term>
/// </item>
/// <item>
/// <term>CRYPT_USER_KEYSET 0x00001000</term>
/// <term>
/// The private keys are stored under the current user and not under the local computer even if the PFX BLOB specifies that they
/// should go into the local computer.
/// </term>
/// </item>
/// <item>
/// <term>PKCS12_PREFER_CNG_KSP 0x00000100</term>
/// <term>
/// Indicates that the CNG key storage provider (KSP) is preferred. If the CSP is specified in the PFX file, then the CSP is used,
/// otherwise the KSP is preferred. If the CNG KSP is unavailable, the PFXImportCertStore function will fail. Windows Server 2003
/// and Windows XP: This value is not supported.
/// </term>
/// </item>
/// <item>
/// <term>PKCS12_ALWAYS_CNG_KSP 0x00000200</term>
/// <term>
/// Indicates that the CNG KSP is always used. When specified, PFXImportCertStore attempts to use the CNG KSP irrespective of
/// provider information in the PFX file. If the CNG KSP is unavailable, the import will not fail. Windows Server 2003 and Windows
/// XP: This value is not supported.
/// </term>
/// </item>
/// <item>
/// <term>PKCS12_ALLOW_OVERWRITE_KEY 0x00004000</term>
/// <term>
/// Allow overwrite of the existing key. Specify this flag when you encounter a scenario in which you must import a PFX file that
/// contains a key name that already exists. For example, when you import a PFX file, it is possible that a container of the same
/// name is already present because there is no unique namespace for key containers. If you have created a "TestKey" on your
/// computer, and then you import a PFX file that also has "TestKey" as the key container, the PKCS12_ALLOW_OVERWRITE_KEY setting
/// allows the key to be overwritten. Windows Server 2003 and Windows XP: This value is not supported.
/// </term>
/// </item>
/// <item>
/// <term>PKCS12_NO_PERSIST_KEY 0x00008000</term>
/// <term>
/// Do not persist the key. Specify this flag when you do not want to persist the key. For example, if it is not necessary to store
/// the key after verification, then instead of creating a container and then deleting it, you can specify this flag to dispose of
/// the key immediately. Windows Server 2003 and Windows XP: This value is not supported.
/// </term>
/// </item>
/// <item>
/// <term>PKCS12_INCLUDE_EXTENDED_PROPERTIES 0x0010</term>
/// <term>
/// Import all extended properties on the certificate that were saved on the certificate when it was exported. Windows Server 2003
/// and Windows XP: This value is not supported.
/// </term>
/// </item>
/// <item>
/// <term>0x10000000</term>
/// <term>Unpack but do not persist the results.</term>
/// </item>
/// </list>
/// </param>
/// <returns>
/// <para>
/// If the function succeeds, the function returns a handle to a certificate store that contains the imported certificates,
/// including available private keys.
/// </para>
/// <para>
/// If the function fails, that is, if the password parameter does not contain an exact match with the password used to encrypt the
/// exported packet or if there were any other problems decoding the PFX BLOB, the function returns <c>NULL</c>, and an error code
/// can be found by calling the GetLastError function.
/// </para>
/// </returns>
/// <remarks>
/// <para>
/// The <c>PFXImportCertStore</c> function opens a temporary store. If the function succeeds, you should close the handle to the
/// store by calling the CertCloseStore function.
/// </para>
/// <para>
/// When you import a certificate from the PFX packet, the CSP/KSP container name is determined by using the AttributeId with OID
/// 1.3.6.1.4.1.311.17.1 of the PKCS8ShroudedKeyBag SafeBag [bagId: 1.2.840.113549.1.12.10.1.2] (see PKCS #12 for details about the
/// ASN.1 structure of this).
/// </para>
/// <para>
/// If the AttributeId is not present and the PREFER_CNG flag is passed, MS_KEY_STORAGE_PROVIDER is picked. If the AttributeId is
/// not present and the PREFER_CNG flag is not passed, the provider name is determined based on the public key algorithm (that is,
/// the public key algorithm is determined by the AlgorithmIdentifier in PKCS #8):
/// </para>
/// <para>Similarly, the key specification is determined by using the AttributeId with OID 2.5.29.15 (szOID_KEY_USAGE) as follows:</para>
/// <para>
/// If the AttributeId is not present, then the CAPI key value is set to AT_KEYEXCHANGE for RSA or DH and the algorithm is
/// determined by the AlgorithmIdentifier in PKCS #8; otherwise, the algorithm is set to AT_SIGNATURE. For the CNG key value, all
/// ncrypt key usage is set.
/// </para>
/// <para>
/// <c>Note</c> If an invalid provider name is present in the PFX packet, or the base or enhanced cryptography provider is not
/// present in this registry key: <c>HKEY_LOCAL_MACHINE</c>\ <c>SOFTWARE</c>\ <c>Microsoft</c>\ <c>Cryptography</c>\
/// <c>Defaults</c>\ <c>Provider</c>, then a provider lookup is performed by the provider type using this registry subkey:
/// <c>HKEY_LOCAL_MACHINE</c>\ <c>SOFTWARE</c>\ <c>Microsoft</c>\ <c>Cryptography</c>\ <c>Defaults</c>\ <c>Provider Types</c>.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-pfximportcertstore HCERTSTORE PFXImportCertStore(
// CRYPT_DATA_BLOB *pPFX, LPCWSTR szPassword, DWORD dwFlags );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "2c83774a-f2df-4d28-9abd-e39aa507ba88")]
public static extern HCERTSTORE PFXImportCertStore(in CRYPTOAPI_BLOB pPFX, [MarshalAs(UnmanagedType.LPWStr)] string szPassword, PFXImportFlags dwFlags);
/// <summary>The <c>PFXIsPFXBlob</c> function attempts to decode the outer layer of a BLOB as a PFX packet.</summary>
/// <param name="pPFX">A pointer to a CRYPT_DATA_BLOB structure that the function will attempt to decode as a PFX packet.</param>
/// <returns>
/// The function returns <c>TRUE</c> if the BLOB can be decoded as a PFX packet. If the outer layer of the BLOB cannot be decoded as
/// a PFX packet, the function returns <c>FALSE</c>.
/// </returns>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-pfxispfxblob BOOL PFXIsPFXBlob( CRYPT_DATA_BLOB *pPFX );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "28984407-0a28-48e1-9d67-37a6e9db7601")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool PFXIsPFXBlob(in CRYPTOAPI_BLOB pPFX);
/// <summary>
/// <para>
/// The <c>PFXVerifyPassword</c> function attempts to decode the outer layer of a BLOB as a Personal Information Exchange (PFX)
/// packet and to decrypt it with the given password. No data from the BLOB is imported.
/// </para>
/// <para>The PFX format is also known as the Public-Key Cryptography Standards #12 (PKCS #12) format.</para>
/// </summary>
/// <param name="pPFX">A pointer to a CRYPT_DATA_BLOB structure that the function will attempt to decode as a PFX packet.</param>
/// <param name="szPassword">
/// <para>
/// String password to be checked. For this function to succeed, this password must be exactly the same as the password used to
/// encrypt the packet.
/// </para>
/// <para>
/// If you set this value to an empty string or <c>NULL</c>, this function typically attempts to decrypt the password embedded in
/// the PFX BLOB by using the empty string or <c>NULL</c>.
/// </para>
/// <para>
/// However, beginning with Windows 8 and Windows Server 2012, if a <c>NULL</c> or empty password was specified when the PFX BLOB
/// was created and the application also specified that the password should be protected to an Active Directory (AD) principal, the
/// Cryptography API (CAPI) randomly generates a password, encrypts it to the AD principal and embeds it in the PFX BLOB. The
/// <c>PFXVerifyPassword</c> function will then try to use the specified AD principal (current user, computer, or AD group member)
/// to decrypt the password. For more information about protecting PFX to an AD principal, see the pvPara parameter and the
/// <c>PKCS12_PROTECT_TO_DOMAIN_SIDS</c> flag of the PFXExportCertStoreEx function.
/// </para>
/// <para>
/// When you have finished using the password, clear the password from memory by calling the SecureZeroMemory function. For more
/// information about protecting passwords, see Handling Passwords.
/// </para>
/// </param>
/// <param name="dwFlags">Reserved for future use.</param>
/// <returns>The function return <c>TRUE</c> if the password appears correct; otherwise, it returns <c>FALSE</c>.</returns>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-pfxverifypassword BOOL PFXVerifyPassword( CRYPT_DATA_BLOB
// *pPFX, LPCWSTR szPassword, DWORD dwFlags );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "47560192-547e-4440-9f10-43327355e1a0")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool PFXVerifyPassword(in CRYPTOAPI_BLOB pPFX, [MarshalAs(UnmanagedType.LPWStr)] string szPassword, uint dwFlags = 0);
}

4327
PInvoke/Cryptography/Crypt32/Wincrypt.Prop.cs
View File

File diff suppressed because it is too large Load Diff

203
PInvoke/Cryptography/Crypt32/Wincrypt.Prov.cs
View File

@ -5,109 +5,108 @@ using Vanara.Extensions;
using Vanara.InteropServices;
using FILETIME = System.Runtime.InteropServices.ComTypes.FILETIME;
namespace Vanara.PInvoke
namespace Vanara.PInvoke;
/// <summary>Methods and data types found in Crypt32.dll.</summary>
public static partial class Crypt32
{
/// <summary>Methods and data types found in Crypt32.dll.</summary>
public static partial class Crypt32
/// <summary>Well-known provider types.</summary>
public static class CryptProviderType
{
/// <summary>Well-known provider types.</summary>
public static class CryptProviderType
{
/// <summary/>
public const uint PROV_RSA_FULL = 1;
/// <summary/>
public const uint PROV_RSA_SIG = 2;
/// <summary/>
public const uint PROV_DSS = 3;
/// <summary/>
public const uint PROV_FORTEZZA = 4;
/// <summary/>
public const uint PROV_MS_EXCHANGE = 5;
/// <summary/>
public const uint PROV_SSL = 6;
/// <summary/>
public const uint PROV_RSA_SCHANNEL = 12;
/// <summary/>
public const uint PROV_DSS_DH = 13;
/// <summary/>
public const uint PROV_EC_ECDSA_SIG = 14;
/// <summary/>
public const uint PROV_EC_ECNRA_SIG = 15;
/// <summary/>
public const uint PROV_EC_ECDSA_FULL = 16;
/// <summary/>
public const uint PROV_EC_ECNRA_FULL = 17;
/// <summary/>
public const uint PROV_DH_SCHANNEL = 18;
/// <summary/>
public const uint PROV_SPYRUS_LYNKS = 20;
/// <summary/>
public const uint PROV_RNG = 21;
/// <summary/>
public const uint PROV_INTEL_SEC = 22;
/// <summary/>
public const uint PROV_REPLACE_OWF = 23;
/// <summary/>
public const uint PROV_RSA_AES = 24;
}
/*
CryptAcquireContext
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Acquires a handle to the current user's key container within a particular CSP.
CryptContextAddRef
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Increments the reference count on an HCRYPTPROV handle.
CryptEnumProviders
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Enumerates the providers on a computer.
CryptEnumProviderTypes
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Enumerates the types of providers supported on the computer.
CryptGetDefaultProvider
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Determines the default CSP either for the current user or for the computer for a specified provider type.
CryptGetProvParam
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Retrieves the parameters that govern the operations of a CSP.
CryptInstallDefaultContext
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Installs a previously acquired HCRYPTPROV context to be used as a default context.
CryptReleaseContext
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Releases the handle acquired by the CryptAcquireContext function.
CryptSetProvider and CryptSetProviderEx
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Specifies the user default CSP for a particular CSP type.
CryptSetProvParam
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Specifies attributes of a CSP.
CryptUninstallDefaultContext
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Removes a default context previously installed by CryptInstallDefaultContext.
FreeCryptProvFromCertEx Releases the handle either to a cryptographic service provider (CSP) or to a Cryptography API: Next Generation (CNG) key.
*/
/// <summary/>
public const uint PROV_RSA_FULL = 1;
/// <summary/>
public const uint PROV_RSA_SIG = 2;
/// <summary/>
public const uint PROV_DSS = 3;
/// <summary/>
public const uint PROV_FORTEZZA = 4;
/// <summary/>
public const uint PROV_MS_EXCHANGE = 5;
/// <summary/>
public const uint PROV_SSL = 6;
/// <summary/>
public const uint PROV_RSA_SCHANNEL = 12;
/// <summary/>
public const uint PROV_DSS_DH = 13;
/// <summary/>
public const uint PROV_EC_ECDSA_SIG = 14;
/// <summary/>
public const uint PROV_EC_ECNRA_SIG = 15;
/// <summary/>
public const uint PROV_EC_ECDSA_FULL = 16;
/// <summary/>
public const uint PROV_EC_ECNRA_FULL = 17;
/// <summary/>
public const uint PROV_DH_SCHANNEL = 18;
/// <summary/>
public const uint PROV_SPYRUS_LYNKS = 20;
/// <summary/>
public const uint PROV_RNG = 21;
/// <summary/>
public const uint PROV_INTEL_SEC = 22;
/// <summary/>
public const uint PROV_REPLACE_OWF = 23;
/// <summary/>
public const uint PROV_RSA_AES = 24;
}
/*
CryptAcquireContext
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Acquires a handle to the current user's key container within a particular CSP.
CryptContextAddRef
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Increments the reference count on an HCRYPTPROV handle.
CryptEnumProviders
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Enumerates the providers on a computer.
CryptEnumProviderTypes
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Enumerates the types of providers supported on the computer.
CryptGetDefaultProvider
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Determines the default CSP either for the current user or for the computer for a specified provider type.
CryptGetProvParam
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Retrieves the parameters that govern the operations of a CSP.
CryptInstallDefaultContext
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Installs a previously acquired HCRYPTPROV context to be used as a default context.
CryptReleaseContext
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Releases the handle acquired by the CryptAcquireContext function.
CryptSetProvider and CryptSetProviderEx
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Specifies the user default CSP for a particular CSP type.
CryptSetProvParam
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Specifies attributes of a CSP.
CryptUninstallDefaultContext
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Removes a default context previously installed by CryptInstallDefaultContext.
FreeCryptProvFromCertEx Releases the handle either to a cryptographic service provider (CSP) or to a Cryptography API: Next Generation (CNG) key.
*/
}

2464
PInvoke/Cryptography/Crypt32/Wincrypt.RevList.cs
View File

File diff suppressed because it is too large Load Diff

8033
PInvoke/Cryptography/Crypt32/Wincrypt.Store.cs
View File

File diff suppressed because it is too large Load Diff

1407
PInvoke/Cryptography/Crypt32/Wincrypt.TrustList.cs
View File

File diff suppressed because it is too large Load Diff

5459
PInvoke/Cryptography/Crypt32/Wincrypt.Verification.cs
View File

File diff suppressed because it is too large Load Diff

7636
PInvoke/Cryptography/Crypt32/Wincrypt.cs
View File

File diff suppressed because it is too large Load Diff

1362
PInvoke/Cryptography/Crypt32/dpapi.cs
View File

File diff suppressed because it is too large Load Diff

1939
PInvoke/Cryptography/Crypt32/mssip.cs
View File

File diff suppressed because it is too large Load Diff

1131
PInvoke/Cryptography/CryptDlg/Wincrypt.cs
View File

File diff suppressed because it is too large Load Diff

3707
PInvoke/Cryptography/CryptNet/Wincrypt.cs
View File

File diff suppressed because it is too large Load Diff

3897
PInvoke/Cryptography/CryptUI/Wincrypt.cs
View File

File diff suppressed because it is too large Load Diff

10243
PInvoke/Cryptography/NCrypt/NCrypt.cs
View File

File diff suppressed because it is too large Load Diff

2925
PInvoke/Cryptography/NCrypt/NCryptProtect.cs
View File

File diff suppressed because it is too large Load Diff

3281
PInvoke/Cryptography/NCrypt/SslProvider.cs
View File

File diff suppressed because it is too large Load Diff

787
PInvoke/Cryptography/TokenBinding/TokenBinding.cs
View File

@ -1,426 +1,425 @@
using System;
using System.Runtime.InteropServices;
namespace Vanara.PInvoke
namespace Vanara.PInvoke;
/// <summary>Methods and data types found in TokenBinding.dll.</summary>
public static partial class TokenBinding
{
/// <summary>Methods and data types found in TokenBinding.dll.</summary>
public static partial class TokenBinding
/// <summary>
/// <para>Specifies the formats that are available to interpret extension data.</para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/ne-tokenbinding-tokenbinding_extension_format typedef enum
// TOKENBINDING_EXTENSION_FORMAT { TOKENBINDING_EXTENSION_FORMAT_UNDEFINED } ;
[PInvokeData("tokenbinding.h", MSDNShortId = "EBF14890-3F7D-4814-93E1-570E81E05DF2")]
public enum TOKENBINDING_EXTENSION_FORMAT
{
/// <summary>
/// <para>Specifies the formats that are available to interpret extension data.</para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/ne-tokenbinding-tokenbinding_extension_format typedef enum
// TOKENBINDING_EXTENSION_FORMAT { TOKENBINDING_EXTENSION_FORMAT_UNDEFINED } ;
[PInvokeData("tokenbinding.h", MSDNShortId = "EBF14890-3F7D-4814-93E1-570E81E05DF2")]
public enum TOKENBINDING_EXTENSION_FORMAT
{
/// <summary>The format for interpreting the extension data is undefined.</summary>
TOKENBINDING_EXTENSION_FORMAT_UNDEFINED,
}
/// <summary>The format for interpreting the extension data is undefined.</summary>
TOKENBINDING_EXTENSION_FORMAT_UNDEFINED,
}
/// <summary>Undocumented.</summary>
public enum TOKENBINDING_KEY_PARAMETERS_TYPE
{
/// <summary>Undocumented.</summary>
TOKENBINDING_KEY_PARAMETERS_TYPE_RSA2048_PKCS = 0,
/// <summary>Undocumented.</summary>
public enum TOKENBINDING_KEY_PARAMETERS_TYPE
{
/// <summary>Undocumented.</summary>
TOKENBINDING_KEY_PARAMETERS_TYPE_RSA2048_PKCS = 0,
TOKENBINDING_KEY_PARAMETERS_TYPE_RSA2048_PSS = 1,
/// <summary>Undocumented.</summary>
TOKENBINDING_KEY_PARAMETERS_TYPE_RSA2048_PSS = 1,
/// <summary>Undocumented.</summary>
TOKENBINDING_KEY_PARAMETERS_TYPE_ECDSAP256 = 2,
}
/// <summary>Undocumented.</summary>
TOKENBINDING_KEY_PARAMETERS_TYPE_ECDSAP256 = 2,
}
/// <summary>
/// <para>Specifies the possible types for a token binding.</para>
/// </summary>
/// <remarks>
/// <para>
/// More information about the use of these Token Binding types can be found in the <c>Token Binding over HTTP Internet</c> draft.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/ne-tokenbinding-tokenbinding_type typedef enum TOKENBINDING_TYPE
// { TOKENBINDING_TYPE_PROVIDED, TOKENBINDING_TYPE_REFERRED } ;
[PInvokeData("tokenbinding.h", MSDNShortId = "7F126B3E-1033-4C0A-AD5F-0FAD951C85C6")]
public enum TOKENBINDING_TYPE
{
/// <summary>
/// This type of Token Binding is used to protect tokens issued by the Identity Provider for the client to present with
/// subsequent requests back to this Identity Provider.
/// </summary>
TOKENBINDING_TYPE_PROVIDED,
/// <summary>
/// <para>Specifies the possible types for a token binding.</para>
/// This type of Token Binding is used to protect tokens issued by the Identity Provider for the client to present to a Relying Party.
/// </summary>
/// <remarks>
/// <para>
/// More information about the use of these Token Binding types can be found in the <c>Token Binding over HTTP Internet</c> draft.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/ne-tokenbinding-tokenbinding_type typedef enum TOKENBINDING_TYPE
// { TOKENBINDING_TYPE_PROVIDED, TOKENBINDING_TYPE_REFERRED } ;
[PInvokeData("tokenbinding.h", MSDNShortId = "7F126B3E-1033-4C0A-AD5F-0FAD951C85C6")]
public enum TOKENBINDING_TYPE
{
/// <summary>
/// This type of Token Binding is used to protect tokens issued by the Identity Provider for the client to present with
/// subsequent requests back to this Identity Provider.
/// </summary>
TOKENBINDING_TYPE_PROVIDED,
TOKENBINDING_TYPE_REFERRED,
}
/// <summary>
/// This type of Token Binding is used to protect tokens issued by the Identity Provider for the client to present to a Relying Party.
/// </summary>
TOKENBINDING_TYPE_REFERRED,
}
/// <summary>
/// <para>Deletes all token binding keys that are associated with the calling user or app container.</para>
/// </summary>
/// <returns>
/// <para>Returns a status code that indicates the success or failure of the function.</para>
/// </returns>
/// <remarks>
/// <para>You can call <c>TokenBindingDeleteAllBindings</c> from user mode.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/nf-tokenbinding-tokenbindingdeleteallbindings SECURITY_STATUS
// TokenBindingDeleteAllBindings( );
[DllImport(Lib.Tokenbinding, SetLastError = false, ExactSpelling = true)]
[PInvokeData("tokenbinding.h", MSDNShortId = "0446F62F-96B4-4F4B-9789-0CD12173E601")]
public static extern HRESULT TokenBindingDeleteAllBindings();
/// <summary>
/// <para>Deletes the token binding key that is associated with the specified target string.</para>
/// </summary>
/// <param name="targetURL">
/// <para>The target string for which <c>TokenBindingDeleteBinding</c> should delete the associated token binding key.</para>
/// </param>
/// <returns>
/// <para>Returns a status code that indicates the success or failure of the function.</para>
/// </returns>
/// <remarks>
/// <para>You can call <c>TokenBindingDeleteBinding</c> from user mode.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/nf-tokenbinding-tokenbindingdeletebinding SECURITY_STATUS
// TokenBindingDeleteBinding( PCWSTR targetURL );
[DllImport(Lib.Tokenbinding, SetLastError = false, ExactSpelling = true)]
[PInvokeData("tokenbinding.h", MSDNShortId = "4258CC92-580E-403C-9AE4-4BB726255464")]
public static extern HRESULT TokenBindingDeleteBinding([MarshalAs(UnmanagedType.LPWStr)] string targetURL);
/// <summary>
/// <para>
/// Constructs one token binding that contains the exported public key and signature by using the specified key type for the token
/// binding, a target identifier string for creating and retrieving the token binding key, and the unique data. This function also
/// returns the token binding identifier, if needed.
/// </para>
/// </summary>
/// <param name="keyType">
/// <para>
/// The negotiated key type to use. Use a value from the list of key types that you retrieved by calling the
/// TokenBindingGetKeyTypesClient function.
/// </para>
/// </param>
/// <param name="targetURL">
/// <para>
/// The target string to use in conjunction with the key type to generate or retrieve a token binding key for the NCrypt operations
/// that build the buffer for the tokenBinding parameter.
/// </para>
/// </param>
/// <param name="bindingType">
/// <para>The type of token binding that <c>TokenBindingGenerateBinding</c> should generate.</para>
/// </param>
/// <param name="tlsEKM">
/// <para>A pointer to the buffer that contains unique data.</para>
/// </param>
/// <param name="tlsEKMSize">
/// <para>The size of the buffer that the tlsUnique parameter points to, in bytes.</para>
/// </param>
/// <param name="extensionFormat">
/// <para>The format to use to interpret the data in the extensionData parameter. This value must be <c>TOKENBINDING_EXTENSION_FORMAT_UNDEFINED</c>.</para>
/// </param>
/// <param name="extensionData">
/// <para>
/// A pointer to a buffer that contains extension data. The value of the extensionFormat parameter determines how to interpret this data.
/// </para>
/// </param>
/// <param name="tokenBinding">
/// <para>
/// A pointer that receives the address of the token binding buffer. Use the HeapAlloc function to allocate the memory for this
/// buffer, and the HeapFree function to free that memory.
/// </para>
/// </param>
/// <param name="tokenBindingSize">
/// <para>Pointer to a variable that receives the size of the buffer allocated for the tokenBinding parameter, in bytes.</para>
/// </param>
/// <param name="resultData">
/// <para>
/// A pointer that receives the address of the buffer that contains result data that includes the token binding identifier of the
/// token binding that <c>TokenBindingGenerateBinding</c> generates. Use the HeapAlloc function to allocate the memory for this
/// buffer, and the HeapFree function to free that memory. Specify NULL is you do not need this information.
/// </para>
/// </param>
/// <returns>
/// <para>Returns a status code that indicates the success or failure of the function.</para>
/// </returns>
/// <remarks>
/// <para>You can call <c>TokenBindingGenerateBinding</c> from user mode.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/nf-tokenbinding-tokenbindinggeneratebinding SECURITY_STATUS
// TokenBindingGenerateBinding( TOKENBINDING_KEY_PARAMETERS_TYPE keyType, PCWSTR targetURL, TOKENBINDING_TYPE bindingType, const void
// *tlsEKM, DWORD tlsEKMSize, TOKENBINDING_EXTENSION_FORMAT extensionFormat, const void *extensionData, void **tokenBinding, DWORD
// *tokenBindingSize, TOKENBINDING_RESULT_DATA **resultData );
[DllImport(Lib.Tokenbinding, SetLastError = false, ExactSpelling = true)]
[PInvokeData("tokenbinding.h", MSDNShortId = "4289E3F0-17AC-485B-A326-2C8BECD5CABB")]
public static extern HRESULT TokenBindingGenerateBinding(TOKENBINDING_KEY_PARAMETERS_TYPE keyType, [MarshalAs(UnmanagedType.LPWStr)] string targetURL, TOKENBINDING_TYPE bindingType, [In] IntPtr tlsEKM,
uint tlsEKMSize, TOKENBINDING_EXTENSION_FORMAT extensionFormat, [In] IntPtr extensionData, out IntPtr tokenBinding, out uint tokenBindingSize, out IntPtr resultData);
/// <summary>
/// <para>
/// Constructs the token binding identifier by extracting the signature algorithm from the key type and copying the exported public key.
/// </para>
/// </summary>
/// <param name="keyType">
/// <para>
/// The negotiated key type to use. Use a value from the list of key types that you retrieved by calling the
/// TokenBindingGetKeyTypesClient function.
/// </para>
/// </param>
/// <param name="publicKey">
/// <para>An exported public key blob.</para>
/// </param>
/// <param name="publicKeySize">
/// <para>The size of the exported public key blob.</para>
/// </param>
/// <param name="resultData">
/// <para>
/// A pointer that receives the address of the buffer that is allocated for the token binding result data. The token binding result
/// data contains the token binding identifier.
/// </para>
/// <para>Use the HeapAlloc function to allocate the memory for this buffer, and the HeapFree method to free that memory.</para>
/// </param>
/// <returns>
/// <para>Returns a status code that indicates the success or failure of the function.</para>
/// </returns>
/// <remarks>
/// <para>You can call <c>TokenBindingGenerateID</c> from user mode.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/nf-tokenbinding-tokenbindinggenerateid SECURITY_STATUS
// TokenBindingGenerateID( TOKENBINDING_KEY_PARAMETERS_TYPE keyType, const void *publicKey, DWORD publicKeySize,
// TOKENBINDING_RESULT_DATA **resultData );
[DllImport(Lib.Tokenbinding, SetLastError = false, ExactSpelling = true)]
[PInvokeData("tokenbinding.h", MSDNShortId = "F3E30DF8-2A1D-445E-914B-62999428BB6F")]
public static extern HRESULT TokenBindingGenerateID(TOKENBINDING_KEY_PARAMETERS_TYPE keyType, [In] IntPtr publicKey, uint publicKeySize, out IntPtr resultData);
/// <summary>
/// <para>Assembles the list of token bindings and generates the final message for the client device to the server.</para>
/// </summary>
/// <param name="tokenBindings">
/// <para>Pointer to an array of token binding structures.</para>
/// </param>
/// <param name="tokenBindingsSize">
/// <para>
/// An array that contains the sizes of the corresponding token binding structures that the array in the tokenBindings parameter
/// contains, in bytes.
/// </para>
/// </param>
/// <param name="tokenBindingsCount">
/// <para>The number of elements that the array in the tokenBindings parameter contains. This value cannot be 0.</para>
/// </param>
/// <param name="tokenBindingMessage">
/// <para>
/// A pointer that receives the address of the buffer that is allocated for the token binding message. Use the HeapAlloc function to
/// allocate the memory for this buffer, and the HeapFree method to free that memory.
/// </para>
/// </param>
/// <param name="tokenBindingMessageSize">
/// <para>A pointer to a variable that contains the size of the buffer allocated for the tokenBindingMessage parameter.</para>
/// </param>
/// <returns>
/// <para>Returns a status code that indicates the success or failure of the function.</para>
/// </returns>
/// <remarks>
/// <para>You can call <c>TokenBindingGenerateMessage</c> from user mode.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/nf-tokenbinding-tokenbindinggeneratemessage SECURITY_STATUS
// TokenBindingGenerateMessage( const void * [] tokenBindings, const DWORD [] tokenBindingsSize, DWORD tokenBindingsCount, void
// **tokenBindingMessage, DWORD *tokenBindingMessageSize );
[DllImport(Lib.Tokenbinding, SetLastError = false, ExactSpelling = true)]
[PInvokeData("tokenbinding.h", MSDNShortId = "7A268C6D-952B-482A-835D-89D6452D986D")]
public static extern HRESULT TokenBindingGenerateMessage([In] IntPtr[] tokenBindings, [In] uint[] tokenBindingsSize, uint tokenBindingsCount, out IntPtr tokenBindingMessage, out uint tokenBindingMessageSize);
/// <summary>
/// <para>Retrieves a list of the key types that the client device supports.</para>
/// </summary>
/// <param name="keyTypes">
/// <para>
/// A pointer to a buffer that contains the list of key types that the client device supports. <c>TokenBindingGetKeyTypesClient</c>
/// returns the string identifiers for well-known algorithms that correspond to the keys that the client device supports. Use
/// HeapAlloc to allocate the memory for the buffer, and HeapFree to free that memory.
/// </para>
/// </param>
/// <returns>
/// <para>Returns a status code that indicates the success or failure of the function.</para>
/// </returns>
/// <remarks>
/// <para>You can call <c>TokenBindingGetKeyTypesClient</c> from user mode.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/nf-tokenbinding-tokenbindinggetkeytypesclient SECURITY_STATUS
// TokenBindingGetKeyTypesClient( TOKENBINDING_KEY_TYPES **keyTypes );
[DllImport(Lib.Tokenbinding, SetLastError = false, ExactSpelling = true)]
[PInvokeData("tokenbinding.h", MSDNShortId = "583687B6-5A87-4616-A5EE-4FECFF06749E")]
public static extern HRESULT TokenBindingGetKeyTypesClient(out IntPtr keyTypes);
/// <summary>
/// <para>Retrieves a list of the key types that the server supports.</para>
/// </summary>
/// <param name="keyTypes">
/// <para>
/// A pointer to a buffer that contains the list of key types that the server supports. <c>TokenBindingGetKeyTypesServer</c> returns
/// the string identifiers for well-known algorithms that correspond to the keys that the server supports.
/// </para>
/// <para>
/// In user mode, use HeapAlloc to allocate the memory for the buffer, and HeapFree to free that memory. In kernel mode, use
/// ExAllocatePoolWithTag to allocate the memory for the buffer, and ExFreePool to free that memory.
/// </para>
/// </param>
/// <returns>
/// <para>Returns a status code that indicates the success or failure of the function.</para>
/// </returns>
/// <remarks>
/// <para>
/// You can call <c>TokenBindingGetKeyTypesServer</c> from both user mode and kernel mode. To call this function in kernel mode, link
/// to Ksecdd.sys, and use the functions mentioned in the description for the keyTypes parameter for allocating and freeing memory.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/nf-tokenbinding-tokenbindinggetkeytypesserver SECURITY_STATUS
// TokenBindingGetKeyTypesServer( TOKENBINDING_KEY_TYPES **keyTypes );
[DllImport(Lib.Tokenbinding, SetLastError = false, ExactSpelling = true)]
[PInvokeData("tokenbinding.h", MSDNShortId = "8ABAC0AF-AF68-4742-9C36-3FB17D303409")]
public static extern HRESULT TokenBindingGetKeyTypesServer(out IntPtr keyTypes);
/// <summary>
/// <para>Validates the token binding message and verifies the token bindings that the message contains.</para>
/// </summary>
/// <param name="tokenBindingMessage">
/// <para>A pointer to the buffer that contains the token binding message.</para>
/// </param>
/// <param name="tokenBindingMessageSize">
/// <para>The size of the buffer that the tokenBindingMessage parameter points to, in bytes.</para>
/// </param>
/// <param name="keyType">
/// <para>
/// The negotiated key algorithm to use. Use a value from the list of key types that you retrieved by calling the
/// TokenBindingGetKeyTypesServer function.
/// </para>
/// </param>
/// <param name="tlsEKM">
/// <para>A pointer to a buffer that contains unique data.</para>
/// </param>
/// <param name="tlsEKMSize">
/// <para>The size of the buffer that the tlsUnique parameter points to, in bytes.</para>
/// </param>
/// <param name="resultList">
/// <para>
/// A pointer that receives the address for the buffer that contains the results for each of the token bindings that
/// <c>TokenBindingVerifyMessage</c> verifies.
/// </para>
/// <para>
/// In user mode, use HeapAlloc to allocate the memory for the buffer, and HeapFree to free that memory. In kernel mode, use
/// ExAllocatePoolWithTag to allocate the memory for the buffer, and ExFreePool to free that memory.
/// </para>
/// </param>
/// <returns>
/// <para>Returns a status code that indicates the success or failure of the function.</para>
/// </returns>
/// <remarks>
/// <para>
/// You can call <c>TokenBindingVerifyMessage</c> from both user mode and kernel mode. o call this function in kernel mode, link to
/// Ksecdd.sys, and use the functions mentioned in the description for the resultList parameter for allocating and freeing memory.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/nf-tokenbinding-tokenbindingverifymessage SECURITY_STATUS
// TokenBindingVerifyMessage( const void *tokenBindingMessage, DWORD tokenBindingMessageSize, TOKENBINDING_KEY_PARAMETERS_TYPE
// keyType, const void *tlsEKM, DWORD tlsEKMSize, TOKENBINDING_RESULT_LIST **resultList );
[DllImport(Lib.Tokenbinding, SetLastError = false, ExactSpelling = true)]
[PInvokeData("tokenbinding.h", MSDNShortId = "D6827DA3-75DC-4F31-B57A-4ED5B5F03112")]
public static extern HRESULT TokenBindingVerifyMessage([In] IntPtr tokenBindingMessage, uint tokenBindingMessageSize, TOKENBINDING_KEY_PARAMETERS_TYPE keyType, [In] IntPtr tlsEKM,
uint tlsEKMSize, out IntPtr resultList);
/// <summary>
/// <para>Contains the information for representing a token binding identifier that results from a token binding message exchange.</para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/ns-tokenbinding-tokenbinding_identifier typedef struct
// TOKENBINDING_IDENTIFIER { BYTE keyType; } TOKENBINDING_IDENTIFIER;
[PInvokeData("tokenbinding.h", MSDNShortId = "301E099E-B621-41E1-BF9B-3AF8C53F9227")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct TOKENBINDING_IDENTIFIER
{
/// <summary/>
public byte keyType;
}
/// <summary>
/// <para>Contains all of the combinations of types of token binding keys that a client device or server supports.</para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/ns-tokenbinding-tokenbinding_key_types typedef struct
// TOKENBINDING_KEY_TYPES { DWORD keyCount; TOKENBINDING_KEY_PARAMETERS_TYPE *keyType; } TOKENBINDING_KEY_TYPES;
[PInvokeData("tokenbinding.h", MSDNShortId = "E5029CE3-CD23-4566-A951-35374DC7BC57")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct TOKENBINDING_KEY_TYPES
{
/// <summary>
/// <para>The number of elements in the array that the <c>key</c> member contains.</para>
/// </summary>
public uint keyCount;
/// <summary/>
public IntPtr keyType;
}
/// <summary>
/// <para>
/// Contains data about the result of generating a token binding or verifying one of the token bindings in a token binding message.
/// </para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/ns-tokenbinding-tokenbinding_result_data typedef struct
// TOKENBINDING_RESULT_DATA { TOKENBINDING_TYPE bindingType; DWORD identifierSize; TOKENBINDING_IDENTIFIER *identifierData;
// TOKENBINDING_EXTENSION_FORMAT extensionFormat; DWORD extensionSize; PVOID extensionData; } TOKENBINDING_RESULT_DATA;
[PInvokeData("tokenbinding.h", MSDNShortId = "6C34E174-CCC4-451D-82C3-C410C8C92C8C")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct TOKENBINDING_RESULT_DATA
{
/// <summary/>
public TOKENBINDING_TYPE bindingType;
/// <summary>
/// <para>Deletes all token binding keys that are associated with the calling user or app container.</para>
/// <para>The size of the TOKENBINDING_IDENTIFIER structure that the <c>identifierData</c> member points to, in bytes.</para>
/// </summary>
/// <returns>
/// <para>Returns a status code that indicates the success or failure of the function.</para>
/// </returns>
/// <remarks>
/// <para>You can call <c>TokenBindingDeleteAllBindings</c> from user mode.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/nf-tokenbinding-tokenbindingdeleteallbindings SECURITY_STATUS
// TokenBindingDeleteAllBindings( );
[DllImport(Lib.Tokenbinding, SetLastError = false, ExactSpelling = true)]
[PInvokeData("tokenbinding.h", MSDNShortId = "0446F62F-96B4-4F4B-9789-0CD12173E601")]
public static extern HRESULT TokenBindingDeleteAllBindings();
public uint identifierSize;
/// <summary>
/// <para>Deletes the token binding key that is associated with the specified target string.</para>
/// <para>Pointer to the token binding identifier for the token binding that was generated or verified.</para>
/// </summary>
/// <param name="targetURL">
/// <para>The target string for which <c>TokenBindingDeleteBinding</c> should delete the associated token binding key.</para>
/// </param>
/// <returns>
/// <para>Returns a status code that indicates the success or failure of the function.</para>
/// </returns>
/// <remarks>
/// <para>You can call <c>TokenBindingDeleteBinding</c> from user mode.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/nf-tokenbinding-tokenbindingdeletebinding SECURITY_STATUS
// TokenBindingDeleteBinding( PCWSTR targetURL );
[DllImport(Lib.Tokenbinding, SetLastError = false, ExactSpelling = true)]
[PInvokeData("tokenbinding.h", MSDNShortId = "4258CC92-580E-403C-9AE4-4BB726255464")]
public static extern HRESULT TokenBindingDeleteBinding([MarshalAs(UnmanagedType.LPWStr)] string targetURL);
public IntPtr identifierData;
/// <summary>
/// <para>
/// Constructs one token binding that contains the exported public key and signature by using the specified key type for the token
/// binding, a target identifier string for creating and retrieving the token binding key, and the unique data. This function also
/// returns the token binding identifier, if needed.
/// </para>
/// </summary>
/// <param name="keyType">
/// <para>
/// The negotiated key type to use. Use a value from the list of key types that you retrieved by calling the
/// TokenBindingGetKeyTypesClient function.
/// </para>
/// </param>
/// <param name="targetURL">
/// <para>
/// The target string to use in conjunction with the key type to generate or retrieve a token binding key for the NCrypt operations
/// that build the buffer for the tokenBinding parameter.
/// </para>
/// </param>
/// <param name="bindingType">
/// <para>The type of token binding that <c>TokenBindingGenerateBinding</c> should generate.</para>
/// </param>
/// <param name="tlsEKM">
/// <para>A pointer to the buffer that contains unique data.</para>
/// </param>
/// <param name="tlsEKMSize">
/// <para>The size of the buffer that the tlsUnique parameter points to, in bytes.</para>
/// </param>
/// <param name="extensionFormat">
/// <para>The format to use to interpret the data in the extensionData parameter. This value must be <c>TOKENBINDING_EXTENSION_FORMAT_UNDEFINED</c>.</para>
/// </param>
/// <param name="extensionData">
/// <para>
/// A pointer to a buffer that contains extension data. The value of the extensionFormat parameter determines how to interpret this data.
/// </para>
/// </param>
/// <param name="tokenBinding">
/// <para>
/// A pointer that receives the address of the token binding buffer. Use the HeapAlloc function to allocate the memory for this
/// buffer, and the HeapFree function to free that memory.
/// </para>
/// </param>
/// <param name="tokenBindingSize">
/// <para>Pointer to a variable that receives the size of the buffer allocated for the tokenBinding parameter, in bytes.</para>
/// </param>
/// <param name="resultData">
/// <para>
/// A pointer that receives the address of the buffer that contains result data that includes the token binding identifier of the
/// token binding that <c>TokenBindingGenerateBinding</c> generates. Use the HeapAlloc function to allocate the memory for this
/// buffer, and the HeapFree function to free that memory. Specify NULL is you do not need this information.
/// </para>
/// </param>
/// <returns>
/// <para>Returns a status code that indicates the success or failure of the function.</para>
/// </returns>
/// <remarks>
/// <para>You can call <c>TokenBindingGenerateBinding</c> from user mode.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/nf-tokenbinding-tokenbindinggeneratebinding SECURITY_STATUS
// TokenBindingGenerateBinding( TOKENBINDING_KEY_PARAMETERS_TYPE keyType, PCWSTR targetURL, TOKENBINDING_TYPE bindingType, const void
// *tlsEKM, DWORD tlsEKMSize, TOKENBINDING_EXTENSION_FORMAT extensionFormat, const void *extensionData, void **tokenBinding, DWORD
// *tokenBindingSize, TOKENBINDING_RESULT_DATA **resultData );
[DllImport(Lib.Tokenbinding, SetLastError = false, ExactSpelling = true)]
[PInvokeData("tokenbinding.h", MSDNShortId = "4289E3F0-17AC-485B-A326-2C8BECD5CABB")]
public static extern HRESULT TokenBindingGenerateBinding(TOKENBINDING_KEY_PARAMETERS_TYPE keyType, [MarshalAs(UnmanagedType.LPWStr)] string targetURL, TOKENBINDING_TYPE bindingType, [In] IntPtr tlsEKM,
uint tlsEKMSize, TOKENBINDING_EXTENSION_FORMAT extensionFormat, [In] IntPtr extensionData, out IntPtr tokenBinding, out uint tokenBindingSize, out IntPtr resultData);
/// </summary>
public TOKENBINDING_EXTENSION_FORMAT extensionFormat;
/// <summary>
/// <para>The size of the buffer that the <c>extensionData</c> member points to, in bytes.</para>
/// </summary>
public uint extensionSize;
/// <summary>
/// <para>
/// Constructs the token binding identifier by extracting the signature algorithm from the key type and copying the exported public key.
/// A pointer to a buffer that contains extension data. The value of the extensionFormat parameter determines how to interpret
/// this data.
/// </para>
/// </summary>
/// <param name="keyType">
/// <para>
/// The negotiated key type to use. Use a value from the list of key types that you retrieved by calling the
/// TokenBindingGetKeyTypesClient function.
/// </para>
/// </param>
/// <param name="publicKey">
/// <para>An exported public key blob.</para>
/// </param>
/// <param name="publicKeySize">
/// <para>The size of the exported public key blob.</para>
/// </param>
/// <param name="resultData">
/// <para>
/// A pointer that receives the address of the buffer that is allocated for the token binding result data. The token binding result
/// data contains the token binding identifier.
/// </para>
/// <para>Use the HeapAlloc function to allocate the memory for this buffer, and the HeapFree method to free that memory.</para>
/// </param>
/// <returns>
/// <para>Returns a status code that indicates the success or failure of the function.</para>
/// </returns>
/// <remarks>
/// <para>You can call <c>TokenBindingGenerateID</c> from user mode.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/nf-tokenbinding-tokenbindinggenerateid SECURITY_STATUS
// TokenBindingGenerateID( TOKENBINDING_KEY_PARAMETERS_TYPE keyType, const void *publicKey, DWORD publicKeySize,
// TOKENBINDING_RESULT_DATA **resultData );
[DllImport(Lib.Tokenbinding, SetLastError = false, ExactSpelling = true)]
[PInvokeData("tokenbinding.h", MSDNShortId = "F3E30DF8-2A1D-445E-914B-62999428BB6F")]
public static extern HRESULT TokenBindingGenerateID(TOKENBINDING_KEY_PARAMETERS_TYPE keyType, [In] IntPtr publicKey, uint publicKeySize, out IntPtr resultData);
public IntPtr extensionData;
}
/// <summary>
/// <para>Contains the results for each of the token bindings that TokenBindingVerifyMessage verified.</para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/ns-tokenbinding-tokenbinding_result_list typedef struct
// TOKENBINDING_RESULT_LIST { DWORD resultCount; TOKENBINDING_RESULT_DATA *resultData; } TOKENBINDING_RESULT_LIST;
[PInvokeData("tokenbinding.h", MSDNShortId = "D14CBEA3-5F46-4C45-8C11-407D6E70FD56")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct TOKENBINDING_RESULT_LIST
{
/// <summary>
/// <para>The number of elements in the array that the <c>resultData</c> member contains.</para>
/// </summary>
public uint resultCount;
/// <summary>
/// <para>Assembles the list of token bindings and generates the final message for the client device to the server.</para>
/// <para>An array of results, one for each of the token bindings that TokenBindingVerifyMessage verified.</para>
/// </summary>
/// <param name="tokenBindings">
/// <para>Pointer to an array of token binding structures.</para>
/// </param>
/// <param name="tokenBindingsSize">
/// <para>
/// An array that contains the sizes of the corresponding token binding structures that the array in the tokenBindings parameter
/// contains, in bytes.
/// </para>
/// </param>
/// <param name="tokenBindingsCount">
/// <para>The number of elements that the array in the tokenBindings parameter contains. This value cannot be 0.</para>
/// </param>
/// <param name="tokenBindingMessage">
/// <para>
/// A pointer that receives the address of the buffer that is allocated for the token binding message. Use the HeapAlloc function to
/// allocate the memory for this buffer, and the HeapFree method to free that memory.
/// </para>
/// </param>
/// <param name="tokenBindingMessageSize">
/// <para>A pointer to a variable that contains the size of the buffer allocated for the tokenBindingMessage parameter.</para>
/// </param>
/// <returns>
/// <para>Returns a status code that indicates the success or failure of the function.</para>
/// </returns>
/// <remarks>
/// <para>You can call <c>TokenBindingGenerateMessage</c> from user mode.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/nf-tokenbinding-tokenbindinggeneratemessage SECURITY_STATUS
// TokenBindingGenerateMessage( const void * [] tokenBindings, const DWORD [] tokenBindingsSize, DWORD tokenBindingsCount, void
// **tokenBindingMessage, DWORD *tokenBindingMessageSize );
[DllImport(Lib.Tokenbinding, SetLastError = false, ExactSpelling = true)]
[PInvokeData("tokenbinding.h", MSDNShortId = "7A268C6D-952B-482A-835D-89D6452D986D")]
public static extern HRESULT TokenBindingGenerateMessage([In] IntPtr[] tokenBindings, [In] uint[] tokenBindingsSize, uint tokenBindingsCount, out IntPtr tokenBindingMessage, out uint tokenBindingMessageSize);
/// <summary>
/// <para>Retrieves a list of the key types that the client device supports.</para>
/// </summary>
/// <param name="keyTypes">
/// <para>
/// A pointer to a buffer that contains the list of key types that the client device supports. <c>TokenBindingGetKeyTypesClient</c>
/// returns the string identifiers for well-known algorithms that correspond to the keys that the client device supports. Use
/// HeapAlloc to allocate the memory for the buffer, and HeapFree to free that memory.
/// </para>
/// </param>
/// <returns>
/// <para>Returns a status code that indicates the success or failure of the function.</para>
/// </returns>
/// <remarks>
/// <para>You can call <c>TokenBindingGetKeyTypesClient</c> from user mode.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/nf-tokenbinding-tokenbindinggetkeytypesclient SECURITY_STATUS
// TokenBindingGetKeyTypesClient( TOKENBINDING_KEY_TYPES **keyTypes );
[DllImport(Lib.Tokenbinding, SetLastError = false, ExactSpelling = true)]
[PInvokeData("tokenbinding.h", MSDNShortId = "583687B6-5A87-4616-A5EE-4FECFF06749E")]
public static extern HRESULT TokenBindingGetKeyTypesClient(out IntPtr keyTypes);
/// <summary>
/// <para>Retrieves a list of the key types that the server supports.</para>
/// </summary>
/// <param name="keyTypes">
/// <para>
/// A pointer to a buffer that contains the list of key types that the server supports. <c>TokenBindingGetKeyTypesServer</c> returns
/// the string identifiers for well-known algorithms that correspond to the keys that the server supports.
/// </para>
/// <para>
/// In user mode, use HeapAlloc to allocate the memory for the buffer, and HeapFree to free that memory. In kernel mode, use
/// ExAllocatePoolWithTag to allocate the memory for the buffer, and ExFreePool to free that memory.
/// </para>
/// </param>
/// <returns>
/// <para>Returns a status code that indicates the success or failure of the function.</para>
/// </returns>
/// <remarks>
/// <para>
/// You can call <c>TokenBindingGetKeyTypesServer</c> from both user mode and kernel mode. To call this function in kernel mode, link
/// to Ksecdd.sys, and use the functions mentioned in the description for the keyTypes parameter for allocating and freeing memory.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/nf-tokenbinding-tokenbindinggetkeytypesserver SECURITY_STATUS
// TokenBindingGetKeyTypesServer( TOKENBINDING_KEY_TYPES **keyTypes );
[DllImport(Lib.Tokenbinding, SetLastError = false, ExactSpelling = true)]
[PInvokeData("tokenbinding.h", MSDNShortId = "8ABAC0AF-AF68-4742-9C36-3FB17D303409")]
public static extern HRESULT TokenBindingGetKeyTypesServer(out IntPtr keyTypes);
/// <summary>
/// <para>Validates the token binding message and verifies the token bindings that the message contains.</para>
/// </summary>
/// <param name="tokenBindingMessage">
/// <para>A pointer to the buffer that contains the token binding message.</para>
/// </param>
/// <param name="tokenBindingMessageSize">
/// <para>The size of the buffer that the tokenBindingMessage parameter points to, in bytes.</para>
/// </param>
/// <param name="keyType">
/// <para>
/// The negotiated key algorithm to use. Use a value from the list of key types that you retrieved by calling the
/// TokenBindingGetKeyTypesServer function.
/// </para>
/// </param>
/// <param name="tlsEKM">
/// <para>A pointer to a buffer that contains unique data.</para>
/// </param>
/// <param name="tlsEKMSize">
/// <para>The size of the buffer that the tlsUnique parameter points to, in bytes.</para>
/// </param>
/// <param name="resultList">
/// <para>
/// A pointer that receives the address for the buffer that contains the results for each of the token bindings that
/// <c>TokenBindingVerifyMessage</c> verifies.
/// </para>
/// <para>
/// In user mode, use HeapAlloc to allocate the memory for the buffer, and HeapFree to free that memory. In kernel mode, use
/// ExAllocatePoolWithTag to allocate the memory for the buffer, and ExFreePool to free that memory.
/// </para>
/// </param>
/// <returns>
/// <para>Returns a status code that indicates the success or failure of the function.</para>
/// </returns>
/// <remarks>
/// <para>
/// You can call <c>TokenBindingVerifyMessage</c> from both user mode and kernel mode. o call this function in kernel mode, link to
/// Ksecdd.sys, and use the functions mentioned in the description for the resultList parameter for allocating and freeing memory.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/nf-tokenbinding-tokenbindingverifymessage SECURITY_STATUS
// TokenBindingVerifyMessage( const void *tokenBindingMessage, DWORD tokenBindingMessageSize, TOKENBINDING_KEY_PARAMETERS_TYPE
// keyType, const void *tlsEKM, DWORD tlsEKMSize, TOKENBINDING_RESULT_LIST **resultList );
[DllImport(Lib.Tokenbinding, SetLastError = false, ExactSpelling = true)]
[PInvokeData("tokenbinding.h", MSDNShortId = "D6827DA3-75DC-4F31-B57A-4ED5B5F03112")]
public static extern HRESULT TokenBindingVerifyMessage([In] IntPtr tokenBindingMessage, uint tokenBindingMessageSize, TOKENBINDING_KEY_PARAMETERS_TYPE keyType, [In] IntPtr tlsEKM,
uint tlsEKMSize, out IntPtr resultList);
/// <summary>
/// <para>Contains the information for representing a token binding identifier that results from a token binding message exchange.</para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/ns-tokenbinding-tokenbinding_identifier typedef struct
// TOKENBINDING_IDENTIFIER { BYTE keyType; } TOKENBINDING_IDENTIFIER;
[PInvokeData("tokenbinding.h", MSDNShortId = "301E099E-B621-41E1-BF9B-3AF8C53F9227")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct TOKENBINDING_IDENTIFIER
{
/// <summary/>
public byte keyType;
}
/// <summary>
/// <para>Contains all of the combinations of types of token binding keys that a client device or server supports.</para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/ns-tokenbinding-tokenbinding_key_types typedef struct
// TOKENBINDING_KEY_TYPES { DWORD keyCount; TOKENBINDING_KEY_PARAMETERS_TYPE *keyType; } TOKENBINDING_KEY_TYPES;
[PInvokeData("tokenbinding.h", MSDNShortId = "E5029CE3-CD23-4566-A951-35374DC7BC57")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct TOKENBINDING_KEY_TYPES
{
/// <summary>
/// <para>The number of elements in the array that the <c>key</c> member contains.</para>
/// </summary>
public uint keyCount;
/// <summary/>
public IntPtr keyType;
}
/// <summary>
/// <para>
/// Contains data about the result of generating a token binding or verifying one of the token bindings in a token binding message.
/// </para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/ns-tokenbinding-tokenbinding_result_data typedef struct
// TOKENBINDING_RESULT_DATA { TOKENBINDING_TYPE bindingType; DWORD identifierSize; TOKENBINDING_IDENTIFIER *identifierData;
// TOKENBINDING_EXTENSION_FORMAT extensionFormat; DWORD extensionSize; PVOID extensionData; } TOKENBINDING_RESULT_DATA;
[PInvokeData("tokenbinding.h", MSDNShortId = "6C34E174-CCC4-451D-82C3-C410C8C92C8C")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct TOKENBINDING_RESULT_DATA
{
/// <summary/>
public TOKENBINDING_TYPE bindingType;
/// <summary>
/// <para>The size of the TOKENBINDING_IDENTIFIER structure that the <c>identifierData</c> member points to, in bytes.</para>
/// </summary>
public uint identifierSize;
/// <summary>
/// <para>Pointer to the token binding identifier for the token binding that was generated or verified.</para>
/// </summary>
public IntPtr identifierData;
/// <summary>
/// <para>The format to use to interpret the data in the extensionData parameter. This value must be <c>TOKENBINDING_EXTENSION_FORMAT_UNDEFINED</c>.</para>
/// </summary>
public TOKENBINDING_EXTENSION_FORMAT extensionFormat;
/// <summary>
/// <para>The size of the buffer that the <c>extensionData</c> member points to, in bytes.</para>
/// </summary>
public uint extensionSize;
/// <summary>
/// <para>
/// A pointer to a buffer that contains extension data. The value of the extensionFormat parameter determines how to interpret
/// this data.
/// </para>
/// </summary>
public IntPtr extensionData;
}
/// <summary>
/// <para>Contains the results for each of the token bindings that TokenBindingVerifyMessage verified.</para>
/// </summary>
// https://docs.microsoft.com/en-us/windows/desktop/api/tokenbinding/ns-tokenbinding-tokenbinding_result_list typedef struct
// TOKENBINDING_RESULT_LIST { DWORD resultCount; TOKENBINDING_RESULT_DATA *resultData; } TOKENBINDING_RESULT_LIST;
[PInvokeData("tokenbinding.h", MSDNShortId = "D14CBEA3-5F46-4C45-8C11-407D6E70FD56")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct TOKENBINDING_RESULT_LIST
{
/// <summary>
/// <para>The number of elements in the array that the <c>resultData</c> member contains.</para>
/// </summary>
public uint resultCount;
/// <summary>
/// <para>An array of results, one for each of the token bindings that TokenBindingVerifyMessage verified.</para>
/// </summary>
public IntPtr resultData;
}
public IntPtr resultData;
}
}

1
PInvoke/Cryptography/Vanara.PInvoke.Cryptography.csproj
View File

@ -4,6 +4,7 @@
<SupportedDlls>crypt32.dll;bcrypt.dll;ncrypt.dll;tokenbinding.dll;cryptui.dll;cryptnet.dll;cryptdlg.dll</SupportedDlls>
</ProjectExtensions>
<PropertyGroup>
<Nullable>enable</Nullable>
<Description>PInvoke API (methods, structures and constants) imported from Windows crypt32.dll, bcrypt.dll, ncrypt.dll, tokenbinding.dll, cryptnet.dll, cryptdlg.dll and cryptui.dll.</Description>
<AssemblyTitle>$(AssemblyName)</AssemblyTitle>
<AssemblyName>Vanara.PInvoke.Cryptography</AssemblyName>

2
PInvoke/Shell32/ShlGuidExt.cs
View File

@ -19,6 +19,6 @@ namespace Vanara.PInvoke
/// <summary>Lookups the specified unique identifier.</summary>
/// <param name="guid">The unique identifier.</param>
/// <returns>Corresponding BHID.</returns>
public static TEnum Lookup<TEnum>(Guid guid) where TEnum : System.Enum => AssociateAttribute.TryEnumLookup(guid, out TEnum val) ? val : (TEnum)Convert.ChangeType(-1, typeof(TEnum));
public static TEnum Lookup<TEnum>(Guid guid) where TEnum : struct, Enum => AssociateAttribute.TryEnumLookup(guid, out TEnum val) ? val : (TEnum)Convert.ChangeType(-1, typeof(TEnum));
}
}