using System; using System.Runtime.InteropServices; using Vanara.Extensions; namespace Vanara.PInvoke { ///

Methods and data types found in Crypt32.dll.

public static partial class Crypt32 { ///

Enable verification checks on the returned CRL.

[PInvokeData("wincrypt.h", MSDNShortId = "7bd21424-4f74-4bac-ab47-00d51ebdca1c")] [Flags] public enum CertStoreVerification { ///

Uses the public key in the issuer's certificate to verify the signature on the returned CRL.

CERT_STORE_SIGNATURE_FLAG = 0x00000001, ///

Gets the current time and verifies that it is within the time between the CRL's ThisUpdate and NextUpdate.

CERT_STORE_TIME_VALIDITY_FLAG = 0x00000002, ///

Checks whether the subject certificate is on the issuer's revocation list.

CERT_STORE_REVOCATION_FLAG = 0x00000004, ///

Indicates no matching CRL was found.

CERT_STORE_NO_CRL_FLAG = 0x00010000, ///

Indicates no issuer certificate was found.

CERT_STORE_NO_ISSUER_FLAG = 0x00020000, ///

Gets a base CRL.

CERT_STORE_BASE_CRL_FLAG = 0x00000100, ///

Gets a delta CRL.

CERT_STORE_DELTA_CRL_FLAG = 0x00000200, } ///

Flags that can be used to do additional filtering.

[PInvokeData("wincrypt.h", MSDNShortId = "3e481912-204a-4d86-ab67-81f8ae4d1aaa")] [Flags] public enum CrlFindFlags : uint { ///

/// Checks for a CRL that has an Authority Key Identifier (AKI) extension. If the CRL has an AKI, only a CRL whose AKI matches /// the issuer is returned. The AKI extension has the object identifier(OID) value szOID_AUTHORITY_KEY_IDENTIFIER2 and its /// corresponding data structure. ///

CRL_FIND_ISSUED_BY_AKI_FLAG = 0x1, ///

/// Use the public key in the issuer's certificate to verify the signature on the CRL. Only returns a CRL that has a valid signature. ///

CRL_FIND_ISSUED_BY_SIGNATURE_FLAG = 0x2, ///

Finds and returns a delta CRL.

CRL_FIND_ISSUED_BY_DELTA_FLAG = 0x4, ///

Finds and returns a base CRL.

CRL_FIND_ISSUED_BY_BASE_FLAG = 0x8, ///

/// The signature is checked for strength after successful verification. This flag applies only when the dwFindType parameter is /// set to CRL_FIND_ISSUED_FOR. You must also set CRL_FIND_ISSUED_BY_SIGNATURE_FLAG. If /// successful, the following strong signature properties will be set on the CRL context: /// /// CERT_SIGN_HASH_CNG_ALG_PROP_ID /// CERT_ISSUER_PUB_KEY_BIT_LENGTH_PROP_ID /// /// Windows 8 and Windows Server 2012: Support for this flag begins. ///

CRL_FIND_ISSUED_FOR_SET_STRONG_PROPERTIES_FLAG = 0x10, } ///

/// Specifies the type of search being made. The value of dwFindType determines the data type, contents, and use of the pvFindPara parameter. ///

[PInvokeData("wincrypt.h", MSDNShortId = "3e481912-204a-4d86-ab67-81f8ae4d1aaa")] public enum CrlFindType : uint { ///

No search criteria. The next CRL in the store is returned.

CRL_FIND_ANY = 0, ///

Searches for the next CRL in the store matching the issuer in the CERT_CONTEXT.

CRL_FIND_ISSUED_BY = 1, ///

/// Searches for the next CRL that matches the CRL_CONTEXT in the following ways: /// /// Both are base or delta CRLs. /// The issuer-name BLOBs for both are identical. /// If they exist, the Authority/KeyIdentifier and IssuingDistributionPoint encoded extension BLOBs match. /// ///

CRL_FIND_EXISTING = 2, ///

/// Searches for the next CRL in the store that matches the issuer of the subject certificate in the CRL_FIND_ISSUED_FOR_PARA structure. /// /// If no CRL is found, searches for the next CRL in the store that matches the issuer in the CRL_FIND_ISSUED_FOR_PARA structure. /// /// When using cross certificates, the subject name in the issuer's certificate might not match the issuer name in the /// subject certificate and its corresponding CRL. ///

CRL_FIND_ISSUED_FOR = 3, } ///

/// The CertAddCRLContextToStore function adds a certificate revocation list (CRL) context to the specified certificate store. ///

/// Handle of a certificate store. /// A pointer to the CRL_CONTEXT structure to be added. /// /// /// Specifies the action to take if a matching CRL or a link to a matching CRL already exists in the store. Currently defined /// disposition values and their uses are as follows. /// /// /// /// Value /// Meaning /// /// /// CERT_STORE_ADD_ALWAYS /// /// Makes no check for an existing matching CRL or link to a matching CRL. A new CRL is always added to the store. This can lead to /// duplicates in a store. /// /// /// /// CERT_STORE_ADD_NEW /// If a matching CRL or a link to a matching CRL exists, the operation fails. GetLastError returns the CRYPT_E_EXISTS code. /// /// /// CERT_STORE_ADD_NEWER /// /// If a matching CRL or a link to a matching CRL exists, the function compares the ThisUpdate times on the CRLs. If the existing /// CRL has a ThisUpdate time less than the ThisUpdate time on the new CRL, the old CRL or link is replaced just as with /// CERT_STORE_ADD_REPLACE_EXISTING. If the existing CRL has a ThisUpdate time greater than or equal to the ThisUpdate time on the /// CRL to be added, the function fails with GetLastError returning the CRYPT_E_EXISTS code. If a matching CRL or a link to a /// matching CRL is not found in the store, a new CRL is added to the store. /// /// /// /// CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES /// /// The action is the same as for CERT_STORE_ADD_NEWER, except that if an older CRL is replaced, the properties of the older CRL are /// incorporated into the replacement CRL. /// /// /// /// CERT_STORE_ADD_REPLACE_EXISTING /// /// If a matching CRL or a link to a matching CRL exists, the existing CRL or link is deleted and a new CRL is created and added to /// the store. If a matching CRL or a link to a matching CRL does not exist, one is added. /// /// /// /// CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES /// /// If a matching CRL exists in the store, the existing context is deleted before creating and adding the new context. The added /// context inherits properties from the existing CRL. /// /// /// /// CERT_STORE_ADD_USE_EXISTING /// /// If a matching CRL or a link to a matching CRL exists, that existing CRL is used and properties from the new CRL are added. The /// function does not fail, but no new CRL is added. If ppCertContext is not NULL, the existing context is duplicated. If a matching /// CRL or a link to a matching CRL does not exist, a new CRL is added. /// /// /// /// /// /// A pointer to a pointer to the decoded CRL context. This is an optional parameter and can be NULL, indicating that the /// calling application does not require a copy of the added or existing CRL. If a copy is made, that context must be freed by using CertFreeCRLContext. /// /// /// If the function succeeds, the return value is TRUE. /// /// If the function fails, the return value is FALSE. Errors from the called functions CertAddEncodedCRLToStore and /// CertSetCRLContextProperty can be propagated to this function. /// /// For extended error information, call GetLastError. Some possible error codes follow. /// /// /// Return code /// Description /// /// /// CRYPT_E_EXISTS /// /// This error is returned if CERT_STORE_ADD_NEW is set and the CRL already exists in the store or if CERT_STORE_ADD_NEWER is set /// and a CRL exists in the store with a ThisUpdate date greater than or equal to the ThisUpdate date on the CRL to be added. /// /// /// /// E_INVALIDARG /// The dwAddDisposition parameter specified a disposition value that is not valid. /// /// /// /// /// /// The CRL context is not duplicated using CertDuplicateCRLContext. Instead, a new copy is created and added to the store. In /// addition to copying the encoded CRL, the function copies the context's properties. /// /// To remove the CRL context from the certificate store, use the CertDeleteCRLFromStore function. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddcrlcontexttostore BOOL CertAddCRLContextToStore( // HCERTSTORE hCertStore, PCCRL_CONTEXT pCrlContext, DWORD dwAddDisposition, PCCRL_CONTEXT *ppStoreContext ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "5dfa1c08-5d75-4ee4-bd65-ce56eb61ecce")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CertAddCRLContextToStore(HCERTSTORE hCertStore, [In] PCCRL_CONTEXT pCrlContext, CertStoreAdd dwAddDisposition, IntPtr ppStoreContext = default); ///

/// The CertAddCRLContextToStore function adds a certificate revocation list (CRL) context to the specified certificate store. ///

/// The CertAddCRLLinkToStore function adds a link in a store to a certificate revocation list (CRL) context in a different /// store. Instead of creating and adding a duplicate of the CRL, this function adds a link to the original CRL context. ///

/// Handle of a certificate store where the link is to be added. /// A pointer to the CRL_CONTEXT structure to be linked. /// /// /// Specifies the action to take if a matching CRL or a link to a matching CRL exists in the store. Currently defined disposition /// values and their uses are as follows. /// /// /// /// Value /// Meaning /// /// /// CERT_STORE_ADD_ALWAYS /// /// Makes no check for an existing matching CRL or link to a matching CRL. A new link is always added to the store. This can lead to /// duplicates in a store. /// /// /// /// CERT_STORE_ADD_NEW /// If a matching CRL or a link to a matching CRL exists, the operation fails. GetLastError returns the CRYPT_E_EXISTS code. /// /// /// CERT_STORE_ADD_NEWER /// /// If a matching CRL or a link to a matching CRL exists, the ThisUpdate times on the CRLs are compared. If the existing CRL has a /// ThisUpdate time less than the ThisUpdate time on the new CRL, the old link is replaced just as with /// CERT_STORE_ADD_REPLACE_EXISTING. If the existing CRL has a ThisUpdate time greater than or equal to the ThisUpdate time on the /// CRL to be added, the function fails with GetLastError returning the CRYPT_E_EXISTS code. If a matching CRL or a link to a /// matching CRL is not found in the store, a new link is added to the store. /// /// /// /// CERT_STORE_ADD_REPLACE_EXISTING /// /// If a link to the matching CRL exists, that existing link is deleted and a new link is created and added to the store. If a /// matching CRL or a link to a matching CRL does not exist, a new link is added. /// /// /// /// CERT_STORE_ADD_USE_EXISTING /// /// If a matching CRL or a link to a matching CRL exists, that existing link is used. The function does not fail, but no new link is /// added. If a matching CRL or link to a CRL does not exist, a new link is added. /// /// /// /// /// /// A pointer to a pointer of a copy of the link created. The ppStoreContext parameter can be NULL to indicate that a copy of /// the link is not needed. If a copy of the link is created, that copy must be freed using CertFreeCRLContext. /// /// /// If the function succeeds, the return value is TRUE. /// /// If the function fails, the return value is FALSE. For extended error information, call GetLastError. Some possible error /// codes follow. /// /// /// /// Return code /// Description /// /// /// CRYPT_E_EXISTS /// For a dwAddDisposition of CERT_STORE_ADD_NEW, the CTL already exists in the store. /// /// /// E_INVALIDARG /// A disposition value that is not valid was specified in the dwAddDisposition parameter. /// /// /// /// /// /// Because the link provides access to an original CRL context, setting an extended property in the linked CRL context changes that /// extended property in the CRL's original location and in any other links to that CRL. /// /// /// Links cannot be added to a store that is opened as a collection. Stores opened as collections include all stores opened with /// CertOpenSystemStore or CertOpenStore using CERT_STORE_PROV_SYSTEM or CERT_STORE_PROV_COLLECTION. For more information, see CertAddStoreToCollection. /// /// /// If links are used and CertCloseStore is called with CERT_CLOSE_STORE_FORCE_FLAG, the store using links must be closed before the /// store containing the original contexts can be closed. If CERT_CLOSE_STORE_FORCE_FLAG is not used, the two stores can be closed /// in either order. /// /// To remove the CRL context link from the certificate store, use the CertDeleteCRLFromStore function. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddcrllinktostore BOOL CertAddCRLLinkToStore( // HCERTSTORE hCertStore, PCCRL_CONTEXT pCrlContext, DWORD dwAddDisposition, PCCRL_CONTEXT *ppStoreContext ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "2fde63ed-7522-4400-a16b-059a001e7c26")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CertAddCRLLinkToStore(HCERTSTORE hCertStore, [In] PCCRL_CONTEXT pCrlContext, CertStoreAdd dwAddDisposition, out SafePCCRL_CONTEXT ppStoreContext); ///

/// The CertAddEncodedCRLToStore function creates a certificate revocation list (CRL) context from an encoded CRL and adds it /// to the certificate store. The function makes a copy of the CRL context before adding it to the store. ///

/// Handle of a certificate store. /// /// /// Specifies the type of encoding used. It is always acceptable to specify both the certificate and message encoding types by /// combining them with a bitwise- OR operation as shown in the following example: /// /// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are: /// /// /// X509_ASN_ENCODING /// /// /// PKCS_7_ASN_ENCODING /// /// /// /// A pointer to a buffer containing the encoded CRL to be added to the certificate store. /// The size, in bytes, of the pbCrlEncoded buffer. /// /// /// Specifies the action to take if a matching CRL or a link to a matching CRL already exists in the store. Currently defined /// disposition values and their uses are as follows. /// /// /// /// Value /// Meaning /// /// /// CERT_STORE_ADD_ALWAYS /// /// Makes no check for an existing matching CRL or link to a matching CRL. A new CRL is always added to the store. This can lead to /// duplicates in a store. /// /// /// /// CERT_STORE_ADD_NEW /// If a matching CRL or a link to a matching CRL exists, the operation fails. GetLastError returns the CRYPT_E_EXISTS code. /// /// /// CERT_STORE_ADD_NEWER /// /// If a matching CRL or a link to a matching CRL exists, the ThisUpdate times on the CRLs are compared. If the existing CRL has a /// ThisUpdate time less than the ThisUpdate time on the new CRL, the old CRL or link is replaced just as with /// CERT_STORE_ADD_REPLACE_EXISTING. If the existing CRL has a ThisUpdate time greater than or equal to the ThisUpdate time on the /// CRL to be added, the function fails with GetLastError returning the CRYPT_E_EXISTS code. If a matching CRL or a link to a /// matching CRL is not found in the store, a new CRL is added to the store. /// /// /// /// CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES /// /// The action is the same as for CERT_STORE_ADD_NEWER, except that if an older CRL is replaced, the properties of the older CRL are /// incorporated into the replacement CRL. /// /// /// /// CERT_STORE_ADD_REPLACE_EXISTING /// /// If a matching CRL or a link to a matching CRL exists, that existing CRL or link is deleted and a new CRL is created and added to /// the store. If a matching CRL or a link to a matching CRL does not exist, one is added. /// /// /// /// CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES /// /// If a matching CRL exists in the store, that existing context is deleted before creating and adding the new context. The new /// context inherits properties from the existing CRL. /// /// /// /// CERT_STORE_ADD_USE_EXISTING /// /// If a matching CRL or a link to a matching CRL exists, that existing CRL is used and properties from the new CRL are added. The /// function does not fail, but no new CRL is added. If ppCertContext is not NULL, the existing context is duplicated. If a matching /// CRL or a link to a matching CRL does not exist, a new CRL is added. /// /// /// /// /// /// A pointer to a pointer to the decoded CRL_CONTEXT structure. This is an optional parameter that can be NULL, indicating /// that the calling application does not require a copy of the new or existing CRL. If a copy is made, that context must be freed /// using CertFreeCRLContext. /// /// /// If the function succeeds, the return value is TRUE. /// /// If the function fails, the return value is FALSE. For extended error information, call GetLastError. Some possible error /// codes follow. /// /// /// /// Return code /// Description /// /// /// CRYPT_E_EXISTS /// /// CERT_STORE_ADD_NEW is set and the CRL already exists in the store, or CERT_STORE_ADD_NEWER is set and there is a CRL in the /// store with a ThisUpdate time greater than or equal to the ThisUpdate time for the CRL to be added. /// /// /// /// E_INVALIDARG /// /// A disposition value that is not valid was specified in the dwAddDisposition parameter, or an encoding type that is not valid was /// specified. Currently, only the encoding type X509_ASN_ENCODING is supported. /// /// /// /// /// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information /// about these errors, see ASN.1 Encoding/Decoding Return Values. /// /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddencodedcrltostore BOOL CertAddEncodedCRLToStore( // HCERTSTORE hCertStore, DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded, DWORD dwAddDisposition, // PCCRL_CONTEXT *ppCrlContext ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "ec2361e6-a1e6-413a-828e-d543a09c88f8")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CertAddEncodedCRLToStore(HCERTSTORE hCertStore, CertEncodingType dwCertEncodingType, [In] IntPtr pbCrlEncoded, uint cbCrlEncoded, CertStoreAdd dwAddDisposition, out SafePCCRL_CONTEXT ppCrlContext); ///

/// The CertCreateCRLContext function creates a certificate revocation list (CRL) context from an encoded CRL. The created /// context is not persisted to a certificate store. It makes a copy of the encoded CRL within the created context. ///

/// /// /// Specifies the type of encoding used. It is always acceptable to specify both the certificate and message encoding types by /// combining them with a bitwise- OR operation as shown in the following example: /// /// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are: /// /// /// X509_ASN_ENCODING /// /// /// PKCS_7_ASN_ENCODING /// /// /// /// A pointer to a buffer containing the encoded CRL from which the context is to be created. /// The size, in bytes, of the pbCrlEncoded buffer. /// /// If the function succeeds, the return value is a pointer to a read-only CRL_CONTEXT. /// /// If the function fails and is unable to decode and create the CRL_CONTEXT, the return value is NULL. For extended error /// information, call GetLastError. The following table shows a possible error code. /// /// /// /// Return code /// Description /// /// /// E_INVALIDARG /// Invalid certificate encoding type. Currently, only the encoding type X509_ASN_ENCODING is supported. /// /// /// /// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information /// about these errors, see ASN.1 Encoding/Decoding Return Values. /// /// /// /// The CRL_CONTEXT must be freed by calling CertFreeCRLContext. CertDuplicateCRLContext can be called to make a duplicate. /// CertSetCRLContextProperty and CertGetCRLContextProperty can be called to store and read properties for the CRL. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcreatecrlcontext PCCRL_CONTEXT CertCreateCRLContext( // DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "23d9dfb0-926d-443e-b960-a03338f1cc1b")] public static extern SafePCCRL_CONTEXT CertCreateCRLContext(CertEncodingType dwCertEncodingType, [In] IntPtr pbCrlEncoded, uint cbCrlEncoded); ///

/// The CertDeleteCRLFromStore function deletes the specified certificate revocation list (CRL) context from the certificate store. ///

/// A pointer to the CRL_CONTEXT structure to be deleted. /// /// If the function succeeds, the return value is TRUE. /// /// If the function fails, the return value is FALSE. For extended error information, call GetLastError. One possible error /// code is the following. /// /// /// /// Return code /// Description /// /// /// E_ACCESSDENIED /// The store was opened read-only, and a delete operation is not allowed. /// /// /// /// /// /// All subsequent get or find operations for the CRL in this store fail. However, memory allocated for the CRL is not freed until /// all duplicated contexts have also been freed. /// /// The pCrlContext parameter is always freed by this function by using CertFreeCRLContext, even for an error. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certdeletecrlfromstore BOOL CertDeleteCRLFromStore( // PCCRL_CONTEXT pCrlContext ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "eb542c25-8d2b-4427-8f2a-719b472613a5")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CertDeleteCRLFromStore([In] PCCRL_CONTEXT pCrlContext); ///

/// The CertDuplicateCRLContext function duplicates a certificate revocation list (CRL) context by incrementing its reference count. ///

/// A pointer to the CRL_CONTEXT structure for which the reference count is being incremented. /// /// Currently, a copy is not made of the context, and the returned context is the same as the context that was input. If the pointer /// passed into this function is NULL, NULL is returned. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certduplicatecrlcontext PCCRL_CONTEXT // CertDuplicateCRLContext( PCCRL_CONTEXT pCrlContext ); [DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "ea14c494-d1c7-46d0-9d56-fc89a4b4afa9")] public static extern PCCRL_CONTEXT CertDuplicateCRLContext([In] PCCRL_CONTEXT pCrlContext); ///

/// The CertEnumCRLsInStore function retrieves the first or next certificate revocation list (CRL) context in a certificate /// store. Used in a loop, this function can retrieve in sequence all CRL contexts in a certificate store. ///

/// Handle of a certificate store. /// /// A pointer to the previous CRL_CONTEXT structure found. The pPrevCrlContext parameter must be NULL to get the first CRL in /// the store. Successive CRLs are enumerated by setting pPrevCrlContext to the pointer returned by a previous call to the function. /// This function frees the CRL_CONTEXT referenced by non- NULL values of this parameter. The enumeration skips any /// CRLs previously deleted by CertDeleteCRLFromStore. /// /// /// If the function succeeds, the return value is a pointer to the next CRL_CONTEXT in the store. /// /// NULL is returned if the function fails. For extended error information, call GetLastError. Some possible error codes follow. /// /// /// /// Return code /// Description /// /// /// E_INVALIDARG /// The handle in the hCertStore parameter is not the same as that in the certificate context pointed to by pPrevCrlContext. /// /// /// CRYPT_E_NOT_FOUND /// No CRL was found. This happens if the store is empty or the end of the store's list is reached. /// /// /// /// /// /// The returned pointer is freed when it is passed as the pPrevCrlContext on a subsequent call to the function. Otherwise, the /// pointer must explicitly be freed by calling CertFreeCRLContext. A pPrevCrlContext that is not NULL is always freed when /// passed to this function through a call to CertFreeCRLContext, even if the function itself returns an error. /// /// A duplicate of the CRL context returned by this function can be made by calling CertDuplicateCRLContext. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certenumcrlsinstore PCCRL_CONTEXT CertEnumCRLsInStore( // HCERTSTORE hCertStore, PCCRL_CONTEXT pPrevCrlContext ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "fc25ca04-8520-4053-9591-afc81c88670c")] public static extern SafePCCRL_CONTEXT CertEnumCRLsInStore(HCERTSTORE hCertStore, [In] PCCRL_CONTEXT pPrevCrlContext); ///

The CertFindCertificateInCRL function searches the certificate revocation list (CRL) for the specified certificate.

/// A pointer to a CERT_CONTEXT of the certificate to be searched for in the CRL. /// A pointer to the CRL_CONTEXT to be searched. /// Reserved for future use. Must be set to zero. /// Reserved for future use. Must be set to zero. /// /// If the certificate is found in the CRL, this pointer is updated with a pointer to the entry. Otherwise, it is set to /// NULL. The returned entry is not allocated and must not be freed. /// /// TRUE if the list was searched; otherwise FALSE. // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certfindcertificateincrl BOOL CertFindCertificateInCRL( // PCCERT_CONTEXT pCert, PCCRL_CONTEXT pCrlContext, DWORD dwFlags, void *pvReserved, PCRL_ENTRY *ppCrlEntry ); [DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "c05a99e6-da38-431e-8d02-04056047a211")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CertFindCertificateInCRL([In] PCCERT_CONTEXT pCert, [In] PCCRL_CONTEXT pCrlContext, [Optional] uint dwFlags, [Optional] IntPtr pvReserved, out IntPtr ppCrlEntry); ///

/// The CertFindCRLInStore function finds the first or next certificate revocation list (CRL) context in a certificate store /// that matches a search criterion established by the dwFindType parameter and the associated pvFindPara parameter. This function /// can be used in a loop to find all of the CRL contexts in a certificate store that match the specified find criteria. ///

/// A handle of the certificate store to be searched. /// This parameter is not currently used. It must be set to zero. /// /// /// If dwFindType is CRL_FIND_ISSUED_BY, by default, only issuer name matching is done. The following flags can be used to do /// additional filtering. /// /// /// /// Value /// Meaning /// /// /// CRL_FIND_ISSUED_BY_AKI_FLAG /// /// Checks for a CRL that has an Authority Key Identifier (AKI) extension. If the CRL has an AKI, only a CRL whose AKI matches the /// issuer is returned. /// /// /// /// CRL_FIND_ISSUED_BY_SIGNATURE_FLAG /// /// Use the public key in the issuer's certificate to verify the signature on the CRL. Only returns a CRL that has a valid signature. /// /// /// /// CRL_FIND_ISSUED_BY_DELTA_FLAG /// Finds and returns a delta CRL. /// /// /// CRL_FIND_ISSUED_BY_BASE_FLAG /// Finds and returns a base CRL. /// /// /// CRL_FIND_ISSUED_FOR_SET_STRONG_PROPERTIES_FLAG /// /// The signature is checked for strength after successful verification. This flag applies only when the dwFindType parameter is set /// to CRL_FIND_ISSUED_FOR. You must also set CRL_FIND_ISSUED_BY_SIGNATURE_FLAG. If successful, the following strong signature /// properties will be set on the CRL context: Windows 8 and Windows Server 2012: Support for this flag begins. /// /// /// /// /// /// /// Specifies the type of search being made. The value of dwFindType determines the data type, contents, and use of the pvFindPara /// parameter. Currently defined search types and their pvFindPara requirements are as follows. /// /// /// /// Value /// Meaning /// /// /// CRL_FIND_ANY The pvFindPara parameter is not used. It must be set to NULL. /// No search criteria. The next CRL in the store is returned. /// /// /// CRL_FIND_ISSUED_BY A pointer to a CERT_CONTEXT. /// Searches for the next CRL in the store matching the issuer in the CERT_CONTEXT. /// /// /// CRL_FIND_EXISTING A pointer to a CRL_CONTEXT. /// Searches for the next CRL that matches the CRL_CONTEXT in the following ways: /// /// /// CRL_FIND_ISSUED_FOR A pointer to a CRL_FIND_ISSUED_FOR_PARA. /// /// Searches for the next CRL in the store that matches the issuer of the subject certificate in the CRL_FIND_ISSUED_FOR_PARA /// structure. If no CRL is found, searches for the next CRL in the store that matches the issuer in the CRL_FIND_ISSUED_FOR_PARA structure. /// /// /// /// /// /// This parameter is determined by the value of dwFindType. For details, see the table earlier in this topic. /// /// /// A pointer to the last CRL_CONTEXT returned by this function. Must be NULL to get the first CRL in the store meeting the /// search criteria. Successive CRLs meeting the search criteria can be found by setting pPrevCrlContext to the PCCRL_CONTEXT /// pointer returned by a previous call to the function. The search process skips any CRLs that do not match the search criteria or /// that have been previously deleted from the store by CertDeleteCRLFromStore. This function frees the CRL_CONTEXT /// referenced by values of this parameter that are not NULL. /// /// /// /// If the function succeeds, the function returns a pointer to a read-only CRL context. When you have finished using the returned /// CRL context, free it by calling the CertFreeCRLContext function or implicitly free it by passing it as the pPrevCrlContext /// parameter on a subsequent call to the CertFindCRLInStore function. /// /// /// If the function fails and a CRL that matches the search criteria is not found, the return value is NULL. For extended /// error information, call GetLastError. Some possible error codes follow. /// /// /// /// Return code /// Description /// /// /// E_INVALIDARG /// /// The handle in the hCertStore parameter is not the same as that in the CRL context pointed to by the pPrevCrlContext parameter, /// or a search type that is not valid was specified in the dwFindType parameter. /// /// /// /// CRYPT_E_NOT_FOUND /// No CRLs are in the store, no CRL was found that matched the search criteria, or the end of the store's list was reached. /// /// /// /// /// /// The returned pointer is freed when passed as the pPrevCrlContext parameter on a subsequent call to the function. Otherwise, the /// pointer must be explicitly freed by calling CertFreeCRLContext. A pPrevCrlContext that is not NULL is always freed by /// CertFindCRLInStore using a call to CertFreeCRLContext, even if there is an error in the function. /// /// /// CertDuplicateCRLContext can be called to make a duplicate of the returned context. The returned CRL context can be added to a /// different certificate store by using CertAddCRLContextToStore, or a link to that CRL context can be added to a noncollection /// store by using CertAddCRLLinkToStore. /// /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certfindcrlinstore PCCRL_CONTEXT CertFindCRLInStore( // HCERTSTORE hCertStore, DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType, const void *pvFindPara, PCCRL_CONTEXT // pPrevCrlContext ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "3e481912-204a-4d86-ab67-81f8ae4d1aaa")] public static extern SafePCCRL_CONTEXT CertFindCRLInStore(HCERTSTORE hCertStore, CertEncodingType dwCertEncodingType, CrlFindFlags dwFindFlags, CrlFindType dwFindType, [In, Optional] IntPtr pvFindPara, [In, Optional] PCCRL_CONTEXT pPrevCrlContext); ///

/// /// The CertFreeCRLContext function frees a certificate revocation list (CRL) context by decrementing its reference count. /// When the reference count goes to zero, CertFreeCRLContext frees the memory used by a CRL context. /// /// /// To free a context obtained by a get, duplicate, or create function, call the appropriate free function. To free a context /// obtained by a find or enumerate function, either pass it in as the previous context parameter to a subsequent invocation of the /// function, or call the appropriate free function. For more information, see the reference topic for the function that obtains the context. /// ///

/// A pointer to the CRL_CONTEXT to be freed. /// The function always returns TRUE. // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certfreecrlcontext BOOL CertFreeCRLContext( PCCRL_CONTEXT // pCrlContext ); [DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "19a590a5-bd39-4bbe-ad86-4e648baa1ba8")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CertFreeCRLContext([In] PCCRL_CONTEXT pCrlContext); ///

/// The CertGetCRLFromStore function gets the first or next certificate revocation list (CRL) context from the certificate /// store for the specified issuer. The function also performs the enabled verification checks on the CRL. The new Certificate Chain /// Verification Functions are recommended instead of this function. ///

/// Handle of a certificate store. /// /// A pointer to an issuer CERT_CONTEXT. The pIssuerContext pointer can come from this store or another store, or could have been /// created by the calling CertCreateCertificateContext. If NULL is passed for this parameter, all the CRLs in the store are found. /// /// /// A pointer to a CRL_CONTEXT. An issuer can have multiple CRLs. For example, it can generate delta CRLs by using an X.509 version /// 3 extension. This parameter must be NULL on the first call to get the CRL. To get the next CRL for the issuer, the /// parameter is set to the CRL_CONTEXT returned by a previous call. A non- NULL pPrevCrlContext is always freed by /// this function by calling CertFreeCRLContext, even for an error. /// /// /// /// The following flag values are defined to enable verification checks on the returned CRL. These flags can be combined using a /// bitwise- OR operation. /// /// /// /// Value /// Meaning /// /// /// CERT_STORE_SIGNATURE_FLAG /// Uses the public key in the issuer's certificate to verify the signature on the returned CRL. /// /// /// CERT_STORE_TIME_VALIDITY_FLAG /// Gets the current time and verifies that it is within the time between the CRL's ThisUpdate and NextUpdate. /// /// /// CERT_STORE_BASE_CRL_FLAG /// Gets a base CRL. /// /// /// CERT_STORE_DELTA_CRL_FLAG /// Gets a delta CRL. /// /// /// If an enabled verification check succeeds, its flag is set to zero. /// /// If an enabled verification check fails, its flag remains set upon return. If pIssuerContext is NULL, then an enabled /// CERT_STORE_SIGNATURE_FLAG always fails and the CERT_STORE_NO_ISSUER_FLAG is also set. For more details, see Remarks. /// /// /// If only one of CERT_STORE_BASE_CRL_FLAG or CERT_STORE_DELTA_CRL_FLAG is set, this function returns either a base or delta CRL /// and the appropriate base or delta flag will be cleared on return. If both flags are set, only one of the flags will be cleared. /// /// /// For a verification check failure, a pointer to the first or next CRL_CONTEXT is still returned and GetLastError is not updated. /// /// /// /// If the function succeeds, the return value is a pointer to a read-only CRL_CONTEXT. /// If the function fails and the first or next CRL is not found, the return value is NULL. /// /// The returned CRL_CONTEXT must be freed by calling CertFreeCRLContext. However, when the returned CRL_CONTEXT is supplied /// for pPrevCrlContext on a subsequent call, the function frees it. /// /// For extended error information, call GetLastError. Some possible error codes follow. /// /// /// Value /// Description /// /// /// E_INVALIDARG /// /// The handle in the hCertStore parameter is not the same as that in the CRL context pointed to by the pPrevCrlContext parameter, /// or an unsupported flag was set in pdwFlags. /// /// /// /// CRYPT_E_NOT_FOUND /// Either no CRLs existed in the store for the issuer, or the function reached the end of the store's list. /// /// /// /// /// CertDuplicateCRLContext can be called to make a duplicate CRL. /// /// The hexadecimal values of the flags can be combined using a bitwise- OR operation to enable both verifications. For /// example, to enable both verifications, the DWORD value pointed to by pdwFlags is set to value CERT_STORE_SIGNATURE_FLAG | /// CERT_STORE_TIME_VALIDITY_FLAG. If the CERT_STORE_SIGNATURE_FLAG verification succeeded, but CERT_STORE_TIME_VALIDITY_FLAG /// verification failed, the DWORD value pointed to by pdwFlags is set to CERT_STORE_TIME_VALIDITY_FLAG when the function returns. /// /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetcrlfromstore PCCRL_CONTEXT CertGetCRLFromStore( // HCERTSTORE hCertStore, PCCERT_CONTEXT pIssuerContext, PCCRL_CONTEXT pPrevCrlContext, DWORD *pdwFlags ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "7bd21424-4f74-4bac-ab47-00d51ebdca1c")] public static extern SafePCCRL_CONTEXT CertGetCRLFromStore(HCERTSTORE hCertStore, [In, Optional] PCCERT_CONTEXT pIssuerContext, [In, Optional] PCCRL_CONTEXT pPrevCrlContext, ref CertStoreVerification pdwFlags); ///

/// The CertSerializeCRLStoreElement function serializes an encoded certificate revocation list (CRL) context and the encoded /// representation of its properties. The result can be persisted to storage so that the CRL and properties can be retrieved at a /// later time. ///

/// A pointer to the CRL_CONTEXT structure being serialized. /// Reserved for future use and must be zero. /// /// A pointer to a buffer to receive the serialized output, including the encoded CRL, and possibly its properties. /// /// This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see /// Retrieving Data of Unknown Length. /// /// /// /// /// A pointer to a DWORD value specifying the size, in bytes, of the buffer pointed to by the pbElement parameter. When the /// function returns, the DWORD value contains the number of bytes stored in the buffer. /// /// /// Note When processing the data returned in the buffer, applications must use the actual size of the data returned. The /// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually /// specified large enough to ensure that the largest possible output data fits in the buffer.) On output, the variable pointed to /// by this parameter is updated to reflect the actual size of the data copied to the buffer. /// /// /// /// If the function succeeds, the return value is TRUE. /// If the function fails, the return value is FALSE. For extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certserializecrlstoreelement BOOL // CertSerializeCRLStoreElement( PCCRL_CONTEXT pCrlContext, DWORD dwFlags, BYTE *pbElement, DWORD *pcbElement ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "4ab053cd-d3d4-483c-b0ff-b8de63d88707")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CertSerializeCRLStoreElement([In] PCCRL_CONTEXT pCrlContext, [Optional] uint dwFlags, IntPtr pbElement, ref uint pcbElement); ///

Provides a for that is disposed using .

public class SafePCCRL_CONTEXT : SafeHANDLE { ///

Initializes a new instance of the class and assigns an existing handle.

/// An object that represents the pre-existing handle to use. /// /// to reliably release the handle during the finalization phase; otherwise, (not recommended). /// public SafePCCRL_CONTEXT(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { } ///

Initializes a new instance of the class.

private SafePCCRL_CONTEXT() : base() { } ///

Performs an explicit conversion from to .

/// The instance. /// The resulting instance from the conversion. public static unsafe explicit operator CRL_CONTEXT*(SafePCCRL_CONTEXT ctx) => (CRL_CONTEXT*)(void*)ctx.handle; ///

Performs an implicit conversion from to .

/// The instance. /// The resulting instance from the conversion. public static implicit operator PCCRL_CONTEXT(SafePCCRL_CONTEXT ctx) => ctx.DangerousGetHandle(); /// protected override bool InternalReleaseHandle() => CertFreeCRLContext(handle); } } }