using System; using System.Collections.Generic; using System.Runtime.InteropServices; using Vanara.InteropServices; namespace Vanara.PInvoke { ///

Methods and data types found in Crypt32.dll.

public static partial class Crypt32 { ///

A set of flags that override the default behavior of this function.

[PInvokeData("wincrypt.h", MSDNShortId = "89028c4e-f896-4c50-9fa2-bcb4e1784244")] [Flags] public enum CertCreateSelfSignFlags { ///

/// By default, the returned PCCERT_CONTEXT references the private keys by setting the CERT_KEY_PROV_INFO_PROP_ID. If you do not /// want the returned PCCERT_CONTEXT to reference private keys by setting the CERT_KEY_PROV_INFO_PROP_ID, specify CERT_CREATE_SELFSIGN_NO_KEY_INFO. ///

CERT_CREATE_SELFSIGN_NO_KEY_INFO = 2, ///

/// By default, the certificate being created is signed. If the certificate being created is only a dummy placeholder, the /// certificate might not need to be signed. Signing of the certificate is skipped if CERT_CREATE_SELFSIGN_NO_SIGN is specified. ///

CERT_CREATE_SELFSIGN_NO_SIGN = 1, } ///

Specifies the type of selection criteria used for the ppPara member.

[PInvokeData("wincrypt.h", MSDNShortId = "246722a9-5db6-4a82-8f29-f60f0a2263e3")] public enum CertSelectBy : uint { ///

/// Select certificates based on a specific enhanced key usage. When this flag is set, the ppPara must reference a /// null-terminated object identifier (OID) ANSI string that specifies the enhanced key usage. /// This criteria is evaluated on the certificate. ///

CERT_SELECT_BY_ENHKEY_USAGE = 1, ///

/// Select certificates based on a specific szOID_KEY_USAGE extension in the certificate. When this flag is set, the ppPara /// member must reference a CERT_EXTENSION structure where the value of the extension is a DWORD that identifies the Key Usage bits. /// This criteria is evaluated on the certificate. ///

CERT_SELECT_BY_KEY_USAGE = 2, ///

/// Select certificates based on a specific issuance policy. The ppPara member must reference a null-terminated OID ANSI string /// of the desired issuance policy. /// This criteria is evaluated on the issuance policy of the certificate chain. ///

CERT_SELECT_BY_POLICY_OID = 3, ///

/// Select certificates based on a specific private key provider. The ppPara member must reference a null-terminated Unicode /// string that represents the name of the provider. ///

CERT_SELECT_BY_PROV_NAME = 4, ///

/// Select certificates based on the presence of a specified extension and an optional specified value. The ppPara member must /// reference a CERT_EXTENSION structure that specifies the extension OID and the associated value. ///

CERT_SELECT_BY_EXTENSION = 5, ///

/// Select certificates based on the Subject DNS HOST Name. The ppPara member must reference a null-terminated Unicode string /// that contains the subject host name. The selection performed based on this flag is the same as the evaluation of the /// pwszServerName member of the SSL_EXTRA_CERT_CHAIN_POLICY_PARA structure during a call to the /// CertVerifyCertificateChainPolicy function. /// This criteria is evaluated on the certificate. ///

CERT_SELECT_BY_SUBJECT_HOST_NAME = 6, ///

/// Select certificates based on the relative distinguished name (RDN) element of the issuer of the certificate. The ppPara /// member must reference a CERT_RDN structure that contains the RDN element of the issuer. /// This criteria is evaluated on the certificate chain. ///

CERT_SELECT_BY_ISSUER_ATTR = 7, ///

/// Select certificates based on the RDN element in the Subject of the certificate. The ppPara member must be a reference to a /// CERT_RDN structure that contains the RDN element of the Subject. /// This criteria is evaluated on the certificate. ///

CERT_SELECT_BY_SUBJECT_ATTR = 8, ///

/// Select certificates based on the issuer of the certificate. The ppPara member must be a reference to a CERT_NAME_BLOB /// structure that contains the name of the issuer. /// This criteria is evaluated on the certificate chain. ///

CERT_SELECT_BY_ISSUER_NAME = 9, ///

/// Select certificates based on the public key of the certificate. The ppPara member must reference a pointer to a /// CERT_PUBLIC_KEY_INFO structure that contains the public key. /// This criteria is evaluated on the certificate. ///

CERT_SELECT_BY_PUBLIC_KEY = 10, ///

/// Select certificates based on the Transport Layer Security protocol (TLS) Signature requirement. The ppPara member must /// reference a SecPkgContext_SupportedSignatures structure. /// This criteria is evaluated on the certificate. ///

CERT_SELECT_BY_TLS_SIGNATURES = 11, } ///

Flags for controlling the certificate selection process.

[PInvokeData("wincrypt.h", MSDNShortId = "b740772b-d25b-4b3d-9acb-03f7018750d6")] public enum CertSelection : uint { ///

/// Select expired certificates that meet selection criteria. By default expired certificates are rejected from selection. ///

CERT_SELECT_ALLOW_EXPIRED = 0x00000001, ///

/// Select certificates on which the error bit in the certificate chain trust status is not set to CERT_TRUST_IS_UNTRUSTED_ROOT, /// CERT_TRUST_IS_PARTIAL_CHAIN, or CERT_TRUST_IS_NOT_TIME_VALID. /// In addition, certificates that have one of the following invalid constraint errors are not selected: /// CERT_TRUST_INVALID_POLICY_CONSTRAINTS /// CERT_TRUST_INVALID_BASIC_CONSTRAINTS /// CERT_TRUST_INVALID_NAME_CONSTRAINTS ///

CERT_SELECT_TRUSTED_ROOT = 0x00000002, ///

Select certificates that are not self-issued and self-signed.

CERT_SELECT_DISALLOW_SELFSIGNED = 0x00000004, ///

Select certificates that have a value set for the CERT_KEY_PROV_INFO_PROP_ID property of the certificate.

CERT_SELECT_HAS_PRIVATE_KEY = 0x00000008, ///

/// Select certificates on which the value of the dwKeySpec member of the CERT_KEY_PROV_INFO_PROP_ID property is set to AT_SIGNATURE. /// /// If this function is being called as part of a CNG enabled application and the dwKeySpec member of the /// CERT_KEY_PROV_INFO_PROP_ID property is set to -1, select certificates on which the value of the NCRYPT_KEY_USAGE_PROPERTY /// property of the associated private key has the NCRYPT_ALLOW_SIGNING_FLAG set. /// ///

CERT_SELECT_HAS_KEY_FOR_SIGNATURE = 0x00000010, ///

/// Select certificates on which the value of the dwKeySpec member of the CERT_KEY_PROV_INFO_PROP_ID property is set to AT_KEYEXCHANGE. /// /// If this function is being called as part of a CNG enabled application and the dwKeySpec member of the /// CERT_KEY_PROV_INFO_PROP_ID property is set to -1, select certificates on which either NCRYPT_ALLOW_DECRYPT_FLAG or /// NCRYPT_ALLOW_KEY_AGREEMENT_FLAG is set. /// ///

CERT_SELECT_HAS_KEY_FOR_KEY_EXCHANGE = 0x00000020, ///

/// Select certificates on which the value of the PP_IMPTYPE property of the associated private key provider is set to either /// CRYPT_IMPL_HARDWARE or CRYPT_IMPL_REMOVABLE. (For CNG providers, NCRYPT_IMPL_TYPE_PROPERTY property value MUST have either /// the NCRYPT_IMPL_HARDWARE_FLAG or NCRYPT_IMPL_REMOVABLE_FLAG bit set). /// /// If this function is being called as part of a CNG enabled application, select certificates on which the /// NCRYPT_IMPL_TYPE_PROPERTY property is set to NCRYPT_IMPL_HARDWARE_FLAG or NCRYPT_IMPL_REMOVABLE_FLAG. /// ///

CERT_SELECT_HARDWARE_ONLY = 0x00000040, ///

/// Allow the selection of certificates on which the Subject and Subject Alt Name contain the same information and the /// certificate template extension value is equivalent. By default when certificates match this criteria, only the most recent /// certificate is selected. ///

CERT_SELECT_ALLOW_DUPLICATES = 0x00000080, ///

CERT_SELECT_IGNORE_AUTOSELECT = 0x00000100, } ///

A set of flags that specify how the information should be retrieved.

[Flags] public enum CryptRetrievalFlags { ///

/// Validates the content retrieved by a wire URL before writing the URL to the cache. The default provider does not support the /// HTTPS protocol for AIA retrievals. ///

CRYPT_AIA_RETRIEVAL = 0x00080000, ///

This value is not supported.

CRYPT_ASYNC_RETRIEVAL = 0x00000010, ///

Retrieves the encoded bits from the URL cache only. Do not use the wire to retrieve the URL.

CRYPT_CACHE_ONLY_RETRIEVAL = 0x00000002, ///

The crypt create new flush entry

CRYPT_CREATE_NEW_FLUSH_ENTRY = 0x10000000, ///

Does not store the retrieved encoded bits to the URL cache. If this flag is not set, the retrieved URL is cached.

CRYPT_DONT_CACHE_RESULT = 0x00000008, ///

The crypt enable file retrieval

CRYPT_ENABLE_FILE_RETRIEVAL = 0x08000000, ///

The crypt enable SSL revocation retrieval

CRYPT_ENABLE_SSL_REVOCATION_RETRIEVAL = 0x00800000, ///

/// Uses the POST method instead of the default GET method for HTTP retrievals. /// In a POST URL, additional binary data and header strings are appended to the base URL in the following format: /// BaseURL/OptionalURLEscaped&Base64EncodedAdditionalData?OptionalAdditionalHTTPHeaders /// /// The following example shows the additional binary data delimited by the last slash mark (/) and a Content-Type header /// delimited by a question mark (?) appended to a base URL. /// /// /// http://ocsp.openvalidation.org/MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdKNEwjytjKBQADcgM61jfflNpyQQUv1NDgnjQnsOA5RtnygUA37lIg6UCAQI%3D?Content-Type: application/ocsp-request /// /// /// When this flag is set, the CryptRetrieveObjectByUrl function parses the URL by using the last slash mark /// (/) and question mark (?) delimiters. The string, which is delimited by a slash mark (/), contains an unescaped URL (that /// is, a plain text URL without escape characters or escape sequences) and Base64 data decoded into binary form before being /// passed to the WinHttpSendRequest function as the lpOptional parameter. The string delimited by a question mark (?) is passed /// to the WinHttpSendRequest function as the pwszHeaders parameter. /// ///

CRYPT_HTTP_POST_RETRIEVAL = 0x00100000, ///

/// Performs A-Record-only DNS lookup on the supplied host string, preventing the generation of false DNS queries when resolving /// host names. This flag should be used when passing a host name as opposed to a domain name. ///

CRYPT_LDAP_AREC_EXCLUSIVE_RETRIEVAL = 0x00040000, ///

/// Retrieves the entry index and attribute name for each LDAP object. The beginning of each returned BLOB contains the /// following ANSI string: /// "entry index in decimal\0attribute name\0" /// When this flag is set, pszObjectOid must be NULL so that a BLOB is returned. This flag only applies to the ldap scheme. ///

CRYPT_LDAP_INSERT_ENTRY_ATTRIBUTE = 0x00008000, ///

Fails if the LDAP search scope is not set to base in the URL. Use with LDAP only.

CRYPT_LDAP_SCOPE_BASE_ONLY_RETRIEVAL = 0x00002000, ///

/// Digitally signs all of the LDAP traffic to and from a server by using the Kerberos authentication protocol. This feature /// provides integrity required by some applications. ///

CRYPT_LDAP_SIGN_RETRIEVAL = 0x00010000, ///

Inhibits automatic authentication handling.

CRYPT_NO_AUTH_RETRIEVAL = 0x00020000, ///

/// Enables a conditional HTTP URL retrieval. When this flag is set, for a conditional retrieval that returns /// HTTP_STATUS_NOT_MODIFIED, CryptRetrieveObjectByUrl returns TRUE and ppvObject is set to NULL. If pAuxInfo is not NULL, /// dwHttpStatusCode is set to HTTP_STATUS_NOT_MODIFIED. Otherwise, ppvObject is updated for a successful retrieval. ///

CRYPT_NOT_MODIFIED_RETRIEVAL = 0x00400000, ///

/// Keeps track of offline failures and delays before hitting the wire on subsequent retrievals. This value is for wire /// retrieval only. ///

CRYPT_OFFLINE_CHECK_RETRIEVAL = 0x00004000, ///

/// Enables proxy cache retrieval of an object. If a proxy cache was not explicitly bypassed, fProxyCacheRetrieval is set to /// TRUE in pAuxInfo. This value only applies to HTTP URL retrievals. ///

CRYPT_PROXY_CACHE_RETRIEVAL = 0x00200000, ///

CRYPT_RANDOM_QUERY_STRING_RETRIEVAL = 0x04000000, ///

/// Retrieves multiple objects if available. All objects must be of a homogeneous object type as determined by the value of /// pszObjectOid, unless the object identifier (OID) value is CONTEXT_OID_CAPI2_ANY. ///

CRYPT_RETRIEVE_MULTIPLE_OBJECTS = 0x00000001, ///

Tags the URL as exempt from being flushed from the cache. For more information, see STICKY_CACHE_ENTRY in INTERNET_CACHE_ENTRY_INFO.

CRYPT_STICKY_CACHE_RETRIEVAL = 0x00001000, ///

Retrieves the encoded bits from the wire only. Does not use the URL cache.

CRYPT_WIRE_ONLY_RETRIEVAL = 0x00000004, } ///

The CertAddCertificateContextToStore function adds a certificate context to the certificate store.

/// Handle of a certificate store. /// A pointer to the CERT_CONTEXT structure to be added to the store. /// /// /// Specifies the action to take if a matching certificate or a link to a matching certificate already exists in the store. /// Currently defined disposition values and their uses are as follows. /// /// /// /// Value /// Meaning /// /// /// CERT_STORE_ADD_ALWAYS /// /// The function makes no check for an existing matching certificate or link to a matching certificate. A new certificate is always /// added to the store. This can lead to duplicates in a store. /// /// /// /// CERT_STORE_ADD_NEW /// /// If a matching certificate or a link to a matching certificate exists, the operation fails. GetLastError returns the /// CRYPT_E_EXISTS code. /// /// /// /// CERT_STORE_ADD_NEWER /// /// If a matching certificate or a link to a matching certificate exists and the NotBefore time of the existing context is equal to /// or greater than the NotBefore time of the new context being added, the operation fails and GetLastError returns the /// CRYPT_E_EXISTS code. If the NotBefore time of the existing context is less than the NotBefore time of the new context being /// added, the existing certificate or link is deleted and a new certificate is created and added to the store. If a matching /// certificate or a link to a matching certificate does not exist, a new link is added. If certificate revocation lists (CRLs) or /// certificate trust list (CTLs) are being compared, the ThisUpdate time is used. /// /// /// /// CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES /// /// If a matching certificate or a link to a matching certificate exists and the NotBefore time of the existing context is equal to /// or greater than the NotBefore time of the new context being added, the operation fails and GetLastError returns the /// CRYPT_E_EXISTS code. If the NotBefore time of the existing context is less than the NotBefore time of the new context being /// added, the existing context is deleted before creating and adding the new context. The new added context inherits properties /// from the existing certificate. If CRLs or CTLs are being compared, the ThisUpdate time is used. /// /// /// /// CERT_STORE_ADD_REPLACE_EXISTING /// /// If a link to a matching certificate exists, that existing certificate or link is deleted and a new certificate is created and /// added to the store. If a matching certificate or a link to a matching certificate does not exist, a new link is added. /// /// /// /// CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES /// /// If a matching certificate exists in the store, the existing context is not replaced. The existing context inherits properties /// from the new certificate. /// /// /// /// CERT_STORE_ADD_USE_EXISTING /// /// If a matching certificate or a link to a matching certificate exists, that existing certificate or link is used and properties /// from the new certificate are added. The function does not fail, but it does not add a new context. If pCertContext is not NULL, /// the existing context is duplicated. If a matching certificate or a link to a matching certificate does not exist, a new /// certificate is added. /// /// /// /// /// /// A pointer to a pointer to the copy to be made of the certificate that was added to the store. /// /// The ppStoreContext parameter can be NULL, indicating that the calling application does not require a copy of the added /// certificate. If a copy is made, it must be freed by using CertFreeCertificateContext. /// /// /// /// If the function succeeds, the return value is TRUE. /// /// If the function fails, the return value is FALSE. For extended error information, call GetLastError. Some possible error /// codes follow. /// /// /// /// Return code /// Description /// /// /// CRYPT_E_EXISTS /// /// This value is returned if CERT_STORE_ADD_NEW is set and the certificate already exists in the store, or if CERT_STORE_ADD_NEWER /// is set and a certificate exists in the store with a NotBefore date greater than or equal to the NotBefore date on the /// certificate to be added. /// /// /// /// E_INVALIDARG /// A disposition value that is not valid was specified in the dwAddDisposition parameter. /// /// /// /// Errors from the called functions, CertAddEncodedCertificateToStore and CertSetCertificateContextProperty, can be propagated to /// this function. /// /// /// /// /// The certificate context is not duplicated using CertDuplicateCertificateContext. Instead, the function creates a new copy of the /// context and adds it to the store. /// /// /// In addition to the encoded certificate, CertDuplicateCertificateContext also copies the context's properties, with the exception /// of the CERT_KEY_PROV_HANDLE_PROP_ID and CERT_KEY_CONTEXT_PROP_ID properties. /// /// To remove the certificate context from the certificate store, use the CertDeleteCertificateFromStore function. /// /// Note The order of the certificate context may not be preserved within the store. To access a specific certificate you /// must iterate across the certificates in the store. /// /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddcertificatecontexttostore BOOL // CertAddCertificateContextToStore( HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition, PCCERT_CONTEXT // *ppStoreContext ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "5e4d8cae-1096-491f-9a04-92b7e9c020bb")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CertAddCertificateContextToStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, CertStoreAdd dwAddDisposition, out SafePCCERT_CONTEXT ppStoreContext); ///

The CertAddCertificateContextToStore function adds a certificate context to the certificate store.

/// The CertAddCertificateLinkToStore function adds a link in a certificate store to a certificate context in a different /// store. Instead of creating and adding a duplicate of the certificate context, this function adds a link to the original certificate. ///

/// A handle to the certificate store where the link is to be added. /// A pointer to the CERT_CONTEXT structure to be linked. /// /// /// Specifies the action if a matching certificate or a link to a matching certificate already exists in the store. Currently /// defined disposition values and their uses are as follows. /// /// /// /// Value /// Meaning /// /// /// CERT_STORE_ADD_ALWAYS /// /// The function makes no check for an existing matching certificate or link to a matching certificate. A new certificate is always /// added to the store. This can lead to duplicates in a store. /// /// /// /// CERT_STORE_ADD_NEW /// /// If a matching certificate or a link to a matching certificate exists, the operation fails. GetLastError returns the /// CRYPT_E_EXISTS code. /// /// /// /// CERT_STORE_ADD_REPLACE_EXISTING /// /// If a link to a matching certificate exists, that existing link is deleted and a new link is created and added to the store. If /// no matching certificate or link to a matching certificate exists, one is added. /// /// /// /// CERT_STORE_ADD_USE_EXISTING /// /// If a matching certificate or a link to a matching certificate exists, the existing certificate is used. The function does not /// fail, but no new link is added. If no matching certificate or link to a matching certificate exists, a new link is added. /// /// /// /// /// /// A pointer to a pointer to a copy of the link created. The ppStoreContext parameter can be NULL to indicate that a copy of /// the link is not needed. If a copy of the link is created, that copy must be freed using the CertFreeCertificateContext function. /// /// /// If the function succeeds, the return value is TRUE. /// /// If the function fails, the return value is FALSE. For extended error information, call GetLastError. Some possible error /// codes follow. /// /// /// /// Return code /// Description /// /// /// CRYPT_E_EXISTS /// For a dwAddDisposition parameter of CERT_STORE_ADD_NEW, the certificate already exists in the store. /// /// /// E_INVALIDARG /// A disposition value that is not valid was specified in the dwAddDisposition parameter. /// /// /// /// /// /// Because the link provides access to the original certificate context, setting an extended property in the linked certificate /// context changes that extended property in the certificate's original location and in any other links to that certificate. /// /// /// Links cannot be added to a store opened as a collection. Stores opened as collections include all stores opened with /// CertOpenSystemStore or CertOpenStore using CERT_STORE_PROV_SYSTEM or CERT_STORE_PROV_COLLECTION. For more information, see CertAddStoreToCollection. /// /// /// If links are used and CertCloseStore is called with CERT_CLOSE_STORE_FORCE_FLAG, the store that uses links must be closed before /// the store that contains the original contexts is closed. If CERT_CLOSE_STORE_FORCE_FLAG is not used, the two stores can be /// closed in either order. /// /// To remove the certificate context link from the certificate store, use the CertDeleteCertificateFromStore function. /// Examples /// /// For an example that uses this function, see Example C Program: Certificate Store Operations. For additional code that uses this /// function, see Example C Program: Collection and Sibling Certificate Store Operations. /// /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddcertificatelinktostore BOOL // CertAddCertificateLinkToStore( HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition, PCCERT_CONTEXT // *ppStoreContext ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "bcbf7755-d0ce-4dd5-8462-72760364fdc3")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CertAddCertificateLinkToStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, CertStoreAdd dwAddDisposition, out SafePCCERT_CONTEXT ppStoreContext); ///

/// /// The CertAddEncodedCertificateToStore function creates a certificate context from an encoded certificate and adds it to /// the certificate store. The context created does not include any extended properties. /// /// /// The CertAddEncodedCertificateToStore function also makes a copy of the encoded certificate before adding the certificate /// to the store. /// ///

/// A handle to the certificate store. /// /// /// Specifies the type of encoding used. It is always acceptable to specify both the certificate and message encoding types by /// combining them with a bitwise- OR operation as shown in the following example: /// /// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are: /// /// /// X509_ASN_ENCODING /// /// /// PKCS_7_ASN_ENCODING /// /// /// /// /// A pointer to a buffer containing the encoded certificate that is to be added to the certificate store. /// /// The size, in bytes, of the pbCertEncoded buffer. /// /// /// Specifies the action to take if a matching certificate or link to a matching certificate exists in the store. Currently defined /// disposition values and their uses are as follows. /// /// /// /// Value /// Meaning /// /// /// CERT_STORE_ADD_ALWAYS /// /// The function makes no check for an existing matching certificate or link to a matching certificate. A new certificate is always /// added to the store. This can lead to duplicates in a store. /// /// /// /// CERT_STORE_ADD_NEW /// /// If a matching certificate or a link to a matching certificate exists in the store, the operation fails. GetLastError returns the /// CRYPT_E_EXISTS code. /// /// /// /// CERT_STORE_ADD_REPLACE_EXISTING /// /// If a matching certificate or link to a matching certificate exists in the store, the existing certificate or link is deleted and /// a new certificate is created and added to the store. If a matching certificate or link to a matching certificate does not exist, /// a new certificate is created and added to the store. /// /// /// /// CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES /// /// If a matching certificate exists in the store, that existing context is deleted before creating and adding the new context. The /// new context inherits properties from the existing certificate. /// /// /// /// CERT_STORE_ADD_USE_EXISTING /// /// If a matching certificate or a link to a matching certificate exists, that existing certificate or link is used and properties /// from the new certificate are added. The function does not fail, but it does not add a new context. If ppCertContext is not NULL, /// the existing context is duplicated. If a matching certificate or link to a matching certificate does not exist, a new /// certificate is added. /// /// /// /// /// /// A pointer to a pointer to the decoded certificate context. This is an optional parameter that can be NULL, indicating /// that the calling application does not require a copy of the new or existing certificate. When a copy is made, its context must /// be freed by using CertFreeCertificateContext. /// /// /// If the function succeeds, the return value is TRUE. /// /// If the function fails, the return value is FALSE. For extended error information, call GetLastError. Some possible error /// codes follow. /// /// /// /// Return code /// Description /// /// /// CRYPT_E_EXISTS /// /// This code is returned if CERT_STORE_ADD_NEW is set and the certificate already exists in the store, or if CERT_STORE_ADD_NEWER /// is set and there is a certificate in the store with a NotBefore date greater than or equal to the NotBefore date on the /// certificate to be added. /// /// /// /// E_INVALIDARG /// /// A disposition value that is not valid was specified in the dwAddDisposition parameter, or a certificate encoding type that is /// not valid was specified. Currently, only the X509_ASN_ENCODING type is supported. /// /// /// /// /// If the function fails, GetLastError returns an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information /// about these errors, see ASN.1 Encoding/Decoding Return Values. /// /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddencodedcertificatetostore BOOL // CertAddEncodedCertificateToStore( HCERTSTORE hCertStore, DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD // cbCertEncoded, DWORD dwAddDisposition, PCCERT_CONTEXT *ppCertContext ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "7c092bf5-f8b2-47d0-94ee-c8e0f4bca62d")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CertAddEncodedCertificateToStore(HCERTSTORE hCertStore, CertEncodingType dwCertEncodingType, [In] IntPtr pbCertEncoded, uint cbCertEncoded, CertStoreAdd dwAddDisposition, out SafePCCERT_CONTEXT ppCertContext); ///

/// The CertAddRefServerOcspResponse function increments the reference count for an HCERT_SERVER_OCSP_RESPONSE handle. ///

/// A handle to an HCERT_SERVER_OCSP_RESPONSE returned by CertOpenServerOcspResponse. /// This function has no return value. /// Each CertOpenServerOcspResponse and CertAddRefServerOcspResponse requires a corresponding CertCloseServerOcspResponse. // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddrefserverocspresponse void // CertAddRefServerOcspResponse( HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse ); [DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "6ccc0e85-1fa0-480c-a5b4-b21ba811e5d0")] public static extern void CertAddRefServerOcspResponse(HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse); ///

/// The CertAddRefServerOcspResponseContext function increments the reference count for a CERT_SERVER_OCSP_RESPONSE_CONTEXT structure. ///

/// A pointer to a CERT_SERVER_OCSP_RESPONSE_CONTEXT returned by CertGetServerOcspResponseContext. /// The function has no return value. /// /// Each call to CertGetServerOcspResponseContext and CertAddRefServerOcspResponseContext requires a corresponding call to CertFreeServerOcspResponseContext. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddrefserverocspresponsecontext void // CertAddRefServerOcspResponseContext( PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext ); [DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "b7cdce9b-25fe-4fb9-b266-61989793699b")] public static extern void CertAddRefServerOcspResponseContext(PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext); ///

/// The CertCloseServerOcspResponse function closes an online certificate status protocol (OCSP) server response handle. ///

/// The handle to close for an OCSP server response. /// This parameter is not used and must be zero. /// This function does not return a value. /// /// The CertCloseServerOcspResponse function closes a handle returned by either the CertOpenServerOcspResponse or /// CertAddRefServerOcspResponse function. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcloseserverocspresponse void // CertCloseServerOcspResponse( HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse, DWORD dwFlags ); [DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "6247e8ca-ba12-432f-9bf8-a6c644f253e9")] public static extern void CertCloseServerOcspResponse(HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse, uint dwFlags = 0); ///

/// The CertCreateCertificateContext function creates a certificate context from an encoded certificate. The created context /// is not persisted to a certificate store. The function makes a copy of the encoded certificate within the created context. ///

/// /// /// Specifies the type of encoding used. It is always acceptable to specify both the certificate and message encoding types by /// combining them with a bitwise- OR operation as shown in the following example: /// /// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are: /// /// /// X509_ASN_ENCODING /// /// /// PKCS_7_ASN_ENCODING /// /// /// /// A pointer to a buffer that contains the encoded certificate from which the context is to be created. /// The size, in bytes, of the pbCertEncoded buffer. /// /// /// If the function succeeds, the function returns a pointer to a read-only CERT_CONTEXT. When you have finished using the /// certificate context, free it by calling the CertFreeCertificateContext function. /// /// /// If the function is unable to decode and create the certificate context, it returns NULL. For extended error information, /// call GetLastError. Some possible error codes follow. /// /// /// /// Return code /// Description /// /// /// E_INVALIDARG /// A certificate encoding type that is not valid was specified. Currently, only the X509_ASN_ENCODING type is supported. /// /// /// /// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information /// about these errors, see ASN.1 Encoding/Decoding Return Values. /// /// /// /// /// The CERT_CONTEXT must be freed by calling CertFreeCertificateContext. CertDuplicateCertificateContext can be called to make a /// duplicate. CertSetCertificateContextProperty and CertGetCertificateContextProperty can be called to store and read properties /// for the certificate. /// /// Examples /// /// The following example shows creating a certificate context from an encoded certificate. The created context is not put in a /// certificate store. For another example that uses this function, see Example C Program: Certificate Store Operations. /// /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcreatecertificatecontext PCCERT_CONTEXT // CertCreateCertificateContext( DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD cbCertEncoded ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "a32714c4-ee88-48a8-a40a-bbbfec0613ac")] public static extern SafePCCERT_CONTEXT CertCreateCertificateContext(CertEncodingType dwCertEncodingType, [In] IntPtr pbCertEncoded, uint cbCertEncoded); ///

/// The CertCreateSelfSignCertificate function builds a self-signed certificate and returns a pointer to a CERT_CONTEXT /// structure that represents the certificate. ///

/// /// /// A handle of a cryptographic provider used to sign the certificate created. If NULL, information from the pKeyProvInfo /// parameter is used to acquire the needed handle. If pKeyProvInfo is also NULL, the default provider type, PROV_RSA_FULL /// provider type, the default key specification, AT_SIGNATURE, and a newly created key container with a unique container name are used. /// /// /// This handle must be an HCRYPTPROV handle that has been created by using the CryptAcquireContext function or an /// NCRYPT_KEY_HANDLE handle that has been created by using the NCryptOpenKey function. New applications should always pass /// in the NCRYPT_KEY_HANDLE handle of a CNG cryptographic service provider (CSP). /// /// /// /// A pointer to a BLOB that contains the distinguished name (DN) for the certificate subject. This parameter cannot be NULL. /// Minimally, a pointer to an empty DN must be provided. This BLOB is normally created by using the CertStrToName function. It can /// also be created by using the CryptEncodeObject function and specifying either the X509_NAME or X509_UNICODE_NAME StructType. /// /// /// /// A set of flags that override the default behavior of this function. This can be zero or a combination of one or more of the /// following values. /// /// /// /// Value /// Meaning /// /// /// CERT_CREATE_SELFSIGN_NO_KEY_INFO 2 /// /// By default, the returned PCCERT_CONTEXT references the private keys by setting the CERT_KEY_PROV_INFO_PROP_ID. If you do not /// want the returned PCCERT_CONTEXT to reference private keys by setting the CERT_KEY_PROV_INFO_PROP_ID, specify CERT_CREATE_SELFSIGN_NO_KEY_INFO. /// /// /// /// CERT_CREATE_SELFSIGN_NO_SIGN 1 /// /// By default, the certificate being created is signed. If the certificate being created is only a dummy placeholder, the /// certificate might not need to be signed. Signing of the certificate is skipped if CERT_CREATE_SELFSIGN_NO_SIGN is specified. /// /// /// /// /// /// /// A pointer to a CRYPT_KEY_PROV_INFO structure. Before a certificate is created, the CSP is queried for the key provider, key /// provider type, and the key container name. If the CSP queried does not support these queries, the function fails. If the default /// provider does not support these queries, a pKeyProvInfo value must be specified. The RSA BASE does support these queries. /// /// /// If the pKeyProvInfo parameter is not NULL, the corresponding values are set in the CERT_KEY_PROV_INFO_PROP_ID /// value of the generated certificate. You must ensure that all parameters of the supplied structure are correctly specified. /// /// /// /// A pointer to a CRYPT_ALGORITHM_IDENTIFIER structure. If NULL, the default algorithm, SHA1RSA, is used. /// /// A pointer to a SYSTEMTIME structure. If NULL, the system current time is used by default. /// /// A pointer to a SYSTEMTIME structure. If NULL, the pStartTime value plus one year will be used by default. /// /// /// A pointer to a CERT_EXTENSIONS array of CERT_EXTENSION structures. By default, the array is empty. An alternate subject name, if /// desired, can be specified as one of these extensions. /// /// /// If the function succeeds, a PCCERT_CONTEXT variable that points to the created certificate is returned. If the function fails, /// it returns NULL. For extended error information, call GetLastError. /// /// /// As the pEndTime must be a valid date, and is automatically generated if it is not supplied by the user, unexpected failures may /// easily be caused when this API is called on a leap day without accompanying app logic to compensate. For more information, /// please see leap year readiness. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcreateselfsigncertificate PCCERT_CONTEXT // CertCreateSelfSignCertificate( HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, PCERT_NAME_BLOB pSubjectIssuerBlob, DWORD // dwFlags, PCRYPT_KEY_PROV_INFO pKeyProvInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime, PSYSTEMTIME // pEndTime, PCERT_EXTENSIONS pExtensions ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "89028c4e-f896-4c50-9fa2-bcb4e1784244")] public static extern SafePCCERT_CONTEXT CertCreateSelfSignCertificate(IntPtr hCryptProvOrNCryptKey, in CRYPTOAPI_BLOB pSubjectIssuerBlob, CertCreateSelfSignFlags dwFlags, IntPtr pKeyProvInfo, IntPtr pSignatureAlgorithm, IntPtr pStartTime, IntPtr pEndTime, IntPtr pExtensions); ///

/// The CertCreateSelfSignCertificate function builds a self-signed certificate and returns a pointer to a CERT_CONTEXT /// structure that represents the certificate. ///

/// /// /// A handle of a cryptographic provider used to sign the certificate created. If NULL, information from the pKeyProvInfo /// parameter is used to acquire the needed handle. If pKeyProvInfo is also NULL, the default provider type, PROV_RSA_FULL /// provider type, the default key specification, AT_SIGNATURE, and a newly created key container with a unique container name are used. /// /// /// This handle must be an HCRYPTPROV handle that has been created by using the CryptAcquireContext function or an /// NCRYPT_KEY_HANDLE handle that has been created by using the NCryptOpenKey function. New applications should always pass /// in the NCRYPT_KEY_HANDLE handle of a CNG cryptographic service provider (CSP). /// /// /// /// A pointer to a BLOB that contains the distinguished name (DN) for the certificate subject. This parameter cannot be NULL. /// Minimally, a pointer to an empty DN must be provided. This BLOB is normally created by using the CertStrToName function. It can /// also be created by using the CryptEncodeObject function and specifying either the X509_NAME or X509_UNICODE_NAME StructType. /// /// /// /// A set of flags that override the default behavior of this function. This can be zero or a combination of one or more of the /// following values. /// /// /// /// Value /// Meaning /// /// /// CERT_CREATE_SELFSIGN_NO_KEY_INFO 2 /// /// By default, the returned PCCERT_CONTEXT references the private keys by setting the CERT_KEY_PROV_INFO_PROP_ID. If you do not /// want the returned PCCERT_CONTEXT to reference private keys by setting the CERT_KEY_PROV_INFO_PROP_ID, specify CERT_CREATE_SELFSIGN_NO_KEY_INFO. /// /// /// /// CERT_CREATE_SELFSIGN_NO_SIGN 1 /// /// By default, the certificate being created is signed. If the certificate being created is only a dummy placeholder, the /// certificate might not need to be signed. Signing of the certificate is skipped if CERT_CREATE_SELFSIGN_NO_SIGN is specified. /// /// /// /// /// /// /// A pointer to a CRYPT_KEY_PROV_INFO structure. Before a certificate is created, the CSP is queried for the key provider, key /// provider type, and the key container name. If the CSP queried does not support these queries, the function fails. If the default /// provider does not support these queries, a pKeyProvInfo value must be specified. The RSA BASE does support these queries. /// /// /// If the pKeyProvInfo parameter is not NULL, the corresponding values are set in the CERT_KEY_PROV_INFO_PROP_ID /// value of the generated certificate. You must ensure that all parameters of the supplied structure are correctly specified. /// /// /// /// A pointer to a CRYPT_ALGORITHM_IDENTIFIER structure. If NULL, the default algorithm, SHA1RSA, is used. /// /// A pointer to a SYSTEMTIME structure. If NULL, the system current time is used by default. /// /// A pointer to a SYSTEMTIME structure. If NULL, the pStartTime value plus one year will be used by default. /// /// /// A pointer to a CERT_EXTENSIONS array of CERT_EXTENSION structures. By default, the array is empty. An alternate subject name, if /// desired, can be specified as one of these extensions. /// /// /// If the function succeeds, a PCCERT_CONTEXT variable that points to the created certificate is returned. If the function fails, /// it returns NULL. For extended error information, call GetLastError. /// /// /// As the pEndTime must be a valid date, and is automatically generated if it is not supplied by the user, unexpected failures may /// easily be caused when this API is called on a leap day without accompanying app logic to compensate. For more information, /// please see leap year readiness. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcreateselfsigncertificate PCCERT_CONTEXT // CertCreateSelfSignCertificate( HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, PCERT_NAME_BLOB pSubjectIssuerBlob, DWORD // dwFlags, PCRYPT_KEY_PROV_INFO pKeyProvInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime, PSYSTEMTIME // pEndTime, PCERT_EXTENSIONS pExtensions ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "89028c4e-f896-4c50-9fa2-bcb4e1784244")] public static extern SafePCCERT_CONTEXT CertCreateSelfSignCertificate(IntPtr hCryptProvOrNCryptKey, in CRYPTOAPI_BLOB pSubjectIssuerBlob, CertCreateSelfSignFlags dwFlags, in CRYPT_KEY_PROV_INFO pKeyProvInfo, in CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, IntPtr pStartTime, IntPtr pEndTime, IntPtr pExtensions); ///

/// The CertCreateSelfSignCertificate function builds a self-signed certificate and returns a pointer to a CERT_CONTEXT /// structure that represents the certificate. ///

/// /// /// A handle of a cryptographic provider used to sign the certificate created. If NULL, information from the pKeyProvInfo /// parameter is used to acquire the needed handle. If pKeyProvInfo is also NULL, the default provider type, PROV_RSA_FULL /// provider type, the default key specification, AT_SIGNATURE, and a newly created key container with a unique container name are used. /// /// /// This handle must be an HCRYPTPROV handle that has been created by using the CryptAcquireContext function or an /// NCRYPT_KEY_HANDLE handle that has been created by using the NCryptOpenKey function. New applications should always pass /// in the NCRYPT_KEY_HANDLE handle of a CNG cryptographic service provider (CSP). /// /// /// /// A pointer to a BLOB that contains the distinguished name (DN) for the certificate subject. This parameter cannot be NULL. /// Minimally, a pointer to an empty DN must be provided. This BLOB is normally created by using the CertStrToName function. It can /// also be created by using the CryptEncodeObject function and specifying either the X509_NAME or X509_UNICODE_NAME StructType. /// /// /// /// A set of flags that override the default behavior of this function. This can be zero or a combination of one or more of the /// following values. /// /// /// /// Value /// Meaning /// /// /// CERT_CREATE_SELFSIGN_NO_KEY_INFO 2 /// /// By default, the returned PCCERT_CONTEXT references the private keys by setting the CERT_KEY_PROV_INFO_PROP_ID. If you do not /// want the returned PCCERT_CONTEXT to reference private keys by setting the CERT_KEY_PROV_INFO_PROP_ID, specify CERT_CREATE_SELFSIGN_NO_KEY_INFO. /// /// /// /// CERT_CREATE_SELFSIGN_NO_SIGN 1 /// /// By default, the certificate being created is signed. If the certificate being created is only a dummy placeholder, the /// certificate might not need to be signed. Signing of the certificate is skipped if CERT_CREATE_SELFSIGN_NO_SIGN is specified. /// /// /// /// /// /// /// A pointer to a CRYPT_KEY_PROV_INFO structure. Before a certificate is created, the CSP is queried for the key provider, key /// provider type, and the key container name. If the CSP queried does not support these queries, the function fails. If the default /// provider does not support these queries, a pKeyProvInfo value must be specified. The RSA BASE does support these queries. /// /// /// If the pKeyProvInfo parameter is not NULL, the corresponding values are set in the CERT_KEY_PROV_INFO_PROP_ID /// value of the generated certificate. You must ensure that all parameters of the supplied structure are correctly specified. /// /// /// /// A pointer to a CRYPT_ALGORITHM_IDENTIFIER structure. If NULL, the default algorithm, SHA1RSA, is used. /// /// A pointer to a SYSTEMTIME structure. If NULL, the system current time is used by default. /// /// A pointer to a SYSTEMTIME structure. If NULL, the pStartTime value plus one year will be used by default. /// /// /// A pointer to a CERT_EXTENSIONS array of CERT_EXTENSION structures. By default, the array is empty. An alternate subject name, if /// desired, can be specified as one of these extensions. /// /// /// If the function succeeds, a PCCERT_CONTEXT variable that points to the created certificate is returned. If the function fails, /// it returns NULL. For extended error information, call GetLastError. /// /// /// As the pEndTime must be a valid date, and is automatically generated if it is not supplied by the user, unexpected failures may /// easily be caused when this API is called on a leap day without accompanying app logic to compensate. For more information, /// please see leap year readiness. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcreateselfsigncertificate PCCERT_CONTEXT // CertCreateSelfSignCertificate( HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, PCERT_NAME_BLOB pSubjectIssuerBlob, DWORD // dwFlags, PCRYPT_KEY_PROV_INFO pKeyProvInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime, PSYSTEMTIME // pEndTime, PCERT_EXTENSIONS pExtensions ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "89028c4e-f896-4c50-9fa2-bcb4e1784244")] public static extern SafePCCERT_CONTEXT CertCreateSelfSignCertificate(IntPtr hCryptProvOrNCryptKey, in CRYPTOAPI_BLOB pSubjectIssuerBlob, CertCreateSelfSignFlags dwFlags, in CRYPT_KEY_PROV_INFO pKeyProvInfo, in CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, in SYSTEMTIME pStartTime, in SYSTEMTIME pEndTime, in CERT_EXTENSIONS pExtensions); ///

/// The CertDeleteCertificateFromStore function deletes the specified certificate context from the certificate store. ///

/// A pointer to the CERT_CONTEXT structure to be deleted. /// /// If the function succeeds, the return value is TRUE. /// /// If the function fails, the return value is FALSE. For extended error information, call GetLastError. One possible error /// code is the following. /// /// /// /// Return code /// Description /// /// /// E_ACCESSDENIED /// Indicates the store was opened as read-only and a delete operation is not allowed. /// /// /// /// /// /// After a certificate is deleted from a store, all subsequent attempts to get or find that certificate in that store will fail. /// However, memory allocated for the certificate is not freed until all duplicated contexts have also been freed. /// /// /// The CertDeleteCertificateFromStore function always frees pCertContext by calling the CertFreeCertificateContext function, /// even if an error is encountered. Freeing the context reduces the context's reference count by one. If the reference count /// reaches zero, memory allocated for the certificate is freed. /// /// Examples /// For an example that uses this function, see Example C Program: Deleting Certificates from a Certificate Store. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certdeletecertificatefromstore BOOL // CertDeleteCertificateFromStore( PCCERT_CONTEXT pCertContext ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "4390c8da-9c4d-47a4-9af4-d179829f77f3")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CertDeleteCertificateFromStore(PCCERT_CONTEXT pCertContext); ///

/// The CertDuplicateCertificateContext function duplicates a certificate context by incrementing its reference count. ///

/// A pointer to the CERT_CONTEXT structure for which the reference count is incremented. /// /// Currently, a copy is not made of the context, and the returned pointer to a context has the same value as the pointer to a /// context that was input. If the pointer passed into this function is NULL, NULL is returned. When you have finished /// using the duplicate context, decrease its reference count by calling the CertFreeCertificateContext function. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certduplicatecertificatecontext PCCERT_CONTEXT // CertDuplicateCertificateContext( PCCERT_CONTEXT pCertContext ); [DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "589edd25-c8d0-4f93-83b2-9df2ed2e2812")] public static extern PCCERT_CONTEXT CertDuplicateCertificateContext(PCCERT_CONTEXT pCertContext); ///

/// The CertEnumCertificatesInStore function retrieves the first or next certificate in a certificate store. Used in a loop, /// this function can retrieve in sequence all certificates in a certificate store. ///

/// A handle of a certificate store. /// /// A pointer to the CERT_CONTEXT of the previous certificate context found. /// /// This parameter must be NULL to begin the enumeration and get the first certificate in the store. Successive certificates /// are enumerated by setting pPrevCertContext to the pointer returned by a previous call to the function. This function frees the /// CERT_CONTEXT referenced by non- NULL values of this parameter. /// /// /// For logical stores, including collection stores, a duplicate of the pCertContext returned by this function cannot be used to /// begin a new subsequence of enumerations because the duplicated certificate loses the initial enumeration state. The enumeration /// skips any certificate previously deleted by CertDeleteCertificateFromStore. /// /// /// /// /// If the function succeeds, the function returns a pointer to the next CERT_CONTEXT in the store. If no more certificates exist in /// the store, the function returns NULL. /// /// For extended error information, call GetLastError. Some possible error codes follow. /// /// /// Value /// Description /// /// /// E_INVALIDARG /// The handle in the hCertStore parameter is not the same as that in the certificate context pointed to by pPrevCertContext. /// /// /// CRYPT_E_NOT_FOUND /// No certificates were found. This happens if the store is empty or if the function reached the end of the store's list. /// /// /// ERROR_NO_MORE_FILES /// /// Applies to external stores. No certificates were found. This happens if the store is empty or if the function reached the end of /// the store's list. /// /// /// /// /// /// /// The returned pointer is freed when passed as the pPrevCertContext parameter on a subsequent call. Otherwise, the pointer must be /// freed by calling CertFreeCertificateContext. A non- NULL pPrevCertContext passed to CertEnumCertificatesInStore is /// always freed even for an error. /// /// A duplicate of the currently enumerated certificate can be made by calling CertDuplicateCertificateContext. /// Examples /// /// The following example lists the certificate contexts in the certificate store. For another example that uses this function, see /// Example C Program: Deleting Certificates from a Certificate Store. /// /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certenumcertificatesinstore PCCERT_CONTEXT // CertEnumCertificatesInStore( HCERTSTORE hCertStore, PCCERT_CONTEXT pPrevCertContext ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "c5ab5b4c-dc0c-416b-aa9e-b939398cfa6d")] public static extern PCCERT_CONTEXT CertEnumCertificatesInStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pPrevCertContext); ///

/// The CertFindCertificateInStore function finds the first or next certificate context in a certificate store that matches a /// search criteria established by the dwFindType and its associated pvFindPara. This function can be used in a loop to find all of /// the certificates in a certificate store that match the specified find criteria. ///

/// A handle of the certificate store to be searched. /// /// /// Specifies the type of encoding used. Both the certificate and message encoding types must be specified by combining them with a /// bitwise- OR operation as shown in the following example: /// /// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are: /// /// /// X509_ASN_ENCODING /// /// /// PKCS_7_ASN_ENCODING /// /// /// /// /// Used with some dwFindType values to modify the search criteria. For most dwFindType values, dwFindFlags is not used and should /// be set to zero. For detailed information, see Remarks. /// /// /// /// Specifies the type of search being made. The search type determines the data type, contents, and the use of pvFindPara. This /// parameter can be one of the following values. /// /// /// /// Value /// Meaning /// /// /// CERT_FIND_ANY /// Data type of pvFindPara: NULL, not used. No search criteria used. Returns the next certificate in the store. /// /// /// CERT_FIND_CERT_ID /// Data type of pvFindPara: CERT_ID structure. Find the certificate identified by the specified CERT_ID. /// /// /// CERT_FIND_CTL_USAGE /// /// Data type of pvFindPara: CTL_USAGE structure. Searches for a certificate that has a szOID_ENHANCED_KEY_USAGE extension or a /// CERT_CTL_PROP_ID that matches the pszUsageIdentifier member of the CTL_USAGE structure. /// /// /// /// CERT_FIND_ENHKEY_USAGE /// /// Data type of pvFindPara: CERT_ENHKEY_USAGE structure. Searches for a certificate in the store that has either an enhanced key /// usage extension or an enhanced key usage property and a usage identifier that matches the cUsageIdentifier member in the /// CERT_ENHKEY_USAGE structure. A certificate has an enhanced key usage extension if it has a CERT_EXTENSION structure with the /// pszObjId member set to szOID_ENHANCED_KEY_USAGE. A certificate has an enhanced key usage property if its /// CERT_ENHKEY_USAGE_PROP_ID identifier is set. If CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG is set in dwFindFlags, certificates without /// the key usage extension or property are also matches. Setting this flag takes precedence over passing NULL in pvFindPara. If /// CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG is set, a match is done only on the key usage extension. For information about flag /// modifications to search criteria, see Remarks. /// /// /// /// CERT_FIND_EXISTING /// /// Data type of pvFindPara: CERT_CONTEXT structure. Searches for a certificate that is an exact match of the specified certificate context. /// /// /// /// CERT_FIND_HASH /// /// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a SHA1 hash that matches the hash in the /// CRYPT_HASH_BLOB structure. /// /// /// /// CERT_FIND_HAS_PRIVATE_KEY /// /// Data type of pvFindPara: NULL, not used. Searches for a certificate that has a private key. The key can be ephemeral or saved on /// disk. The key can be a legacy Cryptography API (CAPI) key or a CNG key. Windows 8 and Windows Server 2012: Support for this flag begins. /// /// /// /// CERT_FIND_ISSUER_ATTR /// /// Data type of pvFindPara: CERT_RDN structure. Searches for a certificate with specified issuer attributes that match attributes /// in the CERT_RDN structure. If these values are set, the function compares attributes of the issuer in a certificate with /// elements of the CERT_RDN_ATTR array in this CERT_RDN structure. Comparisons iterate through the CERT_RDN_ATTR attributes looking /// for a match with the certificate's issuer attributes. If the pszObjId member of CERT_RDN_ATTR is NULL, the attribute object /// identifier is ignored. If the dwValueType member of CERT_RDN_ATTR is CERT_RDN_ANY_TYPE, the value type is ignored. If the pbData /// member of CERT_RDN_VALUE_BLOB is NULL, any value is a match. Currently only an exact, case-sensitive match is supported. For /// information about Unicode options, see Remarks. When these values are set, the search is restricted to certificates whose /// encoding type matches dwCertEncodingType. /// /// /// /// CERT_FIND_ISSUER_NAME /// /// Data type of pvFindPara: CERT_NAME_BLOB structure. Search for a certificate with an exact match of the entire issuer name with /// the name in CERT_NAME_BLOB The search is restricted to certificates that match the dwCertEncodingType. /// /// /// /// CERT_FIND_ISSUER_OF /// /// Data type of pvFindPara: CERT_CONTEXT structure. Searches for a certificate with an subject that matches the issuer in /// CERT_CONTEXT. Instead of using CertFindCertificateInStore with this value, use the CertGetCertificateChain function. /// /// /// /// CERT_FIND_ISSUER_STR /// /// Data type of pvFindPara: Null-terminated Unicode string. Searches for a certificate that contains the specified issuer name /// string. The certificate's issuer member is converted to a name string of the appropriate type using the appropriate form of /// CertNameToStr formatted as CERT_SIMPLE_NAME_STR. Then a case-insensitive substring-within-a-string match is performed. When this /// value is set, the search is restricted to certificates whose encoding type matches dwCertEncodingType. If the substring match /// fails and the subject contains an email RDN with Punycode encoded string, CERT_NAME_STR_ENABLE_PUNYCODE_FLAG is used to convert /// the subject to a Unicode string and the substring match is performed again. /// /// /// /// CERT_FIND_KEY_IDENTIFIER /// /// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a CERT_KEY_IDENTIFIER_PROP_ID property that /// matches the key identifier in CRYPT_HASH_BLOB. /// /// /// /// CERT_FIND_KEY_SPEC /// /// Data type of pvFindPara: DWORD variable that contains a key specification. Searches for a certificate that has a /// CERT_KEY_SPEC_PROP_ID property that matches the key specification in pvFindPara. /// /// /// /// CERT_FIND_MD5_HASH /// /// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with an MD5 hash that matches the hash in CRYPT_HASH_BLOB. /// /// /// /// CERT_FIND_PROPERTY /// /// Data type of pvFindPara: DWORD variable that contains a property identifier. Searches for a certificate with a property that /// matches the property identifier specified by the DWORD value in pvFindPara. /// /// /// /// CERT_FIND_PUBLIC_KEY /// /// Data type of pvFindPara: CERT_PUBLIC_KEY_INFO structure. Searches for a certificate with a public key that matches the public /// key in the CERT_PUBLIC_KEY_INFO structure. /// /// /// /// CERT_FIND_SHA1_HASH /// /// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a SHA1 hash that matches the hash in the /// CRYPT_HASH_BLOB structure. /// /// /// /// CERT_FIND_SIGNATURE_HASH /// /// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a signature hash that matches the signature /// hash in the CRYPT_HASH_BLOB structure. /// /// /// /// CERT_FIND_SUBJECT_ATTR /// /// Data type of pvFindPara: CERT_RDN structure. Searches for a certificate with specified subject attributes that match attributes /// in the CERT_RDN structure. If RDN values are set, the function compares attributes of the subject in a certificate with elements /// of the CERT_RDN_ATTR array in this CERT_RDN structure. Comparisons iterate through the CERT_RDN_ATTR attributes looking for a /// match with the certificate's subject's attributes. If the pszObjId member of CERT_RDN_ATTR is NULL, the attribute object /// identifier is ignored. If the dwValueType member of CERT_RDN_ATTR is CERT_RDN_ANY_TYPE, the value type is ignored. If the pbData /// member of CERT_RDN_VALUE_BLOB is NULL, any value is a match. Currently only an exact, case-sensitive match is supported. For /// information about Unicode options, see Remarks. When these values are set, the search is restricted to certificates whose /// encoding type matches dwCertEncodingType. /// /// /// /// CERT_FIND_SUBJECT_CERT /// /// Data type of pvFindPara: CERT_INFO structure. Searches for a certificate with both an issuer and a serial number that match the /// issuer and serial number in the CERT_INFO structure. /// /// /// /// CERT_FIND_SUBJECT_NAME /// /// Data type of pvFindPara: CERT_NAME_BLOB structure. Searches for a certificate with an exact match of the entire subject name /// with the name in the CERT_NAME_BLOB structure. The search is restricted to certificates that match the value of dwCertEncodingType. /// /// /// /// CERT_FIND_SUBJECT_STR /// /// Data type of pvFindPara: Null-terminated Unicode string. Searches for a certificate that contains the specified subject name /// string. The certificate's subject member is converted to a name string of the appropriate type using the appropriate form of /// CertNameToStr formatted as CERT_SIMPLE_NAME_STR. Then a case-insensitive substring-within-a-string match is performed. When this /// value is set, the search is restricted to certificates whose encoding type matches dwCertEncodingType. /// /// /// /// CERT_FIND_CROSS_CERT_DIST_POINTS /// /// Data type of pvFindPara: Not used. Find a certificate that has either a cross certificate distribution point extension or property. /// /// /// /// CERT_FIND_PUBKEY_MD5_HASH /// /// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Find a certificate whose MD5-hashed public key matches the specified hash. /// /// /// /// /// Note There are alternate forms of the value of dwFindType that pass a string in pvFindPara. One form uses a Unicode /// string, and the other an ASCII string. Values that end in "_W" or without a suffix use Unicode. Values that end with "_A" use /// ASCII strings. /// /// /// Points to a data item or structure used with dwFindType. /// /// A pointer to the last CERT_CONTEXT structure returned by this function. This parameter must be NULL on the first call of /// the function. To find successive certificates meeting the search criteria, set pPrevCertContext to the pointer returned by the /// previous call to the function. This function frees the CERT_CONTEXT referenced by non- NULL values of this parameter. /// /// /// If the function succeeds, the function returns a pointer to a read-only CERT_CONTEXT structure. /// If the function fails and a certificate that matches the search criteria is not found, the return value is NULL. /// /// A non- NULL CERT_CONTEXT that CertFindCertificateInStore returns must be freed by CertFreeCertificateContext or by /// being passed as the pPrevCertContext parameter on a subsequent call to CertFindCertificateInStore. /// /// For extended error information, call GetLastError. Some possible error codes follow. /// /// /// Return code /// Description /// /// /// CRYPT_E_NOT_FOUND /// /// No certificate was found matching the search criteria. This can happen if the store is empty or the end of the store's list is reached. /// /// /// /// E_INVALIDARG /// /// The handle in the hCertStore parameter is not the same as that in the certificate context pointed to by the pPrevCertContext /// parameter, or a value that is not valid was specified in the dwFindType parameter. /// /// /// /// /// /// The dwFindFlags parameter is used to modify the criteria of some search types. /// /// The CERT_UNICODE_IS_RDN_ATTRS_FLAG dwFindFlags value is used only with the CERT_FIND_SUBJECT_ATTR and CERT_FIND_ISSUER_ATTR /// values for dwFindType. CERT_UNICODE_IS_RDN_ATTRS_FLAG must be set if the CERT_RDN_ATTR structure pointed to by pvFindPara was /// initialized with Unicode strings. Before any comparison is made, the string to be matched is converted by using /// X509_UNICODE_NAME to provide for Unicode comparisons. /// /// The following dwFindFlags values are used only with the CERT_FIND_ENKEY_USAGE value for dwFindType: /// /// CertDuplicateCertificateContext can be called to make a duplicate of the returned context. The returned context can be added to /// a different certificate store by using CertAddCertificateContextToStore, or a link to that certificate context can be added to a /// store that is not a collection store by using CertAddCertificateLinkToStore. /// /// /// The returned pointer is freed when passed as the pPrevCertContext parameter on a subsequent call to the function. Otherwise, the /// pointer must be explicitly freed by calling CertFreeCertificateContext. A pPrevCertContext that is not NULL is always /// freed by CertFindCertificateInStore using a call to CertFreeCertificateContext, even if there is an error in the function. /// /// Examples /// /// The following example shows finding a certificate context in the certificate store meeting a search criterion. For a complete /// example that includes the context for this example, see Example C Program: Certificate Store Operations. /// /// For another example that uses this function, see Example C Program: Collection and Sibling Certificate Store Operations. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certfindcertificateinstore PCCERT_CONTEXT // CertFindCertificateInStore( HCERTSTORE hCertStore, DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType, const void // *pvFindPara, PCCERT_CONTEXT pPrevCertContext ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "20b3fcfb-55df-46ff-80a5-70f31a3d03b2")] public static extern SafePCCERT_CONTEXT CertFindCertificateInStore(HCERTSTORE hCertStore, CertEncodingType dwCertEncodingType, CertFindUsageFlags dwFindFlags, CertFindType dwFindType, [In] IntPtr pvFindPara, PCCERT_CONTEXT pPrevCertContext); ///

/// A handle of the certificate store to be searched. /// /// /// Specifies the type of encoding used. Both the certificate and message encoding types must be specified by combining them with a /// bitwise- OR operation as shown in the following example: /// /// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are: /// /// /// X509_ASN_ENCODING /// /// /// PKCS_7_ASN_ENCODING /// /// /// /// /// Used with some dwFindType values to modify the search criteria. For most dwFindType values, dwFindFlags is not used and should /// be set to zero. For detailed information, see Remarks. /// /// /// /// Specifies the type of search being made. The search type determines the data type, contents, and the use of pvFindPara. This /// parameter can be one of the following values. /// /// /// /// Value /// Meaning /// /// /// CERT_FIND_ANY /// Data type of pvFindPara: NULL, not used. No search criteria used. Returns the next certificate in the store. /// /// /// CERT_FIND_CERT_ID /// Data type of pvFindPara: CERT_ID structure. Find the certificate identified by the specified CERT_ID. /// /// /// CERT_FIND_CTL_USAGE /// /// Data type of pvFindPara: CTL_USAGE structure. Searches for a certificate that has a szOID_ENHANCED_KEY_USAGE extension or a /// CERT_CTL_PROP_ID that matches the pszUsageIdentifier member of the CTL_USAGE structure. /// /// /// /// CERT_FIND_ENHKEY_USAGE /// /// Data type of pvFindPara: CERT_ENHKEY_USAGE structure. Searches for a certificate in the store that has either an enhanced key /// usage extension or an enhanced key usage property and a usage identifier that matches the cUsageIdentifier member in the /// CERT_ENHKEY_USAGE structure. A certificate has an enhanced key usage extension if it has a CERT_EXTENSION structure with the /// pszObjId member set to szOID_ENHANCED_KEY_USAGE. A certificate has an enhanced key usage property if its /// CERT_ENHKEY_USAGE_PROP_ID identifier is set. If CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG is set in dwFindFlags, certificates without /// the key usage extension or property are also matches. Setting this flag takes precedence over passing NULL in pvFindPara. If /// CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG is set, a match is done only on the key usage extension. For information about flag /// modifications to search criteria, see Remarks. /// /// /// /// CERT_FIND_EXISTING /// /// Data type of pvFindPara: CERT_CONTEXT structure. Searches for a certificate that is an exact match of the specified certificate context. /// /// /// /// CERT_FIND_HASH /// /// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a SHA1 hash that matches the hash in the /// CRYPT_HASH_BLOB structure. /// /// /// /// CERT_FIND_HAS_PRIVATE_KEY /// /// Data type of pvFindPara: NULL, not used. Searches for a certificate that has a private key. The key can be ephemeral or saved on /// disk. The key can be a legacy Cryptography API (CAPI) key or a CNG key. Windows 8 and Windows Server 2012: Support for this flag begins. /// /// /// /// CERT_FIND_ISSUER_ATTR /// /// Data type of pvFindPara: CERT_RDN structure. Searches for a certificate with specified issuer attributes that match attributes /// in the CERT_RDN structure. If these values are set, the function compares attributes of the issuer in a certificate with /// elements of the CERT_RDN_ATTR array in this CERT_RDN structure. Comparisons iterate through the CERT_RDN_ATTR attributes looking /// for a match with the certificate's issuer attributes. If the pszObjId member of CERT_RDN_ATTR is NULL, the attribute object /// identifier is ignored. If the dwValueType member of CERT_RDN_ATTR is CERT_RDN_ANY_TYPE, the value type is ignored. If the pbData /// member of CERT_RDN_VALUE_BLOB is NULL, any value is a match. Currently only an exact, case-sensitive match is supported. For /// information about Unicode options, see Remarks. When these values are set, the search is restricted to certificates whose /// encoding type matches dwCertEncodingType. /// /// /// /// CERT_FIND_ISSUER_NAME /// /// Data type of pvFindPara: CERT_NAME_BLOB structure. Search for a certificate with an exact match of the entire issuer name with /// the name in CERT_NAME_BLOB The search is restricted to certificates that match the dwCertEncodingType. /// /// /// /// CERT_FIND_ISSUER_OF /// /// Data type of pvFindPara: CERT_CONTEXT structure. Searches for a certificate with an subject that matches the issuer in /// CERT_CONTEXT. Instead of using CertFindCertificateInStore with this value, use the CertGetCertificateChain function. /// /// /// /// CERT_FIND_ISSUER_STR /// /// Data type of pvFindPara: Null-terminated Unicode string. Searches for a certificate that contains the specified issuer name /// string. The certificate's issuer member is converted to a name string of the appropriate type using the appropriate form of /// CertNameToStr formatted as CERT_SIMPLE_NAME_STR. Then a case-insensitive substring-within-a-string match is performed. When this /// value is set, the search is restricted to certificates whose encoding type matches dwCertEncodingType. If the substring match /// fails and the subject contains an email RDN with Punycode encoded string, CERT_NAME_STR_ENABLE_PUNYCODE_FLAG is used to convert /// the subject to a Unicode string and the substring match is performed again. /// /// /// /// CERT_FIND_KEY_IDENTIFIER /// /// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a CERT_KEY_IDENTIFIER_PROP_ID property that /// matches the key identifier in CRYPT_HASH_BLOB. /// /// /// /// CERT_FIND_KEY_SPEC /// /// Data type of pvFindPara: DWORD variable that contains a key specification. Searches for a certificate that has a /// CERT_KEY_SPEC_PROP_ID property that matches the key specification in pvFindPara. /// /// /// /// CERT_FIND_MD5_HASH /// /// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with an MD5 hash that matches the hash in CRYPT_HASH_BLOB. /// /// /// /// CERT_FIND_PROPERTY /// /// Data type of pvFindPara: DWORD variable that contains a property identifier. Searches for a certificate with a property that /// matches the property identifier specified by the DWORD value in pvFindPara. /// /// /// /// CERT_FIND_PUBLIC_KEY /// /// Data type of pvFindPara: CERT_PUBLIC_KEY_INFO structure. Searches for a certificate with a public key that matches the public /// key in the CERT_PUBLIC_KEY_INFO structure. /// /// /// /// CERT_FIND_SHA1_HASH /// /// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a SHA1 hash that matches the hash in the /// CRYPT_HASH_BLOB structure. /// /// /// /// CERT_FIND_SIGNATURE_HASH /// /// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a signature hash that matches the signature /// hash in the CRYPT_HASH_BLOB structure. /// /// /// /// CERT_FIND_SUBJECT_ATTR /// /// Data type of pvFindPara: CERT_RDN structure. Searches for a certificate with specified subject attributes that match attributes /// in the CERT_RDN structure. If RDN values are set, the function compares attributes of the subject in a certificate with elements /// of the CERT_RDN_ATTR array in this CERT_RDN structure. Comparisons iterate through the CERT_RDN_ATTR attributes looking for a /// match with the certificate's subject's attributes. If the pszObjId member of CERT_RDN_ATTR is NULL, the attribute object /// identifier is ignored. If the dwValueType member of CERT_RDN_ATTR is CERT_RDN_ANY_TYPE, the value type is ignored. If the pbData /// member of CERT_RDN_VALUE_BLOB is NULL, any value is a match. Currently only an exact, case-sensitive match is supported. For /// information about Unicode options, see Remarks. When these values are set, the search is restricted to certificates whose /// encoding type matches dwCertEncodingType. /// /// /// /// CERT_FIND_SUBJECT_CERT /// /// Data type of pvFindPara: CERT_INFO structure. Searches for a certificate with both an issuer and a serial number that match the /// issuer and serial number in the CERT_INFO structure. /// /// /// /// CERT_FIND_SUBJECT_NAME /// /// Data type of pvFindPara: CERT_NAME_BLOB structure. Searches for a certificate with an exact match of the entire subject name /// with the name in the CERT_NAME_BLOB structure. The search is restricted to certificates that match the value of dwCertEncodingType. /// /// /// /// CERT_FIND_SUBJECT_STR /// /// Data type of pvFindPara: Null-terminated Unicode string. Searches for a certificate that contains the specified subject name /// string. The certificate's subject member is converted to a name string of the appropriate type using the appropriate form of /// CertNameToStr formatted as CERT_SIMPLE_NAME_STR. Then a case-insensitive substring-within-a-string match is performed. When this /// value is set, the search is restricted to certificates whose encoding type matches dwCertEncodingType. /// /// /// /// CERT_FIND_CROSS_CERT_DIST_POINTS /// /// Data type of pvFindPara: Not used. Find a certificate that has either a cross certificate distribution point extension or property. /// /// /// /// CERT_FIND_PUBKEY_MD5_HASH /// /// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Find a certificate whose MD5-hashed public key matches the specified hash. /// /// /// /// /// Note There are alternate forms of the value of dwFindType that pass a string in pvFindPara. One form uses a Unicode /// string, and the other an ASCII string. Values that end in "_W" or without a suffix use Unicode. Values that end with "_A" use /// ASCII strings. /// /// /// Points to a data item or structure used with dwFindType. /// /// A pointer to the last CERT_CONTEXT structure returned by this function. This parameter must be NULL on the first call of /// the function. To find successive certificates meeting the search criteria, set pPrevCertContext to the pointer returned by the /// previous call to the function. This function frees the CERT_CONTEXT referenced by non- NULL values of this parameter. /// /// /// If the function succeeds, the function returns a pointer to a read-only CERT_CONTEXT structure. /// If the function fails and a certificate that matches the search criteria is not found, the return value is NULL. /// /// A non- NULL CERT_CONTEXT that CertFindCertificateInStore returns must be freed by CertFreeCertificateContext or by /// being passed as the pPrevCertContext parameter on a subsequent call to CertFindCertificateInStore. /// /// For extended error information, call GetLastError. Some possible error codes follow. /// /// /// Return code /// Description /// /// /// CRYPT_E_NOT_FOUND /// /// No certificate was found matching the search criteria. This can happen if the store is empty or the end of the store's list is reached. /// /// /// /// E_INVALIDARG /// /// The handle in the hCertStore parameter is not the same as that in the certificate context pointed to by the pPrevCertContext /// parameter, or a value that is not valid was specified in the dwFindType parameter. /// /// /// /// /// /// The dwFindFlags parameter is used to modify the criteria of some search types. /// /// The CERT_UNICODE_IS_RDN_ATTRS_FLAG dwFindFlags value is used only with the CERT_FIND_SUBJECT_ATTR and CERT_FIND_ISSUER_ATTR /// values for dwFindType. CERT_UNICODE_IS_RDN_ATTRS_FLAG must be set if the CERT_RDN_ATTR structure pointed to by pvFindPara was /// initialized with Unicode strings. Before any comparison is made, the string to be matched is converted by using /// X509_UNICODE_NAME to provide for Unicode comparisons. /// /// The following dwFindFlags values are used only with the CERT_FIND_ENKEY_USAGE value for dwFindType: /// /// CertDuplicateCertificateContext can be called to make a duplicate of the returned context. The returned context can be added to /// a different certificate store by using CertAddCertificateContextToStore, or a link to that certificate context can be added to a /// store that is not a collection store by using CertAddCertificateLinkToStore. /// /// /// The returned pointer is freed when passed as the pPrevCertContext parameter on a subsequent call to the function. Otherwise, the /// pointer must be explicitly freed by calling CertFreeCertificateContext. A pPrevCertContext that is not NULL is always /// freed by CertFindCertificateInStore using a call to CertFreeCertificateContext, even if there is an error in the function. /// /// Examples /// /// The following example shows finding a certificate context in the certificate store meeting a search criterion. For a complete /// example that includes the context for this example, see Example C Program: Certificate Store Operations. /// /// For another example that uses this function, see Example C Program: Collection and Sibling Certificate Store Operations. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certfindcertificateinstore PCCERT_CONTEXT // CertFindCertificateInStore( HCERTSTORE hCertStore, DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType, const void // *pvFindPara, PCCERT_CONTEXT pPrevCertContext ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "20b3fcfb-55df-46ff-80a5-70f31a3d03b2")] public static extern SafePCCERT_CONTEXT CertFindCertificateInStore(HCERTSTORE hCertStore, CertEncodingType dwCertEncodingType, CertFindUsageFlags dwFindFlags, CertFindType dwFindType, [In, MarshalAs(UnmanagedType.LPWStr)] string pvFindPara, PCCERT_CONTEXT pPrevCertContext); ///

/// The CertFreeServerOcspResponseContext function decrements the reference count for a CERT_SERVER_OCSP_RESPONSE_CONTEXT /// structure. If the reference count becomes zero, memory allocated for the structure is released. ///

/// /// A pointer to a CERT_SERVER_OCSP_RESPONSE_CONTEXT structure that contains a value returned by the /// CertGetServerOcspResponseContext function. /// /// This function has no return value. // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certfreeserverocspresponsecontext void // CertFreeServerOcspResponseContext( PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext ); [DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "a07fc1e0-6f06-4336-b33c-d4d6a838b609")] public static extern void CertFreeServerOcspResponseContext(PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext); ///

/// The CertGetIssuerCertificateFromStore function retrieves the certificate context from the certificate store for the first /// or next issuer of the specified subject certificate. The new Certificate Chain Verification Functions are recommended instead of /// the use of this function. ///

/// Handle of a certificate store. /// /// A pointer to a CERT_CONTEXT structure that contains the subject information. This parameter can be obtained from any certificate /// store or can be created by the calling application using the CertCreateCertificateContext function. /// /// /// /// A pointer to a CERT_CONTEXT structure that contains the issuer information. An issuer can have multiple certificates, especially /// when a validity period is about to change. This parameter must be NULL on the call to get the first issuer certificate. /// To get the next certificate for the issuer, set pPrevIssuerContext to the CERT_CONTEXT structure returned by the previous call. /// /// This function frees the CERT_CONTEXT referenced by non- NULL values of this parameter. /// /// /// /// The following flags enable verification checks on the returned certificate. They can be combined using a bitwise- OR /// operation to enable multiple verifications. /// /// /// /// Value /// Meaning /// /// /// CERT_STORE_NO_CRL_FLAG /// Indicates no matching CRL was found. /// /// /// CERT_STORE_NO_ISSUER_FLAG /// Indicates no issuer certificate was found. /// /// /// CERT_STORE_REVOCATION_FLAG /// Checks whether the subject certificate is on the issuer's revocation list. /// /// /// CERT_STORE_SIGNATURE_FLAG /// Uses the public key in the issuer's certificate to verify the signature on the subject certificate. /// /// /// CERT_STORE_TIME_VALIDITY_FLAG /// Gets the current time and verifies that it is within the subject certificate's validity period. /// /// /// /// If a verification check of an enabled type succeeds, its flag is set to zero. If it fails, its flag remains set upon return. For /// CERT_STORE_REVOCATION_FLAG, the verification succeeds if the function does not find a CRL related to the subject certificate. /// /// /// If CERT_STORE_REVOCATION_FLAG is set and the issuer does not have a CRL in the store, CERT_STORE_NO_CRL_FLAG is set and /// CERT_STORE_REVOCATION_FLAG remains set. /// /// /// If CERT_STORE_SIGNATURE_FLAG or CERT_STORE_REVOCATION_FLAG is set, CERT_STORE_NO_ISSUER_FLAG is set if the function does not /// find an issuer certificate in the store. For more details, see Remarks. /// /// /// In the case of a verification check failure, a pointer to the issuer's CERT_CONTEXT is still returned and GetLastError is not updated. /// /// /// /// If the function succeeds, the return value is a pointer to a read-only issuer CERT_CONTEXT. /// If the function fails and the first or next issuer certificate is not found, the return value is NULL. /// /// Only the last returned CERT_CONTEXT structure must be freed by calling CertFreeCertificateContext. When the returned /// CERT_CONTEXT from one call to the function is supplied as the pPrevIssuerContext parameter on a subsequent call, the /// context is freed as part of the action of the function. /// /// For extended error information, call GetLastError. Some possible error codes follow. /// /// /// Return code /// Description /// /// /// CRYPT_E_NOT_FOUND /// No issuer was found for the subject certificate. /// /// /// CRYPT_E_SELF_SIGNED /// The issuer certificate is the same as the subject certificate. It is a self-signed root certificate. /// /// /// E_INVALIDARG /// /// The handle in the hCertStore parameter is not the same as that of the certificate context pointed to by the pPrevIssuerContext /// parameter, or an unsupported flag was set in pdwFlags. /// /// /// /// /// /// /// The returned pointer is freed when passed as the pPrevIssuerContext parameter on a subsequent call to the function. Otherwise, /// the pointer must be explicitly freed by calling CertFreeCertificateContext. A pPrevIssuerContext that is not NULL is /// always freed by CertGetIssuerCertificateFromStore using a call to CertFreeCertificateContext, even if there is an /// error in the function. /// /// CertDuplicateCertificateContext can be called to make a duplicate of the issuer certificate. /// /// The hexadecimal values for dwFlags can be combined using a bitwise- OR operation to enable multiple verifications. For /// example, to enable both signature and time validity, the value 0x00000003 is passed in dwFlags on input. In this case, if /// CERT_STORE_SIGNATURE_FLAG verification succeeds but CERT_STORE_TIME_VALIDITY_FLAG verification fails, dwFlags returns as /// 0x00000002 on output. /// /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetissuercertificatefromstore PCCERT_CONTEXT // CertGetIssuerCertificateFromStore( HCERTSTORE hCertStore, PCCERT_CONTEXT pSubjectContext, PCCERT_CONTEXT pPrevIssuerContext, // DWORD *pdwFlags ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "b57982d0-cba8-43cd-a544-3635fdf599e2")] public static extern SafePCCERT_CONTEXT CertGetIssuerCertificateFromStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pSubjectContext, PCCERT_CONTEXT pPrevIssuerContext, ref CertStoreVerification pdwFlags); ///

/// The CertGetServerOcspResponseContext function retrieves a non-blocking, time valid online certificate status protocol /// (OCSP) response context for the specified handle. ///

/// /// The OCSP server response handle for which to retrieve a response context. This handle is returned by the /// CertOpenServerOcspResponse function. /// /// This parameter is reserved for future use and must be zero. /// This parameter is reserved for future use and must be NULL. /// /// If the function succeeds, it returns a pointer to a CERT_SERVER_OCSP_RESPONSE_CONTEXT structure. /// /// For a response to be time valid, the current time on the system hosting this function call must be less than the next update /// time for the certificate revocation list (CRL) context. When a time valid OCSP response is not available, this function returns /// NULL with the last error set to CRYPT_E_REVOCATION_OFFLINE. /// /// /// /// If you use the CertGetServerOcspResponseContext function to create multiple references to an OCSP response context, you /// must call CertAddRefServerOcspResponseContext to increment the reference count for the CERT_SERVER_OCSP_RESPONSE_CONTEXT /// structure. When you have finished using the structure, you must free it by calling the CertFreeServerOcspResponseContext function. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetserverocspresponsecontext // PCCERT_SERVER_OCSP_RESPONSE_CONTEXT CertGetServerOcspResponseContext( HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse, DWORD // dwFlags, LPVOID pvReserved ); [DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "07476e43-db6b-4119-8d6b-41143b98744e")] public static extern SafePCCERT_SERVER_OCSP_RESPONSE_CONTEXT CertGetServerOcspResponseContext(HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse, uint dwFlags = 0, IntPtr pvReserved = default); ///

/// The CertGetSubjectCertificateFromStore function returns from a certificate store a subject certificate context uniquely /// identified by its issuer and serial number. ///

/// A handle of a certificate store. /// /// /// The type of encoding used. It is always acceptable to specify both the certificate and message encoding types by combining them /// with a bitwise- OR operation as shown in the following example: /// /// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are: /// /// /// X509_ASN_ENCODING /// /// /// PKCS_7_ASN_ENCODING /// /// /// /// A pointer to a CERT_INFO structure. Only the Issuer and SerialNumber members are used. /// /// /// If the function succeeds, the function returns a pointer to a read-only CERT_CONTEXT. The CERT_CONTEXT must be freed by /// calling CertFreeCertificateContext. /// /// The returned certificate might not be valid. Usually, it is verified when getting its issuer certificate (CertGetIssuerCertificateFromStore). /// For extended error information, call GetLastError. One possible error code is the following. /// /// /// Return code /// Description /// /// /// CRYPT_E_NOT_FOUND /// The subject certificate was not found in the store. /// /// /// /// /// CertDuplicateCertificateContext can be called to make a duplicate certificate. /// Examples /// /// The following example shows retrieving a subject's certificate context, uniquely identified by its issuer and serial number, /// from the certificate store. For an example that includes the complete context for this example, see Example C Program: Signing, /// Encoding, Decoding, and Verifying a Message. /// /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetsubjectcertificatefromstore PCCERT_CONTEXT // CertGetSubjectCertificateFromStore( HCERTSTORE hCertStore, DWORD dwCertEncodingType, PCERT_INFO pCertId ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "61d73501-91b1-4498-b1a3-17392360c700")] public static extern SafePCCERT_CONTEXT CertGetSubjectCertificateFromStore(HCERTSTORE hCertStore, CertEncodingType dwCertEncodingType, in CERT_INFO pCertId); ///

/// The CertGetValidUsages function returns an array of usages that consist of the intersection of the valid usages for all /// certificates in an array of certificates. ///

/// The number of certificates in the array to be checked. /// An array of certificates to be checked for valid usage. /// /// The number of valid usages found as the intersection of the valid usages of all certificates in the array. If all of the /// certificates are valid for all usages, cNumOIDs is set to negative one (–1). /// /// /// An array of the object identifiers (OIDs) of the valid usages that are shared by all of the certificates in the rghCerts array. /// This parameter can be NULL to set the size of this structure for memory allocation purposes. For more information, see /// Retrieving Data of Unknown Length. /// /// /// A pointer to a DWORD value that specifies the size, in bytes, of the rghOIDs array and the strings pointed to. When the /// function returns, the DWORD value contains the number of bytes needed for the array. /// /// /// If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. For extended error /// information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetvalidusages BOOL CertGetValidUsages( DWORD cCerts, // PCCERT_CONTEXT *rghCerts, int *cNumOIDs, LPSTR *rghOIDs, DWORD *pcbOIDs ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "1504f166-2fa9-4041-9d72-b150cd8baa8a")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CertGetValidUsages(uint cCerts, [MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 0)] PCCERT_CONTEXT[] rghCerts, out int cNumOIDs, IntPtr rghOIDs, ref uint pcbOIDs); ///

/// The CertOpenServerOcspResponse function opens a handle to an online certificate status protocol (OCSP) response /// associated with a server certificate chain. ///

/// The address of a CERT_CHAIN_CONTEXT structure that contains the certificate chain. /// This parameter is not used and must be zero. /// This parameter is not used and must be NULL. /// /// /// Returns a handle to the OCSP response associated with a server certificate chain if successful; otherwise, NULL. This /// handle must be passed to the CertCloseServerOcspResponse function when it is no longer needed. /// /// /// For extended error information, call GetLastError. Possible error codes returned by the GetLastError function include, /// but are not limited to, the following. /// /// /// /// Return code /// Description /// /// /// ERROR_INVALID_PARAMETER /// One or more parameters are not valid. /// /// /// CRYPT_E_NOT_IN_REVOCATION_DATABASE /// The end certificate does not contain an OCSP authority information access (AIA) URL. /// /// /// /// /// /// The CertOpenServerOcspResponse function tries to retrieve an initial OCSP response before it returns. It blocks its /// process thread during the retrieval. The CertOpenServerOcspResponse function creates a background thread that prefetches /// time-valid OCSP responses. /// /// /// The CertOpenServerOcspResponse function increments the reference count for the chain context represented by the /// pChainContext parameter. When you have finished using the chain context, close the returned handle by calling the /// CertCloseServerOcspResponse function. /// /// The CertOpenServerOcspResponse function initializes configuration settings used by the following functions: /// /// /// CertAddRefServerOcspResponse /// /// /// CertCloseServerOcspResponse /// /// /// CertGetServerOcspResponseContext /// /// /// CertAddRefServerOcspResponseContext /// /// /// CertFreeServerOcspResponseContext /// /// /// /// First, the CertOpenServerOcspResponse function initializes the settings based on default values in Wincrypt.h. If the /// function subsequently finds the registry key defined in CERT_CHAIN_CONFIG_REGPATH, it updates the previously initialized /// values with the registry values. /// /// The following configuration setting names and default values are initialized by this function: /// /// /// CERT_SRV_OCSP_RESP_MIN_VALIDITY_SECONDS_VALUE_NAME /// /// /// CERT_SRV_OCSP_RESP_MIN_VALIDITY_SECONDS_DEFAULT /// /// /// CERT_SRV_OCSP_RESP_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_VALUE_NAME /// /// /// CERT_SRV_OCSP_RESP_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_DEFAULT /// /// /// CERT_SRV_OCSP_RESP_MAX_BEFORE_NEXT_UPDATE_SECONDS_VALUE_NAME /// /// /// CERT_SRV_OCSP_RESP_MAX_BEFORE_NEXT_UPDATE_SECONDS_DEFAULT /// /// /// CERT_SRV_OCSP_RESP_MIN_BEFORE_NEXT_UPDATE_SECONDS_VALUE_NAME /// /// /// CERT_SRV_OCSP_RESP_MIN_BEFORE_NEXT_UPDATE_SECONDS_DEFAULT /// /// /// CERT_SRV_OCSP_RESP_MIN_AFTER_NEXT_UPDATE_SECONDS_VALUE_NAME /// /// /// CERT_SRV_OCSP_RESP_MIN_AFTER_NEXT_UPDATE_SECONDS_DEFAULT /// /// /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopenserverocspresponse HCERT_SERVER_OCSP_RESPONSE // CertOpenServerOcspResponse( PCCERT_CHAIN_CONTEXT pChainContext, DWORD dwFlags, PCERT_SERVER_OCSP_RESPONSE_OPEN_PARA pOpenPara ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "c29d1972-b329-4e32-aead-a038130fb85e")] public static extern HCERT_SERVER_OCSP_RESPONSE CertOpenServerOcspResponse([In] PCCERT_CHAIN_CONTEXT pChainContext, uint dwFlags = 0, IntPtr pOpenPara = default); ///

/// The CertRetrieveLogoOrBiometricInfo function performs a URL retrieval of logo or biometric information specified in /// either the szOID_LOGOTYPE_EXT or szOID_BIOMETRIC_EXT certificate extension. The szOID_BIOMETRIC_EXT /// extension (IETF RFC 3739) supports the addition of a signature or a pictorial representation of the human holder of the /// certificate. The szOID_LOGOTYPE_EXT extension (IETF RFC 3709) supports the addition of organizational pictorial /// representations in certificates. ///

/// The address of a CERT_CONTEXT structure that contains the certificate. /// /// /// The address of a null-terminated ANSI string that contains an object identifier (OID) string that identifies the type of /// information to retrieve. /// /// This parameter may also contain one of the following predefined values. /// /// /// Value /// Meaning /// /// /// CERT_RETRIEVE_ISSUER_LOGO /// Retrieve the certificate issuer logotype. /// /// /// CERT_RETRIEVE_SUBJECT_LOGO /// Retrieve the certificate subject logotype. /// /// /// CERT_RETRIEVE_COMMUNITY_LOGO /// Retrieve the certificate community logotype. /// /// /// CERT_RETRIEVE_BIOMETRIC_PICTURE_TYPE /// Retrieve the picture associated with the certificate. /// /// /// CERT_RETRIEVE_BIOMETRIC_SIGNATURE_TYPE /// Retrieve the signature associated with the certificate. /// /// /// /// /// A set of flags that specify how the information should be retrieved. This parameter is passed as the dwRetrievalFlags in the /// CryptRetrieveObjectByUrl function. /// /// The maximum amount of time, in milliseconds, to wait for the retrieval. /// This parameter is not used and must be zero. /// This parameter is not used and must be NULL. /// /// The address of a BYTE pointer that receives the logotype or biometric data. This memory must be freed when it is no /// longer needed by passing this pointer to the CryptMemFree function. /// /// The address of a DWORD variable that receives the number of bytes in the ppbData buffer. /// /// /// The address of a pointer to a null-terminated Unicode string that receives the Multipurpose Internet Mail Extensions (MIME) type /// of the data. This parameter can be NULL if this information is not needed. This memory must be freed when it is no longer /// needed by passing this pointer to the CryptMemFree function. /// /// /// This address always receives NULL for biometric types. You must always ensure that this parameter contains a valid memory /// address before attempting to access the memory. /// /// /// /// Returns nonzero if successful or zero otherwise. /// /// For extended error information, call GetLastError. Possible error codes returned by the GetLastError function include, /// but are not limited to, the following. /// /// /// /// Return code /// Description /// /// /// CRYPT_E_HASH_VALUE /// The computed hash value does not match the hash value in the certificate. /// /// /// CRYPT_E_NOT_FOUND /// /// The certificate does not contain the szOID_LOGOTYPE_EXT or szOID_BIOMETRIC_EXT extension, or the specified /// lpszLogoOrBiometricType was not found. /// /// /// /// E_INVALIDARG /// One or more parameters are not valid. /// /// /// ERROR_INVALID_DATA /// No data could be retrieved from the URL specified by the certificate extension. /// /// /// ERROR_NOT_SUPPORTED /// The certificate does not support the required extension. /// /// /// NTE_BAD_ALGID /// The hash algorithm OID is unknown. /// /// /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certretrievelogoorbiometricinfo BOOL // CertRetrieveLogoOrBiometricInfo( PCCERT_CONTEXT pCertContext, LPCSTR lpszLogoOrBiometricType, DWORD dwRetrievalFlags, DWORD // dwTimeout, DWORD dwFlags, void *pvReserved, BYTE **ppbData, DWORD *pcbData, LPWSTR *ppwszMimeType ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "35813928-728e-40b7-b627-817d3094eeb1")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CertRetrieveLogoOrBiometricInfo(PCCERT_CONTEXT pCertContext, [In] SafeOID lpszLogoOrBiometricType, CryptRetrievalFlags dwRetrievalFlags, uint dwTimeout, [Optional] uint dwFlags, [Optional] IntPtr pvReserved, out SafeCryptMem ppbData, out uint pcbData, out SafeCryptMem ppwszMimeType); ///

The CertSelectCertificateChains function retrieves certificate chains based on specified selection criteria.

/// A pointer to the GUID of the certificate selection scenario to use for this call. /// /// /// Flags for controlling the certificate selection process. This parameter can be a combination of zero or more of the following flags: /// /// /// /// Value /// Meaning /// /// /// CERT_SELECT_ALLOW_EXPIRED /// Select expired certificates that meet selection criteria. By default expired certificates are rejected from selection. /// /// /// CERT_SELECT_TRUSTED_ROOT /// /// Select certificates on which the error bit in the certificate chain trust status is not set to CERT_TRUST_IS_UNTRUSTED_ROOT, /// CERT_TRUST_IS_PARTIAL_CHAIN, or CERT_TRUST_IS_NOT_TIME_VALID. In addition, certificates that have one of the following invalid /// constraint errors are not selected: /// /// /// /// CERT_SELECT_DISALLOW_SELFSIGNED /// Select certificates that are not self-issued and self-signed. /// /// /// CERT_SELECT_HAS_PRIVATE_KEY /// Select certificates that have a value set for the CERT_KEY_PROV_INFO_PROP_ID property of the certificate. /// /// /// CERT_SELECT_HAS_KEY_FOR_SIGNATURE /// /// Select certificates on which the value of the dwKeySpec member of the CERT_KEY_PROV_INFO_PROP_ID property is set to /// AT_SIGNATURE. If this function is being called as part of a CNG enabled application and the dwKeySpec member of the /// CERT_KEY_PROV_INFO_PROP_ID property is set to -1, select certificates on which the value of the NCRYPT_KEY_USAGE_PROPERTY /// property of the associated private key has the NCRYPT_ALLOW_SIGNING_FLAG set. /// /// /// /// CERT_SELECT_HAS_KEY_FOR_KEY_EXCHANGE /// /// Select certificates on which the value of the dwKeySpec member of the CERT_KEY_PROV_INFO_PROP_ID property is set to /// AT_KEYEXCHANGE. If this function is being called as part of a CNG enabled application and the dwKeySpec member of the /// CERT_KEY_PROV_INFO_PROP_ID property is set to -1, select certificates on which either NCRYPT_ALLOW_DECRYPT_FLAG or /// NCRYPT_ALLOW_KEY_AGREEMENT_FLAG is set. /// /// /// /// CERT_SELECT_HARDWARE_ONLY /// /// Select certificates on which the value of the PP_IMPTYPE property of the associated private key provider is set to either /// CRYPT_IMPL_HARDWARE or CRYPT_IMPL_REMOVABLE. (For CNG providers, NCRYPT_IMPL_TYPE_PROPERTY property value MUST have either the /// NCRYPT_IMPL_HARDWARE_FLAG or NCRYPT_IMPL_REMOVABLE_FLAG bit set). If this function is being called as part of a CNG enabled /// application, select certificates on which the NCRYPT_IMPL_TYPE_PROPERTY property is set to NCRYPT_IMPL_HARDWARE_FLAG or NCRYPT_IMPL_REMOVABLE_FLAG. /// /// /// /// CERT_SELECT_ALLOW_DUPLICATES /// /// Allow the selection of certificates on which the Subject and Subject Alt Name contain the same information and the certificate /// template extension value is equivalent. By default when certificates match this criteria, only the most recent certificate is selected. /// /// /// /// /// /// /// A pointer to a CERT_SELECT_CHAIN_PARA structure to specify parameters for chain building. If NULL, default parameters /// will be used. /// /// /// The pChainPara member of the CERT_SELECT_CHAIN_PARA structure points to a CERT_CHAIN_PARA structure that can be used to /// enable strong signing. /// /// /// The number of elements in the array pointed to by the rgpCriteria array. /// /// A pointer to an array of CERT_SELECT_CRITERIA structures that define the selection criteria. If this parameter is set to /// NULL, the value of the cCriteria parameter must be zero. /// /// The handle to a store from which to select the certificates. /// /// A pointer to a DWORD value to receive the number of elements in the array pointed to by the pprgpSelection parameter. /// /// /// /// A pointer to a pointer to a location to receive an array of CERT_CHAIN_CONTEXT structure. The CertSelectCertificateChains /// function only returns certificate chains that match all the selection criteria. The entries in the array are ordered by quality, /// i.e. the chain with the highest quality is the first entry. /// /// /// Storage for the array is allocated by the CertSelectCertificateChains function. To free the allocated memory you must /// first release each individual chain context in the array by calling the CertFreeCertificateChain function. Then you must free /// the memory by calling the CertFreeCertificateChainList function. /// /// /// /// If the function succeeds, the function returns TRUE. /// If the function fails, it returns zero (FALSE). For extended error information, call the GetLastError function. /// /// Note If the selection does not yield any results, the CertSelectCertificateChains function returns TRUE, /// but the value pointed to by pcSelection parameter is set to zero. /// /// /// /// /// Selection criteria can be specified through either the dwFlags parameter, through the rgpCriteria parameter, or through both /// parameters. If no selection criteria are specified, the function succeeds and returns certificate chains for all certificates in /// the store specified by the hStore parameter. /// /// Certificate chains that are selected are ordered based on the following preference logic: /// /// /// Prefer certificates that are smart card certificates over certificates that are not smart-card based. /// /// /// Prefer certificates that have a longer validity period (the expiration date is later.) /// /// /// If multiple certificates have same expiration date, prefer certificates that were issued more recently. /// /// /// If there is a tie, prefer shorter chains. /// /// /// /// Certain selection criteria require that a certificate chain be built before you can select that criteria for use. If the /// intermediate certificates required to build the chain are not available locally, a network retrieval is performed for the issuer /// certificates. This network retrieval is performed if the CERT_SELECT_TRUSTED_ROOT flag is set or for the following criteria: /// /// /// /// CERT_SELECT_BY_ISSUER_NAME /// /// /// CERT_SELECT_BY_ISSUER_ATTR /// /// /// CERT_SELECT_BY_POLICY_OID /// /// /// Perform the following actions to enable strong signature checking: /// /// /// /// Create a CERT_STRONG_SIGN_PARA structure, specify the required strong signing parameters, and set a pointer to the structure in /// the pStrongSignPara member of a CERT_CHAIN_PARA structure. /// /// /// /// Set a pointer to the CERT_CHAIN_PARA structure in the pChainPara member of a CERT_SELECT_CHAIN_PARA structure. /// /// /// Set a pointer to the CERT_SELECT_CHAIN_PARA structure in the pChainParameters parameter of this ( CertSelectCertificateChains)function. /// /// /// /// When you enable strong signature checking, any certificate chain that returns a CERT_TRUST_IS_NOT_SIGNATURE_VALID error /// in the dwErrorStatus field of the CERT_TRUST_STATUS structure will be skipped. (The pprgpSelection parameter points to a /// CERT_CHAIN_CONTEXT structure which, in turn, points to the CERT_TRUST_STATUS structure.) The /// CERT_TRUST_HAS_WEAK_SIGNATURE value is also set for a weak signature. /// /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certselectcertificatechains BOOL // CertSelectCertificateChains( LPCGUID pSelectionContext, DWORD dwFlags, PCCERT_SELECT_CHAIN_PARA pChainParameters, DWORD // cCriteria, PCCERT_SELECT_CRITERIA rgpCriteria, HCERTSTORE hStore, PDWORD pcSelection, PCCERT_CHAIN_CONTEXT **pprgpSelection ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "b740772b-d25b-4b3d-9acb-03f7018750d6")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CertSelectCertificateChains(in Guid pSelectionContext, CertSelection dwFlags, [Optional] IntPtr pChainParameters, uint cCriteria, [In, Optional, MarshalAs(UnmanagedType.LPArray)] CERT_SELECT_CRITERIA[] rgpCriteria, HCERTSTORE hStore, out uint pcSelection, out IntPtr pprgpSelection); ///

The CertSelectCertificateChains function retrieves certificate chains based on specified selection criteria.

/// A pointer to the GUID of the certificate selection scenario to use for this call. /// /// /// Flags for controlling the certificate selection process. This parameter can be a combination of zero or more of the following flags: /// /// /// /// Value /// Meaning /// /// /// CERT_SELECT_ALLOW_EXPIRED /// Select expired certificates that meet selection criteria. By default expired certificates are rejected from selection. /// /// /// CERT_SELECT_TRUSTED_ROOT /// /// Select certificates on which the error bit in the certificate chain trust status is not set to CERT_TRUST_IS_UNTRUSTED_ROOT, /// CERT_TRUST_IS_PARTIAL_CHAIN, or CERT_TRUST_IS_NOT_TIME_VALID. In addition, certificates that have one of the following invalid /// constraint errors are not selected: /// /// /// /// CERT_SELECT_DISALLOW_SELFSIGNED /// Select certificates that are not self-issued and self-signed. /// /// /// CERT_SELECT_HAS_PRIVATE_KEY /// Select certificates that have a value set for the CERT_KEY_PROV_INFO_PROP_ID property of the certificate. /// /// /// CERT_SELECT_HAS_KEY_FOR_SIGNATURE /// /// Select certificates on which the value of the dwKeySpec member of the CERT_KEY_PROV_INFO_PROP_ID property is set to /// AT_SIGNATURE. If this function is being called as part of a CNG enabled application and the dwKeySpec member of the /// CERT_KEY_PROV_INFO_PROP_ID property is set to -1, select certificates on which the value of the NCRYPT_KEY_USAGE_PROPERTY /// property of the associated private key has the NCRYPT_ALLOW_SIGNING_FLAG set. /// /// /// /// CERT_SELECT_HAS_KEY_FOR_KEY_EXCHANGE /// /// Select certificates on which the value of the dwKeySpec member of the CERT_KEY_PROV_INFO_PROP_ID property is set to /// AT_KEYEXCHANGE. If this function is being called as part of a CNG enabled application and the dwKeySpec member of the /// CERT_KEY_PROV_INFO_PROP_ID property is set to -1, select certificates on which either NCRYPT_ALLOW_DECRYPT_FLAG or /// NCRYPT_ALLOW_KEY_AGREEMENT_FLAG is set. /// /// /// /// CERT_SELECT_HARDWARE_ONLY /// /// Select certificates on which the value of the PP_IMPTYPE property of the associated private key provider is set to either /// CRYPT_IMPL_HARDWARE or CRYPT_IMPL_REMOVABLE. (For CNG providers, NCRYPT_IMPL_TYPE_PROPERTY property value MUST have either the /// NCRYPT_IMPL_HARDWARE_FLAG or NCRYPT_IMPL_REMOVABLE_FLAG bit set). If this function is being called as part of a CNG enabled /// application, select certificates on which the NCRYPT_IMPL_TYPE_PROPERTY property is set to NCRYPT_IMPL_HARDWARE_FLAG or NCRYPT_IMPL_REMOVABLE_FLAG. /// /// /// /// CERT_SELECT_ALLOW_DUPLICATES /// /// Allow the selection of certificates on which the Subject and Subject Alt Name contain the same information and the certificate /// template extension value is equivalent. By default when certificates match this criteria, only the most recent certificate is selected. /// /// /// /// /// /// /// A pointer to a CERT_SELECT_CHAIN_PARA structure to specify parameters for chain building. If NULL, default parameters /// will be used. /// /// /// The pChainPara member of the CERT_SELECT_CHAIN_PARA structure points to a CERT_CHAIN_PARA structure that can be used to /// enable strong signing. /// /// /// The number of elements in the array pointed to by the rgpCriteria array. /// /// A pointer to an array of CERT_SELECT_CRITERIA structures that define the selection criteria. If this parameter is set to /// NULL, the value of the cCriteria parameter must be zero. /// /// The handle to a store from which to select the certificates. /// /// A pointer to a DWORD value to receive the number of elements in the array pointed to by the pprgpSelection parameter. /// /// /// /// A pointer to a pointer to a location to receive an array of CERT_CHAIN_CONTEXT structure. The CertSelectCertificateChains /// function only returns certificate chains that match all the selection criteria. The entries in the array are ordered by quality, /// i.e. the chain with the highest quality is the first entry. /// /// /// Storage for the array is allocated by the CertSelectCertificateChains function. To free the allocated memory you must /// first release each individual chain context in the array by calling the CertFreeCertificateChain function. Then you must free /// the memory by calling the CertFreeCertificateChainList function. /// /// /// /// If the function succeeds, the function returns TRUE. /// If the function fails, it returns zero (FALSE). For extended error information, call the GetLastError function. /// /// Note If the selection does not yield any results, the CertSelectCertificateChains function returns TRUE, /// but the value pointed to by pcSelection parameter is set to zero. /// /// /// /// /// Selection criteria can be specified through either the dwFlags parameter, through the rgpCriteria parameter, or through both /// parameters. If no selection criteria are specified, the function succeeds and returns certificate chains for all certificates in /// the store specified by the hStore parameter. /// /// Certificate chains that are selected are ordered based on the following preference logic: /// /// /// Prefer certificates that are smart card certificates over certificates that are not smart-card based. /// /// /// Prefer certificates that have a longer validity period (the expiration date is later.) /// /// /// If multiple certificates have same expiration date, prefer certificates that were issued more recently. /// /// /// If there is a tie, prefer shorter chains. /// /// /// /// Certain selection criteria require that a certificate chain be built before you can select that criteria for use. If the /// intermediate certificates required to build the chain are not available locally, a network retrieval is performed for the issuer /// certificates. This network retrieval is performed if the CERT_SELECT_TRUSTED_ROOT flag is set or for the following criteria: /// /// /// /// CERT_SELECT_BY_ISSUER_NAME /// /// /// CERT_SELECT_BY_ISSUER_ATTR /// /// /// CERT_SELECT_BY_POLICY_OID /// /// /// Perform the following actions to enable strong signature checking: /// /// /// /// Create a CERT_STRONG_SIGN_PARA structure, specify the required strong signing parameters, and set a pointer to the structure in /// the pStrongSignPara member of a CERT_CHAIN_PARA structure. /// /// /// /// Set a pointer to the CERT_CHAIN_PARA structure in the pChainPara member of a CERT_SELECT_CHAIN_PARA structure. /// /// /// Set a pointer to the CERT_SELECT_CHAIN_PARA structure in the pChainParameters parameter of this ( CertSelectCertificateChains)function. /// /// /// /// When you enable strong signature checking, any certificate chain that returns a CERT_TRUST_IS_NOT_SIGNATURE_VALID error /// in the dwErrorStatus field of the CERT_TRUST_STATUS structure will be skipped. (The pprgpSelection parameter points to a /// CERT_CHAIN_CONTEXT structure which, in turn, points to the CERT_TRUST_STATUS structure.) The /// CERT_TRUST_HAS_WEAK_SIGNATURE value is also set for a weak signature. /// /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certselectcertificatechains BOOL // CertSelectCertificateChains( LPCGUID pSelectionContext, DWORD dwFlags, PCCERT_SELECT_CHAIN_PARA pChainParameters, DWORD // cCriteria, PCCERT_SELECT_CRITERIA rgpCriteria, HCERTSTORE hStore, PDWORD pcSelection, PCCERT_CHAIN_CONTEXT **pprgpSelection ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "b740772b-d25b-4b3d-9acb-03f7018750d6")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CertSelectCertificateChains([Optional] IntPtr pSelectionContext, CertSelection dwFlags, [Optional] IntPtr pChainParameters, uint cCriteria, [In, Optional, MarshalAs(UnmanagedType.LPArray)] CERT_SELECT_CRITERIA[] rgpCriteria, HCERTSTORE hStore, out uint pcSelection, out IntPtr pprgpSelection); ///

/// The CertSerializeCertificateStoreElement function serializes a certificate context's encoded certificate and its encoded /// properties. The result can be persisted to storage so that the certificate and properties can be retrieved at a later time. ///

/// A pointer to the CERT_CONTEXT to be serialized. /// Reserved for future use and must be zero. /// /// A pointer to a buffer that receives the serialized output, including the encoded certificate and possibly its properties. /// /// This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see /// Retrieving Data of Unknown Length. /// /// /// /// /// A pointer to a DWORD value specifying the size, in bytes, of the buffer pointed to by the pbElement parameter. When the /// function returns, DWORD value contains the number of bytes stored in the buffer. /// /// /// Note When processing the data returned in the buffer, applications must use the actual size of the data returned. The /// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually /// specified large enough to ensure that the largest possible output data fits in the buffer.) On output, the variable pointed to /// by this parameter is updated to reflect the actual size of the data copied to the buffer. /// /// /// /// If the function succeeds, the return value is TRUE. /// If the function fails, the return value is FALSE. For extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certserializecertificatestoreelement BOOL // CertSerializeCertificateStoreElement( PCCERT_CONTEXT pCertContext, DWORD dwFlags, BYTE *pbElement, DWORD *pcbElement ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "104fc986-6344-41b7-8843-23c3c72405a2")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CertSerializeCertificateStoreElement(PCCERT_CONTEXT pCertContext, [Optional] uint dwFlags, [In, Out, Optional] IntPtr pbElement, ref uint pcbElement); ///

/// The CertVerifySubjectCertificateContext function performs the enabled verification checks on a certificate by checking /// the validity of the certificate's issuer. The new Certificate Chain Verification Functions are recommended instead of this function. ///

/// A pointer to a CERT_CONTEXT structure containing the subject's certificate. /// /// A pointer to a CERT_CONTEXT containing the issuer's certificate. When checking just CERT_STORE_TIME_VALIDITY_FLAG, pIssuer can /// be NULL. /// /// /// /// A pointer to a DWORD value contain verification check flags. The following flags can be set to enable verification checks /// on the subject certificate. They can be combined using a bitwise- OR operation to enable multiple verifications. /// /// /// /// Value /// Meaning /// /// /// CERT_STORE_REVOCATION_FLAG /// Checks whether the subject certificate is on the issuer's revocation list. /// /// /// CERT_STORE_SIGNATURE_FLAG /// Uses the public key in the issuer's certificate to verify the signature on the subject certificate. /// /// /// CERT_STORE_TIME_VALIDITY_FLAG /// Gets the current time and verifies that it is within the subject certificate's validity period. /// /// /// If an enabled verification check succeeds, its flag is set to zero. If it fails, then its flag is set upon return. /// /// If CERT_STORE_REVOCATION_FLAG was enabled and the issuer does not have a CRL in the store, then CERT_STORE_NO_CRL_FLAG is set in /// addition to CERT_STORE_REVOCATION_FLAG. /// /// /// /// If the function succeeds, the return value is TRUE. /// If the function fails, the return value is FALSE. /// /// For a verification check failure, TRUE is still returned. FALSE is returned only when a bad parameter is passed in. /// /// For extended error information, call GetLastError. One possible error code is the following. /// /// /// Return code /// Description /// /// /// E_INVALIDARG /// /// An unsupported bit was set in pdwFlags. Any combination of CERT_STORE_SIGNATURE_FLAG, CERT_STORE_TIME_VALIDITY_FLAG, and /// CERT_STORE_REVOCATION_FLAG can be set. If pIssuer is NULL, only CERT_STORE_TIME_VALIDITY_FLAG can be set. /// /// /// /// /// /// /// The hexadecimal value of the flags can be combined using bitwise- OR operations to enable multiple verifications. For /// example, to enable both signature and time validity, the value /// /// /// is placed in the pdwFlags DWORD value as an input parameter. If CERT_STORE_SIGNATURE_FLAG verification succeeds, but /// CERT_STORE_TIME_VALIDITY_FLAG verification fails, pdwFlags is set to CERT_STORE_TIME_VALIDITY_FLAG when the function returns. /// /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certverifysubjectcertificatecontext BOOL // CertVerifySubjectCertificateContext( PCCERT_CONTEXT pSubject, PCCERT_CONTEXT pIssuer, DWORD *pdwFlags ); [DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "063b19cf-d3b3-4ec3-bfd3-9406eecd3e10")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CertVerifySubjectCertificateContext(PCCERT_CONTEXT pSubject, PCCERT_CONTEXT pIssuer, ref CertStoreVerification pdwFlags); ///

/// The CERT_CHAIN_CONTEXT structure contains an array of simple certificate chains and a trust status structure that /// indicates summary validity data on all of the connected simple chains. ///

/// /// When a CERT_CHAIN_CONTEXT is built, the first simple chain begins with an end certificate and ends with a self-signed /// certificate. If that self-signed certificate is not a root or otherwise trusted certificate, an attempt is made to build a new /// chain. CTLs are used to create the new chain beginning with the self-signed certificate from the original chain as the end /// certificate of the new chain. This process continues building additional simple chains until the first self-signed certificate /// is a trusted certificate or until an additional simple chain cannot be built. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_chain_context typedef struct _CERT_CHAIN_CONTEXT { // DWORD cbSize; CERT_TRUST_STATUS TrustStatus; DWORD cChain; PCERT_SIMPLE_CHAIN *rgpChain; DWORD cLowerQualityChainContext; // PCCERT_CHAIN_CONTEXT *rgpLowerQualityChainContext; BOOL fHasRevocationFreshnessTime; DWORD dwRevocationFreshnessTime; DWORD // dwCreateFlags; GUID ChainId; } CERT_CHAIN_CONTEXT, *PCERT_CHAIN_CONTEXT; [PInvokeData("wincrypt.h", MSDNShortId = "609311f4-9cd6-4945-9f93-7266b3fc4a74")] [StructLayout(LayoutKind.Sequential)] public struct CERT_CHAIN_CONTEXT { ///

The size, in bytes, of this structure.

public uint cbSize; ///

/// A structure that indicates the combined trust status of the simple chains array. The structure includes an error status code /// and an information status code. For information about status code values, see CERT_TRUST_STATUS. ///

public CERT_TRUST_STATUS TrustStatus; ///

The number of simple chains in the array.

public uint cChain; ///

/// An array of pointers to simple chain structures. rgpChain[0] is the end certificate simple chain, and /// rgpChain[ cChain–1] is the final chain. If the end certificate is to be considered valid, the final chain must /// begin with a certificate contained in the root store or an otherwise trusted, self-signed certificate. If the original chain /// begins with a trusted certificate, there will be only a single simple chain in the array. ///

public IntPtr rgpChain; ///

The number of chains in the rgpLowerQualityChainContext array.

public uint cLowerQualityChainContext; ///

/// An array of pointers to CERT_CHAIN_CONTEXT structures. Returned when CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS is set in dwFlags. ///

public IntPtr rgpLowerQualityChainContext; ///

A Boolean value set to TRUE if dwRevocationFreshnessTime is available.

[MarshalAs(UnmanagedType.Bool)] public bool fHasRevocationFreshnessTime; ///

/// The largest CurrentTime, in seconds, minus the certificate revocation list's (CRL's) ThisUpdate of all elements checked. ///

public uint dwRevocationFreshnessTime; ///

public uint dwCreateFlags; ///

public Guid ChainId; ///

Gets the chain from .

public unsafe CERT_SIMPLE_CHAIN*[] GetChain() { var ret = new CERT_SIMPLE_CHAIN*[(int)cChain]; for (int i = 0; i < cChain; i++) ret[i] = ((CERT_SIMPLE_CHAIN**)rgpChain)[i]; return ret; } ///

Gets the contexts from .

public unsafe CERT_CHAIN_CONTEXT*[] GetLowerQualityChainContext() { var ret = new CERT_CHAIN_CONTEXT*[(int)cLowerQualityChainContext]; for (int i = 0; i < cLowerQualityChainContext; i++) ret[i] = ((CERT_CHAIN_CONTEXT**)rgpLowerQualityChainContext)[i]; return ret; } } ///

/// The CERT_CHAIN_ELEMENT structure is a single element in a simple certificate chain. Each element has a pointer to a /// certificate context, a pointer to a structure that indicates the error status and information status of the certificate, and a /// pointer to a structure that indicates the revocation status of the certificate. ///

// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_chain_element typedef struct _CERT_CHAIN_ELEMENT { // DWORD cbSize; PCCERT_CONTEXT pCertContext; CERT_TRUST_STATUS TrustStatus; PCERT_REVOCATION_INFO pRevocationInfo; // PCERT_ENHKEY_USAGE pIssuanceUsage; PCERT_ENHKEY_USAGE pApplicationUsage; LPCWSTR pwszExtendedErrorInfo; } CERT_CHAIN_ELEMENT, *PCERT_CHAIN_ELEMENT; [PInvokeData("wincrypt.h", MSDNShortId = "a1f6ba18-63ef-43ac-a17f-900fa13398aa")] [StructLayout(LayoutKind.Sequential)] public struct CERT_CHAIN_ELEMENT { ///

Size of this structure in bytes.

public uint cbSize; ///

A pointer to a certificate context.

public PCCERT_CONTEXT pCertContext; ///

/// Structure indicating the status of the certificate. The structure includes an error status code and an information status /// code. For information about status code values, see CERT_TRUST_STATUS. ///

public CERT_TRUST_STATUS TrustStatus; ///

/// A pointer to a CERT_REVOCATION_INFO structure with information on the revocation status of the certificate. If revocation /// checking was not enabled, pRevocationInfo is NULL. ///

public IntPtr pRevocationInfo; ///

A pointer to a CERT_ENHKEY_USAGE structure. If NULL, any issuance policy is acceptable.

public IntPtr pIssuanceUsage; ///

A pointer to a CERT_ENHKEY_USAGE structure. If NULL, any enhanced key usage is acceptable.

public IntPtr pApplicationUsage; ///

/// A pointer to a null-terminated wide character string that contains extended error information. If NULL, there /// is no extended error information. ///

public StrPtrUni pwszExtendedErrorInfo; } ///

/// Contains information updated by a certificate revocation list (CRL) revocation type handler. The CERT_REVOCATION_CRL_INFO /// structure is used with both base and delta CRLs. ///

// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_revocation_crl_info typedef struct // _CERT_REVOCATION_CRL_INFO { DWORD cbSize; PCCRL_CONTEXT pBaseCrlContext; PCCRL_CONTEXT pDeltaCrlContext; PCRL_ENTRY pCrlEntry; // BOOL fDeltaCrlEntry; } CERT_REVOCATION_CRL_INFO, *PCERT_REVOCATION_CRL_INFO; [PInvokeData("wincrypt.h", MSDNShortId = "069ff521-90fd-4de8-9b5c-045e44e87f75")] [StructLayout(LayoutKind.Sequential)] public struct CERT_REVOCATION_CRL_INFO { ///

Size, in bytes, of the structure.

public uint cbSize; ///

public PCCRL_CONTEXT pBaseCrlContext; ///

public PCCRL_CONTEXT pDeltaCrlContext; ///

A pointer to an entry in either the base CRL or the delta CRL.

public IntPtr pCrlEntry; ///

/// TRUE if pCrlEntry points to an entry in the delta CRL. FALSE if pCrlEntry points to an entry in /// the base CRL. ///

[MarshalAs(UnmanagedType.Bool)] public bool fDeltaCrlEntry; } ///

The CERT_REVOCATION_INFO structure indicates the revocation status of a certificate in a CERT_CHAIN_ELEMENT.

// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_revocation_info typedef struct _CERT_REVOCATION_INFO // { DWORD cbSize; DWORD dwRevocationResult; LPCSTR pszRevocationOid; LPVOID pvOidSpecificInfo; BOOL fHasFreshnessTime; DWORD // dwFreshnessTime; PCERT_REVOCATION_CRL_INFO pCrlInfo; } CERT_REVOCATION_INFO, *PCERT_REVOCATION_INFO; [PInvokeData("wincrypt.h", MSDNShortId = "798aa2d7-bf8a-425f-bc36-98a44ba3a9d6")] [StructLayout(LayoutKind.Sequential)] public struct CERT_REVOCATION_INFO { ///

Size of this structure in bytes.

public uint cbSize; ///

/// Currently defined values are: /// /// /// CERT_TRUST_IS_REVOKED /// /// /// CERT_TRUST_REVOCATION_STATUS_IS_UNKNOWN /// /// ///

public uint dwRevocationResult; ///

Not currently used and is set to NULL.

public StrPtrAnsi pszRevocationOid; ///

Not currently used and is set to NULL.

public IntPtr pvOidSpecificInfo; ///

BOOL set to TRUE if dwFreshnessTime has been updated.

[MarshalAs(UnmanagedType.Bool)] public bool fHasFreshnessTime; ///

/// If fHasFreshnessTime is TRUE, holds the CurrentTime minus the certificate revocation list's (CRL's). This time /// is in seconds. ///

public uint dwFreshnessTime; ///

For CRL base revocation checking, a non- NULL pointer to a CERT_REVOCATION_CRL_INFO structure.

public IntPtr pCrlInfo; } ///

/// The CERT_SELECT_CHAIN_PARA structure contains the parameters used for building and selecting chains. This structure is /// used by the CertGetCertificateChain and CertSelectCertificateChains functions. ///

/// /// /// Trust in a particular certificate being a trusted root is based on the current state of the root store and not the state of the /// root store at a time passed in by this parameter. For revocation, a certificate revocation list (CRL), itself, must be valid at /// the current time. The value of this parameter is used to determine whether a certificate listed in a CRL has been revoked. /// /// The following remarks apply to strong signature checking: /// /// /// /// You can enable strong signature checking by using the CERT_CHAIN_PARA structure referenced by the pChainPara member. The /// pStrongSignPara member of the CERT_CHAIN_PARA structure points to a CERT_STRONG_SIGN_PARA structure that can be /// used to determine signature strength. /// /// /// /// /// When you enable strong checking and a weak signature is encountered, the CERT_TRUST_IS_NOT_SIGNATURE_VALID and /// CERT_TRUST_HAS_WEAK_SIGNATURE errors are set in the dwErrorStatus field of the CERT_TRUST_STATUS structure. /// /// /// /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_select_chain_para typedef struct // _CERT_SELECT_CHAIN_PARA { HCERTCHAINENGINE hChainEngine; PFILETIME pTime; HCERTSTORE hAdditionalStore; PCERT_CHAIN_PARA // pChainPara; DWORD dwFlags; } CERT_SELECT_CHAIN_PARA, *PCERT_SELECT_CHAIN_PARA; [PInvokeData("wincrypt.h", MSDNShortId = "55c6c063-2a65-40ad-8d3f-7723b83cf021")] [StructLayout(LayoutKind.Sequential)] public struct CERT_SELECT_CHAIN_PARA { ///

/// The handle of the chain engine to use to build the chain. If the value of the hChainEngine parameter is NULL, the /// default chain engine, HCCE_CURRENT_USER, is used. ///

public HCERTCHAINENGINE hChainEngine; ///

/// /// A pointer to a FILETIME structure that contains the time for which the chain is to be validated. If the value of the pTime /// parameter is NULL, the current system time is passed to this parameter. /// /// Note The time does not affect trust list, revocation, or root store checking. ///

public IntPtr pTime; ///

/// The handle of any additional store to search for supporting certificates and certificate trust lists (CTLs). This parameter /// can be NULL if no additional store is to be searched. ///

public HCERTSTORE hAdditionalStore; ///

A pointer to a CERT_CHAIN_PARA structure that includes chain-building parameters.

public IntPtr pChainPara; ///

/// Flag values that indicate special processing during chain build. /// /// /// Value /// Meaning /// /// /// CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY 0x00000004 /// Revocation checking only accesses cached URLs. /// /// /// CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL 0x80000000 /// Use only cached URLs in building a certificate chain. The Internet and intranet are not searched for URL-based objects. /// /// ///

public uint dwFlags; } ///

/// The CERT_SELECT_CRITERIA structure specifies selection criteria that is passed to the CertSelectCertificateChains function. ///

// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_select_criteria typedef struct _CERT_SELECT_CRITERIA // { DWORD dwType; DWORD cPara; void **ppPara; } CERT_SELECT_CRITERIA, *PCERT_SELECT_CRITERIA; [PInvokeData("wincrypt.h", MSDNShortId = "246722a9-5db6-4a82-8f29-f60f0a2263e3")] [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi)] public struct CERT_SELECT_CRITERIA { ///

/// /// Specifies the type of selection criteria used for the ppPara member. This member can have one of the following values. /// /// /// /// Value /// Meaning /// /// /// CERT_SELECT_BY_ENHKEY_USAGE 1 /// /// Select certificates based on a specific enhanced key usage. When this flag is set, the ppPara must reference a /// null-terminated object identifier (OID) ANSI string that specifies the enhanced key usage. This criteria is evaluated on the certificate. /// /// /// /// CERT_SELECT_BY_KEY_USAGE 2 /// /// Select certificates based on a specific szOID_KEY_USAGE extension in the certificate. When this flag is set, the ppPara /// member must reference a CERT_EXTENSION structure where the value of the extension is a DWORD that identifies the Key Usage /// bits. This criteria is evaluated on the certificate. /// /// /// /// CERT_SELECT_BY_POLICY_OID 3 /// /// Select certificates based on a specific issuance policy. The ppPara member must reference a null-terminated OID ANSI string /// of the desired issuance policy. This criteria is evaluated on the issuance policy of the certificate chain. /// /// /// /// CERT_SELECT_BY_PROV_NAME 4 /// /// Select certificates based on a specific private key provider. The ppPara member must reference a null-terminated Unicode /// string that represents the name of the provider. /// /// /// /// CERT_SELECT_BY_EXTENSION 5 /// /// Select certificates based on the presence of a specified extension and an optional specified value. The ppPara member must /// reference a CERT_EXTENSION structure that specifies the extension OID and the associated value. /// /// /// /// CERT_SELECT_BY_SUBJECT_HOST_NAME 6 /// /// Select certificates based on the Subject DNS HOST Name. The ppPara member must reference a null-terminated Unicode string /// that contains the subject host name. The selection performed based on this flag is the same as the evaluation of the /// pwszServerName member of the SSL_EXTRA_CERT_CHAIN_POLICY_PARA structure during a call to the /// CertVerifyCertificateChainPolicy function. This criteria is evaluated on the certificate. /// /// /// /// CERT_SELECT_BY_ISSUER_ATTR 7 /// /// Select certificates based on the relative distinguished name (RDN) element of the issuer of the certificate. The ppPara /// member must reference a CERT_RDN structure that contains the RDN element of the issuer. This criteria is evaluated on the /// certificate chain. /// /// /// /// CERT_SELECT_BY_SUBJECT_ATTR 8 /// /// Select certificates based on the RDN element in the Subject of the certificate. The ppPara member must be a reference to a /// CERT_RDN structure that contains the RDN element of the Subject. This criteria is evaluated on the certificate. /// /// /// /// CERT_SELECT_BY_ISSUER_NAME 9 /// /// Select certificates based on the issuer of the certificate. The ppPara member must be a reference to a CERT_NAME_BLOB /// structure that contains the name of the issuer. This criteria is evaluated on the certificate chain. /// /// /// /// CERT_SELECT_BY_PUBLIC_KEY 10 /// /// Select certificates based on the public key of the certificate. The ppPara member must reference a pointer to a /// CERT_PUBLIC_KEY_INFO structure that contains the public key. This criteria is evaluated on the certificate. /// /// /// /// CERT_SELECT_BY_TLS_SIGNATURES 11 /// /// Select certificates based on the Transport Layer Security protocol (TLS) Signature requirement. The ppPara member must /// reference a SecPkgContext_SupportedSignatures structure. This criteria is evaluated on the certificate. /// /// /// ///

public CertSelectBy dwType; ///

A DWORD value that specifies the number of search attributes specified in the ppPara member.

public uint cPara; ///

/// A pointer to a pointer to one or more selection values. The data type depends on the selection type specified by the /// dwType member. If more than one selection value is present, an application must match only one value. ///

public IntPtr ppPara; } ///

/// The CERT_SIMPLE_CHAIN structure contains an array of chain elements and a summary trust status for the chain that the /// array represents. ///

// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_simple_chain typedef struct _CERT_SIMPLE_CHAIN { // DWORD cbSize; CERT_TRUST_STATUS TrustStatus; DWORD cElement; PCERT_CHAIN_ELEMENT *rgpElement; PCERT_TRUST_LIST_INFO // pTrustListInfo; BOOL fHasRevocationFreshnessTime; DWORD dwRevocationFreshnessTime; } CERT_SIMPLE_CHAIN, *PCERT_SIMPLE_CHAIN; [PInvokeData("wincrypt.h", MSDNShortId = "c130cab4-bf8d-429a-beb7-04cb5d37d466")] [StructLayout(LayoutKind.Sequential)] public struct CERT_SIMPLE_CHAIN { ///

The size, in bytes, of this structure.

public uint cbSize; ///

/// A structure that indicates the trust status of the whole chain. The structure includes an error status code and an /// information status code. For information about status code values, see CERT_TRUST_STATUS. ///

public CERT_TRUST_STATUS TrustStatus; ///

The number of CERT_CHAIN_ELEMENT structures in the array.

public uint cElement; ///

/// An array of pointers to CERT_CHAIN_ELEMENT structures. rgpElement[0] is the end certificate chain element. /// rgpElement[ cElement–1] is the self-signed "root" certificate element. ///

public IntPtr rgpElement; ///

/// A pointer to a CERT_TRUST_LIST_INFO structure that contains a pointer to a certificate trust list (CTL) connecting this /// chain to a next certificate chain. If the current chain is the final chain, pTrustListInfo is NULL. ///

public IntPtr pTrustListInfo; ///

BOOL. If TRUE, dwRevocationFreshnessTime has been calculated.

[MarshalAs(UnmanagedType.Bool)] public bool fHasRevocationFreshnessTime; ///

/// The age of a certificate revocation list (CRL) in seconds, calculated as the CurrentTime minus the CRL's ThisUpdate time. /// This values is the largest time across all elements checked. ///

public uint dwRevocationFreshnessTime; ///

Gets the elements from .

public unsafe CERT_CHAIN_ELEMENT*[] GetElements() { var ret = new CERT_CHAIN_ELEMENT*[(int)cElement]; for (int i = 0; i < cElement; i++) ret[i] = ((CERT_CHAIN_ELEMENT**)rgpElement)[i]; return ret; } } ///

The CERT_TRUST_LIST_INFO structure that indicates valid usage of a CTL.

// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_trust_list_info typedef struct _CERT_TRUST_LIST_INFO // { DWORD cbSize; PCTL_ENTRY pCtlEntry; PCCTL_CONTEXT pCtlContext; } CERT_TRUST_LIST_INFO, *PCERT_TRUST_LIST_INFO; [PInvokeData("wincrypt.h", MSDNShortId = "774f5626-9b48-4585-b713-adbf191861cc")] [StructLayout(LayoutKind.Sequential)] public struct CERT_TRUST_LIST_INFO { ///

Size of this structure in bytes.

public uint cbSize; ///

/// A pointer to a structure that includes a subject identifier, the count of attributes associated with a CTL, and an array of /// those attributes. ///

public IntPtr pCtlEntry; ///

A pointer to a CTL context.

public PCCTL_CONTEXT pCtlContext; } ///

Provides a handle to an online certificate status protocol (OCSP) response.

[StructLayout(LayoutKind.Sequential)] public struct HCERT_SERVER_OCSP_RESPONSE : IHandle { private IntPtr handle; ///

Initializes a new instance of the struct.

/// An object that represents the pre-existing handle to use. public HCERT_SERVER_OCSP_RESPONSE(IntPtr preexistingHandle) => handle = preexistingHandle; ///

Returns an invalid handle by instantiating a object with .

public static HCERT_SERVER_OCSP_RESPONSE NULL => new HCERT_SERVER_OCSP_RESPONSE(IntPtr.Zero); ///

Gets a value indicating whether this instance is a null handle.

public bool IsNull => handle == IntPtr.Zero; ///

Performs an explicit conversion from to .

/// The handle. /// The result of the conversion. public static explicit operator IntPtr(HCERT_SERVER_OCSP_RESPONSE h) => h.handle; ///

Performs an implicit conversion from to .

/// The pointer to a handle. /// The result of the conversion. public static implicit operator HCERT_SERVER_OCSP_RESPONSE(IntPtr h) => new HCERT_SERVER_OCSP_RESPONSE(h); ///

Implements the operator !=.

/// The first handle. /// The second handle. /// The result of the operator. public static bool operator !=(HCERT_SERVER_OCSP_RESPONSE h1, HCERT_SERVER_OCSP_RESPONSE h2) => !(h1 == h2); ///

Implements the operator ==.

/// The first handle. /// The second handle. /// The result of the operator. public static bool operator ==(HCERT_SERVER_OCSP_RESPONSE h1, HCERT_SERVER_OCSP_RESPONSE h2) => h1.Equals(h2); /// public override bool Equals(object obj) => obj is HCERT_SERVER_OCSP_RESPONSE h ? handle == h.handle : false; /// public override int GetHashCode() => handle.GetHashCode(); /// public IntPtr DangerousGetHandle() => handle; } //public static CERT_SELECT_CRITERIA[] CertSelectCertificateChains(in Guid pSelectionContext, HCERTSTORE hStore, CertSelection dwFlags, [Optional] CERT_SELECT_CHAIN_PARA? pChainParameters, [Optional] CERT_SELECT_CRITERIA[] rgpCriteria) //{ // unsafe // { // var cpdef = pChainParameters.GetValueOrDefault(); // if (!CertSelectCertificateChains(pSelectionContext, dwFlags, pChainParameters.HasValue ? &cpdef : null, rgpCriteria?.Length ?? 0, rgpCriteria, hStore, out var cSelections, out var ppSelections)) // throw new Win32Exception(); // var ret = new CERT_CHAIN_CONTEXT[cSelections]; // for (var i = 0; i < cSelections; i++) // ret[i] = *ppSelections[i]; // return ret; // } //} //[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)] //[return: MarshalAs(UnmanagedType.Bool)] //private static extern unsafe bool CertSelectCertificateChains(in Guid pSelectionContext, CertSelection dwFlags, [In, Optional] CERT_SELECT_CHAIN_PARA* pChainParameters, int cCriteria, // [In, Optional, MarshalAs(UnmanagedType.LPArray)] CERT_SELECT_CRITERIA[] rgpCriteria, HCERTSTORE hStore, out int pcSelection, out CERT_CHAIN_CONTEXT*[] pprgpSelection); ///

Provides a handle to a Certificate Chain Engine.

[StructLayout(LayoutKind.Sequential)] public struct HCERTCHAINENGINE : IHandle { private IntPtr handle; ///

Initializes a new instance of the struct.

/// An object that represents the pre-existing handle to use. public HCERTCHAINENGINE(IntPtr preexistingHandle) => handle = preexistingHandle; ///

Returns an invalid handle by instantiating a object with .

public static HCERTCHAINENGINE NULL => new HCERTCHAINENGINE(IntPtr.Zero); ///

Gets a value indicating whether this instance is a null handle.

public bool IsNull => handle == IntPtr.Zero; ///

Performs an explicit conversion from to .

/// The handle. /// The result of the conversion. public static explicit operator IntPtr(HCERTCHAINENGINE h) => h.handle; ///

Performs an implicit conversion from to .

/// The pointer to a handle. /// The result of the conversion. public static implicit operator HCERTCHAINENGINE(IntPtr h) => new HCERTCHAINENGINE(h); ///

Implements the operator !=.

/// The first handle. /// The second handle. /// The result of the operator. public static bool operator !=(HCERTCHAINENGINE h1, HCERTCHAINENGINE h2) => !(h1 == h2); ///

Implements the operator ==.

/// The first handle. /// The second handle. /// The result of the operator. public static bool operator ==(HCERTCHAINENGINE h1, HCERTCHAINENGINE h2) => h1.Equals(h2); /// public override bool Equals(object obj) => obj is HCERTCHAINENGINE h ? handle == h.handle : false; /// public override int GetHashCode() => handle.GetHashCode(); /// public IntPtr DangerousGetHandle() => handle; } ///

Provides a handle to a CERT_SERVER_OCSP_RESPONSE_CONTEXT.

[StructLayout(LayoutKind.Sequential)] public struct PCCERT_SERVER_OCSP_RESPONSE_CONTEXT : IHandle { private IntPtr handle; ///

Initializes a new instance of the struct.

/// An object that represents the pre-existing handle to use. public PCCERT_SERVER_OCSP_RESPONSE_CONTEXT(IntPtr preexistingHandle) => handle = preexistingHandle; ///

/// Returns an invalid handle by instantiating a object with . ///

public static PCCERT_SERVER_OCSP_RESPONSE_CONTEXT NULL => new PCCERT_SERVER_OCSP_RESPONSE_CONTEXT(IntPtr.Zero); ///

Gets a value indicating whether this instance is a null handle.

public bool IsNull => handle == IntPtr.Zero; ///

Performs an explicit conversion from to .

/// The handle. /// The result of the conversion. public static explicit operator IntPtr(PCCERT_SERVER_OCSP_RESPONSE_CONTEXT h) => h.handle; ///

Performs an implicit conversion from to .

/// The pointer to a handle. /// The result of the conversion. public static implicit operator PCCERT_SERVER_OCSP_RESPONSE_CONTEXT(IntPtr h) => new PCCERT_SERVER_OCSP_RESPONSE_CONTEXT(h); ///

Implements the operator !=.

/// The first handle. /// The second handle. /// The result of the operator. public static bool operator !=(PCCERT_SERVER_OCSP_RESPONSE_CONTEXT h1, PCCERT_SERVER_OCSP_RESPONSE_CONTEXT h2) => !(h1 == h2); ///

Implements the operator ==.

/// The first handle. /// The second handle. /// The result of the operator. public static bool operator ==(PCCERT_SERVER_OCSP_RESPONSE_CONTEXT h1, PCCERT_SERVER_OCSP_RESPONSE_CONTEXT h2) => h1.Equals(h2); /// public override bool Equals(object obj) => obj is PCCERT_SERVER_OCSP_RESPONSE_CONTEXT h ? handle == h.handle : false; /// public override int GetHashCode() => handle.GetHashCode(); /// public IntPtr DangerousGetHandle() => handle; } ///

Provides a for that is disposed using .

public class SafePCCERT_CONTEXT : SafeHANDLE { ///

Represents a NULL handle for . This must be used instead of .

public static readonly SafePCCERT_CONTEXT Null = new SafePCCERT_CONTEXT(IntPtr.Zero, false); ///

Initializes a new instance of the class and assigns an existing handle.

/// An object that represents the pre-existing handle to use. /// /// to reliably release the handle during the finalization phase; otherwise, (not recommended). /// public SafePCCERT_CONTEXT(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { } ///

Initializes a new instance of the class.

private SafePCCERT_CONTEXT() : base() { } ///

Performs an implicit conversion from to .

/// The safe handle instance. /// The result of the conversion. public static implicit operator PCCERT_CONTEXT(SafePCCERT_CONTEXT h) => h.handle; ///

/// Performs an explicit conversion from to . ///

/// The h. /// /// The resulting instance from the conversion. /// public static unsafe explicit operator CERT_CONTEXT*(SafePCCERT_CONTEXT h) => (CERT_CONTEXT*)(void*)h.handle; /// protected override bool InternalReleaseHandle() => CertFreeCertificateContext(handle); } ///

/// Provides a for that is disposed using . ///

public class SafePCCERT_SERVER_OCSP_RESPONSE_CONTEXT : SafeHANDLE { ///

/// Initializes a new instance of the class and assigns an existing handle. ///

/// An object that represents the pre-existing handle to use. /// /// to reliably release the handle during the finalization phase; otherwise, (not recommended). /// public SafePCCERT_SERVER_OCSP_RESPONSE_CONTEXT(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { } ///

Initializes a new instance of the class.

private SafePCCERT_SERVER_OCSP_RESPONSE_CONTEXT() : base() { } ///

Performs an implicit conversion from to .

/// The safe handle instance. /// The result of the conversion. public static implicit operator PCCERT_SERVER_OCSP_RESPONSE_CONTEXT(SafePCCERT_SERVER_OCSP_RESPONSE_CONTEXT h) => h.handle; /// protected override bool InternalReleaseHandle() { CertFreeServerOcspResponseContext(handle); return true; } } } }