sean-m
/
Vanara
mirror of https://github.com/dahall/Vanara.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Next round of tweaks and fixes for Crypt32

pull/119/head
dahall 2020-03-13 15:46:10 -06:00
parent 3e203d6b9b
commit d585fe18a3
17 changed files with 2392 additions and 622 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
PInvoke/Cryptography/CorrelationReport.md
View File

@ -1,5 +1,5 @@
## Correlation report for crypt32.dll, bcrypt.dll, ncrypt.dll, tokenbinding.dll
### Methods (100% complete, 358 of 358 functions)
## Correlation report for crypt32.dll, bcrypt.dll, ncrypt.dll, tokenbinding.dll, cryptui.dll
### Methods (100% complete, 367 of 367 functions)
Native Method | Native DLL | Header | Managed Method
--- | --- | --- | ---
[BCryptAddContextFunction](http://msdn2.microsoft.com/en-us/library/4f5b6db0-775d-42de-b9d9-a99fb11c89f2) | bcrypt.dll | bcrypt.h | [Vanara.PInvoke.BCrypt.BCryptAddContextFunction](https://github.com/dahall/Vanara/search?l=C%23&q=BCryptAddContextFunction)
@ -151,6 +151,7 @@ Native Method | Native DLL | Header | Managed Method
[CertRetrieveLogoOrBiometricInfo](http://msdn2.microsoft.com/en-us/library/35813928-728e-40b7-b627-817d3094eeb1) | crypt32.dll | wincrypt.h | [Vanara.PInvoke.Crypt32.CertRetrieveLogoOrBiometricInfo](https://github.com/dahall/Vanara/search?l=C%23&q=CertRetrieveLogoOrBiometricInfo)
[CertSaveStore](http://msdn2.microsoft.com/en-us/library/5cc818d7-b079-4962-aabc-fc512d4e92ac) | crypt32.dll | wincrypt.h | [Vanara.PInvoke.Crypt32.CertSaveStore](https://github.com/dahall/Vanara/search?l=C%23&q=CertSaveStore)
[CertSelectCertificateChains](http://msdn2.microsoft.com/en-us/library/b740772b-d25b-4b3d-9acb-03f7018750d6) | crypt32.dll | wincrypt.h | [Vanara.PInvoke.Crypt32.CertSelectCertificateChains](https://github.com/dahall/Vanara/search?l=C%23&q=CertSelectCertificateChains)
[CertSelectionGetSerializedBlob](http://msdn2.microsoft.com/en-us/library/6c3240f7-5121-401d-a4d4-df3055cb301a) | cryptui.dll | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CertSelectionGetSerializedBlob](https://github.com/dahall/Vanara/search?l=C%23&q=CertSelectionGetSerializedBlob)
[CertSerializeCertificateStoreElement](http://msdn2.microsoft.com/en-us/library/104fc986-6344-41b7-8843-23c3c72405a2) | crypt32.dll | wincrypt.h | [Vanara.PInvoke.Crypt32.CertSerializeCertificateStoreElement](https://github.com/dahall/Vanara/search?l=C%23&q=CertSerializeCertificateStoreElement)
[CertSerializeCRLStoreElement](http://msdn2.microsoft.com/en-us/library/4ab053cd-d3d4-483c-b0ff-b8de63d88707) | crypt32.dll | wincrypt.h | [Vanara.PInvoke.Crypt32.CertSerializeCRLStoreElement](https://github.com/dahall/Vanara/search?l=C%23&q=CertSerializeCRLStoreElement)
[CertSerializeCTLStoreElement](http://msdn2.microsoft.com/en-us/library/63d343c1-fa65-4cd1-a210-3805c7d92208) | crypt32.dll | wincrypt.h | [Vanara.PInvoke.Crypt32.CertSerializeCTLStoreElement](https://github.com/dahall/Vanara/search?l=C%23&q=CertSerializeCTLStoreElement)
@ -263,6 +264,14 @@ Native Method | Native DLL | Header | Managed Method
[CryptSIPRetrieveSubjectGuidForCatalogFile](http://msdn2.microsoft.com/en-us/library/7f757dc8-948c-476e-aca3-a9051e962ed4) | crypt32.dll | mssip.h | [Vanara.PInvoke.Crypt32.CryptSIPRetrieveSubjectGuidForCatalogFile](https://github.com/dahall/Vanara/search?l=C%23&q=CryptSIPRetrieveSubjectGuidForCatalogFile)
[CryptSIPVerifyIndirectData](http://msdn2.microsoft.com/en-us/library/137b8858-a31f-4ef6-96bd-c5e26ae7b3e8) | crypt32.dll | mssip.h | [Vanara.PInvoke.Crypt32.CryptSIPVerifyIndirectData](https://github.com/dahall/Vanara/search?l=C%23&q=CryptSIPVerifyIndirectData)
[CryptStringToBinary](http://msdn2.microsoft.com/en-us/library/13b6f5ef-174a-4254-8492-6e7dcc58945f) | crypt32.dll | wincrypt.h | [Vanara.PInvoke.Crypt32.CryptStringToBinary](https://github.com/dahall/Vanara/search?l=C%23&q=CryptStringToBinary)
[CryptUIDlgCertMgr](http://msdn2.microsoft.com/en-us/library/8d94694e-1724-42aa-99bb-6ed2c6d3bc0e) | cryptui.dll | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CryptUIDlgCertMgr](https://github.com/dahall/Vanara/search?l=C%23&q=CryptUIDlgCertMgr)
[CryptUIDlgSelectCertificateFromStore](http://msdn2.microsoft.com/en-us/library/5774af1c-f2d4-4b1e-a20b-dfb57bf9aa37) | cryptui.dll | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CryptUIDlgSelectCertificateFromStore](https://github.com/dahall/Vanara/search?l=C%23&q=CryptUIDlgSelectCertificateFromStore)
[CryptUIDlgViewCertificate](http://msdn2.microsoft.com/en-us/library/5107ff22-78c4-4005-80af-ff45781da6c7) | cryptui.dll | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CryptUIDlgViewCertificate](https://github.com/dahall/Vanara/search?l=C%23&q=CryptUIDlgViewCertificate)
[CryptUIDlgViewContext](http://msdn2.microsoft.com/en-us/library/d4b8f01b-7c3e-4286-bc37-d5ec4a1e1c2f) | cryptui.dll | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CryptUIDlgViewContext](https://github.com/dahall/Vanara/search?l=C%23&q=CryptUIDlgViewContext)
[CryptUIWizDigitalSign](http://msdn2.microsoft.com/en-us/library/1d01523e-d47b-49be-82c8-5e98f97be800) | cryptui.dll | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CryptUIWizDigitalSign](https://github.com/dahall/Vanara/search?l=C%23&q=CryptUIWizDigitalSign)
[CryptUIWizExport](http://msdn2.microsoft.com/en-us/library/62537d51-c761-4180-b857-58c819ea66aa) | cryptui.dll | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CryptUIWizExport](https://github.com/dahall/Vanara/search?l=C%23&q=CryptUIWizExport)
[CryptUIWizFreeDigitalSignContext](http://msdn2.microsoft.com/en-us/library/039615ee-0485-4698-944f-23359253767a) | cryptui.dll | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CryptUIWizFreeDigitalSignContext](https://github.com/dahall/Vanara/search?l=C%23&q=CryptUIWizFreeDigitalSignContext)
[CryptUIWizImport](http://msdn2.microsoft.com/en-us/library/6b2b9c89-229a-4626-a8b4-fe2b7cc0af86) | cryptui.dll | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CryptUIWizImport](https://github.com/dahall/Vanara/search?l=C%23&q=CryptUIWizImport)
[CryptUninstallDefaultContext](http://msdn2.microsoft.com/en-us/library/ad7be5cf-f078-4a9f-81c4-959e4203dba8) | crypt32.dll | wincrypt.h | [Vanara.PInvoke.Crypt32.CryptUninstallDefaultContext](https://github.com/dahall/Vanara/search?l=C%23&q=CryptUninstallDefaultContext)
[CryptUnprotectData](http://msdn2.microsoft.com/en-us/library/54eab3b0-d341-47c6-9c32-79328d7a7155) | crypt32.dll | dpapi.h | [Vanara.PInvoke.Crypt32.CryptUnprotectData](https://github.com/dahall/Vanara/search?l=C%23&q=CryptUnprotectData)
[CryptUnprotectMemory](http://msdn2.microsoft.com/en-us/library/1c7980ac-4e9e-43fd-b6d7-c0d0a69c8040) | crypt32.dll | dpapi.h | [Vanara.PInvoke.Crypt32.CryptUnprotectMemory](https://github.com/dahall/Vanara/search?l=C%23&q=CryptUnprotectMemory)
@ -375,6 +384,7 @@ Native Structure | Header | Managed Structure
[BCRYPT_PSS_PADDING_INFO](http://msdn2.microsoft.com/en-us/library/28605b34-b1e1-4460-a8f0-b0fe9f9b94d4) | bcrypt.h | [Vanara.PInvoke.BCrypt.BCRYPT_PSS_PADDING_INFO](https://github.com/dahall/Vanara/search?l=C%23&q=BCRYPT_PSS_PADDING_INFO)
[BCRYPT_SECRET_HANDLE](https://www.google.com/search?num=5&q=BCRYPT_SECRET_HANDLE+site%3Amicrosoft.com) | | [Vanara.PInvoke.BCrypt.BCRYPT_SECRET_HANDLE](https://github.com/dahall/Vanara/search?l=C%23&q=BCRYPT_SECRET_HANDLE)
[CERT_CHAIN_CONTEXT](http://msdn2.microsoft.com/en-us/library/609311f4-9cd6-4945-9f93-7266b3fc4a74) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_CHAIN_CONTEXT](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_CHAIN_CONTEXT)
[CERT_CHAIN_ELEMENT](http://msdn2.microsoft.com/en-us/library/a1f6ba18-63ef-43ac-a17f-900fa13398aa) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_CHAIN_ELEMENT](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_CHAIN_ELEMENT)
[CERT_CHAIN_ENGINE_CONFIG](http://msdn2.microsoft.com/en-us/library/9e010eb9-2cbb-4fca-ba5c-4a5a50f23786) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_CHAIN_ENGINE_CONFIG](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_CHAIN_ENGINE_CONFIG)
[CERT_CHAIN_PARA](http://msdn2.microsoft.com/en-us/library/86094e1c-be59-4a15-a05b-21769f80e653) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_CHAIN_PARA](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_CHAIN_PARA)
[CERT_CHAIN_POLICY_PARA](http://msdn2.microsoft.com/en-us/library/5e4fffcb-132b-42c0-81b2-9f866e274c32) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_CHAIN_POLICY_PARA](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_CHAIN_POLICY_PARA)
@ -391,13 +401,18 @@ Native Structure | Header | Managed Structure
[CERT_PHYSICAL_STORE_INFO](http://msdn2.microsoft.com/en-us/library/ad86f388-27af-442a-a76f-f386f66296ac) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_PHYSICAL_STORE_INFO](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_PHYSICAL_STORE_INFO)
[CERT_PUBLIC_KEY_INFO](https://www.google.com/search?num=5&q=CERT_PUBLIC_KEY_INFO+site%3Amicrosoft.com) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_PUBLIC_KEY_INFO](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_PUBLIC_KEY_INFO)
[CERT_RDN](http://msdn2.microsoft.com/en-us/library/e84254b9-e9a7-4689-a12f-2772282c5433) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_RDN](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_RDN)
[CERT_REVOCATION_CRL_INFO](http://msdn2.microsoft.com/en-us/library/069ff521-90fd-4de8-9b5c-045e44e87f75) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_REVOCATION_CRL_INFO](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_REVOCATION_CRL_INFO)
[CERT_REVOCATION_INFO](http://msdn2.microsoft.com/en-us/library/798aa2d7-bf8a-425f-bc36-98a44ba3a9d6) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_REVOCATION_INFO](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_REVOCATION_INFO)
[CERT_REVOCATION_PARA](http://msdn2.microsoft.com/en-us/library/730db593-c55f-4ecf-bcac-5de54ab90db6) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_REVOCATION_PARA](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_REVOCATION_PARA)
[CERT_REVOCATION_STATUS](http://msdn2.microsoft.com/en-us/library/087ea37a-907a-4652-a5df-dd8e86755490) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_REVOCATION_STATUS](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_REVOCATION_STATUS)
[CERT_SELECT_CHAIN_PARA](http://msdn2.microsoft.com/en-us/library/55c6c063-2a65-40ad-8d3f-7723b83cf021) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_SELECT_CHAIN_PARA](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_SELECT_CHAIN_PARA)
[CERT_SELECT_CRITERIA](http://msdn2.microsoft.com/en-us/library/246722a9-5db6-4a82-8f29-f60f0a2263e3) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_SELECT_CRITERIA](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_SELECT_CRITERIA)
[CERT_SELECTUI_INPUT](http://msdn2.microsoft.com/en-us/library/8953cddd-86b6-4781-8dca-b5fd3d298bc8) | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CERT_SELECTUI_INPUT](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_SELECTUI_INPUT)
[CERT_SIMPLE_CHAIN](http://msdn2.microsoft.com/en-us/library/c130cab4-bf8d-429a-beb7-04cb5d37d466) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_SIMPLE_CHAIN](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_SIMPLE_CHAIN)
[CERT_STRONG_SIGN_PARA](http://msdn2.microsoft.com/en-us/library/12D9F82C-F484-43B0-BD55-F07321058671) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_STRONG_SIGN_PARA](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_STRONG_SIGN_PARA)
[CERT_SYSTEM_STORE_INFO](http://msdn2.microsoft.com/en-us/library/9c17ebd9-423b-4063-bdc3-6be70ceb8623) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_SYSTEM_STORE_INFO](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_SYSTEM_STORE_INFO)
[CERT_SYSTEM_STORE_RELOCATE_PARA](http://msdn2.microsoft.com/en-us/library/3bcb9b64-b9cf-48b2-bfd1-0836b3d221af) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_SYSTEM_STORE_RELOCATE_PARA](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_SYSTEM_STORE_RELOCATE_PARA)
[CERT_TRUST_LIST_INFO](http://msdn2.microsoft.com/en-us/library/774f5626-9b48-4585-b713-adbf191861cc) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_TRUST_LIST_INFO](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_TRUST_LIST_INFO)
[CERT_TRUST_STATUS](http://msdn2.microsoft.com/en-us/library/af1e1db2-7b53-4491-8317-4abf3568fb03) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_TRUST_STATUS](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_TRUST_STATUS)
[CERT_USAGE_MATCH](http://msdn2.microsoft.com/en-us/library/6154f1f7-4293-4b8e-91ab-9f57bb6f5743) | wincrypt.h | [Vanara.PInvoke.Crypt32.CERT_USAGE_MATCH](https://github.com/dahall/Vanara/search?l=C%23&q=CERT_USAGE_MATCH)
[CMSG_CMS_SIGNER_INFO](http://msdn2.microsoft.com/en-us/library/177323ef-4e26-4681-a474-1a99fb6900af) | wincrypt.h | [Vanara.PInvoke.Crypt32.CMSG_CMS_SIGNER_INFO](https://github.com/dahall/Vanara/search?l=C%23&q=CMSG_CMS_SIGNER_INFO)
@ -459,6 +474,18 @@ Native Structure | Header | Managed Structure
[CRYPTCATSTORE](http://msdn2.microsoft.com/en-us/library/65a15797-453c-4f47-8ea1-c92e616b50aa) | mscat.h | [Vanara.PInvoke.Crypt32.CRYPTCATSTORE](https://github.com/dahall/Vanara/search?l=C%23&q=CRYPTCATSTORE)
[CRYPTOAPI_BLOB](https://www.google.com/search?num=5&q=CRYPTOAPI_BLOB+site%3Amicrosoft.com) | wincrypt.h | [Vanara.PInvoke.Crypt32.CRYPTOAPI_BLOB](https://github.com/dahall/Vanara/search?l=C%23&q=CRYPTOAPI_BLOB)
[CRYPTPROTECT_PROMPTSTRUCT](http://msdn2.microsoft.com/en-us/library/412ce598-a7c9-446d-bd98-6583a20d6cd7) | dpapi.h | [Vanara.PInvoke.Crypt32.CRYPTPROTECT_PROMPTSTRUCT](https://github.com/dahall/Vanara/search?l=C%23&q=CRYPTPROTECT_PROMPTSTRUCT)
[CRYPTUI_CERT_MGR_STRUCT](http://msdn2.microsoft.com/en-us/library/e6c24d16-0ae2-443c-8971-2d7da3aae963) | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CRYPTUI_CERT_MGR_STRUCT](https://github.com/dahall/Vanara/search?l=C%23&q=CRYPTUI_CERT_MGR_STRUCT)
[CRYPTUI_INITDIALOG_STRUCT](http://msdn2.microsoft.com/en-us/library/c6335c02-3b3e-45e2-bb58-b7213aea500b) | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CRYPTUI_INITDIALOG_STRUCT](https://github.com/dahall/Vanara/search?l=C%23&q=CRYPTUI_INITDIALOG_STRUCT)
[CRYPTUI_VIEWCERTIFICATE_STRUCT](http://msdn2.microsoft.com/en-us/library/7bbd58df-3a1b-4d82-9a90-7c94260a7165) | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CRYPTUI_VIEWCERTIFICATE_STRUCT](https://github.com/dahall/Vanara/search?l=C%23&q=CRYPTUI_VIEWCERTIFICATE_STRUCT)
[CRYPTUI_WIZ_DIGITAL_SIGN_BLOB_INFO](http://msdn2.microsoft.com/en-us/library/9750f52a-f605-4f43-98e1-0f0ea947a214) | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CRYPTUI_WIZ_DIGITAL_SIGN_BLOB_INFO](https://github.com/dahall/Vanara/search?l=C%23&q=CRYPTUI_WIZ_DIGITAL_SIGN_BLOB_INFO)
[CRYPTUI_WIZ_DIGITAL_SIGN_CERT_PVK_INFO](http://msdn2.microsoft.com/en-us/library/0316ed0b-d4e5-4102-9ab0-637e96c7d9f5) | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CRYPTUI_WIZ_DIGITAL_SIGN_CERT_PVK_INFO](https://github.com/dahall/Vanara/search?l=C%23&q=CRYPTUI_WIZ_DIGITAL_SIGN_CERT_PVK_INFO)
[CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT](http://msdn2.microsoft.com/en-us/library/3e4eb745-0c28-4ce5-870b-d24565ef0cae) | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT](https://github.com/dahall/Vanara/search?l=C%23&q=CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT)
[CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO](http://msdn2.microsoft.com/en-us/library/e061aac4-8c9f-4282-a8f8-bc0c5a10e566) | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO](https://github.com/dahall/Vanara/search?l=C%23&q=CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO)
[CRYPTUI_WIZ_DIGITAL_SIGN_PVK_FILE_INFO](http://msdn2.microsoft.com/en-us/library/0e737661-2cc3-47be-ab32-0efbc18fefbd) | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CRYPTUI_WIZ_DIGITAL_SIGN_PVK_FILE_INFO](https://github.com/dahall/Vanara/search?l=C%23&q=CRYPTUI_WIZ_DIGITAL_SIGN_PVK_FILE_INFO)
[CRYPTUI_WIZ_DIGITAL_SIGN_STORE_INFO](http://msdn2.microsoft.com/en-us/library/d3ffbf1c-e8c2-44ab-84d2-d32350d04407) | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CRYPTUI_WIZ_DIGITAL_SIGN_STORE_INFO](https://github.com/dahall/Vanara/search?l=C%23&q=CRYPTUI_WIZ_DIGITAL_SIGN_STORE_INFO)
[CRYPTUI_WIZ_EXPORT_CERTCONTEXT_INFO](http://msdn2.microsoft.com/en-us/library/6be86c4f-0ac7-43c2-81fb-9767279ebeaf) | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CRYPTUI_WIZ_EXPORT_CERTCONTEXT_INFO](https://github.com/dahall/Vanara/search?l=C%23&q=CRYPTUI_WIZ_EXPORT_CERTCONTEXT_INFO)
[CRYPTUI_WIZ_EXPORT_INFO](http://msdn2.microsoft.com/en-us/library/3c509bb6-d391-4b59-809c-23466c8196ea) | cryptuiapi.h | [Vanara.PInvoke.CryptUI.CRYPTUI_WIZ_EXPORT_INFO](https://github.com/dahall/Vanara/search?l=C%23&q=CRYPTUI_WIZ_EXPORT_INFO)
[CRYPTUI_WIZ_EXPORT_INFO_UNION](https://www.google.com/search?num=5&q=CRYPTUI_WIZ_EXPORT_INFO_UNION+site%3Amicrosoft.com) | | [Vanara.PInvoke.CryptUI.CRYPTUI_WIZ_EXPORT_INFO.CRYPTUI_WIZ_EXPORT_INFO_UNION](https://github.com/dahall/Vanara/search?l=C%23&q=CRYPTUI_WIZ_EXPORT_INFO_UNION)
[CTL_CONTEXT](http://msdn2.microsoft.com/en-us/library/780edddf-1b44-4292-9156-4dfd5100adb8) | wincrypt.h | [Vanara.PInvoke.Crypt32.CTL_CONTEXT](https://github.com/dahall/Vanara/search?l=C%23&q=CTL_CONTEXT)
[CTL_ENTRY](http://msdn2.microsoft.com/en-us/library/ebc63847-b641-4205-b15c-7b32c1426c21) | wincrypt.h | [Vanara.PInvoke.Crypt32.CTL_ENTRY](https://github.com/dahall/Vanara/search?l=C%23&q=CTL_ENTRY)
[CTL_INFO](http://msdn2.microsoft.com/en-us/library/83b015b5-a650-4a81-a9f0-c3e8a9805c81) | wincrypt.h | [Vanara.PInvoke.Crypt32.CTL_INFO](https://github.com/dahall/Vanara/search?l=C%23&q=CTL_INFO)
@ -497,6 +524,7 @@ Native Structure | Header | Managed Structure
[PCCERT_CONTEXT](https://www.google.com/search?num=5&q=PCCERT_CONTEXT+site%3Amicrosoft.com) | | [Vanara.PInvoke.Crypt32.PCCERT_CONTEXT](https://github.com/dahall/Vanara/search?l=C%23&q=PCCERT_CONTEXT)
[PCCERT_SERVER_OCSP_RESPONSE_CONTEXT](https://www.google.com/search?num=5&q=PCCERT_SERVER_OCSP_RESPONSE_CONTEXT+site%3Amicrosoft.com) | | [Vanara.PInvoke.Crypt32.PCCERT_SERVER_OCSP_RESPONSE_CONTEXT](https://github.com/dahall/Vanara/search?l=C%23&q=PCCERT_SERVER_OCSP_RESPONSE_CONTEXT)
[PCCRL_CONTEXT](https://www.google.com/search?num=5&q=PCCRL_CONTEXT+site%3Amicrosoft.com) | | [Vanara.PInvoke.Crypt32.PCCRL_CONTEXT](https://github.com/dahall/Vanara/search?l=C%23&q=PCCRL_CONTEXT)
[PCCRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT](https://www.google.com/search?num=5&q=PCCRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT+site%3Amicrosoft.com) | | [Vanara.PInvoke.CryptUI.PCCRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT](https://github.com/dahall/Vanara/search?l=C%23&q=PCCRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT)
[PCCTL_CONTEXT](https://www.google.com/search?num=5&q=PCCTL_CONTEXT+site%3Amicrosoft.com) | | [Vanara.PInvoke.Crypt32.PCCTL_CONTEXT](https://github.com/dahall/Vanara/search?l=C%23&q=PCCTL_CONTEXT)
[PUBLICKEYSTRUC](http://msdn2.microsoft.com/en-us/library/99d41222-b4ca-40f3-a240-52b0a9b3a9aa) | wincrypt.h | [Vanara.PInvoke.Crypt32.PUBLICKEYSTRUC](https://github.com/dahall/Vanara/search?l=C%23&q=PUBLICKEYSTRUC)
[SIP_ADD_NEWPROVIDER](http://msdn2.microsoft.com/en-us/library/5ca88c0c-a7c9-4517-a874-49d38c1bc7c3) | mssip.h | [Vanara.PInvoke.Crypt32.SIP_ADD_NEWPROVIDER](https://github.com/dahall/Vanara/search?l=C%23&q=SIP_ADD_NEWPROVIDER)

779
PInvoke/Cryptography/Crypt32/Wincrypt.Cert.cs
View File

@ -1,5 +1,7 @@
using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using Vanara.InteropServices;
namespace Vanara.PInvoke
{
@ -829,7 +831,7 @@ namespace Vanara.PInvoke
// pEndTime, PCERT_EXTENSIONS pExtensions );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "89028c4e-f896-4c50-9fa2-bcb4e1784244")]
public static extern SafePCCERT_CONTEXT CertCreateSelfSignCertificate(HCRYPTPROV hCryptProvOrNCryptKey, in CRYPTOAPI_BLOB pSubjectIssuerBlob, CertCreateSelfSignFlags dwFlags, IntPtr pKeyProvInfo, IntPtr pSignatureAlgorithm, IntPtr pStartTime, IntPtr pEndTime, IntPtr pExtensions);
public static extern SafePCCERT_CONTEXT CertCreateSelfSignCertificate(IntPtr hCryptProvOrNCryptKey, in CRYPTOAPI_BLOB pSubjectIssuerBlob, CertCreateSelfSignFlags dwFlags, IntPtr pKeyProvInfo, IntPtr pSignatureAlgorithm, IntPtr pStartTime, IntPtr pEndTime, IntPtr pExtensions);
/// <summary>
/// The <c>CertCreateSelfSignCertificate</c> function builds a self-signed certificate and returns a pointer to a CERT_CONTEXT
@ -915,7 +917,7 @@ namespace Vanara.PInvoke
// pEndTime, PCERT_EXTENSIONS pExtensions );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "89028c4e-f896-4c50-9fa2-bcb4e1784244")]
public static extern SafePCCERT_CONTEXT CertCreateSelfSignCertificate(NCrypt.NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, in CRYPTOAPI_BLOB pSubjectIssuerBlob, CertCreateSelfSignFlags dwFlags, IntPtr pKeyProvInfo, IntPtr pSignatureAlgorithm, IntPtr pStartTime, IntPtr pEndTime, IntPtr pExtensions);
public static extern SafePCCERT_CONTEXT CertCreateSelfSignCertificate(IntPtr hCryptProvOrNCryptKey, in CRYPTOAPI_BLOB pSubjectIssuerBlob, CertCreateSelfSignFlags dwFlags, in CRYPT_KEY_PROV_INFO pKeyProvInfo, in CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, IntPtr pStartTime, IntPtr pEndTime, IntPtr pExtensions);
/// <summary>
/// The <c>CertCreateSelfSignCertificate</c> function builds a self-signed certificate and returns a pointer to a CERT_CONTEXT
@ -1001,93 +1003,7 @@ namespace Vanara.PInvoke
// pEndTime, PCERT_EXTENSIONS pExtensions );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "89028c4e-f896-4c50-9fa2-bcb4e1784244")]
public static extern SafePCCERT_CONTEXT CertCreateSelfSignCertificate(HCRYPTPROV hCryptProvOrNCryptKey, in CRYPTOAPI_BLOB pSubjectIssuerBlob, CertCreateSelfSignFlags dwFlags, in CRYPT_KEY_PROV_INFO pKeyProvInfo, in CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, in SYSTEMTIME pStartTime, in SYSTEMTIME pEndTime, in CERT_EXTENSIONS pExtensions);
/// <summary>
/// The <c>CertCreateSelfSignCertificate</c> function builds a self-signed certificate and returns a pointer to a CERT_CONTEXT
/// structure that represents the certificate.
/// </summary>
/// <param name="hCryptProvOrNCryptKey">
/// <para>
/// A handle of a cryptographic provider used to sign the certificate created. If <c>NULL</c>, information from the pKeyProvInfo
/// parameter is used to acquire the needed handle. If pKeyProvInfo is also <c>NULL</c>, the default provider type, PROV_RSA_FULL
/// provider type, the default key specification, AT_SIGNATURE, and a newly created key container with a unique container name are used.
/// </para>
/// <para>
/// This handle must be an HCRYPTPROV handle that has been created by using the CryptAcquireContext function or an
/// <c>NCRYPT_KEY_HANDLE</c> handle that has been created by using the NCryptOpenKey function. New applications should always pass
/// in the <c>NCRYPT_KEY_HANDLE</c> handle of a CNG cryptographic service provider (CSP).
/// </para>
/// </param>
/// <param name="pSubjectIssuerBlob">
/// A pointer to a BLOB that contains the distinguished name (DN) for the certificate subject. This parameter cannot be <c>NULL</c>.
/// Minimally, a pointer to an empty DN must be provided. This BLOB is normally created by using the CertStrToName function. It can
/// also be created by using the CryptEncodeObject function and specifying either the X509_NAME or X509_UNICODE_NAME StructType.
/// </param>
/// <param name="dwFlags">
/// <para>
/// A set of flags that override the default behavior of this function. This can be zero or a combination of one or more of the
/// following values.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_CREATE_SELFSIGN_NO_KEY_INFO 2</term>
/// <term>
/// By default, the returned PCCERT_CONTEXT references the private keys by setting the CERT_KEY_PROV_INFO_PROP_ID. If you do not
/// want the returned PCCERT_CONTEXT to reference private keys by setting the CERT_KEY_PROV_INFO_PROP_ID, specify CERT_CREATE_SELFSIGN_NO_KEY_INFO.
/// </term>
/// </item>
/// <item>
/// <term>CERT_CREATE_SELFSIGN_NO_SIGN 1</term>
/// <term>
/// By default, the certificate being created is signed. If the certificate being created is only a dummy placeholder, the
/// certificate might not need to be signed. Signing of the certificate is skipped if CERT_CREATE_SELFSIGN_NO_SIGN is specified.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="pKeyProvInfo">
/// <para>
/// A pointer to a CRYPT_KEY_PROV_INFO structure. Before a certificate is created, the CSP is queried for the key provider, key
/// provider type, and the key container name. If the CSP queried does not support these queries, the function fails. If the default
/// provider does not support these queries, a pKeyProvInfo value must be specified. The RSA BASE does support these queries.
/// </para>
/// <para>
/// If the pKeyProvInfo parameter is not <c>NULL</c>, the corresponding values are set in the <c>CERT_KEY_PROV_INFO_PROP_ID</c>
/// value of the generated certificate. You must ensure that all parameters of the supplied structure are correctly specified.
/// </para>
/// </param>
/// <param name="pSignatureAlgorithm">
/// A pointer to a CRYPT_ALGORITHM_IDENTIFIER structure. If <c>NULL</c>, the default algorithm, SHA1RSA, is used.
/// </param>
/// <param name="pStartTime">A pointer to a SYSTEMTIME structure. If <c>NULL</c>, the system current time is used by default.</param>
/// <param name="pEndTime">
/// A pointer to a SYSTEMTIME structure. If <c>NULL</c>, the pStartTime value plus one year will be used by default.
/// </param>
/// <param name="pExtensions">
/// A pointer to a CERT_EXTENSIONS array of CERT_EXTENSION structures. By default, the array is empty. An alternate subject name, if
/// desired, can be specified as one of these extensions.
/// </param>
/// <returns>
/// If the function succeeds, a PCCERT_CONTEXT variable that points to the created certificate is returned. If the function fails,
/// it returns <c>NULL</c>. For extended error information, call GetLastError.
/// </returns>
/// <remarks>
/// As the pEndTime must be a valid date, and is automatically generated if it is not supplied by the user, unexpected failures may
/// easily be caused when this API is called on a leap day without accompanying app logic to compensate. For more information,
/// please see leap year readiness.
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcreateselfsigncertificate PCCERT_CONTEXT
// CertCreateSelfSignCertificate( HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, PCERT_NAME_BLOB pSubjectIssuerBlob, DWORD
// dwFlags, PCRYPT_KEY_PROV_INFO pKeyProvInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime, PSYSTEMTIME
// pEndTime, PCERT_EXTENSIONS pExtensions );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "89028c4e-f896-4c50-9fa2-bcb4e1784244")]
public static extern SafePCCERT_CONTEXT CertCreateSelfSignCertificate(NCrypt.NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, in CRYPTOAPI_BLOB pSubjectIssuerBlob, CertCreateSelfSignFlags dwFlags, in CRYPT_KEY_PROV_INFO pKeyProvInfo, in CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, in SYSTEMTIME pStartTime, in SYSTEMTIME pEndTime, in CERT_EXTENSIONS pExtensions);
public static extern SafePCCERT_CONTEXT CertCreateSelfSignCertificate(IntPtr hCryptProvOrNCryptKey, in CRYPTOAPI_BLOB pSubjectIssuerBlob, CertCreateSelfSignFlags dwFlags, in CRYPT_KEY_PROV_INFO pKeyProvInfo, in CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, in SYSTEMTIME pStartTime, in SYSTEMTIME pEndTime, in CERT_EXTENSIONS pExtensions);
/// <summary>
/// The <c>CertDeleteCertificateFromStore</c> function deletes the specified certificate context from the certificate store.
@ -1502,6 +1418,298 @@ namespace Vanara.PInvoke
public static extern SafePCCERT_CONTEXT CertFindCertificateInStore(HCERTSTORE hCertStore, CertEncodingType dwCertEncodingType, CertFindUsageFlags dwFindFlags,
CertFindType dwFindType, [In] IntPtr pvFindPara, PCCERT_CONTEXT pPrevCertContext);
/// <summary>
/// The <c>CertFindCertificateInStore</c> function finds the first or next certificate context in a certificate store that matches a
/// search criteria established by the dwFindType and its associated pvFindPara. This function can be used in a loop to find all of
/// the certificates in a certificate store that match the specified find criteria.
/// </summary>
/// <param name="hCertStore">A handle of the certificate store to be searched.</param>
/// <param name="dwCertEncodingType">
/// <para>
/// Specifies the type of encoding used. Both the certificate and message encoding types must be specified by combining them with a
/// bitwise- <c>OR</c> operation as shown in the following example:
/// </para>
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:</para>
/// <list type="bullet">
/// <item>
/// <term>X509_ASN_ENCODING</term>
/// </item>
/// <item>
/// <term>PKCS_7_ASN_ENCODING</term>
/// </item>
/// </list>
/// </param>
/// <param name="dwFindFlags">
/// Used with some dwFindType values to modify the search criteria. For most dwFindType values, dwFindFlags is not used and should
/// be set to zero. For detailed information, see Remarks.
/// </param>
/// <param name="dwFindType">
/// <para>
/// Specifies the type of search being made. The search type determines the data type, contents, and the use of pvFindPara. This
/// parameter can be one of the following values.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_FIND_ANY</term>
/// <term>Data type of pvFindPara: NULL, not used. No search criteria used. Returns the next certificate in the store.</term>
/// </item>
/// <item>
/// <term>CERT_FIND_CERT_ID</term>
/// <term>Data type of pvFindPara: CERT_ID structure. Find the certificate identified by the specified CERT_ID.</term>
/// </item>
/// <item>
/// <term>CERT_FIND_CTL_USAGE</term>
/// <term>
/// Data type of pvFindPara: CTL_USAGE structure. Searches for a certificate that has a szOID_ENHANCED_KEY_USAGE extension or a
/// CERT_CTL_PROP_ID that matches the pszUsageIdentifier member of the CTL_USAGE structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_ENHKEY_USAGE</term>
/// <term>
/// Data type of pvFindPara: CERT_ENHKEY_USAGE structure. Searches for a certificate in the store that has either an enhanced key
/// usage extension or an enhanced key usage property and a usage identifier that matches the cUsageIdentifier member in the
/// CERT_ENHKEY_USAGE structure. A certificate has an enhanced key usage extension if it has a CERT_EXTENSION structure with the
/// pszObjId member set to szOID_ENHANCED_KEY_USAGE. A certificate has an enhanced key usage property if its
/// CERT_ENHKEY_USAGE_PROP_ID identifier is set. If CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG is set in dwFindFlags, certificates without
/// the key usage extension or property are also matches. Setting this flag takes precedence over passing NULL in pvFindPara. If
/// CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG is set, a match is done only on the key usage extension. For information about flag
/// modifications to search criteria, see Remarks.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_EXISTING</term>
/// <term>
/// Data type of pvFindPara: CERT_CONTEXT structure. Searches for a certificate that is an exact match of the specified certificate context.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_HASH</term>
/// <term>
/// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a SHA1 hash that matches the hash in the
/// CRYPT_HASH_BLOB structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_HAS_PRIVATE_KEY</term>
/// <term>
/// Data type of pvFindPara: NULL, not used. Searches for a certificate that has a private key. The key can be ephemeral or saved on
/// disk. The key can be a legacy Cryptography API (CAPI) key or a CNG key. Windows 8 and Windows Server 2012: Support for this flag begins.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_ISSUER_ATTR</term>
/// <term>
/// Data type of pvFindPara: CERT_RDN structure. Searches for a certificate with specified issuer attributes that match attributes
/// in the CERT_RDN structure. If these values are set, the function compares attributes of the issuer in a certificate with
/// elements of the CERT_RDN_ATTR array in this CERT_RDN structure. Comparisons iterate through the CERT_RDN_ATTR attributes looking
/// for a match with the certificate's issuer attributes. If the pszObjId member of CERT_RDN_ATTR is NULL, the attribute object
/// identifier is ignored. If the dwValueType member of CERT_RDN_ATTR is CERT_RDN_ANY_TYPE, the value type is ignored. If the pbData
/// member of CERT_RDN_VALUE_BLOB is NULL, any value is a match. Currently only an exact, case-sensitive match is supported. For
/// information about Unicode options, see Remarks. When these values are set, the search is restricted to certificates whose
/// encoding type matches dwCertEncodingType.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_ISSUER_NAME</term>
/// <term>
/// Data type of pvFindPara: CERT_NAME_BLOB structure. Search for a certificate with an exact match of the entire issuer name with
/// the name in CERT_NAME_BLOB The search is restricted to certificates that match the dwCertEncodingType.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_ISSUER_OF</term>
/// <term>
/// Data type of pvFindPara: CERT_CONTEXT structure. Searches for a certificate with an subject that matches the issuer in
/// CERT_CONTEXT. Instead of using CertFindCertificateInStore with this value, use the CertGetCertificateChain function.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_ISSUER_STR</term>
/// <term>
/// Data type of pvFindPara: Null-terminated Unicode string. Searches for a certificate that contains the specified issuer name
/// string. The certificate's issuer member is converted to a name string of the appropriate type using the appropriate form of
/// CertNameToStr formatted as CERT_SIMPLE_NAME_STR. Then a case-insensitive substring-within-a-string match is performed. When this
/// value is set, the search is restricted to certificates whose encoding type matches dwCertEncodingType. If the substring match
/// fails and the subject contains an email RDN with Punycode encoded string, CERT_NAME_STR_ENABLE_PUNYCODE_FLAG is used to convert
/// the subject to a Unicode string and the substring match is performed again.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_KEY_IDENTIFIER</term>
/// <term>
/// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a CERT_KEY_IDENTIFIER_PROP_ID property that
/// matches the key identifier in CRYPT_HASH_BLOB.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_KEY_SPEC</term>
/// <term>
/// Data type of pvFindPara: DWORD variable that contains a key specification. Searches for a certificate that has a
/// CERT_KEY_SPEC_PROP_ID property that matches the key specification in pvFindPara.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_MD5_HASH</term>
/// <term>
/// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with an MD5 hash that matches the hash in CRYPT_HASH_BLOB.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_PROPERTY</term>
/// <term>
/// Data type of pvFindPara: DWORD variable that contains a property identifier. Searches for a certificate with a property that
/// matches the property identifier specified by the DWORD value in pvFindPara.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_PUBLIC_KEY</term>
/// <term>
/// Data type of pvFindPara: CERT_PUBLIC_KEY_INFO structure. Searches for a certificate with a public key that matches the public
/// key in the CERT_PUBLIC_KEY_INFO structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_SHA1_HASH</term>
/// <term>
/// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a SHA1 hash that matches the hash in the
/// CRYPT_HASH_BLOB structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_SIGNATURE_HASH</term>
/// <term>
/// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a signature hash that matches the signature
/// hash in the CRYPT_HASH_BLOB structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_SUBJECT_ATTR</term>
/// <term>
/// Data type of pvFindPara: CERT_RDN structure. Searches for a certificate with specified subject attributes that match attributes
/// in the CERT_RDN structure. If RDN values are set, the function compares attributes of the subject in a certificate with elements
/// of the CERT_RDN_ATTR array in this CERT_RDN structure. Comparisons iterate through the CERT_RDN_ATTR attributes looking for a
/// match with the certificate's subject's attributes. If the pszObjId member of CERT_RDN_ATTR is NULL, the attribute object
/// identifier is ignored. If the dwValueType member of CERT_RDN_ATTR is CERT_RDN_ANY_TYPE, the value type is ignored. If the pbData
/// member of CERT_RDN_VALUE_BLOB is NULL, any value is a match. Currently only an exact, case-sensitive match is supported. For
/// information about Unicode options, see Remarks. When these values are set, the search is restricted to certificates whose
/// encoding type matches dwCertEncodingType.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_SUBJECT_CERT</term>
/// <term>
/// Data type of pvFindPara: CERT_INFO structure. Searches for a certificate with both an issuer and a serial number that match the
/// issuer and serial number in the CERT_INFO structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_SUBJECT_NAME</term>
/// <term>
/// Data type of pvFindPara: CERT_NAME_BLOB structure. Searches for a certificate with an exact match of the entire subject name
/// with the name in the CERT_NAME_BLOB structure. The search is restricted to certificates that match the value of dwCertEncodingType.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_SUBJECT_STR</term>
/// <term>
/// Data type of pvFindPara: Null-terminated Unicode string. Searches for a certificate that contains the specified subject name
/// string. The certificate's subject member is converted to a name string of the appropriate type using the appropriate form of
/// CertNameToStr formatted as CERT_SIMPLE_NAME_STR. Then a case-insensitive substring-within-a-string match is performed. When this
/// value is set, the search is restricted to certificates whose encoding type matches dwCertEncodingType.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_CROSS_CERT_DIST_POINTS</term>
/// <term>
/// Data type of pvFindPara: Not used. Find a certificate that has either a cross certificate distribution point extension or property.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_PUBKEY_MD5_HASH</term>
/// <term>
/// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Find a certificate whose MD5-hashed public key matches the specified hash.
/// </term>
/// </item>
/// </list>
/// <para>
/// <c>Note</c> There are alternate forms of the value of dwFindType that pass a string in pvFindPara. One form uses a Unicode
/// string, and the other an ASCII string. Values that end in "_W" or without a suffix use Unicode. Values that end with "_A" use
/// ASCII strings.
/// </para>
/// </param>
/// <param name="pvFindPara">Points to a data item or structure used with dwFindType.</param>
/// <param name="pPrevCertContext">
/// A pointer to the last CERT_CONTEXT structure returned by this function. This parameter must be <c>NULL</c> on the first call of
/// the function. To find successive certificates meeting the search criteria, set pPrevCertContext to the pointer returned by the
/// previous call to the function. This function frees the <c>CERT_CONTEXT</c> referenced by non- <c>NULL</c> values of this parameter.
/// </param>
/// <returns>
/// <para>If the function succeeds, the function returns a pointer to a read-only CERT_CONTEXT structure.</para>
/// <para>If the function fails and a certificate that matches the search criteria is not found, the return value is <c>NULL</c>.</para>
/// <para>
/// A non- <c>NULL</c> CERT_CONTEXT that <c>CertFindCertificateInStore</c> returns must be freed by CertFreeCertificateContext or by
/// being passed as the pPrevCertContext parameter on a subsequent call to <c>CertFindCertificateInStore</c>.
/// </para>
/// <para>For extended error information, call GetLastError. Some possible error codes follow.</para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>CRYPT_E_NOT_FOUND</term>
/// <term>
/// No certificate was found matching the search criteria. This can happen if the store is empty or the end of the store's list is reached.
/// </term>
/// </item>
/// <item>
/// <term>E_INVALIDARG</term>
/// <term>
/// The handle in the hCertStore parameter is not the same as that in the certificate context pointed to by the pPrevCertContext
/// parameter, or a value that is not valid was specified in the dwFindType parameter.
/// </term>
/// </item>
/// </list>
/// </returns>
/// <remarks>
/// <para>The dwFindFlags parameter is used to modify the criteria of some search types.</para>
/// <para>
/// The CERT_UNICODE_IS_RDN_ATTRS_FLAG dwFindFlags value is used only with the CERT_FIND_SUBJECT_ATTR and CERT_FIND_ISSUER_ATTR
/// values for dwFindType. CERT_UNICODE_IS_RDN_ATTRS_FLAG must be set if the CERT_RDN_ATTR structure pointed to by pvFindPara was
/// initialized with Unicode strings. Before any comparison is made, the string to be matched is converted by using
/// X509_UNICODE_NAME to provide for Unicode comparisons.
/// </para>
/// <para>The following dwFindFlags values are used only with the CERT_FIND_ENKEY_USAGE value for dwFindType:</para>
/// <para>
/// CertDuplicateCertificateContext can be called to make a duplicate of the returned context. The returned context can be added to
/// a different certificate store by using CertAddCertificateContextToStore, or a link to that certificate context can be added to a
/// store that is not a collection store by using CertAddCertificateLinkToStore.
/// </para>
/// <para>
/// The returned pointer is freed when passed as the pPrevCertContext parameter on a subsequent call to the function. Otherwise, the
/// pointer must be explicitly freed by calling CertFreeCertificateContext. A pPrevCertContext that is not <c>NULL</c> is always
/// freed by <c>CertFindCertificateInStore</c> using a call to <c>CertFreeCertificateContext</c>, even if there is an error in the function.
/// </para>
/// <para>Examples</para>
/// <para>
/// The following example shows finding a certificate context in the certificate store meeting a search criterion. For a complete
/// example that includes the context for this example, see Example C Program: Certificate Store Operations.
/// </para>
/// <para>For another example that uses this function, see Example C Program: Collection and Sibling Certificate Store Operations.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certfindcertificateinstore PCCERT_CONTEXT
// CertFindCertificateInStore( HCERTSTORE hCertStore, DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType, const void
// *pvFindPara, PCCERT_CONTEXT pPrevCertContext );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "20b3fcfb-55df-46ff-80a5-70f31a3d03b2")]
public static extern SafePCCERT_CONTEXT CertFindCertificateInStore(HCERTSTORE hCertStore, CertEncodingType dwCertEncodingType, CertFindUsageFlags dwFindFlags,
CertFindType dwFindType, [In, MarshalAs(UnmanagedType.LPWStr)] string pvFindPara, PCCERT_CONTEXT pPrevCertContext);
/// <summary>
/// The <c>CertFreeServerOcspResponseContext</c> function decrements the reference count for a CERT_SERVER_OCSP_RESPONSE_CONTEXT
/// structure. If the reference count becomes zero, memory allocated for the structure is released.
@ -1964,7 +2172,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "35813928-728e-40b7-b627-817d3094eeb1")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertRetrieveLogoOrBiometricInfo(PCCERT_CONTEXT pCertContext, [MarshalAs(UnmanagedType.LPStr)] string lpszLogoOrBiometricType, CryptRetrievalFlags dwRetrievalFlags,
public static extern bool CertRetrieveLogoOrBiometricInfo(PCCERT_CONTEXT pCertContext, [In] SafeOID lpszLogoOrBiometricType, CryptRetrievalFlags dwRetrievalFlags,
uint dwTimeout, [Optional] uint dwFlags, [Optional] IntPtr pvReserved, out SafeCryptMem ppbData, out uint pcbData, out SafeCryptMem ppwszMimeType);
/// <summary>The <c>CertSelectCertificateChains</c> function retrieves certificate chains based on specified selection criteria.</summary>
@ -2141,6 +2349,180 @@ namespace Vanara.PInvoke
public static extern bool CertSelectCertificateChains(in Guid pSelectionContext, CertSelection dwFlags, [Optional] IntPtr pChainParameters, uint cCriteria, [In, Optional, MarshalAs(UnmanagedType.LPArray)] CERT_SELECT_CRITERIA[] rgpCriteria,
HCERTSTORE hStore, out uint pcSelection, out IntPtr pprgpSelection);
/// <summary>The <c>CertSelectCertificateChains</c> function retrieves certificate chains based on specified selection criteria.</summary>
/// <param name="pSelectionContext">A pointer to the GUID of the certificate selection scenario to use for this call.</param>
/// <param name="dwFlags">
/// <para>
/// Flags for controlling the certificate selection process. This parameter can be a combination of zero or more of the following flags:
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_SELECT_ALLOW_EXPIRED</term>
/// <term>Select expired certificates that meet selection criteria. By default expired certificates are rejected from selection.</term>
/// </item>
/// <item>
/// <term>CERT_SELECT_TRUSTED_ROOT</term>
/// <term>
/// Select certificates on which the error bit in the certificate chain trust status is not set to CERT_TRUST_IS_UNTRUSTED_ROOT,
/// CERT_TRUST_IS_PARTIAL_CHAIN, or CERT_TRUST_IS_NOT_TIME_VALID. In addition, certificates that have one of the following invalid
/// constraint errors are not selected:
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_DISALLOW_SELFSIGNED</term>
/// <term>Select certificates that are not self-issued and self-signed.</term>
/// </item>
/// <item>
/// <term>CERT_SELECT_HAS_PRIVATE_KEY</term>
/// <term>Select certificates that have a value set for the CERT_KEY_PROV_INFO_PROP_ID property of the certificate.</term>
/// </item>
/// <item>
/// <term>CERT_SELECT_HAS_KEY_FOR_SIGNATURE</term>
/// <term>
/// Select certificates on which the value of the dwKeySpec member of the CERT_KEY_PROV_INFO_PROP_ID property is set to
/// AT_SIGNATURE. If this function is being called as part of a CNG enabled application and the dwKeySpec member of the
/// CERT_KEY_PROV_INFO_PROP_ID property is set to -1, select certificates on which the value of the NCRYPT_KEY_USAGE_PROPERTY
/// property of the associated private key has the NCRYPT_ALLOW_SIGNING_FLAG set.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_HAS_KEY_FOR_KEY_EXCHANGE</term>
/// <term>
/// Select certificates on which the value of the dwKeySpec member of the CERT_KEY_PROV_INFO_PROP_ID property is set to
/// AT_KEYEXCHANGE. If this function is being called as part of a CNG enabled application and the dwKeySpec member of the
/// CERT_KEY_PROV_INFO_PROP_ID property is set to -1, select certificates on which either NCRYPT_ALLOW_DECRYPT_FLAG or
/// NCRYPT_ALLOW_KEY_AGREEMENT_FLAG is set.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_HARDWARE_ONLY</term>
/// <term>
/// Select certificates on which the value of the PP_IMPTYPE property of the associated private key provider is set to either
/// CRYPT_IMPL_HARDWARE or CRYPT_IMPL_REMOVABLE. (For CNG providers, NCRYPT_IMPL_TYPE_PROPERTY property value MUST have either the
/// NCRYPT_IMPL_HARDWARE_FLAG or NCRYPT_IMPL_REMOVABLE_FLAG bit set). If this function is being called as part of a CNG enabled
/// application, select certificates on which the NCRYPT_IMPL_TYPE_PROPERTY property is set to NCRYPT_IMPL_HARDWARE_FLAG or NCRYPT_IMPL_REMOVABLE_FLAG.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_ALLOW_DUPLICATES</term>
/// <term>
/// Allow the selection of certificates on which the Subject and Subject Alt Name contain the same information and the certificate
/// template extension value is equivalent. By default when certificates match this criteria, only the most recent certificate is selected.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="pChainParameters">
/// <para>
/// A pointer to a CERT_SELECT_CHAIN_PARA structure to specify parameters for chain building. If <c>NULL</c>, default parameters
/// will be used.
/// </para>
/// <para>
/// The <c>pChainPara</c> member of the CERT_SELECT_CHAIN_PARA structure points to a CERT_CHAIN_PARA structure that can be used to
/// enable strong signing.
/// </para>
/// </param>
/// <param name="cCriteria">The number of elements in the array pointed to by the rgpCriteria array.</param>
/// <param name="rgpCriteria">
/// A pointer to an array of CERT_SELECT_CRITERIA structures that define the selection criteria. If this parameter is set to
/// <c>NULL</c>, the value of the cCriteria parameter must be zero.
/// </param>
/// <param name="hStore">The handle to a store from which to select the certificates.</param>
/// <param name="pcSelection">
/// A pointer to a <c>DWORD</c> value to receive the number of elements in the array pointed to by the pprgpSelection parameter.
/// </param>
/// <param name="pprgpSelection">
/// <para>
/// A pointer to a pointer to a location to receive an array of CERT_CHAIN_CONTEXT structure. The <c>CertSelectCertificateChains</c>
/// function only returns certificate chains that match all the selection criteria. The entries in the array are ordered by quality,
/// i.e. the chain with the highest quality is the first entry.
/// </para>
/// <para>
/// Storage for the array is allocated by the <c>CertSelectCertificateChains</c> function. To free the allocated memory you must
/// first release each individual chain context in the array by calling the CertFreeCertificateChain function. Then you must free
/// the memory by calling the CertFreeCertificateChainList function.
/// </para>
/// </param>
/// <returns>
/// <para>If the function succeeds, the function returns <c>TRUE</c>.</para>
/// <para>If the function fails, it returns zero (FALSE). For extended error information, call the GetLastError function.</para>
/// <para>
/// <c>Note</c> If the selection does not yield any results, the <c>CertSelectCertificateChains</c> function returns <c>TRUE</c>,
/// but the value pointed to by pcSelection parameter is set to zero.
/// </para>
/// </returns>
/// <remarks>
/// <para>
/// Selection criteria can be specified through either the dwFlags parameter, through the rgpCriteria parameter, or through both
/// parameters. If no selection criteria are specified, the function succeeds and returns certificate chains for all certificates in
/// the store specified by the hStore parameter.
/// </para>
/// <para>Certificate chains that are selected are ordered based on the following preference logic:</para>
/// <list type="bullet">
/// <item>
/// <term>Prefer certificates that are smart card certificates over certificates that are not smart-card based.</term>
/// </item>
/// <item>
/// <term>Prefer certificates that have a longer validity period (the expiration date is later.)</term>
/// </item>
/// <item>
/// <term>If multiple certificates have same expiration date, prefer certificates that were issued more recently.</term>
/// </item>
/// <item>
/// <term>If there is a tie, prefer shorter chains.</term>
/// </item>
/// </list>
/// <para>
/// Certain selection criteria require that a certificate chain be built before you can select that criteria for use. If the
/// intermediate certificates required to build the chain are not available locally, a network retrieval is performed for the issuer
/// certificates. This network retrieval is performed if the <c>CERT_SELECT_TRUSTED_ROOT</c> flag is set or for the following criteria:
/// </para>
/// <list type="bullet">
/// <item>
/// <term><c>CERT_SELECT_BY_ISSUER_NAME</c></term>
/// </item>
/// <item>
/// <term><c>CERT_SELECT_BY_ISSUER_ATTR</c></term>
/// </item>
/// <item>
/// <term><c>CERT_SELECT_BY_POLICY_OID</c></term>
/// </item>
/// </list>
/// <para>Perform the following actions to enable strong signature checking:</para>
/// <list type="bullet">
/// <item>
/// <term>
/// Create a CERT_STRONG_SIGN_PARA structure, specify the required strong signing parameters, and set a pointer to the structure in
/// the <c>pStrongSignPara</c> member of a CERT_CHAIN_PARA structure.
/// </term>
/// </item>
/// <item>
/// <term>Set a pointer to the CERT_CHAIN_PARA structure in the <c>pChainPara</c> member of a CERT_SELECT_CHAIN_PARA structure.</term>
/// </item>
/// <item>
/// <term>Set a pointer to the CERT_SELECT_CHAIN_PARA structure in the pChainParameters parameter of this ( <c>CertSelectCertificateChains</c>)function.</term>
/// </item>
/// </list>
/// <para>
/// When you enable strong signature checking, any certificate chain that returns a <c>CERT_TRUST_IS_NOT_SIGNATURE_VALID</c> error
/// in the <c>dwErrorStatus</c> field of the CERT_TRUST_STATUS structure will be skipped. (The pprgpSelection parameter points to a
/// CERT_CHAIN_CONTEXT structure which, in turn, points to the <c>CERT_TRUST_STATUS</c> structure.) The
/// <c>CERT_TRUST_HAS_WEAK_SIGNATURE</c> value is also set for a weak signature.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certselectcertificatechains BOOL
// CertSelectCertificateChains( LPCGUID pSelectionContext, DWORD dwFlags, PCCERT_SELECT_CHAIN_PARA pChainParameters, DWORD
// cCriteria, PCCERT_SELECT_CRITERIA rgpCriteria, HCERTSTORE hStore, PDWORD pcSelection, PCCERT_CHAIN_CONTEXT **pprgpSelection );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "b740772b-d25b-4b3d-9acb-03f7018750d6")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertSelectCertificateChains([Optional] IntPtr pSelectionContext, CertSelection dwFlags, [Optional] IntPtr pChainParameters, uint cCriteria, [In, Optional, MarshalAs(UnmanagedType.LPArray)] CERT_SELECT_CRITERIA[] rgpCriteria,
HCERTSTORE hStore, out uint pcSelection, out IntPtr pprgpSelection);
/// <summary>
/// The <c>CertSerializeCertificateStoreElement</c> function serializes a certificate context's encoded certificate and its encoded
/// properties. The result can be persisted to storage so that the certificate and properties can be retrieved at a later time.
@ -2313,6 +2695,140 @@ namespace Vanara.PInvoke
/// <summary/>
public Guid ChainId;
/// <summary>Gets the chain from <see cref="rgpChain"/>.</summary>
public unsafe CERT_SIMPLE_CHAIN*[] GetChain()
{
var ret = new CERT_SIMPLE_CHAIN*[(int)cChain];
for (int i = 0; i < cChain; i++)
ret[i] = ((CERT_SIMPLE_CHAIN**)rgpChain)[i];
return ret;
}
/// <summary>Gets the contexts from <see cref="rgpLowerQualityChainContext"/>.</summary>
public unsafe CERT_CHAIN_CONTEXT*[] GetLowerQualityChainContext()
{
var ret = new CERT_CHAIN_CONTEXT*[(int)cLowerQualityChainContext];
for (int i = 0; i < cLowerQualityChainContext; i++)
ret[i] = ((CERT_CHAIN_CONTEXT**)rgpLowerQualityChainContext)[i];
return ret;
}
}
/// <summary>
/// The <c>CERT_CHAIN_ELEMENT</c> structure is a single element in a simple certificate chain. Each element has a pointer to a
/// certificate context, a pointer to a structure that indicates the error status and information status of the certificate, and a
/// pointer to a structure that indicates the revocation status of the certificate.
/// </summary>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_chain_element typedef struct _CERT_CHAIN_ELEMENT {
// DWORD cbSize; PCCERT_CONTEXT pCertContext; CERT_TRUST_STATUS TrustStatus; PCERT_REVOCATION_INFO pRevocationInfo;
// PCERT_ENHKEY_USAGE pIssuanceUsage; PCERT_ENHKEY_USAGE pApplicationUsage; LPCWSTR pwszExtendedErrorInfo; } CERT_CHAIN_ELEMENT, *PCERT_CHAIN_ELEMENT;
[PInvokeData("wincrypt.h", MSDNShortId = "a1f6ba18-63ef-43ac-a17f-900fa13398aa")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_CHAIN_ELEMENT
{
/// <summary>Size of this structure in bytes.</summary>
public uint cbSize;
/// <summary>A pointer to a certificate context.</summary>
public PCCERT_CONTEXT pCertContext;
/// <summary>
/// Structure indicating the status of the certificate. The structure includes an error status code and an information status
/// code. For information about status code values, see CERT_TRUST_STATUS.
/// </summary>
public CERT_TRUST_STATUS TrustStatus;
/// <summary>
/// A pointer to a CERT_REVOCATION_INFO structure with information on the revocation status of the certificate. If revocation
/// checking was not enabled, <c>pRevocationInfo</c> is <c>NULL</c>.
/// </summary>
public IntPtr pRevocationInfo;
/// <summary>A pointer to a CERT_ENHKEY_USAGE structure. If <c>NULL</c>, any issuance policy is acceptable.</summary>
public IntPtr pIssuanceUsage;
/// <summary>A pointer to a CERT_ENHKEY_USAGE structure. If <c>NULL</c>, any enhanced key usage is acceptable.</summary>
public IntPtr pApplicationUsage;
/// <summary>
/// A pointer to a <c>null</c>-terminated wide character string that contains extended error information. If <c>NULL</c>, there
/// is no extended error information.
/// </summary>
public StrPtrUni pwszExtendedErrorInfo;
}
/// <summary>
/// Contains information updated by a certificate revocation list (CRL) revocation type handler. The <c>CERT_REVOCATION_CRL_INFO</c>
/// structure is used with both base and delta CRLs.
/// </summary>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_revocation_crl_info typedef struct
// _CERT_REVOCATION_CRL_INFO { DWORD cbSize; PCCRL_CONTEXT pBaseCrlContext; PCCRL_CONTEXT pDeltaCrlContext; PCRL_ENTRY pCrlEntry;
// BOOL fDeltaCrlEntry; } CERT_REVOCATION_CRL_INFO, *PCERT_REVOCATION_CRL_INFO;
[PInvokeData("wincrypt.h", MSDNShortId = "069ff521-90fd-4de8-9b5c-045e44e87f75")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_REVOCATION_CRL_INFO
{
/// <summary>Size, in bytes, of the structure.</summary>
public uint cbSize;
/// <summary/>
public PCCRL_CONTEXT pBaseCrlContext;
/// <summary/>
public PCCRL_CONTEXT pDeltaCrlContext;
/// <summary>A pointer to an entry in either the base CRL or the delta CRL.</summary>
public IntPtr pCrlEntry;
/// <summary>
/// <c>TRUE</c> if <c>pCrlEntry</c> points to an entry in the delta CRL. <c>FALSE</c> if <c>pCrlEntry</c> points to an entry in
/// the base CRL.
/// </summary>
[MarshalAs(UnmanagedType.Bool)] public bool fDeltaCrlEntry;
}
/// <summary>The <c>CERT_REVOCATION_INFO</c> structure indicates the revocation status of a certificate in a CERT_CHAIN_ELEMENT.</summary>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_revocation_info typedef struct _CERT_REVOCATION_INFO
// { DWORD cbSize; DWORD dwRevocationResult; LPCSTR pszRevocationOid; LPVOID pvOidSpecificInfo; BOOL fHasFreshnessTime; DWORD
// dwFreshnessTime; PCERT_REVOCATION_CRL_INFO pCrlInfo; } CERT_REVOCATION_INFO, *PCERT_REVOCATION_INFO;
[PInvokeData("wincrypt.h", MSDNShortId = "798aa2d7-bf8a-425f-bc36-98a44ba3a9d6")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_REVOCATION_INFO
{
/// <summary>Size of this structure in bytes.</summary>
public uint cbSize;
/// <summary>
/// <para>Currently defined values are:</para>
/// <list type="bullet">
/// <item>
/// <term>CERT_TRUST_IS_REVOKED</term>
/// </item>
/// <item>
/// <term>CERT_TRUST_REVOCATION_STATUS_IS_UNKNOWN</term>
/// </item>
/// </list>
/// </summary>
public uint dwRevocationResult;
/// <summary>Not currently used and is set to <c>NULL</c>.</summary>
public StrPtrAnsi pszRevocationOid;
/// <summary>Not currently used and is set to <c>NULL</c>.</summary>
public IntPtr pvOidSpecificInfo;
/// <summary>BOOL set to <c>TRUE</c> if dwFreshnessTime has been updated.</summary>
[MarshalAs(UnmanagedType.Bool)] public bool fHasFreshnessTime;
/// <summary>
/// If <c>fHasFreshnessTime</c> is <c>TRUE</c>, holds the CurrentTime minus the certificate revocation list's (CRL's). This time
/// is in seconds.
/// </summary>
public uint dwFreshnessTime;
/// <summary>For CRL base revocation checking, a non- <c>NULL</c> pointer to a CERT_REVOCATION_CRL_INFO structure.</summary>
public IntPtr pCrlInfo;
}
/// <summary>
@ -2506,6 +3022,80 @@ namespace Vanara.PInvoke
public IntPtr ppPara;
}
/// <summary>
/// The <c>CERT_SIMPLE_CHAIN</c> structure contains an array of chain elements and a summary trust status for the chain that the
/// array represents.
/// </summary>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_simple_chain typedef struct _CERT_SIMPLE_CHAIN {
// DWORD cbSize; CERT_TRUST_STATUS TrustStatus; DWORD cElement; PCERT_CHAIN_ELEMENT *rgpElement; PCERT_TRUST_LIST_INFO
// pTrustListInfo; BOOL fHasRevocationFreshnessTime; DWORD dwRevocationFreshnessTime; } CERT_SIMPLE_CHAIN, *PCERT_SIMPLE_CHAIN;
[PInvokeData("wincrypt.h", MSDNShortId = "c130cab4-bf8d-429a-beb7-04cb5d37d466")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_SIMPLE_CHAIN
{
/// <summary>The size, in bytes, of this structure.</summary>
public uint cbSize;
/// <summary>
/// A structure that indicates the trust status of the whole chain. The structure includes an error status code and an
/// information status code. For information about status code values, see CERT_TRUST_STATUS.
/// </summary>
public CERT_TRUST_STATUS TrustStatus;
/// <summary>The number of CERT_CHAIN_ELEMENT structures in the array.</summary>
public uint cElement;
/// <summary>
/// An array of pointers to CERT_CHAIN_ELEMENT structures. <c>rgpElement</c>[0] is the end certificate chain element.
/// <c>rgpElement</c>[ <c>cElement</c>1] is the self-signed "root" certificate element.
/// </summary>
public IntPtr rgpElement;
/// <summary>
/// A pointer to a CERT_TRUST_LIST_INFO structure that contains a pointer to a certificate trust list (CTL) connecting this
/// chain to a next certificate chain. If the current chain is the final chain, <c>pTrustListInfo</c> is <c>NULL</c>.
/// </summary>
public IntPtr pTrustListInfo;
/// <summary>BOOL. If <c>TRUE</c>, <c>dwRevocationFreshnessTime</c> has been calculated.</summary>
[MarshalAs(UnmanagedType.Bool)] public bool fHasRevocationFreshnessTime;
/// <summary>
/// The age of a certificate revocation list (CRL) in seconds, calculated as the CurrentTime minus the CRL's ThisUpdate time.
/// This values is the largest time across all elements checked.
/// </summary>
public uint dwRevocationFreshnessTime;
/// <summary>Gets the elements from <see cref="rgpElement"/>.</summary>
public unsafe CERT_CHAIN_ELEMENT*[] GetElements()
{
var ret = new CERT_CHAIN_ELEMENT*[(int)cElement];
for (int i = 0; i < cElement; i++)
ret[i] = ((CERT_CHAIN_ELEMENT**)rgpElement)[i];
return ret;
}
}
/// <summary>The <c>CERT_TRUST_LIST_INFO</c> structure that indicates valid usage of a CTL.</summary>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_trust_list_info typedef struct _CERT_TRUST_LIST_INFO
// { DWORD cbSize; PCTL_ENTRY pCtlEntry; PCCTL_CONTEXT pCtlContext; } CERT_TRUST_LIST_INFO, *PCERT_TRUST_LIST_INFO;
[PInvokeData("wincrypt.h", MSDNShortId = "774f5626-9b48-4585-b713-adbf191861cc")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_TRUST_LIST_INFO
{
/// <summary>Size of this structure in bytes.</summary>
public uint cbSize;
/// <summary>
/// A pointer to a structure that includes a subject identifier, the count of attributes associated with a CTL, and an array of
/// those attributes.
/// </summary>
public IntPtr pCtlEntry;
/// <summary>A pointer to a CTL context.</summary>
public PCCTL_CONTEXT pCtlContext;
}
/// <summary>Provides a handle to an online certificate status protocol (OCSP) response.</summary>
[StructLayout(LayoutKind.Sequential)]
public struct HCERT_SERVER_OCSP_RESPONSE : IHandle
@ -2687,6 +3277,15 @@ namespace Vanara.PInvoke
/// <returns>The result of the conversion.</returns>
public static implicit operator PCCERT_CONTEXT(SafePCCERT_CONTEXT h) => h.handle;
/// <summary>
/// Performs an explicit conversion from <see cref="SafePCCERT_CONTEXT"/> to <see cref="CERT_CONTEXT"/>.
/// </summary>
/// <param name="h">The h.</param>
/// <returns>
/// The resulting <see cref="CERT_CONTEXT"/> instance from the conversion.
/// </returns>
public static unsafe explicit operator CERT_CONTEXT*(SafePCCERT_CONTEXT h) => (CERT_CONTEXT*)(void*)h.handle;
/// <inheritdoc/>
protected override bool InternalReleaseHandle() => CertFreeCertificateContext(handle);
}

7
PInvoke/Cryptography/Crypt32/Wincrypt.Conv.cs
View File

@ -371,8 +371,7 @@ namespace Vanara.PInvoke
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certalgidtooid LPCSTR CertAlgIdToOID( DWORD dwAlgId );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "2a66c6da-22dd-4192-9f3d-2fb85f8032e0")]
[return: MarshalAs(UnmanagedType.LPStr)]
public static extern string CertAlgIdToOID(uint dwAlgId);
public static extern StrPtrAnsi CertAlgIdToOID(uint dwAlgId);
/// <summary>
/// The <c>CertGetNameString</c> function obtains the subject or issuer name from a certificate CERT_CONTEXT structure and converts
@ -725,7 +724,7 @@ namespace Vanara.PInvoke
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certoidtoalgid DWORD CertOIDToAlgId( LPCSTR pszObjId );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "920b2642-ce7c-4098-8720-5a6f24128787")]
public static extern uint CertOIDToAlgId([MarshalAs(UnmanagedType.LPStr)] string pszObjId);
public static extern uint CertOIDToAlgId(SafeOID pszObjId);
/// <summary>
/// The <c>CertRDNValueToStr</c> function converts a name in a CERT_RDN_VALUE_BLOB to a <c>null</c>-terminated character string.
@ -1360,7 +1359,7 @@ namespace Vanara.PInvoke
[PInvokeData("wincrypt.h", MSDNShortId = "307e0bd5-b8a6-4d85-9775-65aae99e8dc6")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptFormatObject(CertEncodingType dwCertEncodingType, [Optional] uint dwFormatType, CryptFormatStr dwFormatStrType, [Optional] IntPtr pFormatStruct,
[MarshalAs(UnmanagedType.LPStr)] string lpszStructType, [In] IntPtr pbEncoded, uint cbEncoded, [In] IntPtr pbFormat, ref uint pcbFormat);
[In] SafeOID lpszStructType, [In] IntPtr pbEncoded, uint cbEncoded, [In] IntPtr pbFormat, ref uint pcbFormat);
/// <summary>The <c>CryptStringToBinary</c> function converts a formatted string into an array of bytes.</summary>
/// <param name="pszString">A pointer to a string that contains the formatted string to be converted.</param>

18
PInvoke/Cryptography/Crypt32/Wincrypt.DataMgmt.cs
View File

@ -795,7 +795,7 @@ namespace Vanara.PInvoke
// LPCSTR pszObjId, DWORD cAttr, CRYPT_ATTRIBUTE [] rgAttr );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "99d690fb-ea85-4cb1-9fb0-bdb02e4ac50a")]
public static extern IntPtr CertFindAttribute([MarshalAs(UnmanagedType.LPStr)] string pszObjId, uint cAttr, [MarshalAs(UnmanagedType.LPArray)] CRYPT_ATTRIBUTE[] rgAttr);
public static extern IntPtr CertFindAttribute(SafeOID pszObjId, uint cAttr, [MarshalAs(UnmanagedType.LPArray)] CRYPT_ATTRIBUTE[] rgAttr);
/// <summary>
/// The <c>CertFindAttribute</c> function finds the first attribute in the CRYPT_ATTRIBUTE array, as identified by its object
@ -823,7 +823,7 @@ namespace Vanara.PInvoke
// LPCSTR pszObjId, DWORD cExtensions, CERT_EXTENSION [] rgExtensions );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "489c58b6-a704-4f54-bc64-34eacafc347c")]
public static extern IntPtr CertFindExtension([MarshalAs(UnmanagedType.LPStr)] string pszObjId, uint cExtensions, [MarshalAs(UnmanagedType.LPArray)] CERT_EXTENSION[] rgExtensions);
public static extern IntPtr CertFindExtension(SafeOID pszObjId, uint cExtensions, [MarshalAs(UnmanagedType.LPArray)] CERT_EXTENSION[] rgExtensions);
/// <summary>
/// The <c>CertFindExtension</c> function finds the first extension in the CERT_EXTENSION array, as identified by its object
@ -848,7 +848,7 @@ namespace Vanara.PInvoke
// pszObjId, PCERT_NAME_INFO pName );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "31f82a02-e90a-48de-857a-9fbb03048b5c")]
public static extern IntPtr CertFindRDNAttr([MarshalAs(UnmanagedType.LPStr)] string pszObjId, in CERT_NAME_INFO pName);
public static extern IntPtr CertFindRDNAttr(SafeOID pszObjId, in CERT_NAME_INFO pName);
/// <summary>
/// The <c>CertGetIntendedKeyUsage</c> function acquires the intended key usage bytes from a certificate. The intended key usage can
@ -1413,7 +1413,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "defd0b23-d9c2-4b28-a6a6-1be7487ae656")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptExportPKCS8(HCRYPTPROV hCryptProv, CertKeySpec dwKeySpec, [MarshalAs(UnmanagedType.LPStr)] string pszPrivateKeyObjId, uint dwFlags, [In, Optional] IntPtr pvAuxInfo, [Out, Optional] IntPtr pbPrivateKeyBlob, ref uint pcbPrivateKeyBlob);
public static extern bool CryptExportPKCS8(HCRYPTPROV hCryptProv, CertKeySpec dwKeySpec, SafeOID pszPrivateKeyObjId, uint dwFlags, [In, Optional] IntPtr pvAuxInfo, [Out, Optional] IntPtr pbPrivateKeyBlob, ref uint pcbPrivateKeyBlob);
/// <summary>
/// <para>
@ -1767,7 +1767,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "38274222-90b3-4038-86d3-6b2813100ce2")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptExportPublicKeyInfoEx(HCRYPTPROV hCryptProvOrNCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType, [MarshalAs(UnmanagedType.LPStr)] string pszPublicKeyObjId,
public static extern bool CryptExportPublicKeyInfoEx(HCRYPTPROV hCryptProvOrNCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType, SafeOID pszPublicKeyObjId,
CryptOIDInfoFlags dwFlags, [In, Optional] IntPtr pvAuxInfo, [Out, Optional] IntPtr pInfo, ref uint pcbInfo);
/// <summary>
@ -1889,7 +1889,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "38274222-90b3-4038-86d3-6b2813100ce2")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptExportPublicKeyInfoEx(NCrypt.NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType, [MarshalAs(UnmanagedType.LPStr)] string pszPublicKeyObjId,
public static extern bool CryptExportPublicKeyInfoEx(NCrypt.NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType, SafeOID pszPublicKeyObjId,
CryptOIDInfoFlags dwFlags, [In, Optional] IntPtr pvAuxInfo, [Out, Optional] IntPtr pInfo, ref uint pcbInfo);
/// <summary>
@ -1961,7 +1961,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "f96bff4a-d354-4231-907a-383aff5cfacc")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptExportPublicKeyInfoFromBCryptKeyHandle(BCrypt.BCRYPT_KEY_HANDLE hBCryptKey, CertEncodingType dwCertEncodingType, [MarshalAs(UnmanagedType.LPStr)] string pszPublicKeyObjId,
public static extern bool CryptExportPublicKeyInfoFromBCryptKeyHandle(BCrypt.BCRYPT_KEY_HANDLE hBCryptKey, CertEncodingType dwCertEncodingType, SafeOID pszPublicKeyObjId,
CryptOIDInfoFlags dwFlags, [In, Optional] IntPtr pvAuxInfo, [Out, Optional] IntPtr pInfo, ref uint pcbInfo);
/// <summary>
@ -5081,7 +5081,7 @@ namespace Vanara.PInvoke
[PInvokeData("wincrypt.h", MSDNShortId = "ee138918-ed7c-4980-8b18-64004a0dd7df")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptSignAndEncodeCertificate(BCrypt.BCRYPT_KEY_HANDLE hBCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType,
[MarshalAs(UnmanagedType.LPStr)] string lpszStructType, [In] IntPtr pvStructInfo, in CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
[In] SafeOID lpszStructType, [In] IntPtr pvStructInfo, in CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
[In, Optional] IntPtr pvHashAuxInfo, [Out] IntPtr pbEncoded, ref uint pcbEncoded);
/// <summary>The <c>CryptSignCertificate</c> function signs the "to be signed" information in the encoded signed content.</summary>
@ -5757,7 +5757,7 @@ namespace Vanara.PInvoke
public CertKeySpec dwKeySpec;
/// <summary>An <c>LPSTR</c> variable that contains the object identifier (OID) of the private key to be exported.</summary>
[MarshalAs(UnmanagedType.LPStr)] public string pszPrivateKeyObjId;
public StrPtrAnsi pszPrivateKeyObjId;
/// <summary>
/// A PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC pointer that points to a callback to a function that encrypts the private key. If this is

7
PInvoke/Cryptography/Crypt32/Wincrypt.Key.cs
View File

@ -1,5 +1,6 @@
using System;
using System.Runtime.InteropServices;
using Vanara.InteropServices;
namespace Vanara.PInvoke
{
@ -147,7 +148,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "1bec8d2f-aa43-4a8b-9414-c3a4e5fcb470")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertAddEnhancedKeyUsageIdentifier([In] PCCERT_CONTEXT pCertContext, [MarshalAs(UnmanagedType.LPStr)] string pszUsageIdentifier);
public static extern bool CertAddEnhancedKeyUsageIdentifier([In] PCCERT_CONTEXT pCertContext, SafeOID pszUsageIdentifier);
/// <summary>
/// The <c>CertGetEnhancedKeyUsage</c> function returns information from the enhanced key usage (EKU) extension or the EKU extended
@ -247,7 +248,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "4fb27073-674c-4bac-9a62-6e33e1a5785e")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertRemoveEnhancedKeyUsageIdentifier(PCCERT_CONTEXT pCertContext, [MarshalAs(UnmanagedType.LPStr)] string pszUsageIdentifier);
public static extern bool CertRemoveEnhancedKeyUsageIdentifier(PCCERT_CONTEXT pCertContext, SafeOID pszUsageIdentifier);
/// <summary>
/// The <c>CertSetEnhancedKeyUsage</c> function sets the enhanced key usage (EKU) property for the certificate. Use of this function
@ -322,7 +323,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "628e1995-8207-4daa-a445-cb21a755ffa6")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptCreateKeyIdentifierFromCSP(CertEncodingType dwCertEncodingType, [Optional, MarshalAs(UnmanagedType.LPStr)] string pszPubKeyOID,
public static extern bool CryptCreateKeyIdentifierFromCSP(CertEncodingType dwCertEncodingType, [Optional] SafeOID pszPubKeyOID,
in PUBLICKEYSTRUC pPubKeyStruc, uint cbPubKeyStruc, uint dwFlags, [Optional] IntPtr pvReserved, [Out] IntPtr pbHash, ref uint pcbHash);
/// <summary>

108
PInvoke/Cryptography/Crypt32/Wincrypt.Msg.cs
View File

@ -851,6 +851,93 @@ namespace Vanara.PInvoke
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptDecryptMessage(in CRYPT_DECRYPT_MESSAGE_PARA pDecryptPara, [In] IntPtr pbEncryptedBlob, uint cbEncryptedBlob, [Out] IntPtr pbDecrypted, ref uint pcbDecrypted, out SafePCCERT_CONTEXT ppXchgCert);
/// <summary>The <c>CryptDecryptMessage</c> function decodes and decrypts a message.</summary>
/// <param name="pDecryptPara">A pointer to a CRYPT_DECRYPT_MESSAGE_PARA structure that contains decryption parameters.</param>
/// <param name="pbEncryptedBlob">A pointer to a buffer that contains the encoded and encrypted message to be decrypted.</param>
/// <param name="cbEncryptedBlob">The size, in bytes, of the encoded and encrypted message.</param>
/// <param name="pbDecrypted">
/// <para>A pointer to a buffer that receives the decrypted message.</para>
/// <para>
/// To set the size of this information for memory allocation purposes, this parameter can be <c>NULL</c>. A decrypted message will
/// not be returned if this parameter is <c>NULL</c>. For more information, see Retrieving Data of Unknown Length.
/// </para>
/// </param>
/// <param name="pcbDecrypted">
/// <para>
/// A pointer to a <c>DWORD</c> that specifies the size, in bytes, of the buffer pointed to by the pbDecrypted parameter. When the
/// function returns, this variable contains the size, in bytes, of the decrypted message copied to pbDecrypted.
/// </para>
/// <para>
/// <c>Note</c> When processing the data returned in the pbDecrypted buffer, applications must use the actual size of the data
/// returned. The actual size can be slightly smaller than the size of the buffer specified in pcbDecrypted on input. On input,
/// buffer sizes are usually specified large enough to ensure that the largest possible output data will fit in the buffer. On
/// output, the <c>DWORD</c> is updated to the actual size of the data copied to the buffer.
/// </para>
/// </param>
/// <param name="ppXchgCert">
/// A pointer to a CERT_CONTEXT structure of a certificate that corresponds to the private exchange key needed to decrypt the
/// message. To indicate that the function should not return the certificate context used to decrypt, set this parameter to <c>NULL</c>.
/// </param>
/// <returns>
/// <para>If the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
/// <para>If the function fails, it returns zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
/// <para><c>Note</c> Errors from calls to CryptImportKey and CryptDecrypt might be propagated to this function.</para>
/// <para>The GetLastError function returns the following error codes most often.</para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>ERROR_MORE_DATA</term>
/// <term>
/// If the buffer specified by the pbDecrypted parameter is not large enough to hold the returned data, the function sets the
/// ERROR_MORE_DATA code, and stores the required buffer size, in bytes, in the variable pointed to by pcbDecrypted.
/// </term>
/// </item>
/// <item>
/// <term>E_INVALIDARG</term>
/// <term>
/// Invalid message and certificate encoding types. Currently only PKCS_7_ASN_ENCODING and X509_ASN_ENCODING_TYPE are supported.
/// Invalid cbSize in *pDecryptPara.
/// </term>
/// </item>
/// <item>
/// <term>CRYPT_E_UNEXPECTED_MSG_TYPE</term>
/// <term>Not an enveloped cryptographic message.</term>
/// </item>
/// <item>
/// <term>NTE_BAD_ALGID</term>
/// <term>The message was encrypted by using an unknown or unsupported algorithm.</term>
/// </item>
/// <item>
/// <term>CRYPT_E_NO_DECRYPT_CERT</term>
/// <term>No certificate was found having a private key property to use for decrypting.</term>
/// </item>
/// </list>
/// <para>
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
/// </para>
/// </returns>
/// <remarks>
/// <para>
/// When <c>NULL</c> is passed for pbDecrypted, and pcbDecrypted is not <c>NULL</c>, <c>NULL</c> is returned for the address passed
/// in ppXchgCert; otherwise, a pointer to a CERT_CONTEXT is returned. For a successfully decrypted message, this pointer to a
/// <c>CERT_CONTEXT</c> points to the certificate context used to decrypt the message. It must be freed by calling
/// CertFreeCertificateContext. If the function fails, the value at ppXchgCert is set to <c>NULL</c>.
/// </para>
/// <para>Examples</para>
/// <para>For an example that uses this function, see Example C Program: Using CryptEncryptMessage and CryptDecryptMessage.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptdecryptmessage BOOL CryptDecryptMessage(
// PCRYPT_DECRYPT_MESSAGE_PARA pDecryptPara, const BYTE *pbEncryptedBlob, DWORD cbEncryptedBlob, BYTE *pbDecrypted, DWORD
// *pcbDecrypted, PCCERT_CONTEXT *ppXchgCert );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "e540b816-64e1-4c78-9020-2b221e813acc")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptDecryptMessage(in CRYPT_DECRYPT_MESSAGE_PARA pDecryptPara, [In] IntPtr pbEncryptedBlob, uint cbEncryptedBlob, [Out] IntPtr pbDecrypted, ref uint pcbDecrypted, IntPtr ppXchgCert = default);
/// <summary>The <c>CryptEncryptMessage</c> function encrypts and encodes a message.</summary>
/// <param name="pEncryptPara">
/// <para>A pointer to a CRYPT_ENCRYPT_MESSAGE_PARA structure that contains the encryption parameters.</para>
@ -1278,7 +1365,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "1c12003a-c2f3-4069-8bd6-b8f2875b0c98")]
public static extern uint CryptMsgCalculateEncodedLength(CertEncodingType dwMsgEncodingType, CryptMsgFlags dwFlags, CryptMsgType dwMsgType, [In] IntPtr pvMsgEncodeInfo,
[Optional, MarshalAs(UnmanagedType.LPStr)] string pszInnerContentObjID, uint cbData);
[Optional] SafeOID pszInnerContentObjID, uint cbData);
/// <summary>
/// The <c>CryptMsgClose</c> function closes a cryptographic message handle. At each call to this function, the reference count on
@ -2745,7 +2832,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "b0d2610b-05ba-4fb6-8f38-10f970a52091")]
public static extern SafeHCRYPTMSG CryptMsgOpenToEncode(CertEncodingType dwMsgEncodingType, CryptMsgFlags dwFlags, CryptMsgType dwMsgType, [In] IntPtr pvMsgEncodeInfo,
[Optional, MarshalAs(UnmanagedType.LPStr)] string pszInnerContentObjID, in CMSG_STREAM_INFO pStreamInfo);
[Optional] SafeOID pszInnerContentObjID, in CMSG_STREAM_INFO pStreamInfo);
/// <summary>
/// The <c>CryptMsgOpenToEncode</c> function opens a cryptographic message for encoding and returns a handle of the opened message.
@ -2976,7 +3063,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "b0d2610b-05ba-4fb6-8f38-10f970a52091")]
public static extern SafeHCRYPTMSG CryptMsgOpenToEncode(CertEncodingType dwMsgEncodingType, CryptMsgFlags dwFlags, CryptMsgType dwMsgType, [In] IntPtr pvMsgEncodeInfo,
[Optional, MarshalAs(UnmanagedType.LPStr)] string pszInnerContentObjID, IntPtr pStreamInfo = default);
[Optional] SafeOID pszInnerContentObjID, IntPtr pStreamInfo = default);
/// <summary>
/// The <c>CryptMsgUpdate</c> function adds contents to a cryptographic message. The use of this function allows messages to be
@ -4433,23 +4520,12 @@ namespace Vanara.PInvoke
[StructLayout(LayoutKind.Explicit)]
public struct CMSG_KEY_AGREE_RECIPIENT_INFO_UNION
{
/// <summary>
/// A handle to the cryptographic service provider (CSP) used to do the recipient key encryption and export. If <c>NULL</c>,
/// the provider specified in CMSG_ENVELOPED_ENCODE_INFO is used. The CNG function NCryptIsKeyHandle is called to determine
/// the union choice.
/// </summary>
[FieldOffset(0)]
/// <summary>A CERT_ID that identifies the public key of the message originator.</summary>
[FieldOffset(0)]
public CERT_ID OriginatorCertId;
/// <summary>
/// A handle to the CNG CSP used to do the recipient key encryption and export. The CNG function NCryptIsKeyHandle is called
/// to determine the union choice. New encrypt algorithms are only supported in CNG functions. The CNG function
/// NCryptTranslateHandle will be called to convert the CryptoAPI CSP hCryptProv choice where necessary. We recommend that
/// applications pass, to the hNCryptKey member, the CNG CSP handle that is returned from the NCryptOpenKey function.
/// </summary>
[FieldOffset(0)]
/// <summary>A CERT_PUBLIC_KEY_INFO structure that contains the public key of the message originator.</summary>
[FieldOffset(0)]
public CERT_PUBLIC_KEY_INFO OriginatorPublicKeyInfo;
}

234
PInvoke/Cryptography/Crypt32/Wincrypt.OID.cs
View File

@ -1,6 +1,9 @@
using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using Vanara.Extensions;
using Vanara.InteropServices;
namespace Vanara.PInvoke
@ -8,6 +11,9 @@ namespace Vanara.PInvoke
/// <summary>Methods and data types found in Crypt32.dll.</summary>
public static partial class Crypt32
{
/// <summary>Number of bits to shift byte len into an OID Group ID.</summary>
public const int CRYPT_OID_INFO_OID_GROUP_BIT_LEN_SHIFT = 16;
/// <summary>The <c>CRYPT_ENUM_OID_FUNCTION</c> callback function is used with the CryptEnumOIDFunction function.</summary>
/// <param name="dwEncodingType">
/// <para>Specifies the encoding type to match. Setting this parameter to CRYPT_MATCH_ANY_ENCODING_TYPE matches any encoding type.</para>
@ -48,7 +54,7 @@ namespace Vanara.PInvoke
// rgdwValueType[], LPCWSTR const rgpwszValueName[], const BYTE * const rgpbValueData[], const DWORD rgcbValueData[], void *pvArg ) {...}
[PInvokeData("wincrypt.h", MSDNShortId = "f29a3454-fa64-4305-ba4e-027d45014024")]
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool PFN_CRYPT_ENUM_OID_FUNC(CertEncodingType dwEncodingType, [MarshalAs(UnmanagedType.LPStr)] string pszFuncName, [MarshalAs(UnmanagedType.LPStr)] string pszOID,
public delegate bool PFN_CRYPT_ENUM_OID_FUNC(CertEncodingType dwEncodingType, [MarshalAs(UnmanagedType.LPStr)] string pszFuncName, [In] SafeOID pszOID,
uint cValue, uint[] rgdwValueType, [MarshalAs(UnmanagedType.LPArray, ArraySubType = UnmanagedType.LPWStr)] string[] rgpwszValueName, IntPtr[] rgpbValueData, uint[] rgcbValueData, IntPtr pvArg);
/// <summary>The <c>CRYPT_ENUM_OID_INFO</c> callback function is used with the CryptEnumOIDInfo function.</summary>
@ -62,7 +68,7 @@ namespace Vanara.PInvoke
// PfnCryptEnumOidInfo; BOOL PfnCryptEnumOidInfo( PCCRYPT_OID_INFO pInfo, void *pvArg ) {...}
[PInvokeData("wincrypt.h", MSDNShortId = "30ae4274-631d-4c6a-96c5-18f096607cad")]
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool PFN_CRYPT_ENUM_OID_INFO(in CRYPT_OID_INFO pInfo, [In, Out, Optional] IntPtr pvArg);
public delegate bool PFN_CRYPT_ENUM_OID_INFO(PCCRYPT_OID_INFO pInfo, [In, Out, Optional] IntPtr pvArg);
/// <summary>Flags for <see cref="CryptInstallOIDFunctionAddress"/>.</summary>
[PInvokeData("wincrypt.h", MSDNShortId = "934e8278-0e0b-4402-a2b6-ff1e913d54c9")]
@ -176,7 +182,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "aa2fba03-183b-4b74-b306-8f4592995897")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptEnumOIDFunction(CertEncodingType dwEncodingType, [Optional, MarshalAs(UnmanagedType.LPStr)] string pszFuncName, [Optional, MarshalAs(UnmanagedType.LPStr)] string pszOID,
public static extern bool CryptEnumOIDFunction(CertEncodingType dwEncodingType, [Optional, MarshalAs(UnmanagedType.LPStr)] string pszFuncName, [Optional, In] SafeOID pszOID,
[Optional] uint dwFlags, [In, Out, Optional] IntPtr pvArg, PFN_CRYPT_ENUM_OID_FUNC pfnEnumOIDFunc);
/// <summary>
@ -405,7 +411,162 @@ namespace Vanara.PInvoke
// dwKeyType, void *pvKey, DWORD dwGroupId );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "87acf207-d109-4173-9530-8cbbebb473b2")]
public static extern IntPtr CryptFindOIDInfo(CryptOIDInfoFlags dwKeyType, [In] IntPtr pvKey, OIDGroupId dwGroupId);
public static extern PCCRYPT_OID_INFO CryptFindOIDInfo(CryptOIDInfoFlags dwKeyType, [In] IntPtr pvKey, OIDGroupId dwGroupId);
/// <summary>
/// <para>
/// The <c>CryptFindOIDInfo</c> function retrieves the first predefined or registered CRYPT_OID_INFO structure that matches a
/// specified key type and key. The search can be limited to object identifiers (OIDs) within a specified OID group.
/// </para>
/// <para>
/// Use CryptEnumOIDInfo to list all or selected subsets of CRYPT_OID_INFO structures. New <c>CRYPT_OID_INFO</c> structures can be
/// registered by using CryptRegisterOIDInfo. User-registered OIDs can be removed from the list of registered OIDs by using CryptUnregisterOIDInfo.
/// </para>
/// <para>
/// New OIDs can be placed in the list of registered OIDs either before or after the predefined entries. Because
/// <c>CryptFindOIDInfo</c> returns the first key on the list that matches the search criteria, a newly registered OID placed before
/// a predefined OID entry with the same key overrides a predefined entry.
/// </para>
/// </summary>
/// <param name="dwKeyType">
/// <para>Specifies the key type to use when finding OID information.</para>
/// <para>This parameter can be one of the following key types.</para>
/// <para>CRYPT_OID_INFO_OID_KEY</para>
/// <para>pvKey is the address of a null-terminated ANSI string that contains the OID string to find.</para>
/// <para>CRYPT_OID_INFO_NAME_KEY</para>
/// <para>pvKey is the address of a null-terminated Unicode string that contains the name to find.</para>
/// <para>CRYPT_OID_INFO_ALGID_KEY</para>
/// <para>pvKey is the address of an ALG_IDvariable. The following <c>ALG_ID</c> s are supported:</para>
/// <para>Hash Algorithms:</para>
/// <para>Symmetric Encryption Algorithms:</para>
/// <para>Public Key Algorithms:</para>
/// <para>Algorithms that are not listed are supported by using Cryptography API: Next Generation (CNG) only; instead, use <c>CRYPT_OID_INFO_CNG_ALGID_KEY</c>.</para>
/// <para>CRYPT_OID_INFO_SIGN_KEY</para>
/// <para>
/// pvKey is the address of an array of two ALG_IDs where the first element contains the hash algorithm identifier and the second
/// element contains the public key algorithm identifier.
/// </para>
/// <para>The following <c>ALG_ID</c> combinations are supported.</para>
/// <list type="table">
/// <listheader>
/// <term>Signature algorithm identifier</term>
/// <term>Hash algorithm identifier</term>
/// </listheader>
/// <item>
/// <term>CALG_RSA_SIGN</term>
/// <term>CALG_SHA1 CALG_MD5 CALG_MD4 CALG_MD2</term>
/// </item>
/// <item>
/// <term>CALG_DSS_SIGN</term>
/// <term>CALG_SHA1</term>
/// </item>
/// <item>
/// <term>CALG_NO_SIGN</term>
/// <term>CALG_SHA1 CALG_NO_SIGN</term>
/// </item>
/// </list>
/// <para>Algorithms that are not listed are supported through CNG only; instead, use <c>CRYPT_OID_INFO_CNG_SIGN_KEY</c>.</para>
/// <para>CRYPT_OID_INFO_CNG_ALGID_KEY</para>
/// <para>
/// pvKey is the address of a null-terminated Unicode string that contains the CNG algorithm identifier to find. This can be one of
/// the predefined CNG Algorithm Identifiers or another registered algorithm identifier.
/// </para>
/// <para>Windows Server 2003 R2 Windows Server 2003 :</para>
/// <para>This key type is not supported.</para>
/// <para>CRYPT_OID_INFO_CNG_SIGN_KEY</para>
/// <para>
/// pvKey is the address of an array of two null-terminated Unicode string pointers where the first string contains the hash CNG
/// algorithm identifier and the second string contains the public key CNG algorithm identifier. These can be from the predefined
/// CNG Algorithm Identifiers or another registered algorithm identifier.
/// </para>
/// <para>Windows Server 2003 R2 Windows Server 2003 :</para>
/// <para>This key type is not supported.</para>
/// <para>
/// Optionally, the following key types can be specified in the dwKeyType parameter by using the logical <c>OR</c> operator (|).
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG</term>
/// <term>
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group that are explicitly flagged with the
/// CRYPT_OID_PUBKEY_ENCRYPT_ONLY_FLAG flag.
/// </term>
/// </item>
/// <item>
/// <term>CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG</term>
/// <term>
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group that are explicitly flagged with the
/// CRYPT_OID_PUBKEY_SIGN_ONLY_FLAG flag.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="pvKey">
/// The address of a buffer that contains additional search information. This parameter depends on the value of the dwKeyType
/// parameter. For more information, see the table under dwKeyType.
/// </param>
/// <param name="dwGroupId">
/// <para>
/// The group identifier to use when finding OID information. Setting this parameter to zero searches all groups according to the
/// dwKeyType parameter. Otherwise, only the indicated dwGroupId is searched.
/// </para>
/// <para>For information about code that lists the OID information by group identifier, see CryptEnumOIDInfo.</para>
/// <para>Optionally, the following flag can be specified in the dwGroupId parameter by using the logical <c>OR</c> operator (|).</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CRYPT_OID_DISABLE_SEARCH_DS_FLAG</term>
/// <term>Disables searching the directory server.</term>
/// </item>
/// </list>
/// <para>
/// The bit length shifted left 16 bits can be specified in the dwGroupId parameter by using the logical <c>OR</c> operator (|). For
/// more information, see Remarks.
/// </para>
/// </param>
/// <returns>
/// Returns a pointer to a constant structure of type CRYPT_OID_INFO. The returned pointer must not be freed. When the specified key
/// and group is not found, <c>NULL</c> is returned.
/// </returns>
/// <remarks>
/// <para>
/// The <c>CryptFindOIDInfo</c> function performs a lookup in the active directory to retrieve the friendly names of OIDs under the
/// following conditions:
/// </para>
/// <list type="bullet">
/// <item>
/// <term>The key type in the dwKeyType parameter is set to <c>CRYPT_OID_INFO_OID_KEY</c> or <c>CRYPT_OID_INFO_NAME_KEY</c>.</term>
/// </item>
/// <item>
/// <term>
/// No group identifier is specified in the dwGroupId parameter or the GroupID refers to EKU OIDs, policy OIDs or template OIDs.
/// </term>
/// </item>
/// </list>
/// <para>
/// Network retrieval of the friendly name can be suppressed by calling the function with the
/// <c>CRYPT_OID_DISABLE_SEARCH_DS_FLAG</c> flag.
/// </para>
/// <para>
/// The bit length shifted left 16 bits can be specified in the dwGroupId parameter by using the logical <c>OR</c> operator (|).
/// This is only applicable to the <c>CRYPT_ENCRYPT_ALG_OID_GROUP_ID</c> group entries that have a bit length specified in the
/// <c>ExtraInfo</c> member of the CRYPT_OID_INFO structure. Currently, only the AES encryption algorithms have this. The constant
/// <c>CRYPT_OID_INFO_OID_GROUP_BIT_LEN_SHIFT</c> can be used for doing the shift. For example, to find the OID information for
/// <c>BCRYPT_AES_ALGORITHM</c> with bit length equal to 192, call <c>CryptFindOIDInfo</c> as follows.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptfindoidinfo PCCRYPT_OID_INFO CryptFindOIDInfo( DWORD
// dwKeyType, void *pvKey, DWORD dwGroupId );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "87acf207-d109-4173-9530-8cbbebb473b2")]
public static extern PCCRYPT_OID_INFO CryptFindOIDInfo(CryptOIDInfoFlags dwKeyType, [In, MarshalAs(UnmanagedType.LPWStr)] string pvKey, OIDGroupId dwGroupId);
/// <summary>
/// The <c>CryptFreeOIDFunctionAddress</c> function releases a handle returned by CryptGetOIDFunctionAddress or
@ -619,7 +780,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "2eef6109-a840-48c6-936c-ec0875039c39")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptGetOIDFunctionAddress([In] HCRYPTOIDFUNCSET hFuncSet, CertEncodingType dwEncodingType, [Optional, MarshalAs(UnmanagedType.LPStr)] string pszOID,
public static extern bool CryptGetOIDFunctionAddress([In] HCRYPTOIDFUNCSET hFuncSet, CertEncodingType dwEncodingType, [Optional, In] SafeOID pszOID,
OIDFuncFlags dwFlags, out IntPtr ppvFuncAddr, ref HCRYPTOIDFUNCADDR phFuncAddr);
/// <summary>
@ -722,7 +883,7 @@ namespace Vanara.PInvoke
[PInvokeData("wincrypt.h", MSDNShortId = "14eb7f10-f42a-4496-9699-62eeb9878ea2")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptGetOIDFunctionValue(CertEncodingType dwEncodingType, [MarshalAs(UnmanagedType.LPStr)] string pszFuncName,
[MarshalAs(UnmanagedType.LPStr)] string pszOID, [Optional, MarshalAs(UnmanagedType.LPWStr)] string pwszValueName, out REG_VALUE_TYPE pdwValueType,
[In] SafeOID pszOID, [Optional, MarshalAs(UnmanagedType.LPWStr)] string pwszValueName, out REG_VALUE_TYPE pdwValueType,
[Out] IntPtr pbValueData, ref uint pcbValueData);
/// <summary>
@ -856,7 +1017,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "b625597d-28fd-4a40-afbe-a09201d36512")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptRegisterOIDFunction(CertEncodingType dwEncodingType, [MarshalAs(UnmanagedType.LPStr)] string pszFuncName, StrPtrAnsi pszOID,
public static extern bool CryptRegisterOIDFunction(CertEncodingType dwEncodingType, [MarshalAs(UnmanagedType.LPStr)] string pszFuncName, SafeOID pszOID,
[MarshalAs(UnmanagedType.LPWStr)] string pwszDll, [Optional, MarshalAs(UnmanagedType.LPStr)] string pszOverrideFuncName);
/// <summary>
@ -963,7 +1124,7 @@ namespace Vanara.PInvoke
[PInvokeData("wincrypt.h", MSDNShortId = "3e167c5d-0000-4359-a7b0-9b3e4e64c50c")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptSetOIDFunctionValue(CertEncodingType dwEncodingType, [MarshalAs(UnmanagedType.LPStr)] string pszFuncName,
StrPtrAnsi pszOID, [Optional, MarshalAs(UnmanagedType.LPWStr)] string pwszValueName, REG_VALUE_TYPE dwValueType, [In, Optional] IntPtr pbValueData, uint cbValueData);
SafeOID pszOID, [Optional, MarshalAs(UnmanagedType.LPWStr)] string pwszValueName, REG_VALUE_TYPE dwValueType, [In, Optional] IntPtr pbValueData, uint cbValueData);
/// <summary>
/// The <c>CryptUnregisterDefaultOIDFunction</c> removes the registration of a DLL containing the default function to be called for
@ -1016,7 +1177,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "c06ffda5-df7c-4e0e-bf4f-8b8c968fcd4c")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptUnregisterOIDFunction(CertEncodingType dwEncodingType, [MarshalAs(UnmanagedType.LPStr)] string pszFuncName, StrPtrAnsi pszOID);
public static extern bool CryptUnregisterOIDFunction(CertEncodingType dwEncodingType, [MarshalAs(UnmanagedType.LPStr)] string pszFuncName, SafeOID pszOID);
/// <summary>
/// The <c>CryptUnregisterOIDInfo</c> function removes the registration of a specified CRYPT_OID_INFO OID information structure. The
@ -1074,7 +1235,7 @@ namespace Vanara.PInvoke
public uint cbSize;
/// <summary>The OID associated with this OID information.</summary>
[MarshalAs(UnmanagedType.LPStr)] public string pszOID;
public StrPtrAnsi pszOID;
/// <summary>The display name associated with an OID.</summary>
[MarshalAs(UnmanagedType.LPWStr)] public string pwszName;
@ -1408,6 +1569,59 @@ namespace Vanara.PInvoke
public IntPtr DangerousGetHandle() => handle;
}
/// <summary>Provides a pointer to a CRYPT_OID_INFO.</summary>
[StructLayout(LayoutKind.Sequential)]
public struct PCCRYPT_OID_INFO : IHandle
{
private IntPtr handle;
/// <summary>Initializes a new instance of the <see cref="PCCRYPT_OID_INFO"/> struct.</summary>
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
public PCCRYPT_OID_INFO(IntPtr preexistingHandle) => handle = preexistingHandle;
/// <summary>Returns an invalid handle by instantiating a <see cref="PCCRYPT_OID_INFO"/> object with <see cref="IntPtr.Zero"/>.</summary>
public static PCCRYPT_OID_INFO NULL => new PCCRYPT_OID_INFO(IntPtr.Zero);
/// <summary>Gets a value indicating whether this instance is a null handle.</summary>
public bool IsNull => handle == IntPtr.Zero;
/// <summary>Performs an explicit conversion from <see cref="PCCRYPT_OID_INFO"/> to <see cref="IntPtr"/>.</summary>
/// <param name="h">The handle.</param>
/// <returns>The result of the conversion.</returns>
public static explicit operator IntPtr(PCCRYPT_OID_INFO h) => h.handle;
/// <summary>Performs an implicit conversion from <see cref="IntPtr"/> to <see cref="PCCRYPT_OID_INFO"/>.</summary>
/// <param name="h">The pointer to a handle.</param>
/// <returns>The result of the conversion.</returns>
public static implicit operator PCCRYPT_OID_INFO(IntPtr h) => new PCCRYPT_OID_INFO(h);
/// <summary>Performs an explicit conversion from <see cref="PCCRYPT_OID_INFO"/> to <see cref="CRYPT_OID_INFO"/>.</summary>
/// <param name="h">The handle.</param>
/// <returns>The resulting <see cref="CRYPT_OID_INFO"/> instance from the conversion.</returns>
public static explicit operator CRYPT_OID_INFO(PCCRYPT_OID_INFO h) => h.handle.ToStructure<CRYPT_OID_INFO>();
/// <summary>Implements the operator !=.</summary>
/// <param name="h1">The first handle.</param>
/// <param name="h2">The second handle.</param>
/// <returns>The result of the operator.</returns>
public static bool operator !=(PCCRYPT_OID_INFO h1, PCCRYPT_OID_INFO h2) => !(h1 == h2);
/// <summary>Implements the operator ==.</summary>
/// <param name="h1">The first handle.</param>
/// <param name="h2">The second handle.</param>
/// <returns>The result of the operator.</returns>
public static bool operator ==(PCCRYPT_OID_INFO h1, PCCRYPT_OID_INFO h2) => h1.Equals(h2);
/// <inheritdoc/>
public override bool Equals(object obj) => obj is PCCRYPT_OID_INFO h ? handle == h.handle : false;
/// <inheritdoc/>
public override int GetHashCode() => handle.GetHashCode();
/// <inheritdoc/>
public IntPtr DangerousGetHandle() => handle;
}
/// <summary>Definitions of various algorithm object identifiers RSA</summary>
[PInvokeData("wincrypt.h")]
public static class AlgOID

424
PInvoke/Cryptography/Crypt32/Wincrypt.Obj.cs
View File

@ -1,5 +1,6 @@
using System;
using System.Runtime.InteropServices;
using Vanara.InteropServices;
namespace Vanara.PInvoke
{
@ -70,25 +71,6 @@ namespace Vanara.PInvoke
CRYPT_DECODE_ENABLE_IA5CONVERSION_FLAG = CRYPT_DECODE_ENABLE_PUNYCODE_FLAG | CRYPT_DECODE_ENABLE_UTF8PERCENT_FLAG,
}
/// <summary>Flags for CryptDecrypt.</summary>
[PInvokeData("wincrypt.h", MSDNShortId = "7c3d2838-6fd1-4f6c-9586-8b94b459a31a")]
[Flags]
public enum CryptDecryptFlags
{
/// <summary>
/// Use Optimal Asymmetric Encryption Padding (OAEP) (PKCS #1 version 2). This flag is only supported by the Microsoft Enhanced
/// Cryptographic Provider with RSA encryption/decryption. This flag cannot be combined with the
/// CRYPT_DECRYPT_RSA_NO_PADDING_CHECK flag.
/// </summary>
CRYPT_OAEP = 0x00000040,
/// <summary>
/// Perform the decryption on the BLOB without checking the padding. This flag is only supported by the Microsoft Enhanced
/// Cryptographic Provider with RSA encryption/decryption. This flag cannot be combined with the CRYPT_OAEP flag.
/// </summary>
CRYPT_DECRYPT_RSA_NO_PADDING_CHECK = 0x00000020,
}
/// <summary>Specifies options for the encoding.</summary>
[PInvokeData("wincrypt.h", MSDNShortId = "45134db8-059b-43d3-90c2-9b6cc970fca0")]
[Flags]
@ -139,19 +121,6 @@ namespace Vanara.PInvoke
CRYPT_ENCODE_ENABLE_IA5CONVERSION_FLAG = CRYPT_ENCODE_ENABLE_PUNYCODE_FLAG | CRYPT_ENCODE_ENABLE_UTF8PERCENT_FLAG,
}
/// <summary>Flags for CryptEncrypt.</summary>
[PInvokeData("wincrypt.h", MSDNShortId = "697c4960-552b-4c3a-95cf-4632af56945b")]
[Flags]
public enum CryptEncryptFlags
{
/// <summary>
/// Use Optimal Asymmetric Encryption Padding (OAEP) (PKCS #1 version 2). This flag is only supported by the Microsoft Enhanced
/// Cryptographic Provider with RSA encryption/decryption. This flag cannot be combined with the
/// CRYPT_DECRYPT_RSA_NO_PADDING_CHECK flag.
/// </summary>
CRYPT_OAEP = 0x00000040,
}
/// <summary>
/// The <c>CryptDecodeObject</c> function decodes a structure of the type indicated by the lpszStructType parameter. The use of
/// CryptDecodeObjectEx is recommended as an API that performs the same function with significant performance improvements.
@ -308,7 +277,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "7d5ed4f4-9d76-4a16-9059-27b0edd83459")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptDecodeObject(CertEncodingType dwCertEncodingType, [MarshalAs(UnmanagedType.LPStr)] string lpszStructType, [In] IntPtr pbEncoded, uint cbEncoded,
public static extern bool CryptDecodeObject(CertEncodingType dwCertEncodingType, [In] SafeOID lpszStructType, [In] IntPtr pbEncoded, uint cbEncoded,
CryptDecodeFlags dwFlags, [Out] IntPtr pvStructInfo, ref uint pcbStructInfo);
/// <summary>
@ -621,7 +590,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "bf1935f0-1ab0-4068-9ed5-8fbb2c286b8a")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptDecodeObjectEx(CertEncodingType dwCertEncodingType, [MarshalAs(UnmanagedType.LPStr)] string lpszStructType, [In] IntPtr pbEncoded, uint cbEncoded,
public static extern bool CryptDecodeObjectEx(CertEncodingType dwCertEncodingType, [In] SafeOID lpszStructType, [In] IntPtr pbEncoded, uint cbEncoded,
CryptDecodeFlags dwFlags, in CRYPT_DECODE_PARA pDecodePara, [Out] IntPtr pvStructInfo, ref uint pcbStructInfo);
/// <summary>
@ -934,184 +903,9 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "bf1935f0-1ab0-4068-9ed5-8fbb2c286b8a")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptDecodeObjectEx(CertEncodingType dwCertEncodingType, [MarshalAs(UnmanagedType.LPStr)] string lpszStructType, [In] IntPtr pbEncoded, uint cbEncoded,
public static extern bool CryptDecodeObjectEx(CertEncodingType dwCertEncodingType, [In] SafeOID lpszStructType, [In] IntPtr pbEncoded, uint cbEncoded,
CryptDecodeFlags dwFlags, [In, Optional] IntPtr pDecodePara, [Out] IntPtr pvStructInfo, ref uint pcbStructInfo);
/// <summary>
/// Important changes to support Secure/Multipurpose Internet Mail Extensions (S/MIME) email interoperability have been made to
/// CryptoAPI that affect the handling of enveloped messages. For more information, see the Remarks section of CryptMsgOpenToEncode.
/// </summary>
/// <param name="hKey">
/// <para>
/// A handle to the key to use for the decryption. An application obtains this handle by using either the CryptGenKey or
/// CryptImportKey function.
/// </para>
/// <para>This key specifies the decryption algorithm to be used.</para>
/// </param>
/// <param name="hHash">
/// <para>
/// A handle to a hash object. If data is to be decrypted and hashed simultaneously, a handle to a hash object is passed in this
/// parameter. The hash value is updated with the decrypted plaintext. This option is useful when simultaneously decrypting and
/// verifying a signature.
/// </para>
/// <para>
/// Before calling <c>CryptDecrypt</c>, the application must obtain a handle to the hash object by calling the CryptCreateHash
/// function. After the decryption is complete, the hash value can be obtained by using the CryptGetHashParam function, it can also
/// be signed by using the CryptSignHash function, or it can be used to verify a digital signature by using the CryptVerifySignature function.
/// </para>
/// <para>If no hash is to be done, this parameter must be zero.</para>
/// </param>
/// <param name="Final">
/// A Boolean value that specifies whether this is the last section in a series being decrypted. This value is <c>TRUE</c> if this
/// is the last or only block. If this is not the last block, this value is <c>FALSE</c>. For more information, see Remarks.
/// </param>
/// <param name="dwFlags">
/// <para>The following flag values are defined.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CRYPT_OAEP 0x00000040</term>
/// <term>
/// Use Optimal Asymmetric Encryption Padding (OAEP) (PKCS #1 version 2). This flag is only supported by the Microsoft Enhanced
/// Cryptographic Provider with RSA encryption/decryption. This flag cannot be combined with the CRYPT_DECRYPT_RSA_NO_PADDING_CHECK flag.
/// </term>
/// </item>
/// <item>
/// <term>CRYPT_DECRYPT_RSA_NO_PADDING_CHECK 0x00000020</term>
/// <term>
/// Perform the decryption on the BLOB without checking the padding. This flag is only supported by the Microsoft Enhanced
/// Cryptographic Provider with RSA encryption/decryption. This flag cannot be combined with the CRYPT_OAEP flag.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="pbData">
/// <para>
/// A pointer to a buffer that contains the data to be decrypted. After the decryption has been performed, the plaintext is placed
/// back into this same buffer.
/// </para>
/// <para>The number of encrypted bytes in this buffer is specified by pdwDataLen.</para>
/// </param>
/// <param name="pdwDataLen">
/// <para>
/// A pointer to a <c>DWORD</c> value that indicates the length of the pbData buffer. Before calling this function, the calling
/// application sets the <c>DWORD</c> value to the number of bytes to be decrypted. Upon return, the <c>DWORD</c> value contains the
/// number of bytes of the decrypted plaintext.
/// </para>
/// <para>
/// When a block cipher is used, this data length must be a multiple of the block size unless this is the final section of data to
/// be decrypted and the Final parameter is <c>TRUE</c>.
/// </para>
/// </param>
/// <returns>
/// <para>If the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
/// <para>If the function fails, it returns zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
/// <para>The error codes prefaced by NTE are generated by the particular CSP being used. Some possible error codes follow.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>ERROR_INVALID_HANDLE</term>
/// <term>One of the parameters specifies a handle that is not valid.</term>
/// </item>
/// <item>
/// <term>ERROR_INVALID_PARAMETER</term>
/// <term>One of the parameters contains a value that is not valid. This is most often a pointer that is not valid.</term>
/// </item>
/// <item>
/// <term>NTE_BAD_ALGID</term>
/// <term>The hKey session key specifies an algorithm that this CSP does not support.</term>
/// </item>
/// <item>
/// <term>NTE_BAD_DATA</term>
/// <term>
/// The data to be decrypted is not valid. For example, when a block cipher is used and the Final flag is FALSE, the value specified
/// by pdwDataLen must be a multiple of the block size. This error can also be returned when the padding is found to be not valid.
/// </term>
/// </item>
/// <item>
/// <term>NTE_BAD_FLAGS</term>
/// <term>The dwFlags parameter is nonzero.</term>
/// </item>
/// <item>
/// <term>NTE_BAD_HASH</term>
/// <term>The hHash parameter contains a handle that is not valid.</term>
/// </item>
/// <item>
/// <term>NTE_BAD_KEY</term>
/// <term>The hKey parameter does not contain a valid handle to a key.</term>
/// </item>
/// <item>
/// <term>NTE_BAD_LEN</term>
/// <term>The size of the output buffer is too small to hold the generated plaintext.</term>
/// </item>
/// <item>
/// <term>NTE_BAD_UID</term>
/// <term>The CSP context that was specified when the key was created cannot be found.</term>
/// </item>
/// <item>
/// <term>NTE_DOUBLE_ENCRYPT</term>
/// <term>The application attempted to decrypt the same data twice.</term>
/// </item>
/// <item>
/// <term>NTE_FAIL</term>
/// <term>The function failed in some unexpected way.</term>
/// </item>
/// </list>
/// </returns>
/// <remarks>
/// <para>
/// If a large amount of data is to be decrypted, it can be done in sections by calling <c>CryptDecrypt</c> repeatedly. The Final
/// parameter must be set to <c>TRUE</c> only on the last call to <c>CryptDecrypt</c>, so that the decryption engine can properly
/// finish the decryption process. The following extra actions are performed when Final is <c>TRUE</c>:
/// </para>
/// <list type="bullet">
/// <item>
/// <term>
/// If the key is a block cipher key, the data is padded to a multiple of the block size of the cipher. To find the block size of a
/// cipher, use CryptGetKeyParam to get the KP_BLOCKLEN value of the key.
/// </term>
/// </item>
/// <item>
/// <term>
/// If the cipher is operating in a chaining mode, the next <c>CryptDecrypt</c> operation resets the cipher's feedback register to
/// the KP_IV value of the key.
/// </term>
/// </item>
/// <item>
/// <term>If the cipher is a stream cipher, the next <c>CryptDecrypt</c> call resets the cipher to its initial state.</term>
/// </item>
/// </list>
/// <para>
/// There is no way to set the cipher's feedback register to the KP_IV value of the key without setting the Final parameter to
/// <c>TRUE</c>. If this is necessary, as in the case where you do not want to add an additional padding block or change the size of
/// each block, you can simulate this by creating a duplicate of the original key by using the CryptDuplicateKey function, and
/// passing the duplicate key to the <c>CryptDecrypt</c> function. This causes the KP_IV of the original key to be placed in the
/// duplicate key. After you create or import the original key, you cannot use the original key for encryption because the feedback
/// register of the key will be changed. The following pseudocode shows how this can be done.
/// </para>
/// <para>
/// The Microsoft Enhanced Cryptographic Provider supports direct encryption with RSA public keys and decryption with RSA private
/// keys. The encryption uses PKCS #1 padding. On decryption, this padding is verified. The length of ciphertext data to be
/// decrypted must be the same length as the modulus of the RSA key used to decrypt the data. If the ciphertext has zeros in the
/// most significant bytes, these bytes must be included in the input data buffer and in the input buffer length. The ciphertext
/// must be in little-endian format.
/// </para>
/// <para>Examples</para>
/// <para>For an example that uses this function, see Example C Program: Decrypting a File.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptdecrypt BOOL CryptDecrypt( HCRYPTKEY hKey,
// HCRYPTHASH hHash, BOOL Final, DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen );
[DllImport(Lib.AdvApi32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "7c3d2838-6fd1-4f6c-9586-8b94b459a31a")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptDecrypt(HCRYPTKEY hKey, HCRYPTHASH hHash, [MarshalAs(UnmanagedType.Bool)] bool Final, CryptDecryptFlags dwFlags, [In, Out] IntPtr pbData, ref uint pdwDataLen);
/// <summary>
/// The <c>CryptEncodeObject</c> function encodes a structure of the type indicated by the value of the lpszStructType parameter.
/// The use of CryptEncodeObjectEx is recommended as an API that performs the same function with significant performance improvements.
@ -1219,7 +1013,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "9576a2a7-4379-4c1b-8ad5-284720cf7ccc")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptEncodeObject(CertEncodingType dwCertEncodingType, [MarshalAs(UnmanagedType.LPStr)] string lpszStructType, [In] IntPtr pvStructInfo, [Out] IntPtr pbEncoded, ref uint pcbEncoded);
public static extern bool CryptEncodeObject(CertEncodingType dwCertEncodingType, [In] SafeOID lpszStructType, [In] IntPtr pvStructInfo, [Out] IntPtr pbEncoded, ref uint pcbEncoded);
/// <summary>
/// The <c>CryptEncodeObjectEx</c> function encodes a structure of the type indicated by the value of the lpszStructType parameter.
@ -1538,215 +1332,9 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "45134db8-059b-43d3-90c2-9b6cc970fca0")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptEncodeObjectEx(CertEncodingType dwCertEncodingType, [MarshalAs(UnmanagedType.LPStr)] string lpszStructType, [In] IntPtr pvStructInfo,
public static extern bool CryptEncodeObjectEx(CertEncodingType dwCertEncodingType, [In] SafeOID lpszStructType, [In] IntPtr pvStructInfo,
CryptEncodeFlags dwFlags, in CRYPT_ENCODE_PARA pEncodePara, [Out] IntPtr pvEncoded, ref uint pcbEncoded);
/// <summary>
/// <para>
/// Important changes to support Secure/Multipurpose Internet Mail Extensions (S/MIME) email interoperability have been made to
/// CryptoAPI that affect the handling of enveloped messages. For more information, see the Remarks section of CryptMsgOpenToEncode.
/// </para>
/// <para>
/// <c>Important</c> The <c>CryptEncrypt</c> function is not guaranteed to be thread safe and may return incorrect results if
/// invoked simultaneously by multiple callers.
/// </para>
/// </summary>
/// <param name="hKey">
/// <para>
/// A handle to the encryption key. An application obtains this handle by using either the CryptGenKey or the CryptImportKey function.
/// </para>
/// <para>The key specifies the encryption algorithm used.</para>
/// </param>
/// <param name="hHash">
/// <para>
/// A handle to a hash object. If data is to be hashed and encrypted simultaneously, a handle to a hash object can be passed in the
/// hHash parameter. The hash value is updated with the plaintext passed in. This option is useful when generating signed and
/// encrypted text.
/// </para>
/// <para>
/// Before calling <c>CryptEncrypt</c>, the application must obtain a handle to the hash object by calling the CryptCreateHash
/// function. After the encryption is complete, the hash value can be obtained by using the CryptGetHashParam function, or the hash
/// can be signed by using the CryptSignHash function.
/// </para>
/// <para>If no hash is to be done, this parameter must be <c>NULL</c>.</para>
/// </param>
/// <param name="Final">
/// A Boolean value that specifies whether this is the last section in a series being encrypted. Final is set to <c>TRUE</c> for the
/// last or only block and to <c>FALSE</c> if there are more blocks to be encrypted. For more information, see Remarks.
/// </param>
/// <param name="dwFlags">
/// <para>The following dwFlags value is defined but reserved for future use.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CRYPT_OAEP</term>
/// <term>
/// Use Optimal Asymmetric Encryption Padding (OAEP) (PKCS #1 version 2). This flag is only supported by the Microsoft Enhanced
/// Cryptographic Provider with RSA encryption/decryption.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="pbData">
/// <para>
/// A pointer to a buffer that contains the plaintext to be encrypted. The plaintext in this buffer is overwritten with the
/// ciphertext created by this function.
/// </para>
/// <para>
/// The pdwDataLen parameter points to a variable that contains the length, in bytes, of the plaintext. The dwBufLen parameter
/// contains the total size, in bytes, of this buffer.
/// </para>
/// <para>
/// If this parameter contains <c>NULL</c>, this function will calculate the required size for the ciphertext and place that in the
/// value pointed to by the pdwDataLen parameter.
/// </para>
/// </param>
/// <param name="pdwDataLen">
/// <para>
/// A pointer to a <c>DWORD</c> value that , on entry, contains the length, in bytes, of the plaintext in the pbData buffer. On
/// exit, this <c>DWORD</c> contains the length, in bytes, of the ciphertext written to the pbData buffer.
/// </para>
/// <para>
/// If the buffer allocated for pbData is not large enough to hold the encrypted data, GetLastError returns <c>ERROR_MORE_DATA</c>
/// and stores the required buffer size, in bytes, in the <c>DWORD</c> value pointed to by pdwDataLen.
/// </para>
/// <para>
/// If pbData is <c>NULL</c>, no error is returned, and the function stores the size of the encrypted data, in bytes, in the
/// <c>DWORD</c> value pointed to by pdwDataLen. This allows an application to determine the correct buffer size.
/// </para>
/// <para>
/// When a block cipher is used, this data length must be a multiple of the block size unless this is the final section of data to
/// be encrypted and the Final parameter is <c>TRUE</c>.
/// </para>
/// </param>
/// <param name="dwBufLen">
/// <para>Specifies the total size, in bytes, of the input pbData buffer.</para>
/// <para>
/// Note that, depending on the algorithm used, the encrypted text can be larger than the original plaintext. In this case, the
/// pbData buffer needs to be large enough to contain the encrypted text and any padding.
/// </para>
/// <para>
/// As a rule, if a stream cipher is used, the ciphertext is the same size as the plaintext. If a block cipher is used, the
/// ciphertext is up to a block length larger than the plaintext.
/// </para>
/// </param>
/// <returns>
/// <para>If the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
/// <para>If the function fails, it returns zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
/// <para>The error codes prefaced by NTE are generated by the particular CSP being used. Some possible error codes follow.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>ERROR_INVALID_HANDLE</term>
/// <term>One of the parameters specifies a handle that is not valid.</term>
/// </item>
/// <item>
/// <term>ERROR_INVALID_PARAMETER</term>
/// <term>One of the parameters contains a value that is not valid. This is most often a pointer that is not valid.</term>
/// </item>
/// <item>
/// <term>NTE_BAD_ALGID</term>
/// <term>The hKey session key specifies an algorithm that this CSP does not support.</term>
/// </item>
/// <item>
/// <term>NTE_BAD_DATA</term>
/// <term>
/// The data to be encrypted is not valid. For example, when a block cipher is used and the Final flag is FALSE, the value specified
/// by pdwDataLen must be a multiple of the block size.
/// </term>
/// </item>
/// <item>
/// <term>NTE_BAD_FLAGS</term>
/// <term>The dwFlags parameter is nonzero.</term>
/// </item>
/// <item>
/// <term>NTE_BAD_HASH</term>
/// <term>The hHash parameter contains a handle that is not valid.</term>
/// </item>
/// <item>
/// <term>NTE_BAD_HASH_STATE</term>
/// <term>An attempt was made to add data to a hash object that is already marked "finished."</term>
/// </item>
/// <item>
/// <term>NTE_BAD_KEY</term>
/// <term>The hKey parameter does not contain a valid handle to a key.</term>
/// </item>
/// <item>
/// <term>NTE_BAD_LEN</term>
/// <term>The size of the output buffer is too small to hold the generated ciphertext.</term>
/// </item>
/// <item>
/// <term>NTE_BAD_UID</term>
/// <term>The CSP context that was specified when the key was created cannot be found.</term>
/// </item>
/// <item>
/// <term>NTE_DOUBLE_ENCRYPT</term>
/// <term>The application attempted to encrypt the same data twice.</term>
/// </item>
/// <item>
/// <term>NTE_FAIL</term>
/// <term>The function failed in some unexpected way.</term>
/// </item>
/// <item>
/// <term>NTE_NO_MEMORY</term>
/// <term>The CSP ran out of memory during the operation.</term>
/// </item>
/// </list>
/// </returns>
/// <remarks>
/// <para>
/// If a large amount of data is to be encrypted, it can be done in sections by calling <c>CryptEncrypt</c> repeatedly. The Final
/// parameter must be set to <c>TRUE</c> on the last call to <c>CryptEncrypt</c>, so that the encryption engine can properly finish
/// the encryption process. The following extra actions are performed when Final is <c>TRUE</c>:
/// </para>
/// <list type="bullet">
/// <item>
/// <term>
/// If the key is a block cipher key, the data is padded to a multiple of the block size of the cipher. If the data length equals
/// the block size of the cipher, one additional block of padding is appended to the data. To find the block size of a cipher, use
/// CryptGetKeyParam to get the KP_BLOCKLEN value of the key.
/// </term>
/// </item>
/// <item>
/// <term>
/// If the cipher is operating in a chaining mode, the next <c>CryptEncrypt</c> operation resets the cipher's feedback register to
/// the KP_IV value of the key.
/// </term>
/// </item>
/// <item>
/// <term>If the cipher is a stream cipher, the next <c>CryptEncrypt</c> resets the cipher to its initial state.</term>
/// </item>
/// </list>
/// <para>
/// There is no way to set the cipher's feedback register to the KP_IV value of the key without setting the Final parameter to
/// <c>TRUE</c>. If this is necessary, as in the case where you do not want to add an additional padding block or change the size of
/// each block, you can simulate this by creating a duplicate of the original key by using the CryptDuplicateKey function, and
/// passing the duplicate key to the <c>CryptEncrypt</c> function. This causes the KP_IV of the original key to be placed in the
/// duplicate key. After you create or import the original key, you cannot use the original key for encryption because the feedback
/// register of the key will be changed. The following pseudocode shows how this can be done.
/// </para>
/// <para>
/// The Microsoft Enhanced Cryptographic Provider supports direct encryption with RSA public keys and decryption with RSA private
/// keys. The encryption uses PKCS #1 padding. On decryption, this padding is verified. The length of plaintext data that can be
/// encrypted with a call to <c>CryptEncrypt</c> with an RSA key is the length of the key modulus minus eleven bytes. The eleven
/// bytes is the chosen minimum for PKCS #1 padding. The ciphertext is returned in little-endian format.
/// </para>
/// <para>Examples</para>
/// <para>For examples that use this function, see Example C Program: Encrypting a File and Example C Program: Decrypting a File.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptencrypt BOOL CryptEncrypt( HCRYPTKEY hKey,
// HCRYPTHASH hHash, BOOL Final, DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen, DWORD dwBufLen );
[DllImport(Lib.AdvApi32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "697c4960-552b-4c3a-95cf-4632af56945b")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptEncrypt(HCRYPTKEY hKey, HCRYPTHASH hHash, [MarshalAs(UnmanagedType.Bool)] bool Final, CryptEncryptFlags dwFlags, [In, Out] IntPtr pbData, ref uint pdwDataLen, uint dwBufLen);
/// <summary>
/// The <c>CRYPT_DECODE_PARA</c> structure is used by the CryptDecodeObjectEx function to provide access to memory allocation and
/// memory freeing callback functions.

135
PInvoke/Cryptography/Crypt32/Wincrypt.Prov.cs
View File

@ -10,63 +10,104 @@ namespace Vanara.PInvoke
/// <summary>Methods and data types found in Crypt32.dll.</summary>
public static partial class Crypt32
{
/// <summary>Well-known provider types.</summary>
public static class CryptProviderType
{
/// <summary/>
public const uint PROV_RSA_FULL = 1;
/// <summary/>
public const uint PROV_RSA_SIG = 2;
/// <summary/>
public const uint PROV_DSS = 3;
/// <summary/>
public const uint PROV_FORTEZZA = 4;
/// <summary/>
public const uint PROV_MS_EXCHANGE = 5;
/// <summary/>
public const uint PROV_SSL = 6;
/// <summary/>
public const uint PROV_RSA_SCHANNEL = 12;
/// <summary/>
public const uint PROV_DSS_DH = 13;
/// <summary/>
public const uint PROV_EC_ECDSA_SIG = 14;
/// <summary/>
public const uint PROV_EC_ECNRA_SIG = 15;
/// <summary/>
public const uint PROV_EC_ECDSA_FULL = 16;
/// <summary/>
public const uint PROV_EC_ECNRA_FULL = 17;
/// <summary/>
public const uint PROV_DH_SCHANNEL = 18;
/// <summary/>
public const uint PROV_SPYRUS_LYNKS = 20;
/// <summary/>
public const uint PROV_RNG = 21;
/// <summary/>
public const uint PROV_INTEL_SEC = 22;
/// <summary/>
public const uint PROV_REPLACE_OWF = 23;
/// <summary/>
public const uint PROV_RSA_AES = 24;
}
/*
CryptAcquireContext
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
CryptAcquireContext
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Acquires a handle to the current user's key container within a particular CSP.
CryptContextAddRef
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Acquires a handle to the current user's key container within a particular CSP.
CryptContextAddRef
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Increments the reference count on an HCRYPTPROV handle.
CryptEnumProviders
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Increments the reference count on an HCRYPTPROV handle.
CryptEnumProviders
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Enumerates the providers on a computer.
CryptEnumProviderTypes
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Enumerates the providers on a computer.
CryptEnumProviderTypes
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Enumerates the types of providers supported on the computer.
CryptGetDefaultProvider
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Enumerates the types of providers supported on the computer.
CryptGetDefaultProvider
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Determines the default CSP either for the current user or for the computer for a specified provider type.
CryptGetProvParam
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Determines the default CSP either for the current user or for the computer for a specified provider type.
CryptGetProvParam
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Retrieves the parameters that govern the operations of a CSP.
CryptInstallDefaultContext
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Retrieves the parameters that govern the operations of a CSP.
CryptInstallDefaultContext
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Installs a previously acquired HCRYPTPROV context to be used as a default context.
CryptReleaseContext
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Installs a previously acquired HCRYPTPROV context to be used as a default context.
CryptReleaseContext
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Releases the handle acquired by the CryptAcquireContext function.
CryptSetProvider and CryptSetProviderEx
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Releases the handle acquired by the CryptAcquireContext function.
CryptSetProvider and CryptSetProviderEx
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Specifies the user default CSP for a particular CSP type.
CryptSetProvParam
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Specifies the user default CSP for a particular CSP type.
CryptSetProvParam
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Specifies attributes of a CSP.
CryptUninstallDefaultContext
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Specifies attributes of a CSP.
CryptUninstallDefaultContext
[!Important]
This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
Removes a default context previously installed by CryptInstallDefaultContext.
FreeCryptProvFromCertEx Releases the handle either to a cryptographic service provider (CSP) or to a Cryptography API: Next Generation (CNG) key.
*/
Removes a default context previously installed by CryptInstallDefaultContext.
FreeCryptProvFromCertEx Releases the handle either to a cryptographic service provider (CSP) or to a Cryptography API: Next Generation (CNG) key.
*/
}
}
}

2
PInvoke/Cryptography/Crypt32/Wincrypt.RevList.cs
View File

@ -1250,7 +1250,7 @@ namespace Vanara.PInvoke
/// <summary>Performs an explicit conversion from <see cref="SafePCCRL_CONTEXT"/> to <see cref="CRL_CONTEXT"/>.</summary>
/// <param name="ctx">The <see cref="SafePCCRL_CONTEXT"/> instance.</param>
/// <returns>The resulting <see cref="CRL_CONTEXT"/> instance from the conversion.</returns>
public static explicit operator CRL_CONTEXT(SafePCCRL_CONTEXT ctx) => ctx.DangerousGetHandle().ToStructure<CRL_CONTEXT>();
public static unsafe explicit operator CRL_CONTEXT*(SafePCCRL_CONTEXT ctx) => (CRL_CONTEXT*)(void*)ctx.handle;
/// <summary>Performs an implicit conversion from <see cref="SafePCCRL_CONTEXT"/> to <see cref="PCCRL_CONTEXT"/>.</summary>
/// <param name="ctx">The <see cref="SafePCCRL_CONTEXT"/> instance.</param>

787
PInvoke/Cryptography/Crypt32/Wincrypt.Store.cs
View File

@ -1,5 +1,6 @@
using System;
using System.Runtime.InteropServices;
using Vanara.InteropServices;
namespace Vanara.PInvoke
{
@ -519,6 +520,43 @@ namespace Vanara.PInvoke
/// The system will unbind the LDAP session by using the ldap_unbind function when the store is closed.
/// </summary>
CERT_LDAP_STORE_UNBIND_FLAG = 0x80000,
/// <summary>Stores at the registry location <c>HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates</c>.</summary>
CERT_SYSTEM_STORE_CURRENT_USER = CertSystemStore.CERT_SYSTEM_STORE_CURRENT_USER,
/// <summary>Stores at the registry location <c>HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates</c>.</summary>
CERT_SYSTEM_STORE_LOCAL_MACHINE = CertSystemStore.CERT_SYSTEM_STORE_LOCAL_MACHINE,
/// <summary>Stores at the registry location <c>HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Services\ServiceName\SystemCertificates</c>.</summary>
CERT_SYSTEM_STORE_CURRENT_SERVICE = CertSystemStore.CERT_SYSTEM_STORE_CURRENT_SERVICE,
/// <summary>
/// Stores at the registry location
/// <c>HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Services\ServiceName\SystemCertificates</c> and with keys starting
/// with [ServiceName].
/// </summary>
CERT_SYSTEM_STORE_SERVICES = CertSystemStore.CERT_SYSTEM_STORE_SERVICES,
/// <summary>
/// Stores at the registry location <c>HKEY_USERS\UserName\Software\Microsoft\SystemCertificates</c> and with keys starting with [userid].
/// </summary>
CERT_SYSTEM_STORE_USERS = CertSystemStore.CERT_SYSTEM_STORE_USERS,
/// <summary>Stores at the registry location <c>HKEY_CURRENT_USER\Software\Policy\Microsoft\SystemCertificates</c>.</summary>
CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY = CertSystemStore.CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY,
/// <summary>Stores at the registry location <c>HKEY_LOCAL_MACHINE\Software\Policy\Microsoft\SystemCertificates</c>.</summary>
CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY = CertSystemStore.CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY,
/// <summary>
/// CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE contains certificates shared across domains in the enterprise and downloaded from
/// the global enterprise directory. To synchronize the client's enterprise store, the enterprise directory is polled every
/// eight hours and certificates are downloaded automatically in the background.
/// </summary>
CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE = CertSystemStore.CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE,
/// <summary/>
CERT_SYSTEM_STORE_LOCAL_MACHINE_WCOS = CertSystemStore.CERT_SYSTEM_STORE_LOCAL_MACHINE_WCOS,
}
/// <summary>Specifies how to save the certificate store.</summary>
@ -871,7 +909,184 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "2726cd34-51ba-4f68-9a3c-7cd505eb32a1")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertAddSerializedElementToStore(HCERTSTORE hCertStore, [In] IntPtr pbElement, uint cbElement, CertStoreAdd dwAddDisposition, [Optional] uint dwFlags, CertStoreContextFlags dwContextTypeFlags, out CertStoreContextType pdwContextType, [Optional] IntPtr ppvContext);
public static extern bool CertAddSerializedElementToStore([Optional] HCERTSTORE hCertStore, [In] IntPtr pbElement, uint cbElement, CertStoreAdd dwAddDisposition, [Optional] uint dwFlags, CertStoreContextFlags dwContextTypeFlags, out CertStoreContextType pdwContextType, out IntPtr ppvContext);
/// <summary>
/// The <c>CertAddSerializedElementToStore</c> function adds a serialized certificate, certificate revocation list (CRL), or
/// certificate trust list (CTL) element to the store. The serialized element contains the encoded certificate, CRL, or CTL and its
/// extended properties. Extended properties are associated with a certificate and are not part of a certificate as issued by a
/// certification authority. Extended properties are not available on a certificate when it is used on a non-Microsoft platform.
/// </summary>
/// <param name="hCertStore">
/// The handle of a certificate store where the created certificate will be stored. If hCertStore is <c>NULL</c>, the function
/// creates a copy of a certificate, CRL, or CTL context with its extended properties, but the certificate, CRL, or CTL is not
/// persisted in any store.
/// </param>
/// <param name="pbElement">
/// A pointer to a buffer that contains the certificate, CRL, or CTL information to be serialized and added to the certificate store.
/// </param>
/// <param name="cbElement">The size, in bytes, of the pbElement buffer.</param>
/// <param name="dwAddDisposition">
/// <para>
/// Specifies the action to take if the certificate, CRL, or CTL already exists in the store. Currently defined disposition values
/// are shown in the following table.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_STORE_ADD_NEW</term>
/// <term>
/// If the certificate, CRL, or CTL is new, it is created and persisted to the store. The operation fails if an identical
/// certificate, CRL, or CTL already exists in the store. The last error code is set to CRYPT_E_EXISTS.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_USE_EXISTING</term>
/// <term>
/// If the certificate, CRL, or CTL is new, it is added to the store. If an identical certificate, CRL, or CTL already exists, the
/// existing element is used. If ppvContext is not NULL, the existing context is duplicated. The function only adds properties that
/// do not already exist. The SHA-1 and MD5 hash properties are not copied.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_REPLACE_EXISTING</term>
/// <term>
/// If an identical certificate, CRL, or CTL already exists in the store, the existing certificate, CRL, or CTL context is deleted
/// before creating and adding the new context.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_ALWAYS</term>
/// <term>
/// No check is made to determine whether an identical certificate, CRL, or CTL already exists. A new element is always created.
/// This can lead to duplicates in the store. To determine whether the element already exists in the store, call CertGetCRLFromStore
/// or CertGetSubjectCertificateFromStore.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_NEWER</term>
/// <term>
/// If a matching CRL or CTL or a link to a matching CRL or CTL exists, the function compares the NotBefore times on the CRL or CTL.
/// If the existing CRL or CTL has a NotBefore time less than the NotBefore time on the new element, the old element or link is
/// replaced just as with CERT_STORE_ADD_REPLACE_EXISTING. If the existing element has a NotBefore time greater than or equal to the
/// NotBefore time on the element to be added, the function fails with GetLastError returning the CRYPT_E_EXISTS code. If a matching
/// CRL or CTL or a link to a matching CRL or CTL is not found in the store, a new element is added to the store.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES</term>
/// <term>
/// The action is the same as for CERT_STORE_ADD_NEWER. However, if an older CRL or CTL is replaced, the properties of the older
/// element are incorporated into the replacement.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES</term>
/// <term>
/// If a matching certificate exists in the store, the existing context is deleted before creating and adding the new context. The
/// new added context inherits properties from the existing certificate.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="dwFlags">Reserved for future use and must be zero.</param>
/// <param name="dwContextTypeFlags">
/// <para>
/// Specifics the contexts that can be added. For example, to add either a certificate, CRL, or CTL, set dwContextTypeFlags to
/// <c>CERT_STORE_CERTIFICATE_CONTEXT_FLAG</c> or <c>CERT_STORE_CRL_CONTEXT_FLAG</c>.
/// </para>
/// <para>Currently defined context type flags are shown in the following table.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_STORE_ALL_CONTEXT_FLAG</term>
/// <term>Adds any context.</term>
/// </item>
/// <item>
/// <term>CERT_STORE_CERTIFICATE_CONTEXT_FLAG</term>
/// <term>Adds only a certificate context.</term>
/// </item>
/// <item>
/// <term>CERT_STORE_CRL_CONTEXT_FLAG</term>
/// <term>Adds only a CRL context.</term>
/// </item>
/// <item>
/// <term>CERT_STORE_CTL_CONTEXT_FLAG</term>
/// <term>Adds only a CTL context.</term>
/// </item>
/// </list>
/// </param>
/// <param name="pdwContextType">
/// <para>
/// A pointer to the context type of the added serialized element. This is an optional parameter and can be <c>NULL</c>, which
/// indicates that the calling application does not require the context type.
/// </para>
/// <para>Currently defined context types are shown in the following table.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_STORE_CERTIFICATE_CONTEXT</term>
/// <term>Certificates</term>
/// </item>
/// <item>
/// <term>CERT_STORE_CRL_CONTEXT</term>
/// <term>CRLs</term>
/// </item>
/// <item>
/// <term>CERT_STORE_CTL_CONTEXT</term>
/// <term>CTLs</term>
/// </item>
/// </list>
/// </param>
/// <param name="ppvContext">
/// <para>
/// A pointer to a pointer to the decoded certificate, CRL, or CTL context. This is an optional parameter and can be <c>NULL</c>,
/// which indicates that the calling application does not require the context of the added or existing certificate, CRL, or CTL.
/// </para>
/// <para>
/// If ppvContext is not <c>NULL</c>, it must be the address of a pointer to a CERT_CONTEXT, CRL_CONTEXT, or CTL_CONTEXT. When the
/// application is finished with the context, the context must be freed by using CertFreeCertificateContext for a certificate,
/// CertFreeCRLContext for a CRL, or CertFreeCTLContext for a CTL.
/// </para>
/// </param>
/// <returns>
/// <para>If the function succeeds, the function returns nonzero.</para>
/// <para>If the function fails, it returns zero. For extended error information, call GetLastError. Some possible error codes follow.</para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>CRYPT_E_EXISTS</term>
/// <term>If the dwAddDisposition parameter is set to CERT_STORE_ADD_NEW, the certificate, CRL, or CTL already exists in the store.</term>
/// </item>
/// <item>
/// <term>E_INVALIDARG</term>
/// <term>A disposition value that is not valid was specified in the dwAddDisposition parameter.</term>
/// </item>
/// </list>
/// <para>
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
/// </para>
/// </returns>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddserializedelementtostore BOOL
// CertAddSerializedElementToStore( HCERTSTORE hCertStore, const BYTE *pbElement, DWORD cbElement, DWORD dwAddDisposition, DWORD
// dwFlags, DWORD dwContextTypeFlags, DWORD *pdwContextType, const void **ppvContext );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "2726cd34-51ba-4f68-9a3c-7cd505eb32a1")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertAddSerializedElementToStore([Optional] HCERTSTORE hCertStore, [In] IntPtr pbElement, uint cbElement, CertStoreAdd dwAddDisposition, [Optional] uint dwFlags, CertStoreContextFlags dwContextTypeFlags, IntPtr pdwContextType = default, IntPtr ppvContext = default);
/// <summary>
/// The <c>CertAddStoreToCollection</c> function adds a sibling certificate store to a collection certificate store. When a
@ -2332,7 +2547,518 @@ namespace Vanara.PInvoke
// lpszStoreProvider, DWORD dwEncodingType, HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const void *pvPara );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "4edccbfe-c0a8-442b-b6b7-51ef598e7c90")]
public static extern SafeHCERTSTORE CertOpenStore([MarshalAs(UnmanagedType.LPStr)] string lpszStoreProvider, CertEncodingType dwEncodingType, [Optional] HCRYPTPROV hCryptProv, CertStoreFlags dwFlags, [Optional] IntPtr pvPara);
public static extern SafeHCERTSTORE CertOpenStore([In] SafeOID lpszStoreProvider, CertEncodingType dwEncodingType, [Optional] HCRYPTPROV hCryptProv, CertStoreFlags dwFlags, [Optional] IntPtr pvPara);
/// <summary>
/// The <c>CertOpenStore</c> function opens a certificate store by using a specified store provider type. While this function can
/// open a certificate store for most purposes, CertOpenSystemStore is recommended to open the most common certificate stores.
/// <c>CertOpenStore</c> is required for more complex options and special cases.
/// </summary>
/// <param name="lpszStoreProvider">
/// <para>A pointer to a null-terminated ANSI string that contains the store provider type.</para>
/// <para>
/// The following values represent the predefined store types. The store provider type determines the contents of the pvPara
/// parameter and the use and meaning of the high word of the dwFlags parameter. Additional store providers can be installed or
/// registered by using the CryptInstallOIDFunctionAddress or CryptRegisterOIDFunction function. For more information about adding
/// store providers, see Extending CertOpenStore Functionality.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_STORE_PROV_COLLECTION sz_CERT_STORE_PROV_COLLECTION</term>
/// <term>
/// Opens a store that will be a collection of other stores. Stores are added to or removed from the collection by using
/// CertAddStoreToCollection and CertRemoveStoreFromCollection. When a store is added to a collection, all certificates, CRLs, and
/// CTLs in that store become available to searches or enumerations of the collection store. The high word of dwFlags is set to
/// zero. pvPara value: The pvPara parameter must be NULL.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_PROV_FILE</term>
/// <term>
/// Initializes the store with certificates, CRLs, and CTLs read from a specified open file. This provider expects the file to
/// contain only a serialized store and not either PKCS #7 signed messages or a single encoded certificate. The file pointer must be
/// positioned at the beginning of the serialized store information. After the data in the serialized store has been loaded into the
/// certificate store, the file pointer is positioned at the beginning of any data that can follow the serialized store data in the
/// file. If CERT_FILE_STORE_COMMIT_ENABLE is set in dwFlags, the file handle is duplicated and the store is always committed as a
/// serialized store. The file is not closed when the store is closed. pvPara value: The pvPara parameter must contain a pointer to
/// the handle of a file opened by using CreateFile.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_PROV_FILENAME_A</term>
/// <term>
/// Initializes the store with certificates, CRLs, and CTLs from a file. The provider opens the file and first attempts to read the
/// file as a serialized store, then as a PKCS #7 signed message, and finally as a single encoded certificate. The dwEncodingType
/// parameter must contain the encoding types to be used with both messages and certificates. If the file contains an X.509 encoded
/// certificate, the open operation fails and a call to the GetLastError function will return ERROR_ACCESS_DENIED. If the
/// CERT_FILE_STORE_COMMIT_ENABLE flag is set in dwFlags, the dwCreationDisposition value passed to CreateFile is as follows: If
/// dwFlags includes CERT_FILE_STORE_COMMIT_ENABLE, the file is committed as either a PKCS #7 or a serialized store depending on the
/// file type opened. If the file was empty or if the file name has either a .p7c or .spc extension, the file is committed as a PKCS
/// #7. Otherwise, the file is committed as a serialized store. pvPara value: The pvPara parameter must contain a pointer to
/// null-terminated ANSI string that contains the name of an existing, unopened file.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_PROV_FILENAME(_W) sz_CERT_STORE_PROV_FILENAME(_W)</term>
/// <term>
/// Same as CERT_STORE_PROV_FILENAME_A. pvPara value: The pvPara parameter must contain a pointer to null-terminated Unicode string
/// that contains the name of an existing, unopened file.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_PROV_LDAP(_W) sz_CERT_STORE_PROV_LDAP(_W)</term>
/// <term>
/// Initializes the store with certificates, CRLs, and CTLs from the results of an LDAP query. To perform write operations on the
/// store, the query string must specify a BASE query with no filter and a single attribute. pvPara value: If the dwFlags parameter
/// contains CERT_LDAP_STORE_OPENED_FLAG, set pvPara to the address of a CERT_LDAP_STORE_OPENED_PARA structure that specifies the
/// established LDAP session to use. Otherwise, set pvPara to point to a null-terminated Unicode string that contains the LDAP query
/// string. For more information about LDAP query strings, see LDAP Dialect.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_PROV_MEMORY sz_CERT_STORE_PROV_MEMORY</term>
/// <term>
/// Creates a certificate store in cached memory. No certificates, certificate revocation lists (CRLs), or certificate trust lists
/// (CTLs) are initially loaded into the store. Typically used to create a temporary store. Any addition of certificates, CRLs, or
/// CTLs or changes in properties of certificates, CRLs, or CTLs in a memory store are not automatically saved. They can be saved to
/// a file or to a memory BLOB by using CertSaveStore. pvPara value: The pvPara parameter is not used.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_PROV_MSG</term>
/// <term>
/// Initializes the store with certificates, CRLs, and CTLs from the specified cryptographic message. The dwEncodingType parameter
/// must contain the encoding types used with both messages and certificates. pvPara value: The pvPara parameter contains an
/// HCRYPTMSG handle of the encoded message, returned by a call to CryptMsgOpenToDecode.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_PROV_PHYSICAL(_W) sz_CERT_STORE_PROV_PHYSICAL(_W)</term>
/// <term>
/// Initializes the store with certificates, CRLs, and CTLs from a specified physical store that is a member of a logical system
/// store. Two names are separated with an intervening backslash (), for example "Root.Default". Here, "Root" is the name of the
/// system store and ".Default" is the name of the physical store. The system and physical store names cannot contain any
/// backslashes. The high word of dwFlags indicates the system store location, usually CERT_SYSTEM_STORE_CURRENT_USER. For more
/// information, see dwFlags later in this topic and see System Store Locations. Some physical store locations can be opened
/// remotely. pvPara value: The pvPara parameter points to a null-terminated Unicode string that contains both the system store name
/// and physical names.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_PROV_PKCS7 sz_CERT_STORE_PROV_PKCS7</term>
/// <term>
/// Initializes the store with certificates, CRLs, and CTLs from an encoded PKCS #7 signed message. The dwEncodingType parameter
/// must specify the encoding types to be used with both messages and certificates. pvPara value: The pvPara parameter points to a
/// CRYPT_DATA_BLOB structure that represents the encoded message.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_PROV_PKCS12 sz_CERT_STORE_PROV_PKCS12</term>
/// <term>
/// Initializes the store with the contents of a PKCS #12 packet. If the PKCS #12 packet is protected with a NULL or empty password,
/// this function will succeed in opening the store. Beginning with Windows 8 and Windows Server 2012, if the password embedded in
/// the PFX packet was protected to an Active Directory (AD) principal and the current user, as a member of that principal, has
/// permission to decrypt the password, this function will succeed in opening the store. For more information, see the pvPara
/// parameter and the PKCS12_PROTECT_TO_DOMAIN_SIDS flag of the PFXExportCertStoreEx function. You can protect PFX passwords to an
/// AD principal beginning in Windows 8 and Windows Server 2012. pvPara value: The pvPara parameter points to a CRYPT_DATA_BLOB
/// structure that represents the PKCS #12 packet.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_PROV_REG</term>
/// <term>
/// Initializes the store with certificates, CRLs, and CTLs from a registry subkey. This provider opens or creates the registry
/// subkeys Certificates, CRLs, and CTLs under the key passed in pvPara. The input key is not closed by the provider. Before
/// returning, the provider opens its own copy of the key passed in pvPara. If CERT_STORE_READONLY_FLAG is set in the low word of
/// dwFlags, registry subkeys are opened by using the RegOpenKey with KEY_READ_ACCESS. Otherwise, registry subkeys are created by
/// using RegCreateKey with KEY_ALL_ACCESS. Any changes to the contents of the opened store are immediately persisted to the
/// registry. However, if CERT_STORE_READONLY_FLAG is set in the low word of dwFlags, any attempt to add to the contents of the
/// store or to change a context's property results in an error with GetLastError returning the E_ACCESSDENIED code. pvPara value:
/// The pvPara parameter contains the handle of an open registry key.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_PROV_SERIALIZED sz_CERT_STORE_PROV_SERIALIZED</term>
/// <term>
/// Initializes the store with certificates, CRLs, and CTLs from a memory location that contains a serialized store. pvPara value:
/// The pvPara parameter points to a CRYPT_DATA_BLOB structure that contains the serialized memory BLOB.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_PROV_SMART_CARD(_W) sz_CERT_STORE_PROV_SMART_CARD(_W)</term>
/// <term>Not currently used.</term>
/// </item>
/// <item>
/// <term>CERT_STORE_PROV_SYSTEM_A</term>
/// <term>
/// Initializes the store with certificates, CRLs, and CTLs from the specified system store. The system store is a logical,
/// collection store that consists of one or more physical stores. A physical store associated with a system store is registered
/// with the CertRegisterPhysicalStore function. After the system store is opened, all of the physical stores that are associated
/// with it are also opened by calls to CertOpenStore and are added to the system store collection by using the
/// CertAddStoreToCollection function. The high word of dwFlags indicates the system store location, usually set to
/// CERT_SYSTEM_STORE_CURRENT_USER. For details about registry locations, see dwFlags later in this topic and System Store
/// Locations. Some system store locations can be opened remotely; for more information, see System Store Locations. pvPara value:
/// The pvPara parameter points to a null-terminated ANSI string that contains a system store name, such as "My" or "Root".
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_PROV_SYSTEM(_W) sz_CERT_STORE_PROV_SYSTEM(_W)</term>
/// <term>
/// Same as CERT_STORE_PROV_SYSTEM_A. pvPara value: The pvPara parameter points to a null-terminated Unicode string that contains a
/// system store name, such as "My" or "Root".
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_PROV_SYSTEM_REGISTRY_A</term>
/// <term>
/// Initializes the store with certificates, CRLs, and CTLs from a physical registry store. The physical store is not opened as a
/// collection store. Enumerations and searches go through only the certificates, CRLs, and CTLs in that one physical store. The
/// high word of dwFlags indicates the system store location, usually set to CERT_SYSTEM_STORE_CURRENT_USER. For more information,
/// see dwFlags later in this topic. Some system store locations can be open remotely; for more information, see System Store
/// Locations. pvPara value: The pvPara parameter points to a null-terminated ANSI string that contains a system store name, such as
/// "My" or "Root".
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_PROV_SYSTEM_REGISTRY(_W) sz_CERT_STORE_PROV_SYSTEM_REGISTRY(_W)</term>
/// <term>
/// Same as CERT_STORE_PROV_SYSTEM_REGISTRY_A. pvPara value: The pvPara parameter points to a null-terminated Unicode string that
/// contains a system store name, such as "My" or "Root".
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="dwEncodingType">
/// <para>
/// Specifies the certificate encoding type and message encoding type. Encoding is used only when the dwSaveAs parameter of the
/// CertSaveStore function contains <c>CERT_STORE_SAVE_AS_PKCS7</c>. Otherwise, the dwMsgAndCertEncodingType parameter is not used.
/// </para>
/// <para>
/// This parameter is only applicable when the <c>CERT_STORE_PROV_MSG</c>, <c>CERT_STORE_PROV_PKCS7</c>, or
/// <c>CERT_STORE_PROV_FILENAME</c> provider type is specified in the lpszStoreProvider parameter. For all other provider types,
/// this parameter is unused and should be set to zero.
/// </para>
/// <para>This parameter can be a combination of one or more of the following values.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>PKCS_7_ASN_ENCODING 65536 (0x10000)</term>
/// <term>Specifies PKCS #7 message encoding.</term>
/// </item>
/// <item>
/// <term>X509_ASN_ENCODING 1 (0x1)</term>
/// <term>Specifies X.509 certificate encoding.</term>
/// </item>
/// </list>
/// </param>
/// <param name="hCryptProv">
/// <para>This parameter is not used and should be set to <c>NULL</c>.</para>
/// <para>
/// <c>Windows Server 2003 and Windows XP:</c> A handle to a cryptographic provider. Passing <c>NULL</c> for this parameter causes
/// an appropriate, default provider to be used. Using the default provider is recommended. The default or specified cryptographic
/// provider is used for all store functions that verify the signature of a subject certificate or CRL.This parameter's data type is <c>HCRYPTPROV</c>.
/// </para>
/// </param>
/// <param name="dwFlags">
/// <para>These values consist of high-word and low-word values combined by using a bitwise- <c>OR</c> operation.</para>
/// <para>
/// The low-word portion of dwFlags controls a variety of general characteristics of the certificate store opened. This portion can
/// be used with all store provider types. The low-word portion of dwFlags can be one of the following values.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_STORE_BACKUP_RESTORE_FLAG</term>
/// <term>
/// Use the thread's SE_BACKUP_NAME and SE_RESTORE_NAME privileges to open registry or file-based system stores. If the thread does
/// not have these privileges, this function must fail with an access denied error.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_CREATE_NEW_FLAG</term>
/// <term>
/// A new store is created if one did not exist. The function fails if the store already exists. If neither
/// CERT_STORE_OPEN_EXISTING_FLAG nor CERT_STORE_CREATE_NEW_FLAG is set, a store is opened if it exists or is created and opened if
/// it did not already exist.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG</term>
/// <term>
/// Defer closing of the store's provider until all certificates, CRLs, or CTLs obtained from the store are no longer in use. The
/// store is actually closed when the last certificate, CRL, or CTL obtained from the store is freed. Any changes made to properties
/// of these certificates, CRLs, and CTLs, even after the call to CertCloseStore, are persisted. If this flag is not set and
/// certificates, CRLs, or CTLs obtained from the store are still in use, any changes to the properties of those certificates, CRLs,
/// and CTLs will not be persisted. If this function is called with CERT_CLOSE_STORE_FORCE_FLAG,
/// CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG is ignored. When this flag is set and a non-NULL hCryptProv parameter value is
/// passed, that provider will continue to be used even after the call to this function.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_DELETE_FLAG</term>
/// <term>
/// The store is deleted instead of being opened. This function returns NULL for both success and failure of the deletion. To
/// determine the success of the deletion, call GetLastError, which returns zero if the store was deleted and a nonzero value if it
/// was not deleted.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ENUM_ARCHIVED_FLAG</term>
/// <term>
/// Normally, an enumeration of all certificates in the store will ignore any certificate with the CERT_ARCHIVED_PROP_ID property
/// set. If this flag is set, an enumeration of the certificates in the store will contain all of the certificates in the store,
/// including those that have the CERT_ARCHIVED_PROP_ID property.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_MAXIMUM_ALLOWED_FLAG</term>
/// <term>
/// Open the store with the maximum set of allowed permissions. If this flag is specified, registry stores are first opened with
/// write access and if that fails, they are reopened with read-only access.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_NO_CRYPT_RELEASE_FLAG</term>
/// <term>
/// This flag is not used when the hCryptProv parameter is NULL. This flag is only valid when a non-NULL CSP handle is passed as the
/// hCryptProv parameter. Setting this flag prevents the automatic release of a nondefault CSP when the certificate store is closed.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_OPEN_EXISTING_FLAG</term>
/// <term>Only open an existing store. If the store does not exist, the function fails.</term>
/// </item>
/// <item>
/// <term>CERT_STORE_READONLY_FLAG</term>
/// <term>
/// Open the store in read-only mode. Any attempt to change the contents of the store will result in an error. When this flag is set
/// and a registry based store provider is being used, the registry subkeys are opened by using RegOpenKey with KEY_READ_ACCESS.
/// Otherwise, the registry subkeys are created by using RegCreateKey with KEY_ALL_ACCESS.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_SET_LOCALIZED_NAME_FLAG</term>
/// <term>
/// If this flag is supported, the provider sets the store's CERT_STORE_LOCALIZED_NAME_PROP_ID property. The localized name can be
/// retrieved by calling the CertGetStoreProperty function with dwPropID set to CERT_STORE_LOCALIZED_NAME_PROP_ID. This flag is
/// supported for providers of types CERT_STORE_PROV_FILENAME, CERT_STORE_PROV_SYSTEM, CERT_STORE_PROV_SYSTEM_REGISTRY, and CERT_STORE_PROV_PHYSICAL_W.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_SHARE_CONTEXT_FLAG</term>
/// <term>
/// When opening a store multiple times, you can set this flag to ensure efficient memory usage by reusing the memory for the
/// encoded parts of a certificate, CRL, or CTL context across the opened instances of the stores.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_UPDATE_KEYID_FLAG</term>
/// <term>
/// Lists of key identifiers exist within CurrentUser and LocalMachine. These key identifiers have properties much like the
/// properties of certificates. If the CERT_STORE_UPDATE_KEYID_FLAG is set, then for every key identifier in the store's location
/// that has a CERT_KEY_PROV_INFO_PROP_ID property, that property is automatically updated from the key identifier property
/// CERT_KEY_PROV_INFO_PROP_ID or the CERT_KEY_IDENTIFIER_PROP_ID of the certificate related to that key identifier.
/// </term>
/// </item>
/// </list>
/// <para>
/// The <c>CERT_STORE_PROV_SYSTEM</c>, <c>CERT_STORE_PROV_SYSTEM_REGISTRY</c>, and <c>CERT_STORE_PROV_PHYSICAL</c> provider types
/// use the following high words of dwFlags to specify system store registry locations:
/// </para>
/// <para>CERT_SYSTEM_STORE_CURRENT_SERVICE</para>
/// <para>CERT_SYSTEM_STORE_CURRENT_USER</para>
/// <para>CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY</para>
/// <para>CERT_SYSTEM_STORE_LOCAL_MACHINE</para>
/// <para>CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE</para>
/// <para>CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY</para>
/// <para>CERT_SYSTEM_STORE_SERVICES</para>
/// <para>CERT_SYSTEM_STORE_USERS</para>
/// <para>
/// By default, a system store location is opened relative to the <c>HKEY_CURRENT_USER</c>, <c>HKEY_LOCAL_MACHINE</c>, or
/// <c>HKEY_USERS</c> predefined registry key. For more information, see System Store Locations.
/// </para>
/// <para>The following high-word flags override this default behavior.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_SYSTEM_STORE_RELOCATE_FLAG</term>
/// <term>
/// When set, pvPara must contain a pointer to a CERT_SYSTEM_STORE_RELOCATE_PARA structure rather than a string. The structure
/// indicates both the name of the store and its location in the registry.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SYSTEM_STORE_UNPROTECTED_FLAG</term>
/// <term>
/// By default, when the CurrentUser "Root" store is opened, any SystemRegistry roots not on the protected root list are deleted
/// from the cache before this function returns. When this flag is set, this default is overridden and all of the roots in the
/// SystemRegistry are returned and no check of the protected root list is made.
/// </term>
/// </item>
/// </list>
/// <para>The <c>CERT_STORE_PROV_REGISTRY</c> provider uses the following high-word flags.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_REGISTRY_STORE_REMOTE_FLAG</term>
/// <term>
/// pvPara contains a handle to a registry key on a remote computer. To access a registry key on a remote computer, security
/// permissions on the remote computer must be set to allow access. For more information, see Remarks.
/// </term>
/// </item>
/// <item>
/// <term>CERT_REGISTRY_STORE_SERIALIZED_FLAG</term>
/// <term>
/// The CERT_STORE_PROV_REG provider saves certificates, CRLs, and CTLs in a single serialized store subkey instead of performing
/// the default save operation. The default is that each certificate, CRL, or CTL is saved as a separate registry subkey under the
/// appropriate subkey. This flag is mainly used for stores downloaded from the group policy template (GPT), such as the
/// CurrentUserGroupPolicy and LocalMachineGroupPolicy stores. When CERT_REGISTRY_STORE_SERIALIZED_FLAG is set, store additions,
/// deletions, or property changes are not persisted until there is a call to either CertCloseStore or CertControlStore using CERT_STORE_CTRL_COMMIT.
/// </term>
/// </item>
/// </list>
/// <para>The <c>CERT_STORE_PROV_FILE</c> and <c>CERT_STORE_PROV_FILENAME</c> provider types use the following high-word flags.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_FILE_STORE_COMMIT_ENABLE</term>
/// <term>
/// Setting this flag commits any additions to the store or any changes made to properties of contexts in the store to the file
/// store either when CertCloseStore is called or when CertControlStore is called with CERT_STORE_CONTROL_COMMIT. CertOpenStore
/// fails with E_INVALIDARG if both CERT_FILE_STORE_COMMIT_ENABLE and CERT_STORE_READONLY_FLAG are set in dwFlags.
/// </term>
/// </item>
/// </list>
/// <para>The <c>CERT_STORE_PROV_LDAP</c> provider type uses the following high-word flags.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_LDAP_STORE_AREC_EXCLUSIVE_FLAG</term>
/// <term>
/// Performs an A-Record-only DNS lookup on the URL named in the pvPara parameter. This prevents false DNS queries from being
/// generated when resolving URL host names. Use this flag when passing a host name as opposed to a domain name for the pvPara parameter.
/// </term>
/// </item>
/// <item>
/// <term>CERT_LDAP_STORE_OPENED_FLAG</term>
/// <term>
/// Use this flag to use an existing LDAP session. When this flag is specified, the pvPara parameter is the address of a
/// CERT_LDAP_STORE_OPENED_PARA structure that contains information about the LDAP session to use.
/// </term>
/// </item>
/// <item>
/// <term>CERT_LDAP_STORE_SIGN_FLAG</term>
/// <term>
/// To provide integrity required by some applications, digitally sign all LDAP traffic to and from an LDAP server by using the
/// Kerberos authentication protocol.
/// </term>
/// </item>
/// <item>
/// <term>CERT_LDAP_STORE_UNBIND_FLAG</term>
/// <term>
/// Use this flag with the CERT_LDAP_STORE_OPENED_FLAG flag to cause the LDAP session to be unbound when the store is closed. The
/// system will unbind the LDAP session by using the ldap_unbind function when the store is closed.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="pvPara">
/// A 32-bit value that can contain additional information for this function. The contents of this parameter depends on the value of
/// the lpszStoreProvider and other parameters.
/// </param>
/// <returns>
/// <para>
/// If the function succeeds, the function returns a handle to the certificate store. When you have finished using the store,
/// release the handle by calling the CertCloseStore function.
/// </para>
/// <para>If the function fails, it returns <c>NULL</c>. For extended error information, call GetLastError.</para>
/// <para>
/// <c>Note</c> CreateFile, ReadFile, or registry errors might be propagated and their error codes returned. <c>CertOpenStore</c>
/// has a single error code of its own, the ERROR_FILE_NOT_FOUND code, which indicates that the function was unable to find the
/// provider specified by the lpszStoreProvider parameter.
/// </para>
/// </returns>
/// <remarks>
/// <para>
/// A system store is a collection that consists of one or more physical sibling stores. For each system store, there are predefined
/// physical sibling stores. After opening a system store such as "My" at CERT_SYSTEM_STORE_CURRENT_USER, <c>CertOpenStore</c> is
/// called to open all of the physical stores in the system store collection. Each of these physical stores is added to the system
/// store collection by using the CertAddStoreToCollection function. All certificates, CRLs, and CTLs in those physical stores are
/// available through the logical system store collection.
/// </para>
/// <para>
/// <c>Note</c> The order of the certificate context may not be preserved within the store. To access a specific certificate you
/// must iterate across the certificates in the store.
/// </para>
/// <para>The following system store locations can be opened remotely:</para>
/// <list type="bullet">
/// <item>
/// <term>CERT_SYSTEM_STORE_LOCAL_MACHINE</term>
/// </item>
/// <item>
/// <term>CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY</term>
/// </item>
/// <item>
/// <term>CERT_SYSTEM_STORE_SERVICES</term>
/// </item>
/// <item>
/// <term>CERT_SYSTEM_STORE_USERS</term>
/// </item>
/// </list>
/// <para>
/// System store locations are opened remotely by prefixing the store name in the string passed to pvPara with the computer name.
/// Examples of remote system store names are:
/// </para>
/// <list type="bullet">
/// <item>
/// <term>ComputerName\CA</term>
/// </item>
/// <item>
/// <term>\\ComputerName\CA</term>
/// </item>
/// <item>
/// <term>ComputerName\ServiceName\Trust</term>
/// </item>
/// <item>
/// <term>\\ComputerName\ServiceName\Trust</term>
/// </item>
/// </list>
/// <para>For more information about system stores, see System Store Locations.</para>
/// <para>For more information about the stores that are automatically migrated, see Certificate Store Migration.</para>
/// <para>Examples</para>
/// <para>
/// The following example shows opening several certificate stores of different store provider types. The example uses the
/// <c>CreateMyDACL</c> function, defined in the Creating a DACL topic, to ensure the open file is created with a proper DACL. For
/// more examples of opening other store provider types, see Example C Code for Opening Certificate Stores.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopenstore HCERTSTORE CertOpenStore( LPCSTR
// lpszStoreProvider, DWORD dwEncodingType, HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const void *pvPara );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "4edccbfe-c0a8-442b-b6b7-51ef598e7c90")]
public static extern SafeHCERTSTORE CertOpenStore([In] SafeOID lpszStoreProvider, CertEncodingType dwEncodingType, [Optional] HCRYPTPROV hCryptProv, CertStoreFlags dwFlags, [MarshalAs(UnmanagedType.LPWStr)] string pvPara);
/// <summary>
/// The <c>CertOpenSystemStore</c> function is a simplified function that opens the most common system certificate store. To open
@ -3098,7 +3824,7 @@ namespace Vanara.PInvoke
/// CryptInstallOIDFunctionAddress or CryptRegisterOIDFunction. For more information, see CertOpenStore.
/// </para>
/// </summary>
[MarshalAs(UnmanagedType.LPStr)] public string pszOpenStoreProvider;
public StrPtrAnsi pszOpenStoreProvider;
/// <summary>
/// <para>
@ -3348,5 +4074,60 @@ namespace Vanara.PInvoke
/// <inheritdoc/>
protected override bool InternalReleaseHandle() => CertCloseStore(handle, Flag);
}
/// <summary>Certificate Store Provider constants.</summary>
public static class CertStoreProvider
{
/// <summary/>
public const int CERT_STORE_PROV_MSG = 1;
/// <summary/>
public const int CERT_STORE_PROV_MEMORY = 2;
/// <summary/>
public const int CERT_STORE_PROV_FILE = 3;
/// <summary/>
public const int CERT_STORE_PROV_REG = 4;
/// <summary/>
public const int CERT_STORE_PROV_PKCS7 = 5;
/// <summary/>
public const int CERT_STORE_PROV_SERIALIZED = 6;
/// <summary/>
public const int CERT_STORE_PROV_FILENAME = 8;
/// <summary/>
public const int CERT_STORE_PROV_SYSTEM = 10;
/// <summary/>
public const int CERT_STORE_PROV_COLLECTION = 11;
/// <summary/>
public const int CERT_STORE_PROV_SYSTEM_REGISTRY = 13;
/// <summary/>
public const int CERT_STORE_PROV_PHYSICAL = 14;
/// <summary/>
public const int CERT_STORE_PROV_SMART_CARD = 15;
/// <summary/>
public const int CERT_STORE_PROV_LDAP = 16;
/// <summary/>
public const int CERT_STORE_PROV_PKCS12 = 17;
/// <summary/>
public const string sz_CERT_STORE_PROV_MEMORY = "Memory";
/// <summary/>
public const string sz_CERT_STORE_PROV_FILENAME = "File";
/// <summary/>
public const string sz_CERT_STORE_PROV_SYSTEM = "System";
/// <summary/>
public const string sz_CERT_STORE_PROV_PKCS7 = "PKCS7";
/// <summary/>
public const string sz_CERT_STORE_PROV_PKCS12 = "PKCS12";
/// <summary/>
public const string sz_CERT_STORE_PROV_SERIALIZED = "Serialized";
/// <summary/>
public const string sz_CERT_STORE_PROV_COLLECTION = "Collection";
/// <summary/>
public const string sz_CERT_STORE_PROV_SYSTEM_REGISTRY = "SystemRegistry";
/// <summary/>
public const string sz_CERT_STORE_PROV_PHYSICAL = "Physical";
/// <summary/>
public const string sz_CERT_STORE_PROV_SMART_CARD = "SmartCard";
/// <summary/>
public const string sz_CERT_STORE_PROV_LDAP = "Ldap";
}
}
}

5
PInvoke/Cryptography/Crypt32/Wincrypt.TrustList.cs
View File

@ -704,6 +704,11 @@ namespace Vanara.PInvoke
/// <returns>The result of the conversion.</returns>
public static implicit operator PCCTL_CONTEXT(SafePCCTL_CONTEXT h) => h.handle;
/// <summary>Performs an explicit conversion from <see cref="SafePCCTL_CONTEXT"/> to <see cref="CTL_CONTEXT"/>.</summary>
/// <param name="ctx">The handle.</param>
/// <returns>The resulting <see cref="CTL_CONTEXT"/> instance from the conversion.</returns>
public static unsafe explicit operator CTL_CONTEXT*(SafePCCTL_CONTEXT ctx) => (CTL_CONTEXT*)(void*)ctx.handle;
/// <inheritdoc/>
protected override bool InternalReleaseHandle() => CertFreeCTLContext(handle);
}

188
PInvoke/Cryptography/Crypt32/Wincrypt.Verification.cs
View File

@ -1,6 +1,7 @@
using System;
using System.Runtime.InteropServices;
using Vanara.Extensions;
using Vanara.InteropServices;
using FILETIME = System.Runtime.InteropServices.ComTypes.FILETIME;
namespace Vanara.PInvoke
@ -153,6 +154,15 @@ namespace Vanara.PInvoke
/// <summary>Setting this flag explicitly turns off Authority Information Access (AIA) retrievals.</summary>
CERT_CHAIN_DISABLE_AIA = 0x00002000,
/// <summary>Revocation checking is done on the end certificate and only the end certificate.</summary>
CERT_CHAIN_REVOCATION_CHECK_END_CERT = 0x10000000,
/// <summary>Revocation checking is done on all of the certificates in every chain.</summary>
CERT_CHAIN_REVOCATION_CHECK_CHAIN = 0x20000000,
/// <summary>Revocation checking is done on all certificates in all of the chains except the root certificate.</summary>
CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT = 0x40000000,
}
/// <summary>Flags used by <see cref="CERT_CHAIN_POLICY_PARA"/></summary>
@ -1225,7 +1235,149 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "19c37f77-1072-4740-b244-764b816a2a1f")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertVerifyCertificateChainPolicy([MarshalAs(UnmanagedType.LPStr)] string pszPolicyOID, [In] PCCERT_CHAIN_CONTEXT pChainContext,
public static extern bool CertVerifyCertificateChainPolicy([In] SafeOID pszPolicyOID, [In] PCCERT_CHAIN_CONTEXT pChainContext,
in CERT_CHAIN_POLICY_PARA pPolicyPara, ref CERT_CHAIN_POLICY_STATUS pPolicyStatus);
/// <summary>
/// The <c>CertVerifyCertificateChainPolicy</c> function checks a certificate chain to verify its validity, including its compliance
/// with any specified validity policy criteria.
/// </summary>
/// <param name="pszPolicyOID">
/// <para>Current predefined verify chain policy structures are listed in the following table.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_CHAIN_POLICY_BASE (LPCSTR) 1</term>
/// <term>
/// Implements the base chain policy verification checks. The dwFlags member of the structure pointed to by pPolicyPara can be set
/// to alter the default policy checking behavior.
/// </term>
/// </item>
/// <item>
/// <term>CERT_CHAIN_POLICY_AUTHENTICODE (LPCSTR) 2</term>
/// <term>
/// Implements the Authenticode chain policy verification checks. The pvExtraPolicyPara member of the structure pointed to by
/// pPolicyPara can be set to point to an AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_PARA structure. The pvExtraPolicyStatus member of the
/// structure pointed to by pPolicyStatus can be set to point to an AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_STATUS structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_CHAIN_POLICY_AUTHENTICODE_TS (LPCSTR) 3</term>
/// <term>
/// Implements Authenticode Time Stamp chain policy verification checks. The pvExtraPolicyPara member of the data structure pointed
/// to by pPolicyPara can be set to point to an AUTHENTICODE_TS_EXTRA_CERT_CHAIN_POLICY_PARA structure. The pvExtraPolicyStatus
/// member of the data structure pointed to by pPolicyStatus is not used and must be set to NULL
/// </term>
/// </item>
/// <item>
/// <term>CERT_CHAIN_POLICY_SSL (LPCSTR) 4</term>
/// <term>
/// Implements the SSL client/server chain policy verification checks. The pvExtraPolicyPara member in the data structure pointed to
/// by pPolicyPara can be set to point to an SSL_EXTRA_CERT_CHAIN_POLICY_PARA structure initialized with additional policy criteria.
/// </term>
/// </item>
/// <item>
/// <term>CERT_CHAIN_POLICY_BASIC_CONSTRAINTS (LPCSTR) 5</term>
/// <term>
/// Implements the basic constraints chain policy. Iterates through all the certificates in the chain checking for either a
/// szOID_BASIC_CONSTRAINTS or a szOID_BASIC_CONSTRAINTS2 extension. If neither extension is present, the certificate is assumed to
/// have valid policy. Otherwise, for the first certificate element, checks if it matches the expected CA_FLAG or END_ENTITY_FLAG
/// specified in the dwFlags member of the CERT_CHAIN_POLICY_PARA structure pointed to by the pPolicyPara parameter. If neither or
/// both flags are set, then, the first element can be either a CA or END_ENTITY. All other elements must be a certification
/// authority (CA). If the PathLenConstraint is present in the extension, it is checked. The first elements in the remaining simple
/// chains (that is, the certificates used to sign the CTL) are checked to be an END_ENTITY. If this verification fails, dwError
/// will be set to TRUST_E_BASIC_CONSTRAINTS.
/// </term>
/// </item>
/// <item>
/// <term>CERT_CHAIN_POLICY_NT_AUTH (LPCSTR) 6</term>
/// <term>
/// Implements the Windows NT Authentication chain policy, which consists of three distinct chain verifications in the following order:
/// </term>
/// </item>
/// <item>
/// <term>CERT_CHAIN_POLICY_MICROSOFT_ROOT (LPCSTR) 7</term>
/// <term>
/// Checks the last element of the first simple chain for a Microsoft root public key. If that element does not contain a Microsoft
/// root public key, the dwError member of the CERT_CHAIN_POLICY_STATUS structure pointed to by the pPolicyStatus parameter is set
/// to CERT_E_UNTRUSTEDROOT. The dwFlags member of the CERT_CHAIN_POLICY_PARA structure pointed to by the pPolicyStatus parameter
/// can contain the MICROSOFT_ROOT_CERT_CHAIN_POLICY_CHECK_APPLICATION_ROOT_FLAG flag, which causes this function to also check for
/// the Microsoft application root "Microsoft Root Certificate Authority 2011". The dwFlags member of the CERT_CHAIN_POLICY_PARA
/// structure pointed to by the pPolicyPara parameter can contain the MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG flag,
/// which causes this function to also check for the Microsoft test roots.
/// </term>
/// </item>
/// <item>
/// <term>CERT_CHAIN_POLICY_EV (LPCSTR) 8</term>
/// <term>
/// Specifies that extended validation of certificates is performed. Windows Server 2008, Windows Vista, Windows Server 2003 and
/// Windows XP: This value is not supported.
/// </term>
/// </item>
/// <item>
/// <term>CERT_CHAIN_POLICY_SSL_F12 (LPCSTR) 9</term>
/// <term>
/// Checks if any certificates in the chain have weak crypto or if third party root certificate compliance and provide an error
/// string. The pvExtraPolicyStatus member of the CERT_CHAIN_POLICY_STATUS structure pointed to by the pPolicyStatus parameter must
/// point to SSL_F12_EXTRA_CERT_CHAIN_POLICY_STATUS, which is updated with the results of the weak crypto and root program
/// compliance checks. Before calling, the cbSize member of the CERT_CHAIN_POLICY_STATUS structure pointed to by the pPolicyStatus
/// parameter must be set to a value greater than or equal to sizeof(SSL_F12_EXTRA_CERT_CHAIN_POLICY_STATUS). The dwError member in
/// CERT_CHAIN_POLICY_STATUS structure pointed to by the pPolicyStatus parameter will be set to TRUST_E_CERT_SIGNATURE for potential
/// weak crypto and set to CERT_E_UNTRUSTEDROOT for Third Party Roots not in compliance with the Microsoft Root Program. Windows 10,
/// version 1607, Windows Server 2016, Windows 10, version 1511 with KB3172985, Windows 10 RTM with KB3163912, Windows 8.1 and
/// Windows Server 2012 R2 with KB3163912, and Windows 7 with SP1 and Windows Server 2008 R2 SP1 with KB3161029
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="pChainContext">A pointer to a CERT_CHAIN_CONTEXT structure that contains a chain to be verified.</param>
/// <param name="pPolicyPara">
/// <para>
/// A pointer to a CERT_CHAIN_POLICY_PARA structure that provides the policy verification criteria for the chain. The <c>dwFlags</c>
/// member of that structure can be set to change the default policy checking behavior.
/// </para>
/// <para>In addition, policy-specific parameters can also be passed in the <c>pvExtraPolicyPara</c> member of the structure.</para>
/// </param>
/// <param name="pPolicyStatus">
/// A pointer to a CERT_CHAIN_POLICY_STATUS structure where status information on the chain is returned. OID-specific extra status
/// can be returned in the <c>pvExtraPolicyStatus</c> member of this structure.
/// </param>
/// <returns>
/// <para>
/// The return value indicates whether the function was able to check for the policy, it does not indicate whether the policy check
/// failed or passed.
/// </para>
/// <para>
/// If the chain can be verified for the specified policy, <c>TRUE</c> is returned and the <c>dwError</c> member of the
/// pPolicyStatus is updated. A <c>dwError</c> of 0 (ERROR_SUCCESS or S_OK) indicates the chain satisfies the specified policy.
/// </para>
/// <para>
/// If the chain cannot be validated, the return value is <c>TRUE</c> and you need to verify the pPolicyStatus parameter for the
/// actual error.
/// </para>
/// <para>A value of <c>FALSE</c> indicates that the function wasn't able to check for the policy.</para>
/// </returns>
/// <remarks>
/// <para>
/// A <c>dwError</c> member of the CERT_CHAIN_POLICY_STATUS structure pointed to by pPolicyStatus can apply to a single chain
/// element, to a simple chain, or to an entire chain context. If <c>dwError</c> applies to the entire chain context, both the
/// <c>lChainIndex</c> and the <c>lElementIndex</c> members of the <c>CERT_CHAIN_POLICY_STATUS</c> structure are set to 1. If
/// <c>dwError</c> applies to a complete simple chain, <c>lElementIndex</c> is set to 1 and <c>lChainIndex</c> is set to the index
/// of the first chain that has an error. If <c>dwError</c> applies to a single certificate element, <c>lChainIndex</c> and
/// <c>lElementIndex</c> index the first certificate that has the error.
/// </para>
/// <para>To get the certificate element use this syntax:</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certverifycertificatechainpolicy BOOL
// CertVerifyCertificateChainPolicy( LPCSTR pszPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara,
// PCERT_CHAIN_POLICY_STATUS pPolicyStatus );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "19c37f77-1072-4740-b244-764b816a2a1f")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertVerifyCertificateChainPolicy(IntPtr pszPolicyOID, [In] PCCERT_CHAIN_CONTEXT pChainContext,
in CERT_CHAIN_POLICY_PARA pPolicyPara, ref CERT_CHAIN_POLICY_STATUS pPolicyStatus);
/// <summary>
@ -2644,8 +2796,42 @@ namespace Vanara.PInvoke
/// <returns>The result of the conversion.</returns>
public static implicit operator PCCERT_CHAIN_CONTEXT(SafePCCERT_CHAIN_CONTEXT h) => h.handle;
/// <summary>Performs an explicit conversion from <see cref="SafePCCERT_CHAIN_CONTEXT"/> to <see cref="CERT_CHAIN_CONTEXT"/>.</summary>
/// <param name="h">The safe handle instance.</param>
/// <returns>The resulting <see cref="CERT_CHAIN_CONTEXT"/> instance from the conversion.</returns>
public static explicit operator CERT_CHAIN_CONTEXT(SafePCCERT_CHAIN_CONTEXT h) => h.handle.ToStructure<CERT_CHAIN_CONTEXT>();
/// <inheritdoc/>
protected override bool InternalReleaseHandle() { CertFreeCertificateChain(handle); return true; }
}
/// <summary>Predefined verify chain policies.</summary>
public static class CertVerifyChainPolicy
{
/// <summary/>
public const int CERT_CHAIN_POLICY_BASE = 1;
/// <summary/>
public const int CERT_CHAIN_POLICY_AUTHENTICODE = 2;
/// <summary/>
public const int CERT_CHAIN_POLICY_AUTHENTICODE_TS = 3;
/// <summary/>
public const int CERT_CHAIN_POLICY_SSL = 4;
/// <summary/>
public const int CERT_CHAIN_POLICY_BASIC_CONSTRAINTS = 5;
/// <summary/>
public const int CERT_CHAIN_POLICY_NT_AUTH = 6;
/// <summary/>
public const int CERT_CHAIN_POLICY_MICROSOFT_ROOT = 7;
/// <summary/>
public const int CERT_CHAIN_POLICY_EV = 8;
/// <summary/>
public const int CERT_CHAIN_POLICY_SSL_F12 = 9;
/// <summary/>
public const int CERT_CHAIN_POLICY_SSL_HPKP_HEADER = 10;
/// <summary/>
public const int CERT_CHAIN_POLICY_THIRD_PARTY_ROOT = 11;
/// <summary/>
public const int CERT_CHAIN_POLICY_SSL_KEY_PIN = 12;
}
}
}

275
PInvoke/Cryptography/Crypt32/Wincrypt.cs
View File

@ -1,4 +1,5 @@
using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using Vanara.Extensions;
using Vanara.InteropServices;
@ -11,6 +12,26 @@ namespace Vanara.PInvoke
{
private const int CERT_COMPARE_SHIFT = 16;
/// <summary>The class of an ALG_ID.</summary>
[PInvokeData("wincrypt.h")]
public enum ALG_CLASS
{
/// <summary/>
ALG_CLASS_ANY = (0),
/// <summary/>
ALG_CLASS_SIGNATURE = (1 << 13),
/// <summary/>
ALG_CLASS_MSG_ENCRYPT = (2 << 13),
/// <summary/>
ALG_CLASS_DATA_ENCRYPT = (3 << 13),
/// <summary/>
ALG_CLASS_HASH = (4 << 13),
/// <summary/>
ALG_CLASS_KEY_EXCHANGE = (5 << 13),
/// <summary/>
ALG_CLASS_ALL = (7 << 13),
}
/// <summary>
/// The ALG_ID data type specifies an algorithm identifier. Parameters of this data type are passed to most of the functions in CryptoAPI.
/// </summary>
@ -203,6 +224,30 @@ namespace Vanara.PInvoke
CALG_TLS1PRF = 0x0000800a,
}
/// <summary>The type of an ALG_ID.</summary>
[PInvokeData("wincrypt.h")]
public enum ALG_TYPE
{
/// <summary/>
ALG_TYPE_ANY = (0),
/// <summary/>
ALG_TYPE_DSS = (1 << 9),
/// <summary/>
ALG_TYPE_RSA = (2 << 9),
/// <summary/>
ALG_TYPE_BLOCK = (3 << 9),
/// <summary/>
ALG_TYPE_STREAM = (4 << 9),
/// <summary/>
ALG_TYPE_DH = (5 << 9),
/// <summary/>
ALG_TYPE_SECURECHANNEL = (6 << 9),
/// <summary/>
ALG_TYPE_ECDH = (7 << 9),
/// <summary/>
ALG_TYPE_THIRDPARTY = (8 << 9),
}
/// <summary>Values used by CertFindType.</summary>
public enum CertCompareFunction : ushort
{
@ -362,7 +407,7 @@ namespace Vanara.PInvoke
PKCS_7_NDR_ENCODING = 0x00020000
}
/// <summary>Values used by <see cref="CertFindCertificateInStore "/>.</summary>
/// <summary>Values used by <see cref="CertFindCertificateInStore(HCERTSTORE, CertEncodingType, CertFindUsageFlags, CertFindType, IntPtr, PCCERT_CONTEXT)"/>.</summary>
[PInvokeData("wincrypt.h", MSDNShortId = "20b3fcfb-55df-46ff-80a5-70f31a3d03b2")]
public enum CertFindType : uint
{
@ -780,6 +825,26 @@ namespace Vanara.PInvoke
TIMESTAMP_NO_AUTH_RETRIEVAL = 0x00020000,
}
/// <summary>Gets the ALG_CLASS from an ALG_ID.</summary>
/// <param name="algId">The ALG_ID.</param>
/// <returns>The associated ALG_CLASS.</returns>
public static ALG_CLASS GET_ALG_CLASS(ALG_ID algId) => (ALG_CLASS)((int)algId & (7 << 13));
/// <summary>Gets the ALG_TYPE from an ALG_ID.</summary>
/// <param name="algId">The ALG_ID.</param>
/// <returns>The associated ALG_TYPE.</returns>
public static ALG_TYPE GET_ALG_TYPE(ALG_ID algId) => (ALG_TYPE)((int)algId & (15 << 9));
/// <summary>Gets the ALG_CLASS from an ALG_ID.</summary>
/// <param name="algId">The ALG_ID.</param>
/// <returns>The associated ALG_CLASS.</returns>
public static ALG_CLASS GetClass(this ALG_ID algId) => GET_ALG_CLASS(algId);
/// <summary>Gets the ALG_TYPE from an ALG_ID.</summary>
/// <param name="algId">The ALG_ID.</param>
/// <returns>The associated ALG_TYPE.</returns>
public static ALG_TYPE GetType(this ALG_ID algId) => GET_ALG_TYPE(algId);
/// <summary>
/// The <c>CertAddEncodedCertificateToSystemStore</c> function opens the specified system store and adds the encoded certificate to it.
/// </summary>
@ -1328,7 +1393,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "68ba3d40-08b0-4261-ab2f-6deb1795f830")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptRetrieveTimeStamp([MarshalAs(UnmanagedType.LPWStr)] string wszUrl, TimeStampRetrivalFlags dwRetrievalFlags, uint dwTimeout, [MarshalAs(UnmanagedType.LPStr)] string pszHashId,
public static extern bool CryptRetrieveTimeStamp([MarshalAs(UnmanagedType.LPWStr)] string wszUrl, TimeStampRetrivalFlags dwRetrievalFlags, uint dwTimeout, SafeOID pszHashId,
in CRYPT_TIMESTAMP_PARA pPara, [In] IntPtr pbData, uint cbData, out SafeCryptMem ppTsContext, out SafePCCERT_CONTEXT ppTsSigner, out SafeHCERTSTORE phStore);
/// <summary>
@ -1394,6 +1459,11 @@ namespace Vanara.PInvoke
public static extern bool CryptVerifyTimeStampSignature([In] IntPtr pbTSContentInfo, uint cbTSContentInfo, [In, Optional] IntPtr pbData, uint cbData,
[In, Optional] HCERTSTORE hAdditionalStore, out SafeCryptMem ppTsContext, out SafePCCERT_CONTEXT ppTsSigner, out SafeHCERTSTORE phStore);
/// <summary>Determines whether a cryptography algorithm is only supported by using the CNG functions.</summary>
/// <param name="Algid">The cryptography algorithm.</param>
/// <returns><see langword="true"/> if algorithm is only supported by using the CNG functions; otherwise, <see langword="false"/>.</returns>
public static bool IS_SPECIAL_OID_INFO_ALGID(ALG_ID Algid) => Algid >= ALG_ID.CALG_OID_INFO_PARAMETERS;
/// <summary>
/// The CERT_CONTEXT structure contains both the encoded and decoded representations of a certificate. A certificate context
/// returned by one of the functions defined in Wincrypt.h must be freed by calling the CertFreeCertificateContext function. The
@ -1420,6 +1490,9 @@ namespace Vanara.PInvoke
/// <summary>A handle to the certificate store that contains the certificate context.</summary>
public HCERTSTORE hCertStore;
/// <summary>The address of a CERT_INFO structure that contains the certificate information.</summary>
public unsafe CERT_INFO* pUnsafeCertInfo => (CERT_INFO*)(void*)pCertInfo;
}
/// <summary>
@ -1436,7 +1509,7 @@ namespace Vanara.PInvoke
/// Object identifier (OID) that specifies the structure of the extension data contained in the <c>Value</c> member. For
/// specifics on extension OIDs and their related structures, see X.509 Certificate Extension Structures.
/// </summary>
[MarshalAs(UnmanagedType.LPStr)] public string pszObjId;
public StrPtrAnsi pszObjId;
/// <summary>
/// If <c>TRUE</c>, any limitations specified by the extension in the <c>Value</c> member of this structure are imperative. If
@ -2057,8 +2130,8 @@ namespace Vanara.PInvoke
/// <summary>A handle to the certificate store.</summary>
public HCERTSTORE hCertStore;
/// <summary>A CRL_INFO structure containing the CRL information.</summary>
public CRL_INFO CrlInfo => pCrlInfo.ToStructure<CRL_INFO>();
/// <summary>A pointer to CRL_INFO structure containing the CRL information.</summary>
public unsafe CRL_INFO* pUnsafeCrlInfo => (CRL_INFO*)(void*)pCrlInfo;
}
/// <summary>
@ -2179,7 +2252,7 @@ namespace Vanara.PInvoke
public struct CRYPT_ATTRIBUTE
{
/// <summary>An object identifier (OID) that specifies the type of data contained in the <c>rgValue</c> array.</summary>
[MarshalAs(UnmanagedType.LPStr)] public string pszObjId;
public StrPtrAnsi pszObjId;
/// <summary>A <c>DWORD</c> value that indicates the number of elements in the <c>rgValue</c> array.</summary>
public uint cValue;
@ -2407,7 +2480,7 @@ namespace Vanara.PInvoke
/// Optional. A pointer to a null-terminated string that specifies the Time Stamping Authority (TSA) policy under which the time
/// stamp token was provided. This value must correspond with the value passed in the CRYPT_TIMESTAMP_REQUEST structure.
/// </summary>
[MarshalAs(UnmanagedType.LPStr)] public string pszTSAPolicyId;
public StrPtrAnsi pszTSAPolicyId;
/// <summary>
/// A CRYPT_ALGORITHM_IDENTIFIER structure that contains information about the algorithm used to calculate the hash. This value
@ -2461,7 +2534,7 @@ namespace Vanara.PInvoke
/// Optional. A pointer to a null-terminated character string that contains the Time Stamping Authority (TSA) policy under which
/// the time stamp token should be provided.
/// </summary>
[MarshalAs(UnmanagedType.LPStr)] public string pszTSAPolicyId;
public StrPtrAnsi pszTSAPolicyId;
/// <summary>
/// A Boolean value that specifies whether the TSA must include the certificates used to sign the time stamp token in the
@ -2489,7 +2562,7 @@ namespace Vanara.PInvoke
/// functions that use it.
/// </summary>
[PInvokeData("wincrypt.h")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi)]
[StructLayout(LayoutKind.Sequential)]
public struct CRYPTOAPI_BLOB
{
/// <summary>A DWORD variable that contains the count, in bytes, of data.</summary>
@ -2497,6 +2570,9 @@ namespace Vanara.PInvoke
/// <summary>A pointer to the data buffer.</summary>
public IntPtr pbData;
/// <summary>Gets the bytes associated with this blob.</summary>
public byte[] GetBytes() => pbData.ToArray<byte>((int)cbData);
}
/// <summary>
@ -2554,6 +2630,9 @@ namespace Vanara.PInvoke
/// <summary>Count, in bytes, of <c>pbCtlContent</c>.</summary>
public uint cbCtlContent;
/// <summary>A pointer to CTL_INFO structure contain the CTL information.</summary>
public unsafe CTL_INFO* pUnsafeCtlInfo => (CTL_INFO*)(void*)pCtlInfo;
}
/// <summary>The <c>CTL_ENTRY</c> structure is an element of a certificate trust list (CTL).</summary>
@ -2883,7 +2962,7 @@ namespace Vanara.PInvoke
/// <summary>Performs an explicit conversion from <see cref="PCCERT_CONTEXT"/> to <see cref="CERT_CONTEXT"/>.</summary>
/// <param name="h">The <see cref="PCCERT_CONTEXT"/> instance.</param>
/// <returns>The resulting <see cref="CERT_CONTEXT"/> instance from the conversion.</returns>
public static explicit operator CERT_CONTEXT(PCCERT_CONTEXT h) => h.DangerousGetHandle().ToStructure<CERT_CONTEXT>();
public static unsafe explicit operator CERT_CONTEXT*(PCCERT_CONTEXT h) => (CERT_CONTEXT*)(void*)h.handle;
/// <summary>Implements the operator !=.</summary>
/// <param name="h1">The first handle.</param>
@ -2934,9 +3013,9 @@ namespace Vanara.PInvoke
public static implicit operator PCCRL_CONTEXT(IntPtr h) => new PCCRL_CONTEXT(h);
/// <summary>Performs an implicit conversion from <see cref="PCCRL_CONTEXT"/> to <see cref="CRL_CONTEXT"/>.</summary>
/// <param name="ctx">The <see cref="PCCRL_CONTEXT"/> instance.</param>
/// <param name="h">The <see cref="PCCRL_CONTEXT"/> instance.</param>
/// <returns>The resulting <see cref="CRL_CONTEXT"/> instance from the conversion.</returns>
public static explicit operator CRL_CONTEXT(PCCRL_CONTEXT ctx) => ctx.DangerousGetHandle().ToStructure<CRL_CONTEXT>();
public static unsafe explicit operator CRL_CONTEXT*(PCCRL_CONTEXT h) => (CRL_CONTEXT*)(void*)h.handle;
/// <summary>Implements the operator !=.</summary>
/// <param name="h1">The first handle.</param>
@ -2986,6 +3065,11 @@ namespace Vanara.PInvoke
/// <returns>The result of the conversion.</returns>
public static implicit operator PCCTL_CONTEXT(IntPtr h) => new PCCTL_CONTEXT(h);
/// <summary>Performs an explicit conversion from <see cref="PCCTL_CONTEXT"/> to <see cref="CTL_CONTEXT"/>.</summary>
/// <param name="h">The handle.</param>
/// <returns>The resulting <see cref="CTL_CONTEXT"/> instance from the conversion.</returns>
public static unsafe explicit operator CTL_CONTEXT*(PCCTL_CONTEXT h) => (CTL_CONTEXT*)(void*)h.handle;
/// <summary>Implements the operator !=.</summary>
/// <param name="h1">The first handle.</param>
/// <param name="h2">The second handle.</param>
@ -3007,5 +3091,172 @@ namespace Vanara.PInvoke
/// <inheritdoc/>
public IntPtr DangerousGetHandle() => handle;
}
/// <summary>
/// The BLOB structure contains an arbitrary array of bytes. The structure definition includes aliases appropriate to the various
/// functions that use it.
/// </summary>
[PInvokeData("wincrypt.h")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi)]
public class SafeCRYPTOAPI_BLOB : IDisposable
{
/// <summary>A DWORD variable that contains the count, in bytes, of data.</summary>
private uint cbData;
/// <summary>A pointer to the data buffer.</summary>
private IntPtr pbData;
/// <summary>Initializes a new instance of the <see cref="SafeCRYPTOAPI_BLOB"/> class.</summary>
/// <param name="size">The size, in bytes, to allocate.</param>
public SafeCRYPTOAPI_BLOB(int size)
{
cbData = (uint)size;
if (size > 0)
pbData = MemMethods.AllocMem(size);
}
/// <summary>Initializes a new instance of the <see cref="SafeCRYPTOAPI_BLOB"/> class.</summary>
/// <param name="bytes">The bytes to copy into the blob.</param>
public SafeCRYPTOAPI_BLOB(byte[] bytes) : this(bytes?.Length ?? 0)
{
Marshal.Copy(bytes, 0, pbData, bytes.Length);
}
/// <summary>Initializes a new instance of the <see cref="SafeCRYPTOAPI_BLOB"/> class with a string.</summary>
/// <param name="value">The string value.</param>
/// <param name="charSet">The character set to use.</param>
public SafeCRYPTOAPI_BLOB(string value, CharSet charSet = CharSet.Unicode) : this(StringHelper.GetBytes(value, true, charSet))
{
}
private SafeCRYPTOAPI_BLOB(IntPtr handle, int size)
{
pbData = handle;
cbData = (uint)size;
}
/// <summary>Represents an empty instance of a blob.</summary>
public static readonly SafeCRYPTOAPI_BLOB Empty = new SafeCRYPTOAPI_BLOB(IntPtr.Zero, 0);
/// <summary>Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources.</summary>
public void Dispose()
{
MemMethods.FreeMem(pbData);
pbData = IntPtr.Zero;
cbData = 0;
}
/// <summary>Allocates from unmanaged memory sufficient memory to hold an object of type T.</summary>
/// <typeparam name="T">Native type</typeparam>
/// <param name="value">The value.</param>
/// <returns><see cref="SafeCRYPTOAPI_BLOB"/> object to an native (unmanaged) memory block the size of T.</returns>
public static SafeCRYPTOAPI_BLOB CreateFromStructure<T>(in T value = default) => new SafeCRYPTOAPI_BLOB(InteropExtensions.MarshalToPtr(value, MemMethods.AllocMem, out int s), s);
/// <summary>
/// Allocates from unmanaged memory to represent a structure with a variable length array at the end and marshal these structure
/// elements. It is the callers responsibility to marshal what precedes the trailing array into the unmanaged memory. ONLY
/// structures with attribute StructLayout of LayoutKind.Sequential are supported.
/// </summary>
/// <typeparam name="T">Type of the trailing array of structures</typeparam>
/// <param name="values">Collection of structure objects</param>
/// <param name="count">
/// Number of items in <paramref name="values"/>. Setting this value to -1 will cause the method to get the count by iterating
/// through <paramref name="values"/>.
/// </param>
/// <param name="prefixBytes">Number of bytes preceding the trailing array of structures</param>
/// <returns><see cref="SafeCRYPTOAPI_BLOB"/> object to an native (unmanaged) structure with a trail array of structures</returns>
public static SafeCRYPTOAPI_BLOB CreateFromList<T>(IEnumerable<T> values, int count = -1, int prefixBytes = 0) =>
new SafeCRYPTOAPI_BLOB(InteropExtensions.MarshalToPtr(values, MemMethods.AllocMem, out int s, prefixBytes), s);
/// <summary>Allocates from unmanaged memory sufficient memory to hold an array of strings.</summary>
/// <param name="values">The list of strings.</param>
/// <param name="packing">The packing type for the strings.</param>
/// <param name="charSet">The character set to use for the strings.</param>
/// <param name="prefixBytes">Number of bytes preceding the trailing strings.</param>
/// <returns>
/// <see cref="SafeCRYPTOAPI_BLOB"/> object to an native (unmanaged) array of strings stored using the <paramref
/// name="packing"/> model and the character set defined by <paramref name="charSet"/>.
/// </returns>
public static SafeCRYPTOAPI_BLOB CreateFromStringList(IEnumerable<string> values, StringListPackMethod packing = StringListPackMethod.Concatenated, CharSet charSet = CharSet.Auto, int prefixBytes = 0) =>
new SafeCRYPTOAPI_BLOB(InteropExtensions.MarshalToPtr(values, packing, MemMethods.AllocMem, out int s, charSet, prefixBytes), s);
private static IMemoryMethods MemMethods => HGlobalMemoryMethods.Instance;
}
/// <summary>Provides a <see cref="SafeHandle"/> for an object identifier that can be either a string or an integer.</summary>
public class SafeOID : SafeHANDLE
{
/// <summary>Initializes a new instance of the <see cref="SafeOID"/> class and assigns an existing handle.</summary>
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
/// <param name="ownsHandle">
/// <see langword="true"/> to reliably release the handle during the finalization phase; otherwise, <see langword="false"/> (not recommended).
/// </param>
public SafeOID(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { }
/// <summary>Initializes a new instance of the <see cref="SafeOID"/> class.</summary>
/// <param name="value">The value.</param>
public SafeOID(int value) { SetHandle((IntPtr)unchecked((ushort)value)); }
/// <summary>Initializes a new instance of the <see cref="SafeOID"/> class.</summary>
/// <param name="value">The value.</param>
public SafeOID(uint value) { SetHandle((IntPtr)unchecked((ushort)value)); }
/// <summary>Initializes a new instance of the <see cref="SafeOID"/> class.</summary>
/// <param name="value">The value.</param>
public SafeOID(string value) : base(Marshal.StringToCoTaskMemAnsi(value)) { }
/// <summary>Initializes a new instance of the <see cref="SafeOID"/> class.</summary>
private SafeOID() : base() { }
/// <summary>Gets a value indicating whether this instance is string.</summary>
/// <value><see langword="true"/> if this instance is string; otherwise, <see langword="false"/>.</value>
private bool IsString => !Macros.IS_INTRESOURCE(handle);
/// <summary>Performs an implicit conversion from <see cref="SafeOID"/> to <see cref="IntPtr"/>.</summary>
/// <param name="value">The value.</param>
/// <returns>The resulting <see cref="IntPtr"/> instance from the conversion.</returns>
public static implicit operator IntPtr(SafeOID value) => value.handle;
/// <summary>Performs an implicit conversion from <see cref="System.String"/> to <see cref="SafeOID"/>.</summary>
/// <param name="value">The value.</param>
/// <returns>The resulting <see cref="SafeOID"/> instance from the conversion.</returns>
public static implicit operator SafeOID(string value) => new SafeOID(value);
/// <summary>Performs an implicit conversion from <see cref="System.Int32"/> to <see cref="SafeOID"/>.</summary>
/// <param name="value">The value.</param>
/// <returns>The resulting <see cref="SafeOID"/> instance from the conversion.</returns>
public static implicit operator SafeOID(int value) => new SafeOID(value);
/// <summary>Performs an implicit conversion from <see cref="System.UInt32"/> to <see cref="SafeOID"/>.</summary>
/// <param name="value">The value.</param>
/// <returns>The resulting <see cref="SafeOID"/> instance from the conversion.</returns>
public static implicit operator SafeOID(uint value) => new SafeOID(value);
/// <summary>Performs an implicit conversion from <see cref="SafeOID"/> to <see cref="StrPtrAnsi"/>.</summary>
/// <param name="value">The value.</param>
/// <returns>The resulting <see cref="StrPtrAnsi"/> instance from the conversion.</returns>
public static implicit operator StrPtrAnsi(SafeOID value) => value.handle;
/// <summary>Gets the integer value, if possible.</summary>
/// <returns>The integer value, if set; otherwise <see langword="null"/>.</returns>
public int? GetInt32Value() => IsString ? null : (int?)handle.ToInt32();
/// <summary>Gets the string value, if possible.</summary>
/// <returns>The string value, if set; otherwise <see langword="null"/>.</returns>
public string GetStringValue() => IsString ? Marshal.PtrToStringAnsi(handle) : null;
/// <summary>
/// Internal method that actually releases the handle. This is called by <see cref="M:Vanara.PInvoke.SafeHANDLE.ReleaseHandle"/>
/// for valid handles and afterwards zeros the handle.
/// </summary>
/// <returns><c>true</c> to indicate successful release of the handle; <c>false</c> otherwise.</returns>
protected override bool InternalReleaseHandle()
{
if (IsString)
Marshal.FreeCoTaskMem(handle);
handle = IntPtr.Zero;
return true;
}
}
}
}

3
PInvoke/Cryptography/CryptNet/Wincrypt.cs
View File

@ -1,5 +1,6 @@
using System;
using System.Runtime.InteropServices;
using Vanara.InteropServices;
using static Vanara.PInvoke.Crypt32;
@ -216,7 +217,7 @@ namespace Vanara.PInvoke
[DllImport(Lib.Cryptnet, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "a92117b8-9144-4480-b88a-b9ffe1026d63")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptGetObjectUrl([MarshalAs(UnmanagedType.LPStr)] string pszUrlOid, [In] IntPtr pvPara, CryptGetUrlFromFlags dwFlags,
public static extern bool CryptGetObjectUrl([In] SafeOID pszUrlOid, [In] IntPtr pvPara, CryptGetUrlFromFlags dwFlags,
IntPtr pUrlArray, ref uint pcbUrlArray, IntPtr pUrlInfo, ref uint pcbUrlInfo, IntPtr pvReserved = default);
/// <summary>

2
PInvoke/Cryptography/NCrypt/NCrypt.cs
View File

@ -4069,7 +4069,7 @@ namespace Vanara.PInvoke
// *pcbResult, DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("ncrypt.h", MSDNShortId = "7404e37a-d7c6-49ed-b951-6081dd2b921a")]
public static extern HRESULT NCryptSignHash(NCRYPT_KEY_HANDLE hKey, [In, Optional] IntPtr pPaddingInfo, [In] IntPtr pbHashValue, uint cbHashValue, [In, Out] IntPtr pbSignature, uint cbSignature, out uint pcbResult, NCryptDecryptFlag dwFlags);
public static extern HRESULT NCryptSignHash(NCRYPT_KEY_HANDLE hKey, [In, Optional] IntPtr pPaddingInfo, [In] IntPtr pbHashValue, uint cbHashValue, [In, Out] IntPtr pbSignature, uint cbSignature, out uint pcbResult, BCrypt.EncryptFlags dwFlags);
/// <summary>The <c>NCryptTranslateHandle</c> function translates a CryptoAPI handle into a CNG key handle.</summary>
/// <param name="phProvider">

8
PInvoke/Cryptography/Vanara.PInvoke.Cryptography.csproj
View File

File diff suppressed because one or more lines are too long