using System;
using System.Runtime.InteropServices;
using static Vanara.PInvoke.Crypt32;
using FILETIME = System.Runtime.InteropServices.ComTypes.FILETIME;
namespace Vanara.PInvoke
{
/// Methods and data types found in CryptNet.dll.
public static partial class CryptNet
{
/// A set of flags used to get the URL locator for an object.
[PInvokeData("wincrypt.h", MSDNShortId = "a92117b8-9144-4480-b88a-b9ffe1026d63")]
[Flags]
public enum CryptGetUrlFlags
{
/// Locates the URL from the property of the object (the location of the data).
CRYPT_GET_URL_FROM_PROPERTY = 0x00000001,
/// Locates the URL from the extension of the object.
CRYPT_GET_URL_FROM_EXTENSION = 0x00000002,
/// Locates the URL from an unauthenticated attribute from the signer information data.
CRYPT_GET_URL_FROM_UNAUTH_ATTRIBUTE = 0x00000004,
/// Locates the URL from an authenticated attribute from the signer information data.
CRYPT_GET_URL_FROM_AUTH_ATTRIBUTE = 0x00000008,
}
/// A set of flags used to get the URL locator for an object.
[PInvokeData("wincrypt.h", MSDNShortId = "a92117b8-9144-4480-b88a-b9ffe1026d63")]
[Flags]
public enum CryptGetUrlFromFlags
{
/// Locates the URL from the property of the object (the location of the data).
CRYPT_GET_URL_FROM_PROPERTY = 0x00000001,
/// Locates the URL from the extension of the object.
CRYPT_GET_URL_FROM_EXTENSION = 0x00000002,
/// Locates the URL from an unauthenticated attribute from the signer information data.
CRYPT_GET_URL_FROM_UNAUTH_ATTRIBUTE = 0x00000004,
/// Locates the URL from an authenticated attribute from the signer information data.
CRYPT_GET_URL_FROM_AUTH_ATTRIBUTE = 0x00000008,
}
/// A value that determines various retrieval factors such as time-out, source, and validity checks.
[PInvokeData("wincrypt.h", MSDNShortId = "dd639b43-1560-4e9f-a778-9e20484ae012")]
[Flags]
public enum TimeValidObjectFlags
{
/// Use the cumulative time-out registry setting of the client computer for revocation URL retrievals.
CRYPT_ACCUMULATIVE_TIMEOUT = 0x00000800,
/// Retrieve the encoded bits from the client URL cache only. Do not use the wire to retrieve the URL.
CRYPT_CACHE_ONLY_RETRIEVAL = 0x00000002,
///
/// Check if the ThisUpdate property or extension of the current context is greater than or equal to the ftValidFor parameter.
///
CRYPT_CHECK_FRESHNESS_TIME_VALIDITY = 0x00000400,
///
/// Do not perform time validity check. Use this to retrieve a more recent base CRL over the wire or to bypass time validity
/// check during a cache retrieval. When this flag is set, pftValidFor can be NULL.
///
CRYPT_DONT_CHECK_TIME_VALIDITY = 0x00000200,
///
/// Do not perform signature verification. Use this when verification of the retrieved object will be performed outside of this
/// function or to force a replacement of a retrieved cache entry with a new cache entry for the object.
///
CRYPT_DONT_VERIFY_SIGNATURE = 0x00000100,
/// This value is reserved for future use.
CRYPT_KEEP_TIME_VALID = 0x00000080,
///
/// Retrieves the time valid object from an OCSP responder service only based on Authority Information Access URLs in the
/// current context. The CertVerifyRevocation function sets this flag when it is called with the dwFlags parameter set to CERT_VERIFY_REV_SERVER_OCSP_FLAG.
///
CRYPT_OCSP_ONLY_RETRIEVAL = 0x01000000,
/// Retrieves the encoded bits from the wire only. Does not use the URL cache.
CRYPT_WIRE_ONLY_RETRIEVAL = 0x00000004,
}
///
///
/// The CryptGetObjectUrl function acquires the URL of the remote object from a certificate, certificate trust list (CTL), or
/// certificate revocation list (CRL).
///
///
/// The function takes the object, decodes it, and provides a pointer to an array of URLs from the object. For example, from a
/// certificate, a CRL distribution list of URLs would be in the array.
///
///
///
///
/// A pointer to an object identifier (OID) that identifies the URL being requested. If the HIWORD of the pszUrlOid parameter is
/// zero, the LOWORD specifies the integer identifier for the type of the specified structure.
///
///
/// This parameter can be one of the following values. For information about how these values affect the pvPara parameter, see the
/// heading "For the pvPara parameter" in the Meaning column.
///
///
///
/// Value
/// Meaning
///
/// -
/// URL_OID_CERTIFICATE_ISSUER
///
/// Provides the URL of the certificate issuer retrieved from the authority information access extension or property of a
/// certificate. For the pvPara parameter: A pointer to a CERT_CONTEXT structure that was issued by the issuer whose URL is being requested.
///
///
/// -
/// URL_OID_CERTIFICATE_CRL_DIST_POINT
///
/// Provides a list of URLs of the CRL distribution points retrieved from the CRL distribution point extension or property of a
/// certificate. For the pvPara parameter: A pointer to a CERT_CONTEXT structure whose CRL distribution point is requested.
///
///
/// -
/// URL_OID_CERTIFICATE_CRL_DIST_POINT_AND_OCSP
///
/// Provides a list of OCSP and CRL distribution point URLs from the authority information access (AIA) and CRL distribution point
/// extensions or properties of a certificate. The function returns any CRL distribution point URLs first. Before using any OCSP
/// URLs, you must remove the L"ocsp:" prefix. For the pvPara parameter: A pointer to a CERT_CONTEXT structure whose OCSP and CRL
/// distribution point URLs are requested.
///
///
/// -
/// URL_OID_CERTIFICATE_OCSP
///
/// Provides an OCSP URL from the authority information access (AIA) extension or property of a certificate. For the pvPara
/// parameter: A pointer to a CERT_CONTEXT structure whose OCSP URL is requested.
///
///
/// -
/// URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT
///
/// Provides a list of OCSP and CRL distribution point URLs from the authority information access (AIA) and CRL distribution point
/// extensions or properties of a certificate. The function returns any OCSP URLs first. Before using any OCSP URLs, you must remove
/// the L"ocsp:" prefix. For the pvPara parameter: A pointer to a CERT_CONTEXT structure whose OCSP and CRL distribution point URLs
/// are requested.
///
///
/// -
/// URL_OID_CERTIFICATE_ONLY_OCSP
///
/// Provides a list of OCSP URLs from the authority information access (AIA) extension or property of a certificate. Before using
/// any OCSP URLs, you must remove the L"ocsp:" prefix. For the pvPara parameter: A pointer to a CERT_CONTEXT structure whose OCSP
/// URLs are requested.
///
///
/// -
/// URL_OID_CTL_ISSUER
///
/// Provides the URL of the CTL issuer retrieved from an authority information access attribute method encoded in each signer
/// information in the PKCS #7 CTL. For the pvPara parameter: A pointer to a Signer Index CTL_CONTEXT structure that was issued by
/// the issuer whose URL, identified by the signer index, is requested.
///
///
/// -
/// URL_OID_CTL_NEXT_UPDATE
///
/// Provides the URL of the next update of that CTL retrieved from an authority information access CTL extension, property, or
/// signer information attribute method. For the pvPara parameter: A pointer to a Signer Index CTL_CONTEXT structure whose next
/// update URL is requested, and an optional signer index, in case it is needed to check the signer information attributes.
///
///
/// -
/// URL_OID_CRL_ISSUER
///
/// Provides the URL of the CRL issuer retrieved from a property on a CRL that was inherited from the subject certificate (either
/// from the subject certificate issuer or the subject certificate distribution point extension). It is encoded as an authority
/// information access extension method. For the pvPara parameter: A pointer to a CRL_CONTEXT structure that was issued by the
/// issuer whose URL is requested.
///
///
/// -
/// URL_OID_CERTIFICATE_FRESHEST_CRL
///
/// Retrieves the most recent CRL extension or property of the certificate. For the pvPara parameter: The PCCERT_CONTEXT of a
/// certificate whose most recent CRL distribution point is being requested.
///
///
/// -
/// URL_OID_CRL_FRESHEST_CRL
///
/// Retrieves the most recent CRL extension or property of the CRL. For the pvPara parameter: A pointer to a CERT_CRL_CONTEXT_PAIR
/// structure that contains the base CRL of a certificate whose most recent CRL distribution point is being requested.
///
///
/// -
/// URL_OID_CROSS_CERT_DIST_POINT
///
/// Retrieves the cross certificate distribution point extension or property of the certificate. For the pvPara parameter: The
/// PCCERT_CONTEXT of a certificate whose cross certificate distribution point is being requested.
///
///
/// -
/// URL_OID_CROSS_CERT_SUBJECT_INFO_ACCESS
///
/// Retrieves the cross certificate Subject Information Access extension or property of the certificate. For the pvPara parameter:
/// The PCCERT_CONTEXT of a certificate whose cross certificate Subject Information Access is being requested.
///
///
///
///
/// A structure determined by the value of pszUrlOid. For details, see the description for the pszUrlOid parameter.
///
///
/// A set of flags used to get the URL locator for an object. This can be zero or a combination of one or more of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_GET_URL_FROM_PROPERTY
/// Locates the URL from the property of the object (the location of the data).
///
/// -
/// CRYPT_GET_URL_FROM_EXTENSION
/// Locates the URL from the extension of the object.
///
/// -
/// CRYPT_GET_URL_FROM_UNAUTH_ATTRIBUTE
/// Locates the URL from an unauthenticated attribute from the signer information data.
///
/// -
/// CRYPT_GET_URL_FROM_AUTH_ATTRIBUTE
/// Locates the URL from an authenticated attribute from the signer information data.
///
///
///
///
///
/// A pointer to a buffer to receive the data for the value entry. This parameter can be NULL to find the length of the
/// buffer required to hold the data.
///
/// For more information, see Retrieving Data of Unknown Length.
///
///
/// A pointer to a DWORD that specifies the size, in bytes, of the buffer pointed to by the pUrlArray parameter. When the
/// function returns, the DWORD contains the number of bytes stored in the buffer. This parameter can be NULL only if
/// pUrlArray is NULL.
///
/// An optional pointer to a CRYPT_URL_INFO structure that receives the data for the value entry.
///
///
/// A pointer to a DWORD that specifies the size, in bytes, of the buffer pointed to by the pUrlArray parameter. When the
/// function returns, the DWORD contains the number of bytes stored in the buffer.
///
///
/// Note When processing the data returned in the buffer, applications must use the actual size of the data returned. The
/// actual size can be slightly smaller than the size of the buffer specified on input. On input, buffer sizes are usually specified
/// large enough to ensure that the largest possible output data will fit in the buffer. On output, the variable pointed to by this
/// parameter is updated to reflect the actual size of the data copied to the buffer.
///
///
/// Reserved for future use and must be NULL.
///
/// If the function succeeds, the function returns nonzero ( TRUE).
/// If the function fails, it returns zero ( FALSE). For extended error information, call GetLastError.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptgetobjecturl BOOL CryptGetObjectUrl( LPCSTR
// pszUrlOid, LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo, DWORD
// *pcbUrlInfo, LPVOID pvReserved );
[DllImport(Lib.Cryptnet, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "a92117b8-9144-4480-b88a-b9ffe1026d63")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptGetObjectUrl([In] SafeOID pszUrlOid, [In] IntPtr pvPara, CryptGetUrlFromFlags dwFlags,
IntPtr pUrlArray, ref uint pcbUrlArray, IntPtr pUrlInfo, ref uint pcbUrlInfo, IntPtr pvReserved = default);
///
///
/// The CryptGetObjectUrl function acquires the URL of the remote object from a certificate, certificate trust list (CTL), or
/// certificate revocation list (CRL).
///
///
/// The function takes the object, decodes it, and provides a pointer to an array of URLs from the object. For example, from a
/// certificate, a CRL distribution list of URLs would be in the array.
///
///
///
///
/// A pointer to an object identifier (OID) that identifies the URL being requested. If the HIWORD of the pszUrlOid parameter is
/// zero, the LOWORD specifies the integer identifier for the type of the specified structure.
///
///
/// This parameter can be one of the following values. For information about how these values affect the pvPara parameter, see the
/// heading "For the pvPara parameter" in the Meaning column.
///
///
///
/// Value
/// Meaning
///
/// -
/// URL_OID_CERTIFICATE_ISSUER
///
/// Provides the URL of the certificate issuer retrieved from the authority information access extension or property of a
/// certificate. For the pvPara parameter: A pointer to a CERT_CONTEXT structure that was issued by the issuer whose URL is being requested.
///
///
/// -
/// URL_OID_CERTIFICATE_CRL_DIST_POINT
///
/// Provides a list of URLs of the CRL distribution points retrieved from the CRL distribution point extension or property of a
/// certificate. For the pvPara parameter: A pointer to a CERT_CONTEXT structure whose CRL distribution point is requested.
///
///
/// -
/// URL_OID_CERTIFICATE_CRL_DIST_POINT_AND_OCSP
///
/// Provides a list of OCSP and CRL distribution point URLs from the authority information access (AIA) and CRL distribution point
/// extensions or properties of a certificate. The function returns any CRL distribution point URLs first. Before using any OCSP
/// URLs, you must remove the L"ocsp:" prefix. For the pvPara parameter: A pointer to a CERT_CONTEXT structure whose OCSP and CRL
/// distribution point URLs are requested.
///
///
/// -
/// URL_OID_CERTIFICATE_OCSP
///
/// Provides an OCSP URL from the authority information access (AIA) extension or property of a certificate. For the pvPara
/// parameter: A pointer to a CERT_CONTEXT structure whose OCSP URL is requested.
///
///
/// -
/// URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT
///
/// Provides a list of OCSP and CRL distribution point URLs from the authority information access (AIA) and CRL distribution point
/// extensions or properties of a certificate. The function returns any OCSP URLs first. Before using any OCSP URLs, you must remove
/// the L"ocsp:" prefix. For the pvPara parameter: A pointer to a CERT_CONTEXT structure whose OCSP and CRL distribution point URLs
/// are requested.
///
///
/// -
/// URL_OID_CERTIFICATE_ONLY_OCSP
///
/// Provides a list of OCSP URLs from the authority information access (AIA) extension or property of a certificate. Before using
/// any OCSP URLs, you must remove the L"ocsp:" prefix. For the pvPara parameter: A pointer to a CERT_CONTEXT structure whose OCSP
/// URLs are requested.
///
///
/// -
/// URL_OID_CTL_ISSUER
///
/// Provides the URL of the CTL issuer retrieved from an authority information access attribute method encoded in each signer
/// information in the PKCS #7 CTL. For the pvPara parameter: A pointer to a Signer Index CTL_CONTEXT structure that was issued by
/// the issuer whose URL, identified by the signer index, is requested.
///
///
/// -
/// URL_OID_CTL_NEXT_UPDATE
///
/// Provides the URL of the next update of that CTL retrieved from an authority information access CTL extension, property, or
/// signer information attribute method. For the pvPara parameter: A pointer to a Signer Index CTL_CONTEXT structure whose next
/// update URL is requested, and an optional signer index, in case it is needed to check the signer information attributes.
///
///
/// -
/// URL_OID_CRL_ISSUER
///
/// Provides the URL of the CRL issuer retrieved from a property on a CRL that was inherited from the subject certificate (either
/// from the subject certificate issuer or the subject certificate distribution point extension). It is encoded as an authority
/// information access extension method. For the pvPara parameter: A pointer to a CRL_CONTEXT structure that was issued by the
/// issuer whose URL is requested.
///
///
/// -
/// URL_OID_CERTIFICATE_FRESHEST_CRL
///
/// Retrieves the most recent CRL extension or property of the certificate. For the pvPara parameter: The PCCERT_CONTEXT of a
/// certificate whose most recent CRL distribution point is being requested.
///
///
/// -
/// URL_OID_CRL_FRESHEST_CRL
///
/// Retrieves the most recent CRL extension or property of the CRL. For the pvPara parameter: A pointer to a CERT_CRL_CONTEXT_PAIR
/// structure that contains the base CRL of a certificate whose most recent CRL distribution point is being requested.
///
///
/// -
/// URL_OID_CROSS_CERT_DIST_POINT
///
/// Retrieves the cross certificate distribution point extension or property of the certificate. For the pvPara parameter: The
/// PCCERT_CONTEXT of a certificate whose cross certificate distribution point is being requested.
///
///
/// -
/// URL_OID_CROSS_CERT_SUBJECT_INFO_ACCESS
///
/// Retrieves the cross certificate Subject Information Access extension or property of the certificate. For the pvPara parameter:
/// The PCCERT_CONTEXT of a certificate whose cross certificate Subject Information Access is being requested.
///
///
///
///
/// A structure determined by the value of pszUrlOid. For details, see the description for the pszUrlOid parameter.
///
///
/// A set of flags used to get the URL locator for an object. This can be zero or a combination of one or more of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_GET_URL_FROM_PROPERTY
/// Locates the URL from the property of the object (the location of the data).
///
/// -
/// CRYPT_GET_URL_FROM_EXTENSION
/// Locates the URL from the extension of the object.
///
/// -
/// CRYPT_GET_URL_FROM_UNAUTH_ATTRIBUTE
/// Locates the URL from an unauthenticated attribute from the signer information data.
///
/// -
/// CRYPT_GET_URL_FROM_AUTH_ATTRIBUTE
/// Locates the URL from an authenticated attribute from the signer information data.
///
///
///
///
///
/// A pointer to a buffer to receive the data for the value entry. This parameter can be NULL to find the length of the
/// buffer required to hold the data.
///
/// For more information, see Retrieving Data of Unknown Length.
///
///
/// A pointer to a DWORD that specifies the size, in bytes, of the buffer pointed to by the pUrlArray parameter. When the
/// function returns, the DWORD contains the number of bytes stored in the buffer. This parameter can be NULL only if
/// pUrlArray is NULL.
///
/// An optional pointer to a CRYPT_URL_INFO structure that receives the data for the value entry.
///
///
/// A pointer to a DWORD that specifies the size, in bytes, of the buffer pointed to by the pUrlArray parameter. When the
/// function returns, the DWORD contains the number of bytes stored in the buffer.
///
///
/// Note When processing the data returned in the buffer, applications must use the actual size of the data returned. The
/// actual size can be slightly smaller than the size of the buffer specified on input. On input, buffer sizes are usually specified
/// large enough to ensure that the largest possible output data will fit in the buffer. On output, the variable pointed to by this
/// parameter is updated to reflect the actual size of the data copied to the buffer.
///
///
/// Reserved for future use and must be NULL.
///
/// If the function succeeds, the function returns nonzero ( TRUE).
/// If the function fails, it returns zero ( FALSE). For extended error information, call GetLastError.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptgetobjecturl BOOL CryptGetObjectUrl( LPCSTR
// pszUrlOid, LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo, DWORD
// *pcbUrlInfo, LPVOID pvReserved );
[DllImport(Lib.Cryptnet, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "a92117b8-9144-4480-b88a-b9ffe1026d63")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptGetObjectUrl(SafeOID pszUrlOid, [In] IntPtr pvPara, CryptGetUrlFlags dwFlags, [Optional] IntPtr pUrlArray,
ref uint pcbUrlArray, [Out, Optional] IntPtr pUrlInfo, ref uint pcbUrlInfo, IntPtr pvReserved = default);
///
/// The CryptGetTimeValidObject function retrieves a CRL, an OCSP response, or CTL object that is valid within a given
/// context and time.
///
///
///
/// A pointer to an object identifier (OID) that identifies the object being requested. If the HIWORD of the pszTimeValidOid
/// parameter is zero, the LOWORD specifies the integer identifier for the type of the specified structure.
///
///
/// This parameter can be one of the following values. For information about how these values affect the pvPara parameter, see the
/// heading "For the pvPara parameter" in the Meaning column.
///
///
///
/// Value
/// Meaning
///
/// -
/// TIME_VALID_OID_GET_CTL ((LPCSTR)1)
///
/// Provides a certificate trust list (CTL) based on a URL obtained from the NextUpdateLocation property or extension of the current
/// CTL context. For the pvPara parameter: A pointer to a PCCTL_CONTEXT that represents the current certificate trust list.
///
///
/// -
/// TIME_VALID_OID_GET_CRL
/// This value is reserved for future use.
///
/// -
/// TIME_VALID_OID_GET_CRL_FROM_CERT ((LPCSTR)3)
///
/// Provides a CRL based on information obtained from the CRL distribution points extension of the current certificate context. For
/// the pvPara parameter: A pointer to a PCCERT_CONTEXT that represents the subject certificate.
///
///
/// -
/// TIME_VALID_OID_GET_FRESHEST_CRL_FROM_CERT ((LPCSTR)4)
///
/// Provides a delta CRL based on information obtained from the freshest CRL extension of the current certificate context. For the
/// pvPara parameter: A pointer to a PCCERT_CONTEXT that represents the subject certificate.
///
///
/// -
/// TIME_VALID_OID_GET_FRESHEST_CRL_FROM_CRL ((LPCSTR)5)
///
/// Provides a delta CRL based on information obtained from the freshest CRL extension of the current CRL context. For the pvPara
/// parameter: A pointer to a PCCERT_CRL_CONTEXT_PAIR that represents the subject certificate and its base CRL.
///
///
///
///
///
/// A structure determined by the value of pszTimeValidOid. For details, see the description for the pszTimeValidOid parameter.
///
/// A pointer to a CERT_CONTEXT containing the issuer's certificate.
///
/// A pointer to an optional FILETIME structure version of the current system time or a freshness time from the current context.
///
///
/// A value that determines various retrieval factors such as time-out, source, and validity checks.
/// The following table lists possible values for the dwFlags parameter.
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_ACCUMULATIVE_TIMEOUT 0x00000800
/// Use the cumulative time-out registry setting of the client computer for revocation URL retrievals.
///
/// -
/// CRYPT_CACHE_ONLY_RETRIEVAL 0x00000002
/// Retrieve the encoded bits from the client URL cache only. Do not use the wire to retrieve the URL.
///
/// -
/// CRYPT_CHECK_FRESHNESS_TIME_VALIDITY 0x00000400
/// Check if the ThisUpdate property or extension of the current context is greater than or equal to the ftValidFor parameter.
///
/// -
/// CRYPT_DONT_CHECK_TIME_VALIDITY 0x00000200
///
/// Do not perform time validity check. Use this to retrieve a more recent base CRL over the wire or to bypass time validity check
/// during a cache retrieval. When this flag is set, pftValidFor can be NULL.
///
///
/// -
/// CRYPT_DONT_VERIFY_SIGNATURE 0x00000100
///
/// Do not perform signature verification. Use this when verification of the retrieved object will be performed outside of this
/// function or to force a replacement of a retrieved cache entry with a new cache entry for the object.
///
///
/// -
/// CRYPT_KEEP_TIME_VALID 0x00000080
/// This value is reserved for future use.
///
/// -
/// CRYPT_OCSP_ONLY_RETRIEVAL 0x01000000
///
/// Retrieves the time valid object from an OCSP responder service only based on Authority Information Access URLs in the current
/// context. The CertVerifyRevocation function sets this flag when it is called with the dwFlags parameter set to CERT_VERIFY_REV_SERVER_OCSP_FLAG.
///
///
/// -
/// CRYPT_WIRE_ONLY_RETRIEVAL 0x00000004
/// Retrieves the encoded bits from the wire only. Does not use the URL cache.
///
///
///
///
/// A value, in milliseconds, that specifies when to terminate an URL retrieval attempt that has not returned a result.
///
///
/// A pointer to an address for the returned object. The return type can be one of the supported types shown in the pszObjectOid
/// parameter of the CryptRetrieveObjectByUrl function.
///
///
/// A pointer to an optional CRYPT_CREDENTIALS structure used to access the URL. The only type of credentials currently supported
/// are user name and password credentials.
///
///
/// A pointer to an optional CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO structure that contains extra information about the cache entry
/// for an object.
///
///
/// If the function succeeds, the function returns TRUE.
/// If the function fails, it returns FALSE. For extended error information, call GetLastError.
/// Some possible error codes follow.
///
///
/// Return code
/// Description
///
/// -
/// CRYPT_E_NOT_FOUND
/// The caller specified TIME_VALID_OID_GET_CRL for the pszTimeValidOid parameter. This OID is not supported.
///
/// -
/// CRYPT_E_NOT_IN_REVOCATION_DATABASE
/// The caller set the CRYPT_OCSP_ONLY_RETRIEVAL flag and the context includes a non-OCSP URL.
///
/// -
/// E_INVALIDARG
///
/// The function failed to retrieve a CRL from a certificate context or retrieve a CTL, and it failed to copy any URLs from a cache entry.
///
///
/// -
/// E_OUTOFMEMORY
/// The function could not allocate memory for an internal array operation.
///
/// -
/// ERROR_NOT_CONNECTED
/// The caller did not set the CRYPT_CACHE_ONLY_RETRIEVAL flag and is not connected to the Internet.
///
///
///
///
///
/// The Cryptnet dynamic link library implements a time valid object (TVO) cache that is used to support the
/// CryptGetTimeValidObject function. The cache is used by a process-global TVO agent where each cache entry consists of the
/// following information.
///
///
/// -
/// Origin Identifier
///
/// -
/// Context OID
///
/// -
/// Context
///
/// -
/// Retrieval URL
///
/// -
/// Expire Time
///
/// -
/// Offline URL Time Information
///
///
/// The TVO agent supports retrieval of TVO objects on-demand or by auto-update.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptgettimevalidobject BOOL CryptGetTimeValidObject(
// LPCSTR pszTimeValidOid, LPVOID pvPara, PCCERT_CONTEXT pIssuer, LPFILETIME pftValidFor, DWORD dwFlags, DWORD dwTimeout, LPVOID
// *ppvObject, PCRYPT_CREDENTIALS pCredentials, PCRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO pExtraInfo );
[DllImport(Lib.Cryptnet, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "dd639b43-1560-4e9f-a778-9e20484ae012")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptGetTimeValidObject(SafeOID pszTimeValidOid, [In] IntPtr pvPara, [In] PCCERT_CONTEXT pIssuer,
in FILETIME pftValidFor, TimeValidObjectFlags dwFlags, uint dwTimeout, out IntPtr ppvObject, in CRYPT_CREDENTIALS pCredentials, ref CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO pExtraInfo);
///
/// The CryptGetTimeValidObject function retrieves a CRL, an OCSP response, or CTL object that is valid within a given
/// context and time.
///
///
///
/// A pointer to an object identifier (OID) that identifies the object being requested. If the HIWORD of the pszTimeValidOid
/// parameter is zero, the LOWORD specifies the integer identifier for the type of the specified structure.
///
///
/// This parameter can be one of the following values. For information about how these values affect the pvPara parameter, see the
/// heading "For the pvPara parameter" in the Meaning column.
///
///
///
/// Value
/// Meaning
///
/// -
/// TIME_VALID_OID_GET_CTL ((LPCSTR)1)
///
/// Provides a certificate trust list (CTL) based on a URL obtained from the NextUpdateLocation property or extension of the current
/// CTL context. For the pvPara parameter: A pointer to a PCCTL_CONTEXT that represents the current certificate trust list.
///
///
/// -
/// TIME_VALID_OID_GET_CRL
/// This value is reserved for future use.
///
/// -
/// TIME_VALID_OID_GET_CRL_FROM_CERT ((LPCSTR)3)
///
/// Provides a CRL based on information obtained from the CRL distribution points extension of the current certificate context. For
/// the pvPara parameter: A pointer to a PCCERT_CONTEXT that represents the subject certificate.
///
///
/// -
/// TIME_VALID_OID_GET_FRESHEST_CRL_FROM_CERT ((LPCSTR)4)
///
/// Provides a delta CRL based on information obtained from the freshest CRL extension of the current certificate context. For the
/// pvPara parameter: A pointer to a PCCERT_CONTEXT that represents the subject certificate.
///
///
/// -
/// TIME_VALID_OID_GET_FRESHEST_CRL_FROM_CRL ((LPCSTR)5)
///
/// Provides a delta CRL based on information obtained from the freshest CRL extension of the current CRL context. For the pvPara
/// parameter: A pointer to a PCCERT_CRL_CONTEXT_PAIR that represents the subject certificate and its base CRL.
///
///
///
///
///
/// A structure determined by the value of pszTimeValidOid. For details, see the description for the pszTimeValidOid parameter.
///
/// A pointer to a CERT_CONTEXT containing the issuer's certificate.
///
/// A pointer to an optional FILETIME structure version of the current system time or a freshness time from the current context.
///
///
/// A value that determines various retrieval factors such as time-out, source, and validity checks.
/// The following table lists possible values for the dwFlags parameter.
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_ACCUMULATIVE_TIMEOUT 0x00000800
/// Use the cumulative time-out registry setting of the client computer for revocation URL retrievals.
///
/// -
/// CRYPT_CACHE_ONLY_RETRIEVAL 0x00000002
/// Retrieve the encoded bits from the client URL cache only. Do not use the wire to retrieve the URL.
///
/// -
/// CRYPT_CHECK_FRESHNESS_TIME_VALIDITY 0x00000400
/// Check if the ThisUpdate property or extension of the current context is greater than or equal to the ftValidFor parameter.
///
/// -
/// CRYPT_DONT_CHECK_TIME_VALIDITY 0x00000200
///
/// Do not perform time validity check. Use this to retrieve a more recent base CRL over the wire or to bypass time validity check
/// during a cache retrieval. When this flag is set, pftValidFor can be NULL.
///
///
/// -
/// CRYPT_DONT_VERIFY_SIGNATURE 0x00000100
///
/// Do not perform signature verification. Use this when verification of the retrieved object will be performed outside of this
/// function or to force a replacement of a retrieved cache entry with a new cache entry for the object.
///
///
/// -
/// CRYPT_KEEP_TIME_VALID 0x00000080
/// This value is reserved for future use.
///
/// -
/// CRYPT_OCSP_ONLY_RETRIEVAL 0x01000000
///
/// Retrieves the time valid object from an OCSP responder service only based on Authority Information Access URLs in the current
/// context. The CertVerifyRevocation function sets this flag when it is called with the dwFlags parameter set to CERT_VERIFY_REV_SERVER_OCSP_FLAG.
///
///
/// -
/// CRYPT_WIRE_ONLY_RETRIEVAL 0x00000004
/// Retrieves the encoded bits from the wire only. Does not use the URL cache.
///
///
///
///
/// A value, in milliseconds, that specifies when to terminate an URL retrieval attempt that has not returned a result.
///
///
/// A pointer to an address for the returned object. The return type can be one of the supported types shown in the pszObjectOid
/// parameter of the CryptRetrieveObjectByUrl function.
///
///
/// A pointer to an optional CRYPT_CREDENTIALS structure used to access the URL. The only type of credentials currently supported
/// are user name and password credentials.
///
///
/// A pointer to an optional CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO structure that contains extra information about the cache entry
/// for an object.
///
///
/// If the function succeeds, the function returns TRUE.
/// If the function fails, it returns FALSE. For extended error information, call GetLastError.
/// Some possible error codes follow.
///
///
/// Return code
/// Description
///
/// -
/// CRYPT_E_NOT_FOUND
/// The caller specified TIME_VALID_OID_GET_CRL for the pszTimeValidOid parameter. This OID is not supported.
///
/// -
/// CRYPT_E_NOT_IN_REVOCATION_DATABASE
/// The caller set the CRYPT_OCSP_ONLY_RETRIEVAL flag and the context includes a non-OCSP URL.
///
/// -
/// E_INVALIDARG
///
/// The function failed to retrieve a CRL from a certificate context or retrieve a CTL, and it failed to copy any URLs from a cache entry.
///
///
/// -
/// E_OUTOFMEMORY
/// The function could not allocate memory for an internal array operation.
///
/// -
/// ERROR_NOT_CONNECTED
/// The caller did not set the CRYPT_CACHE_ONLY_RETRIEVAL flag and is not connected to the Internet.
///
///
///
///
///
/// The Cryptnet dynamic link library implements a time valid object (TVO) cache that is used to support the
/// CryptGetTimeValidObject function. The cache is used by a process-global TVO agent where each cache entry consists of the
/// following information.
///
///
/// -
/// Origin Identifier
///
/// -
/// Context OID
///
/// -
/// Context
///
/// -
/// Retrieval URL
///
/// -
/// Expire Time
///
/// -
/// Offline URL Time Information
///
///
/// The TVO agent supports retrieval of TVO objects on-demand or by auto-update.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptgettimevalidobject BOOL CryptGetTimeValidObject(
// LPCSTR pszTimeValidOid, LPVOID pvPara, PCCERT_CONTEXT pIssuer, LPFILETIME pftValidFor, DWORD dwFlags, DWORD dwTimeout, LPVOID
// *ppvObject, PCRYPT_CREDENTIALS pCredentials, PCRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO pExtraInfo );
[DllImport(Lib.Cryptnet, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "dd639b43-1560-4e9f-a778-9e20484ae012")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptGetTimeValidObject(SafeOID pszTimeValidOid, [In] IntPtr pvPara, [In] PCCERT_CONTEXT pIssuer, [Optional] IntPtr pftValidFor,
TimeValidObjectFlags dwFlags, uint dwTimeout, out IntPtr ppvObject, [Optional] IntPtr pCredentials, [Optional] IntPtr pExtraInfo);
///
///
/// The CryptRetrieveObjectByUrl function retrieves the public key infrastructure (PKI) object from a location specified by a URL.
///
/// These remote objects are in encoded format and are retrieved in a "context" form.
///
///
/// The address of a PKI object to be retrieved. The following schemes are supported:
///
/// -
/// ldap (Lightweight Directory Access Protocol)
///
/// -
/// http
///
/// -
/// https (certificate revocation list (CRL) or online certificate status protocol (OCSP) retrievals only)
///
/// -
/// file
///
///
///
///
///
/// The address of a null-terminated ANSI string that identifies the type of object to retrieve. This can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// NULL BLOB
///
/// Retrieve one or more data BLOBs. The encoded bits are returned in an array of BLOBs. ppvObject is the address of a
/// CRYPT_BLOB_ARRAY structure pointer that receives the BLOB array. When this structure is no longer needed, you must free it by
/// passing the address of this structure to the CryptMemFree function.
///
///
/// -
/// CONTEXT_OID_CERTIFICATE certificate
///
/// Retrieve one or more certificates. If a single object is being retrieved, ppvObject is the address of a CERT_CONTEXT structure
/// pointer that receives the context. When this context is no longer needed, you must free it by passing the CERT_CONTEXT structure
/// pointer to the CertFreeCertificateContext function. If multiple objects are being retrieved, ppvObject is the address of an
/// HCERTSTORE variable that receives the handle of a store that contains the certificates. When this store is no longer needed, you
/// must close it by passing this handle to the CertCloseStore function.
///
///
/// -
/// CONTEXT_OID_CRL CRL
///
/// Retrieve one or more certificate revocation lists (CRLs). If a single object is being retrieved, ppvObject is the address of a
/// CRL_CONTEXT structure pointer that receives the context. When this context is no longer needed, you must free it by passing the
/// CRL_CONTEXT structure pointer to the CertFreeCRLContext function. If multiple objects are being retrieved, ppvObject is the
/// address of an HCERTSTORE variable that receives the handle of a store that contains the CRLs. When this store is no longer
/// needed, you must close it by passing this handle to the CertCloseStore function.
///
///
/// -
/// CONTEXT_OID_CTL CTL
///
/// Retrieve one or more certificate trust lists (CTLs). If a single object is being retrieved, ppvObject is the address of a
/// CTL_CONTEXT structure pointer that receives the context. When this context is no longer needed, you must free it by passing the
/// CTL_CONTEXT structure pointer to the CertFreeCTLContext function. If multiple objects are being retrieved, ppvObject is the
/// address of an HCERTSTORE variable that receives the handle of a store that contains the CTLs. When this store is no longer
/// needed, you must close it by passing this handle to the CertCloseStore function.
///
///
/// -
/// CONTEXT_OID_PKCS7 PKCS7
///
/// ppvObject is the address of an HCERTSTORE variable that receives the handle of a store that contains the objects from the
/// message. When this store is no longer needed, you must close it by passing this handle to the CertCloseStore function.
///
///
/// -
/// CONTEXT_OID_CAPI2_ANY Function will determine appropriate item
///
/// ppvObject is the address of an HCERTSTORE variable that receives the handle of a store that contains the objects. When this
/// store is no longer needed, you must close it by passing this handle to the CertCloseStore function.
///
///
/// -
/// CONTEXT_OID_OCSP_RESP OCSP Response
/// ppvObject is the address of a pointer to a CRYPT_BLOB_ARRAY structure.
///
///
///
///
///
/// Determines whether to use the cached URL or a URL retrieved from the wire URL. The form in which objects are returned is
/// determined by the value of pszObjectOid.
///
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_AIA_RETRIEVAL
///
/// Validates the content retrieved by a wire URL before writing the URL to the cache. The default provider does not support the
/// HTTPS protocol for AIA retrievals.
///
///
/// -
/// CRYPT_ASYNC_RETRIEVAL
/// This value is not supported.
///
/// -
/// CRYPT_CACHE_ONLY_RETRIEVAL
/// Retrieves the encoded bits from the URL cache only. Do not use the wire to retrieve the URL.
///
/// -
/// CRYPT_DONT_CACHE_RESULT
/// Does not store the retrieved encoded bits to the URL cache. If this flag is not set, the retrieved URL is cached.
///
/// -
/// CRYPT_HTTP_POST_RETRIEVAL
///
/// Uses the POST method instead of the default GET method for HTTP retrievals. In a POST URL, additional binary data and header
/// strings are appended to the base URL in the following format:
/// BaseURL/OptionalURLEscaped&Base64EncodedAdditionalData?OptionalAdditionalHTTPHeaders The following example shows the
/// additional binary data delimited by the last slash mark (/) and a Content-Type header delimited by a question mark (?) appended
/// to a base URL. When this flag is set, the CryptRetrieveObjectByUrl function parses the URL by using the last slash mark (/) and
/// question mark (?) delimiters. The string, which is delimited by a slash mark (/), contains an unescaped URL (that is, a plain
/// text URL without escape characters or escape sequences) and Base64 data decoded into binary form before being passed to the
/// WinHttpSendRequest function as the lpOptional parameter. The string delimited by a question mark (?) is passed to the
/// WinHttpSendRequest function as the pwszHeaders parameter.
///
///
/// -
/// CRYPT_LDAP_AREC_EXCLUSIVE_RETRIEVAL
///
/// Performs A-Record-only DNS lookup on the supplied host string, preventing the generation of false DNS queries when resolving
/// host names. This flag should be used when passing a host name as opposed to a domain name.
///
///
/// -
/// CRYPT_LDAP_INSERT_ENTRY_ATTRIBUTE
///
/// Retrieves the entry index and attribute name for each LDAP object. The beginning of each returned BLOB contains the following
/// ANSI string: "entry index in decimal\0attribute name\0" When this flag is set, pszObjectOid must be NULL so that a BLOB is
/// returned. This flag only applies to the ldap scheme.
///
///
/// -
/// CRYPT_LDAP_SCOPE_BASE_ONLY_RETRIEVAL
/// Fails if the LDAP search scope is not set to base in the URL. Use with LDAP only.
///
/// -
/// CRYPT_LDAP_SIGN_RETRIEVAL
///
/// Digitally signs all of the LDAP traffic to and from a server by using the Kerberos authentication protocol. This feature
/// provides integrity required by some applications.
///
///
/// -
/// CRYPT_NO_AUTH_RETRIEVAL
/// Inhibits automatic authentication handling.
///
/// -
/// CRYPT_NOT_MODIFIED_RETRIEVAL
///
/// Enables a conditional HTTP URL retrieval. When this flag is set, for a conditional retrieval that returns
/// HTTP_STATUS_NOT_MODIFIED, CryptRetrieveObjectByUrl returns TRUE and ppvObject is set to NULL. If pAuxInfo is not NULL,
/// dwHttpStatusCode is set to HTTP_STATUS_NOT_MODIFIED. Otherwise, ppvObject is updated for a successful retrieval.
///
///
/// -
/// CRYPT_OFFLINE_CHECK_RETRIEVAL
///
/// Keeps track of offline failures and delays before hitting the wire on subsequent retrievals. This value is for wire retrieval only.
///
///
/// -
/// CRYPT_PROXY_CACHE_RETRIEVAL
///
/// Enables proxy cache retrieval of an object. If a proxy cache was not explicitly bypassed, fProxyCacheRetrieval is set to TRUE in
/// pAuxInfo. This value only applies to HTTP URL retrievals.
///
///
/// -
/// CRYPT_RETRIEVE_MULTIPLE_OBJECTS
///
/// Retrieves multiple objects if available. All objects must be of a homogeneous object type as determined by the value of
/// pszObjectOid, unless the object identifier (OID) value is CONTEXT_OID_CAPI2_ANY.
///
///
/// -
/// CRYPT_STICKY_CACHE_RETRIEVAL
/// Tags the URL as exempt from being flushed from the cache. For more information, see STICKY_CACHE_ENTRY in INTERNET_CACHE_ENTRY_INFO.
///
/// -
/// CRYPT_VERIFY_CONTEXT_SIGNATURE
///
/// Acquires signature verification on the context created. In this case pszObjectOid must be non-NULL and pvVerify points to the
/// signer certificate context.
///
///
/// -
/// CRYPT_VERIFY_DATA_HASH
/// This flag is not implemented. Do not use it.
///
/// -
/// CRYPT_WIRE_ONLY_RETRIEVAL
/// Retrieves the encoded bits from the wire only. Does not use the URL cache.
///
///
///
///
/// Specifies the maximum number of milliseconds to wait for retrieval. If a value of zero is specified, this function does not time
/// out. This parameter is not used if the URL scheme is file:///.
///
///
/// The address of a pointer to the returned object. The return type can be one of the supported types shown in pszObjectOid.
///
/// This parameter is reserved and must be set to NULL.
/// This parameter is not used.
///
/// A pointer to a verification object. This object is a function of the dwRetrievalFlags parameter. It can be NULL to
/// indicate that the caller is not interested in getting the certificate context or index of the signer if dwRetrievalFlags is CRYPT_VERIFY_CONTEXT_SIGNATURE.
///
///
/// An optional pointer to a CRYPT_RETRIEVE_AUX_INFO structure. If not NULL and if the cbSize member of the structure
/// is set, this parameter returns the time of the last successful wire retrieval.
///
///
/// If the function succeeds, the return value is nonzero ( TRUE).
/// If the function fails, the return value is zero ( FALSE).
///
///
///
/// The remote object retrieval manager exposes two provider models. One is the Scheme Provider model that allows for installable
/// protocol providers as defined by the URL scheme, that is, ldap, http, ftp, or file. The scheme provider entry point is the same
/// as the CryptRetrieveObjectByUrl function; however, the *ppvObject returned is always a counted array of encoded bits (one
/// per object retrieved).
///
///
/// The second provider model is the Context Provider model that allows for installable creators of the context handles (objects)
/// based on the retrieved encoded bits. These are dispatched based on the object identifier (OID) specified in the call to CryptRetrieveObjectByUrl.
///
///
/// Individual PKI objects such as certificates, trusts lists, revocation lists, PKCS #7 messages, and multiple homogenous objects
/// can be retrieved. Starting with Windows Vista with Service Pack 1 (SP1) and Windows Server 2008, security of "http:" and "ldap:"
/// retrievals have been hardened. For more information, see http://support.microsoft.com/kb/946401.
///
/// This function supports "http:" and "ldap:" URL schemes as well as newly defined schemes.
///
/// Windows XP:"ftp:" is not supported for network retrieval. For a summary of changes to the CryptoAPI certificate chain
/// validation logic in Q835732 on Windows XP, see http://support.microsoft.com/kb/887195.
///
/// Note By default, "file:" is not supported for network retrieval.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptretrieveobjectbyurla BOOL CryptRetrieveObjectByUrlA(
// LPCSTR pszUrl, LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject, HCRYPTASYNC hAsyncRetrieve,
// PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo );
[DllImport(Lib.Cryptnet, SetLastError = false, CharSet = CharSet.Auto)]
[PInvokeData("wincrypt.h", MSDNShortId = "2e205f97-be9b-4358-ba22-d475b6a250b7")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptRetrieveObjectByUrl([MarshalAs(UnmanagedType.LPTStr)] string pszUrl, [MarshalAs(UnmanagedType.LPTStr)] string pszObjectOid, CryptRetrievalFlags dwRetrievalFlags,
uint dwTimeout, ref IntPtr ppvObject, [Optional] IntPtr hAsyncRetrieve, [Optional] IntPtr pCredentials, [Optional] IntPtr pvVerify, ref CRYPT_RETRIEVE_AUX_INFO pAuxInfo);
///
///
/// The CryptRetrieveObjectByUrl function retrieves the public key infrastructure (PKI) object from a location specified by a URL.
///
/// These remote objects are in encoded format and are retrieved in a "context" form.
///
///
/// The address of a PKI object to be retrieved. The following schemes are supported:
///
/// -
/// ldap (Lightweight Directory Access Protocol)
///
/// -
/// http
///
/// -
/// https (certificate revocation list (CRL) or online certificate status protocol (OCSP) retrievals only)
///
/// -
/// file
///
///
///
///
///
/// The address of a null-terminated ANSI string that identifies the type of object to retrieve. This can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// NULL BLOB
///
/// Retrieve one or more data BLOBs. The encoded bits are returned in an array of BLOBs. ppvObject is the address of a
/// CRYPT_BLOB_ARRAY structure pointer that receives the BLOB array. When this structure is no longer needed, you must free it by
/// passing the address of this structure to the CryptMemFree function.
///
///
/// -
/// CONTEXT_OID_CERTIFICATE certificate
///
/// Retrieve one or more certificates. If a single object is being retrieved, ppvObject is the address of a CERT_CONTEXT structure
/// pointer that receives the context. When this context is no longer needed, you must free it by passing the CERT_CONTEXT structure
/// pointer to the CertFreeCertificateContext function. If multiple objects are being retrieved, ppvObject is the address of an
/// HCERTSTORE variable that receives the handle of a store that contains the certificates. When this store is no longer needed, you
/// must close it by passing this handle to the CertCloseStore function.
///
///
/// -
/// CONTEXT_OID_CRL CRL
///
/// Retrieve one or more certificate revocation lists (CRLs). If a single object is being retrieved, ppvObject is the address of a
/// CRL_CONTEXT structure pointer that receives the context. When this context is no longer needed, you must free it by passing the
/// CRL_CONTEXT structure pointer to the CertFreeCRLContext function. If multiple objects are being retrieved, ppvObject is the
/// address of an HCERTSTORE variable that receives the handle of a store that contains the CRLs. When this store is no longer
/// needed, you must close it by passing this handle to the CertCloseStore function.
///
///
/// -
/// CONTEXT_OID_CTL CTL
///
/// Retrieve one or more certificate trust lists (CTLs). If a single object is being retrieved, ppvObject is the address of a
/// CTL_CONTEXT structure pointer that receives the context. When this context is no longer needed, you must free it by passing the
/// CTL_CONTEXT structure pointer to the CertFreeCTLContext function. If multiple objects are being retrieved, ppvObject is the
/// address of an HCERTSTORE variable that receives the handle of a store that contains the CTLs. When this store is no longer
/// needed, you must close it by passing this handle to the CertCloseStore function.
///
///
/// -
/// CONTEXT_OID_PKCS7 PKCS7
///
/// ppvObject is the address of an HCERTSTORE variable that receives the handle of a store that contains the objects from the
/// message. When this store is no longer needed, you must close it by passing this handle to the CertCloseStore function.
///
///
/// -
/// CONTEXT_OID_CAPI2_ANY Function will determine appropriate item
///
/// ppvObject is the address of an HCERTSTORE variable that receives the handle of a store that contains the objects. When this
/// store is no longer needed, you must close it by passing this handle to the CertCloseStore function.
///
///
/// -
/// CONTEXT_OID_OCSP_RESP OCSP Response
/// ppvObject is the address of a pointer to a CRYPT_BLOB_ARRAY structure.
///
///
///
///
///
/// Determines whether to use the cached URL or a URL retrieved from the wire URL. The form in which objects are returned is
/// determined by the value of pszObjectOid.
///
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_AIA_RETRIEVAL
///
/// Validates the content retrieved by a wire URL before writing the URL to the cache. The default provider does not support the
/// HTTPS protocol for AIA retrievals.
///
///
/// -
/// CRYPT_ASYNC_RETRIEVAL
/// This value is not supported.
///
/// -
/// CRYPT_CACHE_ONLY_RETRIEVAL
/// Retrieves the encoded bits from the URL cache only. Do not use the wire to retrieve the URL.
///
/// -
/// CRYPT_DONT_CACHE_RESULT
/// Does not store the retrieved encoded bits to the URL cache. If this flag is not set, the retrieved URL is cached.
///
/// -
/// CRYPT_HTTP_POST_RETRIEVAL
///
/// Uses the POST method instead of the default GET method for HTTP retrievals. In a POST URL, additional binary data and header
/// strings are appended to the base URL in the following format:
/// BaseURL/OptionalURLEscaped&Base64EncodedAdditionalData?OptionalAdditionalHTTPHeaders The following example shows the
/// additional binary data delimited by the last slash mark (/) and a Content-Type header delimited by a question mark (?) appended
/// to a base URL. When this flag is set, the CryptRetrieveObjectByUrl function parses the URL by using the last slash mark (/) and
/// question mark (?) delimiters. The string, which is delimited by a slash mark (/), contains an unescaped URL (that is, a plain
/// text URL without escape characters or escape sequences) and Base64 data decoded into binary form before being passed to the
/// WinHttpSendRequest function as the lpOptional parameter. The string delimited by a question mark (?) is passed to the
/// WinHttpSendRequest function as the pwszHeaders parameter.
///
///
/// -
/// CRYPT_LDAP_AREC_EXCLUSIVE_RETRIEVAL
///
/// Performs A-Record-only DNS lookup on the supplied host string, preventing the generation of false DNS queries when resolving
/// host names. This flag should be used when passing a host name as opposed to a domain name.
///
///
/// -
/// CRYPT_LDAP_INSERT_ENTRY_ATTRIBUTE
///
/// Retrieves the entry index and attribute name for each LDAP object. The beginning of each returned BLOB contains the following
/// ANSI string: "entry index in decimal\0attribute name\0" When this flag is set, pszObjectOid must be NULL so that a BLOB is
/// returned. This flag only applies to the ldap scheme.
///
///
/// -
/// CRYPT_LDAP_SCOPE_BASE_ONLY_RETRIEVAL
/// Fails if the LDAP search scope is not set to base in the URL. Use with LDAP only.
///
/// -
/// CRYPT_LDAP_SIGN_RETRIEVAL
///
/// Digitally signs all of the LDAP traffic to and from a server by using the Kerberos authentication protocol. This feature
/// provides integrity required by some applications.
///
///
/// -
/// CRYPT_NO_AUTH_RETRIEVAL
/// Inhibits automatic authentication handling.
///
/// -
/// CRYPT_NOT_MODIFIED_RETRIEVAL
///
/// Enables a conditional HTTP URL retrieval. When this flag is set, for a conditional retrieval that returns
/// HTTP_STATUS_NOT_MODIFIED, CryptRetrieveObjectByUrl returns TRUE and ppvObject is set to NULL. If pAuxInfo is not NULL,
/// dwHttpStatusCode is set to HTTP_STATUS_NOT_MODIFIED. Otherwise, ppvObject is updated for a successful retrieval.
///
///
/// -
/// CRYPT_OFFLINE_CHECK_RETRIEVAL
///
/// Keeps track of offline failures and delays before hitting the wire on subsequent retrievals. This value is for wire retrieval only.
///
///
/// -
/// CRYPT_PROXY_CACHE_RETRIEVAL
///
/// Enables proxy cache retrieval of an object. If a proxy cache was not explicitly bypassed, fProxyCacheRetrieval is set to TRUE in
/// pAuxInfo. This value only applies to HTTP URL retrievals.
///
///
/// -
/// CRYPT_RETRIEVE_MULTIPLE_OBJECTS
///
/// Retrieves multiple objects if available. All objects must be of a homogeneous object type as determined by the value of
/// pszObjectOid, unless the object identifier (OID) value is CONTEXT_OID_CAPI2_ANY.
///
///
/// -
/// CRYPT_STICKY_CACHE_RETRIEVAL
/// Tags the URL as exempt from being flushed from the cache. For more information, see STICKY_CACHE_ENTRY in INTERNET_CACHE_ENTRY_INFO.
///
/// -
/// CRYPT_VERIFY_CONTEXT_SIGNATURE
///
/// Acquires signature verification on the context created. In this case pszObjectOid must be non-NULL and pvVerify points to the
/// signer certificate context.
///
///
/// -
/// CRYPT_VERIFY_DATA_HASH
/// This flag is not implemented. Do not use it.
///
/// -
/// CRYPT_WIRE_ONLY_RETRIEVAL
/// Retrieves the encoded bits from the wire only. Does not use the URL cache.
///
///
///
///
/// Specifies the maximum number of milliseconds to wait for retrieval. If a value of zero is specified, this function does not time
/// out. This parameter is not used if the URL scheme is file:///.
///
///
/// The address of a pointer to the returned object. The return type can be one of the supported types shown in pszObjectOid.
///
/// This parameter is reserved and must be set to NULL.
/// This parameter is not used.
///
/// A pointer to a verification object. This object is a function of the dwRetrievalFlags parameter. It can be NULL to
/// indicate that the caller is not interested in getting the certificate context or index of the signer if dwRetrievalFlags is CRYPT_VERIFY_CONTEXT_SIGNATURE.
///
///
/// An optional pointer to a CRYPT_RETRIEVE_AUX_INFO structure. If not NULL and if the cbSize member of the structure
/// is set, this parameter returns the time of the last successful wire retrieval.
///
///
/// If the function succeeds, the return value is nonzero ( TRUE).
/// If the function fails, the return value is zero ( FALSE).
///
///
///
/// The remote object retrieval manager exposes two provider models. One is the Scheme Provider model that allows for installable
/// protocol providers as defined by the URL scheme, that is, ldap, http, ftp, or file. The scheme provider entry point is the same
/// as the CryptRetrieveObjectByUrl function; however, the *ppvObject returned is always a counted array of encoded bits (one
/// per object retrieved).
///
///
/// The second provider model is the Context Provider model that allows for installable creators of the context handles (objects)
/// based on the retrieved encoded bits. These are dispatched based on the object identifier (OID) specified in the call to CryptRetrieveObjectByUrl.
///
///
/// Individual PKI objects such as certificates, trusts lists, revocation lists, PKCS #7 messages, and multiple homogenous objects
/// can be retrieved. Starting with Windows Vista with Service Pack 1 (SP1) and Windows Server 2008, security of "http:" and "ldap:"
/// retrievals have been hardened. For more information, see http://support.microsoft.com/kb/946401.
///
/// This function supports "http:" and "ldap:" URL schemes as well as newly defined schemes.
///
/// Windows XP:"ftp:" is not supported for network retrieval. For a summary of changes to the CryptoAPI certificate chain
/// validation logic in Q835732 on Windows XP, see http://support.microsoft.com/kb/887195.
///
/// Note By default, "file:" is not supported for network retrieval.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptretrieveobjectbyurla BOOL CryptRetrieveObjectByUrlA(
// LPCSTR pszUrl, LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject, HCRYPTASYNC hAsyncRetrieve,
// PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo );
[DllImport(Lib.Cryptnet, SetLastError = false, CharSet = CharSet.Auto)]
[PInvokeData("wincrypt.h", MSDNShortId = "2e205f97-be9b-4358-ba22-d475b6a250b7")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptRetrieveObjectByUrl(SafeOID pszUrl, [Optional] SafeOID pszObjectOid, uint dwRetrievalFlags, uint dwTimeout,
out IntPtr ppvObject, [Optional] IntPtr hAsyncRetrieve, in CRYPT_CREDENTIALS pCredentials, [Optional] IntPtr pvVerify, ref CRYPT_RETRIEVE_AUX_INFO pAuxInfo);
///
///
/// The CryptRetrieveObjectByUrl function retrieves the public key infrastructure (PKI) object from a location specified by a URL.
///
/// These remote objects are in encoded format and are retrieved in a "context" form.
///
///
/// The address of a PKI object to be retrieved. The following schemes are supported:
///
/// -
/// ldap (Lightweight Directory Access Protocol)
///
/// -
/// http
///
/// -
/// https (certificate revocation list (CRL) or online certificate status protocol (OCSP) retrievals only)
///
/// -
/// file
///
///
///
///
///
/// The address of a null-terminated ANSI string that identifies the type of object to retrieve. This can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// NULL BLOB
///
/// Retrieve one or more data BLOBs. The encoded bits are returned in an array of BLOBs. ppvObject is the address of a
/// CRYPT_BLOB_ARRAY structure pointer that receives the BLOB array. When this structure is no longer needed, you must free it by
/// passing the address of this structure to the CryptMemFree function.
///
///
/// -
/// CONTEXT_OID_CERTIFICATE certificate
///
/// Retrieve one or more certificates. If a single object is being retrieved, ppvObject is the address of a CERT_CONTEXT structure
/// pointer that receives the context. When this context is no longer needed, you must free it by passing the CERT_CONTEXT structure
/// pointer to the CertFreeCertificateContext function. If multiple objects are being retrieved, ppvObject is the address of an
/// HCERTSTORE variable that receives the handle of a store that contains the certificates. When this store is no longer needed, you
/// must close it by passing this handle to the CertCloseStore function.
///
///
/// -
/// CONTEXT_OID_CRL CRL
///
/// Retrieve one or more certificate revocation lists (CRLs). If a single object is being retrieved, ppvObject is the address of a
/// CRL_CONTEXT structure pointer that receives the context. When this context is no longer needed, you must free it by passing the
/// CRL_CONTEXT structure pointer to the CertFreeCRLContext function. If multiple objects are being retrieved, ppvObject is the
/// address of an HCERTSTORE variable that receives the handle of a store that contains the CRLs. When this store is no longer
/// needed, you must close it by passing this handle to the CertCloseStore function.
///
///
/// -
/// CONTEXT_OID_CTL CTL
///
/// Retrieve one or more certificate trust lists (CTLs). If a single object is being retrieved, ppvObject is the address of a
/// CTL_CONTEXT structure pointer that receives the context. When this context is no longer needed, you must free it by passing the
/// CTL_CONTEXT structure pointer to the CertFreeCTLContext function. If multiple objects are being retrieved, ppvObject is the
/// address of an HCERTSTORE variable that receives the handle of a store that contains the CTLs. When this store is no longer
/// needed, you must close it by passing this handle to the CertCloseStore function.
///
///
/// -
/// CONTEXT_OID_PKCS7 PKCS7
///
/// ppvObject is the address of an HCERTSTORE variable that receives the handle of a store that contains the objects from the
/// message. When this store is no longer needed, you must close it by passing this handle to the CertCloseStore function.
///
///
/// -
/// CONTEXT_OID_CAPI2_ANY Function will determine appropriate item
///
/// ppvObject is the address of an HCERTSTORE variable that receives the handle of a store that contains the objects. When this
/// store is no longer needed, you must close it by passing this handle to the CertCloseStore function.
///
///
/// -
/// CONTEXT_OID_OCSP_RESP OCSP Response
/// ppvObject is the address of a pointer to a CRYPT_BLOB_ARRAY structure.
///
///
///
///
///
/// Determines whether to use the cached URL or a URL retrieved from the wire URL. The form in which objects are returned is
/// determined by the value of pszObjectOid.
///
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_AIA_RETRIEVAL
///
/// Validates the content retrieved by a wire URL before writing the URL to the cache. The default provider does not support the
/// HTTPS protocol for AIA retrievals.
///
///
/// -
/// CRYPT_ASYNC_RETRIEVAL
/// This value is not supported.
///
/// -
/// CRYPT_CACHE_ONLY_RETRIEVAL
/// Retrieves the encoded bits from the URL cache only. Do not use the wire to retrieve the URL.
///
/// -
/// CRYPT_DONT_CACHE_RESULT
/// Does not store the retrieved encoded bits to the URL cache. If this flag is not set, the retrieved URL is cached.
///
/// -
/// CRYPT_HTTP_POST_RETRIEVAL
///
/// Uses the POST method instead of the default GET method for HTTP retrievals. In a POST URL, additional binary data and header
/// strings are appended to the base URL in the following format:
/// BaseURL/OptionalURLEscaped&Base64EncodedAdditionalData?OptionalAdditionalHTTPHeaders The following example shows the
/// additional binary data delimited by the last slash mark (/) and a Content-Type header delimited by a question mark (?) appended
/// to a base URL. When this flag is set, the CryptRetrieveObjectByUrl function parses the URL by using the last slash mark (/) and
/// question mark (?) delimiters. The string, which is delimited by a slash mark (/), contains an unescaped URL (that is, a plain
/// text URL without escape characters or escape sequences) and Base64 data decoded into binary form before being passed to the
/// WinHttpSendRequest function as the lpOptional parameter. The string delimited by a question mark (?) is passed to the
/// WinHttpSendRequest function as the pwszHeaders parameter.
///
///
/// -
/// CRYPT_LDAP_AREC_EXCLUSIVE_RETRIEVAL
///
/// Performs A-Record-only DNS lookup on the supplied host string, preventing the generation of false DNS queries when resolving
/// host names. This flag should be used when passing a host name as opposed to a domain name.
///
///
/// -
/// CRYPT_LDAP_INSERT_ENTRY_ATTRIBUTE
///
/// Retrieves the entry index and attribute name for each LDAP object. The beginning of each returned BLOB contains the following
/// ANSI string: "entry index in decimal\0attribute name\0" When this flag is set, pszObjectOid must be NULL so that a BLOB is
/// returned. This flag only applies to the ldap scheme.
///
///
/// -
/// CRYPT_LDAP_SCOPE_BASE_ONLY_RETRIEVAL
/// Fails if the LDAP search scope is not set to base in the URL. Use with LDAP only.
///
/// -
/// CRYPT_LDAP_SIGN_RETRIEVAL
///
/// Digitally signs all of the LDAP traffic to and from a server by using the Kerberos authentication protocol. This feature
/// provides integrity required by some applications.
///
///
/// -
/// CRYPT_NO_AUTH_RETRIEVAL
/// Inhibits automatic authentication handling.
///
/// -
/// CRYPT_NOT_MODIFIED_RETRIEVAL
///
/// Enables a conditional HTTP URL retrieval. When this flag is set, for a conditional retrieval that returns
/// HTTP_STATUS_NOT_MODIFIED, CryptRetrieveObjectByUrl returns TRUE and ppvObject is set to NULL. If pAuxInfo is not NULL,
/// dwHttpStatusCode is set to HTTP_STATUS_NOT_MODIFIED. Otherwise, ppvObject is updated for a successful retrieval.
///
///
/// -
/// CRYPT_OFFLINE_CHECK_RETRIEVAL
///
/// Keeps track of offline failures and delays before hitting the wire on subsequent retrievals. This value is for wire retrieval only.
///
///
/// -
/// CRYPT_PROXY_CACHE_RETRIEVAL
///
/// Enables proxy cache retrieval of an object. If a proxy cache was not explicitly bypassed, fProxyCacheRetrieval is set to TRUE in
/// pAuxInfo. This value only applies to HTTP URL retrievals.
///
///
/// -
/// CRYPT_RETRIEVE_MULTIPLE_OBJECTS
///
/// Retrieves multiple objects if available. All objects must be of a homogeneous object type as determined by the value of
/// pszObjectOid, unless the object identifier (OID) value is CONTEXT_OID_CAPI2_ANY.
///
///
/// -
/// CRYPT_STICKY_CACHE_RETRIEVAL
/// Tags the URL as exempt from being flushed from the cache. For more information, see STICKY_CACHE_ENTRY in INTERNET_CACHE_ENTRY_INFO.
///
/// -
/// CRYPT_VERIFY_CONTEXT_SIGNATURE
///
/// Acquires signature verification on the context created. In this case pszObjectOid must be non-NULL and pvVerify points to the
/// signer certificate context.
///
///
/// -
/// CRYPT_VERIFY_DATA_HASH
/// This flag is not implemented. Do not use it.
///
/// -
/// CRYPT_WIRE_ONLY_RETRIEVAL
/// Retrieves the encoded bits from the wire only. Does not use the URL cache.
///
///
///
///
/// Specifies the maximum number of milliseconds to wait for retrieval. If a value of zero is specified, this function does not time
/// out. This parameter is not used if the URL scheme is file:///.
///
///
/// The address of a pointer to the returned object. The return type can be one of the supported types shown in pszObjectOid.
///
/// This parameter is reserved and must be set to NULL.
/// This parameter is not used.
///
/// A pointer to a verification object. This object is a function of the dwRetrievalFlags parameter. It can be NULL to
/// indicate that the caller is not interested in getting the certificate context or index of the signer if dwRetrievalFlags is CRYPT_VERIFY_CONTEXT_SIGNATURE.
///
///
/// An optional pointer to a CRYPT_RETRIEVE_AUX_INFO structure. If not NULL and if the cbSize member of the structure
/// is set, this parameter returns the time of the last successful wire retrieval.
///
///
/// If the function succeeds, the return value is nonzero ( TRUE).
/// If the function fails, the return value is zero ( FALSE).
///
///
///
/// The remote object retrieval manager exposes two provider models. One is the Scheme Provider model that allows for installable
/// protocol providers as defined by the URL scheme, that is, ldap, http, ftp, or file. The scheme provider entry point is the same
/// as the CryptRetrieveObjectByUrl function; however, the *ppvObject returned is always a counted array of encoded bits (one
/// per object retrieved).
///
///
/// The second provider model is the Context Provider model that allows for installable creators of the context handles (objects)
/// based on the retrieved encoded bits. These are dispatched based on the object identifier (OID) specified in the call to CryptRetrieveObjectByUrl.
///
///
/// Individual PKI objects such as certificates, trusts lists, revocation lists, PKCS #7 messages, and multiple homogenous objects
/// can be retrieved. Starting with Windows Vista with Service Pack 1 (SP1) and Windows Server 2008, security of "http:" and "ldap:"
/// retrievals have been hardened. For more information, see http://support.microsoft.com/kb/946401.
///
/// This function supports "http:" and "ldap:" URL schemes as well as newly defined schemes.
///
/// Windows XP:"ftp:" is not supported for network retrieval. For a summary of changes to the CryptoAPI certificate chain
/// validation logic in Q835732 on Windows XP, see http://support.microsoft.com/kb/887195.
///
/// Note By default, "file:" is not supported for network retrieval.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptretrieveobjectbyurla BOOL CryptRetrieveObjectByUrlA(
// LPCSTR pszUrl, LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject, HCRYPTASYNC hAsyncRetrieve,
// PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo );
[DllImport(Lib.Cryptnet, SetLastError = false, CharSet = CharSet.Auto)]
[PInvokeData("wincrypt.h", MSDNShortId = "2e205f97-be9b-4358-ba22-d475b6a250b7")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptRetrieveObjectByUrl(SafeOID pszUrl, [Optional] SafeOID pszObjectOid, uint dwRetrievalFlags, uint dwTimeout,
[Optional] IntPtr ppvObject, [Optional] IntPtr hAsyncRetrieve, [Optional] IntPtr pCredentials, [Optional] IntPtr pvVerify, [Optional] IntPtr pAuxInfo);
///
/// The CERT_REVOCATION_CHAIN_PARA structure contains parameters used for building a chain for an independent online
/// certificate status protocol (OCSP) response signer certificate. The CERT_REVOCATION_PARA and
/// CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO structure definitions include optional pointers to this structure.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_revocation_chain_para typedef struct
// _CERT_REVOCATION_CHAIN_PARA { DWORD cbSize; HCERTCHAINENGINE hChainEngine; HCERTSTORE hAdditionalStore; DWORD dwChainFlags; DWORD
// dwUrlRetrievalTimeout; LPFILETIME pftCurrentTime; LPFILETIME pftCacheResync; DWORD cbMaxUrlRetrievalByteCount; }
// CERT_REVOCATION_CHAIN_PARA, *PCERT_REVOCATION_CHAIN_PARA;
[PInvokeData("wincrypt.h", MSDNShortId = "9cdcc81a-aef1-4a1e-94f8-7aa461225dae")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_REVOCATION_CHAIN_PARA
{
/// The size, in bytes, of this structure.
public uint cbSize;
/// A handle to the chain engine used by the caller.
public HCERTCHAINENGINE hChainEngine;
/// A handle to a store that contains the certificates used to build the original chain. The handle can be NULL.
public HCERTSTORE hAdditionalStore;
///
/// A value for the dwFlags parameter passed to the CertGetCertificateChain function.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_CHAIN_REVOCATION_CHECK_OCSP_CERT 0x04000000
///
/// This flag will be set by the CertVerifyRevocation provider when it calls CertGetCertificateChain with an independent OCSP
/// signer certificate. When set, CertGetCertificateChain will call CertVerifyRevocation without setting the pointer to the
/// above CERT_REVOCATION_CHAIN_PARA data structure; this helps to prevent circular revocation checking.
///
///
///
///
public uint dwChainFlags;
///
/// A value that contains the time-out limit, in milliseconds. If zero, the revocation handler's default time-out is used.
///
public uint dwUrlRetrievalTimeout;
///
/// A pointer to a FILETIME structure used in the freshness time check. If this pointer is NULL, the revocation handler
/// uses the current time.
///
public IntPtr pftCurrentTime;
///
/// A pointer to a FILETIME structure that governs the use of cached information. Any information cached before this time is
/// considered invalid and new information is retrieved. When set, this value overrides the registry configuration CacheResync time.
///
public IntPtr pftCacheResync;
///
///
/// A DWORD value that specifies the maximum number of bytes to download from the URL object. A value of 0 specifies no limit.
///
/// Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This member is not supported.
///
public uint cbMaxUrlRetrievalByteCount;
}
///
/// The CRYPT_CREDENTIALS structure contains information about credentials that can be passed as optional input to a remote
/// object retrieval function such as CryptRetrieveObjectByUrl or CryptGetTimeValidObject.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_credentials typedef struct _CRYPT_CREDENTIALS {
// DWORD cbSize; LPCSTR pszCredentialsOid; LPVOID pvCredentials; } CRYPT_CREDENTIALS, *PCRYPT_CREDENTIALS;
[PInvokeData("wincrypt.h", MSDNShortId = "d28b2f52-3258-44ad-a3ab-0743d3afcd62")]
[StructLayout(LayoutKind.Sequential)]
public struct CRYPT_CREDENTIALS
{
/// The size in bytes of this structure.
public uint cbSize;
///
///
/// A pointer to a null-terminated string that contains the type of credential object represented by the pvCredentials member.
///
/// This member can contain the following possible value.
///
///
/// Value
/// Meaning
///
/// -
/// CREDENTIAL_OID_PASSWORD_CREDENTIALS
///
/// The pvCredentials member contains a CRYPT_PASSWORD_CREDENTIALS structure that represents a user name and password combination.
///
///
///
///
public IntPtr pszCredentialsOid;
/// A pointer to a structure as defined by the pszCredentialsOid member.
public IntPtr pvCredentials;
}
///
/// The CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO structure contains optional extra information that can be passed to the
/// CryptGetTimeValidObject function in the pExtraInfo parameter.
///
///
/// All members of the CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO structure that do not have a value must be set to zero.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_get_time_valid_object_extra_info typedef struct
// _CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO { DWORD cbSize; int iDeltaCrlIndicator; LPFILETIME pftCacheResync; LPFILETIME
// pLastSyncTime; LPFILETIME pMaxAgeTime; PCERT_REVOCATION_CHAIN_PARA pChainPara; PCRYPT_INTEGER_BLOB pDeltaCrlIndicator; }
// CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO, *PCRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO;
[PInvokeData("wincrypt.h", MSDNShortId = "3de595f9-c922-4c8f-8328-819e91a2997c")]
[StructLayout(LayoutKind.Sequential)]
public struct CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO
{
/// The size, in bytes, of this structure.
public uint cbSize;
///
///
/// A value used to compare to the base certificate revocation list (CRL) number. If the base CRL number is less than this
/// value, the caller should attempt to retrieve a newer base CRL.
///
///
/// If the pDeltaCrlIndicator member is non- NULL the value of this member must be 0x7fffffff. Windows Server
/// 2008, Windows Vista, Windows Server 2003 and Windows XP: Because the pDeltaCrlIndicator member does not exist,
/// the iDeltaCrlIndicator value requirement does not apply.
///
///
public int iDeltaCrlIndicator;
///
/// A pointer to a FILETIME structure that governs the use of cached information. Any information cached before this time is
/// considered invalid and new information is retrieved.
///
public IntPtr pftCacheResync;
///
/// A pointer to a FILETIME structure that contains the time of the last synchronization of the data retrieved for the object.
///
public IntPtr pLastSyncTime;
///
/// A pointer to a FILETIME structure that specifies an expiration time of the data retrieved based on the dwMaxAge
/// member of the CRYPTNET_URL_CACHE_RESPONSE_INFO structure.
///
public IntPtr pMaxAgeTime;
///
/// A pointer to a structure that contains the CertGetCertificateChain function
/// parameters used by the caller. The data in this member enables independent online certificate status protocol (OCSP) signer
/// certificate chain verification.
///
public IntPtr pChainPara;
///
///
/// A pointer to a CRYPT_INTEGER_BLOB structure that contains a CRL with a length of more than 4 bytes. If this member is non-
/// NULL and the iDeltaCrlIndicator member is equal to MAXLONG, then if the base CRL number is less than
/// this value, the caller should attempt to retrieve a newer base CRL.
///
/// Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This member is not supported.
///
public IntPtr pDeltaCrlIndicator;
}
///
/// The CRYPT_RETRIEVE_AUX_INFO structure contains optional information to pass to the CryptRetrieveObjectByUrl function. All
/// unused members of this structure must contain zero.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_retrieve_aux_info typedef struct
// _CRYPT_RETRIEVE_AUX_INFO { DWORD cbSize; FILETIME *pLastSyncTime; DWORD dwMaxUrlRetrievalByteCount;
// PCRYPTNET_URL_CACHE_PRE_FETCH_INFO pPreFetchInfo; PCRYPTNET_URL_CACHE_FLUSH_INFO pFlushInfo; PCRYPTNET_URL_CACHE_RESPONSE_INFO
// *ppResponseInfo; LPWSTR pwszCacheFileNamePrefix; LPFILETIME pftCacheResync; BOOL fProxyCacheRetrieval; DWORD dwHttpStatusCode;
// LPWSTR *ppwszErrorResponseHeaders; PCRYPT_DATA_BLOB *ppErrorContentBlob; } CRYPT_RETRIEVE_AUX_INFO, *PCRYPT_RETRIEVE_AUX_INFO;
[PInvokeData("wincrypt.h", MSDNShortId = "33ea51e7-c3e3-4cf8-ade0-099cb8b2e651")]
[StructLayout(LayoutKind.Sequential)]
public struct CRYPT_RETRIEVE_AUX_INFO
{
/// The size, in bytes, of the structure.
public uint cbSize;
/// A FILETIME structure that contains the time of the last synchronization of the data retrieved.
public IntPtr pLastSyncTime;
/// A value that specifies a limit to the number of byes retrieved. A value of zero or less specifies no limit.
public uint dwMaxUrlRetrievalByteCount;
///
/// A pointer to a CRYPTNET_URL_CACHE_PRE_FETCH_INFO structure. To get prefetch information, set its cbSize upon input.
/// For no prefetch information, except for cbSize, the data structure contains zero upon return.
///
public IntPtr pPreFetchInfo;
///
/// A pointer to a CRYPTNET_URL_CACHE_FLUSH_INFO structure. To get flush information, set its cbSize upon input. For no
/// flush information, except for cbSize, the data structure contains zero upon return.
///
public IntPtr pFlushInfo;
///
/// A pointer to a PCRYPTNET_URL_CACHE_RESPONSE_INFO structure. To get response information, set the pointer to the address of a
/// CRYPTNET_URL_CACHE_RESPONSE_INFO pointer updated with the allocated structure. For no response information,
/// ppResponseInfo is set to NULL. If it is not NULL, it must be freed by using the CryptMemFree function.
///
public IntPtr ppResponseInfo;
///
/// A pointer to a string that contains a prefix for a cached file name. If not NULL, the specified prefix string is
/// concatenated to the front of the cached file name.
///
[MarshalAs(UnmanagedType.LPWStr)] public string pwszCacheFileNamePrefix;
///
/// A pointer to a FILETIME structure that specifies a cache synchronization time. If not NULL, any information cached
/// before this time is considered time invalid. For a CRYPT_CACHE_ONLY_RETRIEVAL, if there is a cached entry before this
/// time, CryptRetrieveObjectByUrl returns ERROR_INVALID_TIME. When used with an HTTP retrieval, this specifies the
/// maximum age for a time-valid object.
///
public IntPtr pftCacheResync;
///
/// A value that indicates whether CryptRetrieveObjectByUrl was called with CRYPT_PROXY_CACHE_RETRIEVAL set in
/// dwRetrievalFlags and a proxy cache was not explicitly bypassed for the retrieval. This flag is not explicitly cleared and
/// only applies to HTTP URL retrievals.
///
[MarshalAs(UnmanagedType.Bool)] public bool fProxyCacheRetrieval;
///
/// A value that specifies a status code from an unsuccessful HTTP response header. If CRYPT_NOT_MODIFIED_RETRIEVAL was
/// set in dwRetrievalFlags, and the HTTP retrieval returns HTTP_STATUS_NOT_MODIFIED, this contains the
/// HTTP_STATUS_NOT_MODIFIED status code. This value is not explicitly cleared and is only updated for HTTP or HTTPS URL retrievals.
///
public uint dwHttpStatusCode;
///
public IntPtr ppwszErrorResponseHeaders;
///
public IntPtr ppErrorContentBlob;
}
/// The data for the value entry.
[PInvokeData("wincrypt.h", MSDNShortId = "a92117b8-9144-4480-b88a-b9ffe1026d63")]
[StructLayout(LayoutKind.Sequential)]
public struct CRYPT_URL_ARRAY
{
/// Number of elements in the rgwszUrl array of URLs.
public uint cUrl;
/// An array of Unicode string pointers to URLs.
public IntPtr rgwszUrl;
}
/// The CRYPT_URL_INFO structure contains information about groupings of URLs.
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_url_info typedef struct _CRYPT_URL_INFO { DWORD
// cbSize; DWORD dwSyncDeltaTime; DWORD cGroup; DWORD *rgcGroupEntry; } CRYPT_URL_INFO, *PCRYPT_URL_INFO;
[PInvokeData("wincrypt.h", MSDNShortId = "58289a66-6580-468c-b001-5da08cf6d4a9")]
[StructLayout(LayoutKind.Sequential)]
public struct CRYPT_URL_INFO
{
/// The size, in bytes, of the structure.
public uint cbSize;
/// Number of seconds between synchronizations.
public uint dwSyncDeltaTime;
/// Number of elements in the rgcGroupEntry array of URL groups.
public uint cGroup;
/// Array of URL groups returned.
public IntPtr rgcGroupEntry;
}
}
}