using System;
using System.Runtime.InteropServices;
using System.Text;
using Vanara.InteropServices;
namespace Vanara.PInvoke
{
/// Methods and data types found in Crypt32.dll.
public static partial class Crypt32
{
/// Indicates the type of processing needed.
[PInvokeData("wincrypt.h", MSDNShortId = "300e6345-0be0-48c7-a3a3-174879cf0bbb")]
[Flags]
public enum CertNameFlags
{
/// Acquires the issuer's name. If not set, acquires the subject's name.
CERT_NAME_ISSUER_FLAG = 0x1,
/// Skips the default initial attempt to decode the value as UTF8 and decodes as 8-bit characters.
CERT_NAME_DISABLE_IE4_UTF8_FLAG = 0x00010000,
///
/// If the dwType parameter is set to CERT_NAME_DNS_TYPE, all applicable names are returned for the specified DNS value. If
/// there is no DNS name but there is a CN component in the subject, the CN is returned instead. If there is a CN and a DNS
/// name, only the DNS names are returned. This mimics the SSL chain building policy. If you set this flag for a name type other
/// than CERT_NAME_DNS_TYPE, this function returns a null-terminated empty string.
/// Windows 8 and Windows Server 2012: Support for this flag begins.
///
CERT_NAME_SEARCH_ALL_NAMES_FLAG = 0x2,
///
/// This flag enables decoding of IA5String strings to Unicode string values based on the dwType parameter value as defined below:
///
/// CERT_NAME_EMAIL_TYPE: If the host name portion of the email address contains a Punycode encoded IA5String component, it is
/// converted to the Unicode equivalent.
///
///
/// CERT_NAME_SIMPLE_DISPLAY_TYPE: If a Subject Name of szOID_RSA_emailAddr or the rfc822Name from the Subject Alternative Name
/// is returned from the certificate, and the host name portion of the email address a contains
/// Punycode encoded IA5String component, it is converted to the Unicode equivalent.
///
///
/// CERT_NAME_DNS_TYPE: If the certificate has an Issuer Alternative Name, with a DNSName choice, and the host name portion of
/// the email address a contains Punycode encoded IA5String component, it is converted to the Unicode equivalent.
///
///
/// CERT_NAME_URL_TYPE: The URI is decoded and unescaped. If the server host name of the URI contains a Punycode encoded
/// IA5String component, the host name string is converted to the Unicode equivalent.
///
/// Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported.
///
CERT_NAME_STR_ENABLE_PUNYCODE_FLAG = 0x00200000,
}
/// Specifies the format of the output string and other options for the contents of the string.
[PInvokeData("wincrypt.h", MSDNShortId = "b3d96de8-5cbc-4ccb-b759-6757520bbda3")]
[Flags]
public enum CertNameStringFormat
{
///
/// All object identifiers (OIDs) are discarded. CERT_RDN entries are separated by a comma followed by a space (, ). Multiple
/// attributes in a CERT_RDN are separated by a plus sign enclosed within spaces ( + ), for example, Microsoft, Kim Abercrombie
/// + Programmer.
///
CERT_SIMPLE_NAME_STR = 1,
///
/// OIDs are included with an equal sign (=) separator from their attribute value. CERT_RDN entries are separated by a comma
/// followed by a space (, ). Multiple attributes in a CERT_RDN are separated by a plus sign followed by a space (+ ).
///
CERT_OID_NAME_STR = 2,
///
/// OIDs are converted to their X.500 key names; otherwise, they are the same as CERT_OID_NAME_STR. If an OID
/// does not have a corresponding X.500 name, the OID is used with a prefix of OID.
/// The RDN value is quoted if it contains leading or trailing white space or one of the following characters:
///
/// - Comma (,)
/// - Plus sign (+)
/// - Equal sign (=)
/// - Inch mark (")
/// - Backslash followed by the letter n (\n)
/// - Less than sign (<)
/// - Greater than sign (>)
/// - Number sign (#)
/// - Semicolon (;)
///
///
/// The quotation character is an inch mark ("). If the RDN value contains an inch mark, it is enclosed within quotation marks ("").
///
///
CERT_X500_NAME_STR = 3,
/// Replace the comma followed by a space (, ) separator with a semicolon followed by a space (; ) separator.
CERT_NAME_STR_SEMICOLON_FLAG = 0x40000000,
///
/// Replace the comma followed by a space (, ) separator with a backslash followed by the letter r followed by a backslash
/// followed by the letter n (\r\n) separator.
///
CERT_NAME_STR_CRLF_FLAG = 0x08000000,
/// Replace the plus sign enclosed within spaces ( + ) separator with a single space separator.
CERT_NAME_STR_NO_PLUS_FLAG = 0x20000000,
/// Disable quoting.
CERT_NAME_STR_NO_QUOTING_FLAG = 0x10000000,
/// The order of the RDNs in the distinguished name string is reversed after decoding. This flag is not set by default.
CERT_NAME_STR_REVERSE_FLAG = 0x02000000,
///
/// By default, a CERT_RDN_T61_STRING X.500 key string is decoded as UTF8. If UTF8 decoding fails, the X.500 key is decoded as
/// an 8 bit character. Use CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG to skip the initial attempt to decode as UTF8.
///
CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG = 0x00010000,
///
/// If the name pointed to by the pName parameter contains an email RDN, and the host name portion of the email address contains
/// a Punycode encoded IA5String, the name is converted to the Unicode equivalent.
/// Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported.
///
CERT_NAME_STR_ENABLE_PUNYCODE_FLAG = 0x00200000,
}
/// Indicating how the name is to be found and how the output is to be formatted.
[PInvokeData("wincrypt.h", MSDNShortId = "300e6345-0be0-48c7-a3a3-174879cf0bbb")]
public enum CertNameType
{
///
/// If the certificate has a Subject Alternative Name extension or Issuer Alternative Name, uses the first rfc822Name choice. If
/// no rfc822Name choice is found in the extension, uses the Subject Name field for the Email OID. If either rfc822Name or the
/// Email OID is found, uses the string. Otherwise, returns an empty string (returned character count is 1). pvTypePara is not
/// used and is set to NULL.
///
CERT_NAME_EMAIL_TYPE = 1,
///
/// Converts the Subject Name BLOB by calling CertNameToStr. pvTypePara points to a DWORD containing the dwStrType passed to
/// CertNameToStr. If the Subject Name field is empty and the certificate has a Subject Alternative Name extension, uses the
/// first directory Name choice from CertNameToStr.
///
CERT_NAME_RDN_TYPE = 2,
///
/// pvTypePara points to an object identifier (OID) specifying the name attribute to be returned. For example, if pvTypePara is
/// szOID_COMMON_NAME, uses the Subject Name member. If the Subject Name member is empty and the certificate has a Subject
/// Alternative Name extension, uses the first directoryName choice.
///
CERT_NAME_ATTR_TYPE = 3,
///
/// Iterates through the following list of name attributes and uses the Subject Name or the Subject Alternative Name extension
/// for the first occurrence of: szOID_COMMON_NAME, szOID_ORGANIZATIONAL_UNIT_NAME, szOID_ORGANIZATION_NAME, or szOID_RSA_emailAddr.
///
/// If one of these attributes is not found, uses the Subject Alternative Name extension for a rfc822Name choice. If there is
/// still no match, uses the first attribute.
///
/// pvTypePara is not used and is set to NULL.
///
CERT_NAME_SIMPLE_DISPLAY_TYPE = 4,
///
/// Checks the certificate for a CERT_FRIENDLY_NAME_PROP_ID property. If the certificate has this property, it is returned. If
/// the certificate does not have the property, the CERT_NAME_SIMPLE_DISPLAY_TYPE is returned.
///
CERT_NAME_FRIENDLY_DISPLAY_TYPE = 5,
///
/// If the certificate has a Subject Alternative Name extension for issuer, Issuer Alternative Name, search for first DNSName choice.
/// If the DNSName choice is not found in the extension, search the Subject Name field for the CN OID, "2.5.4.3".
/// If the DNSName or CN OID is found, return the string. Otherwise, return an empty string.
///
CERT_NAME_DNS_TYPE = 6,
///
/// If the certificate has a Subject Alternative Name extension for issuer, Issuer Alternative Name, search for first URL
/// choice. If the URL choice is found, return the string. Otherwise, return an empty string.
///
CERT_NAME_URL_TYPE = 7,
///
/// If the certificate has a Subject Alternative Name extension, search the OtherName choices looking for a pszObjId ==
/// szOID_NT_PRINCIPAL_NAME, ("1.3.6.1.4.1.311.20.2.3").
///
/// If the UPN OID is found, decode the BLOB as a X509_UNICODE_ANY_STRING and return the decoded string. Otherwise, return an
/// empty string.
///
///
CERT_NAME_UPN_TYPE = 8,
}
/// Indicates the kind of RDN value to be converted.
[PInvokeData("wincrypt.h", MSDNShortId = "c1e0af19-320e-411e-85bf-c7f01befcac4")]
public enum CertRDNType
{
///
CERT_RDN_ANY_TYPE = 0,
///
CERT_RDN_ENCODED_BLOB = 1,
///
CERT_RDN_OCTET_STRING = 2,
///
CERT_RDN_NUMERIC_STRING = 3,
///
CERT_RDN_PRINTABLE_STRING = 4,
///
CERT_RDN_TELETEX_STRING = 5,
///
CERT_RDN_T61_STRING = 5,
///
CERT_RDN_VIDEOTEX_STRING = 6,
///
CERT_RDN_IA5_STRING = 7,
///
CERT_RDN_GRAPHIC_STRING = 8,
///
CERT_RDN_VISIBLE_STRING = 9,
///
CERT_RDN_ISO646_STRING = 9,
///
CERT_RDN_GENERAL_STRING = 10,
///
CERT_RDN_UNIVERSAL_STRING = 11,
///
CERT_RDN_INT4_STRING = 11,
///
CERT_RDN_BMP_STRING = 12,
///
CERT_RDN_UNICODE_STRING = 12,
///
CERT_RDN_UTF8_STRING = 13,
}
/// Structure format type values.
[Flags]
[PInvokeData("wincrypt.h", MSDNShortId = "307e0bd5-b8a6-4d85-9775-65aae99e8dc6")]
public enum CryptFormatStr
{
///
/// Display the data in a single line. Each subfield is concatenated with a comma (,). For more information, see Remarks.
///
CRYPT_FORMAT_STR_SINGLE_LINE = 0,
/// Display the data in multiple lines rather than single line (the default). For more information, see Remarks.
CRYPT_FORMAT_STR_MULTI_LINE = 0x0001,
/// Disables the hexadecimal dump. For more information, see Remarks.
CRYPT_FORMAT_STR_NO_HEX = 0x0010,
}
/// Specifies the format of the resulting formatted string.
[PInvokeData("wincrypt.h", MSDNShortId = "e6bdf931-fba3-4a33-b22e-5f818f565842")]
public enum CryptStringFormat : uint
{
/// Base64, with certificate beginning and ending headers.
CRYPT_STRING_BASE64HEADER = 0x00000000,
/// Base64, without headers.
CRYPT_STRING_BASE64 = 0x00000001,
/// Pure binary copy.
CRYPT_STRING_BINARY = 0x00000002,
/// Base64, with request beginning and ending headers.
CRYPT_STRING_BASE64REQUESTHEADER = 0x00000003,
/// Hexadecimal only.
CRYPT_STRING_HEX = 0x00000004,
/// Hexadecimal, with ASCII character display.
CRYPT_STRING_HEXASCII = 0x00000005,
/// Base64, with X.509 CRL beginning and ending headers.
CRYPT_STRING_BASE64X509CRLHEADER = 0x00000009,
/// Hexadecimal, with address display.
CRYPT_STRING_HEXADDR = 0x0000000a,
/// Hexadecimal, with ASCII character and address display.
CRYPT_STRING_HEXASCIIADDR = 0x0000000b,
///
/// A raw hexadecimal string.
/// Windows Server 2003 and Windows XP: This value is not supported.
///
CRYPT_STRING_HEXRAW = 0x0000000c,
///
/// Enforce strict decoding of ASN.1 text formats. Some ASN.1 binary BLOBS can have the first few bytes of the BLOB incorrectly
/// interpreted as Base64 text. In this case, the rest of the text is ignored. Use this flag to enforce complete decoding of the BLOB.
/// Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported.
///
CRYPT_STRING_STRICT = 0x20000000,
///
/// Do not append any new line characters to the encoded string. The default behavior is to use a carriage return/line feed
/// (CR/LF) pair (0x0D/0x0A) to represent a new line.
/// Windows Server 2003 and Windows XP: This value is not supported.
///
CRYPT_STRING_NOCRLF = 0x40000000,
///
/// Only use the line feed (LF) character (0x0A) for a new line. The default behavior is to use a CR/LF pair (0x0D/0x0A) to
/// represent a new line.
///
CRYPT_STRING_NOCR = 0x80000000,
/// Tries the following, in order: CRYPT_STRING_BASE64HEADER, CRYPT_STRING_BASE64
CRYPT_STRING_BASE64_ANY = 0x00000006,
/// Tries the following, in order: CRYPT_STRING_BASE64HEADER, CRYPT_STRING_BASE64, CRYPT_STRING_BINARY
CRYPT_STRING_ANY = 0x00000007,
///
/// Tries the following, in order: CRYPT_STRING_HEXADDR, CRYPT_STRING_HEXASCIIADDR, CRYPT_STRING_HEX, CRYPT_STRING_HEXRAW, CRYPT_STRING_HEXASCII
///
CRYPT_STRING_HEX_ANY = 0x00000008,
///
CRYPT_STRING_BASE64URI = 0x0000000d,
///
CRYPT_STRING_ENCODEMASK = 0x000000ff,
///
CRYPT_STRING_RESERVED100 = 0x00000100,
///
CRYPT_STRING_RESERVED200 = 0x00000200,
///
CRYPT_STRING_PERCENTESCAPE = 0x08000000,
///
CRYPT_STRING_HASHDATA = 0x10000000,
}
///
///
/// Use the CryptFindOIDInfo function instead of this function because ALG_ID identifiers are no longer supported in CNG. Use the
/// CRYPT_OID_INFO_CNG_ALGID_KEY value in the dwKeyType parameter of the CryptFindOIDInfo function instead.
///
///
/// Windows Server 2003 and Windows XP: The CertAlgIdToOID function converts a CryptoAPI algorithm identifier (ALG_ID)
/// to an Abstract Syntax Notation One (ASN.1) object identifier (OID) string.
///
///
/// Value to be converted to an OID.
///
/// If the function succeeds, the function returns the null-terminated OID string.
/// If no OID string corresponds to the algorithm identifier, the function returns NULL.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certalgidtooid LPCSTR CertAlgIdToOID( DWORD dwAlgId );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "2a66c6da-22dd-4192-9f3d-2fb85f8032e0")]
public static extern StrPtrAnsi CertAlgIdToOID(uint dwAlgId);
///
/// The CertGetNameString function obtains the subject or issuer name from a certificate CERT_CONTEXT structure and converts
/// it to a null-terminated character string.
///
/// A pointer to a CERT_CONTEXT certificate context that includes a subject and issuer name to be converted.
///
/// DWORD indicating how the name is to be found and how the output is to be formatted.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_NAME_EMAIL_TYPE 1
///
/// If the certificate has a Subject Alternative Name extension or Issuer Alternative Name, uses the first rfc822Name choice. If no
/// rfc822Name choice is found in the extension, uses the Subject Name field for the Email OID. If either rfc822Name or the Email
/// OID is found, uses the string. Otherwise, returns an empty string (returned character count is 1). pvTypePara is not used and is
/// set to NULL.
///
///
/// -
/// CERT_NAME_RDN_TYPE 2
///
/// Converts the Subject Name BLOB by calling CertNameToStr. pvTypePara points to a DWORD containing the dwStrType passed to
/// CertNameToStr. If the Subject Name field is empty and the certificate has a Subject Alternative Name extension, uses the first
/// directory Name choice from CertNameToStr.
///
///
/// -
/// CERT_NAME_ATTR_TYPE 3
///
/// pvTypePara points to an object identifier (OID) specifying the name attribute to be returned. For example, if pvTypePara is
/// szOID_COMMON_NAME, uses the Subject Name member. If the Subject Name member is empty and the certificate has a Subject
/// Alternative Name extension, uses the first directoryName choice.
///
///
/// -
/// CERT_NAME_SIMPLE_DISPLAY_TYPE 4
///
/// Iterates through the following list of name attributes and uses the Subject Name or the Subject Alternative Name extension for
/// the first occurrence of: szOID_COMMON_NAME, szOID_ORGANIZATIONAL_UNIT_NAME, szOID_ORGANIZATION_NAME, or szOID_RSA_emailAddr. If
/// one of these attributes is not found, uses the Subject Alternative Name extension for a rfc822Name choice. If there is still no
/// match, uses the first attribute. pvTypePara is not used and is set to NULL.
///
///
/// -
/// CERT_NAME_FRIENDLY_DISPLAY_TYPE 5
///
/// Checks the certificate for a CERT_FRIENDLY_NAME_PROP_ID property. If the certificate has this property, it is returned. If the
/// certificate does not have the property, the CERT_NAME_SIMPLE_DISPLAY_TYPE is returned.
///
///
/// -
/// CERT_NAME_DNS_TYPE 6
///
/// If the certificate has a Subject Alternative Name extension for issuer, Issuer Alternative Name, search for first DNSName
/// choice. If the DNSName choice is not found in the extension, search the Subject Name field for the CN OID, "2.5.4.3". If the
/// DNSName or CN OID is found, return the string. Otherwise, return an empty string.
///
///
/// -
/// CERT_NAME_URL_TYPE 7
///
/// If the certificate has a Subject Alternative Name extension for issuer, Issuer Alternative Name, search for first URL choice. If
/// the URL choice is found, return the string. Otherwise, return an empty string.
///
///
/// -
/// CERT_NAME_UPN_TYPE 8
///
/// If the certificate has a Subject Alternative Name extension, search the OtherName choices looking for a pszObjId ==
/// szOID_NT_PRINCIPAL_NAME, ("1.3.6.1.4.1.311.20.2.3"). If the UPN OID is found, decode the BLOB as a X509_UNICODE_ANY_STRING and
/// return the decoded string. Otherwise, return an empty string.
///
///
///
///
///
/// Indicates the type of processing needed.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_NAME_ISSUER_FLAG 0x1
/// Acquires the issuer's name. If not set, acquires the subject's name.
///
/// -
/// CERT_NAME_DISABLE_IE4_UTF8_FLAG 0x00010000
/// Skips the default initial attempt to decode the value as UTF8 and decodes as 8-bit characters.
///
/// -
/// CERT_NAME_SEARCH_ALL_NAMES_FLAG 0x2
///
/// If the dwType parameter is set to CERT_NAME_DNS_TYPE, all applicable names are returned for the specified DNS value. If there is
/// no DNS name but there is a CN component in the subject, the CN is returned instead. If there is a CN and a DNS name, only the
/// DNS names are returned. This mimics the SSL chain building policy. If you set this flag for a name type other than
/// CERT_NAME_DNS_TYPE, this function returns a null-terminated empty string. Windows 8 and Windows Server 2012: Support for this
/// flag begins.
///
///
/// -
/// CERT_NAME_STR_ENABLE_PUNYCODE_FLAG 0x00200000
///
/// This flag enables decoding of IA5String strings to Unicode string values based on the dwType parameter value as defined below:
/// Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported.
///
///
///
///
///
/// A pointer to either a DWORD containing the dwStrType or an object identifier (OID) specifying the name attribute. The
/// type pointed to is determined by the value of dwType.
///
///
///
/// A pointer to an allocated buffer to receive the returned string. If pszNameString is not NULL and cchNameString is not
/// zero, pszNameString is a null-terminated string.
///
///
/// If CERT_NAME_SEARCH_ALL_NAMES_FLAG is specified in the dwFlags parameter and CERT_NAME_DNS_TYPE is set in the
/// dwType parameter, the returned string will contain all of the DNS names that apply. Each string in the output string is
/// null-terminated and the last string will be double null-terminated. If no DNS names are found, a single null-terminated empty
/// string is returned.
///
///
///
/// Size, in characters, allocated for the returned string. The size must include the terminating NULL character.
///
///
/// Returns the number of characters converted, including the terminating zero character. If pszNameString is NULL or
/// cchNameString is zero, returns the required size of the destination string (including the terminating NULL character). If
/// the specified name type is not found, returns a null-terminated empty string with a returned character count of 1.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetnamestringa DWORD CertGetNameStringA(
// PCCERT_CONTEXT pCertContext, DWORD dwType, DWORD dwFlags, void *pvTypePara, LPSTR pszNameString, DWORD cchNameString );
[DllImport(Lib.Crypt32, SetLastError = false, CharSet = CharSet.Auto)]
[PInvokeData("wincrypt.h", MSDNShortId = "300e6345-0be0-48c7-a3a3-174879cf0bbb")]
public static extern uint CertGetNameString(PCCERT_CONTEXT pCertContext, CertNameType dwType, CertNameFlags dwFlags, IntPtr pvTypePara, [MarshalAs(UnmanagedType.LPTStr)] StringBuilder pszNameString, uint cchNameString);
///
///
/// The CertNameToStr function converts an encoded name in a CERT_NAME_BLOB structure to a null-terminated character string.
///
///
/// The string representation follows the distinguished name specifications in RFC 1779. The exceptions to this rule are listed in
/// the Remarks section, below.
///
///
///
///
/// The certificate encoding type that was used to encode the name. The message encoding type identifier, contained in the high
/// WORD of this value, is ignored by this function.
///
/// This parameter can be the following currently defined certificate encoding type.
///
///
/// Value
/// Meaning
///
/// -
/// X509_ASN_ENCODING 1 (0x1)
/// Specifies X.509 certificate encoding.
///
///
///
/// A pointer to the CERT_NAME_BLOB structure to be converted.
///
///
/// This parameter specifies the format of the output string. This parameter also specifies other options for the contents of the string.
///
/// This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_SIMPLE_NAME_STR 1
///
/// All object identifiers (OIDs) are discarded. CERT_RDN entries are separated by a comma followed by a space (, ). Multiple
/// attributes in a CERT_RDN are separated by a plus sign enclosed within spaces ( + ), for example, Microsoft, Kim Abercrombie + Programmer.
///
///
/// -
/// CERT_OID_NAME_STR 2
///
/// OIDs are included with an equal sign (=) separator from their attribute value. CERT_RDN entries are separated by a comma
/// followed by a space (, ). Multiple attributes in a CERT_RDN are separated by a plus sign followed by a space (+ ).
///
///
/// -
/// CERT_X500_NAME_STR 3
///
/// OIDs are converted to their X.500 key names; otherwise, they are the same as CERT_OID_NAME_STR. If an OID does not have a
/// corresponding X.500 name, the OID is used with a prefix of OID. The RDN value is quoted if it contains leading or trailing white
/// space or one of the following characters: The quotation character is an inch mark ("). If the RDN value contains an inch mark,
/// it is enclosed within quotation marks ("").
///
///
///
/// The following options can also be combined with the value above to specify additional options for the string.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_NAME_STR_SEMICOLON_FLAG 0x40000000
/// Replace the comma followed by a space (, ) separator with a semicolon followed by a space (; ) separator.
///
/// -
/// CERT_NAME_STR_CRLF_FLAG 0x08000000
///
/// Replace the comma followed by a space (, ) separator with a backslash followed by the letter r followed by a backslash followed
/// by the letter n (\r\n) separator.
///
///
/// -
/// CERT_NAME_STR_NO_PLUS_FLAG 0x20000000
/// Replace the plus sign enclosed within spaces ( + ) separator with a single space separator.
///
/// -
/// CERT_NAME_STR_NO_QUOTING_FLAG 0x10000000
/// Disable quoting.
///
/// -
/// CERT_NAME_STR_REVERSE_FLAG 0x02000000
/// The order of the RDNs in the distinguished name string is reversed after decoding. This flag is not set by default.
///
/// -
/// CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG 0x00010000
///
/// By default, a CERT_RDN_T61_STRING X.500 key string is decoded as UTF8. If UTF8 decoding fails, the X.500 key is decoded as an 8
/// bit character. Use CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG to skip the initial attempt to decode as UTF8.
///
///
/// -
/// CERT_NAME_STR_ENABLE_PUNYCODE_FLAG 0x00200000
///
/// If the name pointed to by the pName parameter contains an email RDN, and the host name portion of the email address contains a
/// Punycode encoded IA5String, the name is converted to the Unicode equivalent. Windows Server 2008, Windows Vista, Windows Server
/// 2003 and Windows XP: This value is not supported.
///
///
///
///
///
/// A pointer to a character buffer that receives the returned string. The size of this buffer is specified in the csz parameter.
///
/// The size, in characters, of the psz buffer. The size must include the terminating null character.
///
/// Returns the number of characters converted, including the terminating null character.
/// If psz is NULL or csz is zero, returns the required size of the destination string.
///
///
/// If psz is not NULL and csz is not zero, the returned psz is always a null-terminated string.
///
/// We recommend against using multicomponent RDNs (e.g., CN=James+O=Microsoft) to avoid possible ordering problems when decoding
/// occurs. Instead, consider using single valued RDNs (e.g., CN=James, O=Microsoft).
///
///
/// The string representation follows the distinguished name specifications in RFC 1779 except for the deviations described in the
/// following list.
///
///
/// -
/// Names that contain quotes are enclosed within double quotation marks.
///
/// -
/// Empty strings are enclosed within double quotation marks.
///
/// -
/// Strings that contain consecutive spaces are not enclosed within quotation marks.
///
/// -
///
/// Relative Distinguished Name (RDN) values of type CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING are formatted in hexadecimal.
///
///
/// -
/// If an OID does not have a corresponding X.500 name, the “OID” prefix is used before OID.
///
/// -
///
/// RDN values are enclosed with double quotation marks (instead of “\”) if they contain leading white space, trailing white space,
/// or one of the following characters:
///
///
/// -
///
/// The X.500 key name for stateOrProvinceName (2.5.4.8) OID is “S”. This value is different from the RFC 1779 X.500 key name (“S”).
///
///
///
/// In addition, the following X.500 key names are not mentioned in RFC 1779, but may be returned by this API:
///
///
/// Key
/// Object identifier string
///
/// -
/// E
/// 1.2.840.113549.1.9.1
///
/// -
/// T
/// 2.5.4.12
///
/// -
/// G
/// 2.5.4.42
///
/// -
/// I
/// 2.5.4.43
///
/// -
/// SN
/// 2.5.4.4
///
///
/// Examples
/// For an example that uses this function, see
/// Example C Program: Converting Names from Certificates to ASN.1 and Back.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certnametostra DWORD CertNameToStrA( DWORD
// dwCertEncodingType, PCERT_NAME_BLOB pName, DWORD dwStrType, LPSTR psz, DWORD csz );
[DllImport(Lib.Crypt32, SetLastError = false, CharSet = CharSet.Auto)]
[PInvokeData("wincrypt.h", MSDNShortId = "b3d96de8-5cbc-4ccb-b759-6757520bbda3")]
public static extern uint CertNameToStr(CertEncodingType dwCertEncodingType, in CRYPTOAPI_BLOB pName, CertNameStringFormat dwStrType, [MarshalAs(UnmanagedType.LPTStr)] StringBuilder psz, uint csz);
///
///
/// Use the CryptFindOIDInfo function instead of this function because ALG_ID identifiers are no longer supported in CNG. Use the
/// CRYPT_OID_INFO_OID_KEY value in the dwKeyType parameter of the CryptFindOIDInfo function instead.
///
///
/// Windows Server 2003 and Windows XP: The CertOIDToAlgId function converts the Abstract Syntax Notation One (ASN.1)
/// object identifier (OID) string to the CryptoAPI algorithm identifier (ALG_ID).
///
///
/// Pointer to the ASN.1 OID to be converted to an algorithm identifier.
///
/// Returns the ALG_ID that corresponds to the object identifier (OID) or zero if no ALG_ID corresponds to the OID.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certoidtoalgid DWORD CertOIDToAlgId( LPCSTR pszObjId );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "920b2642-ce7c-4098-8720-5a6f24128787")]
public static extern uint CertOIDToAlgId(SafeOID pszObjId);
///
/// The CertRDNValueToStr function converts a name in a CERT_RDN_VALUE_BLOB to a null-terminated character string.
///
///
/// Indicates the kind of RDN value to be converted.
/// This can be one of the following values:
///
/// -
/// CERT_RDN_ANY_TYPE
///
/// -
/// CERT_RDN_ENCODED_BLOB
///
/// -
/// CERT_RDN_OCTET_STRING
///
/// -
/// CERT_RDN_NUMERIC_STRING
///
/// -
/// CERT_RDN_PRINTABLE_STRING
///
/// -
/// CERT_RDN_TELETEX_STRING
///
/// -
/// CERT_RDN_T61_STRING
///
/// -
/// CERT_RDN_VIDEOTEX_STRING
///
/// -
/// CERT_RDN_IA5_STRING
///
/// -
/// CERT_RDN_GRAPHIC_STRING
///
/// -
/// CERT_RDN_VISIBLE_STRING
///
/// -
/// CERT_RDN_ISO646_STRING
///
/// -
/// CERT_RDN_GENERAL_STRING
///
/// -
/// CERT_RDN_UNIVERSAL_STRING
///
/// -
/// CERT_RDN_INT4_STRING
///
/// -
/// CERT_RDN_BMP_STRING
///
/// -
/// CERT_RDN_UNICODE_STRING
///
/// -
/// CERT_RDN_UTF8_STRING
///
///
///
/// A pointer to an CERT_RDN_VALUE_BLOB of a type appropriate for the dwValueType.
/// A pointer to a buffer to receive the returned string.
///
/// Size, in characters, allocated for the returned string. The size must include the terminating NULL character.
///
///
/// Returns the number of characters converted, including the terminating NULL character. If psz is NULL or csz is
/// zero, returns the required size of the destination string.
///
///
/// If psz is not NULL and csz is not zero, the returned psz is always a possibly empty null-terminated string.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certrdnvaluetostra DWORD CertRDNValueToStrA( DWORD
// dwValueType, PCERT_RDN_VALUE_BLOB pValue, LPSTR psz, DWORD csz );
[DllImport(Lib.Crypt32, SetLastError = false, CharSet = CharSet.Auto)]
[PInvokeData("wincrypt.h", MSDNShortId = "c1e0af19-320e-411e-85bf-c7f01befcac4")]
public static extern uint CertRDNValueToStr(CertRDNType dwValueType, in CRYPTOAPI_BLOB pValue, [MarshalAs(UnmanagedType.LPTStr)] StringBuilder psz, uint csz);
/// The CertStrToName function converts a null-terminated X.500 string to an encoded certificate name.
///
///
/// The certificate encoding type that was used to encode the string. The message encoding type identifier, contained in the high
/// WORD of this value, is ignored by this function.
///
/// This parameter can be the following currently defined certificate encoding type.
///
///
/// Value
/// Meaning
///
/// -
/// X509_ASN_ENCODING 1 (0x1)
/// Specifies X.509 certificate encoding.
///
///
///
///
///
/// A pointer to the null-terminated X.500 string to be converted. The format of this string is specified by the dwStrType parameter.
///
/// This string is expected to be formatted the same as the output from the CertNameToStr function.
///
///
/// This parameter specifies the type of the string. This parameter also specifies other options for the contents of the string.
///
/// If no flags are combined with the string type specifier, the string can contain a comma (,) or a semicolon (;) as separators in
/// the relative distinguished name (RDN) and a plus sign (+) as the separator in multiple RDN values.
///
///
/// Quotation marks ("") are supported. A quotation can be included in a quoted value by using two sets of quotation marks, for
/// example, CN="User ""one""".
///
///
/// A value that starts with a number sign (#) is treated as ASCII hexadecimal and converted to a CERT_RDN_OCTET_STRING.
/// Embedded white space is ignored. For example, 1.2.3 = # AB CD 01 is the same as 1.2.3=#ABCD01.
///
/// White space that surrounds the keys, object identifiers, and values is ignored.
/// This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_SIMPLE_NAME_STR 1
/// This string type is not supported.
///
/// -
/// CERT_OID_NAME_STR 2
/// Validates that the string type is supported. The string can be either an object identifier (OID) or an X.500 name.
///
/// -
/// CERT_X500_NAME_STR 3
///
/// Identical to CERT_OID_NAME_STR. Validates that the string type is supported. The string can be either an object identifier (OID)
/// or an X.500 name.
///
///
///
/// The following options can also be combined with the value above to specify additional options for the string.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_NAME_STR_COMMA_FLAG 0x04000000
/// Only a comma (,) is supported as the RDN separator.
///
/// -
/// CERT_NAME_STR_SEMICOLON_FLAG 0x40000000
/// Only a semicolon (;) is supported as the RDN separator.
///
/// -
/// CERT_NAME_STR_CRLF_FLAG 0x08000000
/// Only a backslash r (\r) or backslash n (\n) is supported as the RDN separator.
///
/// -
/// CERT_NAME_STR_NO_PLUS_FLAG 0x20000000
/// The plus sign (+) is ignored as a separator, and multiple values per RDN are not supported.
///
/// -
/// CERT_NAME_STR_NO_QUOTING_FLAG 0x10000000
/// Quoting is not supported.
///
/// -
/// CERT_NAME_STR_REVERSE_FLAG 0x02000000
/// The order of the RDNs in a distinguished name is reversed before encoding. This flag is not set by default.
///
/// -
/// CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG 0x00020000
///
/// The CERT_RDN_T61_STRING encoded value type is used instead of CERT_RDN_UNICODE_STRING. This flag can be used if all the Unicode
/// characters are less than or equal to 0xFF.
///
///
/// -
/// CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG 0x00040000
/// The CERT_RDN_UTF8_STRING encoded value type is used instead of CERT_RDN_UNICODE_STRING.
///
/// -
/// CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG 0x00080000
///
/// Forces the X.500 key to be encoded as a UTF-8 (CERT_RDN_UTF8_STRING) string rather than as a printable Unicode
/// (CERT_RDN_PRINTABLE_STRING) string. This is the default value for Microsoft certification authorities beginning with Windows
/// Server 2003.
///
///
/// -
/// CERT_NAME_STR_DISABLE_UTF8_DIR_STR_FLAG 0x00100000
///
/// Prevents forcing a printable Unicode (CERT_RDN_PRINTABLE_STRING) X.500 key to be encoded by using UTF-8 (CERT_RDN_UTF8_STRING).
/// Use to enable encoding of X.500 keys as Unicode values when CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG is set.
///
///
/// -
/// CERT_NAME_STR_ENABLE_PUNYCODE_FLAG 0x00200000
///
/// If the string contains an email RDN value, and the email address contains Unicode characters outside of the ASCII character set,
/// the host name portion of the email address is encoded in Punycode. The resultant email address is then encoded as an IA5String
/// string. The Punycode encoding of the host name is performed on a label-by-label basis. Windows Server 2008, Windows Vista,
/// Windows Server 2003 and Windows XP: This value is not supported.
///
///
///
///
/// Reserved for future use and must be NULL.
///
/// A pointer to a buffer that receives the encoded structure.
/// The size of this buffer is specified in the pcbEncoded parameter.
///
/// This parameter can be NULL to obtain the required size of the buffer for memory allocation purposes. For more
/// information, see Retrieving Data of Unknown Length.
///
///
///
///
/// A pointer to a DWORD that, before calling the function, contains the size, in bytes, of the buffer pointed to by the
/// pbEncoded parameter. When the function returns, the DWORD contains the number of bytes stored in the buffer.
///
/// If pbEncoded is NULL, the DWORD receives the size, in bytes, required for the buffer.
///
///
/// A pointer to a string pointer that receives additional error information about an input string that is not valid.
///
/// If the pszX500 string is not valid, ppszError is updated by this function to point to the beginning of the character sequence
/// that is not valid. If no errors are detected in the input string, ppszError is set to NULL.
///
/// If this information is not required, pass NULL for this parameter.
/// This parameter is updated for the following error codes returned from GetLastError.
/// CRYPT_E_INVALID_X500_STRING
/// CRYPT_E_INVALID_NUMERIC_STRING
/// CRYPT_E_INVALID_PRINTABLE_STRING
/// CRYPT_E_INVALID_IA5_STRING
///
///
/// Returns nonzero if successful or zero otherwise.
/// For extended error information, call GetLastError.
///
///
///
/// The following table contains the supported X.500 keys, their corresponding object identifier string, string identifier (from
/// Wincrypt.h), and value types.
///
///
///
/// Key
/// Object identifier string
/// String identifier
/// RDN value types
///
/// -
/// CN
/// 2.5.4.3
/// szOID_COMMON_NAME
/// Printable T61
///
/// -
/// L
/// 2.5.4.7
/// szOID_LOCALITY_NAME
/// Printable T61
///
/// -
/// O
/// 2.5.4.10
/// szOID_ORGANIZATION_NAME
/// Printable T61
///
/// -
/// OU
/// 2.5.4.11
/// szOID_ORGANIZATIONAL_UNIT_NAME
/// Printable T61
///
/// -
/// E Email
/// 1.2.840.113549.1.9.1
/// szOID_RSA_emailAddr
/// IA5
///
/// -
/// C
/// 2.5.4.6
/// szOID_COUNTRY_NAME
/// Printable
///
/// -
/// S ST
/// 2.5.4.8
/// szOID_STATE_OR_PROVINCE_NAME
/// Printable T61
///
/// -
/// STREET
/// 2.5.4.9
/// szOID_STREET_ADDRESS
/// Printable T61
///
/// -
/// T Title
/// 2.5.4.12
/// szOID_TITLE
/// Printable T61
///
/// -
/// G GivenName
/// 2.5.4.42
/// szOID_GIVEN_NAME
/// Printable T61
///
/// -
/// I Initials
/// 2.5.4.43
/// szOID_INITIALS
/// Printable T61
///
/// -
/// SN
/// 2.5.4.4
/// szOID_SUR_NAME
/// Printable T61
///
/// -
/// DC
/// 0.9.2342.19200300.100.1.25
/// szOID_DOMAIN_COMPONENT
/// IA5 UTF8
///
///
///
/// If either Printable or T61 is allowed as the RDN value type for the key, Printable is automatically selected if the name string
/// component is a member of the following character sets:
///
///
/// -
/// A, B, …, Z
///
/// -
/// a, b, …, z
///
/// -
/// 0, 1, …, 9
///
/// -
/// (space) ' ( ) + , - . / : = ?
///
///
/// The T61 types are UTF8 encoded.
/// Examples
/// For an example that uses this function, see Example C Program: Converting Names from Certificates to ASN.1 and Back.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certstrtonamea BOOL CertStrToNameA( DWORD
// dwCertEncodingType, LPCSTR pszX500, DWORD dwStrType, void *pvReserved, BYTE *pbEncoded, DWORD *pcbEncoded, LPCSTR *ppszError );
[DllImport(Lib.Crypt32, SetLastError = true, CharSet = CharSet.Auto)]
[PInvokeData("wincrypt.h", MSDNShortId = "8bdfafa6-9833-4689-a155-dff09647ec8d")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertStrToName(CertEncodingType dwCertEncodingType, [MarshalAs(UnmanagedType.LPTStr)] string pszX500, CertNameStringFormat dwStrType,
[Optional] IntPtr pvReserved, [Optional] IntPtr pbEncoded, ref uint pcbEncoded, out StrPtrAuto ppszError);
/// The CryptBinaryToString function converts an array of bytes into a formatted string.
/// A pointer to the array of bytes to be converted into a string.
/// The number of elements in the pbBinary array.
///
/// Specifies the format of the resulting formatted string. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_STRING_BASE64HEADER 0x00000000
/// Base64, with certificate beginning and ending headers.
///
/// -
/// CRYPT_STRING_BASE64 0x00000001
/// Base64, without headers.
///
/// -
/// CRYPT_STRING_BINARY 0x00000002
/// Pure binary copy.
///
/// -
/// CRYPT_STRING_BASE64REQUESTHEADER 0x00000003
/// Base64, with request beginning and ending headers.
///
/// -
/// CRYPT_STRING_HEX 0x00000004
/// Hexadecimal only.
///
/// -
/// CRYPT_STRING_HEXASCII 0x00000005
/// Hexadecimal, with ASCII character display.
///
/// -
/// CRYPT_STRING_BASE64X509CRLHEADER 0x00000009
/// Base64, with X.509 CRL beginning and ending headers.
///
/// -
/// CRYPT_STRING_HEXADDR 0x0000000a
/// Hexadecimal, with address display.
///
/// -
/// CRYPT_STRING_HEXASCIIADDR 0x0000000b
/// Hexadecimal, with ASCII character and address display.
///
/// -
/// CRYPT_STRING_HEXRAW 0x0000000c
/// A raw hexadecimal string. Windows Server 2003 and Windows XP: This value is not supported.
///
/// -
/// CRYPT_STRING_STRICT 0x20000000
///
/// Enforce strict decoding of ASN.1 text formats. Some ASN.1 binary BLOBS can have the first few bytes of the BLOB incorrectly
/// interpreted as Base64 text. In this case, the rest of the text is ignored. Use this flag to enforce complete decoding of the
/// BLOB. Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported.
///
///
///
/// In addition to the values above, one or more of the following values can be specified to modify the behavior of the function.
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_STRING_NOCRLF 0x40000000
///
/// Do not append any new line characters to the encoded string. The default behavior is to use a carriage return/line feed (CR/LF)
/// pair (0x0D/0x0A) to represent a new line. Windows Server 2003 and Windows XP: This value is not supported.
///
///
/// -
/// CRYPT_STRING_NOCR 0x80000000
///
/// Only use the line feed (LF) character (0x0A) for a new line. The default behavior is to use a CR/LF pair (0x0D/0x0A) to
/// represent a new line.
///
///
///
///
///
/// A pointer to a buffer that receives the converted string. To calculate the number of characters that must be allocated to hold
/// the returned string, set this parameter to NULL. The function will place the required number of characters, including the
/// terminating NULL character, in the value pointed to by pcchString.
///
///
/// A pointer to a DWORD variable that contains the size, in TCHAR s, of the pszString buffer. If pszString is
/// NULL, the function calculates the length of the return string (including the terminating null character) in TCHAR
/// s and returns it in this parameter. If pszString is not NULL and big enough, the function converts the binary data into a
/// specified string format including the terminating null character, but pcchString receives the length in TCHAR s, not
/// including the terminating null character.
///
///
/// If the function succeeds, the function returns nonzero ( TRUE).
/// If the function fails, it returns zero ( FALSE).
///
///
/// With the exception of when CRYPT_STRING_BINARY encoding is used, all strings are appended with a new line sequence. By
/// default, the new line sequence is a CR/LF pair (0x0D/0x0A). If the dwFlags parameter contains the CRYPT_STRING_NOCR flag,
/// then the new line sequence is a LF character (0x0A). If the dwFlags parameter contains the CRYPT_STRING_NOCRLF flag, then
/// no new line sequence is appended to the string.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptbinarytostringa BOOL CryptBinaryToStringA( const
// BYTE *pbBinary, DWORD cbBinary, DWORD dwFlags, LPSTR pszString, DWORD *pcchString );
[DllImport(Lib.Crypt32, SetLastError = false, CharSet = CharSet.Auto)]
[PInvokeData("wincrypt.h", MSDNShortId = "e6bdf931-fba3-4a33-b22e-5f818f565842")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptBinaryToString([In] IntPtr pbBinary, uint cbBinary, CryptStringFormat dwFlags, [MarshalAs(UnmanagedType.LPTStr)] StringBuilder pszString, ref uint pcchString);
///
/// The CryptFormatObject function formats the encoded data and returns a Unicode string in the allocated buffer according to
/// the certificate encoding type.
///
///
/// Type of encoding used on the certificate. The currently defined certificate encoding type used is X509_ASN_ENCODING.
///
/// Format type values. Not used. Set to zero.
///
///
/// Structure format type values. This parameter can be zero, or you can specify one or more of the following flags by using the
/// bitwise- OR operator to combine them.
///
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// Display the data in a single line. Each subfield is concatenated with a comma (,). For more information, see Remarks.
///
/// -
/// CRYPT_FORMAT_STR_MULTI_LINE 0x0001
/// Display the data in multiple lines rather than single line (the default). For more information, see Remarks.
///
/// -
/// CRYPT_FORMAT_STR_NO_HEX 0x0010
/// Disables the hexadecimal dump. For more information, see Remarks.
///
///
///
/// A pointer to the format of the structure. Not used. Set to NULL.
///
///
/// A pointer to an OID that defines the encoded data. If the high-order word of the lpszStructType parameter is zero, the low-order
/// word specifies the integer identifier for the type of the given structure. Otherwise, this parameter is a long pointer to a
/// null-terminated string.
///
/// The following table lists supported OIDs with their associated OID extension.
///
///
/// Value
/// Meaning
///
/// -
/// SPC_FINANCIAL_CRITERIA_OBJID
/// 1.3.6.1.4.1.311.2.1.27
///
/// -
/// SPC_SP_AGENCY_INFO_OBJID
/// 1.3.6.1.4.1.311.2.1.10
///
/// -
/// szOID_AUTHORITY_INFO_ACCESS
/// 1.3.6.1.5.5.7.1.1
///
/// -
/// szOID_AUTHORITY_KEY_IDENTIFIER2
/// 2.5.29.35
///
/// -
/// szOID_BASIC_CONSTRAINTS2
/// 2.5.29.19
///
/// -
/// szOID_CERT_POLICIES
/// 2.5.29.32
///
/// -
/// szOID_CRL_DIST_POINTS
/// 2.5.29.31
///
/// -
/// szOID_CRL_REASON_CODE
/// 2.5.29.21
///
/// -
/// szOID_ENHANCED_KEY_USAGE
/// 2.5.29.37
///
/// -
/// szOID_ISSUER_ALT_NAME2
/// 2.5.29.18
///
/// -
/// szOID_KEY_ATTRIBUTES
/// 2.5.29.2
///
/// -
/// szOID_KEY_USAGE
/// 2.5.29.15
///
/// -
/// szOID_KEY_USAGE_RESTRICTION
/// 2.5.29.4
///
/// -
/// szOID_NEXT_UPDATE_LOCATION
/// 1.3.6.1.4.1.311.10.2
///
/// -
/// szOID_RSA_SMIMECapabilities
/// 1.2.840.113549.1.9.15
///
/// -
/// szOID_SUBJECT_ALT_NAME2
/// 2.5.29.17
///
/// -
/// szOID_SUBJECT_KEY_IDENTIFIER
/// 2.5.29.14
///
///
///
///
/// A pointer to the encoded data to be formatted. If lpszStructType is one of the OIDs listed above, the pbEncoded is the encoded extension.
///
/// The size, in bytes, of the pbEncoded structure.
///
/// A pointer to a buffer that receives the formatted string. When the buffer that is specified is not large enough to receive the
/// decoded structure, the function sets ERROR_MORE_DATA and stores the required buffer size, in bytes, into the variable pointed to
/// by pcbFormat. This parameter can be NULL to set the size of this information for memory allocation purposes. For more
/// information, see Retrieving Data of Unknown Length.
///
///
///
/// A pointer to a variable that specifies the size, in bytes, of the buffer pointed to by the pbFormat parameter. When the function
/// returns, the variable pointed to by the pcbFormat parameter contains the number of bytes stored in the buffer. This parameter
/// can be NULL, only if pbFormat is NULL.
///
///
/// Note When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
/// actual size may be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually
/// specified large enough to ensure that the largest possible output data will fit into the buffer.) On output, the variable
/// pointed to by this parameter is updated to reflect the actual size of the data copied to the buffer.
///
///
///
/// If the function succeeds, the return value is TRUE. If it does not succeed, the return value is FALSE. To retrieve
/// extended error information, use the GetLastError function.
///
///
///
/// The default behavior of this function is to return a single-line display of the encoded data, that is, each subfield is
/// concatenated with a comma (,) on one line. If you prefer to display the data in multiple lines, set the
/// CRYPT_FORMAT_STR_MULTI_LINE flag. Each subfield will then be displayed on a separate line.
///
///
/// If there is no formatting routine installed or registered for the lpszStructType parameter, the hexadecimal dump of the encoded
/// CRYPT_INTEGER_BLOB will be returned. A user can set the CRYPT_FORMAT_STR_NO_HEX flag to disable the hexadecimal dump.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptformatobject BOOL CryptFormatObject( DWORD
// dwCertEncodingType, DWORD dwFormatType, DWORD dwFormatStrType, void *pFormatStruct, LPCSTR lpszStructType, const BYTE *pbEncoded,
// DWORD cbEncoded, void *pbFormat, DWORD *pcbFormat );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "307e0bd5-b8a6-4d85-9775-65aae99e8dc6")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptFormatObject(CertEncodingType dwCertEncodingType, [Optional] uint dwFormatType, CryptFormatStr dwFormatStrType, [Optional] IntPtr pFormatStruct,
[In] SafeOID lpszStructType, [In] IntPtr pbEncoded, uint cbEncoded, [In] IntPtr pbFormat, ref uint pcbFormat);
/// The CryptStringToBinary function converts a formatted string into an array of bytes.
/// A pointer to a string that contains the formatted string to be converted.
///
/// The number of characters of the formatted string to be converted, not including the terminating NULL character. If this
/// parameter is zero, pszString is considered to be a null-terminated string.
///
///
/// Indicates the format of the string to be converted. This can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_STRING_BASE64HEADER 0x00000000
/// Base64, with certificate beginning and ending headers.
///
/// -
/// CRYPT_STRING_BASE64 0x00000001
/// Base64, without headers.
///
/// -
/// CRYPT_STRING_BINARY 0x00000002
/// Pure binary copy.
///
/// -
/// CRYPT_STRING_BASE64REQUESTHEADER 0x00000003
/// Base64, with request beginning and ending headers.
///
/// -
/// CRYPT_STRING_HEX 0x00000004
/// Hexadecimal only format.
///
/// -
/// CRYPT_STRING_HEXASCII 0x00000005
/// Hexadecimal format with ASCII character display.
///
/// -
/// CRYPT_STRING_BASE64_ANY 0x00000006
/// Tries the following, in order: CRYPT_STRING_BASE64HEADER CRYPT_STRING_BASE64
///
/// -
/// CRYPT_STRING_ANY 0x00000007
/// Tries the following, in order: CRYPT_STRING_BASE64HEADER CRYPT_STRING_BASE64 CRYPT_STRING_BINARY
///
/// -
/// CRYPT_STRING_HEX_ANY 0x00000008
/// Tries the following, in order: CRYPT_STRING_HEXADDR CRYPT_STRING_HEXASCIIADDR CRYPT_STRING_HEX CRYPT_STRING_HEXRAW CRYPT_STRING_HEXASCII
///
/// -
/// CRYPT_STRING_BASE64X509CRLHEADER 0x00000009
/// Base64, with X.509 certificate revocation list (CRL) beginning and ending headers.
///
/// -
/// CRYPT_STRING_HEXADDR 0x0000000a
/// Hex, with address display.
///
/// -
/// CRYPT_STRING_HEXASCIIADDR 0x0000000b
/// Hex, with ASCII character and address display.
///
/// -
/// CRYPT_STRING_HEXRAW 0x0000000c
/// A raw hexadecimal string. Windows Server 2003 and Windows XP: This value is not supported.
///
/// -
/// CRYPT_STRING_STRICT 0x20000000
///
/// Set this flag for Base64 data to specify that the end of the binary data contain only white space and at most three equals "="
/// signs. Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported.
///
///
///
///
///
/// A pointer to a buffer that receives the returned sequence of bytes. If this parameter is NULL, the function calculates
/// the length of the buffer needed and returns the size, in bytes, of required memory in the DWORD pointed to by pcbBinary.
///
///
///
/// A pointer to a DWORD variable that, on entry, contains the size, in bytes, of the pbBinary buffer. After the function
/// returns, this variable contains the number of bytes copied to the buffer. If this value is not large enough to contain all of
/// the data, the function fails and GetLastError returns ERROR_MORE_DATA.
///
/// If pbBinary is NULL, the DWORD pointed to by pcbBinary is ignored.
///
///
/// A pointer to a DWORD value that receives the number of characters skipped to reach the beginning of the actual base64 or
/// hexadecimal strings. This parameter is optional and can be NULL if it is not needed.
///
///
///
/// A pointer to a DWORD value that receives the flags actually used in the conversion. These are the same flags used for the
/// dwFlags parameter. In many cases, these will be the same flags that were passed in the dwFlags parameter. If dwFlags contains
/// one of the following flags, this value will receive a flag that indicates the actual format of the string. This parameter is
/// optional and can be NULL if it is not needed.
///
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_STRING_ANY
///
/// This variable will receive one of the following values. Each value indicates the actual format of the string.
/// CRYPT_STRING_BASE64HEADER CRYPT_STRING_BASE64 CRYPT_STRING_BINARY
///
///
/// -
/// CRYPT_STRING_BASE64_ANY
///
/// This variable will receive one of the following values. Each value indicates the actual format of the string.
/// CRYPT_STRING_BASE64HEADER CRYPT_STRING_BASE64
///
///
/// -
/// CRYPT_STRING_HEX_ANY
///
/// This variable will receive one of the following values. Each value indicates the actual format of the string.
/// CRYPT_STRING_HEXADDR CRYPT_STRING_HEXASCIIADDR CRYPT_STRING_HEX CRYPT_STRING_HEXRAW CRYPT_STRING_HEXASCII
///
///
///
///
///
/// If the function succeeds, the return value is nonzero ( TRUE).
/// If the function fails, the return value is zero ( FALSE).
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptstringtobinarya BOOL CryptStringToBinaryA( LPCSTR
// pszString, DWORD cchString, DWORD dwFlags, BYTE *pbBinary, DWORD *pcbBinary, DWORD *pdwSkip, DWORD *pdwFlags );
[DllImport(Lib.Crypt32, SetLastError = true, CharSet = CharSet.Auto)]
[PInvokeData("wincrypt.h", MSDNShortId = "13b6f5ef-174a-4254-8492-6e7dcc58945f")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptStringToBinary([MarshalAs(UnmanagedType.LPTStr)] string pszString, uint cchString, CryptStringFormat dwFlags, [Out] IntPtr pbBinary,
ref uint pcbBinary, out uint pdwSkip, out CryptStringFormat pdwFlags);
}
}