mirror of https://github.com/dahall/Vanara.git
6228 lines
297 KiB
C#
6228 lines
297 KiB
C#
using System;
|
||
using System.Runtime.InteropServices;
|
||
using System.Security;
|
||
using Vanara.Extensions;
|
||
using Vanara.InteropServices;
|
||
using FILETIME = System.Runtime.InteropServices.ComTypes.FILETIME;
|
||
|
||
namespace Vanara.PInvoke
|
||
{
|
||
/// <summary>Methods and data types found in Crypt32.dll.</summary>
|
||
public static partial class Crypt32
|
||
{
|
||
/// <summary>
|
||
/// <para>
|
||
/// [The <c>PCRYPT_DECRYPT_PRIVATE_KEY_FUNC</c> function is available for use in the operating systems specified in the Requirements
|
||
/// section. It may be altered or unavailable in subsequent versions.]
|
||
/// </para>
|
||
/// <para>
|
||
/// The <c>PCRYPT_DECRYPT_PRIVATE_KEY_FUNC</c> function decrypts the private key and returns the decrypted key in the pbClearTextKey
|
||
/// parameter. <c>PCRYPT_DECRYPT_PRIVATE_KEY_FUNC</c> is a callback function specified in a CRYPT_PKCS8_IMPORT_PARAMS structure. It
|
||
/// is used when a CRYPT_ENCRYPTED_PRIVATE_KEY_INFO structure contains a private key that needs to be decrypted. The
|
||
/// CryptImportPKCS8 function uses this function. The function must be implemented by the developer to suit each application.
|
||
/// </para>
|
||
/// </summary>
|
||
/// <param name="Algorithm">
|
||
/// A CRYPT_ALGORITHM_IDENTIFIER structure that identifies the algorithm used to encrypt the PrivateKeyInfo ASN.1 type found in the
|
||
/// PKCS #8 standard.
|
||
/// </param>
|
||
/// <param name="EncryptedPrivateKey">A CRYPT_DATA_BLOB value that identifies the encrypted private key BLOB.</param>
|
||
/// <param name="pbClearTextKey">A buffer to receive the clear text.</param>
|
||
/// <param name="pcbClearTextKey">
|
||
/// The number of bytes of the pClearTextKey buffer. Note: if this is zero then this should be filled in with the size required to
|
||
/// decrypt the key into, and pClearTextKey should be ignored.
|
||
/// </param>
|
||
/// <param name="pVoidDecryptFunc">
|
||
/// An <c>LPVOID</c> value that provides data used in decryption, such as key, initialization vector, and password.
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, it returns zero ( <c>FALSE</c>).</para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nc-wincrypt-pcrypt_decrypt_private_key_func
|
||
// PCRYPT_DECRYPT_PRIVATE_KEY_FUNC PcryptDecryptPrivateKeyFunc; BOOL PcryptDecryptPrivateKeyFunc( CRYPT_ALGORITHM_IDENTIFIER
|
||
// Algorithm, CRYPT_DATA_BLOB EncryptedPrivateKey, BYTE *pbClearTextKey, DWORD *pcbClearTextKey, LPVOID pVoidDecryptFunc ) {...}
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "f59fd46b-5430-4aa2-85ba-961b416dbaac")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public delegate bool PCRYPT_DECRYPT_PRIVATE_KEY_FUNC(CRYPT_ALGORITHM_IDENTIFIER Algorithm, CRYPTOAPI_BLOB EncryptedPrivateKey, IntPtr pbClearTextKey, ref uint pcbClearTextKey, IntPtr pVoidDecryptFunc);
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// [The <c>PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC</c> function is available for use in the operating systems specified in the Requirements
|
||
/// section. It may be altered or unavailable in subsequent versions.]
|
||
/// </para>
|
||
/// <para>
|
||
/// The <c>PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC</c> function encrypts the private key and returns the encrypted contents in the
|
||
/// pbEncryptedKey parameter. It is a callback function identified in a CRYPT_PKCS8_EXPORT_PARAMS structure that creates a PKCS #8
|
||
/// CRYPT_ENCRYPTED_PRIVATE_KEY_INFO structure. The function must be implemented by the developer to suit each application.
|
||
/// </para>
|
||
/// </summary>
|
||
/// <param name="pAlgorithm"/>
|
||
/// <param name="pClearTextPrivateKey"/>
|
||
/// <param name="pbEncryptedKey"/>
|
||
/// <param name="pcbEncryptedKey"/>
|
||
/// <param name="pVoidEncryptFunc">
|
||
/// An <c>LPVOID</c> variable that contains data used for encryption, such as key, initialization vector, and password.
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, it returns zero ( <c>FALSE</c>).</para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nc-wincrypt-pcrypt_encrypt_private_key_func
|
||
// PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC PcryptEncryptPrivateKeyFunc; BOOL PcryptEncryptPrivateKeyFunc( CRYPT_ALGORITHM_IDENTIFIER
|
||
// *pAlgorithm, CRYPT_DATA_BLOB *pClearTextPrivateKey, BYTE *pbEncryptedKey, DWORD *pcbEncryptedKey, LPVOID pVoidEncryptFunc ) {...}
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "aa6b8bca-4f0d-491e-ab38-5c273a01ca05")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public delegate bool PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC(ref CRYPT_ALGORITHM_IDENTIFIER pAlgorithm, ref CRYPTOAPI_BLOB pClearTextPrivateKey, IntPtr pbEncryptedKey, ref uint pcbEncryptedKey, IntPtr pVoidEncryptFunc);
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// [The <c>PCRYPT_RESOLVE_HCRYPTPROV_FUNC</c> function is available for use in the operating systems specified in the Requirements
|
||
/// section. It may be altered or unavailable in subsequent versions.]
|
||
/// </para>
|
||
/// <para>
|
||
/// The <c>PCRYPT_RESOLVE_HCRYPTPROV_FUNC</c> function returns a handle to a cryptographic service provider (CSP) by using the
|
||
/// phCryptProv parameter to receive the key being imported. It is a callback function called from the context of the
|
||
/// CryptImportPKCS8 function. The function must be implemented by the developer to suit each application.
|
||
/// </para>
|
||
/// </summary>
|
||
/// <param name="pPrivateKeyInfo">
|
||
/// Pointer to a CRYPT_PRIVATE_KEY_INFO structure which describes the key being imported and whose PrivateKey field contains the
|
||
/// encrypted private key blob.
|
||
/// </param>
|
||
/// <param name="phCryptProv">A pointer to a HCRRYPTPROV to be filled in.</param>
|
||
/// <param name="pVoidResolveFunc">
|
||
/// The <c>pVoidResolveFunc</c> member passed in by the caller in the CRYPT_PKCS8_IMPORT_PARAMS structure.
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, it returns zero ( <c>FALSE</c>).</para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nc-wincrypt-pcrypt_resolve_hcryptprov_func BOOL
|
||
// PCRYPT_RESOLVE_HCRYPTPROV_FUNC( CRYPT_PRIVATE_KEY_INFO *pPrivateKeyInfo, HCRYPTPROV *phCryptProv, LPVOID pVoidResolveFunc );
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "d3b2b942-bde5-4399-9412-95fe227cd546")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public delegate bool PCRYPT_RESOLVE_HCRYPTPROV_FUNC(in CRYPT_PRIVATE_KEY_INFO pPrivateKeyInfo, ref HCRYPTPROV phCryptProv, IntPtr pVoidResolveFunc);
|
||
|
||
/// <summary>The intended key usage.</summary>
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "d09c3626-f864-4774-8511-3e912f62e520")]
|
||
[Flags]
|
||
public enum CertKeyUsage : ushort
|
||
{
|
||
/// <summary/>
|
||
CERT_DIGITAL_SIGNATURE_KEY_USAGE = 0x80,
|
||
|
||
/// <summary/>
|
||
CERT_NON_REPUDIATION_KEY_USAGE = 0x40,
|
||
|
||
/// <summary/>
|
||
CERT_KEY_ENCIPHERMENT_KEY_USAGE = 0x20,
|
||
|
||
/// <summary/>
|
||
CERT_DATA_ENCIPHERMENT_KEY_USAGE = 0x10,
|
||
|
||
/// <summary/>
|
||
CERT_KEY_AGREEMENT_KEY_USAGE = 0x08,
|
||
|
||
/// <summary/>
|
||
CERT_KEY_CERT_SIGN_KEY_USAGE = 0x04,
|
||
|
||
/// <summary/>
|
||
CERT_OFFLINE_CRL_SIGN_KEY_USAGE = 0x02,
|
||
|
||
/// <summary/>
|
||
CERT_CRL_SIGN_KEY_USAGE = 0x02,
|
||
|
||
/// <summary/>
|
||
CERT_ENCIPHER_ONLY_KEY_USAGE = 0x01,
|
||
|
||
/// <summary/>
|
||
CERT_DECIPHER_ONLY_KEY_USAGE = 0x8000,
|
||
}
|
||
|
||
/// <summary>Indicates the expected content type.</summary>
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "d882f2b0-0f0a-41c7-afca-a232dc00797b")]
|
||
[Flags]
|
||
public enum CertQueryContentFlags : uint
|
||
{
|
||
/// <summary>
|
||
/// The content can be any type. This does not include the CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD flag.
|
||
/// <para>
|
||
/// If this flag is specified, this function will attempt to obtain information about the object, trying different content types
|
||
/// until the proper content type is found or the content types are exhausted.This is obviously inefficient, so this flag should
|
||
/// only be used if the content type is not known.
|
||
/// </para>
|
||
/// </summary>
|
||
CERT_QUERY_CONTENT_FLAG_ALL = (CERT_QUERY_CONTENT_FLAG_CERT | CERT_QUERY_CONTENT_FLAG_CTL | CERT_QUERY_CONTENT_FLAG_CRL | CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL | CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED | CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED | CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED | CERT_QUERY_CONTENT_FLAG_PKCS10 | CERT_QUERY_CONTENT_FLAG_PFX | CERT_QUERY_CONTENT_FLAG_CERT_PAIR),
|
||
|
||
/// <summary/>
|
||
CERT_QUERY_CONTENT_FLAG_ALL_ISSUER_CERT = (CERT_QUERY_CONTENT_FLAG_CERT | CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT | CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED | CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED),
|
||
|
||
/// <summary>The content is a single certificate.</summary>
|
||
CERT_QUERY_CONTENT_FLAG_CERT = (1 << CertQueryContentType.CERT_QUERY_CONTENT_CERT),
|
||
|
||
/// <summary>
|
||
/// The content is an Abstract Syntax Notation One (ASN.1) encoded X509_CERT_PAIR (an encoded certificate pair that contains
|
||
/// either forward, reverse, or forward and reverse cross certificates).
|
||
/// </summary>
|
||
CERT_QUERY_CONTENT_FLAG_CERT_PAIR = (1 << CertQueryContentType.CERT_QUERY_CONTENT_CERT_PAIR),
|
||
|
||
/// <summary>The content is a single CRL.</summary>
|
||
CERT_QUERY_CONTENT_FLAG_CRL = (1 << CertQueryContentType.CERT_QUERY_CONTENT_CRL),
|
||
|
||
/// <summary>The content is a single CTL.</summary>
|
||
CERT_QUERY_CONTENT_FLAG_CTL = (1 << CertQueryContentType.CERT_QUERY_CONTENT_CTL),
|
||
|
||
/// <summary>
|
||
/// The content is a PFX (PKCS #12) packet, but it will not be loaded by this function. You can use the PFXImportCertStore
|
||
/// function to load this into a store.
|
||
/// </summary>
|
||
CERT_QUERY_CONTENT_FLAG_PFX = (1 << CertQueryContentType.CERT_QUERY_CONTENT_PFX),
|
||
|
||
/// <summary>
|
||
/// The content is a PFX (PKCS #12) packet and will be loaded by this function subject to the conditions specified in the
|
||
/// following note. <note>If the PFX packet contains an embedded password that is not an empty string or NULL, and the password
|
||
/// was not protected to an Active Directory(AD) principal that includes the calling user, this function will not be able to
|
||
/// decrypt the PFX packet.The packet can be decrypted, however, if the password used when the PFX packet was created was
|
||
/// encrypted to an AD principal and the user, as part of that principal, has permission to decrypt the password. For more
|
||
/// information, see the pvPara parameter and the PKCS12_PROTECT_TO_DOMAIN_SIDS flag of the PFXExportCertStoreEx function.
|
||
/// <para>You can protect PFX passwords to an AD principal beginning in Windows 8 and Windows Server 2012.</para>
|
||
/// </note>
|
||
/// <para>Windows Server 2003 and Windows XP: This value is not supported.</para>
|
||
/// </summary>
|
||
CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD = (1 << CertQueryContentType.CERT_QUERY_CONTENT_PFX_AND_LOAD),
|
||
|
||
/// <summary>The content is a PKCS #10 message.</summary>
|
||
CERT_QUERY_CONTENT_FLAG_PKCS10 = (1 << CertQueryContentType.CERT_QUERY_CONTENT_PKCS10),
|
||
|
||
/// <summary>The content is a PKCS #7 signed message.</summary>
|
||
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED = (1 << CertQueryContentType.CERT_QUERY_CONTENT_PKCS7_SIGNED),
|
||
|
||
/// <summary>The content is an embedded PKCS #7 signed message.</summary>
|
||
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED = (1 << CertQueryContentType.CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED),
|
||
|
||
/// <summary>The content is a PKCS #7 unsigned message.</summary>
|
||
CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED = (1 << CertQueryContentType.CERT_QUERY_CONTENT_PKCS7_UNSIGNED),
|
||
|
||
/// <summary>The content is a serialized single certificate.</summary>
|
||
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT = (1 << CertQueryContentType.CERT_QUERY_CONTENT_SERIALIZED_CERT),
|
||
|
||
/// <summary>The content is a serialized single CRL.</summary>
|
||
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL = (1 << CertQueryContentType.CERT_QUERY_CONTENT_SERIALIZED_CRL),
|
||
|
||
/// <summary>The content is serialized single CTL.</summary>
|
||
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL = (1 << CertQueryContentType.CERT_QUERY_CONTENT_SERIALIZED_CTL),
|
||
|
||
/// <summary>The content is a serialized store.</summary>
|
||
CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE = (1 << CertQueryContentType.CERT_QUERY_CONTENT_SERIALIZED_STORE),
|
||
}
|
||
|
||
/// <summary>The actual type of the content.</summary>
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "d882f2b0-0f0a-41c7-afca-a232dc00797b")]
|
||
public enum CertQueryContentType
|
||
{
|
||
/// <summary>The content is a single certificate.</summary>
|
||
CERT_QUERY_CONTENT_CERT = 1,
|
||
|
||
/// <summary>The content is a single CTL.</summary>
|
||
CERT_QUERY_CONTENT_CTL = 2,
|
||
|
||
/// <summary>The content is a single CRL.</summary>
|
||
CERT_QUERY_CONTENT_CRL = 3,
|
||
|
||
/// <summary>The content is a serialized store.</summary>
|
||
CERT_QUERY_CONTENT_SERIALIZED_STORE = 4,
|
||
|
||
/// <summary>The content is a serialized single certificate.</summary>
|
||
CERT_QUERY_CONTENT_SERIALIZED_CERT = 5,
|
||
|
||
/// <summary>The content is a serialized single CTL.</summary>
|
||
CERT_QUERY_CONTENT_SERIALIZED_CTL = 6,
|
||
|
||
/// <summary>The content is a serialized single CRL.</summary>
|
||
CERT_QUERY_CONTENT_SERIALIZED_CRL = 7,
|
||
|
||
/// <summary>The content is a PKCS #7 signed message.</summary>
|
||
CERT_QUERY_CONTENT_PKCS7_SIGNED = 8,
|
||
|
||
/// <summary>The content is a PKCS #7 unsigned message.</summary>
|
||
CERT_QUERY_CONTENT_PKCS7_UNSIGNED = 9,
|
||
|
||
/// <summary>The content is an embedded PKCS #7 signed message.</summary>
|
||
CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED = 10,
|
||
|
||
/// <summary>The content is a PKCS #10 message.</summary>
|
||
CERT_QUERY_CONTENT_PKCS10 = 11,
|
||
|
||
/// <summary>
|
||
/// The content is a PFX (PKCS #12) packet. This function only verifies that the object is a PKCS #12 packet. The PKCS #12
|
||
/// packet is not loaded into a certificate store.
|
||
/// </summary>
|
||
CERT_QUERY_CONTENT_PFX = 12,
|
||
|
||
/// <summary>The content is an ASN.1 encoded X509_CERT_pair.</summary>
|
||
CERT_QUERY_CONTENT_CERT_PAIR = 13,
|
||
|
||
/// <summary>
|
||
/// The content is a PFX (PKCS #12) packet, and it has been loaded into a certificate store.
|
||
/// <para>Windows Server 2003 and Windows XP: This value is not supported.</para>
|
||
/// </summary>
|
||
CERT_QUERY_CONTENT_PFX_AND_LOAD = 14,
|
||
}
|
||
|
||
/// <summary>Indicates the expected format of the returned type.</summary>
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "d882f2b0-0f0a-41c7-afca-a232dc00797b")]
|
||
public enum CertQueryFormatFlags : uint
|
||
{
|
||
/// <summary>The content should be returned in binary format.</summary>
|
||
CERT_QUERY_FORMAT_FLAG_BINARY = (1 << CertQueryFormatType.CERT_QUERY_FORMAT_BINARY),
|
||
|
||
/// <summary>The content should be returned in Base64 encoded format.</summary>
|
||
CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED = (1 << CertQueryFormatType.CERT_QUERY_FORMAT_BASE64_ENCODED),
|
||
|
||
/// <summary>The content should be returned in ASCII hex-encoded format with a "{ASN}" prefix.</summary>
|
||
CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED = (1 << CertQueryFormatType.CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED),
|
||
|
||
/// <summary>The content can be returned in any format.</summary>
|
||
CERT_QUERY_FORMAT_FLAG_ALL = (CERT_QUERY_FORMAT_FLAG_BINARY | CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED | CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED),
|
||
}
|
||
|
||
/// <summary>The actual format type of the content.</summary>
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "d882f2b0-0f0a-41c7-afca-a232dc00797b")]
|
||
public enum CertQueryFormatType
|
||
{
|
||
/// <summary>The content is in binary format.</summary>
|
||
CERT_QUERY_FORMAT_BINARY = 1,
|
||
|
||
/// <summary>The content is in Base64 encoded format.</summary>
|
||
CERT_QUERY_FORMAT_BASE64_ENCODED = 2,
|
||
|
||
/// <summary>The content is in ASCII hex-encoded format with an "{ASN}" prefix.</summary>
|
||
CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED = 3,
|
||
}
|
||
|
||
/// <summary>Indicates the type of the object to be queried.</summary>
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "d882f2b0-0f0a-41c7-afca-a232dc00797b")]
|
||
public enum CertQueryObjectType
|
||
{
|
||
/// <summary>The cert query object file</summary>
|
||
CERT_QUERY_OBJECT_FILE = 0x00000001,
|
||
|
||
/// <summary>The cert query object BLOB</summary>
|
||
CERT_QUERY_OBJECT_BLOB = 0x00000002,
|
||
}
|
||
|
||
/// <summary>RDN attribute flags.</summary>
|
||
[Flags]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "e45b80a3-9269-4f21-8407-1c8303cb5f32")]
|
||
public enum CertRDNAttrsFlag
|
||
{
|
||
/// <summary>The pRDN was initialized with Unicode strings</summary>
|
||
CERT_UNICODE_IS_RDN_ATTRS_FLAG = 0x1,
|
||
|
||
/// <summary>Do a case insensitive match.</summary>
|
||
CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG = 0x2
|
||
}
|
||
|
||
/// <summary>Indicates the type of the context structure.</summary>
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "2d6fb244-5273-4530-bec4-e5451fe26f2e")]
|
||
public enum CertRevocationType
|
||
{
|
||
/// <summary>The revocation of certificates.</summary>
|
||
CERT_CONTEXT_REVOCATION_TYPE = 1
|
||
}
|
||
|
||
/// <summary>Indicates any special processing needs.</summary>
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "2d6fb244-5273-4530-bec4-e5451fe26f2e")]
|
||
[Flags]
|
||
public enum CertVerifyFlags
|
||
{
|
||
/// <summary>
|
||
/// Verification of the chain of certificates is done assuming each certificate except the first certificate is the issuer of
|
||
/// the certificate that precedes it. If dwRevType is not CERT_CONTEXT_REVOCATION_TYPE, no assumptions are made about the order
|
||
/// of the contexts.
|
||
/// </summary>
|
||
CERT_VERIFY_REV_CHAIN_FLAG = 0x00000001,
|
||
|
||
/// <summary>Prevents the revocation handler from accessing any network-based resources for revocation checking.</summary>
|
||
CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION = 0x00000002,
|
||
|
||
/// <summary>When set, dwUrlRetrievalTimeout is the cumulative time-out across all URL wire retrievals.</summary>
|
||
CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG = 0x00000004,
|
||
|
||
/// <summary>
|
||
/// When set, this function only uses online certificate status protocol (OCSP) for revocation checking. If the certificate does
|
||
/// not have any OCSP AIA URLs, the dwError member of the pRevStatus parameter is set to CRYPT_E_NOT_IN_REVOCATION_DATABASE.
|
||
/// </summary>
|
||
CERT_VERIFY_REV_SERVER_OCSP_FLAG = 0x00000008,
|
||
|
||
/// <summary>
|
||
/// When set, only the OCSP AIA URL is used if present in the subject. If the subject doesn't have an OCSP AIA URL, then, the
|
||
/// CDP URLs are used.
|
||
/// </summary>
|
||
CERT_VERIFY_REV_NO_OCSP_FAILOVER_TO_CRL_FLAG = 0x00000010,
|
||
|
||
/// <summary>When set, only wire retrieval for OCSP responses.</summary>
|
||
CERT_VERIFY_REV_SERVER_OCSP_WIRE_ONLY_FLAG = 0x00000020,
|
||
}
|
||
|
||
/// <summary>Specifies the cause of the error.</summary>
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "087ea37a-907a-4652-a5df-dd8e86755490")]
|
||
public enum CRL_REASON
|
||
{
|
||
/// <summary>No reason was specified for revocation.</summary>
|
||
CRL_REASON_UNSPECIFIED = 0,
|
||
|
||
/// <summary>
|
||
/// It is known or suspected that the subject's private key or other aspects of the subject validated in the certificate are compromised.
|
||
/// </summary>
|
||
CRL_REASON_KEY_COMPROMISE = 1,
|
||
|
||
/// <summary>
|
||
/// It is known or suspected that the CA's private key or other aspects of the CA validated in the certificate are compromised.
|
||
/// </summary>
|
||
CRL_REASON_CA_COMPROMISE = 2,
|
||
|
||
/// <summary>
|
||
/// The subject's name or other information in the certificate has been modified but there is no cause to suspect that the
|
||
/// private key has been compromised.
|
||
/// </summary>
|
||
CRL_REASON_AFFILIATION_CHANGED = 3,
|
||
|
||
/// <summary>The certificate has been superseded, but there is no cause to suspect that the private key has been compromised.</summary>
|
||
CRL_REASON_SUPERSEDED = 4,
|
||
|
||
/// <summary>
|
||
/// The certificate is no longer needed for the purpose for which it was issued, but there is no cause to suspect that the
|
||
/// private key has been compromised.
|
||
/// </summary>
|
||
CRL_REASON_CESSATION_OF_OPERATION = 5,
|
||
|
||
/// <summary>The certificate has been placed on hold.</summary>
|
||
CRL_REASON_CERTIFICATE_HOLD = 6,
|
||
|
||
/// <summary/>
|
||
CRL_REASON_REMOVE_FROM_CRL = 8,
|
||
|
||
/// <summary/>
|
||
CRL_REASON_PRIVILEGE_WITHDRAWN = 9,
|
||
|
||
/// <summary/>
|
||
CRL_REASON_AA_COMPROMISE = 10,
|
||
}
|
||
|
||
/// <summary>A set of flags that modify the behavior of this function.</summary>
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "9e63517d-a56e-45a9-972c-de9a297e9e25")]
|
||
[Flags]
|
||
public enum CryptFindFlags
|
||
{
|
||
/// <summary>Restricts the search to the user container. The default is to search both the user and machine containers.</summary>
|
||
CRYPT_FIND_USER_KEYSET_FLAG = 0x00000001,
|
||
|
||
/// <summary>Restricts the search to the machine container. The default is to search both the user and machine containers.</summary>
|
||
CRYPT_FIND_MACHINE_KEYSET_FLAG = 0x00000002,
|
||
|
||
/// <summary>
|
||
/// The application requests that the CSP not display any user interface (UI) for this context. If the CSP must display the UI
|
||
/// to operate, the call fails and the NTE_SILENT_CONTEXT error code is set as the last error.
|
||
/// </summary>
|
||
CRYPT_FIND_SILENT_KEYSET_FLAG = 0x00000040,
|
||
|
||
/// <summary>
|
||
/// If a handle is already acquired and cached, that same handle is returned. Otherwise, a new handle is acquired and cached by
|
||
/// using the certificate's CERT_KEY_CONTEXT_PROP_ID property.
|
||
/// <para>
|
||
/// When this flag is set, the pfCallerFreeProvOrNCryptKey parameter receives FALSE and the calling application must not release
|
||
/// the handle. The handle is freed when the certificate context is freed; however, you must retain the certificate context
|
||
/// referenced by the pCert parameter as long as the key is in use, otherwise operations that rely on the key will fail.
|
||
/// </para>
|
||
/// </summary>
|
||
CRYPT_ACQUIRE_CACHE_FLAG = 0x00000001,
|
||
|
||
/// <summary>
|
||
/// Uses the certificate's CERT_KEY_PROV_INFO_PROP_ID property to determine whether caching should be accomplished. For more
|
||
/// information about the CERT_KEY_PROV_INFO_PROP_ID property, see CertSetCertificateContextProperty.
|
||
/// <para>
|
||
/// This function will only use caching if during a previous call, the dwFlags member of the CRYPT_KEY_PROV_INFO structure
|
||
/// contained CERT_SET_KEY_CONTEXT_PROP.
|
||
/// </para>
|
||
/// </summary>
|
||
CRYPT_ACQUIRE_USE_PROV_INFO_FLAG = 0x00000002,
|
||
|
||
/// <summary>
|
||
/// The public key in the certificate is compared with the public key returned by the cryptographic service provider (CSP). If
|
||
/// the keys do not match, the acquisition operation fails and the last error code is set to NTE_BAD_PUBLIC_KEY. If a cached
|
||
/// handle is returned, no comparison is made.
|
||
/// </summary>
|
||
CRYPT_ACQUIRE_COMPARE_KEY_FLAG = 0x00000004,
|
||
|
||
/// <summary>
|
||
/// This function will not attempt to re-create the CERT_KEY_PROV_INFO_PROP_ID property in the certificate context if this
|
||
/// property cannot be retrieved.
|
||
/// </summary>
|
||
CRYPT_ACQUIRE_NO_HEALING = 0x00000008,
|
||
|
||
/// <summary>
|
||
/// The CSP should not display any user interface (UI) for this context. If the CSP must display UI to operate, the call fails
|
||
/// and the NTE_SILENT_CONTEXT error code is set as the last error.
|
||
/// </summary>
|
||
CRYPT_ACQUIRE_SILENT_FLAG = 0x00000040,
|
||
|
||
/// <summary>
|
||
/// Any UI that is needed by the CSP or KSP will be a child of the HWND that is supplied in the pvParameters parameter. For a
|
||
/// CSP key, using this flag will cause the CryptSetProvParam function with the flag PP_CLIENT_HWND using this HWND to be called
|
||
/// with NULL for HCRYPTPROV. For a KSP key, using this flag will cause the NCryptSetProperty function with the
|
||
/// NCRYPT_WINDOW_HANDLE_PROPERTY flag to be called using the HWND.
|
||
/// <para>Do not use this flag with CRYPT_ACQUIRE_SILENT_FLAG.</para>
|
||
/// </summary>
|
||
CRYPT_ACQUIRE_WINDOW_HANDLE_FLAG = 0x00000080,
|
||
|
||
/// <summary>The crypt acquire ncrypt key flags mask</summary>
|
||
CRYPT_ACQUIRE_NCRYPT_KEY_FLAGS_MASK = 0x00070000,
|
||
|
||
/// <summary>
|
||
/// This function will attempt to obtain the key by using CryptoAPI. If that fails, this function will attempt to obtain the key
|
||
/// by using the Cryptography API: Next Generation (CNG).
|
||
/// <para>The CERT_KEY_PROV_INFO_PROP_ID property of the certificate is set to zero if CNG is used to obtain the key.</para>
|
||
/// </summary>
|
||
CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG = 0x00010000,
|
||
|
||
/// <summary>
|
||
/// This function will attempt to obtain the key by using CNG. If that fails, this function will attempt to obtain the key by
|
||
/// using CryptoAPI.
|
||
/// <para>The CERT_KEY_PROV_INFO_PROP_ID property of the certificate is set to zero if CNG is used to obtain the key.</para>
|
||
/// </summary>
|
||
CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG = 0x00020000,
|
||
|
||
/// <summary>
|
||
/// This function will only attempt to obtain the key by using CNG and will not use CryptoAPI to obtain the key.
|
||
/// <para>The CERT_KEY_PROV_INFO_PROP_ID property of the certificate is set to zero if CNG is used to obtain the key.</para>
|
||
/// </summary>
|
||
CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG = 0x00040000,
|
||
}
|
||
|
||
/// <summary>
|
||
/// Indicates how the public key information is exported. The flag value is passed directly to the CryptFindOIDInfo function when
|
||
/// mapping the public key object identifier to the corresponding CNG public key algorithm Unicode string.
|
||
/// </summary>
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "38274222-90b3-4038-86d3-6b2813100ce2")]
|
||
[Flags]
|
||
public enum CryptOIDInfoFlags : uint
|
||
{
|
||
/// <summary>pvKey is the address of a null-terminated ANSI string that contains the OID string to find.</summary>
|
||
CRYPT_OID_INFO_OID_KEY = 1,
|
||
|
||
/// <summary>pvKey is the address of a null-terminated Unicode string that contains the name to find.</summary>
|
||
CRYPT_OID_INFO_NAME_KEY = 2,
|
||
|
||
/// <summary>pvKey is the address of an ALG_IDvariable.</summary>
|
||
CRYPT_OID_INFO_ALGID_KEY = 3,
|
||
|
||
/// <summary>
|
||
/// pvKey is the address of an array of two ALG_IDs where the first element contains the hash algorithm identifier and the
|
||
/// second element contains the public key algorithm identifier.
|
||
/// </summary>
|
||
CRYPT_OID_INFO_SIGN_KEY = 4,
|
||
|
||
/// <summary>
|
||
/// pvKey is the address of a null-terminated Unicode string that contains the CNG algorithm identifier to find. This can be one
|
||
/// of the predefined CNG Algorithm Identifiers or another registered algorithm identifier.
|
||
/// </summary>
|
||
CRYPT_OID_INFO_CNG_ALGID_KEY = 5,
|
||
|
||
/// <summary>
|
||
/// pvKey is the address of an array of two null-terminated Unicode string pointers where the first string contains the hash CNG
|
||
/// algorithm identifier and the second string contains the public key CNG algorithm identifier. These can be from the
|
||
/// predefined CNG Algorithm Identifiers or another registered algorithm identifier.
|
||
/// </summary>
|
||
CRYPT_OID_INFO_CNG_SIGN_KEY = 6,
|
||
|
||
/// <summary>
|
||
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group explicitly flagged with the CRYPT_OID_PUBKEY_ENCRYPT_ONLY_FLAG flag.
|
||
/// </summary>
|
||
CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG = 0x80000000,
|
||
|
||
/// <summary>
|
||
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group explicitly flagged with the CRYPT_OID_PUBKEY_SIGN_ONLY_FLAG flag.
|
||
/// </summary>
|
||
CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG = 0x40000000
|
||
}
|
||
|
||
/// <summary>Flags that modify the function behavior.</summary>
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "8a84af66-b174-4a3e-b1d7-6f218a52d877")]
|
||
[Flags]
|
||
public enum CryptVerifyCertSignFlags
|
||
{
|
||
/// <summary>
|
||
/// If you set this flag and CryptVerifyCertificateSignatureEx detects an MD2 or MD4 algorithm, the function returns FALSE and
|
||
/// sets GetLastError to NTE_BAD_ALGID. The signature is still verified, but this combination of errors enables the caller, now
|
||
/// knowing that an MD2 or MD4 algorithm was used, to decide whether to trust or reject the signature.
|
||
/// <para>Windows 8 and Windows Server 2012: Support for this flag begins.</para>
|
||
/// </summary>
|
||
CRYPT_VERIFY_CERT_SIGN_DISABLE_MD2_MD4_FLAG = 0x00000001,
|
||
|
||
/// <summary>
|
||
/// Sets strong signature properties, after successful verification, on the subject pointed to by the pvSubject parameter.
|
||
/// <para>The following property is set on the certificate context:</para>
|
||
/// <para>CERT_SIGN_HASH_CNG_ALG_PROP_ID</para>
|
||
/// <para>The following properties are set on the CRL context:</para>
|
||
/// <para>CERT_SIGN_HASH_CNG_ALG_PROP_ID</para>
|
||
/// <para>CERT_ISSUER_PUB_KEY_BIT_LENGTH_PROP_ID</para>
|
||
/// <para>Note This flag is only applicable if CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL is specified in the dwSubjectType parameter.</para>
|
||
/// <para>Windows 8 and Windows Server 2012: Support for this flag begins.</para>
|
||
/// </summary>
|
||
CRYPT_VERIFY_CERT_SIGN_SET_STRONG_PROPERTIES_FLAG = 0x00000002,
|
||
|
||
/// <summary>
|
||
/// Returns a pointer to a CRYPT_VERIFY_CERT_SIGN_STRONG_PROPERTIES_INFO structure in the pvExtra parameter. The structure
|
||
/// contains the length, in bits, of the public key and the names of the signing and hashing algorithms used.
|
||
/// <para>
|
||
/// You must call CryptMemFree to free the structure. If memory cannot be allocated for the
|
||
/// CRYPT_VERIFY_CERT_SIGN_STRONG_PROPERTIES_INFO structure, this function returns successfully but sets the pvExtra parameter
|
||
/// to NULL.
|
||
/// </para>
|
||
/// <para>
|
||
/// Note This flag is only applicable if CRYPT_VERIFY_CERT_SIGN_SUBJECT_OCSP_BASIC_SIGNED_RESPONSE is specified in the
|
||
/// dwSubjectType parameter.
|
||
/// </para>
|
||
/// <para>Windows 8 and Windows Server 2012: Support for this flag begins.</para>
|
||
/// </summary>
|
||
CRYPT_VERIFY_CERT_SIGN_RETURN_STRONG_PROPERTIES_FLAG = 0x00000004,
|
||
}
|
||
|
||
/// <summary>The issuer type.</summary>
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "8a84af66-b174-4a3e-b1d7-6f218a52d877")]
|
||
public enum CryptVerifyCertSignIssuer
|
||
{
|
||
/// <summary>pvIssuer is a pointer to a CERT_PUBLIC_KEY_INFOstructure.</summary>
|
||
CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY = 1,
|
||
|
||
/// <summary>pvIssuer is a pointer to a CCERT_CONTEXTstructure.</summary>
|
||
CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT = 2,
|
||
|
||
/// <summary>pvIssuer is a pointer to a CCERT_CHAIN_CONTEXTstructure.</summary>
|
||
CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN = 3,
|
||
|
||
/// <summary>pvIssuer must be NULL.</summary>
|
||
CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL = 4,
|
||
}
|
||
|
||
/// <summary>The subject type.</summary>
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "8a84af66-b174-4a3e-b1d7-6f218a52d877")]
|
||
public enum CryptVerifyCertSignSubject
|
||
{
|
||
/// <summary>pvSubject is a pointer to a CRYPT_DATA_BLOBstructure.</summary>
|
||
CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB = 1,
|
||
|
||
/// <summary>pvSubject is a pointer to a CCERT_CONTEXTstructure.</summary>
|
||
CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT = 2,
|
||
|
||
/// <summary>pvSubject is a pointer to a CCRL_CONTEXTstructure.</summary>
|
||
CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL = 3,
|
||
|
||
/// <summary>
|
||
/// pvSubject is a pointer to an OCSP_BASIC_SIGNED_RESPONSE_INFO structure.
|
||
/// <para>Windows Server 2003 and Windows XP: This subject type is not supported.</para>
|
||
/// </summary>
|
||
CRYPT_VERIFY_CERT_SIGN_SUBJECT_OCSP_BASIC_SIGNED_RESPONSE = 4,
|
||
}
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// The <c>CertCompareCertificate</c> function determines whether two certificates are identical by comparing the issuer name and
|
||
/// serial number of the certificates.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Caution</c> The <c>CertCompareCertificate</c> function must not be used for security assertions because it does not compare BLOBs.
|
||
/// </para>
|
||
/// </summary>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pCertId1">A pointer to the CERT_INFO for the first certificate in the comparison.</param>
|
||
/// <param name="pCertId2">A pointer to the CERT_INFO for the second certificate in the comparison.</param>
|
||
/// <returns>
|
||
/// <para>If the certificates are identical and the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, it returns zero ( <c>FALSE</c>).</para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcomparecertificate BOOL CertCompareCertificate( DWORD
|
||
// dwCertEncodingType, PCERT_INFO pCertId1, PCERT_INFO pCertId2 );
|
||
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "b485fa81-b927-4f0c-bde1-075f36c76d9a")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CertCompareCertificate(CertEncodingType dwCertEncodingType, in CERT_INFO pCertId1, in CERT_INFO pCertId2);
|
||
|
||
/// <summary>
|
||
/// The <c>CertCompareCertificateName</c> function compares two certificate CERT_NAME_BLOB structures to determine whether they are
|
||
/// identical. The <c>CERT_NAME_BLOB</c> structures are used for the subject and the issuer of certificates.
|
||
/// </summary>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pCertName1">A pointer to a CERT_NAME_BLOB for the first name in the comparison. For more information, see CRYPT_INTEGER_BLOB.</param>
|
||
/// <param name="pCertName2">A pointer to a CERT_NAME_BLOB for the second name in the comparison.</param>
|
||
/// <returns>
|
||
/// <para>If the names are identical and the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, it returns zero ( <c>FALSE</c>).</para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcomparecertificatename BOOL
|
||
// CertCompareCertificateName( DWORD dwCertEncodingType, PCERT_NAME_BLOB pCertName1, PCERT_NAME_BLOB pCertName2 );
|
||
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "6249429d-0cb2-4209-9580-87185d44b967")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CertCompareCertificateName(CertEncodingType dwCertEncodingType, in CRYPTOAPI_BLOB pCertName1, in CRYPTOAPI_BLOB pCertName2);
|
||
|
||
/// <summary>
|
||
/// The <c>CertCompareIntegerBlob</c> function compares two integer BLOBs to determine whether they represent equal numeric values.
|
||
/// </summary>
|
||
/// <param name="pInt1">A pointer to a CRYPT_INTEGER_BLOB structure that contains the first integer in the comparison.</param>
|
||
/// <param name="pInt2">A pointer to a CRYPT_INTEGER_BLOB structure that contains the second integer in the comparison.</param>
|
||
/// <returns>
|
||
/// <para>If the representations of the integer BLOBs are identical and the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, it returns zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// Before doing the comparison, most significant bytes with a value of 0x00 are removed from a positive number. Positive here means
|
||
/// that the most significant bit in the next nonzero byte is not set.
|
||
/// </para>
|
||
/// <para>
|
||
/// Most significant bytes with a value of 0xFF are removed from a negative number. Negative here means that the most significant
|
||
/// bit in the next non-0xFF byte is set. This produces the unique representation of that integer, as shown in the following table.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Original bytes</term>
|
||
/// <term>Reduced form</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>0xFFFFFF88</term>
|
||
/// <term>0xFF88</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>0xFF23</term>
|
||
/// <term>0xFF23</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>0x007F</term>
|
||
/// <term>0x7F</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>0x00000080</term>
|
||
/// <term>0x80</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// Multiple-byte integers are treated as little-endian. The least significant byte is pbData[0]. The most significant byte is
|
||
/// pbData[cbData - 1], that is, 0xFFFFFF88 is stored in four bytes as:
|
||
/// </para>
|
||
/// <para>{0x88, 0xFF, 0xFF, 0xFF}</para>
|
||
/// <para>Examples</para>
|
||
/// <para>For an example that uses this function, see Example C Program: Using CertOIDToAlgId and CertCompareIntegerBlob.</para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcompareintegerblob BOOL CertCompareIntegerBlob(
|
||
// PCRYPT_INTEGER_BLOB pInt1, PCRYPT_INTEGER_BLOB pInt2 );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "467ce464-2f22-4583-a745-711ba3b05f4f")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CertCompareIntegerBlob(in CRYPTOAPI_BLOB pInt1, in CRYPTOAPI_BLOB pInt2);
|
||
|
||
/// <summary>The <c>CertComparePublicKeyInfo</c> function compares two encoded public keys to determine whether they are identical.</summary>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pPublicKey1">A pointer to the CERT_PUBLIC_KEY_INFO for the first public key in the comparison.</param>
|
||
/// <param name="pPublicKey2">A pointer to the CERT_PUBLIC_KEY_INFO for the second public key in the comparison.</param>
|
||
/// <returns>
|
||
/// <para>If the public keys are identical and the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, it returns zero ( <c>FALSE</c>).</para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcomparepublickeyinfo BOOL CertComparePublicKeyInfo(
|
||
// DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pPublicKey1, PCERT_PUBLIC_KEY_INFO pPublicKey2 );
|
||
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "079e4d5e-c8cb-4c3e-8094-13b9a140d564")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CertComparePublicKeyInfo(CertEncodingType dwCertEncodingType, in CERT_PUBLIC_KEY_INFO pPublicKey1, in CERT_PUBLIC_KEY_INFO pPublicKey2);
|
||
|
||
/// <summary>
|
||
/// The <c>CertFindAttribute</c> function finds the first attribute in the CRYPT_ATTRIBUTE array, as identified by its object
|
||
/// identifier (OID). This function can be used in the processing of a decoded certificate request. A CERT_REQUEST_INFO structure is
|
||
/// derived from a decoded certificate request. The <c>rgAttribute</c> array is retrieved from that structure and passed to this
|
||
/// function in the rgAttr parameter. This function determines whether a particular attribute is in the array, and if so, returns a
|
||
/// pointer to it.
|
||
/// </summary>
|
||
/// <param name="pszObjId">A pointer to the object identifier (OID) to use in the search.</param>
|
||
/// <param name="cAttr">Number of attributes in the rgAttr array.</param>
|
||
/// <param name="rgAttr">Array of CRYPT_ATTRIBUTE structures.</param>
|
||
/// <returns>Returns a pointer to the attribute, if one is found. Otherwise, <c>NULL</c> is returned.</returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certfindattribute PCRYPT_ATTRIBUTE CertFindAttribute(
|
||
// LPCSTR pszObjId, DWORD cAttr, CRYPT_ATTRIBUTE [] rgAttr );
|
||
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "99d690fb-ea85-4cb1-9fb0-bdb02e4ac50a")]
|
||
public static extern IntPtr CertFindAttribute(SafeOID pszObjId, uint cAttr, [MarshalAs(UnmanagedType.LPArray)] CRYPT_ATTRIBUTE[] rgAttr);
|
||
|
||
/// <summary>
|
||
/// The <c>CertFindAttribute</c> function finds the first attribute in the CRYPT_ATTRIBUTE array, as identified by its object
|
||
/// identifier (OID). This function can be used in the processing of a decoded certificate request. A CERT_REQUEST_INFO structure is
|
||
/// derived from a decoded certificate request. The <c>rgAttribute</c> array is retrieved from that structure and passed to this
|
||
/// function in the rgAttr parameter. This function determines whether a particular attribute is in the array, and if so, returns a
|
||
/// reference to it.
|
||
/// </summary>
|
||
/// <param name="pszObjId">The object identifier (OID) to use in the search.</param>
|
||
/// <param name="rgAttr">Array of CRYPT_ATTRIBUTE structures.</param>
|
||
/// <returns>Returns a reference to the attribute, if one is found. Otherwise, <see langword="null"/> is returned.</returns>
|
||
public static CRYPT_ATTRIBUTE? CertFindAttribute(string pszObjId, CRYPT_ATTRIBUTE[] rgAttr) => CertFindAttribute(pszObjId, (uint)(rgAttr?.Length ?? 0), rgAttr).ToNullableStructure<CRYPT_ATTRIBUTE>();
|
||
|
||
/// <summary>
|
||
/// The <c>CertFindExtension</c> function finds the first extension in the CERT_EXTENSION array, as identified by its object
|
||
/// identifier (OID). This function can be used in the processing of a decoded certificate. A CERT_INFO structure is derived from a
|
||
/// decoded certificate. The <c>CERT_INFO</c> structure's <c>rgExtension</c> member is passed to <c>CertFindExtension</c> in the
|
||
/// rgExtensions parameter. This function determines whether a particular extension is in the array, and if so, returns a pointer to it
|
||
/// </summary>
|
||
/// <param name="pszObjId">A pointer to the object identifier (OID) to use in the search.</param>
|
||
/// <param name="cExtensions">Number of extensions in the rgExtensions array.</param>
|
||
/// <param name="rgExtensions">Array of CERT_EXTENSION structures.</param>
|
||
/// <returns>Returns a pointer to the extension, if one is found. Otherwise, <c>NULL</c> is returned.</returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certfindextension PCERT_EXTENSION CertFindExtension(
|
||
// LPCSTR pszObjId, DWORD cExtensions, CERT_EXTENSION [] rgExtensions );
|
||
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "489c58b6-a704-4f54-bc64-34eacafc347c")]
|
||
public static extern IntPtr CertFindExtension(SafeOID pszObjId, uint cExtensions, [MarshalAs(UnmanagedType.LPArray)] CERT_EXTENSION[] rgExtensions);
|
||
|
||
/// <summary>
|
||
/// The <c>CertFindExtension</c> function finds the first extension in the CERT_EXTENSION array, as identified by its object
|
||
/// identifier (OID). This function can be used in the processing of a decoded certificate. A CERT_INFO structure is derived from a
|
||
/// decoded certificate. The <c>CERT_INFO</c> structure's <c>rgExtension</c> member is passed to <c>CertFindExtension</c> in the
|
||
/// rgExtensions parameter. This function determines whether a particular extension is in the array, and if so, returns a reference
|
||
/// to it
|
||
/// </summary>
|
||
/// <param name="pszObjId">A pointer to the object identifier (OID) to use in the search.</param>
|
||
/// <param name="rgExtensions">Array of CERT_EXTENSION structures.</param>
|
||
/// <returns>Returns a reference to the extension, if one is found. Otherwise, <see langword="null"/> is returned.</returns>
|
||
public static CERT_EXTENSION? CertFindExtension(string pszObjId, CERT_EXTENSION[] rgExtensions) => CertFindExtension(pszObjId, (uint)(rgExtensions?.Length ?? 0), rgExtensions).ToNullableStructure<CERT_EXTENSION>();
|
||
|
||
/// <summary>
|
||
/// The <c>CertFindRDNAttr</c> function finds the first RDN attribute identified by its object identifier (OID) in a list of the
|
||
/// Relative Distinguished Names (RDN).
|
||
/// </summary>
|
||
/// <param name="pszObjId">A pointer to the object identifier (OID) to use In the search.</param>
|
||
/// <param name="pName">A pointer to a CERT_NAME_INFO structure containing the list of the Relative Distinguished Names to be searched.</param>
|
||
/// <returns>Returns a pointer to the attribute, if one is found. Otherwise, <c>NULL</c> is returned.</returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certfindrdnattr PCERT_RDN_ATTR CertFindRDNAttr( LPCSTR
|
||
// pszObjId, PCERT_NAME_INFO pName );
|
||
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "31f82a02-e90a-48de-857a-9fbb03048b5c")]
|
||
public static extern IntPtr CertFindRDNAttr(SafeOID pszObjId, in CERT_NAME_INFO pName);
|
||
|
||
/// <summary>
|
||
/// The <c>CertGetIntendedKeyUsage</c> function acquires the intended key usage bytes from a certificate. The intended key usage can
|
||
/// be in either the szOID_KEY_USAGE ("2.5.29.15") or szOID_KEY_ATTRIBUTES ("2.5.29.2") extension.
|
||
/// </summary>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pCertInfo">A pointer to CERT_INFO structure of the specified certificate.</param>
|
||
/// <param name="pbKeyUsage">
|
||
/// <para>
|
||
/// A pointer to a buffer to receive the intended key usage. The following list shows currently defined values. These can be
|
||
/// combined by using bitwise- <c>OR</c> operations.
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>CERT_DATA_ENCIPHERMENT_KEY_USAGE</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_DIGITAL_SIGNATURE_KEY_USAGE</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_KEY_AGREEMENT_KEY_USAGE</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_KEY_CERT_SIGN_KEY_USAGE</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_KEY_ENCIPHERMENT_KEY_USAGE</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_NON_REPUDIATION_KEY_USAGE</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_OFFLINE_CRL_SIGN_KEY_USAGE</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="cbKeyUsage">
|
||
/// The size, in bytes, of the buffer pointed to by pbKeyUsage. Currently, the intended key usage occupies 1 or 2 bytes of data.
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>
|
||
/// If the certificate does not have any intended key usage bytes, <c>FALSE</c> is returned and pbKeyUsage is zeroed. Otherwise,
|
||
/// <c>TRUE</c> is returned and up to cbKeyUsage number of bytes are copied into pbKeyUsage. Any remaining bytes not copied are zeroed.
|
||
/// </para>
|
||
/// <para>GetLastError returns zero if none of the required extensions is found.</para>
|
||
/// <para>
|
||
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
|
||
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
|
||
/// </para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetintendedkeyusage BOOL CertGetIntendedKeyUsage(
|
||
// DWORD dwCertEncodingType, PCERT_INFO pCertInfo, BYTE *pbKeyUsage, DWORD cbKeyUsage );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "d09c3626-f864-4774-8511-3e912f62e520")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CertGetIntendedKeyUsage(CertEncodingType dwCertEncodingType, in CERT_INFO pCertInfo, out CertKeyUsage pbKeyUsage, uint cbKeyUsage = 2);
|
||
|
||
/// <summary>The <c>CertGetPublicKeyLength</c> function acquires the bit length of public/private keys from a public key BLOB.</summary>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pPublicKey">A pointer to the public key BLOB containing the keys for which the length is being retrieved.</param>
|
||
/// <returns>
|
||
/// <para>Returns the length of the public/private keys in bits. If unable to determine the key's length, returns zero.</para>
|
||
/// <para>Call GetLastError to see the reason for any failures.</para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetpublickeylength DWORD CertGetPublicKeyLength(
|
||
// DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pPublicKey );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "e67923f4-cd1f-4952-88f1-92ee26423f87")]
|
||
public static extern uint CertGetPublicKeyLength(CertEncodingType dwCertEncodingType, in CERT_PUBLIC_KEY_INFO pPublicKey);
|
||
|
||
/// <summary>
|
||
/// The <c>CertIsRDNAttrsInCertificateName</c> function compares the attributes in the certificate name with the specified CERT_RDN
|
||
/// to determine whether all attributes are included there. The comparison iterates through the <c>CERT_RDN</c> and looks for an
|
||
/// attribute match in any of the <c>CERT_RDN</c> s of the certificate name.
|
||
/// </summary>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING</para>
|
||
/// <para>Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="dwFlags">
|
||
/// <para>
|
||
/// CERT_UNICODE_IS_RDN_ATTRS_FLAG must be set if the pRDN was initialized with Unicode strings as in CryptEncodeObject with
|
||
/// lpszStructType set to X509_UNICODE_NAME.
|
||
/// </para>
|
||
/// <para>
|
||
/// CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG is set to do a case insensitive match. Otherwise, an exact, case sensitive match is done.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pCertName">A pointer to a CRYPT_INTEGER_BLOB that contains the encoded subject or issuer name.</param>
|
||
/// <param name="pRDN">
|
||
/// <para>
|
||
/// Array of CERT_RDN structures that contain the attributes to be found in the name. The CERT_RDN_ATTR member of the
|
||
/// <c>CERT_RDN</c> structure behaves according to the following rules.
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>If <c>pszObjId</c> is <c>NULL</c>, the attribute object identifier (OID) is ignored.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>If <c>dwValueType</c> is CERT_RDN_ANY_TYPE, the value type is ignored.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>If the <c>pbData</c> member of <c>Value</c> is <c>NULL</c>, any value can be a match.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>
|
||
/// If the function succeeds and all of the RDN values in the specified CERT_RDN are in the certificate name, the return value is
|
||
/// nonzero ( <c>TRUE</c>).
|
||
/// </para>
|
||
/// <para>
|
||
/// If the function fails, or if there are RDN values in the specified CERT_RDN that are not in the certificate name, the return
|
||
/// value is zero ( <c>FALSE</c>). For extended error information, call GetLastError.
|
||
/// </para>
|
||
/// <para>The following table lists some possible error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CRYPT_E_NO_MATCH</term>
|
||
/// <term>Not all the attributes were found and matched.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_FILE_NOT_FOUND</term>
|
||
/// <term>Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
|
||
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
|
||
/// </para>
|
||
/// </returns>
|
||
/// <remarks>Currently, only an exact, case-sensitive match is supported.</remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certisrdnattrsincertificatename BOOL
|
||
// CertIsRDNAttrsInCertificateName( DWORD dwCertEncodingType, DWORD dwFlags, PCERT_NAME_BLOB pCertName, PCERT_RDN pRDN );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "e45b80a3-9269-4f21-8407-1c8303cb5f32")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CertIsRDNAttrsInCertificateName(CertEncodingType dwCertEncodingType, CertRDNAttrsFlag dwFlags, in CRYPTOAPI_BLOB pCertName, [In, MarshalAs(UnmanagedType.LPArray)] CERT_RDN[] pRDN);
|
||
|
||
/// <summary>
|
||
/// Determines whether the specified hash algorithm and the public key in the signing certificate can be used to perform strong signing.
|
||
/// </summary>
|
||
/// <param name="pStrongSignPara">
|
||
/// Pointer to a CERT_STRONG_SIGN_PARA structure that contains information about supported signing and hashing algorithms.
|
||
/// </param>
|
||
/// <param name="pwszCNGHashAlgid">
|
||
/// <para>Pointer to a Unicode string that contains the name of the hashing algorithm. The following algorithms are supported:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>L"MD5" (BCRYPT_MD5_ALGORITHM)</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>L"SHA1" (BCRYPT_SHA1_ALGORITHM)</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>L"SHA256" (BCRYPT_SHA256_ALGORITHM)</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>L"SHA256" (BCRYPT_SHA256_ALGORITHM)</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>L"SHA512" (BCRYPT_SHA512_ALGORITHM)</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pSigningCert">
|
||
/// <para>
|
||
/// Pointer to a CERT_CONTEXT structure that contains the signing certificate. The public key algorithm in the signing certificate
|
||
/// is checked for strength. The public key (asymmetric) algorithm is used for signing. The following signature algorithms are supported:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>L"RSA" (BCRYPT_RSA_ALGORITHM)</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>L"DSA" (BCRYPT_DSA_ALGORITHM)</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>L"ECDSA" (SSL_ECDSA_ALGORITHM)</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>This parameter can be</para>
|
||
/// <para>NULL</para>
|
||
/// <para>if you want to check only whether the hashing algorithm is strong.</para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the function returns <c>TRUE</c>.</para>
|
||
/// <para>
|
||
/// If the function fails, it returns <c>FALSE</c>. For extended error information, call GetLastError. This function has the
|
||
/// following error codes.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>E_INVALIDARG</term>
|
||
/// <term>One or more of the input arguments is not correct.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NTE_BAD_ALGID</term>
|
||
/// <term>A specified algorithm is not supported.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certisstronghashtosign BOOL CertIsStrongHashToSign(
|
||
// PCCERT_STRONG_SIGN_PARA pStrongSignPara, LPCWSTR pwszCNGHashAlgid, PCCERT_CONTEXT pSigningCert );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "B498C1F0-1EFF-49AF-9CD4-A447F79256F1")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CertIsStrongHashToSign(in CERT_STRONG_SIGN_PARA pStrongSignPara, [MarshalAs(UnmanagedType.LPWStr)] string pwszCNGHashAlgid, [Optional] PCCERT_CONTEXT pSigningCert);
|
||
|
||
/// <summary>
|
||
/// The <c>CertVerifyCRLRevocation</c> function check a certificate revocation list (CRL) to determine whether a subject's
|
||
/// certificate has or has not been revoked. The new Certificate Chain Verification Functions are recommended instead of the use of
|
||
/// this function.
|
||
/// </summary>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING</para>
|
||
/// <para>Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pCertId">A pointer to the CERT_INFO structure of the certificate to be checked against the CRL.</param>
|
||
/// <param name="cCrlInfo">Number of CRL_INFO pointers in the rgpCrlInfo array.</param>
|
||
/// <param name="rgpCrlInfo">Array of pointers to CRL_INFO structures.</param>
|
||
/// <returns>
|
||
/// <para>Returns <c>TRUE</c> if the certificate is not on the CRL and therefore is valid.</para>
|
||
/// <para>It returns <c>FALSE</c> if the certificate is on the list and therefore has been revoked and is not valid.</para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certverifycrlrevocation BOOL CertVerifyCRLRevocation(
|
||
// DWORD dwCertEncodingType, PCERT_INFO pCertId, DWORD cCrlInfo, PCRL_INFO [] rgpCrlInfo );
|
||
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "a46ac5b5-bc44-4857-a7fb-4f35d438e3f7")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CertVerifyCRLRevocation(CertEncodingType dwCertEncodingType, in CERT_INFO pCertId, uint cCrlInfo, [MarshalAs(UnmanagedType.LPArray)] IntPtr[] rgpCrlInfo);
|
||
|
||
/// <summary>The <c>CertVerifyCRLTimeValidity</c> function verifies the time validity of a CRL.</summary>
|
||
/// <param name="pTimeToVerify">
|
||
/// A pointer to FILETIME structure containing the time to be used in the verification. If set to <c>NULL</c>, the current time is used.
|
||
/// </param>
|
||
/// <param name="pCrlInfo">A pointer to a CRL_INFO structure containing the CRL for which the time is to be verified.</param>
|
||
/// <returns>
|
||
/// Returns a minus one (–1) if the comparison time is before the <c>ThisUpdate</c> member of the CRL_INFO pointed to by pCrlInfo.
|
||
/// Returns a plus one (+1) if the comparison time is after the <c>NextUpdate</c> time. Returns zero for valid time for the CRL.
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certverifycrltimevalidity LONG CertVerifyCRLTimeValidity(
|
||
// LPFILETIME pTimeToVerify, PCRL_INFO pCrlInfo );
|
||
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "ff321fe8-df45-4a1d-b626-055fb0696438")]
|
||
public static extern int CertVerifyCRLTimeValidity(in FILETIME pTimeToVerify, in CRL_INFO pCrlInfo);
|
||
|
||
/// <summary>
|
||
/// The <c>CertVerifyRevocation</c> function checks the revocation status of the certificates contained in the rgpvContext array. If
|
||
/// a certificate in the list is found to be revoked, no further checking is done. This array can be a chain of certificates
|
||
/// propagating upward from an end entity to the root authority, but this nature of the list of certificates is not required or assumed.
|
||
/// </summary>
|
||
/// <param name="dwEncodingType">
|
||
/// Specifies the encoding type used. Currently, only X509_ASN_ENCODING and PKCS_7_ASN_ENCODING are being used; however, additional
|
||
/// encoding types may be added in the future. For either current encoding type, use X509_ASN_ENCODING | PKCS_7_ASN_ENCODING.
|
||
/// </param>
|
||
/// <param name="dwRevType">
|
||
/// Indicates the type of the context structure passed in rgpvContext. Currently only CERT_CONTEXT_REVOCATION_TYPE, the revocation
|
||
/// of certificates, is defined.
|
||
/// </param>
|
||
/// <param name="cContext">Count of elements in the rgpvContext array.</param>
|
||
/// <param name="rgpvContext">
|
||
/// <para>
|
||
/// When the dwRevType is CERT_CONTEXT_REVOCATION_TYPE, rgpvContext is an array of pointers to CERT_CONTEXT structures. These
|
||
/// contexts must contain sufficient information to allow the installable or registered revocation DLLs to find the revocation
|
||
/// server. This information would normally be conveyed in an extension such as the CRLDistributionsPoints extension defined by the
|
||
/// Internet Engineering Task Force (IETF) in PKIX Part 1.
|
||
/// </para>
|
||
/// <para>For efficiency, the more contexts that are passed in at one time, the better.</para>
|
||
/// </param>
|
||
/// <param name="dwFlags">
|
||
/// <para>Indicates any special processing needs. This parameter can be one of the following flags.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_VERIFY_REV_CHAIN_FLAG</term>
|
||
/// <term>
|
||
/// Verification of the chain of certificates is done assuming each certificate except the first certificate is the issuer of the
|
||
/// certificate that precedes it. If dwRevType is not CERT_CONTEXT_REVOCATION_TYPE, no assumptions are made about the order of the contexts.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION</term>
|
||
/// <term>Prevents the revocation handler from accessing any network-based resources for revocation checking.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG</term>
|
||
/// <term>When set, dwUrlRetrievalTimeout is the cumulative time-out across all URL wire retrievals.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_VERIFY_REV_SERVER_OCSP_FLAG</term>
|
||
/// <term>
|
||
/// When set, this function only uses online certificate status protocol (OCSP) for revocation checking. If the certificate does not
|
||
/// have any OCSP AIA URLs, the dwError member of the pRevStatus parameter is set to CRYPT_E_NOT_IN_REVOCATION_DATABASE.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pRevPara">Optionally set to assist in finding the issuer. For details, see the CERT_REVOCATION_PARA structure.</param>
|
||
/// <param name="pRevStatus">
|
||
/// <para>
|
||
/// Only the <c>cbSize</c> member of the CERT_REVOCATION_STATUS pointed to by pRevStatus needs to be set before
|
||
/// <c>CertVerifyRevocation</c> is called.
|
||
/// </para>
|
||
/// <para>
|
||
/// If the function returns <c>FALSE</c>, this structure's members will contain error status information. For more information, see
|
||
/// CERT_REVOCATION_STATUS. For a description of how pRevStatus is updated when a revocation verification problem is encountered,
|
||
/// see Remarks.
|
||
/// </para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>
|
||
/// If the function successfully checks all of the contexts and none were revoked, the function returns <c>TRUE</c>. If the function
|
||
/// fails, it returns <c>FALSE</c> and updates the CERT_REVOCATION_STATUS structure pointed to by pRevStatus as described in <c>CERT_REVOCATION_STATUS</c>.
|
||
/// </para>
|
||
/// <para>
|
||
/// When the revocation handler for any of the contexts returns <c>FALSE</c> due to an error, the <c>dwError</c> member in the
|
||
/// structure pointed to by pRevStatus will be set by the handler to specify which error was encountered. GetLastError returns an
|
||
/// error code equal to the error specified in the <c>dwError</c> member of the CERT_REVOCATION_STATUS structure.
|
||
/// <c>GetLastError</c> can be one of the following values.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CRYPT_E_NO_REVOCATION_CHECK</term>
|
||
/// <term>An installed or registered revocation function was not able to do a revocation check on the context.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_E_NO_REVOCATION_DLL</term>
|
||
/// <term>No installed or registered DLL was found that was able to verify revocation.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_E_NOT_IN_REVOCATION_DATABASE</term>
|
||
/// <term>The context to be checked was not found in the revocation server's database.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_E_REVOCATION_OFFLINE</term>
|
||
/// <term>It was not possible to connect to the revocation server.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_E_REVOKED</term>
|
||
/// <term>The context was revoked. dwReason in pRevStatus contains the reason for revocation.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_SUCCESS</term>
|
||
/// <term>The context was good.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>E_INVALIDARG</term>
|
||
/// <term>
|
||
/// cbSize in pRevStatus is less than sizeof(CERT_REVOCATION_STATUS). Note that dwError in pRevStatus is not updated for this error.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>The following example shows how pRevStatus is updated when a revocation verification problem is encountered:</para>
|
||
/// <para>Consider the case where cContext is four:</para>
|
||
/// <para>
|
||
/// If <c>CertVerifyRevocation</c> can verify that rgpvContext[0] and rgpvContext[1] are not revoked, but cannot check
|
||
/// rgpvContext[2], the pRevStatus member <c>dwIndex</c> is set to two, indicating that the context at index two has the problem,
|
||
/// the <c>dwError</c> member of pRevStatus is set to CRYPT_E_NO_REVOCATION_CHECK, and <c>FALSE</c> is returned.
|
||
/// </para>
|
||
/// <para>
|
||
/// If rgpvContext[2] is found to be revoked, the <c>dwIndex</c> member of pRevStatus is set to two, and the <c>dwError</c> member
|
||
/// of pRevStatus is set to CRYPT_E_REVOKED, <c>dwReason</c> is updated, and <c>FALSE</c> is returned.
|
||
/// </para>
|
||
/// <para>
|
||
/// In either case, both rgpvContext[0] and rgpvContext[1] are verified not to be revoked, rgpvContext[2] is the last array index
|
||
/// checked, and rgpvContext[3] has not been checked at all.
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certverifyrevocation BOOL CertVerifyRevocation( DWORD
|
||
// dwEncodingType, DWORD dwRevType, DWORD cContext, PVOID [] rgpvContext, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
|
||
// PCERT_REVOCATION_STATUS pRevStatus );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "2d6fb244-5273-4530-bec4-e5451fe26f2e")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CertVerifyRevocation(CertEncodingType dwEncodingType, CertRevocationType dwRevType, uint cContext, [In, MarshalAs(UnmanagedType.LPArray)] IntPtr[] rgpvContext,
|
||
CertVerifyFlags dwFlags, in CERT_REVOCATION_PARA pRevPara, ref CERT_REVOCATION_STATUS pRevStatus);
|
||
|
||
/// <summary>The <c>CertVerifyTimeValidity</c> function verifies the time validity of a certificate.</summary>
|
||
/// <param name="pTimeToVerify">
|
||
/// A pointer to a FILETIME structure containing the comparison time. If <c>NULL</c>, the current time is used.
|
||
/// </param>
|
||
/// <param name="pCertInfo">A pointer to the CERT_INFO structure of the certificate for which the time is being verified.</param>
|
||
/// <returns>
|
||
/// Returns a minus one if the comparison time is before the <c>NotBefore</c> member of the CERT_INFO structure. Returns a plus one
|
||
/// if the comparison time is after the <c>NotAfter</c> member. Returns zero for valid time for the certificate.
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certverifytimevalidity LONG CertVerifyTimeValidity(
|
||
// LPFILETIME pTimeToVerify, PCERT_INFO pCertInfo );
|
||
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "9ccf9230-e998-4f82-9db0-6cbaa1c36850")]
|
||
public static extern int CertVerifyTimeValidity(in FILETIME pTimeToVerify, in CERT_INFO pCertInfo);
|
||
|
||
/// <summary>
|
||
/// The <c>CertVerifyValidityNesting</c> function verifies that a subject certificate's time validity nests correctly within its
|
||
/// issuer's time validity.
|
||
/// </summary>
|
||
/// <param name="pSubjectInfo">A pointer to the CERT_INFO structure of the subject certificate.</param>
|
||
/// <param name="pIssuerInfo">A pointer to the CERT_INFO structure of the issuer certificate.</param>
|
||
/// <returns>
|
||
/// Returns <c>TRUE</c> if the <c>NotBefore</c> time of the subject's certificate is after the <c>NotBefore</c> time of the issuer's
|
||
/// certificate and the <c>NotAfter</c> time of the subject's certificate is not after the <c>NotAfter</c> time of the issuer's
|
||
/// certificate. Otherwise, returns <c>FALSE</c>.
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certverifyvaliditynesting BOOL CertVerifyValidityNesting(
|
||
// PCERT_INFO pSubjectInfo, PCERT_INFO pIssuerInfo );
|
||
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "dc73a21d-5b55-45c4-80d2-220508d9f762")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CertVerifyValidityNesting(in CERT_INFO pSubjectInfo, in CERT_INFO pIssuerInfo);
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// [The <c>CryptExportPKCS8</c> function is no longer available for use as of Windows Server 2008 and Windows Vista. Instead, use
|
||
/// the PFXExportCertStoreEx function.]
|
||
/// </para>
|
||
/// <para>
|
||
/// The <c>CryptExportPKCS8</c> function exports the private key in PKCS #8 format. The function is superseded by
|
||
/// CryptExportPKCS8Ex, which also may be altered or unavailable in subsequent versions.
|
||
/// </para>
|
||
/// </summary>
|
||
/// <param name="hCryptProv">
|
||
/// An HCRYPTPROV variable that contains the cryptographic service provider (CSP). This is a handle to the CSP obtained by calling CryptAcquireContext.
|
||
/// </param>
|
||
/// <param name="dwKeySpec">
|
||
/// <para>
|
||
/// A <c>DWORD</c> variable that contains the key specification. The following dwKeySpec values are defined for the default provider.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>AT_KEYEXCHANGE</term>
|
||
/// <term>Keys used to encrypt/decrypt session keys.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>AT_SIGNATURE</term>
|
||
/// <term>Keys used to create and verify digital signatures.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pszPrivateKeyObjId">An <c>LPSTR</c> variable that contains the private key object identifier (OID).</param>
|
||
/// <param name="dwFlags">This parameter should be zero if pbPrivateKeyBlob is <c>NULL</c> and 0x8000 otherwise.</param>
|
||
/// <param name="pvAuxInfo">This parameter must be set to <c>NULL</c>.</param>
|
||
/// <param name="pbPrivateKeyBlob">
|
||
/// <para>A pointer to an array of <c>BYTE</c> structures to receive the private key to be exported.</para>
|
||
/// <para>
|
||
/// The private key will contain the information in a PKCS #8 PrivateKeyInfo Abstract Syntax Notation One (ASN.1) type found in the
|
||
/// PKCS #8 standard.
|
||
/// </para>
|
||
/// <para>
|
||
/// For memory allocation purposes, you can get the size of the private key to be exported by setting this parameter to <c>NULL</c>.
|
||
/// For more information, see Retrieving Data of Unknown Length.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pcbPrivateKeyBlob">
|
||
/// A pointer to a <c>DWORD</c> that may contain, on input, the size, in bytes, of the memory allocation needed to contain the
|
||
/// pbPrivateKeyBlob. If pbPrivateKeyBlob is <c>NULL</c>, this parameter will return the size of the memory allocation needed for a
|
||
/// second call to the function. For more information, see Retrieving Data of Unknown Length.
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the function returns nonzero.</para>
|
||
/// <para>If the function fails, it returns zero. For extended error information, call GetLastError.</para>
|
||
/// <para>The following error codes are specific to this function.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_UNSUPPORTED_TYPE</term>
|
||
/// <term>An export function that can be installed or registered could not be found.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_MORE_DATA</term>
|
||
/// <term>
|
||
/// If the buffer specified by the pbPrivateKeyBlob parameter is not large enough to hold the returned data, the function sets the
|
||
/// ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable pointed to by the pcbPrivateKeyBlob parameter.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the function fails, GetLastError may return an ASN.1 encoding/decoding error. For information about these errors, see ASN.1
|
||
/// Encoding/Decoding Return Values.
|
||
/// </para>
|
||
/// </returns>
|
||
/// <remarks>This function is only supported for asymmetric keys.</remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptexportpkcs8 BOOL CryptExportPKCS8( HCRYPTPROV
|
||
// hCryptProv, DWORD dwKeySpec, LPSTR pszPrivateKeyObjId, DWORD dwFlags, void *pvAuxInfo, BYTE *pbPrivateKeyBlob, DWORD
|
||
// *pcbPrivateKeyBlob );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "defd0b23-d9c2-4b28-a6a6-1be7487ae656")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptExportPKCS8(HCRYPTPROV hCryptProv, CertKeySpec dwKeySpec, SafeOID pszPrivateKeyObjId, uint dwFlags, [In, Optional] IntPtr pvAuxInfo, [Out, Optional] IntPtr pbPrivateKeyBlob, ref uint pcbPrivateKeyBlob);
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// [The <c>CryptExportPKCS8Ex</c> function is no longer available for use as of Windows Server 2008 and Windows Vista. Instead, use
|
||
/// the PFXExportCertStoreEx function.]
|
||
/// </para>
|
||
/// <para>
|
||
/// The <c>CryptExportPKCS8Ex</c> function exports the private key in PKCS #8 format.This function has no associated import library.
|
||
/// You must use the LoadLibrary and GetProcAddress functions to dynamically link to Crypt32.dll.
|
||
/// </para>
|
||
/// </summary>
|
||
/// <param name="psExportParams">
|
||
/// A pointer to a CRYPT_PKCS8_EXPORT_PARAMS structure that contains information about the key to export.
|
||
/// </param>
|
||
/// <param name="dwFlags">This parameter should be zero if pbPrivateKeyBlob is <c>NULL</c> and 0x8000 otherwise.</param>
|
||
/// <param name="pvAuxInfo">This parameter must be <c>NULL</c>.</param>
|
||
/// <param name="pbPrivateKeyBlob">
|
||
/// <para>A pointer to an array of <c>BYTE</c> structures to receive the private key to be exported.</para>
|
||
/// <para>
|
||
/// The private key will contain the information in a PKCS #8 PrivateKeyInfo Abstract Syntax Notation One (ASN.1) type found in the
|
||
/// PKCS #8 standard.
|
||
/// </para>
|
||
/// <para>
|
||
/// For memory allocation purposes, you can get the size of the private key to be exported by setting this parameter to <c>NULL</c>.
|
||
/// For more information, see Retrieving Data of Unknown Length.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pcbPrivateKeyBlob">
|
||
/// A pointer to a <c>DWORD</c> that may contain, on input, the size, in bytes, of the memory allocation needed to contain the
|
||
/// pbPrivateKeyBlob. If pbPrivateKeyBlob is <c>NULL</c>, this parameter will return the size of the memory allocation needed for a
|
||
/// second call to the function. For more information, see Retrieving Data of Unknown Length.
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, it returns zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
|
||
/// <para>The following error codes are specific to this function.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_UNSUPPORTED_TYPE</term>
|
||
/// <term>An export function that can be installed or registered could not be found.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_MORE_DATA</term>
|
||
/// <term>
|
||
/// If the buffer specified by the pbPrivateKeyBlob parameter is not large enough to hold the returned data, the function sets the
|
||
/// ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable pointed to by the pcbPrivateKeyBlob parameter.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the function fails, GetLastError returns an ASN.1 encoding/decoding error. For information about these errors, see ASN.1
|
||
/// Encoding/Decoding Return Values.
|
||
/// </para>
|
||
/// </returns>
|
||
/// <remarks>This function is only supported for asymmetric keys.</remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptexportpkcs8ex BOOL CryptExportPKCS8Ex(
|
||
// CRYPT_PKCS8_EXPORT_PARAMS *psExportParams, DWORD dwFlags, void *pvAuxInfo, BYTE *pbPrivateKeyBlob, DWORD *pcbPrivateKeyBlob );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "82fee86a-8704-4f22-8f11-f89509c5a0aa")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptExportPKCS8Ex(in CRYPT_PKCS8_EXPORT_PARAMS psExportParams, uint dwFlags, [In, Optional] IntPtr pvAuxInfo, [Optional, Out] IntPtr pbPrivateKeyBlob, ref uint pcbPrivateKeyBlob);
|
||
|
||
/// <summary>
|
||
/// The <c>CryptExportPublicKeyInfo</c> function exports the public key information associated with the corresponding private key of
|
||
/// the provider. For an updated version of this function, see CryptExportPublicKeyInfoEx.
|
||
/// </summary>
|
||
/// <param name="hCryptProvOrNCryptKey">
|
||
/// Handle of the cryptographic service provider (CSP) to use when exporting the public key information. This handle must be an
|
||
/// HCRYPTPROV handle that has been created by using the CryptAcquireContext function or an <c>NCRYPT_KEY_HANDLE</c> handle that has
|
||
/// been created by using the NCryptOpenKey function. New applications should always pass in the <c>NCRYPT_KEY_HANDLE</c> handle of
|
||
/// a CNG CSP.
|
||
/// </param>
|
||
/// <param name="dwKeySpec">
|
||
/// Identifies the private key to use from the container of the provider. It can be AT_KEYEXCHANGE or AT_SIGNATURE. This parameter
|
||
/// is ignored if an <c>NCRYPT_KEY_HANDLE</c> is used in the hCryptProvOrNCryptKey parameter.
|
||
/// </param>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING</para>
|
||
/// <para>Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pInfo">
|
||
/// <para>A pointer to a CERT_PUBLIC_KEY_INFO structure to receive the public key information to be exported.</para>
|
||
/// <para>
|
||
/// To set the size of this information for memory allocation purposes, this parameter can be <c>NULL</c>. For more information, see
|
||
/// Retrieving Data of Unknown Length.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pcbInfo">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> that contains the size, in bytes, of the buffer pointed to by the pInfo parameter. When the function
|
||
/// returns, the <c>DWORD</c> contains the number of bytes needed for the return buffer.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Note</c> When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
|
||
/// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually
|
||
/// specified large enough to ensure that the largest possible output data will fit in the buffer.) On output, the variable pointed
|
||
/// to by this parameter is updated to reflect the actual size of the data copied to the buffer.
|
||
/// </para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, it returns zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
|
||
/// <para><c>Note</c> Errors from the called functions CryptGetUserKey and CryptExportKey might be propagated to this function.</para>
|
||
/// <para>This function has the following error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_MORE_DATA</term>
|
||
/// <term>
|
||
/// If the buffer specified by the pInfo parameter is not large enough to hold the returned data, the function sets the
|
||
/// ERROR_MORE_DATA code, and stores the required buffer size, in bytes, into the variable pointed to by pcbInfo.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_FILE_NOT_FOUND</term>
|
||
/// <term>Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
|
||
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
|
||
/// </para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptexportpublickeyinfo BOOL CryptExportPublicKeyInfo(
|
||
// HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, DWORD dwKeySpec, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo,
|
||
// DWORD *pcbInfo );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "ad43a991-aaf5-4272-abab-0a981112e5e4")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptExportPublicKeyInfo(HCRYPTPROV hCryptProvOrNCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType, IntPtr pInfo, ref uint pcbInfo);
|
||
|
||
/// <summary>
|
||
/// The <c>CryptExportPublicKeyInfo</c> function exports the public key information associated with the corresponding private key of
|
||
/// the provider. For an updated version of this function, see CryptExportPublicKeyInfoEx.
|
||
/// </summary>
|
||
/// <param name="hCryptProvOrNCryptKey">
|
||
/// Handle of the cryptographic service provider (CSP) to use when exporting the public key information. This handle must be an
|
||
/// HCRYPTPROV handle that has been created by using the CryptAcquireContext function or an <c>NCRYPT_KEY_HANDLE</c> handle that has
|
||
/// been created by using the NCryptOpenKey function. New applications should always pass in the <c>NCRYPT_KEY_HANDLE</c> handle of
|
||
/// a CNG CSP.
|
||
/// </param>
|
||
/// <param name="dwKeySpec">
|
||
/// Identifies the private key to use from the container of the provider. It can be AT_KEYEXCHANGE or AT_SIGNATURE. This parameter
|
||
/// is ignored if an <c>NCRYPT_KEY_HANDLE</c> is used in the hCryptProvOrNCryptKey parameter.
|
||
/// </param>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING</para>
|
||
/// <para>Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pInfo">
|
||
/// <para>A pointer to a CERT_PUBLIC_KEY_INFO structure to receive the public key information to be exported.</para>
|
||
/// <para>
|
||
/// To set the size of this information for memory allocation purposes, this parameter can be <c>NULL</c>. For more information, see
|
||
/// Retrieving Data of Unknown Length.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pcbInfo">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> that contains the size, in bytes, of the buffer pointed to by the pInfo parameter. When the function
|
||
/// returns, the <c>DWORD</c> contains the number of bytes needed for the return buffer.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Note</c> When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
|
||
/// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually
|
||
/// specified large enough to ensure that the largest possible output data will fit in the buffer.) On output, the variable pointed
|
||
/// to by this parameter is updated to reflect the actual size of the data copied to the buffer.
|
||
/// </para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, it returns zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
|
||
/// <para><c>Note</c> Errors from the called functions CryptGetUserKey and CryptExportKey might be propagated to this function.</para>
|
||
/// <para>This function has the following error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_MORE_DATA</term>
|
||
/// <term>
|
||
/// If the buffer specified by the pInfo parameter is not large enough to hold the returned data, the function sets the
|
||
/// ERROR_MORE_DATA code, and stores the required buffer size, in bytes, into the variable pointed to by pcbInfo.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_FILE_NOT_FOUND</term>
|
||
/// <term>Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
|
||
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
|
||
/// </para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptexportpublickeyinfo BOOL CryptExportPublicKeyInfo(
|
||
// HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, DWORD dwKeySpec, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo,
|
||
// DWORD *pcbInfo );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "ad43a991-aaf5-4272-abab-0a981112e5e4")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptExportPublicKeyInfo(NCrypt.NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType, IntPtr pInfo, ref uint pcbInfo);
|
||
|
||
/// <summary>
|
||
/// The <c>CryptExportPublicKeyInfoEx</c> function exports the public key information associated with the provider's corresponding
|
||
/// private key. This function allows the application to specify the public key algorithm, overriding the default provided by the
|
||
/// cryptographic service provider (CSP).
|
||
/// </summary>
|
||
/// <param name="hCryptProvOrNCryptKey">
|
||
/// A handle of the CSP to use when exporting the public key information. This handle must be an HCRYPTPROV handle that has been
|
||
/// created by using the CryptAcquireContext function or an <c>NCRYPT_KEY_HANDLE</c> handle that has been created by using the
|
||
/// NCryptOpenKey function. New applications should always pass in the <c>NCRYPT_KEY_HANDLE</c> handle of a CNG CSP.
|
||
/// </param>
|
||
/// <param name="dwKeySpec">
|
||
/// Identifies the private key to use from the provider's container. It can be AT_KEYEXCHANGE or AT_SIGNATURE. This parameter is
|
||
/// ignored if an <c>NCRYPT_KEY_HANDLE</c> is used in the hCryptProvOrNCryptKey parameter.
|
||
/// </param>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING</para>
|
||
/// <para>Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pszPublicKeyObjId">
|
||
/// <para>Specifies the public key algorithm.</para>
|
||
/// <para>
|
||
/// <c>Note</c> pszPublicKeyObjId and dwCertEncodingType are used together to determine the installable
|
||
/// <c>CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FUNC</c> to call. If an installable function was not found for the pszPublicKeyObjId
|
||
/// parameter, an attempt is made to export the key as an RSA Public Key (szOID_RSA_RSA).
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="dwFlags">
|
||
/// <para>
|
||
/// A <c>DWORD</c> flag value that indicates how the public key information is exported. The flag value is passed directly to the
|
||
/// CryptFindOIDInfo function when mapping the public key object identifier to the corresponding CNG public key algorithm Unicode
|
||
/// string. The following flag values can be set.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG</term>
|
||
/// <term>
|
||
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group explicitly flagged with the CRYPT_OID_PUBKEY_ENCRYPT_ONLY_FLAG flag.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG</term>
|
||
/// <term>
|
||
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group explicitly flagged with the CRYPT_OID_PUBKEY_SIGN_ONLY_FLAG flag.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pvAuxInfo">This parameter is reserved for future use and must be set to <c>NULL</c>.</param>
|
||
/// <param name="pInfo">
|
||
/// <para>A pointer to a CERT_PUBLIC_KEY_INFO structure to receive the public key information to be exported.</para>
|
||
/// <para>
|
||
/// This parameter can be <c>NULL</c> to set the size of this information for memory allocation purposes. For more information, see
|
||
/// Retrieving Data of Unknown Length.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pcbInfo">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> that contains the size, in bytes, of the buffer pointed to by the pInfo parameter. When the function
|
||
/// returns, the <c>DWORD</c> contains the number of bytes stored in the buffer.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Note</c> When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
|
||
/// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually
|
||
/// specified large enough to ensure that the largest possible output data will fit in the buffer.) On output, the variable pointed
|
||
/// to by this parameter is updated to reflect the actual size of the data copied to the buffer.
|
||
/// </para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, the return value is zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
|
||
/// <para><c>Note</c> Errors from the called functions CryptGetUserKey and CryptExportKey can be propagated to this function.</para>
|
||
/// <para>This function has the following error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_FILE_NOT_FOUND</term>
|
||
/// <term>
|
||
/// An export function that can be installed or registered could not be found for the specified dwCertEncodingType and
|
||
/// pszPublicKeyObjId parameters.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_MORE_DATA</term>
|
||
/// <term>
|
||
/// If the buffer specified by the pInfo parameter is not large enough to hold the returned data, the function sets the
|
||
/// ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable pointed to by the pcbInfo parameter.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
|
||
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
|
||
/// </para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptexportpublickeyinfoex BOOL
|
||
// CryptExportPublicKeyInfoEx( HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, DWORD dwKeySpec, DWORD dwCertEncodingType,
|
||
// LPSTR pszPublicKeyObjId, DWORD dwFlags, void *pvAuxInfo, PCERT_PUBLIC_KEY_INFO pInfo, DWORD *pcbInfo );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "38274222-90b3-4038-86d3-6b2813100ce2")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptExportPublicKeyInfoEx(HCRYPTPROV hCryptProvOrNCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType, SafeOID pszPublicKeyObjId,
|
||
CryptOIDInfoFlags dwFlags, [In, Optional] IntPtr pvAuxInfo, [Out, Optional] IntPtr pInfo, ref uint pcbInfo);
|
||
|
||
/// <summary>
|
||
/// The <c>CryptExportPublicKeyInfoEx</c> function exports the public key information associated with the provider's corresponding
|
||
/// private key. This function allows the application to specify the public key algorithm, overriding the default provided by the
|
||
/// cryptographic service provider (CSP).
|
||
/// </summary>
|
||
/// <param name="hCryptProvOrNCryptKey">
|
||
/// A handle of the CSP to use when exporting the public key information. This handle must be an HCRYPTPROV handle that has been
|
||
/// created by using the CryptAcquireContext function or an <c>NCRYPT_KEY_HANDLE</c> handle that has been created by using the
|
||
/// NCryptOpenKey function. New applications should always pass in the <c>NCRYPT_KEY_HANDLE</c> handle of a CNG CSP.
|
||
/// </param>
|
||
/// <param name="dwKeySpec">
|
||
/// Identifies the private key to use from the provider's container. It can be AT_KEYEXCHANGE or AT_SIGNATURE. This parameter is
|
||
/// ignored if an <c>NCRYPT_KEY_HANDLE</c> is used in the hCryptProvOrNCryptKey parameter.
|
||
/// </param>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING</para>
|
||
/// <para>Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pszPublicKeyObjId">
|
||
/// <para>Specifies the public key algorithm.</para>
|
||
/// <para>
|
||
/// <c>Note</c> pszPublicKeyObjId and dwCertEncodingType are used together to determine the installable
|
||
/// <c>CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FUNC</c> to call. If an installable function was not found for the pszPublicKeyObjId
|
||
/// parameter, an attempt is made to export the key as an RSA Public Key (szOID_RSA_RSA).
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="dwFlags">
|
||
/// <para>
|
||
/// A <c>DWORD</c> flag value that indicates how the public key information is exported. The flag value is passed directly to the
|
||
/// CryptFindOIDInfo function when mapping the public key object identifier to the corresponding CNG public key algorithm Unicode
|
||
/// string. The following flag values can be set.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG</term>
|
||
/// <term>
|
||
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group explicitly flagged with the CRYPT_OID_PUBKEY_ENCRYPT_ONLY_FLAG flag.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG</term>
|
||
/// <term>
|
||
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group explicitly flagged with the CRYPT_OID_PUBKEY_SIGN_ONLY_FLAG flag.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pvAuxInfo">This parameter is reserved for future use and must be set to <c>NULL</c>.</param>
|
||
/// <param name="pInfo">
|
||
/// <para>A pointer to a CERT_PUBLIC_KEY_INFO structure to receive the public key information to be exported.</para>
|
||
/// <para>
|
||
/// This parameter can be <c>NULL</c> to set the size of this information for memory allocation purposes. For more information, see
|
||
/// Retrieving Data of Unknown Length.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pcbInfo">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> that contains the size, in bytes, of the buffer pointed to by the pInfo parameter. When the function
|
||
/// returns, the <c>DWORD</c> contains the number of bytes stored in the buffer.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Note</c> When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
|
||
/// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually
|
||
/// specified large enough to ensure that the largest possible output data will fit in the buffer.) On output, the variable pointed
|
||
/// to by this parameter is updated to reflect the actual size of the data copied to the buffer.
|
||
/// </para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, the return value is zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
|
||
/// <para><c>Note</c> Errors from the called functions CryptGetUserKey and CryptExportKey can be propagated to this function.</para>
|
||
/// <para>This function has the following error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_FILE_NOT_FOUND</term>
|
||
/// <term>
|
||
/// An export function that can be installed or registered could not be found for the specified dwCertEncodingType and
|
||
/// pszPublicKeyObjId parameters.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_MORE_DATA</term>
|
||
/// <term>
|
||
/// If the buffer specified by the pInfo parameter is not large enough to hold the returned data, the function sets the
|
||
/// ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable pointed to by the pcbInfo parameter.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
|
||
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
|
||
/// </para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptexportpublickeyinfoex BOOL
|
||
// CryptExportPublicKeyInfoEx( HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, DWORD dwKeySpec, DWORD dwCertEncodingType,
|
||
// LPSTR pszPublicKeyObjId, DWORD dwFlags, void *pvAuxInfo, PCERT_PUBLIC_KEY_INFO pInfo, DWORD *pcbInfo );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "38274222-90b3-4038-86d3-6b2813100ce2")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptExportPublicKeyInfoEx(NCrypt.NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType, SafeOID pszPublicKeyObjId,
|
||
CryptOIDInfoFlags dwFlags, [In, Optional] IntPtr pvAuxInfo, [Out, Optional] IntPtr pInfo, ref uint pcbInfo);
|
||
|
||
/// <summary>
|
||
/// The <c>CryptExportPublicKeyInfoFromBCryptKeyHandle</c> function exports the public key information associated with a provider's
|
||
/// corresponding private key.
|
||
/// </summary>
|
||
/// <param name="hBCryptKey">The handle of the key from which to export the public key information.</param>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>Specifies the encoding type to be matched.</para>
|
||
/// <para>This value can be a bitwise combination of the currently defined encoding types:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pszPublicKeyObjId">
|
||
/// A pointer to the object identifier (OID) that identifies the installable function to use to export the key. If the high-order
|
||
/// word of the OID is nonzero, pszPublicKeyObjId is a pointer to either an OID string such as "2.5.29.1" or an ASCII string such as
|
||
/// "file." If the high-order word of the OID is zero, the low-order word specifies the integer identifier to be used as the object identifier.
|
||
/// </param>
|
||
/// <param name="dwFlags">
|
||
/// <para>A <c>DWORD</c> value that indicates how the public key information is exported.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG 0x80000000</term>
|
||
/// <term>
|
||
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group that are explicitly flagged with the
|
||
/// CRYPT_OID_PUBKEY_ENCRYPT_ONLY_FLAG flag.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG 0x40000000</term>
|
||
/// <term>
|
||
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group that are explicitly flagged with the
|
||
/// CRYPT_OID_PUBKEY_SIGN_ONLY_FLAG flag.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pvAuxInfo">This parameter is reserved for future use and must be set to <c>NULL</c>.</param>
|
||
/// <param name="pInfo">
|
||
/// <para>A pointer to a CERT_PUBLIC_KEY_INFO structure to receive the public key information to be exported.</para>
|
||
/// <para>
|
||
/// This parameter can be <c>NULL</c> to set the size of this information for memory allocation purposes. For more information, see
|
||
/// Retrieving Data of Unknown Length.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pcbInfo">
|
||
/// A pointer to a <c>DWORD</c> that contains the size, in bytes, of the buffer pointed to by the pInfo parameter. When the function
|
||
/// returns, the <c>DWORD</c> contains the number of bytes stored in the buffer.
|
||
/// </param>
|
||
/// <returns>The function returns <c>TRUE</c> if it succeeds; otherwise, it returns <c>FALSE</c>.</returns>
|
||
/// <remarks>
|
||
/// If the <c>CryptExportPublicKeyInfoFromBCryptKeyHandle</c> function is unable to find an installable OID function for the OID
|
||
/// specified by the pszPublicKeyObjId parameter, it attempts to export the key as a RSA Public Key ( <c>szOID_RSA_RSA</c>). If the
|
||
/// key is exported as a RSA Public Key, the values of the dwFlags and pvAuxInfo parameters are not used.
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptexportpublickeyinfofrombcryptkeyhandle BOOL
|
||
// CryptExportPublicKeyInfoFromBCryptKeyHandle( BCRYPT_KEY_HANDLE hBCryptKey, DWORD dwCertEncodingType, LPSTR pszPublicKeyObjId,
|
||
// DWORD dwFlags, void *pvAuxInfo, PCERT_PUBLIC_KEY_INFO pInfo, DWORD *pcbInfo );
|
||
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "f96bff4a-d354-4231-907a-383aff5cfacc")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptExportPublicKeyInfoFromBCryptKeyHandle(BCrypt.BCRYPT_KEY_HANDLE hBCryptKey, CertEncodingType dwCertEncodingType, SafeOID pszPublicKeyObjId,
|
||
CryptOIDInfoFlags dwFlags, [In, Optional] IntPtr pvAuxInfo, [Out, Optional] IntPtr pInfo, ref uint pcbInfo);
|
||
|
||
/// <summary>
|
||
/// The <c>CryptFindCertificateKeyProvInfo</c> function enumerates the cryptographic providers and their containers to find the
|
||
/// private key that corresponds to the certificate's public key.
|
||
/// </summary>
|
||
/// <param name="pCert">A pointer to the CERT_CONTEXT structure of the certificate to use when exporting public key information.</param>
|
||
/// <param name="dwFlags">
|
||
/// <para>A set of flags that modify the behavior of this function. This can be zero or one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CRYPT_FIND_USER_KEYSET_FLAG</term>
|
||
/// <term>Restricts the search to the user container. The default is to search both the user and machine containers.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_FIND_MACHINE_KEYSET_FLAG</term>
|
||
/// <term>Restricts the search to the machine container. The default is to search both the user and machine containers.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_FIND_SILENT_KEYSET_FLAG</term>
|
||
/// <term>
|
||
/// The application requests that the CSP not display any user interface (UI) for this context. If the CSP must display the UI to
|
||
/// operate, the call fails and the NTE_SILENT_CONTEXT error code is set as the last error.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// The following flags determine which technology is used to obtain the key. If none of these flags is present, this function will
|
||
/// only attempt to obtain the key by using CryptoAPI.
|
||
/// </para>
|
||
/// <para><c>Windows Server 2003 and Windows XP:</c> These flags are not supported.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG</term>
|
||
/// <term>
|
||
/// This function will attempt to obtain the key by using CryptoAPI. If that fails, this function will attempt to obtain the key by
|
||
/// using the Cryptography API: Next Generation (CNG). The CERT_KEY_PROV_INFO_PROP_ID property of the certificate is set to zero if
|
||
/// CNG is used to obtain the key.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG</term>
|
||
/// <term>
|
||
/// This function will only attempt to obtain the key by using CNG and will not use CryptoAPI to obtain the key. The
|
||
/// CERT_KEY_PROV_INFO_PROP_ID property of the certificate is set to zero if CNG is used to obtain the key.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG</term>
|
||
/// <term>
|
||
/// This function will attempt to obtain the key by using CNG. If that fails, this function will attempt to obtain the key by using
|
||
/// CryptoAPI. The CERT_KEY_PROV_INFO_PROP_ID property of the certificate is set to zero if CNG is used to obtain the key.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pvReserved">Reserved for future use and must be <c>NULL</c>.</param>
|
||
/// <returns>
|
||
/// <para>
|
||
/// <c>TRUE</c> if the function finds a private key that corresponds to the certificate's public key within a searched container;
|
||
/// <c>FALSE</c> if the function fails to find a container or a private key within a container.
|
||
/// </para>
|
||
/// <para>GetLastError returns the following error:</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>NTE_NO_KEY</term>
|
||
/// <term>No container found.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// This function enumerates the cryptographic providers and their containers to find the private key that corresponds to the
|
||
/// certificate's public key. For a match, the function updates the certificate's <c>CERT_KEY_PROV_INFO_PROP_ID</c> property. If the
|
||
/// <c>CERT_KEY_PROV_INFO_PROP_ID</c> is already set, it is checked to determine whether it matches the provider's public key. For a
|
||
/// match, the function skips the previously mentioned enumeration.
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptfindcertificatekeyprovinfo BOOL
|
||
// CryptFindCertificateKeyProvInfo( PCCERT_CONTEXT pCert, DWORD dwFlags, void *pvReserved );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "9e63517d-a56e-45a9-972c-de9a297e9e25")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptFindCertificateKeyProvInfo(PCCERT_CONTEXT pCert, CryptFindFlags dwFlags, IntPtr pvReserved = default);
|
||
|
||
/// <summary>
|
||
/// The <c>CryptFindLocalizedName</c> function finds the localized name for the specified name, such as the localize name of the
|
||
/// "Root" system store. This function can be used before displaying any UI that included a name that might have a localized form.
|
||
/// </summary>
|
||
/// <param name="pwszCryptName">
|
||
/// <para>
|
||
/// A pointer to a specified name. An internal table is searched to compare a predefined localized name to the specified name. The
|
||
/// search matches the localized name by using a case insensitive string comparison.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Note</c> Localized names for the predefined system stores ("Root", "My") and predefined physical stores (".Default",
|
||
/// ".LocalMachine") are preinstalled as resource strings in Crypt32.dll.
|
||
/// </para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the specified name is found, a pointer to the localized name is returned. The returned pointer must not be freed.</para>
|
||
/// <para>If the specified name is not found, <c>NULL</c> is returned.</para>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>CryptSetOIDFunctionValue can be called as follows to register additional localized strings.</para>
|
||
/// <para>dwEncodingType = CRYPT_LOCALIZED_NAME_ENCODING_TYPE</para>
|
||
/// <para>pszFuncName = CRYPT_OID_FIND_LOCALIZED_NAME_FUNC</para>
|
||
/// <para>pszOID = CRYPT_LOCALIZED_NAME_OID</para>
|
||
/// <para>pwszValueName = Name to be localized, for example, L"ApplicationStore"</para>
|
||
/// <para>dwValueType = REG_SZ</para>
|
||
/// <para>pbValueData = pointer to the Unicode localized string</para>
|
||
/// <para>cbValueData = (wcslen(Unicode localized string) + 1) * sizeof(WCHAR)</para>
|
||
/// <para>CryptSetOIDFunctionValue can be called as follows to unregister the localized strings.</para>
|
||
/// <para>pbValueData = <c>NULL</c></para>
|
||
/// <para>cbValueData = 0.</para>
|
||
/// <para>The registered names are searched before the preinstalled names.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>CRYPT_LOCALIZED_NAME_ ENCODING_TYPE</term>
|
||
/// <term>0</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CRYPT_LOCALIZED_NAME_ OID</term>
|
||
/// <term>"LocalizedNames"</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_OID_FIND_LOCALIZED_ NAME_FUNC</term>
|
||
/// <term>"CryptDLLFindLocalizedName"</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>Examples</para>
|
||
/// <para>For an example that uses this function, see Example C Program: Setting and Getting Certificate Store Properties.</para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptfindlocalizedname LPCWSTR CryptFindLocalizedName(
|
||
// LPCWSTR pwszCryptName );
|
||
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "8f0006a9-0930-4b71-87ce-e72371095e4c")]
|
||
[return: MarshalAs(UnmanagedType.LPWStr)]
|
||
public static extern StrPtrUni CryptFindLocalizedName([MarshalAs(UnmanagedType.LPWStr)] string pwszCryptName);
|
||
|
||
/// <summary>
|
||
/// <note>Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs.
|
||
/// Microsoft may remove this API in future releases.</note>
|
||
/// <para>The CryptHashCertificate function hashes the entire encoded content of a certificate including its signature.</para>
|
||
/// </summary>
|
||
/// <param name="hCryptProv">
|
||
/// <para>This parameter is not used and should be set to <c>NULL</c>.</para>
|
||
/// <para>
|
||
/// <c>Windows Server 2003 and Windows XP:</c> A handle of the cryptographic service provider (CSP) to use to compute the hash.
|
||
/// </para>
|
||
/// <para>This parameter's data type is <c>HCRYPTPROV</c>.</para>
|
||
/// <para>
|
||
/// Unless there is a strong reason for passing in a specific CSP in hCryptProv, zero is passed in. Passing in zero causes the
|
||
/// default RSA or Digital Signature Standard (DSS) provider to be acquired before doing hash, signature verification, or recipient
|
||
/// encryption operations.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="Algid">
|
||
/// An ALG_ID structure that specifies the hash algorithm to use. If Algid is zero, the default hash algorithm, SHA1, is used.
|
||
/// </param>
|
||
/// <param name="dwFlags">Value to be passed to the hash API. For details, see CryptCreateHash.</param>
|
||
/// <param name="pbEncoded">Address of the encoded content to be hashed.</param>
|
||
/// <param name="cbEncoded">The size, in bytes, of the encoded content.</param>
|
||
/// <param name="pbComputedHash">
|
||
/// <para>A pointer to a buffer to receive the computed hash.</para>
|
||
/// <para>
|
||
/// To set the size of this information for memory allocation purposes, this parameter can be <c>NULL</c>. For more information, see
|
||
/// Retrieving Data of Unknown Length.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pcbComputedHash">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> that contains the size, in bytes, of the buffer pointed to by the pbComputedHash parameter. When the
|
||
/// function returns, the <c>DWORD</c> contains the number of bytes stored in the buffer.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Note</c> When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
|
||
/// actual size can be slightly smaller than the size of the buffer specified on input. On input, buffer sizes are usually specified
|
||
/// large enough to ensure that the largest possible output data will fit in the buffer. On output, the variable pointed to by this
|
||
/// parameter is updated to reflect the actual size of the data copied to the buffer.
|
||
/// </para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, it returns zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
|
||
/// <para>
|
||
/// <c>Note</c> Errors from the called functions CryptCreateHash, CryptGetHashParam and CryptHashData might be propagated to this function.
|
||
/// </para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-crypthashcertificate BOOL CryptHashCertificate(
|
||
// HCRYPTPROV_LEGACY hCryptProv, ALG_ID Algid, DWORD dwFlags, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash, DWORD
|
||
// *pcbComputedHash );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "a5beba30-f32b-4d57-8a54-7d9096459c50")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptHashCertificate([Optional] HCRYPTPROV hCryptProv, ALG_ID Algid, [Optional] uint dwFlags, [In] IntPtr pbEncoded, uint cbEncoded, [Out] IntPtr pbComputedHash, ref uint pcbComputedHash);
|
||
|
||
/// <summary>The <c>CryptHashCertificate2</c> function hashes a block of data by using a CNG hash provider.</summary>
|
||
/// <param name="pwszCNGHashAlgid">
|
||
/// The address of a null-terminated Unicode string that contains the CNG hash algorithm identifier of the hash algorithm to use to
|
||
/// hash the certificate. This can be one of the CNG Algorithm Identifiers that represents a hash algorithm or any other registered
|
||
/// hash algorithm identifier.
|
||
/// </param>
|
||
/// <param name="dwFlags">A set of flags that modify the behavior of this function. No flags are defined for this function.</param>
|
||
/// <param name="pvReserved">Reserved for future use and must be <c>NULL</c>.</param>
|
||
/// <param name="pbEncoded">The address of an array of bytes to be hashed. The cbEncoded parameter contains the size of this array.</param>
|
||
/// <param name="cbEncoded">The number of elements in the pbEncoded array.</param>
|
||
/// <param name="pbComputedHash">
|
||
/// The address of a buffer that receives the computed hash. The variable pointed to by the pcbComputedHash parameter contains the
|
||
/// size of this buffer.
|
||
/// </param>
|
||
/// <param name="pcbComputedHash">
|
||
/// The address of a <c>DWORD</c> variable that, on entry, contains the size, in bytes, of the pbComputedHash buffer. After this
|
||
/// function returns, this variable contains the number of bytes copied to the pbComputedHash buffer.
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>
|
||
/// If the function fails, it returns zero ( <c>FALSE</c>). For extended error information, call GetLastError. Some of the possible
|
||
/// error codes are identified in the following topics.
|
||
/// </para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-crypthashcertificate2 BOOL CryptHashCertificate2( LPCWSTR
|
||
// pwszCNGHashAlgid, DWORD dwFlags, void *pvReserved, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash, DWORD
|
||
// *pcbComputedHash );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "9f315374-0002-499a-81ea-efcb3c19e68f")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptHashCertificate2([MarshalAs(UnmanagedType.LPWStr)] string pwszCNGHashAlgid, [Optional] uint dwFlags, [Optional] IntPtr pvReserved, [In] IntPtr pbEncoded, uint cbEncoded, [Out] IntPtr pbComputedHash, ref uint pcbComputedHash);
|
||
|
||
/// <summary>
|
||
/// <note>Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs.
|
||
/// Microsoft may remove this API in future releases.</note>
|
||
/// <para>
|
||
/// The CryptHashPublicKeyInfo function encodes the public key information in a CERT_PUBLIC_KEY_INFO structure and computes the hash
|
||
/// of the encoded bytes.The hash created is used with key identifier functions.
|
||
/// </para>
|
||
/// </summary>
|
||
/// <param name="hCryptProv">
|
||
/// <para>This parameter is not used and should be set to <c>NULL</c>.</para>
|
||
/// <para>
|
||
/// <c>Windows Server 2003 and Windows XP:</c> A handle of the cryptographic service provider (CSP) to use to compute the hash.This
|
||
/// parameter's data type is <c>HCRYPTPROV</c>.
|
||
/// </para>
|
||
/// <para>
|
||
/// Unless there is a strong reason for passing in a specific cryptographic provider in hCryptProv, zero is passed in. Passing in
|
||
/// zero causes the default RSA or Digital Signature Standard (DSS) provider to be acquired before doing hash, signature
|
||
/// verification, or recipient encryption operations.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="Algid">
|
||
/// An ALG_ID structure that specifies the CryptoAPI hash algorithm to use. If Algid is zero, the default hash algorithm, SHA1, is used.
|
||
/// </param>
|
||
/// <param name="dwFlags">Values to be passed on to CryptCreateHash.</param>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING</para>
|
||
/// <para>Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pInfo">
|
||
/// A pointer to a CERT_PUBLIC_KEY_INFO structure that contains the public key information to be encoded and hashed.
|
||
/// </param>
|
||
/// <param name="pbComputedHash">
|
||
/// <para>A pointer to a buffer to receive the computed hash.</para>
|
||
/// <para>
|
||
/// To set the size of this information for memory allocation purposes, this parameter can be <c>NULL</c>. For more information, see
|
||
/// Retrieving Data of Unknown Length.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pcbComputedHash">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> that contains the size, in bytes, of the buffer pointed to by the pbComputedHash parameter. When the
|
||
/// function returns, the <c>DWORD</c> contains the number of bytes stored in the buffer.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Note</c> When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
|
||
/// actual size can be slightly smaller than the size of the buffer specified on input. On input, buffer sizes are usually specified
|
||
/// large enough to ensure that the largest possible output data will fit in the buffer. On output, the variable pointed to by this
|
||
/// parameter is updated to reflect the actual size of the data copied to the buffer.
|
||
/// </para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, it returns zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
|
||
/// <para>
|
||
/// <c>Note</c> Errors from the called functions CryptCreateHash, CryptGetHashParam, and CryptHashData can be propagated to this
|
||
/// function. This function has the following error codes.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_MORE_DATA</term>
|
||
/// <term>
|
||
/// If the buffer specified by the pbComputedHash parameter is not large enough to hold the returned data, the function sets the
|
||
/// ERROR_MORE_DATA code, and stores the required buffer size, in bytes, in the variable pointed to by pcbComputedHash.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_FILE_NOT_FOUND</term>
|
||
/// <term>Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
|
||
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
|
||
/// </para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-crypthashpublickeyinfo BOOL CryptHashPublicKeyInfo(
|
||
// HCRYPTPROV_LEGACY hCryptProv, ALG_ID Algid, DWORD dwFlags, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo, BYTE
|
||
// *pbComputedHash, DWORD *pcbComputedHash );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "b0c419b7-ebb3-42c6-9f6a-59b55a2db1b2")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptHashPublicKeyInfo([Optional] HCRYPTPROV hCryptProv, ALG_ID Algid, [Optional] uint dwFlags, CertEncodingType dwCertEncodingType,
|
||
in CERT_PUBLIC_KEY_INFO pInfo, [Out] IntPtr pbComputedHash, ref uint pcbComputedHash);
|
||
|
||
/// <summary>
|
||
/// <note>Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs.
|
||
/// Microsoft may remove this API in future releases.</note>
|
||
/// <para>
|
||
/// The CryptHashToBeSigned function computes the hash of the encoded content from a signed and encoded certificate. The hash is
|
||
/// performed on only the "to be signed" encoded content and its signature.
|
||
/// </para>
|
||
/// </summary>
|
||
/// <param name="hCryptProv">
|
||
/// <para>This parameter is not used and should be set to <c>NULL</c>.</para>
|
||
/// <para>
|
||
/// <c>Windows Server 2003 and Windows XP:</c> A handle of the cryptographic service provider (CSP) to use to compute the hash.This
|
||
/// parameter's data type is <c>HCRYPTPROV</c>.
|
||
/// </para>
|
||
/// <para>
|
||
/// Unless there is a strong reason for passing in a specific cryptographic provider in hCryptProv, zero is passed in. Passing in
|
||
/// zero causes the default RSA or Digital Signature Standard (DSS) provider to be acquired before doing hash, signature
|
||
/// verification, or recipient encryption operations.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING</para>
|
||
/// <para>Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pbEncoded">Address of a buffer that contains the content to be hashed. This is the encoded form of a CERT_SIGNED_CONTENT_INFO.</param>
|
||
/// <param name="cbEncoded">The size, in bytes, of the buffer.</param>
|
||
/// <param name="pbComputedHash">
|
||
/// <para>A pointer to a buffer to receive the computed hash.</para>
|
||
/// <para>
|
||
/// This parameter can be <c>NULL</c> to set the size of this information for memory allocation purposes. For more information, see
|
||
/// Retrieving Data of Unknown Length.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pcbComputedHash">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> that contains the size, in bytes, of the buffer pointed to by the pbComputedHash parameter. When the
|
||
/// function returns, the <c>DWORD</c> contains the number of bytes stored in the buffer.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Note</c> When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
|
||
/// actual size can be slightly smaller than the size of the buffer specified on input. On input, buffer sizes are usually specified
|
||
/// large enough to ensure that the largest possible output data will fit in the buffer. On output, the variable pointed to by this
|
||
/// parameter is updated to reflect the actual size of the data copied to the buffer.
|
||
/// </para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, it returns zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
|
||
/// <para>
|
||
/// <c>Note</c> Errors from the called functions CryptCreateHash, CryptGetHashParam, and CryptHashData might be propagated to this
|
||
/// function. This function has the following error codes.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_MORE_DATA</term>
|
||
/// <term>
|
||
/// If the buffer specified by the pbComputedHash parameter is not large enough to hold the returned data, the function sets the
|
||
/// ERROR_MORE_DATA code, and stores the required buffer size, in bytes, into the variable pointed to by pcbComputedHash.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_FILE_NOT_FOUND</term>
|
||
/// <term>Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NTE_BAD_ALGID</term>
|
||
/// <term>The object identifier (OID) of the signature algorithm does not map to a known or supported hash algorithm.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
|
||
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
|
||
/// </para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-crypthashtobesigned BOOL CryptHashToBeSigned(
|
||
// HCRYPTPROV_LEGACY hCryptProv, DWORD dwCertEncodingType, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash, DWORD
|
||
// *pcbComputedHash );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "84477054-dd76-4dde-b465-9edeaf192714")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptHashToBeSigned([Optional] HCRYPTPROV hCryptProv, CertEncodingType dwCertEncodingType, [In] IntPtr pbEncoded, uint cbEncoded, [Out] IntPtr pbComputedHash, ref uint pcbComputedHash);
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// [The <c>CryptImportPKCS8</c> function is no longer available for use as of Windows Server 2008 and Windows Vista. Instead, use
|
||
/// the PFXImportCertStore function.]
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Important</c> This API is deprecated. New and existing software should start using Cryptography Next Generation APIs.
|
||
/// Microsoft may remove this API in future releases.
|
||
/// </para>
|
||
/// <para>
|
||
/// The <c>CryptImportPKCS8</c> function imports the private key in PKCS #8 format to a cryptographic service provider (CSP).
|
||
/// <c>CryptImportPKCS8</c> will return a handle to the provider and the import KeySpec used.
|
||
/// </para>
|
||
/// </summary>
|
||
/// <param name="sPrivateKeyAndParams">
|
||
/// A CRYPT_PKCS8_IMPORT_PARAMS structure that contains the private key BLOB and corresponding parameters.
|
||
/// </param>
|
||
/// <param name="dwFlags">
|
||
/// <para>A <c>DWORD</c> value. This parameter can be one of the following values, a combination of them, or a null value.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CRYPT_EXPORTABLE</term>
|
||
/// <term>
|
||
/// The key being imported is eventually to be reexported. If this flag is not used, then calls to CryptExportKey with the key
|
||
/// handle fail.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_USER_PROTECTED</term>
|
||
/// <term>
|
||
/// If this flag is set, the CSP notifies the user through a dialog box or some other method when certain actions are attempted
|
||
/// using this key. The precise behavior is specified by the CSP or the CSP type used. If the provider context was acquired with
|
||
/// CRYPT_SILENT set, using this flag causes a failure, and the last error is set to NTE_SILENT_CONTEXT.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="phCryptProv">
|
||
/// <para>
|
||
/// A pointer to the HCRYPTPROV to receive the handle of the provider into which the key is imported by calling the
|
||
/// <c>CryptImportPKCS8</c> function.
|
||
/// </para>
|
||
/// <para>When you have finished using the handle, free the handle by calling CryptReleaseContext.</para>
|
||
/// <para>This parameter can be <c>NULL</c>, in which case the handle of the provider is not returned.</para>
|
||
/// </param>
|
||
/// <param name="pvAuxInfo">This parameter must be <c>NULL</c>.</param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, it returns zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
|
||
/// <para>The following error code is specific to this function.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_UNSUPPORTED_TYPE</term>
|
||
/// <term>The algorithm object identifier (OID) of the private key is not supported.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
|
||
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
|
||
/// </para>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// <c>CryptImportPKCS8</c> calls the PCRYPT_RESOLVE_HCRYPTPROV_FUNC function by using the CRYPT_PKCS8_IMPORT_PARAMS structure
|
||
/// contained in the sPrivateKeyAndParams parameter to retrieve a handle of the provider to which to import the key. If
|
||
/// <c>PCRYPT_RESOLVE_HCRYPTPROV_FUNC</c> is <c>NULL</c>, then the default provider is used.
|
||
/// </para>
|
||
/// <para>This function is only supported for asymmetric keys.</para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptimportpkcs8 BOOL CryptImportPKCS8(
|
||
// CRYPT_PKCS8_IMPORT_PARAMS sPrivateKeyAndParams, DWORD dwFlags, HCRYPTPROV *phCryptProv, void *pvAuxInfo );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "fa3deff9-b4c1-4b63-a59f-738f87e1a409")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptImportPKCS8(CRYPT_PKCS8_IMPORT_PARAMS sPrivateKeyAndParams, uint dwFlags, out IntPtr phCryptProv, IntPtr pvAuxInfo = default);
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// The handle of the cryptographic service provider (CSP) to use when importing the public key. This handle must have already been
|
||
/// created using CryptAcquireContext.
|
||
/// </para>
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING</para>
|
||
/// <para>Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>The address of a CERT_PUBLIC_KEY_INFO structure that contains the public key to import into the provider.</para>
|
||
/// <para>
|
||
/// The address of an <c>HCRYPTKEY</c> variable that receives the handle of the imported public key. When you have finished using
|
||
/// the public key, release the handle by calling the CryptDestroyKey function.
|
||
/// </para>
|
||
/// </summary>
|
||
/// <param name="hCryptProv">
|
||
/// The handle of the cryptographic service provider (CSP) to use when importing the public key. This handle must have already been
|
||
/// created using CryptAcquireContext.
|
||
/// </param>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING</para>
|
||
/// <para>Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pInfo">The address of a CERT_PUBLIC_KEY_INFO structure that contains the public key to import into the provider.</param>
|
||
/// <param name="phKey">
|
||
/// The address of an <c>HCRYPTKEY</c> variable that receives the handle of the imported public key. When you have finished using
|
||
/// the public key, release the handle by calling the CryptDestroyKey function.
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, the return value is zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
|
||
/// <para>
|
||
/// <c>Note</c> Errors from the called functions CryptGetUserKey and CryptExportKey might be propagated to this function. This
|
||
/// function has the following error code.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_FILE_NOT_FOUND</term>
|
||
/// <term>
|
||
/// An import function that can be installed or registered could not be found for the specified dwCertEncodingType and
|
||
/// pInfo->Algorithm.pszObjId parameters.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
|
||
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
|
||
/// </para>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// This function is normally used to retrieve the public key from a certificate. This is done by passing the CERT_PUBLIC_KEY_INFO
|
||
/// structure from a filled-in certificate structure as shown in the following pseudocode.
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptimportpublickeyinfo BOOL CryptImportPublicKeyInfo(
|
||
// HCRYPTPROV hCryptProv, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo, HCRYPTKEY *phKey );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "f5f8ebb6-c838-404b-9b61-3ec36fdaef01")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptImportPublicKeyInfo(HCRYPTPROV hCryptProv, CertEncodingType dwCertEncodingType, in CERT_PUBLIC_KEY_INFO pInfo, out SafeHCRYPTKEY phKey);
|
||
|
||
/// <summary>
|
||
/// <para>The handle of the CSP to receive the imported public key. This handle must have already been created using CryptAcquireContext.</para>
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING</para>
|
||
/// <para>Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>the address of a CERT_PUBLIC_KEY_INFO structure that contains the public key to import into the provider.</para>
|
||
/// <para>
|
||
/// <c>Note</c> The <c>pzObjId</c> member of the <c>Algorithm</c> member pointed to by the pInfo and dwCertEncodingType parameters
|
||
/// determine an installable <c>CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_FUNC</c> callback function. If an installable function is not
|
||
/// found, an attempt is made to import the key as an RSA Public Key (szOID_RSA_RSA).
|
||
/// </para>
|
||
/// <para>An ALG_ID structure that contains a CSP-specific algorithm to override the CALG_RSA_KEYX default algorithm.</para>
|
||
/// <para>Reserved for future use and must be zero.</para>
|
||
/// <para>Reserved for future use and must be <c>NULL</c>.</para>
|
||
/// <para>
|
||
/// The address of an <c>HCRYPTKEY</c> variable that receives the handle of the imported public key. When you have finished using
|
||
/// the public key, release the handle by calling the CryptDestroyKey function.
|
||
/// </para>
|
||
/// </summary>
|
||
/// <param name="hCryptProv">
|
||
/// The handle of the CSP to receive the imported public key. This handle must have already been created using CryptAcquireContext.
|
||
/// </param>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING</para>
|
||
/// <para>Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pInfo">
|
||
/// <para>the address of a CERT_PUBLIC_KEY_INFO structure that contains the public key to import into the provider.</para>
|
||
/// <para>
|
||
/// <c>Note</c> The <c>pzObjId</c> member of the <c>Algorithm</c> member pointed to by the pInfo and dwCertEncodingType parameters
|
||
/// determine an installable <c>CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_FUNC</c> callback function. If an installable function is not
|
||
/// found, an attempt is made to import the key as an RSA Public Key (szOID_RSA_RSA).
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="aiKeyAlg">An ALG_ID structure that contains a CSP-specific algorithm to override the CALG_RSA_KEYX default algorithm.</param>
|
||
/// <param name="dwFlags">Reserved for future use and must be zero.</param>
|
||
/// <param name="pvAuxInfo">Reserved for future use and must be <c>NULL</c>.</param>
|
||
/// <param name="phKey">
|
||
/// The address of an <c>HCRYPTKEY</c> variable that receives the handle of the imported public key. When you have finished using
|
||
/// the public key, release the handle by calling the CryptDestroyKey function.
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, it returns zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
|
||
/// <para>
|
||
/// <c>Note</c> Errors from the called functions CryptGetUserKey and CryptExportKey might be propagated to this function. This
|
||
/// function has the following error code.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_FILE_NOT_FOUND</term>
|
||
/// <term>
|
||
/// An import function that can be installed or registered could not be found for the specified dwCertEncodingType and pInfo parameters.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
|
||
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
|
||
/// </para>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// This function is normally used to retrieve the public key from a certificate. This is done by passing the CERT_PUBLIC_KEY_INFO
|
||
/// structure from a filled-in certificate structure as shown in the following pseudocode.
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptimportpublickeyinfoex BOOL
|
||
// CryptImportPublicKeyInfoEx( HCRYPTPROV hCryptProv, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo, ALG_ID aiKeyAlg, DWORD
|
||
// dwFlags, void *pvAuxInfo, HCRYPTKEY *phKey );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "d3a59f83-c761-46bb-ac4f-f42f689ea5f1")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptImportPublicKeyInfoEx(HCRYPTPROV hCryptProv, uint dwCertEncodingType, in CERT_PUBLIC_KEY_INFO pInfo, ALG_ID aiKeyAlg,
|
||
[Optional] uint dwFlags, [Optional] IntPtr pvAuxInfo, out SafeHCRYPTKEY phKey);
|
||
|
||
/// <summary>
|
||
/// The <c>CryptImportPublicKeyInfoEx2</c> function imports a public key into the CNG asymmetric provider that corresponds to the
|
||
/// public key object identifier (OID) and returns a CNG handle to the key.
|
||
/// </summary>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// The certificate encoding type that was used to encrypt the subject. The message encoding type identifier, contained in the high
|
||
/// <c>WORD</c> of this value, is ignored by this function.
|
||
/// </para>
|
||
/// <para>This parameter can be the following currently defined certificate encoding type.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING 1 (0x1)</term>
|
||
/// <term>Specifies X.509 certificate encoding.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pInfo">
|
||
/// The address of a CERT_PUBLIC_KEY_INFO structure that contains the public key information to import into the provider.
|
||
/// </param>
|
||
/// <param name="dwFlags">
|
||
/// <para>
|
||
/// A set of flags that modify the behavior of this function. This can be zero or a combination of one or more of the following values.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG</term>
|
||
/// <term>
|
||
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group that are explicitly flagged with the
|
||
/// CRYPT_OID_PUBKEY_ENCRYPT_ONLY_FLAG flag.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG</term>
|
||
/// <term>
|
||
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group that are explicitly flagged with the
|
||
/// CRYPT_OID_PUBKEY_SIGN_ONLY_FLAG flag.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// These flags are passed in the dwKeyType parameter of the CryptFindOIDInfo function when mapping the public key object identifier
|
||
/// to the corresponding CNG public key algorithm identifier.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pvAuxInfo">This parameter is reserved for future use and must be set to <c>NULL</c>.</param>
|
||
/// <param name="phKey">
|
||
/// <para>The address of a <c>BCRYPT_KEY_HANDLE</c> variable that receives the handle of the imported key.</para>
|
||
/// <para>When this handle is no longer needed, you must release it by calling the BCryptDestroyKey function.</para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the function returns nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>
|
||
/// If the function fails, it returns zero ( <c>FALSE</c>). For extended error information, call GetLastError. Possible error codes
|
||
/// include, but are not limited to, the following.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_FILE_NOT_FOUND</term>
|
||
/// <term>
|
||
/// An import function that can be installed or registered could not be found for the specified dwCertEncodingType and pInfo parameters.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>E_INVALIDARG</term>
|
||
/// <term>One or more parameters are not valid.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptimportpublickeyinfoex2 BOOL
|
||
// CryptImportPublicKeyInfoEx2( DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo, DWORD dwFlags, void *pvAuxInfo,
|
||
// BCRYPT_KEY_HANDLE *phKey );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "c73f2499-75e9-4146-ae4c-0e949206ea37")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptImportPublicKeyInfoEx2(CertEncodingType dwCertEncodingType, in CERT_PUBLIC_KEY_INFO pInfo, CryptOIDInfoFlags dwFlags, [Optional] IntPtr pvAuxInfo, out BCrypt.SafeBCRYPT_KEY_HANDLE phKey);
|
||
|
||
/// <summary>
|
||
/// The <c>CryptMemAlloc</c> function allocates memory for a buffer. It is used by all Crypt32.lib functions that return allocated buffers.
|
||
/// </summary>
|
||
/// <param name="cbSize">Number of bytes to be allocated.</param>
|
||
/// <returns>
|
||
/// Returns a pointer to the buffer allocated. If the function fails, <c>NULL</c> is returned. When you have finished using the
|
||
/// buffer, free the memory by calling the CryptMemFree function.
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptmemalloc LPVOID CryptMemAlloc( ULONG cbSize );
|
||
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "ac7588b1-ff8c-4f8d-a8ab-f0e8a18e5614")]
|
||
public static extern IntPtr CryptMemAlloc(uint cbSize);
|
||
|
||
/// <summary>The <c>CryptMemFree</c> function frees memory allocated by CryptMemAlloc or CryptMemRealloc.</summary>
|
||
/// <param name="pv">A pointer to the buffer to be freed.</param>
|
||
/// <returns>This function does not return a value.</returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptmemfree void CryptMemFree( LPVOID pv );
|
||
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "fb5c10ba-da8e-4a34-9302-67586a0a9624")]
|
||
public static extern void CryptMemFree(IntPtr pv);
|
||
|
||
/// <summary>
|
||
/// The <c>CryptMemRealloc</c> function frees the memory currently allocated for a buffer and allocates memory for a new buffer.
|
||
/// </summary>
|
||
/// <param name="pv">A pointer to a currently allocated buffer.</param>
|
||
/// <param name="cbSize">Number of bytes to be allocated.</param>
|
||
/// <returns>
|
||
/// Returns a pointer to the buffer allocated. If the function fails, <c>NULL</c> is returned. When you have finished using the
|
||
/// buffer, free the memory by calling the CryptMemFree function.
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptmemrealloc LPVOID CryptMemRealloc( LPVOID pv, ULONG
|
||
// cbSize );
|
||
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "74bdd2dd-9f05-4d36-8323-79d547820068")]
|
||
public static extern IntPtr CryptMemRealloc(IntPtr pv, uint cbSize);
|
||
|
||
/// <summary>
|
||
/// <para>Indicates the type of the object to be queried. This must be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_BLOB</term>
|
||
/// <term>The object is stored in a structure in memory.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_FILE</term>
|
||
/// <term>The object is stored in a file.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>A pointer to the object to be queried. The type of data pointer depends on the contents of the dwObjectType parameter.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>dwObjectType value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_BLOB</term>
|
||
/// <term>This parameter is a pointer to a CERT_BLOB, or similar, structure that contains the object to query.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_FILE</term>
|
||
/// <term>This parameter is a pointer to a null-terminated Unicode string that contains the path and name of the file to query.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>Indicates the expected content type. This can be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_ALL</term>
|
||
/// <term>
|
||
/// The content can be any type. This does not include the CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD flag. If this flag is specified,
|
||
/// this function will attempt to obtain information about the object, trying different content types until the proper content type
|
||
/// is found or the content types are exhausted. This is obviously inefficient, so this flag should only be used if the content type
|
||
/// is not known.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CERT</term>
|
||
/// <term>The content is a single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CERT_PAIR</term>
|
||
/// <term>
|
||
/// The content is an Abstract Syntax Notation One (ASN.1) encoded X509_CERT_PAIR (an encoded certificate pair that contains either
|
||
/// forward, reverse, or forward and reverse cross certificates).
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CRL</term>
|
||
/// <term>The content is a single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CTL</term>
|
||
/// <term>The content is a single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PFX</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet, but it will not be loaded by this function. You can use the PFXImportCertStore function
|
||
/// to load this into a store.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet and will be loaded by this function subject to the conditions specified in the following
|
||
/// note. Windows Server 2003 and Windows XP: This value is not supported.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED</term>
|
||
/// <term>The content is a PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED</term>
|
||
/// <term>The content is an embedded PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED</term>
|
||
/// <term>The content is a PKCS #7 unsigned message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS10</term>
|
||
/// <term>The content is a PKCS #10 message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT</term>
|
||
/// <term>The content is a serialized single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL</term>
|
||
/// <term>The content is a serialized single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL</term>
|
||
/// <term>The content is serialized single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE</term>
|
||
/// <term>The content is a serialized store.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>Indicates the expected format of the returned type. This can be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_ALL</term>
|
||
/// <term>The content can be returned in any format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED</term>
|
||
/// <term>The content should be returned in ASCII hex-encoded format with a "{ASN}" prefix.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED</term>
|
||
/// <term>The content should be returned in Base64 encoded format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_BINARY</term>
|
||
/// <term>The content should be returned in binary format.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>This parameter is reserved for future use and must be set to zero.</para>
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> value that receives the type of encoding used in the message. If this information is not needed, set
|
||
/// this parameter to <c>NULL</c>.
|
||
/// </para>
|
||
/// <para>This parameter can receives a combination of one or more of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING 65536 (0x10000)</term>
|
||
/// <term>Specifies PKCS 7 message encoding.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING 1 (0x1)</term>
|
||
/// <term>Specifies X.509 certificate encoding.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> value that receives the actual type of the content. If this information is not needed, set this
|
||
/// parameter to <c>NULL</c>. The returned content type can be one of the following values.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CERT</term>
|
||
/// <term>The content is a single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CERT_PAIR</term>
|
||
/// <term>The content is an ASN.1 encoded X509_CERT_pair.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CRL</term>
|
||
/// <term>The content is a single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CTL</term>
|
||
/// <term>The content is a single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PFX</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet. This function only verifies that the object is a PKCS #12 packet. The PKCS #12 packet is
|
||
/// not loaded into a certificate store.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PFX_AND_LOAD</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet, and it has been loaded into a certificate store. Windows Server 2003 and Windows XP:
|
||
/// This value is not supported.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS7_SIGNED</term>
|
||
/// <term>The content is a PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED</term>
|
||
/// <term>The content is an embedded PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS7_UNSIGNED</term>
|
||
/// <term>The content is a PKCS #7 unsigned message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS10</term>
|
||
/// <term>The content is a PKCS #10 message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CERT</term>
|
||
/// <term>The content is a serialized single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CRL</term>
|
||
/// <term>The content is a serialized single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CTL</term>
|
||
/// <term>The content is a serialized single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_STORE</term>
|
||
/// <term>The content is a serialized store.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> value that receives the actual format type of the content. If this information is not needed, set
|
||
/// this parameter to <c>NULL</c>. The returned format type can be one of the following values.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED</term>
|
||
/// <term>The content is in ASCII hex-encoded format with an "{ASN}" prefix.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_BASE64_ENCODED</term>
|
||
/// <term>The content is in Base64 encoded format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_BINARY</term>
|
||
/// <term>The content is in binary format.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// A pointer to an <c>HCERTSTORE</c> value that receives a handle to a certificate store that includes all of the certificates,
|
||
/// CRLs, and CTLs in the object.
|
||
/// </para>
|
||
/// <para>
|
||
/// This parameter only receives a certificate store handle when the dwContentType parameter receives one of the following values.
|
||
/// This parameter receives <c>NULL</c> for all other content types.
|
||
/// </para>
|
||
/// <para>CERT_QUERY_CONTENT_CERT</para>
|
||
/// <para>CERT_QUERY_CONTENT_CRL</para>
|
||
/// <para>CERT_QUERY_CONTENT_CTL</para>
|
||
/// <para>CERT_QUERY_CONTENT_PFX_AND_LOAD</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_CERT</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_CRL</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_CTL</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_STORE</para>
|
||
/// <para>When you have finished using the handle, free it by passing the handle to the CertCloseStore function.</para>
|
||
/// <para>If this information is not needed, set this parameter to <c>NULL</c>.</para>
|
||
/// <para>A pointer to an <c>HCRYPTMSG</c> value that receives the handle of an opened message.</para>
|
||
/// <para>
|
||
/// This parameter only receives a message handle when the dwContentType parameter receives one of the following values. This
|
||
/// parameter receives <c>NULL</c> for all other content types.
|
||
/// </para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_UNSIGNED</para>
|
||
/// <para>When you have finished using the handle, free it by passing the handle to the CryptMsgClose function.</para>
|
||
/// <para>If this information is not needed, set this parameter to <c>NULL</c>.</para>
|
||
/// <para>A pointer to a pointer that receives additional information about the object.</para>
|
||
/// <para>
|
||
/// The format of this data depends on the value received by the dwContentType parameter. The following table lists the format of
|
||
/// the data for the specified dwContentType value.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>dwContentType value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CERT</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCertificateContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CRL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCRLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CTL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCTLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CERT</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCertificateContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CRL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCRLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CTL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCTLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>If this information is not needed, set this parameter to <c>NULL</c>.</para>
|
||
/// </summary>
|
||
/// <param name="dwObjectType">
|
||
/// <para>Indicates the type of the object to be queried. This must be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_BLOB</term>
|
||
/// <term>The object is stored in a structure in memory.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_FILE</term>
|
||
/// <term>The object is stored in a file.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pvObject">
|
||
/// <para>A pointer to the object to be queried. The type of data pointer depends on the contents of the dwObjectType parameter.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>dwObjectType value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_BLOB</term>
|
||
/// <term>This parameter is a pointer to a CERT_BLOB, or similar, structure that contains the object to query.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_FILE</term>
|
||
/// <term>This parameter is a pointer to a null-terminated Unicode string that contains the path and name of the file to query.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="dwExpectedContentTypeFlags">
|
||
/// <para>Indicates the expected content type. This can be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_ALL</term>
|
||
/// <term>
|
||
/// The content can be any type. This does not include the CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD flag. If this flag is specified,
|
||
/// this function will attempt to obtain information about the object, trying different content types until the proper content type
|
||
/// is found or the content types are exhausted. This is obviously inefficient, so this flag should only be used if the content type
|
||
/// is not known.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CERT</term>
|
||
/// <term>The content is a single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CERT_PAIR</term>
|
||
/// <term>
|
||
/// The content is an Abstract Syntax Notation One (ASN.1) encoded X509_CERT_PAIR (an encoded certificate pair that contains either
|
||
/// forward, reverse, or forward and reverse cross certificates).
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CRL</term>
|
||
/// <term>The content is a single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CTL</term>
|
||
/// <term>The content is a single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PFX</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet, but it will not be loaded by this function. You can use the PFXImportCertStore function
|
||
/// to load this into a store.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet and will be loaded by this function subject to the conditions specified in the following
|
||
/// note. Windows Server 2003 and Windows XP: This value is not supported.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED</term>
|
||
/// <term>The content is a PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED</term>
|
||
/// <term>The content is an embedded PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED</term>
|
||
/// <term>The content is a PKCS #7 unsigned message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS10</term>
|
||
/// <term>The content is a PKCS #10 message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT</term>
|
||
/// <term>The content is a serialized single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL</term>
|
||
/// <term>The content is a serialized single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL</term>
|
||
/// <term>The content is serialized single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE</term>
|
||
/// <term>The content is a serialized store.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="dwExpectedFormatTypeFlags">
|
||
/// <para>Indicates the expected format of the returned type. This can be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_ALL</term>
|
||
/// <term>The content can be returned in any format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED</term>
|
||
/// <term>The content should be returned in ASCII hex-encoded format with a "{ASN}" prefix.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED</term>
|
||
/// <term>The content should be returned in Base64 encoded format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_BINARY</term>
|
||
/// <term>The content should be returned in binary format.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="dwFlags">This parameter is reserved for future use and must be set to zero.</param>
|
||
/// <param name="pdwMsgAndCertEncodingType">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> value that receives the type of encoding used in the message. If this information is not needed, set
|
||
/// this parameter to <c>NULL</c>.
|
||
/// </para>
|
||
/// <para>This parameter can receives a combination of one or more of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING 65536 (0x10000)</term>
|
||
/// <term>Specifies PKCS 7 message encoding.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING 1 (0x1)</term>
|
||
/// <term>Specifies X.509 certificate encoding.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pdwContentType">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> value that receives the actual type of the content. If this information is not needed, set this
|
||
/// parameter to <c>NULL</c>. The returned content type can be one of the following values.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CERT</term>
|
||
/// <term>The content is a single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CERT_PAIR</term>
|
||
/// <term>The content is an ASN.1 encoded X509_CERT_pair.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CRL</term>
|
||
/// <term>The content is a single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CTL</term>
|
||
/// <term>The content is a single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PFX</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet. This function only verifies that the object is a PKCS #12 packet. The PKCS #12 packet is
|
||
/// not loaded into a certificate store.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PFX_AND_LOAD</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet, and it has been loaded into a certificate store. Windows Server 2003 and Windows XP:
|
||
/// This value is not supported.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS7_SIGNED</term>
|
||
/// <term>The content is a PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED</term>
|
||
/// <term>The content is an embedded PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS7_UNSIGNED</term>
|
||
/// <term>The content is a PKCS #7 unsigned message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS10</term>
|
||
/// <term>The content is a PKCS #10 message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CERT</term>
|
||
/// <term>The content is a serialized single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CRL</term>
|
||
/// <term>The content is a serialized single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CTL</term>
|
||
/// <term>The content is a serialized single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_STORE</term>
|
||
/// <term>The content is a serialized store.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pdwFormatType">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> value that receives the actual format type of the content. If this information is not needed, set
|
||
/// this parameter to <c>NULL</c>. The returned format type can be one of the following values.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED</term>
|
||
/// <term>The content is in ASCII hex-encoded format with an "{ASN}" prefix.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_BASE64_ENCODED</term>
|
||
/// <term>The content is in Base64 encoded format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_BINARY</term>
|
||
/// <term>The content is in binary format.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="phCertStore">
|
||
/// <para>
|
||
/// A pointer to an <c>HCERTSTORE</c> value that receives a handle to a certificate store that includes all of the certificates,
|
||
/// CRLs, and CTLs in the object.
|
||
/// </para>
|
||
/// <para>
|
||
/// This parameter only receives a certificate store handle when the dwContentType parameter receives one of the following values.
|
||
/// This parameter receives <c>NULL</c> for all other content types.
|
||
/// </para>
|
||
/// <para>CERT_QUERY_CONTENT_CERT</para>
|
||
/// <para>CERT_QUERY_CONTENT_CRL</para>
|
||
/// <para>CERT_QUERY_CONTENT_CTL</para>
|
||
/// <para>CERT_QUERY_CONTENT_PFX_AND_LOAD</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_CERT</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_CRL</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_CTL</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_STORE</para>
|
||
/// <para>When you have finished using the handle, free it by passing the handle to the CertCloseStore function.</para>
|
||
/// <para>If this information is not needed, set this parameter to <c>NULL</c>.</para>
|
||
/// </param>
|
||
/// <param name="phMsg">
|
||
/// <para>A pointer to an <c>HCRYPTMSG</c> value that receives the handle of an opened message.</para>
|
||
/// <para>
|
||
/// This parameter only receives a message handle when the dwContentType parameter receives one of the following values. This
|
||
/// parameter receives <c>NULL</c> for all other content types.
|
||
/// </para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_UNSIGNED</para>
|
||
/// <para>When you have finished using the handle, free it by passing the handle to the CryptMsgClose function.</para>
|
||
/// <para>If this information is not needed, set this parameter to <c>NULL</c>.</para>
|
||
/// </param>
|
||
/// <param name="ppvContext">
|
||
/// <para>A pointer to a pointer that receives additional information about the object.</para>
|
||
/// <para>
|
||
/// The format of this data depends on the value received by the dwContentType parameter. The following table lists the format of
|
||
/// the data for the specified dwContentType value.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>dwContentType value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CERT</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCertificateContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CRL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCRLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CTL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCTLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CERT</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCertificateContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CRL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCRLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CTL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCTLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>If this information is not needed, set this parameter to <c>NULL</c>.</para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the function returns nonzero.</para>
|
||
/// <para>If the function fails, it returns zero. For extended error information, call GetLastError.</para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptqueryobject BOOL CryptQueryObject( DWORD
|
||
// dwObjectType, const void *pvObject, DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags, DWORD dwFlags, DWORD
|
||
// *pdwMsgAndCertEncodingType, DWORD *pdwContentType, DWORD *pdwFormatType, HCERTSTORE *phCertStore, HCRYPTMSG *phMsg, const void
|
||
// **ppvContext );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "d882f2b0-0f0a-41c7-afca-a232dc00797b")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptQueryObject(CertQueryObjectType dwObjectType, [In] IntPtr pvObject, CertQueryContentFlags dwExpectedContentTypeFlags, CertQueryFormatFlags dwExpectedFormatTypeFlags,
|
||
[Optional] uint dwFlags, out CertEncodingType pdwMsgAndCertEncodingType, out CertQueryContentType pdwContentType, out CertQueryFormatType pdwFormatType, out SafeHCERTSTORE phCertStore,
|
||
out SafeHCRYPTMSG phMsg, out SafePCCERT_CONTEXT ppvContext);
|
||
|
||
/// <summary>
|
||
/// <para>Indicates the type of the object to be queried. This must be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_BLOB</term>
|
||
/// <term>The object is stored in a structure in memory.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_FILE</term>
|
||
/// <term>The object is stored in a file.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>A pointer to the object to be queried. The type of data pointer depends on the contents of the dwObjectType parameter.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>dwObjectType value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_BLOB</term>
|
||
/// <term>This parameter is a pointer to a CERT_BLOB, or similar, structure that contains the object to query.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_FILE</term>
|
||
/// <term>This parameter is a pointer to a null-terminated Unicode string that contains the path and name of the file to query.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>Indicates the expected content type. This can be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_ALL</term>
|
||
/// <term>
|
||
/// The content can be any type. This does not include the CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD flag. If this flag is specified,
|
||
/// this function will attempt to obtain information about the object, trying different content types until the proper content type
|
||
/// is found or the content types are exhausted. This is obviously inefficient, so this flag should only be used if the content type
|
||
/// is not known.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CERT</term>
|
||
/// <term>The content is a single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CERT_PAIR</term>
|
||
/// <term>
|
||
/// The content is an Abstract Syntax Notation One (ASN.1) encoded X509_CERT_PAIR (an encoded certificate pair that contains either
|
||
/// forward, reverse, or forward and reverse cross certificates).
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CRL</term>
|
||
/// <term>The content is a single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CTL</term>
|
||
/// <term>The content is a single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PFX</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet, but it will not be loaded by this function. You can use the PFXImportCertStore function
|
||
/// to load this into a store.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet and will be loaded by this function subject to the conditions specified in the following
|
||
/// note. Windows Server 2003 and Windows XP: This value is not supported.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED</term>
|
||
/// <term>The content is a PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED</term>
|
||
/// <term>The content is an embedded PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED</term>
|
||
/// <term>The content is a PKCS #7 unsigned message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS10</term>
|
||
/// <term>The content is a PKCS #10 message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT</term>
|
||
/// <term>The content is a serialized single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL</term>
|
||
/// <term>The content is a serialized single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL</term>
|
||
/// <term>The content is serialized single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE</term>
|
||
/// <term>The content is a serialized store.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>Indicates the expected format of the returned type. This can be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_ALL</term>
|
||
/// <term>The content can be returned in any format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED</term>
|
||
/// <term>The content should be returned in ASCII hex-encoded format with a "{ASN}" prefix.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED</term>
|
||
/// <term>The content should be returned in Base64 encoded format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_BINARY</term>
|
||
/// <term>The content should be returned in binary format.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>This parameter is reserved for future use and must be set to zero.</para>
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> value that receives the type of encoding used in the message. If this information is not needed, set
|
||
/// this parameter to <c>NULL</c>.
|
||
/// </para>
|
||
/// <para>This parameter can receives a combination of one or more of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING 65536 (0x10000)</term>
|
||
/// <term>Specifies PKCS 7 message encoding.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING 1 (0x1)</term>
|
||
/// <term>Specifies X.509 certificate encoding.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> value that receives the actual type of the content. If this information is not needed, set this
|
||
/// parameter to <c>NULL</c>. The returned content type can be one of the following values.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CERT</term>
|
||
/// <term>The content is a single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CERT_PAIR</term>
|
||
/// <term>The content is an ASN.1 encoded X509_CERT_pair.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CRL</term>
|
||
/// <term>The content is a single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CTL</term>
|
||
/// <term>The content is a single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PFX</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet. This function only verifies that the object is a PKCS #12 packet. The PKCS #12 packet is
|
||
/// not loaded into a certificate store.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PFX_AND_LOAD</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet, and it has been loaded into a certificate store. Windows Server 2003 and Windows XP:
|
||
/// This value is not supported.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS7_SIGNED</term>
|
||
/// <term>The content is a PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED</term>
|
||
/// <term>The content is an embedded PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS7_UNSIGNED</term>
|
||
/// <term>The content is a PKCS #7 unsigned message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS10</term>
|
||
/// <term>The content is a PKCS #10 message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CERT</term>
|
||
/// <term>The content is a serialized single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CRL</term>
|
||
/// <term>The content is a serialized single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CTL</term>
|
||
/// <term>The content is a serialized single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_STORE</term>
|
||
/// <term>The content is a serialized store.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> value that receives the actual format type of the content. If this information is not needed, set
|
||
/// this parameter to <c>NULL</c>. The returned format type can be one of the following values.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED</term>
|
||
/// <term>The content is in ASCII hex-encoded format with an "{ASN}" prefix.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_BASE64_ENCODED</term>
|
||
/// <term>The content is in Base64 encoded format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_BINARY</term>
|
||
/// <term>The content is in binary format.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// A pointer to an <c>HCERTSTORE</c> value that receives a handle to a certificate store that includes all of the certificates,
|
||
/// CRLs, and CTLs in the object.
|
||
/// </para>
|
||
/// <para>
|
||
/// This parameter only receives a certificate store handle when the dwContentType parameter receives one of the following values.
|
||
/// This parameter receives <c>NULL</c> for all other content types.
|
||
/// </para>
|
||
/// <para>CERT_QUERY_CONTENT_CERT</para>
|
||
/// <para>CERT_QUERY_CONTENT_CRL</para>
|
||
/// <para>CERT_QUERY_CONTENT_CTL</para>
|
||
/// <para>CERT_QUERY_CONTENT_PFX_AND_LOAD</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_CERT</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_CRL</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_CTL</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_STORE</para>
|
||
/// <para>When you have finished using the handle, free it by passing the handle to the CertCloseStore function.</para>
|
||
/// <para>If this information is not needed, set this parameter to <c>NULL</c>.</para>
|
||
/// <para>A pointer to an <c>HCRYPTMSG</c> value that receives the handle of an opened message.</para>
|
||
/// <para>
|
||
/// This parameter only receives a message handle when the dwContentType parameter receives one of the following values. This
|
||
/// parameter receives <c>NULL</c> for all other content types.
|
||
/// </para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_UNSIGNED</para>
|
||
/// <para>When you have finished using the handle, free it by passing the handle to the CryptMsgClose function.</para>
|
||
/// <para>If this information is not needed, set this parameter to <c>NULL</c>.</para>
|
||
/// <para>A pointer to a pointer that receives additional information about the object.</para>
|
||
/// <para>
|
||
/// The format of this data depends on the value received by the dwContentType parameter. The following table lists the format of
|
||
/// the data for the specified dwContentType value.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>dwContentType value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CERT</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCertificateContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CRL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCRLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CTL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCTLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CERT</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCertificateContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CRL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCRLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CTL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCTLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>If this information is not needed, set this parameter to <c>NULL</c>.</para>
|
||
/// </summary>
|
||
/// <param name="dwObjectType">
|
||
/// <para>Indicates the type of the object to be queried. This must be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_BLOB</term>
|
||
/// <term>The object is stored in a structure in memory.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_FILE</term>
|
||
/// <term>The object is stored in a file.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pvObject">
|
||
/// <para>A pointer to the object to be queried. The type of data pointer depends on the contents of the dwObjectType parameter.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>dwObjectType value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_BLOB</term>
|
||
/// <term>This parameter is a pointer to a CERT_BLOB, or similar, structure that contains the object to query.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_FILE</term>
|
||
/// <term>This parameter is a pointer to a null-terminated Unicode string that contains the path and name of the file to query.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="dwExpectedContentTypeFlags">
|
||
/// <para>Indicates the expected content type. This can be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_ALL</term>
|
||
/// <term>
|
||
/// The content can be any type. This does not include the CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD flag. If this flag is specified,
|
||
/// this function will attempt to obtain information about the object, trying different content types until the proper content type
|
||
/// is found or the content types are exhausted. This is obviously inefficient, so this flag should only be used if the content type
|
||
/// is not known.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CERT</term>
|
||
/// <term>The content is a single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CERT_PAIR</term>
|
||
/// <term>
|
||
/// The content is an Abstract Syntax Notation One (ASN.1) encoded X509_CERT_PAIR (an encoded certificate pair that contains either
|
||
/// forward, reverse, or forward and reverse cross certificates).
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CRL</term>
|
||
/// <term>The content is a single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CTL</term>
|
||
/// <term>The content is a single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PFX</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet, but it will not be loaded by this function. You can use the PFXImportCertStore function
|
||
/// to load this into a store.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet and will be loaded by this function subject to the conditions specified in the following
|
||
/// note. Windows Server 2003 and Windows XP: This value is not supported.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED</term>
|
||
/// <term>The content is a PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED</term>
|
||
/// <term>The content is an embedded PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED</term>
|
||
/// <term>The content is a PKCS #7 unsigned message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS10</term>
|
||
/// <term>The content is a PKCS #10 message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT</term>
|
||
/// <term>The content is a serialized single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL</term>
|
||
/// <term>The content is a serialized single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL</term>
|
||
/// <term>The content is serialized single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE</term>
|
||
/// <term>The content is a serialized store.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="dwExpectedFormatTypeFlags">
|
||
/// <para>Indicates the expected format of the returned type. This can be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_ALL</term>
|
||
/// <term>The content can be returned in any format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED</term>
|
||
/// <term>The content should be returned in ASCII hex-encoded format with a "{ASN}" prefix.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED</term>
|
||
/// <term>The content should be returned in Base64 encoded format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_BINARY</term>
|
||
/// <term>The content should be returned in binary format.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="dwFlags">This parameter is reserved for future use and must be set to zero.</param>
|
||
/// <param name="pdwMsgAndCertEncodingType">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> value that receives the type of encoding used in the message. If this information is not needed, set
|
||
/// this parameter to <c>NULL</c>.
|
||
/// </para>
|
||
/// <para>This parameter can receives a combination of one or more of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING 65536 (0x10000)</term>
|
||
/// <term>Specifies PKCS 7 message encoding.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING 1 (0x1)</term>
|
||
/// <term>Specifies X.509 certificate encoding.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pdwContentType">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> value that receives the actual type of the content. If this information is not needed, set this
|
||
/// parameter to <c>NULL</c>. The returned content type can be one of the following values.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CERT</term>
|
||
/// <term>The content is a single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CERT_PAIR</term>
|
||
/// <term>The content is an ASN.1 encoded X509_CERT_pair.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CRL</term>
|
||
/// <term>The content is a single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CTL</term>
|
||
/// <term>The content is a single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PFX</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet. This function only verifies that the object is a PKCS #12 packet. The PKCS #12 packet is
|
||
/// not loaded into a certificate store.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PFX_AND_LOAD</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet, and it has been loaded into a certificate store. Windows Server 2003 and Windows XP:
|
||
/// This value is not supported.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS7_SIGNED</term>
|
||
/// <term>The content is a PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED</term>
|
||
/// <term>The content is an embedded PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS7_UNSIGNED</term>
|
||
/// <term>The content is a PKCS #7 unsigned message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS10</term>
|
||
/// <term>The content is a PKCS #10 message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CERT</term>
|
||
/// <term>The content is a serialized single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CRL</term>
|
||
/// <term>The content is a serialized single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CTL</term>
|
||
/// <term>The content is a serialized single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_STORE</term>
|
||
/// <term>The content is a serialized store.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pdwFormatType">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> value that receives the actual format type of the content. If this information is not needed, set
|
||
/// this parameter to <c>NULL</c>. The returned format type can be one of the following values.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED</term>
|
||
/// <term>The content is in ASCII hex-encoded format with an "{ASN}" prefix.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_BASE64_ENCODED</term>
|
||
/// <term>The content is in Base64 encoded format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_BINARY</term>
|
||
/// <term>The content is in binary format.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="phCertStore">
|
||
/// <para>
|
||
/// A pointer to an <c>HCERTSTORE</c> value that receives a handle to a certificate store that includes all of the certificates,
|
||
/// CRLs, and CTLs in the object.
|
||
/// </para>
|
||
/// <para>
|
||
/// This parameter only receives a certificate store handle when the dwContentType parameter receives one of the following values.
|
||
/// This parameter receives <c>NULL</c> for all other content types.
|
||
/// </para>
|
||
/// <para>CERT_QUERY_CONTENT_CERT</para>
|
||
/// <para>CERT_QUERY_CONTENT_CRL</para>
|
||
/// <para>CERT_QUERY_CONTENT_CTL</para>
|
||
/// <para>CERT_QUERY_CONTENT_PFX_AND_LOAD</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_CERT</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_CRL</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_CTL</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_STORE</para>
|
||
/// <para>When you have finished using the handle, free it by passing the handle to the CertCloseStore function.</para>
|
||
/// <para>If this information is not needed, set this parameter to <c>NULL</c>.</para>
|
||
/// </param>
|
||
/// <param name="phMsg">
|
||
/// <para>A pointer to an <c>HCRYPTMSG</c> value that receives the handle of an opened message.</para>
|
||
/// <para>
|
||
/// This parameter only receives a message handle when the dwContentType parameter receives one of the following values. This
|
||
/// parameter receives <c>NULL</c> for all other content types.
|
||
/// </para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_UNSIGNED</para>
|
||
/// <para>When you have finished using the handle, free it by passing the handle to the CryptMsgClose function.</para>
|
||
/// <para>If this information is not needed, set this parameter to <c>NULL</c>.</para>
|
||
/// </param>
|
||
/// <param name="ppvContext">
|
||
/// <para>A pointer to a pointer that receives additional information about the object.</para>
|
||
/// <para>
|
||
/// The format of this data depends on the value received by the dwContentType parameter. The following table lists the format of
|
||
/// the data for the specified dwContentType value.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>dwContentType value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CERT</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCertificateContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CRL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCRLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CTL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCTLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CERT</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCertificateContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CRL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCRLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CTL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCTLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>If this information is not needed, set this parameter to <c>NULL</c>.</para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the function returns nonzero.</para>
|
||
/// <para>If the function fails, it returns zero. For extended error information, call GetLastError.</para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptqueryobject BOOL CryptQueryObject( DWORD
|
||
// dwObjectType, const void *pvObject, DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags, DWORD dwFlags, DWORD
|
||
// *pdwMsgAndCertEncodingType, DWORD *pdwContentType, DWORD *pdwFormatType, HCERTSTORE *phCertStore, HCRYPTMSG *phMsg, const void
|
||
// **ppvContext );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "d882f2b0-0f0a-41c7-afca-a232dc00797b")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptQueryObject(CertQueryObjectType dwObjectType, [In] IntPtr pvObject, CertQueryContentFlags dwExpectedContentTypeFlags, CertQueryFormatFlags dwExpectedFormatTypeFlags,
|
||
[Optional] uint dwFlags, out CertEncodingType pdwMsgAndCertEncodingType, out CertQueryContentType pdwContentType, out CertQueryFormatType pdwFormatType, out SafeHCERTSTORE phCertStore,
|
||
out SafeHCRYPTMSG phMsg, out SafePCCRL_CONTEXT ppvContext);
|
||
|
||
/// <summary>
|
||
/// <para>Indicates the type of the object to be queried. This must be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_BLOB</term>
|
||
/// <term>The object is stored in a structure in memory.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_FILE</term>
|
||
/// <term>The object is stored in a file.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>A pointer to the object to be queried. The type of data pointer depends on the contents of the dwObjectType parameter.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>dwObjectType value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_BLOB</term>
|
||
/// <term>This parameter is a pointer to a CERT_BLOB, or similar, structure that contains the object to query.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_FILE</term>
|
||
/// <term>This parameter is a pointer to a null-terminated Unicode string that contains the path and name of the file to query.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>Indicates the expected content type. This can be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_ALL</term>
|
||
/// <term>
|
||
/// The content can be any type. This does not include the CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD flag. If this flag is specified,
|
||
/// this function will attempt to obtain information about the object, trying different content types until the proper content type
|
||
/// is found or the content types are exhausted. This is obviously inefficient, so this flag should only be used if the content type
|
||
/// is not known.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CERT</term>
|
||
/// <term>The content is a single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CERT_PAIR</term>
|
||
/// <term>
|
||
/// The content is an Abstract Syntax Notation One (ASN.1) encoded X509_CERT_PAIR (an encoded certificate pair that contains either
|
||
/// forward, reverse, or forward and reverse cross certificates).
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CRL</term>
|
||
/// <term>The content is a single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CTL</term>
|
||
/// <term>The content is a single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PFX</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet, but it will not be loaded by this function. You can use the PFXImportCertStore function
|
||
/// to load this into a store.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet and will be loaded by this function subject to the conditions specified in the following
|
||
/// note. Windows Server 2003 and Windows XP: This value is not supported.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED</term>
|
||
/// <term>The content is a PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED</term>
|
||
/// <term>The content is an embedded PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED</term>
|
||
/// <term>The content is a PKCS #7 unsigned message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS10</term>
|
||
/// <term>The content is a PKCS #10 message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT</term>
|
||
/// <term>The content is a serialized single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL</term>
|
||
/// <term>The content is a serialized single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL</term>
|
||
/// <term>The content is serialized single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE</term>
|
||
/// <term>The content is a serialized store.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>Indicates the expected format of the returned type. This can be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_ALL</term>
|
||
/// <term>The content can be returned in any format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED</term>
|
||
/// <term>The content should be returned in ASCII hex-encoded format with a "{ASN}" prefix.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED</term>
|
||
/// <term>The content should be returned in Base64 encoded format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_BINARY</term>
|
||
/// <term>The content should be returned in binary format.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>This parameter is reserved for future use and must be set to zero.</para>
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> value that receives the type of encoding used in the message. If this information is not needed, set
|
||
/// this parameter to <c>NULL</c>.
|
||
/// </para>
|
||
/// <para>This parameter can receives a combination of one or more of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING 65536 (0x10000)</term>
|
||
/// <term>Specifies PKCS 7 message encoding.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING 1 (0x1)</term>
|
||
/// <term>Specifies X.509 certificate encoding.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> value that receives the actual type of the content. If this information is not needed, set this
|
||
/// parameter to <c>NULL</c>. The returned content type can be one of the following values.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CERT</term>
|
||
/// <term>The content is a single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CERT_PAIR</term>
|
||
/// <term>The content is an ASN.1 encoded X509_CERT_pair.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CRL</term>
|
||
/// <term>The content is a single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CTL</term>
|
||
/// <term>The content is a single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PFX</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet. This function only verifies that the object is a PKCS #12 packet. The PKCS #12 packet is
|
||
/// not loaded into a certificate store.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PFX_AND_LOAD</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet, and it has been loaded into a certificate store. Windows Server 2003 and Windows XP:
|
||
/// This value is not supported.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS7_SIGNED</term>
|
||
/// <term>The content is a PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED</term>
|
||
/// <term>The content is an embedded PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS7_UNSIGNED</term>
|
||
/// <term>The content is a PKCS #7 unsigned message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS10</term>
|
||
/// <term>The content is a PKCS #10 message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CERT</term>
|
||
/// <term>The content is a serialized single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CRL</term>
|
||
/// <term>The content is a serialized single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CTL</term>
|
||
/// <term>The content is a serialized single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_STORE</term>
|
||
/// <term>The content is a serialized store.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> value that receives the actual format type of the content. If this information is not needed, set
|
||
/// this parameter to <c>NULL</c>. The returned format type can be one of the following values.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED</term>
|
||
/// <term>The content is in ASCII hex-encoded format with an "{ASN}" prefix.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_BASE64_ENCODED</term>
|
||
/// <term>The content is in Base64 encoded format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_BINARY</term>
|
||
/// <term>The content is in binary format.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// A pointer to an <c>HCERTSTORE</c> value that receives a handle to a certificate store that includes all of the certificates,
|
||
/// CRLs, and CTLs in the object.
|
||
/// </para>
|
||
/// <para>
|
||
/// This parameter only receives a certificate store handle when the dwContentType parameter receives one of the following values.
|
||
/// This parameter receives <c>NULL</c> for all other content types.
|
||
/// </para>
|
||
/// <para>CERT_QUERY_CONTENT_CERT</para>
|
||
/// <para>CERT_QUERY_CONTENT_CRL</para>
|
||
/// <para>CERT_QUERY_CONTENT_CTL</para>
|
||
/// <para>CERT_QUERY_CONTENT_PFX_AND_LOAD</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_CERT</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_CRL</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_CTL</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_STORE</para>
|
||
/// <para>When you have finished using the handle, free it by passing the handle to the CertCloseStore function.</para>
|
||
/// <para>If this information is not needed, set this parameter to <c>NULL</c>.</para>
|
||
/// <para>A pointer to an <c>HCRYPTMSG</c> value that receives the handle of an opened message.</para>
|
||
/// <para>
|
||
/// This parameter only receives a message handle when the dwContentType parameter receives one of the following values. This
|
||
/// parameter receives <c>NULL</c> for all other content types.
|
||
/// </para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_UNSIGNED</para>
|
||
/// <para>When you have finished using the handle, free it by passing the handle to the CryptMsgClose function.</para>
|
||
/// <para>If this information is not needed, set this parameter to <c>NULL</c>.</para>
|
||
/// <para>A pointer to a pointer that receives additional information about the object.</para>
|
||
/// <para>
|
||
/// The format of this data depends on the value received by the dwContentType parameter. The following table lists the format of
|
||
/// the data for the specified dwContentType value.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>dwContentType value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CERT</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCertificateContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CRL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCRLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CTL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCTLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CERT</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCertificateContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CRL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCRLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CTL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCTLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>If this information is not needed, set this parameter to <c>NULL</c>.</para>
|
||
/// </summary>
|
||
/// <param name="dwObjectType">
|
||
/// <para>Indicates the type of the object to be queried. This must be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_BLOB</term>
|
||
/// <term>The object is stored in a structure in memory.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_FILE</term>
|
||
/// <term>The object is stored in a file.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pvObject">
|
||
/// <para>A pointer to the object to be queried. The type of data pointer depends on the contents of the dwObjectType parameter.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>dwObjectType value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_BLOB</term>
|
||
/// <term>This parameter is a pointer to a CERT_BLOB, or similar, structure that contains the object to query.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_OBJECT_FILE</term>
|
||
/// <term>This parameter is a pointer to a null-terminated Unicode string that contains the path and name of the file to query.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="dwExpectedContentTypeFlags">
|
||
/// <para>Indicates the expected content type. This can be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_ALL</term>
|
||
/// <term>
|
||
/// The content can be any type. This does not include the CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD flag. If this flag is specified,
|
||
/// this function will attempt to obtain information about the object, trying different content types until the proper content type
|
||
/// is found or the content types are exhausted. This is obviously inefficient, so this flag should only be used if the content type
|
||
/// is not known.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CERT</term>
|
||
/// <term>The content is a single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CERT_PAIR</term>
|
||
/// <term>
|
||
/// The content is an Abstract Syntax Notation One (ASN.1) encoded X509_CERT_PAIR (an encoded certificate pair that contains either
|
||
/// forward, reverse, or forward and reverse cross certificates).
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CRL</term>
|
||
/// <term>The content is a single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_CTL</term>
|
||
/// <term>The content is a single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PFX</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet, but it will not be loaded by this function. You can use the PFXImportCertStore function
|
||
/// to load this into a store.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet and will be loaded by this function subject to the conditions specified in the following
|
||
/// note. Windows Server 2003 and Windows XP: This value is not supported.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED</term>
|
||
/// <term>The content is a PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED</term>
|
||
/// <term>The content is an embedded PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED</term>
|
||
/// <term>The content is a PKCS #7 unsigned message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_PKCS10</term>
|
||
/// <term>The content is a PKCS #10 message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT</term>
|
||
/// <term>The content is a serialized single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL</term>
|
||
/// <term>The content is a serialized single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL</term>
|
||
/// <term>The content is serialized single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE</term>
|
||
/// <term>The content is a serialized store.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="dwExpectedFormatTypeFlags">
|
||
/// <para>Indicates the expected format of the returned type. This can be one of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_ALL</term>
|
||
/// <term>The content can be returned in any format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED</term>
|
||
/// <term>The content should be returned in ASCII hex-encoded format with a "{ASN}" prefix.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED</term>
|
||
/// <term>The content should be returned in Base64 encoded format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_FLAG_BINARY</term>
|
||
/// <term>The content should be returned in binary format.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="dwFlags">This parameter is reserved for future use and must be set to zero.</param>
|
||
/// <param name="pdwMsgAndCertEncodingType">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> value that receives the type of encoding used in the message. If this information is not needed, set
|
||
/// this parameter to <c>NULL</c>.
|
||
/// </para>
|
||
/// <para>This parameter can receives a combination of one or more of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING 65536 (0x10000)</term>
|
||
/// <term>Specifies PKCS 7 message encoding.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING 1 (0x1)</term>
|
||
/// <term>Specifies X.509 certificate encoding.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pdwContentType">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> value that receives the actual type of the content. If this information is not needed, set this
|
||
/// parameter to <c>NULL</c>. The returned content type can be one of the following values.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CERT</term>
|
||
/// <term>The content is a single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CERT_PAIR</term>
|
||
/// <term>The content is an ASN.1 encoded X509_CERT_pair.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CRL</term>
|
||
/// <term>The content is a single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CTL</term>
|
||
/// <term>The content is a single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PFX</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet. This function only verifies that the object is a PKCS #12 packet. The PKCS #12 packet is
|
||
/// not loaded into a certificate store.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PFX_AND_LOAD</term>
|
||
/// <term>
|
||
/// The content is a PFX (PKCS #12) packet, and it has been loaded into a certificate store. Windows Server 2003 and Windows XP:
|
||
/// This value is not supported.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS7_SIGNED</term>
|
||
/// <term>The content is a PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED</term>
|
||
/// <term>The content is an embedded PKCS #7 signed message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS7_UNSIGNED</term>
|
||
/// <term>The content is a PKCS #7 unsigned message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_PKCS10</term>
|
||
/// <term>The content is a PKCS #10 message.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CERT</term>
|
||
/// <term>The content is a serialized single certificate.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CRL</term>
|
||
/// <term>The content is a serialized single CRL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CTL</term>
|
||
/// <term>The content is a serialized single CTL.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_STORE</term>
|
||
/// <term>The content is a serialized store.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pdwFormatType">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> value that receives the actual format type of the content. If this information is not needed, set
|
||
/// this parameter to <c>NULL</c>. The returned format type can be one of the following values.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED</term>
|
||
/// <term>The content is in ASCII hex-encoded format with an "{ASN}" prefix.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_BASE64_ENCODED</term>
|
||
/// <term>The content is in Base64 encoded format.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_FORMAT_BINARY</term>
|
||
/// <term>The content is in binary format.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="phCertStore">
|
||
/// <para>
|
||
/// A pointer to an <c>HCERTSTORE</c> value that receives a handle to a certificate store that includes all of the certificates,
|
||
/// CRLs, and CTLs in the object.
|
||
/// </para>
|
||
/// <para>
|
||
/// This parameter only receives a certificate store handle when the dwContentType parameter receives one of the following values.
|
||
/// This parameter receives <c>NULL</c> for all other content types.
|
||
/// </para>
|
||
/// <para>CERT_QUERY_CONTENT_CERT</para>
|
||
/// <para>CERT_QUERY_CONTENT_CRL</para>
|
||
/// <para>CERT_QUERY_CONTENT_CTL</para>
|
||
/// <para>CERT_QUERY_CONTENT_PFX_AND_LOAD</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_CERT</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_CRL</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_CTL</para>
|
||
/// <para>CERT_QUERY_CONTENT_SERIALIZED_STORE</para>
|
||
/// <para>When you have finished using the handle, free it by passing the handle to the CertCloseStore function.</para>
|
||
/// <para>If this information is not needed, set this parameter to <c>NULL</c>.</para>
|
||
/// </param>
|
||
/// <param name="phMsg">
|
||
/// <para>A pointer to an <c>HCRYPTMSG</c> value that receives the handle of an opened message.</para>
|
||
/// <para>
|
||
/// This parameter only receives a message handle when the dwContentType parameter receives one of the following values. This
|
||
/// parameter receives <c>NULL</c> for all other content types.
|
||
/// </para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED</para>
|
||
/// <para>CERT_QUERY_CONTENT_PKCS7_UNSIGNED</para>
|
||
/// <para>When you have finished using the handle, free it by passing the handle to the CryptMsgClose function.</para>
|
||
/// <para>If this information is not needed, set this parameter to <c>NULL</c>.</para>
|
||
/// </param>
|
||
/// <param name="ppvContext">
|
||
/// <para>A pointer to a pointer that receives additional information about the object.</para>
|
||
/// <para>
|
||
/// The format of this data depends on the value received by the dwContentType parameter. The following table lists the format of
|
||
/// the data for the specified dwContentType value.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>dwContentType value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CERT</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCertificateContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CRL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCRLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_CTL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCTLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CERT</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCertificateContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CRL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCRLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CERT_QUERY_CONTENT_SERIALIZED_CTL</term>
|
||
/// <term>
|
||
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
|
||
/// this pointer to the CertFreeCTLContext function.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>If this information is not needed, set this parameter to <c>NULL</c>.</para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the function returns nonzero.</para>
|
||
/// <para>If the function fails, it returns zero. For extended error information, call GetLastError.</para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptqueryobject BOOL CryptQueryObject( DWORD
|
||
// dwObjectType, const void *pvObject, DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags, DWORD dwFlags, DWORD
|
||
// *pdwMsgAndCertEncodingType, DWORD *pdwContentType, DWORD *pdwFormatType, HCERTSTORE *phCertStore, HCRYPTMSG *phMsg, const void
|
||
// **ppvContext );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "d882f2b0-0f0a-41c7-afca-a232dc00797b")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptQueryObject(CertQueryObjectType dwObjectType, [In] IntPtr pvObject, CertQueryContentFlags dwExpectedContentTypeFlags, CertQueryFormatFlags dwExpectedFormatTypeFlags,
|
||
[Optional] uint dwFlags, out CertEncodingType pdwMsgAndCertEncodingType, out CertQueryContentType pdwContentType, out CertQueryFormatType pdwFormatType, out SafeHCERTSTORE phCertStore,
|
||
out SafeHCRYPTMSG phMsg, out SafePCCTL_CONTEXT ppvContext);
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// The <c>CryptSignAndEncodeCertificate</c> function encodes and signs a certificate, certificate revocation list (CRL),
|
||
/// certificate trust list (CTL), or certificate request.
|
||
/// </para>
|
||
/// <para>This function performs the following operations:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>Calls CryptEncodeObject using lpszStructType to encode the "to be signed" information.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Calls CryptSignCertificate to sign this encoded information.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Calls CryptEncodeObject again, with lpszStructType set to X509_CERT, to further encode the resulting signed, encoded information.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
/// <param name="hBCryptKey">
|
||
/// A handle of the cryptographic service provider (CSP) to do the signature. This handle is an HCRYPTPROV handle that has been
|
||
/// created by using the CryptAcquireContext function or an <c>NCRYPT_KEY_HANDLE</c> handle that has been created by using the
|
||
/// NCryptOpenKey function. New applications should always pass in a <c>NCRYPT_KEY_HANDLE</c> handle of a CNG CSP.
|
||
/// </param>
|
||
/// <param name="dwKeySpec">
|
||
/// <para>
|
||
/// Identifies the private key to use from the provider's container. This must be one of the following values. This parameter is
|
||
/// ignored if a CNG key is passed in the hCryptProvOrNCryptKey parameter.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>AT_KEYEXCHANGE</term>
|
||
/// <term>Use the key exchange key.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>AT_SIGNATURE</term>
|
||
/// <term>Use the digital signature key.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>Specifies the encoding type used. This can be the following value.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// <term>Specifies X.509 certificate encoding.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="lpszStructType">
|
||
/// <para>
|
||
/// A pointer to a null-terminated ANSI string that contains the type of data to be encoded and signed. The following predefined
|
||
/// lpszStructType constants are used with encode operations.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>X509_CERT_CRL_TO_BE_SIGNED</term>
|
||
/// <term>pvStructInfo is the address of a CRL_INFO structure.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>X509_CERT_REQUEST_TO_BE_SIGNED</term>
|
||
/// <term>pvStructInfo is the address of a CERT_REQUEST_INFO structure.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>X509_CERT_TO_BE_SIGNED</term>
|
||
/// <term>pvStructInfo is the address of a CERT_INFO structure.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>X509_KEYGEN_REQUEST_TO_BE_SIGNED</term>
|
||
/// <term>pvStructInfo is the address of a CERT_KEYGEN_REQUEST_INFO structure.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pvStructInfo">
|
||
/// The address of a structure that contains the data to be signed and encoded. The format of this structure is determined by the
|
||
/// lpszStructType parameter.
|
||
/// </param>
|
||
/// <param name="pSignatureAlgorithm">
|
||
/// <para>
|
||
/// A pointer to a CRYPT_ALGORITHM_IDENTIFIER structure that contains the object identifier (OID) of the signature algorithm and any
|
||
/// additional parameters needed. This function uses the following algorithm OIDs:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>szOID_RSA_MD5RSA</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>szOID_RSA_SHA1RSA</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>szOID_X957_SHA1DSA</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>If the signature algorithm is a</para>
|
||
/// <para>hash</para>
|
||
/// <para>algorithm, the signature contains only the unencrypted hash octets. A private key is not used to encrypt the hash.</para>
|
||
/// <para>dwKeySpec</para>
|
||
/// <para>is not used and</para>
|
||
/// <para>hCryptProvOrNCryptKey</para>
|
||
/// <para>can be</para>
|
||
/// <para>NULL</para>
|
||
/// <para>if an appropriate default CSP can be used for hashing.</para>
|
||
/// </param>
|
||
/// <param name="pvHashAuxInfo">Reserved. Must be <c>NULL</c>.</param>
|
||
/// <param name="pbEncoded">
|
||
/// <para>A pointer to a buffer to receive the signed and encoded output.</para>
|
||
/// <para>
|
||
/// This parameter can be <c>NULL</c> to set the size of this information for memory allocation purposes. For more information, see
|
||
/// Retrieving Data of Unknown Length.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pcbEncoded">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> that contains the size, in bytes, of the buffer pointed to by the pbEncoded parameter. When the
|
||
/// function returns, the <c>DWORD</c> contains the number of bytes stored or to be stored in the buffer.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Note</c> When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
|
||
/// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually
|
||
/// specified large enough to ensure that the largest possible output data will fit in the buffer.) On output, the variable pointed
|
||
/// to by this parameter is updated to reflect the actual size of the data copied to the buffer.
|
||
/// </para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, the return value is zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
|
||
/// <para>
|
||
/// <c>Note</c> Errors from the called functions CryptCreateHash, CryptSignHash and CryptHashData might be propagated to this function.
|
||
/// </para>
|
||
/// <para>Possible error codes include, but are not limited to, the following.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_MORE_DATA</term>
|
||
/// <term>
|
||
/// If the buffer specified by the pbEncoded parameter is not large enough to hold the returned data, the function sets the
|
||
/// ERROR_MORE_DATA code and stores the required buffer size, in bytes, into the variable pointed to by pcbEncoded.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_FILE_NOT_FOUND</term>
|
||
/// <term>Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NTE_BAD_ALGID</term>
|
||
/// <term>The signature algorithm's OID does not map to a known or supported hash algorithm.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_E_BAD_ENCODE</term>
|
||
/// <term>
|
||
/// An error was encountered while encoding or decoding. The most likely cause of this error is the improper initialization of the
|
||
/// fields in the structure pointed to by pvStructInfo.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
|
||
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
|
||
/// </para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptsignandencodecertificate BOOL
|
||
// CryptSignAndEncodeCertificate( BCRYPT_KEY_HANDLE hBCryptKey, DWORD dwKeySpec, DWORD dwCertEncodingType, LPCSTR lpszStructType,
|
||
// const void *pvStructInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, const void *pvHashAuxInfo, BYTE *pbEncoded, DWORD
|
||
// *pcbEncoded );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "ee138918-ed7c-4980-8b18-64004a0dd7df")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptSignAndEncodeCertificate(NCrypt.NCRYPT_KEY_HANDLE hBCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType,
|
||
[In] SafeOID lpszStructType, [In] IntPtr pvStructInfo, in CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
|
||
[In, Optional] IntPtr pvHashAuxInfo, [Out] IntPtr pbEncoded, ref uint pcbEncoded);
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// The <c>CryptSignAndEncodeCertificate</c> function encodes and signs a certificate, certificate revocation list (CRL),
|
||
/// certificate trust list (CTL), or certificate request.
|
||
/// </para>
|
||
/// <para>This function performs the following operations:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>Calls CryptEncodeObject using lpszStructType to encode the "to be signed" information.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Calls CryptSignCertificate to sign this encoded information.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>Calls CryptEncodeObject again, with lpszStructType set to X509_CERT, to further encode the resulting signed, encoded information.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
/// <param name="hBCryptKey">
|
||
/// A handle of the cryptographic service provider (CSP) to do the signature. This handle is an HCRYPTPROV handle that has been
|
||
/// created by using the CryptAcquireContext function or an <c>NCRYPT_KEY_HANDLE</c> handle that has been created by using the
|
||
/// NCryptOpenKey function. New applications should always pass in a <c>NCRYPT_KEY_HANDLE</c> handle of a CNG CSP.
|
||
/// </param>
|
||
/// <param name="dwKeySpec">
|
||
/// <para>
|
||
/// Identifies the private key to use from the provider's container. This must be one of the following values. This parameter is
|
||
/// ignored if a CNG key is passed in the hCryptProvOrNCryptKey parameter.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>AT_KEYEXCHANGE</term>
|
||
/// <term>Use the key exchange key.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>AT_SIGNATURE</term>
|
||
/// <term>Use the digital signature key.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>Specifies the encoding type used. This can be the following value.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// <term>Specifies X.509 certificate encoding.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="lpszStructType">
|
||
/// <para>
|
||
/// A pointer to a null-terminated ANSI string that contains the type of data to be encoded and signed. The following predefined
|
||
/// lpszStructType constants are used with encode operations.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>X509_CERT_CRL_TO_BE_SIGNED</term>
|
||
/// <term>pvStructInfo is the address of a CRL_INFO structure.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>X509_CERT_REQUEST_TO_BE_SIGNED</term>
|
||
/// <term>pvStructInfo is the address of a CERT_REQUEST_INFO structure.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>X509_CERT_TO_BE_SIGNED</term>
|
||
/// <term>pvStructInfo is the address of a CERT_INFO structure.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>X509_KEYGEN_REQUEST_TO_BE_SIGNED</term>
|
||
/// <term>pvStructInfo is the address of a CERT_KEYGEN_REQUEST_INFO structure.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pvStructInfo">
|
||
/// The address of a structure that contains the data to be signed and encoded. The format of this structure is determined by the
|
||
/// lpszStructType parameter.
|
||
/// </param>
|
||
/// <param name="pSignatureAlgorithm">
|
||
/// <para>
|
||
/// A pointer to a CRYPT_ALGORITHM_IDENTIFIER structure that contains the object identifier (OID) of the signature algorithm and any
|
||
/// additional parameters needed. This function uses the following algorithm OIDs:
|
||
/// </para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>szOID_RSA_MD5RSA</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>szOID_RSA_SHA1RSA</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>szOID_X957_SHA1DSA</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>If the signature algorithm is a</para>
|
||
/// <para>hash</para>
|
||
/// <para>algorithm, the signature contains only the unencrypted hash octets. A private key is not used to encrypt the hash.</para>
|
||
/// <para>dwKeySpec</para>
|
||
/// <para>is not used and</para>
|
||
/// <para>hCryptProvOrNCryptKey</para>
|
||
/// <para>can be</para>
|
||
/// <para>NULL</para>
|
||
/// <para>if an appropriate default CSP can be used for hashing.</para>
|
||
/// </param>
|
||
/// <param name="pvHashAuxInfo">Reserved. Must be <c>NULL</c>.</param>
|
||
/// <param name="pbEncoded">
|
||
/// <para>A pointer to a buffer to receive the signed and encoded output.</para>
|
||
/// <para>
|
||
/// This parameter can be <c>NULL</c> to set the size of this information for memory allocation purposes. For more information, see
|
||
/// Retrieving Data of Unknown Length.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pcbEncoded">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> that contains the size, in bytes, of the buffer pointed to by the pbEncoded parameter. When the
|
||
/// function returns, the <c>DWORD</c> contains the number of bytes stored or to be stored in the buffer.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Note</c> When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
|
||
/// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually
|
||
/// specified large enough to ensure that the largest possible output data will fit in the buffer.) On output, the variable pointed
|
||
/// to by this parameter is updated to reflect the actual size of the data copied to the buffer.
|
||
/// </para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, the return value is zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
|
||
/// <para>
|
||
/// <c>Note</c> Errors from the called functions CryptCreateHash, CryptSignHash and CryptHashData might be propagated to this function.
|
||
/// </para>
|
||
/// <para>Possible error codes include, but are not limited to, the following.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_MORE_DATA</term>
|
||
/// <term>
|
||
/// If the buffer specified by the pbEncoded parameter is not large enough to hold the returned data, the function sets the
|
||
/// ERROR_MORE_DATA code and stores the required buffer size, in bytes, into the variable pointed to by pcbEncoded.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>ERROR_FILE_NOT_FOUND</term>
|
||
/// <term>Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NTE_BAD_ALGID</term>
|
||
/// <term>The signature algorithm's OID does not map to a known or supported hash algorithm.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_E_BAD_ENCODE</term>
|
||
/// <term>
|
||
/// An error was encountered while encoding or decoding. The most likely cause of this error is the improper initialization of the
|
||
/// fields in the structure pointed to by pvStructInfo.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
|
||
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
|
||
/// </para>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptsignandencodecertificate BOOL
|
||
// CryptSignAndEncodeCertificate( BCRYPT_KEY_HANDLE hBCryptKey, DWORD dwKeySpec, DWORD dwCertEncodingType, LPCSTR lpszStructType,
|
||
// const void *pvStructInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, const void *pvHashAuxInfo, BYTE *pbEncoded, DWORD
|
||
// *pcbEncoded );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "ee138918-ed7c-4980-8b18-64004a0dd7df")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptSignAndEncodeCertificate(HCRYPTPROV hBCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType,
|
||
[In] SafeOID lpszStructType, [In] IntPtr pvStructInfo, in CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
|
||
[In, Optional] IntPtr pvHashAuxInfo, [Out] IntPtr pbEncoded, ref uint pcbEncoded);
|
||
|
||
/// <summary>The <c>CryptSignCertificate</c> function signs the "to be signed" information in the encoded signed content.</summary>
|
||
/// <param name="hBCryptKey">
|
||
/// Handle of the CSP that does the signature. This handle must be an HCRYPTPROV handle that has been created by using the
|
||
/// CryptAcquireContext function or an <c>NCRYPT_KEY_HANDLE</c> handle that has been created by using the NCryptOpenKey function.
|
||
/// New applications should always pass in the <c>NCRYPT_KEY_HANDLE</c> handle of a CNG CSP.
|
||
/// </param>
|
||
/// <param name="dwKeySpec">
|
||
/// Identifies the private key to use from the provider's container. It can be AT_KEYEXCHANGE or AT_SIGNATURE. This parameter is
|
||
/// ignored if an <c>NCRYPT_KEY_HANDLE</c> is used in the hCryptProvOrNCryptKey parameter.
|
||
/// </param>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING</para>
|
||
/// <para>Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pbEncodedToBeSigned">A pointer to the encoded content to be signed.</param>
|
||
/// <param name="cbEncodedToBeSigned">The size, in bytes, of the encoded content, pbEncodedToBeSigned.</param>
|
||
/// <param name="pSignatureAlgorithm">
|
||
/// <para>A pointer to a CRYPT_ALGORITHM_IDENTIFIER structure with a <c>pszObjId</c> member set to one of the following:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>szOID_RSA_MD5RSA</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>szOID_RSA_SHA1RSA</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>szOID_X957_SHA1DSA</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>szOID_RSA_SSA_PSS</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>szOID_ECDSA_SPECIFIED</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the signature algorithm is a hash algorithm, the signature contains only the un-encrypted hash octets. A private key is not
|
||
/// used to encrypt the hash.
|
||
/// </para>
|
||
/// <para>dwKeySpec</para>
|
||
/// <para>is not used and</para>
|
||
/// <para>hCryptProvOrNCryptKey</para>
|
||
/// <para>can be</para>
|
||
/// <para>NULL</para>
|
||
/// <para>if an appropriate default CSP can be used for hashing.</para>
|
||
/// </param>
|
||
/// <param name="pvHashAuxInfo">Not currently used. Must be <c>NULL</c>.</param>
|
||
/// <param name="pbSignature">
|
||
/// <para>A pointer to a buffer to receive the signed hash of the content.</para>
|
||
/// <para>
|
||
/// This parameter can be <c>NULL</c> to set the size of this information for memory allocation purposes. For more information, see
|
||
/// Retrieving Data of Unknown Length.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pcbSignature">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> that contains the size, in bytes, of the buffer pointed to by the pbSignature parameter. When the
|
||
/// function returns, the <c>DWORD</c> contains the number of bytes stored or to be stored in the buffer.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Note</c> When processing the data returned in the buffer, applications must use the actual size of the data returned. The
|
||
/// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually
|
||
/// specified large enough to ensure that the largest possible output data will fit in the buffer.) On output, the variable pointed
|
||
/// to by this parameter is updated to reflect the actual size of the data copied to the buffer.
|
||
/// </para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, the return value is zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
|
||
/// <para>
|
||
/// <c>Note</c> Errors from the called functions CryptCreateHash, CryptSignHash and CryptHashData might be propagated to this function.
|
||
/// </para>
|
||
/// <para>This function has the following error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_MORE_DATA</term>
|
||
/// <term>
|
||
/// If the buffer specified by the pbSignature parameter is not large enough to hold the returned data, the function sets the
|
||
/// ERROR_MORE_DATA code, and stores the required buffer size, in bytes, into the variable pointed to by pcbSignature.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NTE_BAD_ALGID</term>
|
||
/// <term>The signature algorithm's object identifier (OID) does not map to a known or supported hash algorithm.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptsigncertificate BOOL CryptSignCertificate(
|
||
// BCRYPT_KEY_HANDLE hBCryptKey, DWORD dwKeySpec, DWORD dwCertEncodingType, const BYTE *pbEncodedToBeSigned, DWORD
|
||
// cbEncodedToBeSigned, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, const void *pvHashAuxInfo, BYTE *pbSignature, DWORD
|
||
// *pcbSignature );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "27578149-e5c0-47e5-8309-0d0ed7075d13")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptSignCertificate(NCrypt.NCRYPT_KEY_HANDLE hBCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType,
|
||
[In] IntPtr pbEncodedToBeSigned, uint cbEncodedToBeSigned, in CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, [In, Optional] IntPtr pvHashAuxInfo,
|
||
[Out] IntPtr pbSignature, ref uint pcbSignature);
|
||
|
||
/// <summary>The <c>CryptSignCertificate</c> function signs the "to be signed" information in the encoded signed content.</summary>
|
||
/// <param name="hBCryptKey">
|
||
/// Handle of the CSP that does the signature. This handle must be an HCRYPTPROV handle that has been created by using the
|
||
/// CryptAcquireContext function or an <c>NCRYPT_KEY_HANDLE</c> handle that has been created by using the NCryptOpenKey function.
|
||
/// New applications should always pass in the <c>NCRYPT_KEY_HANDLE</c> handle of a CNG CSP.
|
||
/// </param>
|
||
/// <param name="dwKeySpec">
|
||
/// Identifies the private key to use from the provider's container. It can be AT_KEYEXCHANGE or AT_SIGNATURE. This parameter is
|
||
/// ignored if an <c>NCRYPT_KEY_HANDLE</c> is used in the hCryptProvOrNCryptKey parameter.
|
||
/// </param>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
|
||
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
|
||
/// </para>
|
||
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING</para>
|
||
/// <para>Currently defined encoding types are:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>PKCS_7_ASN_ENCODING</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pbEncodedToBeSigned">A pointer to the encoded content to be signed.</param>
|
||
/// <param name="cbEncodedToBeSigned">The size, in bytes, of the encoded content, pbEncodedToBeSigned.</param>
|
||
/// <param name="pSignatureAlgorithm">
|
||
/// <para>A pointer to a CRYPT_ALGORITHM_IDENTIFIER structure with a <c>pszObjId</c> member set to one of the following:</para>
|
||
/// <list type="bullet">
|
||
/// <item>
|
||
/// <term>szOID_RSA_MD5RSA</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>szOID_RSA_SHA1RSA</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>szOID_X957_SHA1DSA</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>szOID_RSA_SSA_PSS</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>szOID_ECDSA_SPECIFIED</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the signature algorithm is a hash algorithm, the signature contains only the un-encrypted hash octets. A private key is not
|
||
/// used to encrypt the hash.
|
||
/// </para>
|
||
/// <para>dwKeySpec</para>
|
||
/// <para>is not used and</para>
|
||
/// <para>hCryptProvOrNCryptKey</para>
|
||
/// <para>can be</para>
|
||
/// <para>NULL</para>
|
||
/// <para>if an appropriate default CSP can be used for hashing.</para>
|
||
/// </param>
|
||
/// <param name="pvHashAuxInfo">Not currently used. Must be <c>NULL</c>.</param>
|
||
/// <param name="pbSignature">
|
||
/// <para>A pointer to a buffer to receive the signed hash of the content.</para>
|
||
/// <para>
|
||
/// This parameter can be <c>NULL</c> to set the size of this information for memory allocation purposes. For more information, see
|
||
/// Retrieving Data of Unknown Length.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pcbSignature">
|
||
/// <para>
|
||
/// A pointer to a <c>DWORD</c> that contains the size, in bytes, of the buffer pointed to by the pbSignature parameter. When the
|
||
/// function returns, the <c>DWORD</c> contains the number of bytes stored or to be stored in the buffer.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Note</c> When processing the data returned in the buffer, applications must use the actual size of the data returned. The
|
||
/// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually
|
||
/// specified large enough to ensure that the largest possible output data will fit in the buffer.) On output, the variable pointed
|
||
/// to by this parameter is updated to reflect the actual size of the data copied to the buffer.
|
||
/// </para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>If the function succeeds, the return value is nonzero ( <c>TRUE</c>).</para>
|
||
/// <para>If the function fails, the return value is zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
|
||
/// <para>
|
||
/// <c>Note</c> Errors from the called functions CryptCreateHash, CryptSignHash and CryptHashData might be propagated to this function.
|
||
/// </para>
|
||
/// <para>This function has the following error codes.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_MORE_DATA</term>
|
||
/// <term>
|
||
/// If the buffer specified by the pbSignature parameter is not large enough to hold the returned data, the function sets the
|
||
/// ERROR_MORE_DATA code, and stores the required buffer size, in bytes, into the variable pointed to by pcbSignature.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NTE_BAD_ALGID</term>
|
||
/// <term>The signature algorithm's object identifier (OID) does not map to a known or supported hash algorithm.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </returns>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptsigncertificate BOOL CryptSignCertificate(
|
||
// BCRYPT_KEY_HANDLE hBCryptKey, DWORD dwKeySpec, DWORD dwCertEncodingType, const BYTE *pbEncodedToBeSigned, DWORD
|
||
// cbEncodedToBeSigned, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, const void *pvHashAuxInfo, BYTE *pbSignature, DWORD
|
||
// *pcbSignature );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "27578149-e5c0-47e5-8309-0d0ed7075d13")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptSignCertificate(HCRYPTPROV hBCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType,
|
||
[In] IntPtr pbEncodedToBeSigned, uint cbEncodedToBeSigned, in CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, [In, Optional] IntPtr pvHashAuxInfo,
|
||
[Out] IntPtr pbSignature, ref uint pcbSignature);
|
||
|
||
/// <summary>
|
||
/// The <c>CryptVerifyCertificateSignature</c> function verifies the signature of a certificate, certificate revocation list (CRL),
|
||
/// or certificate request by using the public key in a CERT_PUBLIC_KEY_INFO structure. The function does not require access to a
|
||
/// private key.
|
||
/// </summary>
|
||
/// <param name="hCryptProv">
|
||
/// <para>This parameter is not used and should be set to <c>NULL</c>.</para>
|
||
/// <para>
|
||
/// <c>Windows Server 2003 and Windows XP:</c> A handle to the cryptographic service provider (CSP) used to verify the
|
||
/// signature.This parameter's data type is <c>HCRYPTPROV</c>.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>NULL</c> is passed unless there is a strong reason for passing in a specific cryptographic provider. Passing in <c>NULL</c>
|
||
/// causes the default RSA or DSS provider to be acquired.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// The certificate encoding type that was used to encrypt the subject. The message encoding type identifier, contained in the high
|
||
/// <c>WORD</c> of this value, is ignored by this function.
|
||
/// </para>
|
||
/// <para>This parameter can be the following currently defined certificate encoding type.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING 1 (0x1)</term>
|
||
/// <term>Specifies X.509 certificate encoding.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pbEncoded">A pointer to an encoded BLOB of CERT_SIGNED_CONTENT_INFO content on which the signature is to be verified.</param>
|
||
/// <param name="cbEncoded">The size, in bytes, of the encoded content in pbEncoded.</param>
|
||
/// <param name="pPublicKey">
|
||
/// A pointer to a CERT_PUBLIC_KEY_INFO structure that contains the public key to use when verifying the signature.
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>Returns nonzero if successful or zero otherwise.</para>
|
||
/// <para>For extended error information, call GetLastError.</para>
|
||
/// <para>
|
||
/// <c>Note</c> Errors from the called functions CryptCreateHash, CryptImportKey, CryptVerifySignature, and CryptHashData may be
|
||
/// propagated to this function.
|
||
/// </para>
|
||
/// <para>On failure, this function will cause the following error codes to be returned from GetLastError.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_FILE_NOT_FOUND</term>
|
||
/// <term>Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NTE_BAD_ALGID</term>
|
||
/// <term>The signature algorithm's object identifier (OID) does not map to a known or supported hash algorithm.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NTE_BAD_SIGNATURE</term>
|
||
/// <term>The signature was not valid.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
|
||
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
|
||
/// </para>
|
||
/// </returns>
|
||
/// <remarks>This function currently calls the CryptVerifyCertificateSignatureEx function to perform the verification.</remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptverifycertificatesignature BOOL
|
||
// CryptVerifyCertificateSignature( HCRYPTPROV_LEGACY hCryptProv, DWORD dwCertEncodingType, const BYTE *pbEncoded, DWORD cbEncoded,
|
||
// PCERT_PUBLIC_KEY_INFO pPublicKey );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "ac13a1dd-3ca9-470e-8d8f-d79d7d057f45")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptVerifyCertificateSignature([Optional] HCRYPTPROV hCryptProv, CertEncodingType dwCertEncodingType, [In] IntPtr pbEncoded, uint cbEncoded, in CERT_PUBLIC_KEY_INFO pPublicKey);
|
||
|
||
/// <summary>
|
||
/// The <c>CryptVerifyCertificateSignatureEx</c> function verifies the signature of a subject certificate, certificate revocation
|
||
/// list, certificate request, or keygen request by using the issuer's public key. The function does not require access to a private key.
|
||
/// </summary>
|
||
/// <param name="hCryptProv">
|
||
/// <para>This parameter is not used and should be set to <c>NULL</c>.</para>
|
||
/// <para>
|
||
/// <c>Windows Server 2003 and Windows XP:</c> A handle to the cryptographic service provider used to verify the signature.This
|
||
/// parameter's data type is <c>HCRYPTPROV</c>.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>NULL</c> is passed unless there is a strong reason for passing in a specific cryptographic provider. Passing in <c>NULL</c>
|
||
/// causes the default RSA or DSS provider to be acquired.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="dwCertEncodingType">
|
||
/// <para>
|
||
/// The certificate encoding type that was used to encrypt the subject. The message encoding type identifier, contained in the high
|
||
/// <c>WORD</c> of this value, is ignored by this function.
|
||
/// </para>
|
||
/// <para>This parameter can be the following currently defined certificate encoding type.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>X509_ASN_ENCODING 1 (0x1)</term>
|
||
/// <term>Specifies X.509 certificate encoding.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="dwSubjectType">
|
||
/// <para>The subject type. This parameter can be one of the following subject types.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB 1 (0x1)</term>
|
||
/// <term>pvSubject is a pointer to a CRYPT_DATA_BLOBstructure.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT 2 (0x2)</term>
|
||
/// <term>pvSubject is a pointer to a CCERT_CONTEXTstructure.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL 3 (0x3)</term>
|
||
/// <term>pvSubject is a pointer to a CCRL_CONTEXTstructure.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_VERIFY_CERT_SIGN_SUBJECT_OCSP_BASIC_SIGNED_RESPONSE 4 (0x4)</term>
|
||
/// <term>
|
||
/// pvSubject is a pointer to an OCSP_BASIC_SIGNED_RESPONSE_INFO structure. Windows Server 2003 and Windows XP: This subject type is
|
||
/// not supported.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pvSubject">A pointer to a structure of the type indicated by dwSubjectType that contains the signature to be verified.</param>
|
||
/// <param name="dwIssuerType">
|
||
/// <para>The issuer type. This parameter can be one of the following issuer types.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY 1 (0x1)</term>
|
||
/// <term>pvIssuer is a pointer to a CERT_PUBLIC_KEY_INFOstructure.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT 2 (0x2)</term>
|
||
/// <term>pvIssuer is a pointer to a CCERT_CONTEXTstructure.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN 3 (0x3)</term>
|
||
/// <term>pvIssuer is a pointer to a CCERT_CHAIN_CONTEXTstructure.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL 4 (0x4)</term>
|
||
/// <term>pvIssuer must be NULL.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// <c>Note</c> If dwIssuerType is <c>CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL</c> and the signature algorithm is a hashing algorithm, the
|
||
/// signature is expected to contain only unencrypted hash octets. Only <c>CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL</c> can be specified
|
||
/// in this nonencrypted signature case. If any other dwIssuerType is specified, verification fails and GetLastError returns E_INVALIDARG.
|
||
/// </para>
|
||
/// </param>
|
||
/// <param name="pvIssuer">
|
||
/// A pointer to a structure of the type indicated by the value of dwIssuerType. The structure contains access to the public key
|
||
/// needed to verify the signature.
|
||
/// </param>
|
||
/// <param name="dwFlags">
|
||
/// <para>Flags that modify the function behavior. This can be zero or a bitwise <c>OR</c> of the following values.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CRYPT_VERIFY_CERT_SIGN_DISABLE_MD2_MD4_FLAG 0x00000001</term>
|
||
/// <term>
|
||
/// If you set this flag and CryptVerifyCertificateSignatureEx detects an MD2 or MD4 algorithm, the function returns FALSE and sets
|
||
/// GetLastError to NTE_BAD_ALGID. The signature is still verified, but this combination of errors enables the caller, now knowing
|
||
/// that an MD2 or MD4 algorithm was used, to decide whether to trust or reject the signature. Windows 8 and Windows Server 2012:
|
||
/// Support for this flag begins.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_VERIFY_CERT_SIGN_SET_STRONG_PROPERTIES_FLAG 0x00000002</term>
|
||
/// <term>
|
||
/// Sets strong signature properties, after successful verification, on the subject pointed to by the pvSubject parameter. The
|
||
/// following property is set on the certificate context: The following properties are set on the CRL context: Windows 8 and Windows
|
||
/// Server 2012: Support for this flag begins.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRYPT_VERIFY_CERT_SIGN_RETURN_STRONG_PROPERTIES_FLAG 0x00000004</term>
|
||
/// <term>
|
||
/// Returns a pointer to a CRYPT_VERIFY_CERT_SIGN_STRONG_PROPERTIES_INFO structure in the pvExtra parameter. The structure contains
|
||
/// the length, in bits, of the public key and the names of the signing and hashing algorithms used. You must call CryptMemFree to
|
||
/// free the structure. If memory cannot be allocated for the CRYPT_VERIFY_CERT_SIGN_STRONG_PROPERTIES_INFO structure, this function
|
||
/// returns successfully but sets the pvExtra parameter to NULL. Windows 8 and Windows Server 2012: Support for this flag begins.
|
||
/// </term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </param>
|
||
/// <param name="pvExtra">
|
||
/// <para>Pointer to a CRYPT_VERIFY_CERT_SIGN_STRONG_PROPERTIES_INFO structure if the dwFlags parameter is set to <c>CRYPT_VERIFY_CERT_SIGN_RETURN_STRONG_PROPERTIES_FLAG</c>.</para>
|
||
/// <para>You must call CryptMemFree to free the structure.</para>
|
||
/// </param>
|
||
/// <returns>
|
||
/// <para>Returns nonzero if successful or zero otherwise.</para>
|
||
/// <para>For extended error information, call GetLastError.</para>
|
||
/// <para>
|
||
/// <c>Note</c> Errors from the called functions CryptCreateHash, CryptImportKey, CryptVerifySignature, and CryptHashData may be
|
||
/// propagated to this function.
|
||
/// </para>
|
||
/// <para>On failure, this function will cause the following error codes to be returned from GetLastError.</para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Return code</term>
|
||
/// <term>Description</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>ERROR_FILE_NOT_FOUND</term>
|
||
/// <term>Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NTE_BAD_ALGID</term>
|
||
/// <term>The signature algorithm's object identifier (OID) does not map to a known or supported hash algorithm.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>NTE_BAD_SIGNATURE</term>
|
||
/// <term>The signature was not valid.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// <para>
|
||
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
|
||
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
|
||
/// </para>
|
||
/// </returns>
|
||
/// <remarks>
|
||
/// The subject buffer can contain an encoded BLOB or a context for a certificate or CRL. In the case of a certificate context, if
|
||
/// the certificate's public key parameters are missing and if these parameters can be inherited from the certificate's issuer for
|
||
/// example from the DSS public key parameter, the context's CERT_PUBKEY_ALG_PARA_PROP_ID property is updated with the issuer's
|
||
/// public key algorithm parameters for a valid signature.
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptverifycertificatesignatureex BOOL
|
||
// CryptVerifyCertificateSignatureEx( HCRYPTPROV_LEGACY hCryptProv, DWORD dwCertEncodingType, DWORD dwSubjectType, void *pvSubject,
|
||
// DWORD dwIssuerType, void *pvIssuer, DWORD dwFlags, void *pvExtra );
|
||
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "8a84af66-b174-4a3e-b1d7-6f218a52d877")]
|
||
[return: MarshalAs(UnmanagedType.Bool)]
|
||
public static extern bool CryptVerifyCertificateSignatureEx([Optional] HCRYPTPROV hCryptProv, CertEncodingType dwCertEncodingType, CryptVerifyCertSignSubject dwSubjectType,
|
||
IntPtr pvSubject, CryptVerifyCertSignIssuer dwIssuerType, [In, Optional] IntPtr pvIssuer, CryptVerifyCertSignFlags dwFlags, [In, Out, Optional] IntPtr pvExtra);
|
||
|
||
/// <summary>
|
||
/// The <c>CERT_NAME_INFO</c> structure contains subject or issuer names. The information is represented as an array of CERT_RDN structures.
|
||
/// </summary>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_name_info typedef struct _CERT_NAME_INFO { DWORD
|
||
// cRDN; PCERT_RDN rgRDN; } CERT_NAME_INFO, *PCERT_NAME_INFO;
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "402d1051-d91a-4a79-96f6-10ed96a32d5c")]
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct CERT_NAME_INFO
|
||
{
|
||
/// <summary>Number of elements in the <c>rgRDN</c> array.</summary>
|
||
public uint cRDN;
|
||
|
||
/// <summary>Array of pointers to CERT_RDN structures.</summary>
|
||
public IntPtr rgRDN;
|
||
}
|
||
|
||
/// <summary>
|
||
/// The <c>CERT_REVOCATION_PARA</c> structure is passed in calls to the CertVerifyRevocation function to assist in finding the
|
||
/// issuer of the context to be verified. The <c>CERT_REVOCATION_PARA</c> structure is an optional parameter in the
|
||
/// CertVerifyRevocation function.
|
||
/// </summary>
|
||
/// <remarks>
|
||
/// <para>
|
||
/// The <c>CERT_REVOCATION_PARA</c> structure provides additional information that the CertVerifyRevocation function can use to
|
||
/// determine the context issuer.
|
||
/// </para>
|
||
/// <para>
|
||
/// If your application must check the freshness of the CRL or resynchronize the CRL cache, you can provide extra structure members
|
||
/// to assist the CertVerifyRevocation function with this. To include the additional structure members, define the constant
|
||
/// <c>CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS</c> in your application before including Wincrypt.h
|
||
/// </para>
|
||
/// </remarks>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_revocation_para typedef struct _CERT_REVOCATION_PARA
|
||
// { DWORD cbSize; PCCERT_CONTEXT pIssuerCert; DWORD cCertStore; HCERTSTORE *rgCertStore; HCERTSTORE hCrlStore; LPFILETIME
|
||
// pftTimeToUse; DWORD dwUrlRetrievalTimeout; BOOL fCheckFreshnessTime; DWORD dwFreshnessTime; LPFILETIME pftCurrentTime;
|
||
// PCERT_REVOCATION_CRL_INFO pCrlInfo; LPFILETIME pftCacheResync; PCERT_REVOCATION_CHAIN_PARA pChainPara; } CERT_REVOCATION_PARA, *PCERT_REVOCATION_PARA;
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "730db593-c55f-4ecf-bcac-5de54ab90db6")]
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct CERT_REVOCATION_PARA
|
||
{
|
||
/// <summary>The size, in bytes, of this structure.</summary>
|
||
public uint cbSize;
|
||
|
||
/// <summary>
|
||
/// A pointer to a CERT_CONTEXT structure that contains the certificate of the issuer of a certificate specified in the
|
||
/// rgpvContext array in the CertVerifyRevocation parameter list.
|
||
/// </summary>
|
||
public PCCERT_CONTEXT pIssuerCert;
|
||
|
||
/// <summary>
|
||
/// When set, contains the number of elements in the <c>rgCertStore</c> array. Set to zero if you are not supplying a list of
|
||
/// store handles in the rgCertStore parameter.
|
||
/// </summary>
|
||
public uint cCertStore;
|
||
|
||
/// <summary>
|
||
/// An array of certificate store handles. Specifies a set of stores that are searched for issuer certificates. If rgCertStore
|
||
/// is not set, the default stores are searched.
|
||
/// </summary>
|
||
public IntPtr rgCertStore;
|
||
|
||
/// <summary>
|
||
/// Optional store handle. When specified, a handler that uses certificate revocation lists (CRLs) can search this store for CRLs.
|
||
/// </summary>
|
||
public HCERTSTORE hCrlStore;
|
||
|
||
/// <summary>
|
||
/// A pointer to a <c>FILETIME</c> version of UTC time. When specified, the handler must, if possible, determine revocation
|
||
/// status relative to the time given. If <c>NULL</c> or the handler cannot determine the status relative to the
|
||
/// <c>pftTimeToUse</c> value, revocation status can be determined independent of time or relative to current time.
|
||
/// </summary>
|
||
public IntPtr pftTimeToUse;
|
||
|
||
/// <summary>
|
||
/// This member is defined only if <c>CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS</c> is defined. The time-out, in milliseconds, that
|
||
/// the revocation handler will wait when attempting to retrieve revocation information. If it is set to zero, the revocation
|
||
/// handler's default time-out is used. If <c>CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS</c> is defined, this member must be set to
|
||
/// zero if it is unused.
|
||
/// </summary>
|
||
public uint dwUrlRetrievalTimeout;
|
||
|
||
/// <summary>
|
||
/// This member is defined only if <c>CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS</c> is defined. If <c>TRUE</c>, an attempt is made
|
||
/// to retrieve a new CRL if the issue date of the CRL is less than or equal to the Current Time minus <c>dwFreshnessTime</c>.
|
||
/// If this flag is not set, the CRL's NextUpdate time is used. If <c>CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS</c> is defined, this
|
||
/// member must be set to <c>FALSE</c> if it is unused.
|
||
/// </summary>
|
||
[MarshalAs(UnmanagedType.Bool)] public bool fCheckFreshnessTime;
|
||
|
||
/// <summary>
|
||
/// This member is defined only if <c>CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS</c> is defined. The time, in seconds, is used to
|
||
/// determine whether an attempt will be made to retrieve a new CRL. If <c>CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS</c> is defined,
|
||
/// this member must be set to zero if it is unused.
|
||
/// </summary>
|
||
public uint dwFreshnessTime;
|
||
|
||
/// <summary>
|
||
/// This member is defined only if <c>CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS</c> is defined. A pointer to a <c>FILETIME</c>
|
||
/// structure that is used in the freshness time check. If the value of this pointer is null, the revocation handler uses the
|
||
/// current time. If <c>CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS</c> is defined, this member must be set to null if it is unused.
|
||
/// </summary>
|
||
public IntPtr pftCurrentTime;
|
||
|
||
/// <summary>
|
||
/// This member is defined only if <c>CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS</c> is defined. This member contains a pointer to a
|
||
/// PCERT_REVOCATION_CRL_INFO structure that contains CRL context information. The CRL information is only applicable to the
|
||
/// last context checked. To access the information in this CRL, call the CertVerifyRevocation function with cContext set to 1.
|
||
/// If <c>CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS</c> is defined, the member must be set to null if it is unused.
|
||
/// </summary>
|
||
public IntPtr pCrlInfo;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// This member is defined only if <c>CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS</c> is defined. This member contains a pointer to a
|
||
/// <c>FILETIME</c> structure that specifies the use of cached information. Any information cached before the specified time is
|
||
/// considered invalid and new information is retrieved. If <c>CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS</c> is defined, this member
|
||
/// must be set to null if it is unused.
|
||
/// </para>
|
||
/// <para><c>Windows Server 2003 and Windows XP:</c> This member is not used.</para>
|
||
/// </summary>
|
||
public IntPtr pftCacheResync;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// This member is defined only if <c>CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS</c> is defined. This member contains a pointer to a
|
||
/// CERT_REVOCATION_CHAIN_PARA structure that contains parameters used for building a chain for an independent OCSP signer
|
||
/// certificate. If <c>CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS</c> is defined, this member must be set to null if it is unused.
|
||
/// </para>
|
||
/// <para>
|
||
/// <c>Windows Vista, Windows Server 2003 and Windows XP:</c> This member is not used in the listed systems. The member is
|
||
/// available beginning with Windows Vista with SP1.
|
||
/// </para>
|
||
/// </summary>
|
||
public IntPtr pChainPara;
|
||
}
|
||
|
||
/// <summary>
|
||
/// The <c>CERT_REVOCATION_STATUS</c> structure contains information on the revocation status of the certificate. It is passed to
|
||
/// and returned by CertVerifyRevocation. On return from the function, it specifies the status of a revoked or unchecked context.
|
||
/// </summary>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_revocation_status typedef struct
|
||
// _CERT_REVOCATION_STATUS { DWORD cbSize; DWORD dwIndex; DWORD dwError; DWORD dwReason; BOOL fHasFreshnessTime; DWORD
|
||
// dwFreshnessTime; } CERT_REVOCATION_STATUS, *PCERT_REVOCATION_STATUS;
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "087ea37a-907a-4652-a5df-dd8e86755490")]
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct CERT_REVOCATION_STATUS
|
||
{
|
||
/// <summary>
|
||
/// <para>Size of this structure in bytes.</para>
|
||
/// <para>
|
||
/// Upon input to <c>CERT_REVOCATION_STATUS</c>, <c>cbSize</c> must be set to a size greater than or equal to the size of a
|
||
/// <c>CERT_REVOCATION_STATUS</c> structure. Otherwise, <c>CERT_REVOCATION_STATUS</c> returns <c>FALSE</c> and GetLastError
|
||
/// returns E_INVALIDARG.
|
||
/// </para>
|
||
/// </summary>
|
||
public uint cbSize;
|
||
|
||
/// <summary>
|
||
/// Specifies an index value for the rgpvContext array passed to CertVerifyRevocation. It is the index of the first context in
|
||
/// that array that was revoked or that could not be checked for revocation. For information about the contexts that were not
|
||
/// checked, <c>CertVerifyRevocation</c> is called again, specifying a rgpvContext array that contains the unchecked contexts
|
||
/// from the original list.
|
||
/// </summary>
|
||
public uint dwIndex;
|
||
|
||
/// <summary>
|
||
/// Specifies the returned error status. This value matches the return value of GetLastError on return from the call to
|
||
/// CertVerifyRevocation. For the list of these error values, see the table in the Return Values section of <c>CertVerifyRevocation</c>.
|
||
/// </summary>
|
||
public Win32Error dwError;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// Specifies the cause of the error. This member is set only if <c>dwError</c> is CRYPT_E_REVOKED. It contains a code that
|
||
/// indicates why the context was revoked. It can be one of the following values.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>CRL_REASON_UNSPECIFIED</term>
|
||
/// <term>No reason was specified for revocation.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRL_REASON_KEY_COMPROMISE</term>
|
||
/// <term>
|
||
/// It is known or suspected that the subject's private key or other aspects of the subject validated in the certificate are compromised.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRL_REASON_CA_COMPROMISE</term>
|
||
/// <term>It is known or suspected that the CA's private key or other aspects of the CA validated in the certificate are compromised.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRL_REASON_AFFILIATION_CHANGED</term>
|
||
/// <term>
|
||
/// The subject's name or other information in the certificate has been modified but there is no cause to suspect that the
|
||
/// private key has been compromised.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRL_REASON_SUPERSEDED</term>
|
||
/// <term>The certificate has been superseded, but there is no cause to suspect that the private key has been compromised.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRL_REASON_CESSATION_OF_OPERATION</term>
|
||
/// <term>
|
||
/// The certificate is no longer needed for the purpose for which it was issued, but there is no cause to suspect that the
|
||
/// private key has been compromised.
|
||
/// </term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>CRL_REASON_CERTIFICATE_HOLD</term>
|
||
/// <term>The certificate has been placed on hold.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public CRL_REASON dwReason;
|
||
|
||
/// <summary>
|
||
/// Depending on <c>cbSize</c>, this structure can contain this member. If this member is <c>TRUE</c>, the revocation freshness
|
||
/// time returned by <c>dwFreshnessTime</c> is valid.
|
||
/// </summary>
|
||
[MarshalAs(UnmanagedType.Bool)] public bool fHasFreshnessTime;
|
||
|
||
/// <summary>
|
||
/// Depending on <c>cbSize</c>, this structure can contain this member. If present, this member gives the time in seconds
|
||
/// between the current time and when the CRL was published.
|
||
/// </summary>
|
||
public uint dwFreshnessTime;
|
||
}
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// [The <c>CRYPT_ATTRIBUTES</c> structure is available for use in the operating systems specified in the Requirements section. It
|
||
/// may be altered or unavailable in subsequent versions.]
|
||
/// </para>
|
||
/// <para>The <c>CRYPT_ATTRIBUTES</c> structure contains an array of attributes.</para>
|
||
/// </summary>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_attributes typedef struct _CRYPT_ATTRIBUTES { DWORD
|
||
// cAttr; PCRYPT_ATTRIBUTE rgAttr; } CRYPT_ATTRIBUTES, *PCRYPT_ATTRIBUTES;
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "782f3022-d852-4ad7-8e0f-afbccc25928a")]
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct CRYPT_ATTRIBUTES
|
||
{
|
||
/// <summary>Number of elements in the <c>rgAttr</c> array.</summary>
|
||
public uint cAttr;
|
||
|
||
/// <summary>Array of CRYPT_ATTRIBUTE structures.</summary>
|
||
public IntPtr rgAttr;
|
||
}
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// [The <c>CRYPT_PKCS8_EXPORT_PARAMS</c> structure is available for use in the operating systems specified in the Requirements
|
||
/// section. It may be altered or unavailable in subsequent versions.]
|
||
/// </para>
|
||
/// <para>
|
||
/// The <c>CRYPT_PKCS8_EXPORT_PARAMS</c> structure identifies the private key and a callback function to encrypt the private key.
|
||
/// <c>CRYPT_PKCS8_EXPORT_PARAMS</c> is used as a parameter to the CryptExportPKCS8Ex function, which exports a private key in PKCS
|
||
/// #8 format.
|
||
/// </para>
|
||
/// </summary>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_pkcs8_export_params typedef struct
|
||
// _CRYPT_PKCS8_EXPORT_PARAMS { HCRYPTPROV hCryptProv; DWORD dwKeySpec; LPSTR pszPrivateKeyObjId; PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC
|
||
// pEncryptPrivateKeyFunc; LPVOID pVoidEncryptFunc; } CRYPT_PKCS8_EXPORT_PARAMS, *PCRYPT_PKCS8_EXPORT_PARAMS;
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "5a60c96e-907a-409e-921c-59055452463f")]
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct CRYPT_PKCS8_EXPORT_PARAMS
|
||
{
|
||
/// <summary>
|
||
/// An HCRYPTPROV variable that contains a handle to the cryptographic service provider (CSP) used to encrypt the private key.
|
||
/// This is a handle to the CSP obtained by calling CryptAcquireContext.
|
||
/// </summary>
|
||
public HCRYPTPROV hCryptProv;
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// A <c>DWORD</c> variable that contains the key specification. The following <c>dwKeySpec</c> values are defined for the
|
||
/// default provider.
|
||
/// </para>
|
||
/// <list type="table">
|
||
/// <listheader>
|
||
/// <term>Value</term>
|
||
/// <term>Meaning</term>
|
||
/// </listheader>
|
||
/// <item>
|
||
/// <term>AT_KEYEXCHANGE</term>
|
||
/// <term>Keys used to encrypt/decrypt session keys.</term>
|
||
/// </item>
|
||
/// <item>
|
||
/// <term>AT_SIGNATURE</term>
|
||
/// <term>Keys used to create and verify digital signatures.</term>
|
||
/// </item>
|
||
/// </list>
|
||
/// </summary>
|
||
public CertKeySpec dwKeySpec;
|
||
|
||
/// <summary>An <c>LPSTR</c> variable that contains the object identifier (OID) of the private key to be exported.</summary>
|
||
public StrPtrAnsi pszPrivateKeyObjId;
|
||
|
||
/// <summary>
|
||
/// A PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC pointer that points to a callback to a function that encrypts the private key. If this is
|
||
/// <c>NULL</c>, the private key is not encrypted, and a PKCS #8 CRYPT_ENCRYPTED_PRIVATE_KEY_INFO structure will not be
|
||
/// generated by CryptExportPKCS8Ex.
|
||
/// </summary>
|
||
[MarshalAs(UnmanagedType.FunctionPtr)] public PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC pEncryptPrivateKeyFunc;
|
||
|
||
/// <summary>A <c>LPVOID</c> value that provides data used for encryption, such as key, initialization vector, and password.</summary>
|
||
public IntPtr pVoidEncryptFunc;
|
||
}
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// [The <c>CRYPT_PKCS8_IMPORT_PARAMS</c> structure is available for use in the operating systems specified in the Requirements
|
||
/// section. It may be altered or unavailable in subsequent versions.]
|
||
/// </para>
|
||
/// <para>
|
||
/// The <c>CRYPT_PKCS8_IMPORT_PARAMS</c> structure contains a PKCS #8 private key and pointers to callback functions.
|
||
/// <c>CRYPT_PKCS8_IMPORT_PARAMS</c> is used by the CryptImportPKCS8 function. The first callback supplies the algorithm object
|
||
/// identifier (OID) and key length needed to specify the cryptographic service provider (CSP) into which the key will be imported.
|
||
/// If the private key in PKCS #8 is encrypted, the <c>CRYPT_PKCS8_IMPORT_PARAMS</c> structure contains the encrypted private key,
|
||
/// and the second callback is used to decrypt this private key.
|
||
/// </para>
|
||
/// </summary>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_pkcs8_import_params typedef struct
|
||
// _CRYPT_PKCS8_IMPORT_PARAMS { CRYPT_DIGEST_BLOB PrivateKey; PCRYPT_RESOLVE_HCRYPTPROV_FUNC pResolvehCryptProvFunc; LPVOID
|
||
// pVoidResolveFunc; PCRYPT_DECRYPT_PRIVATE_KEY_FUNC pDecryptPrivateKeyFunc; LPVOID pVoidDecryptFunc; } CRYPT_PKCS8_IMPORT_PARAMS,
|
||
// *PCRYPT_PKCS8_IMPORT_PARAMS, CRYPT_PRIVATE_KEY_BLOB_AND_PARAMS, *PCRYPT_PRIVATE_KEY_BLOB_AND_PARAMS;
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "a016e807-60d3-4ae4-829b-43acea2ee8c1")]
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct CRYPT_PKCS8_IMPORT_PARAMS
|
||
{
|
||
/// <summary>A CRYPT_DIGEST_BLOB structure that contains the PKCS #8 data.</summary>
|
||
public CRYPTOAPI_BLOB PrivateKey;
|
||
|
||
/// <summary>
|
||
/// A PCRYPT_RESOLVE_HCRYPTPROV_FUNC pointer that points to data used by a user-defined function that retrieves a handle to a CSP.
|
||
/// </summary>
|
||
[MarshalAs(UnmanagedType.FunctionPtr)]
|
||
public PCRYPT_RESOLVE_HCRYPTPROV_FUNC pResolvehCryptProvFunc;
|
||
|
||
/// <summary>An <c>LPVOID</c> value that identifies the function used to retrieve the CSP provider handle.</summary>
|
||
public IntPtr pVoidResolveFunc;
|
||
|
||
/// <summary>A PCRYPT_DECRYPT_PRIVATE_KEY_FUNC pointer that points to a callback function used to decrypt the private key.</summary>
|
||
[MarshalAs(UnmanagedType.FunctionPtr)]
|
||
public PCRYPT_DECRYPT_PRIVATE_KEY_FUNC pDecryptPrivateKeyFunc;
|
||
|
||
/// <summary>An <c>LPVOID</c> value that provides data used for encryption, such as key, initialization vector, and password.</summary>
|
||
public IntPtr pVoidDecryptFunc;
|
||
}
|
||
|
||
/// <summary>
|
||
/// <para>
|
||
/// [The <c>CRYPT_PRIVATE_KEY_INFO</c> structure is available for use in the operating systems specified in the Requirements
|
||
/// section. It may be altered or unavailable in subsequent versions.]
|
||
/// </para>
|
||
/// <para>
|
||
/// The <c>CRYPT_PRIVATE_KEY_INFO</c> structure contains a clear-text private key in the PrivateKey field (DER encoded).
|
||
/// <c>CRYPT_PRIVATE_KEY_INFO</c> contains the information in a PKCS #8 PrivateKeyInfo ASN.1 type found in the PKCS #8 standard.
|
||
/// </para>
|
||
/// </summary>
|
||
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_private_key_info typedef struct
|
||
// _CRYPT_PRIVATE_KEY_INFO { DWORD Version; CRYPT_ALGORITHM_IDENTIFIER Algorithm; CRYPT_DER_BLOB PrivateKey; PCRYPT_ATTRIBUTES
|
||
// pAttributes; } CRYPT_PRIVATE_KEY_INFO, *PCRYPT_PRIVATE_KEY_INFO;
|
||
[PInvokeData("wincrypt.h", MSDNShortId = "63a5d1c2-88b3-45fa-94d3-2179cb8802c9")]
|
||
[StructLayout(LayoutKind.Sequential)]
|
||
public struct CRYPT_PRIVATE_KEY_INFO
|
||
{
|
||
/// <summary>A <c>DWORD</c> value that identifies the PKCS #8 version.</summary>
|
||
public uint Version;
|
||
|
||
/// <summary>
|
||
/// A CRYPT_ALGORITHM_IDENTIFIER structure that indicates the algorithm in which the private key (RSA or DSA) is to be used.
|
||
/// </summary>
|
||
public CRYPT_ALGORITHM_IDENTIFIER Algorithm;
|
||
|
||
/// <summary>A CRYPT_DER_BLOB structure that contains the key data.</summary>
|
||
public CRYPTOAPI_BLOB PrivateKey;
|
||
|
||
/// <summary>A CRYPT_ATTRIBUTES structure that identifies the PKCS #8 attributes.</summary>
|
||
public IntPtr pAttributes;
|
||
}
|
||
|
||
/// <summary>Standard crypto memory allocation methods.</summary>
|
||
/// <seealso cref="Vanara.InteropServices.IMemoryMethods"/>
|
||
public class CryptMemMethods : MemoryMethodsBase
|
||
{
|
||
/// <summary>Gets a static instance of this class.</summary>
|
||
public static readonly CryptMemMethods Instance = new CryptMemMethods();
|
||
|
||
/// <summary>Gets a handle to a memory allocation of the specified size.</summary>
|
||
/// <param name="size">The size, in bytes, of memory to allocate.</param>
|
||
/// <returns>A memory handle.</returns>
|
||
/// <exception cref="NotImplementedException"></exception>
|
||
public override IntPtr AllocMem(int size) => Win32Error.ThrowLastErrorIfNull(CryptMemAlloc((uint)size));
|
||
|
||
/// <summary>Frees the memory associated with a handle.</summary>
|
||
/// <param name="hMem">A memory handle.</param>
|
||
/// <exception cref="NotImplementedException"></exception>
|
||
public override void FreeMem(IntPtr hMem) => CryptMemFree(hMem);
|
||
|
||
/// <summary>Gets the reallocation method.</summary>
|
||
/// <param name="hMem">A memory handle.</param>
|
||
/// <param name="size">The size, in bytes, of memory to allocate.</param>
|
||
/// <returns>A memory handle.</returns>
|
||
public override IntPtr ReAllocMem(IntPtr hMem, int size) => Win32Error.ThrowLastErrorIfNull(CryptMemRealloc(hMem, (uint)size));
|
||
}
|
||
|
||
/// <summary>Safe handle for crypto memory.</summary>
|
||
/// <seealso cref="Vanara.InteropServices.SafeMemoryHandle{T}"/>
|
||
public class SafeCryptMem : SafeMemoryHandleExt<CryptMemMethods>
|
||
{
|
||
/// <summary>Initializes a new instance of the <see cref="SafeMemoryHandle{T}"/> class.</summary>
|
||
/// <param name="size">The size of memory to allocate, in bytes.</param>
|
||
/// <exception cref="System.ArgumentOutOfRangeException">size - The value of this argument must be non-negative</exception>
|
||
public SafeCryptMem(SizeT size = default) : base(size) { }
|
||
|
||
/// <summary>Initializes a new instance of the <see cref="SafeMemoryHandle{T}"/> class.</summary>
|
||
/// <param name="handle">The handle.</param>
|
||
/// <param name="size">The size of memory allocated to the handle, in bytes.</param>
|
||
/// <param name="ownsHandle">if set to <c>true</c> if this class is responsible for freeing the memory on disposal.</param>
|
||
public SafeCryptMem(IntPtr handle, SizeT size, bool ownsHandle) : base(handle, size, ownsHandle) { }
|
||
|
||
/// <summary>
|
||
/// Allocates from unmanaged memory to represent an array of pointers and marshals the unmanaged pointers (IntPtr) to the native
|
||
/// array equivalent.
|
||
/// </summary>
|
||
/// <param name="bytes">Array of unmanaged pointers</param>
|
||
/// <returns>SafeHGlobalHandle object to an native (unmanaged) array of pointers</returns>
|
||
public SafeCryptMem(byte[] bytes) : base(bytes) { }
|
||
|
||
/// <summary>Allocates from unmanaged memory to represent a Unicode string (WSTR) and marshal this to a native PWSTR.</summary>
|
||
/// <param name="s">The string value.</param>
|
||
/// <param name="charSet">The character set of the string.</param>
|
||
/// <returns>SafeMemoryHandleExt object to an native (unmanaged) string</returns>
|
||
public SafeCryptMem(string s, CharSet charSet = CharSet.Unicode) : base(s, charSet) { }
|
||
}
|
||
|
||
/// <summary>Provides a <see cref="SafeHandle"/> for <see cref="HCRYPTKEY"/> that is disposed using <see cref="CryptDestroyKey"/>.</summary>
|
||
public class SafeHCRYPTKEY : SafeHANDLE
|
||
{
|
||
/// <summary>Represents a NULL handle for <see cref="SafeHCRYPTKEY"/>. This must be used instead of <see langword="null"/>.</summary>
|
||
public static readonly SafeHCRYPTKEY Null = new SafeHCRYPTKEY(IntPtr.Zero, false);
|
||
|
||
/// <summary>Initializes a new instance of the <see cref="SafeHCRYPTKEY"/> class and assigns an existing handle.</summary>
|
||
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
|
||
/// <param name="ownsHandle">
|
||
/// <see langword="true"/> to reliably release the handle during the finalization phase; otherwise, <see langword="false"/> (not recommended).
|
||
/// </param>
|
||
public SafeHCRYPTKEY(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { }
|
||
|
||
/// <summary>Initializes a new instance of the <see cref="SafeHCRYPTKEY"/> class.</summary>
|
||
private SafeHCRYPTKEY() : base() { }
|
||
|
||
/// <summary>Performs an implicit conversion from <see cref="SafeHCRYPTKEY"/> to <see cref="HCRYPTKEY"/>.</summary>
|
||
/// <param name="h">The safe handle instance.</param>
|
||
/// <returns>The result of the conversion.</returns>
|
||
public static implicit operator HCRYPTKEY(SafeHCRYPTKEY h) => h.handle;
|
||
|
||
/// <inheritdoc/>
|
||
protected override bool InternalReleaseHandle() => CryptDestroyKey(handle);
|
||
|
||
[DllImport(Lib.AdvApi32, SetLastError = true, ExactSpelling = true)]
|
||
[return: MarshalAs(UnmanagedType.Bool)] private static extern bool CryptDestroyKey(HCRYPTKEY hKey);
|
||
}
|
||
}
|
||
} |