using System; using System.Runtime.InteropServices; using static Vanara.PInvoke.Crypt32; using FILETIME = System.Runtime.InteropServices.ComTypes.FILETIME; namespace Vanara.PInvoke { ///

Methods and data types found in CryptNet.dll.

public static partial class CryptNet { ///

A set of flags used to get the URL locator for an object.

[PInvokeData("wincrypt.h", MSDNShortId = "a92117b8-9144-4480-b88a-b9ffe1026d63")] [Flags] public enum CryptGetUrlFlags { ///

Locates the URL from the property of the object (the location of the data).

CRYPT_GET_URL_FROM_PROPERTY = 0x00000001, ///

Locates the URL from the extension of the object.

CRYPT_GET_URL_FROM_EXTENSION = 0x00000002, ///

Locates the URL from an unauthenticated attribute from the signer information data.

CRYPT_GET_URL_FROM_UNAUTH_ATTRIBUTE = 0x00000004, ///

Locates the URL from an authenticated attribute from the signer information data.

CRYPT_GET_URL_FROM_AUTH_ATTRIBUTE = 0x00000008, } ///

A set of flags used to get the URL locator for an object.

[PInvokeData("wincrypt.h", MSDNShortId = "a92117b8-9144-4480-b88a-b9ffe1026d63")] [Flags] public enum CryptGetUrlFromFlags { /// Locates the URL from the property of the object (the location of the data). CRYPT_GET_URL_FROM_PROPERTY = 0x00000001, /// Locates the URL from the extension of the object. CRYPT_GET_URL_FROM_EXTENSION = 0x00000002, /// Locates the URL from an unauthenticated attribute from the signer information data. CRYPT_GET_URL_FROM_UNAUTH_ATTRIBUTE = 0x00000004, /// Locates the URL from an authenticated attribute from the signer information data. CRYPT_GET_URL_FROM_AUTH_ATTRIBUTE = 0x00000008, } ///

A value that determines various retrieval factors such as time-out, source, and validity checks.

[PInvokeData("wincrypt.h", MSDNShortId = "dd639b43-1560-4e9f-a778-9e20484ae012")] [Flags] public enum TimeValidObjectFlags { ///

Use the cumulative time-out registry setting of the client computer for revocation URL retrievals.

CRYPT_ACCUMULATIVE_TIMEOUT = 0x00000800, ///

Retrieve the encoded bits from the client URL cache only. Do not use the wire to retrieve the URL.

CRYPT_CACHE_ONLY_RETRIEVAL = 0x00000002, ///

/// Check if the ThisUpdate property or extension of the current context is greater than or equal to the ftValidFor parameter. ///

CRYPT_CHECK_FRESHNESS_TIME_VALIDITY = 0x00000400, ///

/// Do not perform time validity check. Use this to retrieve a more recent base CRL over the wire or to bypass time validity /// check during a cache retrieval. When this flag is set, pftValidFor can be NULL. ///

CRYPT_DONT_CHECK_TIME_VALIDITY = 0x00000200, ///

/// Do not perform signature verification. Use this when verification of the retrieved object will be performed outside of this /// function or to force a replacement of a retrieved cache entry with a new cache entry for the object. ///

CRYPT_DONT_VERIFY_SIGNATURE = 0x00000100, ///

This value is reserved for future use.

CRYPT_KEEP_TIME_VALID = 0x00000080, ///

/// Retrieves the time valid object from an OCSP responder service only based on Authority Information Access URLs in the /// current context. The CertVerifyRevocation function sets this flag when it is called with the dwFlags parameter set to CERT_VERIFY_REV_SERVER_OCSP_FLAG. ///

CRYPT_OCSP_ONLY_RETRIEVAL = 0x01000000, ///

Retrieves the encoded bits from the wire only. Does not use the URL cache.

CRYPT_WIRE_ONLY_RETRIEVAL = 0x00000004, } ///

/// /// The CryptGetObjectUrl function acquires the URL of the remote object from a certificate, certificate trust list (CTL), or /// certificate revocation list (CRL). /// /// /// The function takes the object, decodes it, and provides a pointer to an array of URLs from the object. For example, from a /// certificate, a CRL distribution list of URLs would be in the array. /// ///

/// /// /// A pointer to an object identifier (OID) that identifies the URL being requested. If the HIWORD of the pszUrlOid parameter is /// zero, the LOWORD specifies the integer identifier for the type of the specified structure. /// /// /// This parameter can be one of the following values. For information about how these values affect the pvPara parameter, see the /// heading "For the pvPara parameter" in the Meaning column. /// /// /// /// Value /// Meaning /// /// /// URL_OID_CERTIFICATE_ISSUER /// /// Provides the URL of the certificate issuer retrieved from the authority information access extension or property of a /// certificate. For the pvPara parameter: A pointer to a CERT_CONTEXT structure that was issued by the issuer whose URL is being requested. /// /// /// /// URL_OID_CERTIFICATE_CRL_DIST_POINT /// /// Provides a list of URLs of the CRL distribution points retrieved from the CRL distribution point extension or property of a /// certificate. For the pvPara parameter: A pointer to a CERT_CONTEXT structure whose CRL distribution point is requested. /// /// /// /// URL_OID_CERTIFICATE_CRL_DIST_POINT_AND_OCSP /// /// Provides a list of OCSP and CRL distribution point URLs from the authority information access (AIA) and CRL distribution point /// extensions or properties of a certificate. The function returns any CRL distribution point URLs first. Before using any OCSP /// URLs, you must remove the L"ocsp:" prefix. For the pvPara parameter: A pointer to a CERT_CONTEXT structure whose OCSP and CRL /// distribution point URLs are requested. /// /// /// /// URL_OID_CERTIFICATE_OCSP /// /// Provides an OCSP URL from the authority information access (AIA) extension or property of a certificate. For the pvPara /// parameter: A pointer to a CERT_CONTEXT structure whose OCSP URL is requested. /// /// /// /// URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT /// /// Provides a list of OCSP and CRL distribution point URLs from the authority information access (AIA) and CRL distribution point /// extensions or properties of a certificate. The function returns any OCSP URLs first. Before using any OCSP URLs, you must remove /// the L"ocsp:" prefix. For the pvPara parameter: A pointer to a CERT_CONTEXT structure whose OCSP and CRL distribution point URLs /// are requested. /// /// /// /// URL_OID_CERTIFICATE_ONLY_OCSP /// /// Provides a list of OCSP URLs from the authority information access (AIA) extension or property of a certificate. Before using /// any OCSP URLs, you must remove the L"ocsp:" prefix. For the pvPara parameter: A pointer to a CERT_CONTEXT structure whose OCSP /// URLs are requested. /// /// /// /// URL_OID_CTL_ISSUER /// /// Provides the URL of the CTL issuer retrieved from an authority information access attribute method encoded in each signer /// information in the PKCS #7 CTL. For the pvPara parameter: A pointer to a Signer Index CTL_CONTEXT structure that was issued by /// the issuer whose URL, identified by the signer index, is requested. /// /// /// /// URL_OID_CTL_NEXT_UPDATE /// /// Provides the URL of the next update of that CTL retrieved from an authority information access CTL extension, property, or /// signer information attribute method. For the pvPara parameter: A pointer to a Signer Index CTL_CONTEXT structure whose next /// update URL is requested, and an optional signer index, in case it is needed to check the signer information attributes. /// /// /// /// URL_OID_CRL_ISSUER /// /// Provides the URL of the CRL issuer retrieved from a property on a CRL that was inherited from the subject certificate (either /// from the subject certificate issuer or the subject certificate distribution point extension). It is encoded as an authority /// information access extension method. For the pvPara parameter: A pointer to a CRL_CONTEXT structure that was issued by the /// issuer whose URL is requested. /// /// /// /// URL_OID_CERTIFICATE_FRESHEST_CRL /// /// Retrieves the most recent CRL extension or property of the certificate. For the pvPara parameter: The PCCERT_CONTEXT of a /// certificate whose most recent CRL distribution point is being requested. /// /// /// /// URL_OID_CRL_FRESHEST_CRL /// /// Retrieves the most recent CRL extension or property of the CRL. For the pvPara parameter: A pointer to a CERT_CRL_CONTEXT_PAIR /// structure that contains the base CRL of a certificate whose most recent CRL distribution point is being requested. /// /// /// /// URL_OID_CROSS_CERT_DIST_POINT /// /// Retrieves the cross certificate distribution point extension or property of the certificate. For the pvPara parameter: The /// PCCERT_CONTEXT of a certificate whose cross certificate distribution point is being requested. /// /// /// /// URL_OID_CROSS_CERT_SUBJECT_INFO_ACCESS /// /// Retrieves the cross certificate Subject Information Access extension or property of the certificate. For the pvPara parameter: /// The PCCERT_CONTEXT of a certificate whose cross certificate Subject Information Access is being requested. /// /// /// /// /// A structure determined by the value of pszUrlOid. For details, see the description for the pszUrlOid parameter. /// /// /// A set of flags used to get the URL locator for an object. This can be zero or a combination of one or more of the following values. /// /// /// /// Value /// Meaning /// /// /// CRYPT_GET_URL_FROM_PROPERTY /// Locates the URL from the property of the object (the location of the data). /// /// /// CRYPT_GET_URL_FROM_EXTENSION /// Locates the URL from the extension of the object. /// /// /// CRYPT_GET_URL_FROM_UNAUTH_ATTRIBUTE /// Locates the URL from an unauthenticated attribute from the signer information data. /// /// /// CRYPT_GET_URL_FROM_AUTH_ATTRIBUTE /// Locates the URL from an authenticated attribute from the signer information data. /// /// /// /// /// /// A pointer to a buffer to receive the data for the value entry. This parameter can be NULL to find the length of the /// buffer required to hold the data. /// /// For more information, see Retrieving Data of Unknown Length. /// /// /// A pointer to a DWORD that specifies the size, in bytes, of the buffer pointed to by the pUrlArray parameter. When the /// function returns, the DWORD contains the number of bytes stored in the buffer. This parameter can be NULL only if /// pUrlArray is NULL. /// /// An optional pointer to a CRYPT_URL_INFO structure that receives the data for the value entry. /// /// /// A pointer to a DWORD that specifies the size, in bytes, of the buffer pointed to by the pUrlArray parameter. When the /// function returns, the DWORD contains the number of bytes stored in the buffer. /// /// /// Note When processing the data returned in the buffer, applications must use the actual size of the data returned. The /// actual size can be slightly smaller than the size of the buffer specified on input. On input, buffer sizes are usually specified /// large enough to ensure that the largest possible output data will fit in the buffer. On output, the variable pointed to by this /// parameter is updated to reflect the actual size of the data copied to the buffer. /// /// /// Reserved for future use and must be NULL. /// /// If the function succeeds, the function returns nonzero ( TRUE). /// If the function fails, it returns zero ( FALSE). For extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptgetobjecturl BOOL CryptGetObjectUrl( LPCSTR // pszUrlOid, LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo, DWORD // *pcbUrlInfo, LPVOID pvReserved ); [DllImport(Lib.Cryptnet, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "a92117b8-9144-4480-b88a-b9ffe1026d63")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CryptGetObjectUrl([In] SafeOID pszUrlOid, [In] IntPtr pvPara, CryptGetUrlFromFlags dwFlags, IntPtr pUrlArray, ref uint pcbUrlArray, IntPtr pUrlInfo, ref uint pcbUrlInfo, IntPtr pvReserved = default); ///

/// /// /// A pointer to an object identifier (OID) that identifies the URL being requested. If the HIWORD of the pszUrlOid parameter is /// zero, the LOWORD specifies the integer identifier for the type of the specified structure. /// /// /// This parameter can be one of the following values. For information about how these values affect the pvPara parameter, see the /// heading "For the pvPara parameter" in the Meaning column. /// /// /// /// Value /// Meaning /// /// /// URL_OID_CERTIFICATE_ISSUER /// /// Provides the URL of the certificate issuer retrieved from the authority information access extension or property of a /// certificate. For the pvPara parameter: A pointer to a CERT_CONTEXT structure that was issued by the issuer whose URL is being requested. /// /// /// /// URL_OID_CERTIFICATE_CRL_DIST_POINT /// /// Provides a list of URLs of the CRL distribution points retrieved from the CRL distribution point extension or property of a /// certificate. For the pvPara parameter: A pointer to a CERT_CONTEXT structure whose CRL distribution point is requested. /// /// /// /// URL_OID_CERTIFICATE_CRL_DIST_POINT_AND_OCSP /// /// Provides a list of OCSP and CRL distribution point URLs from the authority information access (AIA) and CRL distribution point /// extensions or properties of a certificate. The function returns any CRL distribution point URLs first. Before using any OCSP /// URLs, you must remove the L"ocsp:" prefix. For the pvPara parameter: A pointer to a CERT_CONTEXT structure whose OCSP and CRL /// distribution point URLs are requested. /// /// /// /// URL_OID_CERTIFICATE_OCSP /// /// Provides an OCSP URL from the authority information access (AIA) extension or property of a certificate. For the pvPara /// parameter: A pointer to a CERT_CONTEXT structure whose OCSP URL is requested. /// /// /// /// URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT /// /// Provides a list of OCSP and CRL distribution point URLs from the authority information access (AIA) and CRL distribution point /// extensions or properties of a certificate. The function returns any OCSP URLs first. Before using any OCSP URLs, you must remove /// the L"ocsp:" prefix. For the pvPara parameter: A pointer to a CERT_CONTEXT structure whose OCSP and CRL distribution point URLs /// are requested. /// /// /// /// URL_OID_CERTIFICATE_ONLY_OCSP /// /// Provides a list of OCSP URLs from the authority information access (AIA) extension or property of a certificate. Before using /// any OCSP URLs, you must remove the L"ocsp:" prefix. For the pvPara parameter: A pointer to a CERT_CONTEXT structure whose OCSP /// URLs are requested. /// /// /// /// URL_OID_CTL_ISSUER /// /// Provides the URL of the CTL issuer retrieved from an authority information access attribute method encoded in each signer /// information in the PKCS #7 CTL. For the pvPara parameter: A pointer to a Signer Index CTL_CONTEXT structure that was issued by /// the issuer whose URL, identified by the signer index, is requested. /// /// /// /// URL_OID_CTL_NEXT_UPDATE /// /// Provides the URL of the next update of that CTL retrieved from an authority information access CTL extension, property, or /// signer information attribute method. For the pvPara parameter: A pointer to a Signer Index CTL_CONTEXT structure whose next /// update URL is requested, and an optional signer index, in case it is needed to check the signer information attributes. /// /// /// /// URL_OID_CRL_ISSUER /// /// Provides the URL of the CRL issuer retrieved from a property on a CRL that was inherited from the subject certificate (either /// from the subject certificate issuer or the subject certificate distribution point extension). It is encoded as an authority /// information access extension method. For the pvPara parameter: A pointer to a CRL_CONTEXT structure that was issued by the /// issuer whose URL is requested. /// /// /// /// URL_OID_CERTIFICATE_FRESHEST_CRL /// /// Retrieves the most recent CRL extension or property of the certificate. For the pvPara parameter: The PCCERT_CONTEXT of a /// certificate whose most recent CRL distribution point is being requested. /// /// /// /// URL_OID_CRL_FRESHEST_CRL /// /// Retrieves the most recent CRL extension or property of the CRL. For the pvPara parameter: A pointer to a CERT_CRL_CONTEXT_PAIR /// structure that contains the base CRL of a certificate whose most recent CRL distribution point is being requested. /// /// /// /// URL_OID_CROSS_CERT_DIST_POINT /// /// Retrieves the cross certificate distribution point extension or property of the certificate. For the pvPara parameter: The /// PCCERT_CONTEXT of a certificate whose cross certificate distribution point is being requested. /// /// /// /// URL_OID_CROSS_CERT_SUBJECT_INFO_ACCESS /// /// Retrieves the cross certificate Subject Information Access extension or property of the certificate. For the pvPara parameter: /// The PCCERT_CONTEXT of a certificate whose cross certificate Subject Information Access is being requested. /// /// /// /// /// A structure determined by the value of pszUrlOid. For details, see the description for the pszUrlOid parameter. /// /// /// A set of flags used to get the URL locator for an object. This can be zero or a combination of one or more of the following values. /// /// /// /// Value /// Meaning /// /// /// CRYPT_GET_URL_FROM_PROPERTY /// Locates the URL from the property of the object (the location of the data). /// /// /// CRYPT_GET_URL_FROM_EXTENSION /// Locates the URL from the extension of the object. /// /// /// CRYPT_GET_URL_FROM_UNAUTH_ATTRIBUTE /// Locates the URL from an unauthenticated attribute from the signer information data. /// /// /// CRYPT_GET_URL_FROM_AUTH_ATTRIBUTE /// Locates the URL from an authenticated attribute from the signer information data. /// /// /// /// /// /// A pointer to a buffer to receive the data for the value entry. This parameter can be NULL to find the length of the /// buffer required to hold the data. /// /// For more information, see Retrieving Data of Unknown Length. /// /// /// A pointer to a DWORD that specifies the size, in bytes, of the buffer pointed to by the pUrlArray parameter. When the /// function returns, the DWORD contains the number of bytes stored in the buffer. This parameter can be NULL only if /// pUrlArray is NULL. /// /// An optional pointer to a CRYPT_URL_INFO structure that receives the data for the value entry. /// /// /// A pointer to a DWORD that specifies the size, in bytes, of the buffer pointed to by the pUrlArray parameter. When the /// function returns, the DWORD contains the number of bytes stored in the buffer. /// /// /// Note When processing the data returned in the buffer, applications must use the actual size of the data returned. The /// actual size can be slightly smaller than the size of the buffer specified on input. On input, buffer sizes are usually specified /// large enough to ensure that the largest possible output data will fit in the buffer. On output, the variable pointed to by this /// parameter is updated to reflect the actual size of the data copied to the buffer. /// /// /// Reserved for future use and must be NULL. /// /// If the function succeeds, the function returns nonzero ( TRUE). /// If the function fails, it returns zero ( FALSE). For extended error information, call GetLastError. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptgetobjecturl BOOL CryptGetObjectUrl( LPCSTR // pszUrlOid, LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo, DWORD // *pcbUrlInfo, LPVOID pvReserved ); [DllImport(Lib.Cryptnet, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "a92117b8-9144-4480-b88a-b9ffe1026d63")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CryptGetObjectUrl(SafeOID pszUrlOid, [In] IntPtr pvPara, CryptGetUrlFlags dwFlags, [Optional] IntPtr pUrlArray, ref uint pcbUrlArray, [Out, Optional] IntPtr pUrlInfo, ref uint pcbUrlInfo, IntPtr pvReserved = default); ///

/// The CryptGetTimeValidObject function retrieves a CRL, an OCSP response, or CTL object that is valid within a given /// context and time. ///

/// /// /// A pointer to an object identifier (OID) that identifies the object being requested. If the HIWORD of the pszTimeValidOid /// parameter is zero, the LOWORD specifies the integer identifier for the type of the specified structure. /// /// /// This parameter can be one of the following values. For information about how these values affect the pvPara parameter, see the /// heading "For the pvPara parameter" in the Meaning column. /// /// /// /// Value /// Meaning /// /// /// TIME_VALID_OID_GET_CTL ((LPCSTR)1) /// /// Provides a certificate trust list (CTL) based on a URL obtained from the NextUpdateLocation property or extension of the current /// CTL context. For the pvPara parameter: A pointer to a PCCTL_CONTEXT that represents the current certificate trust list. /// /// /// /// TIME_VALID_OID_GET_CRL /// This value is reserved for future use. /// /// /// TIME_VALID_OID_GET_CRL_FROM_CERT ((LPCSTR)3) /// /// Provides a CRL based on information obtained from the CRL distribution points extension of the current certificate context. For /// the pvPara parameter: A pointer to a PCCERT_CONTEXT that represents the subject certificate. /// /// /// /// TIME_VALID_OID_GET_FRESHEST_CRL_FROM_CERT ((LPCSTR)4) /// /// Provides a delta CRL based on information obtained from the freshest CRL extension of the current certificate context. For the /// pvPara parameter: A pointer to a PCCERT_CONTEXT that represents the subject certificate. /// /// /// /// TIME_VALID_OID_GET_FRESHEST_CRL_FROM_CRL ((LPCSTR)5) /// /// Provides a delta CRL based on information obtained from the freshest CRL extension of the current CRL context. For the pvPara /// parameter: A pointer to a PCCERT_CRL_CONTEXT_PAIR that represents the subject certificate and its base CRL. /// /// /// /// /// /// A structure determined by the value of pszTimeValidOid. For details, see the description for the pszTimeValidOid parameter. /// /// A pointer to a CERT_CONTEXT containing the issuer's certificate. /// /// A pointer to an optional FILETIME structure version of the current system time or a freshness time from the current context. /// /// /// A value that determines various retrieval factors such as time-out, source, and validity checks. /// The following table lists possible values for the dwFlags parameter. /// /// /// Value /// Meaning /// /// /// CRYPT_ACCUMULATIVE_TIMEOUT 0x00000800 /// Use the cumulative time-out registry setting of the client computer for revocation URL retrievals. /// /// /// CRYPT_CACHE_ONLY_RETRIEVAL 0x00000002 /// Retrieve the encoded bits from the client URL cache only. Do not use the wire to retrieve the URL. /// /// /// CRYPT_CHECK_FRESHNESS_TIME_VALIDITY 0x00000400 /// Check if the ThisUpdate property or extension of the current context is greater than or equal to the ftValidFor parameter. /// /// /// CRYPT_DONT_CHECK_TIME_VALIDITY 0x00000200 /// /// Do not perform time validity check. Use this to retrieve a more recent base CRL over the wire or to bypass time validity check /// during a cache retrieval. When this flag is set, pftValidFor can be NULL. /// /// /// /// CRYPT_DONT_VERIFY_SIGNATURE 0x00000100 /// /// Do not perform signature verification. Use this when verification of the retrieved object will be performed outside of this /// function or to force a replacement of a retrieved cache entry with a new cache entry for the object. /// /// /// /// CRYPT_KEEP_TIME_VALID 0x00000080 /// This value is reserved for future use. /// /// /// CRYPT_OCSP_ONLY_RETRIEVAL 0x01000000 /// /// Retrieves the time valid object from an OCSP responder service only based on Authority Information Access URLs in the current /// context. The CertVerifyRevocation function sets this flag when it is called with the dwFlags parameter set to CERT_VERIFY_REV_SERVER_OCSP_FLAG. /// /// /// /// CRYPT_WIRE_ONLY_RETRIEVAL 0x00000004 /// Retrieves the encoded bits from the wire only. Does not use the URL cache. /// /// /// /// /// A value, in milliseconds, that specifies when to terminate an URL retrieval attempt that has not returned a result. /// /// /// A pointer to an address for the returned object. The return type can be one of the supported types shown in the pszObjectOid /// parameter of the CryptRetrieveObjectByUrl function. /// /// /// A pointer to an optional CRYPT_CREDENTIALS structure used to access the URL. The only type of credentials currently supported /// are user name and password credentials. /// /// /// A pointer to an optional CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO structure that contains extra information about the cache entry /// for an object. /// /// /// If the function succeeds, the function returns TRUE. /// If the function fails, it returns FALSE. For extended error information, call GetLastError. /// Some possible error codes follow. /// /// /// Return code /// Description /// /// /// CRYPT_E_NOT_FOUND /// The caller specified TIME_VALID_OID_GET_CRL for the pszTimeValidOid parameter. This OID is not supported. /// /// /// CRYPT_E_NOT_IN_REVOCATION_DATABASE /// The caller set the CRYPT_OCSP_ONLY_RETRIEVAL flag and the context includes a non-OCSP URL. /// /// /// E_INVALIDARG /// /// The function failed to retrieve a CRL from a certificate context or retrieve a CTL, and it failed to copy any URLs from a cache entry. /// /// /// /// E_OUTOFMEMORY /// The function could not allocate memory for an internal array operation. /// /// /// ERROR_NOT_CONNECTED /// The caller did not set the CRYPT_CACHE_ONLY_RETRIEVAL flag and is not connected to the Internet. /// /// /// /// /// /// The Cryptnet dynamic link library implements a time valid object (TVO) cache that is used to support the /// CryptGetTimeValidObject function. The cache is used by a process-global TVO agent where each cache entry consists of the /// following information. /// /// /// /// Origin Identifier /// /// /// Context OID /// /// /// Context /// /// /// Retrieval URL /// /// /// Expire Time /// /// /// Offline URL Time Information /// /// /// The TVO agent supports retrieval of TVO objects on-demand or by auto-update. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptgettimevalidobject BOOL CryptGetTimeValidObject( // LPCSTR pszTimeValidOid, LPVOID pvPara, PCCERT_CONTEXT pIssuer, LPFILETIME pftValidFor, DWORD dwFlags, DWORD dwTimeout, LPVOID // *ppvObject, PCRYPT_CREDENTIALS pCredentials, PCRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO pExtraInfo ); [DllImport(Lib.Cryptnet, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "dd639b43-1560-4e9f-a778-9e20484ae012")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CryptGetTimeValidObject(SafeOID pszTimeValidOid, [In] IntPtr pvPara, [In] PCCERT_CONTEXT pIssuer, in FILETIME pftValidFor, TimeValidObjectFlags dwFlags, uint dwTimeout, out IntPtr ppvObject, in CRYPT_CREDENTIALS pCredentials, ref CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO pExtraInfo); ///

/// The CryptGetTimeValidObject function retrieves a CRL, an OCSP response, or CTL object that is valid within a given /// context and time. ///

/// /// /// A pointer to an object identifier (OID) that identifies the object being requested. If the HIWORD of the pszTimeValidOid /// parameter is zero, the LOWORD specifies the integer identifier for the type of the specified structure. /// /// /// This parameter can be one of the following values. For information about how these values affect the pvPara parameter, see the /// heading "For the pvPara parameter" in the Meaning column. /// /// /// /// Value /// Meaning /// /// /// TIME_VALID_OID_GET_CTL ((LPCSTR)1) /// /// Provides a certificate trust list (CTL) based on a URL obtained from the NextUpdateLocation property or extension of the current /// CTL context. For the pvPara parameter: A pointer to a PCCTL_CONTEXT that represents the current certificate trust list. /// /// /// /// TIME_VALID_OID_GET_CRL /// This value is reserved for future use. /// /// /// TIME_VALID_OID_GET_CRL_FROM_CERT ((LPCSTR)3) /// /// Provides a CRL based on information obtained from the CRL distribution points extension of the current certificate context. For /// the pvPara parameter: A pointer to a PCCERT_CONTEXT that represents the subject certificate. /// /// /// /// TIME_VALID_OID_GET_FRESHEST_CRL_FROM_CERT ((LPCSTR)4) /// /// Provides a delta CRL based on information obtained from the freshest CRL extension of the current certificate context. For the /// pvPara parameter: A pointer to a PCCERT_CONTEXT that represents the subject certificate. /// /// /// /// TIME_VALID_OID_GET_FRESHEST_CRL_FROM_CRL ((LPCSTR)5) /// /// Provides a delta CRL based on information obtained from the freshest CRL extension of the current CRL context. For the pvPara /// parameter: A pointer to a PCCERT_CRL_CONTEXT_PAIR that represents the subject certificate and its base CRL. /// /// /// /// /// /// A structure determined by the value of pszTimeValidOid. For details, see the description for the pszTimeValidOid parameter. /// /// A pointer to a CERT_CONTEXT containing the issuer's certificate. /// /// A pointer to an optional FILETIME structure version of the current system time or a freshness time from the current context. /// /// /// A value that determines various retrieval factors such as time-out, source, and validity checks. /// The following table lists possible values for the dwFlags parameter. /// /// /// Value /// Meaning /// /// /// CRYPT_ACCUMULATIVE_TIMEOUT 0x00000800 /// Use the cumulative time-out registry setting of the client computer for revocation URL retrievals. /// /// /// CRYPT_CACHE_ONLY_RETRIEVAL 0x00000002 /// Retrieve the encoded bits from the client URL cache only. Do not use the wire to retrieve the URL. /// /// /// CRYPT_CHECK_FRESHNESS_TIME_VALIDITY 0x00000400 /// Check if the ThisUpdate property or extension of the current context is greater than or equal to the ftValidFor parameter. /// /// /// CRYPT_DONT_CHECK_TIME_VALIDITY 0x00000200 /// /// Do not perform time validity check. Use this to retrieve a more recent base CRL over the wire or to bypass time validity check /// during a cache retrieval. When this flag is set, pftValidFor can be NULL. /// /// /// /// CRYPT_DONT_VERIFY_SIGNATURE 0x00000100 /// /// Do not perform signature verification. Use this when verification of the retrieved object will be performed outside of this /// function or to force a replacement of a retrieved cache entry with a new cache entry for the object. /// /// /// /// CRYPT_KEEP_TIME_VALID 0x00000080 /// This value is reserved for future use. /// /// /// CRYPT_OCSP_ONLY_RETRIEVAL 0x01000000 /// /// Retrieves the time valid object from an OCSP responder service only based on Authority Information Access URLs in the current /// context. The CertVerifyRevocation function sets this flag when it is called with the dwFlags parameter set to CERT_VERIFY_REV_SERVER_OCSP_FLAG. /// /// /// /// CRYPT_WIRE_ONLY_RETRIEVAL 0x00000004 /// Retrieves the encoded bits from the wire only. Does not use the URL cache. /// /// /// /// /// A value, in milliseconds, that specifies when to terminate an URL retrieval attempt that has not returned a result. /// /// /// A pointer to an address for the returned object. The return type can be one of the supported types shown in the pszObjectOid /// parameter of the CryptRetrieveObjectByUrl function. /// /// /// A pointer to an optional CRYPT_CREDENTIALS structure used to access the URL. The only type of credentials currently supported /// are user name and password credentials. /// /// /// A pointer to an optional CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO structure that contains extra information about the cache entry /// for an object. /// /// /// If the function succeeds, the function returns TRUE. /// If the function fails, it returns FALSE. For extended error information, call GetLastError. /// Some possible error codes follow. /// /// /// Return code /// Description /// /// /// CRYPT_E_NOT_FOUND /// The caller specified TIME_VALID_OID_GET_CRL for the pszTimeValidOid parameter. This OID is not supported. /// /// /// CRYPT_E_NOT_IN_REVOCATION_DATABASE /// The caller set the CRYPT_OCSP_ONLY_RETRIEVAL flag and the context includes a non-OCSP URL. /// /// /// E_INVALIDARG /// /// The function failed to retrieve a CRL from a certificate context or retrieve a CTL, and it failed to copy any URLs from a cache entry. /// /// /// /// E_OUTOFMEMORY /// The function could not allocate memory for an internal array operation. /// /// /// ERROR_NOT_CONNECTED /// The caller did not set the CRYPT_CACHE_ONLY_RETRIEVAL flag and is not connected to the Internet. /// /// /// /// /// /// The Cryptnet dynamic link library implements a time valid object (TVO) cache that is used to support the /// CryptGetTimeValidObject function. The cache is used by a process-global TVO agent where each cache entry consists of the /// following information. /// /// /// /// Origin Identifier /// /// /// Context OID /// /// /// Context /// /// /// Retrieval URL /// /// /// Expire Time /// /// /// Offline URL Time Information /// /// /// The TVO agent supports retrieval of TVO objects on-demand or by auto-update. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptgettimevalidobject BOOL CryptGetTimeValidObject( // LPCSTR pszTimeValidOid, LPVOID pvPara, PCCERT_CONTEXT pIssuer, LPFILETIME pftValidFor, DWORD dwFlags, DWORD dwTimeout, LPVOID // *ppvObject, PCRYPT_CREDENTIALS pCredentials, PCRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO pExtraInfo ); [DllImport(Lib.Cryptnet, SetLastError = true, ExactSpelling = true)] [PInvokeData("wincrypt.h", MSDNShortId = "dd639b43-1560-4e9f-a778-9e20484ae012")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CryptGetTimeValidObject(SafeOID pszTimeValidOid, [In] IntPtr pvPara, [In] PCCERT_CONTEXT pIssuer, [Optional] IntPtr pftValidFor, TimeValidObjectFlags dwFlags, uint dwTimeout, out IntPtr ppvObject, [Optional] IntPtr pCredentials, [Optional] IntPtr pExtraInfo); ///

/// /// The CryptRetrieveObjectByUrl function retrieves the public key infrastructure (PKI) object from a location specified by a URL. /// /// These remote objects are in encoded format and are retrieved in a "context" form. ///

/// /// The address of a PKI object to be retrieved. The following schemes are supported: /// /// /// ldap (Lightweight Directory Access Protocol) /// /// /// http /// /// /// https (certificate revocation list (CRL) or online certificate status protocol (OCSP) retrievals only) /// /// /// file /// /// /// /// /// /// The address of a null-terminated ANSI string that identifies the type of object to retrieve. This can be one of the following values. /// /// /// /// Value /// Meaning /// /// /// NULL BLOB /// /// Retrieve one or more data BLOBs. The encoded bits are returned in an array of BLOBs. ppvObject is the address of a /// CRYPT_BLOB_ARRAY structure pointer that receives the BLOB array. When this structure is no longer needed, you must free it by /// passing the address of this structure to the CryptMemFree function. /// /// /// /// CONTEXT_OID_CERTIFICATE certificate /// /// Retrieve one or more certificates. If a single object is being retrieved, ppvObject is the address of a CERT_CONTEXT structure /// pointer that receives the context. When this context is no longer needed, you must free it by passing the CERT_CONTEXT structure /// pointer to the CertFreeCertificateContext function. If multiple objects are being retrieved, ppvObject is the address of an /// HCERTSTORE variable that receives the handle of a store that contains the certificates. When this store is no longer needed, you /// must close it by passing this handle to the CertCloseStore function. /// /// /// /// CONTEXT_OID_CRL CRL /// /// Retrieve one or more certificate revocation lists (CRLs). If a single object is being retrieved, ppvObject is the address of a /// CRL_CONTEXT structure pointer that receives the context. When this context is no longer needed, you must free it by passing the /// CRL_CONTEXT structure pointer to the CertFreeCRLContext function. If multiple objects are being retrieved, ppvObject is the /// address of an HCERTSTORE variable that receives the handle of a store that contains the CRLs. When this store is no longer /// needed, you must close it by passing this handle to the CertCloseStore function. /// /// /// /// CONTEXT_OID_CTL CTL /// /// Retrieve one or more certificate trust lists (CTLs). If a single object is being retrieved, ppvObject is the address of a /// CTL_CONTEXT structure pointer that receives the context. When this context is no longer needed, you must free it by passing the /// CTL_CONTEXT structure pointer to the CertFreeCTLContext function. If multiple objects are being retrieved, ppvObject is the /// address of an HCERTSTORE variable that receives the handle of a store that contains the CTLs. When this store is no longer /// needed, you must close it by passing this handle to the CertCloseStore function. /// /// /// /// CONTEXT_OID_PKCS7 PKCS7 /// /// ppvObject is the address of an HCERTSTORE variable that receives the handle of a store that contains the objects from the /// message. When this store is no longer needed, you must close it by passing this handle to the CertCloseStore function. /// /// /// /// CONTEXT_OID_CAPI2_ANY Function will determine appropriate item /// /// ppvObject is the address of an HCERTSTORE variable that receives the handle of a store that contains the objects. When this /// store is no longer needed, you must close it by passing this handle to the CertCloseStore function. /// /// /// /// CONTEXT_OID_OCSP_RESP OCSP Response /// ppvObject is the address of a pointer to a CRYPT_BLOB_ARRAY structure. /// /// /// /// /// /// Determines whether to use the cached URL or a URL retrieved from the wire URL. The form in which objects are returned is /// determined by the value of pszObjectOid. /// /// /// /// Value /// Meaning /// /// /// CRYPT_AIA_RETRIEVAL /// /// Validates the content retrieved by a wire URL before writing the URL to the cache. The default provider does not support the /// HTTPS protocol for AIA retrievals. /// /// /// /// CRYPT_ASYNC_RETRIEVAL /// This value is not supported. /// /// /// CRYPT_CACHE_ONLY_RETRIEVAL /// Retrieves the encoded bits from the URL cache only. Do not use the wire to retrieve the URL. /// /// /// CRYPT_DONT_CACHE_RESULT /// Does not store the retrieved encoded bits to the URL cache. If this flag is not set, the retrieved URL is cached. /// /// /// CRYPT_HTTP_POST_RETRIEVAL /// /// Uses the POST method instead of the default GET method for HTTP retrievals. In a POST URL, additional binary data and header /// strings are appended to the base URL in the following format: /// BaseURL/OptionalURLEscaped&Base64EncodedAdditionalData?OptionalAdditionalHTTPHeaders The following example shows the /// additional binary data delimited by the last slash mark (/) and a Content-Type header delimited by a question mark (?) appended /// to a base URL. When this flag is set, the CryptRetrieveObjectByUrl function parses the URL by using the last slash mark (/) and /// question mark (?) delimiters. The string, which is delimited by a slash mark (/), contains an unescaped URL (that is, a plain /// text URL without escape characters or escape sequences) and Base64 data decoded into binary form before being passed to the /// WinHttpSendRequest function as the lpOptional parameter. The string delimited by a question mark (?) is passed to the /// WinHttpSendRequest function as the pwszHeaders parameter. /// /// /// /// CRYPT_LDAP_AREC_EXCLUSIVE_RETRIEVAL /// /// Performs A-Record-only DNS lookup on the supplied host string, preventing the generation of false DNS queries when resolving /// host names. This flag should be used when passing a host name as opposed to a domain name. /// /// /// /// CRYPT_LDAP_INSERT_ENTRY_ATTRIBUTE /// /// Retrieves the entry index and attribute name for each LDAP object. The beginning of each returned BLOB contains the following /// ANSI string: "entry index in decimal\0attribute name\0" When this flag is set, pszObjectOid must be NULL so that a BLOB is /// returned. This flag only applies to the ldap scheme. /// /// /// /// CRYPT_LDAP_SCOPE_BASE_ONLY_RETRIEVAL /// Fails if the LDAP search scope is not set to base in the URL. Use with LDAP only. /// /// /// CRYPT_LDAP_SIGN_RETRIEVAL /// /// Digitally signs all of the LDAP traffic to and from a server by using the Kerberos authentication protocol. This feature /// provides integrity required by some applications. /// /// /// /// CRYPT_NO_AUTH_RETRIEVAL /// Inhibits automatic authentication handling. /// /// /// CRYPT_NOT_MODIFIED_RETRIEVAL /// /// Enables a conditional HTTP URL retrieval. When this flag is set, for a conditional retrieval that returns /// HTTP_STATUS_NOT_MODIFIED, CryptRetrieveObjectByUrl returns TRUE and ppvObject is set to NULL. If pAuxInfo is not NULL, /// dwHttpStatusCode is set to HTTP_STATUS_NOT_MODIFIED. Otherwise, ppvObject is updated for a successful retrieval. /// /// /// /// CRYPT_OFFLINE_CHECK_RETRIEVAL /// /// Keeps track of offline failures and delays before hitting the wire on subsequent retrievals. This value is for wire retrieval only. /// /// /// /// CRYPT_PROXY_CACHE_RETRIEVAL /// /// Enables proxy cache retrieval of an object. If a proxy cache was not explicitly bypassed, fProxyCacheRetrieval is set to TRUE in /// pAuxInfo. This value only applies to HTTP URL retrievals. /// /// /// /// CRYPT_RETRIEVE_MULTIPLE_OBJECTS /// /// Retrieves multiple objects if available. All objects must be of a homogeneous object type as determined by the value of /// pszObjectOid, unless the object identifier (OID) value is CONTEXT_OID_CAPI2_ANY. /// /// /// /// CRYPT_STICKY_CACHE_RETRIEVAL /// Tags the URL as exempt from being flushed from the cache. For more information, see STICKY_CACHE_ENTRY in INTERNET_CACHE_ENTRY_INFO. /// /// /// CRYPT_VERIFY_CONTEXT_SIGNATURE /// /// Acquires signature verification on the context created. In this case pszObjectOid must be non-NULL and pvVerify points to the /// signer certificate context. /// /// /// /// CRYPT_VERIFY_DATA_HASH /// This flag is not implemented. Do not use it. /// /// /// CRYPT_WIRE_ONLY_RETRIEVAL /// Retrieves the encoded bits from the wire only. Does not use the URL cache. /// /// /// /// /// Specifies the maximum number of milliseconds to wait for retrieval. If a value of zero is specified, this function does not time /// out. This parameter is not used if the URL scheme is file:///. /// /// /// The address of a pointer to the returned object. The return type can be one of the supported types shown in pszObjectOid. /// /// This parameter is reserved and must be set to NULL. /// This parameter is not used. /// /// A pointer to a verification object. This object is a function of the dwRetrievalFlags parameter. It can be NULL to /// indicate that the caller is not interested in getting the certificate context or index of the signer if dwRetrievalFlags is CRYPT_VERIFY_CONTEXT_SIGNATURE. /// /// /// An optional pointer to a CRYPT_RETRIEVE_AUX_INFO structure. If not NULL and if the cbSize member of the structure /// is set, this parameter returns the time of the last successful wire retrieval. /// /// /// If the function succeeds, the return value is nonzero ( TRUE). /// If the function fails, the return value is zero ( FALSE). /// /// /// /// The remote object retrieval manager exposes two provider models. One is the Scheme Provider model that allows for installable /// protocol providers as defined by the URL scheme, that is, ldap, http, ftp, or file. The scheme provider entry point is the same /// as the CryptRetrieveObjectByUrl function; however, the *ppvObject returned is always a counted array of encoded bits (one /// per object retrieved). /// /// /// The second provider model is the Context Provider model that allows for installable creators of the context handles (objects) /// based on the retrieved encoded bits. These are dispatched based on the object identifier (OID) specified in the call to CryptRetrieveObjectByUrl. /// /// /// Individual PKI objects such as certificates, trusts lists, revocation lists, PKCS #7 messages, and multiple homogenous objects /// can be retrieved. Starting with Windows Vista with Service Pack 1 (SP1) and Windows Server 2008, security of "http:" and "ldap:" /// retrievals have been hardened. For more information, see http://support.microsoft.com/kb/946401. /// /// This function supports "http:" and "ldap:" URL schemes as well as newly defined schemes. /// /// Windows XP:"ftp:" is not supported for network retrieval. For a summary of changes to the CryptoAPI certificate chain /// validation logic in Q835732 on Windows XP, see http://support.microsoft.com/kb/887195. /// /// Note By default, "file:" is not supported for network retrieval. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptretrieveobjectbyurla BOOL CryptRetrieveObjectByUrlA( // LPCSTR pszUrl, LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject, HCRYPTASYNC hAsyncRetrieve, // PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo ); [DllImport(Lib.Cryptnet, SetLastError = false, CharSet = CharSet.Auto)] [PInvokeData("wincrypt.h", MSDNShortId = "2e205f97-be9b-4358-ba22-d475b6a250b7")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CryptRetrieveObjectByUrl([MarshalAs(UnmanagedType.LPTStr)] string pszUrl, [MarshalAs(UnmanagedType.LPTStr)] string pszObjectOid, CryptRetrievalFlags dwRetrievalFlags, uint dwTimeout, ref IntPtr ppvObject, [Optional] IntPtr hAsyncRetrieve, [Optional] IntPtr pCredentials, [Optional] IntPtr pvVerify, ref CRYPT_RETRIEVE_AUX_INFO pAuxInfo); ///

/// /// The address of a PKI object to be retrieved. The following schemes are supported: /// /// /// ldap (Lightweight Directory Access Protocol) /// /// /// http /// /// /// https (certificate revocation list (CRL) or online certificate status protocol (OCSP) retrievals only) /// /// /// file /// /// /// /// /// /// The address of a null-terminated ANSI string that identifies the type of object to retrieve. This can be one of the following values. /// /// /// /// Value /// Meaning /// /// /// NULL BLOB /// /// Retrieve one or more data BLOBs. The encoded bits are returned in an array of BLOBs. ppvObject is the address of a /// CRYPT_BLOB_ARRAY structure pointer that receives the BLOB array. When this structure is no longer needed, you must free it by /// passing the address of this structure to the CryptMemFree function. /// /// /// /// CONTEXT_OID_CERTIFICATE certificate /// /// Retrieve one or more certificates. If a single object is being retrieved, ppvObject is the address of a CERT_CONTEXT structure /// pointer that receives the context. When this context is no longer needed, you must free it by passing the CERT_CONTEXT structure /// pointer to the CertFreeCertificateContext function. If multiple objects are being retrieved, ppvObject is the address of an /// HCERTSTORE variable that receives the handle of a store that contains the certificates. When this store is no longer needed, you /// must close it by passing this handle to the CertCloseStore function. /// /// /// /// CONTEXT_OID_CRL CRL /// /// Retrieve one or more certificate revocation lists (CRLs). If a single object is being retrieved, ppvObject is the address of a /// CRL_CONTEXT structure pointer that receives the context. When this context is no longer needed, you must free it by passing the /// CRL_CONTEXT structure pointer to the CertFreeCRLContext function. If multiple objects are being retrieved, ppvObject is the /// address of an HCERTSTORE variable that receives the handle of a store that contains the CRLs. When this store is no longer /// needed, you must close it by passing this handle to the CertCloseStore function. /// /// /// /// CONTEXT_OID_CTL CTL /// /// Retrieve one or more certificate trust lists (CTLs). If a single object is being retrieved, ppvObject is the address of a /// CTL_CONTEXT structure pointer that receives the context. When this context is no longer needed, you must free it by passing the /// CTL_CONTEXT structure pointer to the CertFreeCTLContext function. If multiple objects are being retrieved, ppvObject is the /// address of an HCERTSTORE variable that receives the handle of a store that contains the CTLs. When this store is no longer /// needed, you must close it by passing this handle to the CertCloseStore function. /// /// /// /// CONTEXT_OID_PKCS7 PKCS7 /// /// ppvObject is the address of an HCERTSTORE variable that receives the handle of a store that contains the objects from the /// message. When this store is no longer needed, you must close it by passing this handle to the CertCloseStore function. /// /// /// /// CONTEXT_OID_CAPI2_ANY Function will determine appropriate item /// /// ppvObject is the address of an HCERTSTORE variable that receives the handle of a store that contains the objects. When this /// store is no longer needed, you must close it by passing this handle to the CertCloseStore function. /// /// /// /// CONTEXT_OID_OCSP_RESP OCSP Response /// ppvObject is the address of a pointer to a CRYPT_BLOB_ARRAY structure. /// /// /// /// /// /// Determines whether to use the cached URL or a URL retrieved from the wire URL. The form in which objects are returned is /// determined by the value of pszObjectOid. /// /// /// /// Value /// Meaning /// /// /// CRYPT_AIA_RETRIEVAL /// /// Validates the content retrieved by a wire URL before writing the URL to the cache. The default provider does not support the /// HTTPS protocol for AIA retrievals. /// /// /// /// CRYPT_ASYNC_RETRIEVAL /// This value is not supported. /// /// /// CRYPT_CACHE_ONLY_RETRIEVAL /// Retrieves the encoded bits from the URL cache only. Do not use the wire to retrieve the URL. /// /// /// CRYPT_DONT_CACHE_RESULT /// Does not store the retrieved encoded bits to the URL cache. If this flag is not set, the retrieved URL is cached. /// /// /// CRYPT_HTTP_POST_RETRIEVAL /// /// Uses the POST method instead of the default GET method for HTTP retrievals. In a POST URL, additional binary data and header /// strings are appended to the base URL in the following format: /// BaseURL/OptionalURLEscaped&Base64EncodedAdditionalData?OptionalAdditionalHTTPHeaders The following example shows the /// additional binary data delimited by the last slash mark (/) and a Content-Type header delimited by a question mark (?) appended /// to a base URL. When this flag is set, the CryptRetrieveObjectByUrl function parses the URL by using the last slash mark (/) and /// question mark (?) delimiters. The string, which is delimited by a slash mark (/), contains an unescaped URL (that is, a plain /// text URL without escape characters or escape sequences) and Base64 data decoded into binary form before being passed to the /// WinHttpSendRequest function as the lpOptional parameter. The string delimited by a question mark (?) is passed to the /// WinHttpSendRequest function as the pwszHeaders parameter. /// /// /// /// CRYPT_LDAP_AREC_EXCLUSIVE_RETRIEVAL /// /// Performs A-Record-only DNS lookup on the supplied host string, preventing the generation of false DNS queries when resolving /// host names. This flag should be used when passing a host name as opposed to a domain name. /// /// /// /// CRYPT_LDAP_INSERT_ENTRY_ATTRIBUTE /// /// Retrieves the entry index and attribute name for each LDAP object. The beginning of each returned BLOB contains the following /// ANSI string: "entry index in decimal\0attribute name\0" When this flag is set, pszObjectOid must be NULL so that a BLOB is /// returned. This flag only applies to the ldap scheme. /// /// /// /// CRYPT_LDAP_SCOPE_BASE_ONLY_RETRIEVAL /// Fails if the LDAP search scope is not set to base in the URL. Use with LDAP only. /// /// /// CRYPT_LDAP_SIGN_RETRIEVAL /// /// Digitally signs all of the LDAP traffic to and from a server by using the Kerberos authentication protocol. This feature /// provides integrity required by some applications. /// /// /// /// CRYPT_NO_AUTH_RETRIEVAL /// Inhibits automatic authentication handling. /// /// /// CRYPT_NOT_MODIFIED_RETRIEVAL /// /// Enables a conditional HTTP URL retrieval. When this flag is set, for a conditional retrieval that returns /// HTTP_STATUS_NOT_MODIFIED, CryptRetrieveObjectByUrl returns TRUE and ppvObject is set to NULL. If pAuxInfo is not NULL, /// dwHttpStatusCode is set to HTTP_STATUS_NOT_MODIFIED. Otherwise, ppvObject is updated for a successful retrieval. /// /// /// /// CRYPT_OFFLINE_CHECK_RETRIEVAL /// /// Keeps track of offline failures and delays before hitting the wire on subsequent retrievals. This value is for wire retrieval only. /// /// /// /// CRYPT_PROXY_CACHE_RETRIEVAL /// /// Enables proxy cache retrieval of an object. If a proxy cache was not explicitly bypassed, fProxyCacheRetrieval is set to TRUE in /// pAuxInfo. This value only applies to HTTP URL retrievals. /// /// /// /// CRYPT_RETRIEVE_MULTIPLE_OBJECTS /// /// Retrieves multiple objects if available. All objects must be of a homogeneous object type as determined by the value of /// pszObjectOid, unless the object identifier (OID) value is CONTEXT_OID_CAPI2_ANY. /// /// /// /// CRYPT_STICKY_CACHE_RETRIEVAL /// Tags the URL as exempt from being flushed from the cache. For more information, see STICKY_CACHE_ENTRY in INTERNET_CACHE_ENTRY_INFO. /// /// /// CRYPT_VERIFY_CONTEXT_SIGNATURE /// /// Acquires signature verification on the context created. In this case pszObjectOid must be non-NULL and pvVerify points to the /// signer certificate context. /// /// /// /// CRYPT_VERIFY_DATA_HASH /// This flag is not implemented. Do not use it. /// /// /// CRYPT_WIRE_ONLY_RETRIEVAL /// Retrieves the encoded bits from the wire only. Does not use the URL cache. /// /// /// /// /// Specifies the maximum number of milliseconds to wait for retrieval. If a value of zero is specified, this function does not time /// out. This parameter is not used if the URL scheme is file:///. /// /// /// The address of a pointer to the returned object. The return type can be one of the supported types shown in pszObjectOid. /// /// This parameter is reserved and must be set to NULL. /// This parameter is not used. /// /// A pointer to a verification object. This object is a function of the dwRetrievalFlags parameter. It can be NULL to /// indicate that the caller is not interested in getting the certificate context or index of the signer if dwRetrievalFlags is CRYPT_VERIFY_CONTEXT_SIGNATURE. /// /// /// An optional pointer to a CRYPT_RETRIEVE_AUX_INFO structure. If not NULL and if the cbSize member of the structure /// is set, this parameter returns the time of the last successful wire retrieval. /// /// /// If the function succeeds, the return value is nonzero ( TRUE). /// If the function fails, the return value is zero ( FALSE). /// /// /// /// The remote object retrieval manager exposes two provider models. One is the Scheme Provider model that allows for installable /// protocol providers as defined by the URL scheme, that is, ldap, http, ftp, or file. The scheme provider entry point is the same /// as the CryptRetrieveObjectByUrl function; however, the *ppvObject returned is always a counted array of encoded bits (one /// per object retrieved). /// /// /// The second provider model is the Context Provider model that allows for installable creators of the context handles (objects) /// based on the retrieved encoded bits. These are dispatched based on the object identifier (OID) specified in the call to CryptRetrieveObjectByUrl. /// /// /// Individual PKI objects such as certificates, trusts lists, revocation lists, PKCS #7 messages, and multiple homogenous objects /// can be retrieved. Starting with Windows Vista with Service Pack 1 (SP1) and Windows Server 2008, security of "http:" and "ldap:" /// retrievals have been hardened. For more information, see http://support.microsoft.com/kb/946401. /// /// This function supports "http:" and "ldap:" URL schemes as well as newly defined schemes. /// /// Windows XP:"ftp:" is not supported for network retrieval. For a summary of changes to the CryptoAPI certificate chain /// validation logic in Q835732 on Windows XP, see http://support.microsoft.com/kb/887195. /// /// Note By default, "file:" is not supported for network retrieval. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptretrieveobjectbyurla BOOL CryptRetrieveObjectByUrlA( // LPCSTR pszUrl, LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject, HCRYPTASYNC hAsyncRetrieve, // PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo ); [DllImport(Lib.Cryptnet, SetLastError = false, CharSet = CharSet.Auto)] [PInvokeData("wincrypt.h", MSDNShortId = "2e205f97-be9b-4358-ba22-d475b6a250b7")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CryptRetrieveObjectByUrl(SafeOID pszUrl, [Optional] SafeOID pszObjectOid, uint dwRetrievalFlags, uint dwTimeout, out IntPtr ppvObject, [Optional] IntPtr hAsyncRetrieve, in CRYPT_CREDENTIALS pCredentials, [Optional] IntPtr pvVerify, ref CRYPT_RETRIEVE_AUX_INFO pAuxInfo); ///

/// /// The address of a PKI object to be retrieved. The following schemes are supported: /// /// /// ldap (Lightweight Directory Access Protocol) /// /// /// http /// /// /// https (certificate revocation list (CRL) or online certificate status protocol (OCSP) retrievals only) /// /// /// file /// /// /// /// /// /// The address of a null-terminated ANSI string that identifies the type of object to retrieve. This can be one of the following values. /// /// /// /// Value /// Meaning /// /// /// NULL BLOB /// /// Retrieve one or more data BLOBs. The encoded bits are returned in an array of BLOBs. ppvObject is the address of a /// CRYPT_BLOB_ARRAY structure pointer that receives the BLOB array. When this structure is no longer needed, you must free it by /// passing the address of this structure to the CryptMemFree function. /// /// /// /// CONTEXT_OID_CERTIFICATE certificate /// /// Retrieve one or more certificates. If a single object is being retrieved, ppvObject is the address of a CERT_CONTEXT structure /// pointer that receives the context. When this context is no longer needed, you must free it by passing the CERT_CONTEXT structure /// pointer to the CertFreeCertificateContext function. If multiple objects are being retrieved, ppvObject is the address of an /// HCERTSTORE variable that receives the handle of a store that contains the certificates. When this store is no longer needed, you /// must close it by passing this handle to the CertCloseStore function. /// /// /// /// CONTEXT_OID_CRL CRL /// /// Retrieve one or more certificate revocation lists (CRLs). If a single object is being retrieved, ppvObject is the address of a /// CRL_CONTEXT structure pointer that receives the context. When this context is no longer needed, you must free it by passing the /// CRL_CONTEXT structure pointer to the CertFreeCRLContext function. If multiple objects are being retrieved, ppvObject is the /// address of an HCERTSTORE variable that receives the handle of a store that contains the CRLs. When this store is no longer /// needed, you must close it by passing this handle to the CertCloseStore function. /// /// /// /// CONTEXT_OID_CTL CTL /// /// Retrieve one or more certificate trust lists (CTLs). If a single object is being retrieved, ppvObject is the address of a /// CTL_CONTEXT structure pointer that receives the context. When this context is no longer needed, you must free it by passing the /// CTL_CONTEXT structure pointer to the CertFreeCTLContext function. If multiple objects are being retrieved, ppvObject is the /// address of an HCERTSTORE variable that receives the handle of a store that contains the CTLs. When this store is no longer /// needed, you must close it by passing this handle to the CertCloseStore function. /// /// /// /// CONTEXT_OID_PKCS7 PKCS7 /// /// ppvObject is the address of an HCERTSTORE variable that receives the handle of a store that contains the objects from the /// message. When this store is no longer needed, you must close it by passing this handle to the CertCloseStore function. /// /// /// /// CONTEXT_OID_CAPI2_ANY Function will determine appropriate item /// /// ppvObject is the address of an HCERTSTORE variable that receives the handle of a store that contains the objects. When this /// store is no longer needed, you must close it by passing this handle to the CertCloseStore function. /// /// /// /// CONTEXT_OID_OCSP_RESP OCSP Response /// ppvObject is the address of a pointer to a CRYPT_BLOB_ARRAY structure. /// /// /// /// /// /// Determines whether to use the cached URL or a URL retrieved from the wire URL. The form in which objects are returned is /// determined by the value of pszObjectOid. /// /// /// /// Value /// Meaning /// /// /// CRYPT_AIA_RETRIEVAL /// /// Validates the content retrieved by a wire URL before writing the URL to the cache. The default provider does not support the /// HTTPS protocol for AIA retrievals. /// /// /// /// CRYPT_ASYNC_RETRIEVAL /// This value is not supported. /// /// /// CRYPT_CACHE_ONLY_RETRIEVAL /// Retrieves the encoded bits from the URL cache only. Do not use the wire to retrieve the URL. /// /// /// CRYPT_DONT_CACHE_RESULT /// Does not store the retrieved encoded bits to the URL cache. If this flag is not set, the retrieved URL is cached. /// /// /// CRYPT_HTTP_POST_RETRIEVAL /// /// Uses the POST method instead of the default GET method for HTTP retrievals. In a POST URL, additional binary data and header /// strings are appended to the base URL in the following format: /// BaseURL/OptionalURLEscaped&Base64EncodedAdditionalData?OptionalAdditionalHTTPHeaders The following example shows the /// additional binary data delimited by the last slash mark (/) and a Content-Type header delimited by a question mark (?) appended /// to a base URL. When this flag is set, the CryptRetrieveObjectByUrl function parses the URL by using the last slash mark (/) and /// question mark (?) delimiters. The string, which is delimited by a slash mark (/), contains an unescaped URL (that is, a plain /// text URL without escape characters or escape sequences) and Base64 data decoded into binary form before being passed to the /// WinHttpSendRequest function as the lpOptional parameter. The string delimited by a question mark (?) is passed to the /// WinHttpSendRequest function as the pwszHeaders parameter. /// /// /// /// CRYPT_LDAP_AREC_EXCLUSIVE_RETRIEVAL /// /// Performs A-Record-only DNS lookup on the supplied host string, preventing the generation of false DNS queries when resolving /// host names. This flag should be used when passing a host name as opposed to a domain name. /// /// /// /// CRYPT_LDAP_INSERT_ENTRY_ATTRIBUTE /// /// Retrieves the entry index and attribute name for each LDAP object. The beginning of each returned BLOB contains the following /// ANSI string: "entry index in decimal\0attribute name\0" When this flag is set, pszObjectOid must be NULL so that a BLOB is /// returned. This flag only applies to the ldap scheme. /// /// /// /// CRYPT_LDAP_SCOPE_BASE_ONLY_RETRIEVAL /// Fails if the LDAP search scope is not set to base in the URL. Use with LDAP only. /// /// /// CRYPT_LDAP_SIGN_RETRIEVAL /// /// Digitally signs all of the LDAP traffic to and from a server by using the Kerberos authentication protocol. This feature /// provides integrity required by some applications. /// /// /// /// CRYPT_NO_AUTH_RETRIEVAL /// Inhibits automatic authentication handling. /// /// /// CRYPT_NOT_MODIFIED_RETRIEVAL /// /// Enables a conditional HTTP URL retrieval. When this flag is set, for a conditional retrieval that returns /// HTTP_STATUS_NOT_MODIFIED, CryptRetrieveObjectByUrl returns TRUE and ppvObject is set to NULL. If pAuxInfo is not NULL, /// dwHttpStatusCode is set to HTTP_STATUS_NOT_MODIFIED. Otherwise, ppvObject is updated for a successful retrieval. /// /// /// /// CRYPT_OFFLINE_CHECK_RETRIEVAL /// /// Keeps track of offline failures and delays before hitting the wire on subsequent retrievals. This value is for wire retrieval only. /// /// /// /// CRYPT_PROXY_CACHE_RETRIEVAL /// /// Enables proxy cache retrieval of an object. If a proxy cache was not explicitly bypassed, fProxyCacheRetrieval is set to TRUE in /// pAuxInfo. This value only applies to HTTP URL retrievals. /// /// /// /// CRYPT_RETRIEVE_MULTIPLE_OBJECTS /// /// Retrieves multiple objects if available. All objects must be of a homogeneous object type as determined by the value of /// pszObjectOid, unless the object identifier (OID) value is CONTEXT_OID_CAPI2_ANY. /// /// /// /// CRYPT_STICKY_CACHE_RETRIEVAL /// Tags the URL as exempt from being flushed from the cache. For more information, see STICKY_CACHE_ENTRY in INTERNET_CACHE_ENTRY_INFO. /// /// /// CRYPT_VERIFY_CONTEXT_SIGNATURE /// /// Acquires signature verification on the context created. In this case pszObjectOid must be non-NULL and pvVerify points to the /// signer certificate context. /// /// /// /// CRYPT_VERIFY_DATA_HASH /// This flag is not implemented. Do not use it. /// /// /// CRYPT_WIRE_ONLY_RETRIEVAL /// Retrieves the encoded bits from the wire only. Does not use the URL cache. /// /// /// /// /// Specifies the maximum number of milliseconds to wait for retrieval. If a value of zero is specified, this function does not time /// out. This parameter is not used if the URL scheme is file:///. /// /// /// The address of a pointer to the returned object. The return type can be one of the supported types shown in pszObjectOid. /// /// This parameter is reserved and must be set to NULL. /// This parameter is not used. /// /// A pointer to a verification object. This object is a function of the dwRetrievalFlags parameter. It can be NULL to /// indicate that the caller is not interested in getting the certificate context or index of the signer if dwRetrievalFlags is CRYPT_VERIFY_CONTEXT_SIGNATURE. /// /// /// An optional pointer to a CRYPT_RETRIEVE_AUX_INFO structure. If not NULL and if the cbSize member of the structure /// is set, this parameter returns the time of the last successful wire retrieval. /// /// /// If the function succeeds, the return value is nonzero ( TRUE). /// If the function fails, the return value is zero ( FALSE). /// /// /// /// The remote object retrieval manager exposes two provider models. One is the Scheme Provider model that allows for installable /// protocol providers as defined by the URL scheme, that is, ldap, http, ftp, or file. The scheme provider entry point is the same /// as the CryptRetrieveObjectByUrl function; however, the *ppvObject returned is always a counted array of encoded bits (one /// per object retrieved). /// /// /// The second provider model is the Context Provider model that allows for installable creators of the context handles (objects) /// based on the retrieved encoded bits. These are dispatched based on the object identifier (OID) specified in the call to CryptRetrieveObjectByUrl. /// /// /// Individual PKI objects such as certificates, trusts lists, revocation lists, PKCS #7 messages, and multiple homogenous objects /// can be retrieved. Starting with Windows Vista with Service Pack 1 (SP1) and Windows Server 2008, security of "http:" and "ldap:" /// retrievals have been hardened. For more information, see http://support.microsoft.com/kb/946401. /// /// This function supports "http:" and "ldap:" URL schemes as well as newly defined schemes. /// /// Windows XP:"ftp:" is not supported for network retrieval. For a summary of changes to the CryptoAPI certificate chain /// validation logic in Q835732 on Windows XP, see http://support.microsoft.com/kb/887195. /// /// Note By default, "file:" is not supported for network retrieval. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptretrieveobjectbyurla BOOL CryptRetrieveObjectByUrlA( // LPCSTR pszUrl, LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject, HCRYPTASYNC hAsyncRetrieve, // PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo ); [DllImport(Lib.Cryptnet, SetLastError = false, CharSet = CharSet.Auto)] [PInvokeData("wincrypt.h", MSDNShortId = "2e205f97-be9b-4358-ba22-d475b6a250b7")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CryptRetrieveObjectByUrl(SafeOID pszUrl, [Optional] SafeOID pszObjectOid, uint dwRetrievalFlags, uint dwTimeout, [Optional] IntPtr ppvObject, [Optional] IntPtr hAsyncRetrieve, [Optional] IntPtr pCredentials, [Optional] IntPtr pvVerify, [Optional] IntPtr pAuxInfo); ///

/// The CERT_REVOCATION_CHAIN_PARA structure contains parameters used for building a chain for an independent online /// certificate status protocol (OCSP) response signer certificate. The CERT_REVOCATION_PARA and /// CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO structure definitions include optional pointers to this structure. ///

// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_revocation_chain_para typedef struct // _CERT_REVOCATION_CHAIN_PARA { DWORD cbSize; HCERTCHAINENGINE hChainEngine; HCERTSTORE hAdditionalStore; DWORD dwChainFlags; DWORD // dwUrlRetrievalTimeout; LPFILETIME pftCurrentTime; LPFILETIME pftCacheResync; DWORD cbMaxUrlRetrievalByteCount; } // CERT_REVOCATION_CHAIN_PARA, *PCERT_REVOCATION_CHAIN_PARA; [PInvokeData("wincrypt.h", MSDNShortId = "9cdcc81a-aef1-4a1e-94f8-7aa461225dae")] [StructLayout(LayoutKind.Sequential)] public struct CERT_REVOCATION_CHAIN_PARA { ///

The size, in bytes, of this structure.

public uint cbSize; ///

A handle to the chain engine used by the caller.

public HCERTCHAINENGINE hChainEngine; ///

A handle to a store that contains the certificates used to build the original chain. The handle can be NULL.

public HCERTSTORE hAdditionalStore; ///

/// A value for the dwFlags parameter passed to the CertGetCertificateChain function. /// /// /// Value /// Meaning /// /// /// CERT_CHAIN_REVOCATION_CHECK_OCSP_CERT 0x04000000 /// /// This flag will be set by the CertVerifyRevocation provider when it calls CertGetCertificateChain with an independent OCSP /// signer certificate. When set, CertGetCertificateChain will call CertVerifyRevocation without setting the pointer to the /// above CERT_REVOCATION_CHAIN_PARA data structure; this helps to prevent circular revocation checking. /// /// /// ///

public uint dwChainFlags; ///

/// A value that contains the time-out limit, in milliseconds. If zero, the revocation handler's default time-out is used. ///

public uint dwUrlRetrievalTimeout; ///

/// A pointer to a FILETIME structure used in the freshness time check. If this pointer is NULL, the revocation handler /// uses the current time. ///

public IntPtr pftCurrentTime; ///

/// A pointer to a FILETIME structure that governs the use of cached information. Any information cached before this time is /// considered invalid and new information is retrieved. When set, this value overrides the registry configuration CacheResync time. ///

public IntPtr pftCacheResync; ///

/// /// A DWORD value that specifies the maximum number of bytes to download from the URL object. A value of 0 specifies no limit. /// /// Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This member is not supported. ///

public uint cbMaxUrlRetrievalByteCount; } ///

/// The CRYPT_CREDENTIALS structure contains information about credentials that can be passed as optional input to a remote /// object retrieval function such as CryptRetrieveObjectByUrl or CryptGetTimeValidObject. ///

// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_credentials typedef struct _CRYPT_CREDENTIALS { // DWORD cbSize; LPCSTR pszCredentialsOid; LPVOID pvCredentials; } CRYPT_CREDENTIALS, *PCRYPT_CREDENTIALS; [PInvokeData("wincrypt.h", MSDNShortId = "d28b2f52-3258-44ad-a3ab-0743d3afcd62")] [StructLayout(LayoutKind.Sequential)] public struct CRYPT_CREDENTIALS { ///

The size in bytes of this structure.

public uint cbSize; ///

/// /// A pointer to a null-terminated string that contains the type of credential object represented by the pvCredentials member. /// /// This member can contain the following possible value. /// /// /// Value /// Meaning /// /// /// CREDENTIAL_OID_PASSWORD_CREDENTIALS /// /// The pvCredentials member contains a CRYPT_PASSWORD_CREDENTIALS structure that represents a user name and password combination. /// /// /// ///

public IntPtr pszCredentialsOid; ///

A pointer to a structure as defined by the pszCredentialsOid member.

public IntPtr pvCredentials; } ///

/// The CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO structure contains optional extra information that can be passed to the /// CryptGetTimeValidObject function in the pExtraInfo parameter. ///

/// /// All members of the CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO structure that do not have a value must be set to zero. /// // https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_get_time_valid_object_extra_info typedef struct // _CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO { DWORD cbSize; int iDeltaCrlIndicator; LPFILETIME pftCacheResync; LPFILETIME // pLastSyncTime; LPFILETIME pMaxAgeTime; PCERT_REVOCATION_CHAIN_PARA pChainPara; PCRYPT_INTEGER_BLOB pDeltaCrlIndicator; } // CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO, *PCRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO; [PInvokeData("wincrypt.h", MSDNShortId = "3de595f9-c922-4c8f-8328-819e91a2997c")] [StructLayout(LayoutKind.Sequential)] public struct CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO { ///

The size, in bytes, of this structure.

public uint cbSize; ///

/// /// A value used to compare to the base certificate revocation list (CRL) number. If the base CRL number is less than this /// value, the caller should attempt to retrieve a newer base CRL. /// /// /// If the pDeltaCrlIndicator member is non- NULL the value of this member must be 0x7fffffff. Windows Server /// 2008, Windows Vista, Windows Server 2003 and Windows XP: Because the pDeltaCrlIndicator member does not exist, /// the iDeltaCrlIndicator value requirement does not apply. /// ///

public int iDeltaCrlIndicator; ///

/// A pointer to a FILETIME structure that governs the use of cached information. Any information cached before this time is /// considered invalid and new information is retrieved. ///

public IntPtr pftCacheResync; ///

/// A pointer to a FILETIME structure that contains the time of the last synchronization of the data retrieved for the object. ///

public IntPtr pLastSyncTime; ///

/// A pointer to a FILETIME structure that specifies an expiration time of the data retrieved based on the dwMaxAge /// member of the CRYPTNET_URL_CACHE_RESPONSE_INFO structure. ///

public IntPtr pMaxAgeTime; ///

/// A pointer to a structure that contains the CertGetCertificateChain function /// parameters used by the caller. The data in this member enables independent online certificate status protocol (OCSP) signer /// certificate chain verification. ///

public IntPtr pChainPara; ///

/// /// A pointer to a CRYPT_INTEGER_BLOB structure that contains a CRL with a length of more than 4 bytes. If this member is non- /// NULL and the iDeltaCrlIndicator member is equal to MAXLONG, then if the base CRL number is less than /// this value, the caller should attempt to retrieve a newer base CRL. /// /// Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This member is not supported. ///

public IntPtr pDeltaCrlIndicator; } ///

/// The CRYPT_RETRIEVE_AUX_INFO structure contains optional information to pass to the CryptRetrieveObjectByUrl function. All /// unused members of this structure must contain zero. ///

// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_retrieve_aux_info typedef struct // _CRYPT_RETRIEVE_AUX_INFO { DWORD cbSize; FILETIME *pLastSyncTime; DWORD dwMaxUrlRetrievalByteCount; // PCRYPTNET_URL_CACHE_PRE_FETCH_INFO pPreFetchInfo; PCRYPTNET_URL_CACHE_FLUSH_INFO pFlushInfo; PCRYPTNET_URL_CACHE_RESPONSE_INFO // *ppResponseInfo; LPWSTR pwszCacheFileNamePrefix; LPFILETIME pftCacheResync; BOOL fProxyCacheRetrieval; DWORD dwHttpStatusCode; // LPWSTR *ppwszErrorResponseHeaders; PCRYPT_DATA_BLOB *ppErrorContentBlob; } CRYPT_RETRIEVE_AUX_INFO, *PCRYPT_RETRIEVE_AUX_INFO; [PInvokeData("wincrypt.h", MSDNShortId = "33ea51e7-c3e3-4cf8-ade0-099cb8b2e651")] [StructLayout(LayoutKind.Sequential)] public struct CRYPT_RETRIEVE_AUX_INFO { ///

The size, in bytes, of the structure.

public uint cbSize; ///

A FILETIME structure that contains the time of the last synchronization of the data retrieved.

public IntPtr pLastSyncTime; ///

A value that specifies a limit to the number of byes retrieved. A value of zero or less specifies no limit.

public uint dwMaxUrlRetrievalByteCount; ///

/// A pointer to a CRYPTNET_URL_CACHE_PRE_FETCH_INFO structure. To get prefetch information, set its cbSize upon input. /// For no prefetch information, except for cbSize, the data structure contains zero upon return. ///

public IntPtr pPreFetchInfo; ///

/// A pointer to a CRYPTNET_URL_CACHE_FLUSH_INFO structure. To get flush information, set its cbSize upon input. For no /// flush information, except for cbSize, the data structure contains zero upon return. ///

public IntPtr pFlushInfo; ///

/// A pointer to a PCRYPTNET_URL_CACHE_RESPONSE_INFO structure. To get response information, set the pointer to the address of a /// CRYPTNET_URL_CACHE_RESPONSE_INFO pointer updated with the allocated structure. For no response information, /// ppResponseInfo is set to NULL. If it is not NULL, it must be freed by using the CryptMemFree function. ///

public IntPtr ppResponseInfo; ///

/// A pointer to a string that contains a prefix for a cached file name. If not NULL, the specified prefix string is /// concatenated to the front of the cached file name. ///

[MarshalAs(UnmanagedType.LPWStr)] public string pwszCacheFileNamePrefix; ///

/// A pointer to a FILETIME structure that specifies a cache synchronization time. If not NULL, any information cached /// before this time is considered time invalid. For a CRYPT_CACHE_ONLY_RETRIEVAL, if there is a cached entry before this /// time, CryptRetrieveObjectByUrl returns ERROR_INVALID_TIME. When used with an HTTP retrieval, this specifies the /// maximum age for a time-valid object. ///

public IntPtr pftCacheResync; ///

/// A value that indicates whether CryptRetrieveObjectByUrl was called with CRYPT_PROXY_CACHE_RETRIEVAL set in /// dwRetrievalFlags and a proxy cache was not explicitly bypassed for the retrieval. This flag is not explicitly cleared and /// only applies to HTTP URL retrievals. ///

[MarshalAs(UnmanagedType.Bool)] public bool fProxyCacheRetrieval; ///

/// A value that specifies a status code from an unsuccessful HTTP response header. If CRYPT_NOT_MODIFIED_RETRIEVAL was /// set in dwRetrievalFlags, and the HTTP retrieval returns HTTP_STATUS_NOT_MODIFIED, this contains the /// HTTP_STATUS_NOT_MODIFIED status code. This value is not explicitly cleared and is only updated for HTTP or HTTPS URL retrievals. ///

public uint dwHttpStatusCode; ///

public IntPtr ppwszErrorResponseHeaders; ///

public IntPtr ppErrorContentBlob; } ///

The data for the value entry.

[PInvokeData("wincrypt.h", MSDNShortId = "a92117b8-9144-4480-b88a-b9ffe1026d63")] [StructLayout(LayoutKind.Sequential)] public struct CRYPT_URL_ARRAY { ///

Number of elements in the rgwszUrl array of URLs.

public uint cUrl; ///

An array of Unicode string pointers to URLs.

public IntPtr rgwszUrl; } ///

The CRYPT_URL_INFO structure contains information about groupings of URLs.

// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_url_info typedef struct _CRYPT_URL_INFO { DWORD // cbSize; DWORD dwSyncDeltaTime; DWORD cGroup; DWORD *rgcGroupEntry; } CRYPT_URL_INFO, *PCRYPT_URL_INFO; [PInvokeData("wincrypt.h", MSDNShortId = "58289a66-6580-468c-b001-5da08cf6d4a9")] [StructLayout(LayoutKind.Sequential)] public struct CRYPT_URL_INFO { ///

The size, in bytes, of the structure.

public uint cbSize; ///

Number of seconds between synchronizations.

public uint dwSyncDeltaTime; ///

Number of elements in the rgcGroupEntry array of URL groups.

public uint cGroup; ///

Array of URL groups returned.

public IntPtr rgcGroupEntry; } } }