sean-m
/
Vanara
mirror of https://github.com/dahall/Vanara.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Vanara/PInvoke/Cryptography/Crypt32/Wincrypt.Cert.cs

3679 lines
196 KiB
C#
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using Vanara.InteropServices;
namespace Vanara.PInvoke
{
/// <summary>Methods and data types found in Crypt32.dll.</summary>
public static partial class Crypt32
{
/// <summary>A set of flags that override the default behavior of this function.</summary>
[PInvokeData("wincrypt.h", MSDNShortId = "89028c4e-f896-4c50-9fa2-bcb4e1784244")]
[Flags]
public enum CertCreateSelfSignFlags
{
/// <summary>
/// By default, the returned PCCERT_CONTEXT references the private keys by setting the CERT_KEY_PROV_INFO_PROP_ID. If you do not
/// want the returned PCCERT_CONTEXT to reference private keys by setting the CERT_KEY_PROV_INFO_PROP_ID, specify CERT_CREATE_SELFSIGN_NO_KEY_INFO.
/// </summary>
CERT_CREATE_SELFSIGN_NO_KEY_INFO = 2,
/// <summary>
/// By default, the certificate being created is signed. If the certificate being created is only a dummy placeholder, the
/// certificate might not need to be signed. Signing of the certificate is skipped if CERT_CREATE_SELFSIGN_NO_SIGN is specified.
/// </summary>
CERT_CREATE_SELFSIGN_NO_SIGN = 1,
}
/// <summary>Specifies the type of selection criteria used for the <c>ppPara</c> member.</summary>
[PInvokeData("wincrypt.h", MSDNShortId = "246722a9-5db6-4a82-8f29-f60f0a2263e3")]
public enum CertSelectBy : uint
{
/// <summary>
/// Select certificates based on a specific enhanced key usage. When this flag is set, the ppPara must reference a
/// null-terminated object identifier (OID) ANSI string that specifies the enhanced key usage.
/// <para>This criteria is evaluated on the certificate.</para>
/// </summary>
CERT_SELECT_BY_ENHKEY_USAGE = 1,
/// <summary>
/// Select certificates based on a specific szOID_KEY_USAGE extension in the certificate. When this flag is set, the ppPara
/// member must reference a CERT_EXTENSION structure where the value of the extension is a DWORD that identifies the Key Usage bits.
/// <para>This criteria is evaluated on the certificate.</para>
/// </summary>
CERT_SELECT_BY_KEY_USAGE = 2,
/// <summary>
/// Select certificates based on a specific issuance policy. The ppPara member must reference a null-terminated OID ANSI string
/// of the desired issuance policy.
/// <para>This criteria is evaluated on the issuance policy of the certificate chain.</para>
/// </summary>
CERT_SELECT_BY_POLICY_OID = 3,
/// <summary>
/// Select certificates based on a specific private key provider. The ppPara member must reference a null-terminated Unicode
/// string that represents the name of the provider.
/// </summary>
CERT_SELECT_BY_PROV_NAME = 4,
/// <summary>
/// Select certificates based on the presence of a specified extension and an optional specified value. The ppPara member must
/// reference a CERT_EXTENSION structure that specifies the extension OID and the associated value.
/// </summary>
CERT_SELECT_BY_EXTENSION = 5,
/// <summary>
/// Select certificates based on the Subject DNS HOST Name. The ppPara member must reference a null-terminated Unicode string
/// that contains the subject host name. The selection performed based on this flag is the same as the evaluation of the
/// pwszServerName member of the SSL_EXTRA_CERT_CHAIN_POLICY_PARA structure during a call to the
/// CertVerifyCertificateChainPolicy function.
/// <para>This criteria is evaluated on the certificate.</para>
/// </summary>
CERT_SELECT_BY_SUBJECT_HOST_NAME = 6,
/// <summary>
/// Select certificates based on the relative distinguished name (RDN) element of the issuer of the certificate. The ppPara
/// member must reference a CERT_RDN structure that contains the RDN element of the issuer.
/// <para>This criteria is evaluated on the certificate chain.</para>
/// </summary>
CERT_SELECT_BY_ISSUER_ATTR = 7,
/// <summary>
/// Select certificates based on the RDN element in the Subject of the certificate. The ppPara member must be a reference to a
/// CERT_RDN structure that contains the RDN element of the Subject.
/// <para>This criteria is evaluated on the certificate.</para>
/// </summary>
CERT_SELECT_BY_SUBJECT_ATTR = 8,
/// <summary>
/// Select certificates based on the issuer of the certificate. The ppPara member must be a reference to a CERT_NAME_BLOB
/// structure that contains the name of the issuer.
/// <para>This criteria is evaluated on the certificate chain.</para>
/// </summary>
CERT_SELECT_BY_ISSUER_NAME = 9,
/// <summary>
/// Select certificates based on the public key of the certificate. The ppPara member must reference a pointer to a
/// CERT_PUBLIC_KEY_INFO structure that contains the public key.
/// <para>This criteria is evaluated on the certificate.</para>
/// </summary>
CERT_SELECT_BY_PUBLIC_KEY = 10,
/// <summary>
/// Select certificates based on the Transport Layer Security protocol (TLS) Signature requirement. The ppPara member must
/// reference a SecPkgContext_SupportedSignatures structure.
/// <para>This criteria is evaluated on the certificate.</para>
/// </summary>
CERT_SELECT_BY_TLS_SIGNATURES = 11,
}
/// <summary>Flags for controlling the certificate selection process.</summary>
[PInvokeData("wincrypt.h", MSDNShortId = "b740772b-d25b-4b3d-9acb-03f7018750d6")]
public enum CertSelection : uint
{
/// <summary>
/// Select expired certificates that meet selection criteria. By default expired certificates are rejected from selection.
/// </summary>
CERT_SELECT_ALLOW_EXPIRED = 0x00000001,
/// <summary>
/// Select certificates on which the error bit in the certificate chain trust status is not set to CERT_TRUST_IS_UNTRUSTED_ROOT,
/// CERT_TRUST_IS_PARTIAL_CHAIN, or CERT_TRUST_IS_NOT_TIME_VALID.
/// <para>In addition, certificates that have one of the following invalid constraint errors are not selected:</para>
/// <para>CERT_TRUST_INVALID_POLICY_CONSTRAINTS</para>
/// <para>CERT_TRUST_INVALID_BASIC_CONSTRAINTS</para>
/// <para>CERT_TRUST_INVALID_NAME_CONSTRAINTS</para>
/// </summary>
CERT_SELECT_TRUSTED_ROOT = 0x00000002,
/// <summary>Select certificates that are not self-issued and self-signed.</summary>
CERT_SELECT_DISALLOW_SELFSIGNED = 0x00000004,
/// <summary>Select certificates that have a value set for the CERT_KEY_PROV_INFO_PROP_ID property of the certificate.</summary>
CERT_SELECT_HAS_PRIVATE_KEY = 0x00000008,
/// <summary>
/// Select certificates on which the value of the dwKeySpec member of the CERT_KEY_PROV_INFO_PROP_ID property is set to AT_SIGNATURE.
/// <para>
/// If this function is being called as part of a CNG enabled application and the dwKeySpec member of the
/// CERT_KEY_PROV_INFO_PROP_ID property is set to -1, select certificates on which the value of the NCRYPT_KEY_USAGE_PROPERTY
/// property of the associated private key has the NCRYPT_ALLOW_SIGNING_FLAG set.
/// </para>
/// </summary>
CERT_SELECT_HAS_KEY_FOR_SIGNATURE = 0x00000010,
/// <summary>
/// Select certificates on which the value of the dwKeySpec member of the CERT_KEY_PROV_INFO_PROP_ID property is set to AT_KEYEXCHANGE.
/// <para>
/// If this function is being called as part of a CNG enabled application and the dwKeySpec member of the
/// CERT_KEY_PROV_INFO_PROP_ID property is set to -1, select certificates on which either NCRYPT_ALLOW_DECRYPT_FLAG or
/// NCRYPT_ALLOW_KEY_AGREEMENT_FLAG is set.
/// </para>
/// </summary>
CERT_SELECT_HAS_KEY_FOR_KEY_EXCHANGE = 0x00000020,
/// <summary>
/// Select certificates on which the value of the PP_IMPTYPE property of the associated private key provider is set to either
/// CRYPT_IMPL_HARDWARE or CRYPT_IMPL_REMOVABLE. (For CNG providers, NCRYPT_IMPL_TYPE_PROPERTY property value MUST have either
/// the NCRYPT_IMPL_HARDWARE_FLAG or NCRYPT_IMPL_REMOVABLE_FLAG bit set).
/// <para>
/// If this function is being called as part of a CNG enabled application, select certificates on which the
/// NCRYPT_IMPL_TYPE_PROPERTY property is set to NCRYPT_IMPL_HARDWARE_FLAG or NCRYPT_IMPL_REMOVABLE_FLAG.
/// </para>
/// </summary>
CERT_SELECT_HARDWARE_ONLY = 0x00000040,
/// <summary>
/// Allow the selection of certificates on which the Subject and Subject Alt Name contain the same information and the
/// certificate template extension value is equivalent. By default when certificates match this criteria, only the most recent
/// certificate is selected.
/// </summary>
CERT_SELECT_ALLOW_DUPLICATES = 0x00000080,
/// <summary/>
CERT_SELECT_IGNORE_AUTOSELECT = 0x00000100,
}
/// <summary>A set of flags that specify how the information should be retrieved.</summary>
[Flags]
public enum CryptRetrievalFlags
{
/// <summary>
/// Validates the content retrieved by a wire URL before writing the URL to the cache. The default provider does not support the
/// HTTPS protocol for AIA retrievals.
/// </summary>
CRYPT_AIA_RETRIEVAL = 0x00080000,
/// <summary>This value is not supported.</summary>
CRYPT_ASYNC_RETRIEVAL = 0x00000010,
/// <summary>Retrieves the encoded bits from the URL cache only. Do not use the wire to retrieve the URL.</summary>
CRYPT_CACHE_ONLY_RETRIEVAL = 0x00000002,
/// <summary>The crypt create new flush entry</summary>
CRYPT_CREATE_NEW_FLUSH_ENTRY = 0x10000000,
/// <summary>Does not store the retrieved encoded bits to the URL cache. If this flag is not set, the retrieved URL is cached.</summary>
CRYPT_DONT_CACHE_RESULT = 0x00000008,
/// <summary>The crypt enable file retrieval</summary>
CRYPT_ENABLE_FILE_RETRIEVAL = 0x08000000,
/// <summary>The crypt enable SSL revocation retrieval</summary>
CRYPT_ENABLE_SSL_REVOCATION_RETRIEVAL = 0x00800000,
/// <summary>
/// <para>Uses the POST method instead of the default GET method for HTTP retrievals.</para>
/// <para>In a POST URL, additional binary data and header strings are appended to the base URL in the following format:</para>
/// <para><em>BaseURL/OptionalURLEscaped&amp;Base64EncodedAdditionalData?OptionalAdditionalHTTPHeaders</em></para>
/// <para>
/// The following example shows the additional binary data delimited by the last slash mark (/) and a Content-Type header
/// delimited by a question mark (?) appended to a base URL.
/// </para>
/// <para>
/// <c>http://ocsp.openvalidation.org/MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdKNEwjytjKBQADcgM61jfflNpyQQUv1NDgnjQnsOA5RtnygUA37lIg6UCAQI%3D?Content-Type: application/ocsp-request</c>
/// </para>
/// <para>
/// When this flag is set, the <strong>CryptRetrieveObjectByUrl</strong> function parses the URL by using the last slash mark
/// (/) and question mark (?) delimiters. The string, which is delimited by a slash mark (/), contains an unescaped URL (that
/// is, a plain text URL without escape characters or escape sequences) and Base64 data decoded into binary form before being
/// passed to the WinHttpSendRequest function as the lpOptional parameter. The string delimited by a question mark (?) is passed
/// to the <strong>WinHttpSendRequest</strong> function as the pwszHeaders parameter.
/// </para>
/// </summary>
CRYPT_HTTP_POST_RETRIEVAL = 0x00100000,
/// <summary>
/// Performs A-Record-only DNS lookup on the supplied host string, preventing the generation of false DNS queries when resolving
/// host names. This flag should be used when passing a host name as opposed to a domain name.
/// </summary>
CRYPT_LDAP_AREC_EXCLUSIVE_RETRIEVAL = 0x00040000,
/// <summary>
/// Retrieves the entry index and attribute name for each LDAP object. The beginning of each returned BLOB contains the
/// following ANSI string:
/// <para><c>"entry index in decimal\0attribute name\0"</c></para>
/// <para>When this flag is set, pszObjectOid must be NULL so that a BLOB is returned. This flag only applies to the ldap scheme.</para>
/// </summary>
CRYPT_LDAP_INSERT_ENTRY_ATTRIBUTE = 0x00008000,
/// <summary>Fails if the LDAP search scope is not set to base in the URL. Use with LDAP only.</summary>
CRYPT_LDAP_SCOPE_BASE_ONLY_RETRIEVAL = 0x00002000,
/// <summary>
/// Digitally signs all of the LDAP traffic to and from a server by using the Kerberos authentication protocol. This feature
/// provides integrity required by some applications.
/// </summary>
CRYPT_LDAP_SIGN_RETRIEVAL = 0x00010000,
/// <summary>Inhibits automatic authentication handling.</summary>
CRYPT_NO_AUTH_RETRIEVAL = 0x00020000,
/// <summary>
/// Enables a conditional HTTP URL retrieval. When this flag is set, for a conditional retrieval that returns
/// HTTP_STATUS_NOT_MODIFIED, CryptRetrieveObjectByUrl returns TRUE and ppvObject is set to NULL. If pAuxInfo is not NULL,
/// dwHttpStatusCode is set to HTTP_STATUS_NOT_MODIFIED. Otherwise, ppvObject is updated for a successful retrieval.
/// </summary>
CRYPT_NOT_MODIFIED_RETRIEVAL = 0x00400000,
/// <summary>
/// Keeps track of offline failures and delays before hitting the wire on subsequent retrievals. This value is for wire
/// retrieval only.
/// </summary>
CRYPT_OFFLINE_CHECK_RETRIEVAL = 0x00004000,
/// <summary>
/// Enables proxy cache retrieval of an object. If a proxy cache was not explicitly bypassed, fProxyCacheRetrieval is set to
/// TRUE in pAuxInfo. This value only applies to HTTP URL retrievals.
/// </summary>
CRYPT_PROXY_CACHE_RETRIEVAL = 0x00200000,
/// <summary/>
CRYPT_RANDOM_QUERY_STRING_RETRIEVAL = 0x04000000,
/// <summary>
/// Retrieves multiple objects if available. All objects must be of a homogeneous object type as determined by the value of
/// pszObjectOid, unless the object identifier (OID) value is CONTEXT_OID_CAPI2_ANY.
/// </summary>
CRYPT_RETRIEVE_MULTIPLE_OBJECTS = 0x00000001,
/// <summary>Tags the URL as exempt from being flushed from the cache. For more information, see STICKY_CACHE_ENTRY in INTERNET_CACHE_ENTRY_INFO.</summary>
CRYPT_STICKY_CACHE_RETRIEVAL = 0x00001000,
/// <summary>Retrieves the encoded bits from the wire only. Does not use the URL cache.</summary>
CRYPT_WIRE_ONLY_RETRIEVAL = 0x00000004,
}
/// <summary>The <c>CertAddCertificateContextToStore</c> function adds a certificate context to the certificate store.</summary>
/// <param name="hCertStore">Handle of a certificate store.</param>
/// <param name="pCertContext">A pointer to the CERT_CONTEXT structure to be added to the store.</param>
/// <param name="dwAddDisposition">
/// <para>
/// Specifies the action to take if a matching certificate or a link to a matching certificate already exists in the store.
/// Currently defined disposition values and their uses are as follows.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_STORE_ADD_ALWAYS</term>
/// <term>
/// The function makes no check for an existing matching certificate or link to a matching certificate. A new certificate is always
/// added to the store. This can lead to duplicates in a store.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_NEW</term>
/// <term>
/// If a matching certificate or a link to a matching certificate exists, the operation fails. GetLastError returns the
/// CRYPT_E_EXISTS code.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_NEWER</term>
/// <term>
/// If a matching certificate or a link to a matching certificate exists and the NotBefore time of the existing context is equal to
/// or greater than the NotBefore time of the new context being added, the operation fails and GetLastError returns the
/// CRYPT_E_EXISTS code. If the NotBefore time of the existing context is less than the NotBefore time of the new context being
/// added, the existing certificate or link is deleted and a new certificate is created and added to the store. If a matching
/// certificate or a link to a matching certificate does not exist, a new link is added. If certificate revocation lists (CRLs) or
/// certificate trust list (CTLs) are being compared, the ThisUpdate time is used.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES</term>
/// <term>
/// If a matching certificate or a link to a matching certificate exists and the NotBefore time of the existing context is equal to
/// or greater than the NotBefore time of the new context being added, the operation fails and GetLastError returns the
/// CRYPT_E_EXISTS code. If the NotBefore time of the existing context is less than the NotBefore time of the new context being
/// added, the existing context is deleted before creating and adding the new context. The new added context inherits properties
/// from the existing certificate. If CRLs or CTLs are being compared, the ThisUpdate time is used.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_REPLACE_EXISTING</term>
/// <term>
/// If a link to a matching certificate exists, that existing certificate or link is deleted and a new certificate is created and
/// added to the store. If a matching certificate or a link to a matching certificate does not exist, a new link is added.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES</term>
/// <term>
/// If a matching certificate exists in the store, the existing context is not replaced. The existing context inherits properties
/// from the new certificate.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_USE_EXISTING</term>
/// <term>
/// If a matching certificate or a link to a matching certificate exists, that existing certificate or link is used and properties
/// from the new certificate are added. The function does not fail, but it does not add a new context. If pCertContext is not NULL,
/// the existing context is duplicated. If a matching certificate or a link to a matching certificate does not exist, a new
/// certificate is added.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="ppStoreContext">
/// <para>A pointer to a pointer to the copy to be made of the certificate that was added to the store.</para>
/// <para>
/// The ppStoreContext parameter can be <c>NULL</c>, indicating that the calling application does not require a copy of the added
/// certificate. If a copy is made, it must be freed by using CertFreeCertificateContext.
/// </para>
/// </param>
/// <returns>
/// <para>If the function succeeds, the return value is <c>TRUE</c>.</para>
/// <para>
/// If the function fails, the return value is <c>FALSE</c>. For extended error information, call GetLastError. Some possible error
/// codes follow.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>CRYPT_E_EXISTS</term>
/// <term>
/// This value is returned if CERT_STORE_ADD_NEW is set and the certificate already exists in the store, or if CERT_STORE_ADD_NEWER
/// is set and a certificate exists in the store with a NotBefore date greater than or equal to the NotBefore date on the
/// certificate to be added.
/// </term>
/// </item>
/// <item>
/// <term>E_INVALIDARG</term>
/// <term>A disposition value that is not valid was specified in the dwAddDisposition parameter.</term>
/// </item>
/// </list>
/// <para>
/// Errors from the called functions, CertAddEncodedCertificateToStore and CertSetCertificateContextProperty, can be propagated to
/// this function.
/// </para>
/// </returns>
/// <remarks>
/// <para>
/// The certificate context is not duplicated using CertDuplicateCertificateContext. Instead, the function creates a new copy of the
/// context and adds it to the store.
/// </para>
/// <para>
/// In addition to the encoded certificate, CertDuplicateCertificateContext also copies the context's properties, with the exception
/// of the CERT_KEY_PROV_HANDLE_PROP_ID and CERT_KEY_CONTEXT_PROP_ID properties.
/// </para>
/// <para>To remove the certificate context from the certificate store, use the CertDeleteCertificateFromStore function.</para>
/// <para>
/// <c>Note</c> The order of the certificate context may not be preserved within the store. To access a specific certificate you
/// must iterate across the certificates in the store.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddcertificatecontexttostore BOOL
// CertAddCertificateContextToStore( HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition, PCCERT_CONTEXT
// *ppStoreContext );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "5e4d8cae-1096-491f-9a04-92b7e9c020bb")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertAddCertificateContextToStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, CertStoreAdd dwAddDisposition, out SafePCCERT_CONTEXT ppStoreContext);
/// <summary>The <c>CertAddCertificateContextToStore</c> function adds a certificate context to the certificate store.</summary>
/// <param name="hCertStore">Handle of a certificate store.</param>
/// <param name="pCertContext">A pointer to the CERT_CONTEXT structure to be added to the store.</param>
/// <param name="dwAddDisposition">
/// <para>
/// Specifies the action to take if a matching certificate or a link to a matching certificate already exists in the store.
/// Currently defined disposition values and their uses are as follows.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_STORE_ADD_ALWAYS</term>
/// <term>
/// The function makes no check for an existing matching certificate or link to a matching certificate. A new certificate is always
/// added to the store. This can lead to duplicates in a store.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_NEW</term>
/// <term>
/// If a matching certificate or a link to a matching certificate exists, the operation fails. GetLastError returns the
/// CRYPT_E_EXISTS code.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_NEWER</term>
/// <term>
/// If a matching certificate or a link to a matching certificate exists and the NotBefore time of the existing context is equal to
/// or greater than the NotBefore time of the new context being added, the operation fails and GetLastError returns the
/// CRYPT_E_EXISTS code. If the NotBefore time of the existing context is less than the NotBefore time of the new context being
/// added, the existing certificate or link is deleted and a new certificate is created and added to the store. If a matching
/// certificate or a link to a matching certificate does not exist, a new link is added. If certificate revocation lists (CRLs) or
/// certificate trust list (CTLs) are being compared, the ThisUpdate time is used.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES</term>
/// <term>
/// If a matching certificate or a link to a matching certificate exists and the NotBefore time of the existing context is equal to
/// or greater than the NotBefore time of the new context being added, the operation fails and GetLastError returns the
/// CRYPT_E_EXISTS code. If the NotBefore time of the existing context is less than the NotBefore time of the new context being
/// added, the existing context is deleted before creating and adding the new context. The new added context inherits properties
/// from the existing certificate. If CRLs or CTLs are being compared, the ThisUpdate time is used.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_REPLACE_EXISTING</term>
/// <term>
/// If a link to a matching certificate exists, that existing certificate or link is deleted and a new certificate is created and
/// added to the store. If a matching certificate or a link to a matching certificate does not exist, a new link is added.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES</term>
/// <term>
/// If a matching certificate exists in the store, the existing context is not replaced. The existing context inherits properties
/// from the new certificate.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_USE_EXISTING</term>
/// <term>
/// If a matching certificate or a link to a matching certificate exists, that existing certificate or link is used and properties
/// from the new certificate are added. The function does not fail, but it does not add a new context. If pCertContext is not NULL,
/// the existing context is duplicated. If a matching certificate or a link to a matching certificate does not exist, a new
/// certificate is added.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="ppStoreContext">
/// <para>A pointer to a pointer to the copy to be made of the certificate that was added to the store.</para>
/// <para>
/// The ppStoreContext parameter can be <c>NULL</c>, indicating that the calling application does not require a copy of the added
/// certificate. If a copy is made, it must be freed by using CertFreeCertificateContext.
/// </para>
/// </param>
/// <returns>
/// <para>If the function succeeds, the return value is <c>TRUE</c>.</para>
/// <para>
/// If the function fails, the return value is <c>FALSE</c>. For extended error information, call GetLastError. Some possible error
/// codes follow.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>CRYPT_E_EXISTS</term>
/// <term>
/// This value is returned if CERT_STORE_ADD_NEW is set and the certificate already exists in the store, or if CERT_STORE_ADD_NEWER
/// is set and a certificate exists in the store with a NotBefore date greater than or equal to the NotBefore date on the
/// certificate to be added.
/// </term>
/// </item>
/// <item>
/// <term>E_INVALIDARG</term>
/// <term>A disposition value that is not valid was specified in the dwAddDisposition parameter.</term>
/// </item>
/// </list>
/// <para>
/// Errors from the called functions, CertAddEncodedCertificateToStore and CertSetCertificateContextProperty, can be propagated to
/// this function.
/// </para>
/// </returns>
/// <remarks>
/// <para>
/// The certificate context is not duplicated using CertDuplicateCertificateContext. Instead, the function creates a new copy of the
/// context and adds it to the store.
/// </para>
/// <para>
/// In addition to the encoded certificate, CertDuplicateCertificateContext also copies the context's properties, with the exception
/// of the CERT_KEY_PROV_HANDLE_PROP_ID and CERT_KEY_CONTEXT_PROP_ID properties.
/// </para>
/// <para>To remove the certificate context from the certificate store, use the CertDeleteCertificateFromStore function.</para>
/// <para>
/// <c>Note</c> The order of the certificate context may not be preserved within the store. To access a specific certificate you
/// must iterate across the certificates in the store.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddcertificatecontexttostore BOOL
// CertAddCertificateContextToStore( HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition, PCCERT_CONTEXT
// *ppStoreContext );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "5e4d8cae-1096-491f-9a04-92b7e9c020bb")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertAddCertificateContextToStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, CertStoreAdd dwAddDisposition, [Optional] IntPtr ppStoreContext);
/// <summary>
/// The <c>CertAddCertificateLinkToStore</c> function adds a link in a certificate store to a certificate context in a different
/// store. Instead of creating and adding a duplicate of the certificate context, this function adds a link to the original certificate.
/// </summary>
/// <param name="hCertStore">A handle to the certificate store where the link is to be added.</param>
/// <param name="pCertContext">A pointer to the CERT_CONTEXT structure to be linked.</param>
/// <param name="dwAddDisposition">
/// <para>
/// Specifies the action if a matching certificate or a link to a matching certificate already exists in the store. Currently
/// defined disposition values and their uses are as follows.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_STORE_ADD_ALWAYS</term>
/// <term>
/// The function makes no check for an existing matching certificate or link to a matching certificate. A new certificate is always
/// added to the store. This can lead to duplicates in a store.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_NEW</term>
/// <term>
/// If a matching certificate or a link to a matching certificate exists, the operation fails. GetLastError returns the
/// CRYPT_E_EXISTS code.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_REPLACE_EXISTING</term>
/// <term>
/// If a link to a matching certificate exists, that existing link is deleted and a new link is created and added to the store. If
/// no matching certificate or link to a matching certificate exists, one is added.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_USE_EXISTING</term>
/// <term>
/// If a matching certificate or a link to a matching certificate exists, the existing certificate is used. The function does not
/// fail, but no new link is added. If no matching certificate or link to a matching certificate exists, a new link is added.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="ppStoreContext">
/// A pointer to a pointer to a copy of the link created. The ppStoreContext parameter can be <c>NULL</c> to indicate that a copy of
/// the link is not needed. If a copy of the link is created, that copy must be freed using the CertFreeCertificateContext function.
/// </param>
/// <returns>
/// <para>If the function succeeds, the return value is <c>TRUE</c>.</para>
/// <para>
/// If the function fails, the return value is <c>FALSE</c>. For extended error information, call GetLastError. Some possible error
/// codes follow.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>CRYPT_E_EXISTS</term>
/// <term>For a dwAddDisposition parameter of CERT_STORE_ADD_NEW, the certificate already exists in the store.</term>
/// </item>
/// <item>
/// <term>E_INVALIDARG</term>
/// <term>A disposition value that is not valid was specified in the dwAddDisposition parameter.</term>
/// </item>
/// </list>
/// </returns>
/// <remarks>
/// <para>
/// Because the link provides access to the original certificate context, setting an extended property in the linked certificate
/// context changes that extended property in the certificate's original location and in any other links to that certificate.
/// </para>
/// <para>
/// Links cannot be added to a store opened as a collection. Stores opened as collections include all stores opened with
/// CertOpenSystemStore or CertOpenStore using CERT_STORE_PROV_SYSTEM or CERT_STORE_PROV_COLLECTION. For more information, see CertAddStoreToCollection.
/// </para>
/// <para>
/// If links are used and CertCloseStore is called with CERT_CLOSE_STORE_FORCE_FLAG, the store that uses links must be closed before
/// the store that contains the original contexts is closed. If CERT_CLOSE_STORE_FORCE_FLAG is not used, the two stores can be
/// closed in either order.
/// </para>
/// <para>To remove the certificate context link from the certificate store, use the CertDeleteCertificateFromStore function.</para>
/// <para>Examples</para>
/// <para>
/// For an example that uses this function, see Example C Program: Certificate Store Operations. For additional code that uses this
/// function, see Example C Program: Collection and Sibling Certificate Store Operations.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddcertificatelinktostore BOOL
// CertAddCertificateLinkToStore( HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition, PCCERT_CONTEXT
// *ppStoreContext );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "bcbf7755-d0ce-4dd5-8462-72760364fdc3")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertAddCertificateLinkToStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, CertStoreAdd dwAddDisposition, out SafePCCERT_CONTEXT ppStoreContext);
/// <summary>
/// The <c>CertAddCertificateLinkToStore</c> function adds a link in a certificate store to a certificate context in a different
/// store. Instead of creating and adding a duplicate of the certificate context, this function adds a link to the original certificate.
/// </summary>
/// <param name="hCertStore">A handle to the certificate store where the link is to be added.</param>
/// <param name="pCertContext">A pointer to the CERT_CONTEXT structure to be linked.</param>
/// <param name="dwAddDisposition">
/// <para>
/// Specifies the action if a matching certificate or a link to a matching certificate already exists in the store. Currently
/// defined disposition values and their uses are as follows.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_STORE_ADD_ALWAYS</term>
/// <term>
/// The function makes no check for an existing matching certificate or link to a matching certificate. A new certificate is always
/// added to the store. This can lead to duplicates in a store.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_NEW</term>
/// <term>
/// If a matching certificate or a link to a matching certificate exists, the operation fails. GetLastError returns the
/// CRYPT_E_EXISTS code.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_REPLACE_EXISTING</term>
/// <term>
/// If a link to a matching certificate exists, that existing link is deleted and a new link is created and added to the store. If
/// no matching certificate or link to a matching certificate exists, one is added.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_USE_EXISTING</term>
/// <term>
/// If a matching certificate or a link to a matching certificate exists, the existing certificate is used. The function does not
/// fail, but no new link is added. If no matching certificate or link to a matching certificate exists, a new link is added.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="ppStoreContext">
/// A pointer to a pointer to a copy of the link created. The ppStoreContext parameter can be <c>NULL</c> to indicate that a copy of
/// the link is not needed. If a copy of the link is created, that copy must be freed using the CertFreeCertificateContext function.
/// </param>
/// <returns>
/// <para>If the function succeeds, the return value is <c>TRUE</c>.</para>
/// <para>
/// If the function fails, the return value is <c>FALSE</c>. For extended error information, call GetLastError. Some possible error
/// codes follow.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>CRYPT_E_EXISTS</term>
/// <term>For a dwAddDisposition parameter of CERT_STORE_ADD_NEW, the certificate already exists in the store.</term>
/// </item>
/// <item>
/// <term>E_INVALIDARG</term>
/// <term>A disposition value that is not valid was specified in the dwAddDisposition parameter.</term>
/// </item>
/// </list>
/// </returns>
/// <remarks>
/// <para>
/// Because the link provides access to the original certificate context, setting an extended property in the linked certificate
/// context changes that extended property in the certificate's original location and in any other links to that certificate.
/// </para>
/// <para>
/// Links cannot be added to a store opened as a collection. Stores opened as collections include all stores opened with
/// CertOpenSystemStore or CertOpenStore using CERT_STORE_PROV_SYSTEM or CERT_STORE_PROV_COLLECTION. For more information, see CertAddStoreToCollection.
/// </para>
/// <para>
/// If links are used and CertCloseStore is called with CERT_CLOSE_STORE_FORCE_FLAG, the store that uses links must be closed before
/// the store that contains the original contexts is closed. If CERT_CLOSE_STORE_FORCE_FLAG is not used, the two stores can be
/// closed in either order.
/// </para>
/// <para>To remove the certificate context link from the certificate store, use the CertDeleteCertificateFromStore function.</para>
/// <para>Examples</para>
/// <para>
/// For an example that uses this function, see Example C Program: Certificate Store Operations. For additional code that uses this
/// function, see Example C Program: Collection and Sibling Certificate Store Operations.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddcertificatelinktostore BOOL
// CertAddCertificateLinkToStore( HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition, PCCERT_CONTEXT
// *ppStoreContext );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "bcbf7755-d0ce-4dd5-8462-72760364fdc3")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertAddCertificateLinkToStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, CertStoreAdd dwAddDisposition, [Optional] IntPtr ppStoreContext);
/// <summary>
/// <para>
/// The <c>CertAddEncodedCertificateToStore</c> function creates a certificate context from an encoded certificate and adds it to
/// the certificate store. The context created does not include any extended properties.
/// </para>
/// <para>
/// The <c>CertAddEncodedCertificateToStore</c> function also makes a copy of the encoded certificate before adding the certificate
/// to the store.
/// </para>
/// </summary>
/// <param name="hCertStore">A handle to the certificate store.</param>
/// <param name="dwCertEncodingType">
/// <para>
/// Specifies the type of encoding used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
/// </para>
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:</para>
/// <list type="bullet">
/// <item>
/// <term>X509_ASN_ENCODING</term>
/// </item>
/// <item>
/// <term>PKCS_7_ASN_ENCODING</term>
/// </item>
/// </list>
/// </param>
/// <param name="pbCertEncoded">
/// A pointer to a buffer containing the encoded certificate that is to be added to the certificate store.
/// </param>
/// <param name="cbCertEncoded">The size, in bytes, of the pbCertEncoded buffer.</param>
/// <param name="dwAddDisposition">
/// <para>
/// Specifies the action to take if a matching certificate or link to a matching certificate exists in the store. Currently defined
/// disposition values and their uses are as follows.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_STORE_ADD_ALWAYS</term>
/// <term>
/// The function makes no check for an existing matching certificate or link to a matching certificate. A new certificate is always
/// added to the store. This can lead to duplicates in a store.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_NEW</term>
/// <term>
/// If a matching certificate or a link to a matching certificate exists in the store, the operation fails. GetLastError returns the
/// CRYPT_E_EXISTS code.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_REPLACE_EXISTING</term>
/// <term>
/// If a matching certificate or link to a matching certificate exists in the store, the existing certificate or link is deleted and
/// a new certificate is created and added to the store. If a matching certificate or link to a matching certificate does not exist,
/// a new certificate is created and added to the store.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES</term>
/// <term>
/// If a matching certificate exists in the store, that existing context is deleted before creating and adding the new context. The
/// new context inherits properties from the existing certificate.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_USE_EXISTING</term>
/// <term>
/// If a matching certificate or a link to a matching certificate exists, that existing certificate or link is used and properties
/// from the new certificate are added. The function does not fail, but it does not add a new context. If ppCertContext is not NULL,
/// the existing context is duplicated. If a matching certificate or link to a matching certificate does not exist, a new
/// certificate is added.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="ppCertContext">
/// A pointer to a pointer to the decoded certificate context. This is an optional parameter that can be <c>NULL</c>, indicating
/// that the calling application does not require a copy of the new or existing certificate. When a copy is made, its context must
/// be freed by using CertFreeCertificateContext.
/// </param>
/// <returns>
/// <para>If the function succeeds, the return value is <c>TRUE</c>.</para>
/// <para>
/// If the function fails, the return value is <c>FALSE</c>. For extended error information, call GetLastError. Some possible error
/// codes follow.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>CRYPT_E_EXISTS</term>
/// <term>
/// This code is returned if CERT_STORE_ADD_NEW is set and the certificate already exists in the store, or if CERT_STORE_ADD_NEWER
/// is set and there is a certificate in the store with a NotBefore date greater than or equal to the NotBefore date on the
/// certificate to be added.
/// </term>
/// </item>
/// <item>
/// <term>E_INVALIDARG</term>
/// <term>
/// A disposition value that is not valid was specified in the dwAddDisposition parameter, or a certificate encoding type that is
/// not valid was specified. Currently, only the X509_ASN_ENCODING type is supported.
/// </term>
/// </item>
/// </list>
/// <para>
/// If the function fails, GetLastError returns an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
/// </para>
/// </returns>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddencodedcertificatetostore BOOL
// CertAddEncodedCertificateToStore( HCERTSTORE hCertStore, DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD
// cbCertEncoded, DWORD dwAddDisposition, PCCERT_CONTEXT *ppCertContext );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "7c092bf5-f8b2-47d0-94ee-c8e0f4bca62d")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertAddEncodedCertificateToStore(HCERTSTORE hCertStore, CertEncodingType dwCertEncodingType, [In] IntPtr pbCertEncoded, uint cbCertEncoded, CertStoreAdd dwAddDisposition, out SafePCCERT_CONTEXT ppCertContext);
/// <summary>
/// <para>
/// The <c>CertAddEncodedCertificateToStore</c> function creates a certificate context from an encoded certificate and adds it to
/// the certificate store. The context created does not include any extended properties.
/// </para>
/// <para>
/// The <c>CertAddEncodedCertificateToStore</c> function also makes a copy of the encoded certificate before adding the certificate
/// to the store.
/// </para>
/// </summary>
/// <param name="hCertStore">A handle to the certificate store.</param>
/// <param name="dwCertEncodingType">
/// <para>
/// Specifies the type of encoding used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
/// </para>
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:</para>
/// <list type="bullet">
/// <item>
/// <term>X509_ASN_ENCODING</term>
/// </item>
/// <item>
/// <term>PKCS_7_ASN_ENCODING</term>
/// </item>
/// </list>
/// </param>
/// <param name="pbCertEncoded">
/// A pointer to a buffer containing the encoded certificate that is to be added to the certificate store.
/// </param>
/// <param name="cbCertEncoded">The size, in bytes, of the pbCertEncoded buffer.</param>
/// <param name="dwAddDisposition">
/// <para>
/// Specifies the action to take if a matching certificate or link to a matching certificate exists in the store. Currently defined
/// disposition values and their uses are as follows.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_STORE_ADD_ALWAYS</term>
/// <term>
/// The function makes no check for an existing matching certificate or link to a matching certificate. A new certificate is always
/// added to the store. This can lead to duplicates in a store.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_NEW</term>
/// <term>
/// If a matching certificate or a link to a matching certificate exists in the store, the operation fails. GetLastError returns the
/// CRYPT_E_EXISTS code.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_REPLACE_EXISTING</term>
/// <term>
/// If a matching certificate or link to a matching certificate exists in the store, the existing certificate or link is deleted and
/// a new certificate is created and added to the store. If a matching certificate or link to a matching certificate does not exist,
/// a new certificate is created and added to the store.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES</term>
/// <term>
/// If a matching certificate exists in the store, that existing context is deleted before creating and adding the new context. The
/// new context inherits properties from the existing certificate.
/// </term>
/// </item>
/// <item>
/// <term>CERT_STORE_ADD_USE_EXISTING</term>
/// <term>
/// If a matching certificate or a link to a matching certificate exists, that existing certificate or link is used and properties
/// from the new certificate are added. The function does not fail, but it does not add a new context. If ppCertContext is not NULL,
/// the existing context is duplicated. If a matching certificate or link to a matching certificate does not exist, a new
/// certificate is added.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="ppCertContext">
/// A pointer to a pointer to the decoded certificate context. This is an optional parameter that can be <c>NULL</c>, indicating
/// that the calling application does not require a copy of the new or existing certificate. When a copy is made, its context must
/// be freed by using CertFreeCertificateContext.
/// </param>
/// <returns>
/// <para>If the function succeeds, the return value is <c>TRUE</c>.</para>
/// <para>
/// If the function fails, the return value is <c>FALSE</c>. For extended error information, call GetLastError. Some possible error
/// codes follow.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>CRYPT_E_EXISTS</term>
/// <term>
/// This code is returned if CERT_STORE_ADD_NEW is set and the certificate already exists in the store, or if CERT_STORE_ADD_NEWER
/// is set and there is a certificate in the store with a NotBefore date greater than or equal to the NotBefore date on the
/// certificate to be added.
/// </term>
/// </item>
/// <item>
/// <term>E_INVALIDARG</term>
/// <term>
/// A disposition value that is not valid was specified in the dwAddDisposition parameter, or a certificate encoding type that is
/// not valid was specified. Currently, only the X509_ASN_ENCODING type is supported.
/// </term>
/// </item>
/// </list>
/// <para>
/// If the function fails, GetLastError returns an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
/// </para>
/// </returns>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddencodedcertificatetostore BOOL
// CertAddEncodedCertificateToStore( HCERTSTORE hCertStore, DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD
// cbCertEncoded, DWORD dwAddDisposition, PCCERT_CONTEXT *ppCertContext );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "7c092bf5-f8b2-47d0-94ee-c8e0f4bca62d")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertAddEncodedCertificateToStore(HCERTSTORE hCertStore, CertEncodingType dwCertEncodingType, [In] IntPtr pbCertEncoded, uint cbCertEncoded, CertStoreAdd dwAddDisposition, [Optional] IntPtr ppCertContext);
/// <summary>
/// The <c>CertAddRefServerOcspResponse</c> function increments the reference count for an <c>HCERT_SERVER_OCSP_RESPONSE</c> handle.
/// </summary>
/// <param name="hServerOcspResponse">A handle to an <c>HCERT_SERVER_OCSP_RESPONSE</c> returned by CertOpenServerOcspResponse.</param>
/// <returns>This function has no return value.</returns>
/// <remarks>Each CertOpenServerOcspResponse and <c>CertAddRefServerOcspResponse</c> requires a corresponding CertCloseServerOcspResponse.</remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddrefserverocspresponse void
// CertAddRefServerOcspResponse( HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "6ccc0e85-1fa0-480c-a5b4-b21ba811e5d0")]
public static extern void CertAddRefServerOcspResponse(HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse);
/// <summary>
/// The <c>CertAddRefServerOcspResponseContext</c> function increments the reference count for a CERT_SERVER_OCSP_RESPONSE_CONTEXT structure.
/// </summary>
/// <param name="pServerOcspResponseContext">A pointer to a CERT_SERVER_OCSP_RESPONSE_CONTEXT returned by CertGetServerOcspResponseContext.</param>
/// <returns>The function has no return value.</returns>
/// <remarks>
/// Each call to CertGetServerOcspResponseContext and <c>CertAddRefServerOcspResponseContext</c> requires a corresponding call to CertFreeServerOcspResponseContext.
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certaddrefserverocspresponsecontext void
// CertAddRefServerOcspResponseContext( PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "b7cdce9b-25fe-4fb9-b266-61989793699b")]
public static extern void CertAddRefServerOcspResponseContext(PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext);
/// <summary>
/// The <c>CertCloseServerOcspResponse</c> function closes an online certificate status protocol (OCSP) server response handle.
/// </summary>
/// <param name="hServerOcspResponse">The handle to close for an OCSP server response.</param>
/// <param name="dwFlags">This parameter is not used and must be zero.</param>
/// <returns>This function does not return a value.</returns>
/// <remarks>
/// The <c>CertCloseServerOcspResponse</c> function closes a handle returned by either the CertOpenServerOcspResponse or
/// CertAddRefServerOcspResponse function.
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcloseserverocspresponse void
// CertCloseServerOcspResponse( HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse, DWORD dwFlags );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "6247e8ca-ba12-432f-9bf8-a6c644f253e9")]
public static extern void CertCloseServerOcspResponse(HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse, uint dwFlags = 0);
/// <summary>
/// The <c>CertCreateCertificateContext</c> function creates a certificate context from an encoded certificate. The created context
/// is not persisted to a certificate store. The function makes a copy of the encoded certificate within the created context.
/// </summary>
/// <param name="dwCertEncodingType">
/// <para>
/// Specifies the type of encoding used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- <c>OR</c> operation as shown in the following example:
/// </para>
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:</para>
/// <list type="bullet">
/// <item>
/// <term>X509_ASN_ENCODING</term>
/// </item>
/// <item>
/// <term>PKCS_7_ASN_ENCODING</term>
/// </item>
/// </list>
/// </param>
/// <param name="pbCertEncoded">A pointer to a buffer that contains the encoded certificate from which the context is to be created.</param>
/// <param name="cbCertEncoded">The size, in bytes, of the pbCertEncoded buffer.</param>
/// <returns>
/// <para>
/// If the function succeeds, the function returns a pointer to a read-only CERT_CONTEXT. When you have finished using the
/// certificate context, free it by calling the CertFreeCertificateContext function.
/// </para>
/// <para>
/// If the function is unable to decode and create the certificate context, it returns <c>NULL</c>. For extended error information,
/// call GetLastError. Some possible error codes follow.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>E_INVALIDARG</term>
/// <term>A certificate encoding type that is not valid was specified. Currently, only the X509_ASN_ENCODING type is supported.</term>
/// </item>
/// </list>
/// <para>
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
/// </para>
/// </returns>
/// <remarks>
/// <para>
/// The CERT_CONTEXT must be freed by calling CertFreeCertificateContext. CertDuplicateCertificateContext can be called to make a
/// duplicate. CertSetCertificateContextProperty and CertGetCertificateContextProperty can be called to store and read properties
/// for the certificate.
/// </para>
/// <para>Examples</para>
/// <para>
/// The following example shows creating a certificate context from an encoded certificate. The created context is not put in a
/// certificate store. For another example that uses this function, see Example C Program: Certificate Store Operations.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcreatecertificatecontext PCCERT_CONTEXT
// CertCreateCertificateContext( DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD cbCertEncoded );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "a32714c4-ee88-48a8-a40a-bbbfec0613ac")]
public static extern SafePCCERT_CONTEXT CertCreateCertificateContext(CertEncodingType dwCertEncodingType, [In] IntPtr pbCertEncoded, uint cbCertEncoded);
/// <summary>
/// The <c>CertCreateSelfSignCertificate</c> function builds a self-signed certificate and returns a pointer to a CERT_CONTEXT
/// structure that represents the certificate.
/// </summary>
/// <param name="hCryptProvOrNCryptKey">
/// <para>
/// A handle of a cryptographic provider used to sign the certificate created. If <c>NULL</c>, information from the pKeyProvInfo
/// parameter is used to acquire the needed handle. If pKeyProvInfo is also <c>NULL</c>, the default provider type, PROV_RSA_FULL
/// provider type, the default key specification, AT_SIGNATURE, and a newly created key container with a unique container name are used.
/// </para>
/// <para>
/// This handle must be an HCRYPTPROV handle that has been created by using the CryptAcquireContext function or an
/// <c>NCRYPT_KEY_HANDLE</c> handle that has been created by using the NCryptOpenKey function. New applications should always pass
/// in the <c>NCRYPT_KEY_HANDLE</c> handle of a CNG cryptographic service provider (CSP).
/// </para>
/// </param>
/// <param name="pSubjectIssuerBlob">
/// A pointer to a BLOB that contains the distinguished name (DN) for the certificate subject. This parameter cannot be <c>NULL</c>.
/// Minimally, a pointer to an empty DN must be provided. This BLOB is normally created by using the CertStrToName function. It can
/// also be created by using the CryptEncodeObject function and specifying either the X509_NAME or X509_UNICODE_NAME StructType.
/// </param>
/// <param name="dwFlags">
/// <para>
/// A set of flags that override the default behavior of this function. This can be zero or a combination of one or more of the
/// following values.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_CREATE_SELFSIGN_NO_KEY_INFO 2</term>
/// <term>
/// By default, the returned PCCERT_CONTEXT references the private keys by setting the CERT_KEY_PROV_INFO_PROP_ID. If you do not
/// want the returned PCCERT_CONTEXT to reference private keys by setting the CERT_KEY_PROV_INFO_PROP_ID, specify CERT_CREATE_SELFSIGN_NO_KEY_INFO.
/// </term>
/// </item>
/// <item>
/// <term>CERT_CREATE_SELFSIGN_NO_SIGN 1</term>
/// <term>
/// By default, the certificate being created is signed. If the certificate being created is only a dummy placeholder, the
/// certificate might not need to be signed. Signing of the certificate is skipped if CERT_CREATE_SELFSIGN_NO_SIGN is specified.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="pKeyProvInfo">
/// <para>
/// A pointer to a CRYPT_KEY_PROV_INFO structure. Before a certificate is created, the CSP is queried for the key provider, key
/// provider type, and the key container name. If the CSP queried does not support these queries, the function fails. If the default
/// provider does not support these queries, a pKeyProvInfo value must be specified. The RSA BASE does support these queries.
/// </para>
/// <para>
/// If the pKeyProvInfo parameter is not <c>NULL</c>, the corresponding values are set in the <c>CERT_KEY_PROV_INFO_PROP_ID</c>
/// value of the generated certificate. You must ensure that all parameters of the supplied structure are correctly specified.
/// </para>
/// </param>
/// <param name="pSignatureAlgorithm">
/// A pointer to a CRYPT_ALGORITHM_IDENTIFIER structure. If <c>NULL</c>, the default algorithm, SHA1RSA, is used.
/// </param>
/// <param name="pStartTime">A pointer to a SYSTEMTIME structure. If <c>NULL</c>, the system current time is used by default.</param>
/// <param name="pEndTime">
/// A pointer to a SYSTEMTIME structure. If <c>NULL</c>, the pStartTime value plus one year will be used by default.
/// </param>
/// <param name="pExtensions">
/// A pointer to a CERT_EXTENSIONS array of CERT_EXTENSION structures. By default, the array is empty. An alternate subject name, if
/// desired, can be specified as one of these extensions.
/// </param>
/// <returns>
/// If the function succeeds, a PCCERT_CONTEXT variable that points to the created certificate is returned. If the function fails,
/// it returns <c>NULL</c>. For extended error information, call GetLastError.
/// </returns>
/// <remarks>
/// As the pEndTime must be a valid date, and is automatically generated if it is not supplied by the user, unexpected failures may
/// easily be caused when this API is called on a leap day without accompanying app logic to compensate. For more information,
/// please see leap year readiness.
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcreateselfsigncertificate PCCERT_CONTEXT
// CertCreateSelfSignCertificate( HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, PCERT_NAME_BLOB pSubjectIssuerBlob, DWORD
// dwFlags, PCRYPT_KEY_PROV_INFO pKeyProvInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime, PSYSTEMTIME
// pEndTime, PCERT_EXTENSIONS pExtensions );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "89028c4e-f896-4c50-9fa2-bcb4e1784244")]
public static extern SafePCCERT_CONTEXT CertCreateSelfSignCertificate(IntPtr hCryptProvOrNCryptKey, in CRYPTOAPI_BLOB pSubjectIssuerBlob, CertCreateSelfSignFlags dwFlags, IntPtr pKeyProvInfo, IntPtr pSignatureAlgorithm, IntPtr pStartTime, IntPtr pEndTime, IntPtr pExtensions);
/// <summary>
/// The <c>CertCreateSelfSignCertificate</c> function builds a self-signed certificate and returns a pointer to a CERT_CONTEXT
/// structure that represents the certificate.
/// </summary>
/// <param name="hCryptProvOrNCryptKey">
/// <para>
/// A handle of a cryptographic provider used to sign the certificate created. If <c>NULL</c>, information from the pKeyProvInfo
/// parameter is used to acquire the needed handle. If pKeyProvInfo is also <c>NULL</c>, the default provider type, PROV_RSA_FULL
/// provider type, the default key specification, AT_SIGNATURE, and a newly created key container with a unique container name are used.
/// </para>
/// <para>
/// This handle must be an HCRYPTPROV handle that has been created by using the CryptAcquireContext function or an
/// <c>NCRYPT_KEY_HANDLE</c> handle that has been created by using the NCryptOpenKey function. New applications should always pass
/// in the <c>NCRYPT_KEY_HANDLE</c> handle of a CNG cryptographic service provider (CSP).
/// </para>
/// </param>
/// <param name="pSubjectIssuerBlob">
/// A pointer to a BLOB that contains the distinguished name (DN) for the certificate subject. This parameter cannot be <c>NULL</c>.
/// Minimally, a pointer to an empty DN must be provided. This BLOB is normally created by using the CertStrToName function. It can
/// also be created by using the CryptEncodeObject function and specifying either the X509_NAME or X509_UNICODE_NAME StructType.
/// </param>
/// <param name="dwFlags">
/// <para>
/// A set of flags that override the default behavior of this function. This can be zero or a combination of one or more of the
/// following values.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_CREATE_SELFSIGN_NO_KEY_INFO 2</term>
/// <term>
/// By default, the returned PCCERT_CONTEXT references the private keys by setting the CERT_KEY_PROV_INFO_PROP_ID. If you do not
/// want the returned PCCERT_CONTEXT to reference private keys by setting the CERT_KEY_PROV_INFO_PROP_ID, specify CERT_CREATE_SELFSIGN_NO_KEY_INFO.
/// </term>
/// </item>
/// <item>
/// <term>CERT_CREATE_SELFSIGN_NO_SIGN 1</term>
/// <term>
/// By default, the certificate being created is signed. If the certificate being created is only a dummy placeholder, the
/// certificate might not need to be signed. Signing of the certificate is skipped if CERT_CREATE_SELFSIGN_NO_SIGN is specified.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="pKeyProvInfo">
/// <para>
/// A pointer to a CRYPT_KEY_PROV_INFO structure. Before a certificate is created, the CSP is queried for the key provider, key
/// provider type, and the key container name. If the CSP queried does not support these queries, the function fails. If the default
/// provider does not support these queries, a pKeyProvInfo value must be specified. The RSA BASE does support these queries.
/// </para>
/// <para>
/// If the pKeyProvInfo parameter is not <c>NULL</c>, the corresponding values are set in the <c>CERT_KEY_PROV_INFO_PROP_ID</c>
/// value of the generated certificate. You must ensure that all parameters of the supplied structure are correctly specified.
/// </para>
/// </param>
/// <param name="pSignatureAlgorithm">
/// A pointer to a CRYPT_ALGORITHM_IDENTIFIER structure. If <c>NULL</c>, the default algorithm, SHA1RSA, is used.
/// </param>
/// <param name="pStartTime">A pointer to a SYSTEMTIME structure. If <c>NULL</c>, the system current time is used by default.</param>
/// <param name="pEndTime">
/// A pointer to a SYSTEMTIME structure. If <c>NULL</c>, the pStartTime value plus one year will be used by default.
/// </param>
/// <param name="pExtensions">
/// A pointer to a CERT_EXTENSIONS array of CERT_EXTENSION structures. By default, the array is empty. An alternate subject name, if
/// desired, can be specified as one of these extensions.
/// </param>
/// <returns>
/// If the function succeeds, a PCCERT_CONTEXT variable that points to the created certificate is returned. If the function fails,
/// it returns <c>NULL</c>. For extended error information, call GetLastError.
/// </returns>
/// <remarks>
/// As the pEndTime must be a valid date, and is automatically generated if it is not supplied by the user, unexpected failures may
/// easily be caused when this API is called on a leap day without accompanying app logic to compensate. For more information,
/// please see leap year readiness.
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcreateselfsigncertificate PCCERT_CONTEXT
// CertCreateSelfSignCertificate( HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, PCERT_NAME_BLOB pSubjectIssuerBlob, DWORD
// dwFlags, PCRYPT_KEY_PROV_INFO pKeyProvInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime, PSYSTEMTIME
// pEndTime, PCERT_EXTENSIONS pExtensions );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "89028c4e-f896-4c50-9fa2-bcb4e1784244")]
public static extern SafePCCERT_CONTEXT CertCreateSelfSignCertificate(IntPtr hCryptProvOrNCryptKey, in CRYPTOAPI_BLOB pSubjectIssuerBlob, CertCreateSelfSignFlags dwFlags, in CRYPT_KEY_PROV_INFO pKeyProvInfo, in CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, IntPtr pStartTime, IntPtr pEndTime, IntPtr pExtensions);
/// <summary>
/// The <c>CertCreateSelfSignCertificate</c> function builds a self-signed certificate and returns a pointer to a CERT_CONTEXT
/// structure that represents the certificate.
/// </summary>
/// <param name="hCryptProvOrNCryptKey">
/// <para>
/// A handle of a cryptographic provider used to sign the certificate created. If <c>NULL</c>, information from the pKeyProvInfo
/// parameter is used to acquire the needed handle. If pKeyProvInfo is also <c>NULL</c>, the default provider type, PROV_RSA_FULL
/// provider type, the default key specification, AT_SIGNATURE, and a newly created key container with a unique container name are used.
/// </para>
/// <para>
/// This handle must be an HCRYPTPROV handle that has been created by using the CryptAcquireContext function or an
/// <c>NCRYPT_KEY_HANDLE</c> handle that has been created by using the NCryptOpenKey function. New applications should always pass
/// in the <c>NCRYPT_KEY_HANDLE</c> handle of a CNG cryptographic service provider (CSP).
/// </para>
/// </param>
/// <param name="pSubjectIssuerBlob">
/// A pointer to a BLOB that contains the distinguished name (DN) for the certificate subject. This parameter cannot be <c>NULL</c>.
/// Minimally, a pointer to an empty DN must be provided. This BLOB is normally created by using the CertStrToName function. It can
/// also be created by using the CryptEncodeObject function and specifying either the X509_NAME or X509_UNICODE_NAME StructType.
/// </param>
/// <param name="dwFlags">
/// <para>
/// A set of flags that override the default behavior of this function. This can be zero or a combination of one or more of the
/// following values.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_CREATE_SELFSIGN_NO_KEY_INFO 2</term>
/// <term>
/// By default, the returned PCCERT_CONTEXT references the private keys by setting the CERT_KEY_PROV_INFO_PROP_ID. If you do not
/// want the returned PCCERT_CONTEXT to reference private keys by setting the CERT_KEY_PROV_INFO_PROP_ID, specify CERT_CREATE_SELFSIGN_NO_KEY_INFO.
/// </term>
/// </item>
/// <item>
/// <term>CERT_CREATE_SELFSIGN_NO_SIGN 1</term>
/// <term>
/// By default, the certificate being created is signed. If the certificate being created is only a dummy placeholder, the
/// certificate might not need to be signed. Signing of the certificate is skipped if CERT_CREATE_SELFSIGN_NO_SIGN is specified.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="pKeyProvInfo">
/// <para>
/// A pointer to a CRYPT_KEY_PROV_INFO structure. Before a certificate is created, the CSP is queried for the key provider, key
/// provider type, and the key container name. If the CSP queried does not support these queries, the function fails. If the default
/// provider does not support these queries, a pKeyProvInfo value must be specified. The RSA BASE does support these queries.
/// </para>
/// <para>
/// If the pKeyProvInfo parameter is not <c>NULL</c>, the corresponding values are set in the <c>CERT_KEY_PROV_INFO_PROP_ID</c>
/// value of the generated certificate. You must ensure that all parameters of the supplied structure are correctly specified.
/// </para>
/// </param>
/// <param name="pSignatureAlgorithm">
/// A pointer to a CRYPT_ALGORITHM_IDENTIFIER structure. If <c>NULL</c>, the default algorithm, SHA1RSA, is used.
/// </param>
/// <param name="pStartTime">A pointer to a SYSTEMTIME structure. If <c>NULL</c>, the system current time is used by default.</param>
/// <param name="pEndTime">
/// A pointer to a SYSTEMTIME structure. If <c>NULL</c>, the pStartTime value plus one year will be used by default.
/// </param>
/// <param name="pExtensions">
/// A pointer to a CERT_EXTENSIONS array of CERT_EXTENSION structures. By default, the array is empty. An alternate subject name, if
/// desired, can be specified as one of these extensions.
/// </param>
/// <returns>
/// If the function succeeds, a PCCERT_CONTEXT variable that points to the created certificate is returned. If the function fails,
/// it returns <c>NULL</c>. For extended error information, call GetLastError.
/// </returns>
/// <remarks>
/// As the pEndTime must be a valid date, and is automatically generated if it is not supplied by the user, unexpected failures may
/// easily be caused when this API is called on a leap day without accompanying app logic to compensate. For more information,
/// please see leap year readiness.
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcreateselfsigncertificate PCCERT_CONTEXT
// CertCreateSelfSignCertificate( HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, PCERT_NAME_BLOB pSubjectIssuerBlob, DWORD
// dwFlags, PCRYPT_KEY_PROV_INFO pKeyProvInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime, PSYSTEMTIME
// pEndTime, PCERT_EXTENSIONS pExtensions );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "89028c4e-f896-4c50-9fa2-bcb4e1784244")]
public static extern SafePCCERT_CONTEXT CertCreateSelfSignCertificate(IntPtr hCryptProvOrNCryptKey, in CRYPTOAPI_BLOB pSubjectIssuerBlob, CertCreateSelfSignFlags dwFlags, in CRYPT_KEY_PROV_INFO pKeyProvInfo, in CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, in SYSTEMTIME pStartTime, in SYSTEMTIME pEndTime, in CERT_EXTENSIONS pExtensions);
/// <summary>
/// The <c>CertDeleteCertificateFromStore</c> function deletes the specified certificate context from the certificate store.
/// </summary>
/// <param name="pCertContext">A pointer to the CERT_CONTEXT structure to be deleted.</param>
/// <returns>
/// <para>If the function succeeds, the return value is <c>TRUE</c>.</para>
/// <para>
/// If the function fails, the return value is <c>FALSE</c>. For extended error information, call GetLastError. One possible error
/// code is the following.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>E_ACCESSDENIED</term>
/// <term>Indicates the store was opened as read-only and a delete operation is not allowed.</term>
/// </item>
/// </list>
/// </returns>
/// <remarks>
/// <para>
/// After a certificate is deleted from a store, all subsequent attempts to get or find that certificate in that store will fail.
/// However, memory allocated for the certificate is not freed until all duplicated contexts have also been freed.
/// </para>
/// <para>
/// The <c>CertDeleteCertificateFromStore</c> function always frees pCertContext by calling the CertFreeCertificateContext function,
/// even if an error is encountered. Freeing the context reduces the context's reference count by one. If the reference count
/// reaches zero, memory allocated for the certificate is freed.
/// </para>
/// <para>Examples</para>
/// <para>For an example that uses this function, see Example C Program: Deleting Certificates from a Certificate Store.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certdeletecertificatefromstore BOOL
// CertDeleteCertificateFromStore( PCCERT_CONTEXT pCertContext );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "4390c8da-9c4d-47a4-9af4-d179829f77f3")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertDeleteCertificateFromStore(PCCERT_CONTEXT pCertContext);
/// <summary>
/// The <c>CertDuplicateCertificateContext</c> function duplicates a certificate context by incrementing its reference count.
/// </summary>
/// <param name="pCertContext">A pointer to the CERT_CONTEXT structure for which the reference count is incremented.</param>
/// <returns>
/// Currently, a copy is not made of the context, and the returned pointer to a context has the same value as the pointer to a
/// context that was input. If the pointer passed into this function is <c>NULL</c>, <c>NULL</c> is returned. When you have finished
/// using the duplicate context, decrease its reference count by calling the CertFreeCertificateContext function.
/// </returns>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certduplicatecertificatecontext PCCERT_CONTEXT
// CertDuplicateCertificateContext( PCCERT_CONTEXT pCertContext );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "589edd25-c8d0-4f93-83b2-9df2ed2e2812")]
public static extern PCCERT_CONTEXT CertDuplicateCertificateContext(PCCERT_CONTEXT pCertContext);
/// <summary>
/// The <c>CertEnumCertificatesInStore</c> function retrieves the first or next certificate in a certificate store. Used in a loop,
/// this function can retrieve in sequence all certificates in a certificate store.
/// </summary>
/// <param name="hCertStore">A handle of a certificate store.</param>
/// <param name="pPrevCertContext">
/// <para>A pointer to the CERT_CONTEXT of the previous certificate context found.</para>
/// <para>
/// This parameter must be <c>NULL</c> to begin the enumeration and get the first certificate in the store. Successive certificates
/// are enumerated by setting pPrevCertContext to the pointer returned by a previous call to the function. This function frees the
/// CERT_CONTEXT referenced by non- <c>NULL</c> values of this parameter.
/// </para>
/// <para>
/// For logical stores, including collection stores, a duplicate of the pCertContext returned by this function cannot be used to
/// begin a new subsequence of enumerations because the duplicated certificate loses the initial enumeration state. The enumeration
/// skips any certificate previously deleted by CertDeleteCertificateFromStore.
/// </para>
/// </param>
/// <returns>
/// <para>
/// If the function succeeds, the function returns a pointer to the next CERT_CONTEXT in the store. If no more certificates exist in
/// the store, the function returns <c>NULL</c>.
/// </para>
/// <para>For extended error information, call GetLastError. Some possible error codes follow.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>E_INVALIDARG</term>
/// <term>The handle in the hCertStore parameter is not the same as that in the certificate context pointed to by pPrevCertContext.</term>
/// </item>
/// <item>
/// <term>CRYPT_E_NOT_FOUND</term>
/// <term>No certificates were found. This happens if the store is empty or if the function reached the end of the store's list.</term>
/// </item>
/// <item>
/// <term>ERROR_NO_MORE_FILES</term>
/// <term>
/// Applies to external stores. No certificates were found. This happens if the store is empty or if the function reached the end of
/// the store's list.
/// </term>
/// </item>
/// </list>
/// </returns>
/// <remarks>
/// <para>
/// The returned pointer is freed when passed as the pPrevCertContext parameter on a subsequent call. Otherwise, the pointer must be
/// freed by calling CertFreeCertificateContext. A non- <c>NULL</c> pPrevCertContext passed to <c>CertEnumCertificatesInStore</c> is
/// always freed even for an error.
/// </para>
/// <para>A duplicate of the currently enumerated certificate can be made by calling CertDuplicateCertificateContext.</para>
/// <para>Examples</para>
/// <para>
/// The following example lists the certificate contexts in the certificate store. For another example that uses this function, see
/// Example C Program: Deleting Certificates from a Certificate Store.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certenumcertificatesinstore PCCERT_CONTEXT
// CertEnumCertificatesInStore( HCERTSTORE hCertStore, PCCERT_CONTEXT pPrevCertContext );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "c5ab5b4c-dc0c-416b-aa9e-b939398cfa6d")]
public static extern PCCERT_CONTEXT CertEnumCertificatesInStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pPrevCertContext);
/// <summary>
/// The <c>CertFindCertificateInStore</c> function finds the first or next certificate context in a certificate store that matches a
/// search criteria established by the dwFindType and its associated pvFindPara. This function can be used in a loop to find all of
/// the certificates in a certificate store that match the specified find criteria.
/// </summary>
/// <param name="hCertStore">A handle of the certificate store to be searched.</param>
/// <param name="dwCertEncodingType">
/// <para>
/// Specifies the type of encoding used. Both the certificate and message encoding types must be specified by combining them with a
/// bitwise- <c>OR</c> operation as shown in the following example:
/// </para>
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:</para>
/// <list type="bullet">
/// <item>
/// <term>X509_ASN_ENCODING</term>
/// </item>
/// <item>
/// <term>PKCS_7_ASN_ENCODING</term>
/// </item>
/// </list>
/// </param>
/// <param name="dwFindFlags">
/// Used with some dwFindType values to modify the search criteria. For most dwFindType values, dwFindFlags is not used and should
/// be set to zero. For detailed information, see Remarks.
/// </param>
/// <param name="dwFindType">
/// <para>
/// Specifies the type of search being made. The search type determines the data type, contents, and the use of pvFindPara. This
/// parameter can be one of the following values.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_FIND_ANY</term>
/// <term>Data type of pvFindPara: NULL, not used. No search criteria used. Returns the next certificate in the store.</term>
/// </item>
/// <item>
/// <term>CERT_FIND_CERT_ID</term>
/// <term>Data type of pvFindPara: CERT_ID structure. Find the certificate identified by the specified CERT_ID.</term>
/// </item>
/// <item>
/// <term>CERT_FIND_CTL_USAGE</term>
/// <term>
/// Data type of pvFindPara: CTL_USAGE structure. Searches for a certificate that has a szOID_ENHANCED_KEY_USAGE extension or a
/// CERT_CTL_PROP_ID that matches the pszUsageIdentifier member of the CTL_USAGE structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_ENHKEY_USAGE</term>
/// <term>
/// Data type of pvFindPara: CERT_ENHKEY_USAGE structure. Searches for a certificate in the store that has either an enhanced key
/// usage extension or an enhanced key usage property and a usage identifier that matches the cUsageIdentifier member in the
/// CERT_ENHKEY_USAGE structure. A certificate has an enhanced key usage extension if it has a CERT_EXTENSION structure with the
/// pszObjId member set to szOID_ENHANCED_KEY_USAGE. A certificate has an enhanced key usage property if its
/// CERT_ENHKEY_USAGE_PROP_ID identifier is set. If CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG is set in dwFindFlags, certificates without
/// the key usage extension or property are also matches. Setting this flag takes precedence over passing NULL in pvFindPara. If
/// CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG is set, a match is done only on the key usage extension. For information about flag
/// modifications to search criteria, see Remarks.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_EXISTING</term>
/// <term>
/// Data type of pvFindPara: CERT_CONTEXT structure. Searches for a certificate that is an exact match of the specified certificate context.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_HASH</term>
/// <term>
/// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a SHA1 hash that matches the hash in the
/// CRYPT_HASH_BLOB structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_HAS_PRIVATE_KEY</term>
/// <term>
/// Data type of pvFindPara: NULL, not used. Searches for a certificate that has a private key. The key can be ephemeral or saved on
/// disk. The key can be a legacy Cryptography API (CAPI) key or a CNG key. Windows 8 and Windows Server 2012: Support for this flag begins.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_ISSUER_ATTR</term>
/// <term>
/// Data type of pvFindPara: CERT_RDN structure. Searches for a certificate with specified issuer attributes that match attributes
/// in the CERT_RDN structure. If these values are set, the function compares attributes of the issuer in a certificate with
/// elements of the CERT_RDN_ATTR array in this CERT_RDN structure. Comparisons iterate through the CERT_RDN_ATTR attributes looking
/// for a match with the certificate's issuer attributes. If the pszObjId member of CERT_RDN_ATTR is NULL, the attribute object
/// identifier is ignored. If the dwValueType member of CERT_RDN_ATTR is CERT_RDN_ANY_TYPE, the value type is ignored. If the pbData
/// member of CERT_RDN_VALUE_BLOB is NULL, any value is a match. Currently only an exact, case-sensitive match is supported. For
/// information about Unicode options, see Remarks. When these values are set, the search is restricted to certificates whose
/// encoding type matches dwCertEncodingType.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_ISSUER_NAME</term>
/// <term>
/// Data type of pvFindPara: CERT_NAME_BLOB structure. Search for a certificate with an exact match of the entire issuer name with
/// the name in CERT_NAME_BLOB The search is restricted to certificates that match the dwCertEncodingType.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_ISSUER_OF</term>
/// <term>
/// Data type of pvFindPara: CERT_CONTEXT structure. Searches for a certificate with an subject that matches the issuer in
/// CERT_CONTEXT. Instead of using CertFindCertificateInStore with this value, use the CertGetCertificateChain function.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_ISSUER_STR</term>
/// <term>
/// Data type of pvFindPara: Null-terminated Unicode string. Searches for a certificate that contains the specified issuer name
/// string. The certificate's issuer member is converted to a name string of the appropriate type using the appropriate form of
/// CertNameToStr formatted as CERT_SIMPLE_NAME_STR. Then a case-insensitive substring-within-a-string match is performed. When this
/// value is set, the search is restricted to certificates whose encoding type matches dwCertEncodingType. If the substring match
/// fails and the subject contains an email RDN with Punycode encoded string, CERT_NAME_STR_ENABLE_PUNYCODE_FLAG is used to convert
/// the subject to a Unicode string and the substring match is performed again.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_KEY_IDENTIFIER</term>
/// <term>
/// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a CERT_KEY_IDENTIFIER_PROP_ID property that
/// matches the key identifier in CRYPT_HASH_BLOB.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_KEY_SPEC</term>
/// <term>
/// Data type of pvFindPara: DWORD variable that contains a key specification. Searches for a certificate that has a
/// CERT_KEY_SPEC_PROP_ID property that matches the key specification in pvFindPara.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_MD5_HASH</term>
/// <term>
/// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with an MD5 hash that matches the hash in CRYPT_HASH_BLOB.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_PROPERTY</term>
/// <term>
/// Data type of pvFindPara: DWORD variable that contains a property identifier. Searches for a certificate with a property that
/// matches the property identifier specified by the DWORD value in pvFindPara.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_PUBLIC_KEY</term>
/// <term>
/// Data type of pvFindPara: CERT_PUBLIC_KEY_INFO structure. Searches for a certificate with a public key that matches the public
/// key in the CERT_PUBLIC_KEY_INFO structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_SHA1_HASH</term>
/// <term>
/// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a SHA1 hash that matches the hash in the
/// CRYPT_HASH_BLOB structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_SIGNATURE_HASH</term>
/// <term>
/// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a signature hash that matches the signature
/// hash in the CRYPT_HASH_BLOB structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_SUBJECT_ATTR</term>
/// <term>
/// Data type of pvFindPara: CERT_RDN structure. Searches for a certificate with specified subject attributes that match attributes
/// in the CERT_RDN structure. If RDN values are set, the function compares attributes of the subject in a certificate with elements
/// of the CERT_RDN_ATTR array in this CERT_RDN structure. Comparisons iterate through the CERT_RDN_ATTR attributes looking for a
/// match with the certificate's subject's attributes. If the pszObjId member of CERT_RDN_ATTR is NULL, the attribute object
/// identifier is ignored. If the dwValueType member of CERT_RDN_ATTR is CERT_RDN_ANY_TYPE, the value type is ignored. If the pbData
/// member of CERT_RDN_VALUE_BLOB is NULL, any value is a match. Currently only an exact, case-sensitive match is supported. For
/// information about Unicode options, see Remarks. When these values are set, the search is restricted to certificates whose
/// encoding type matches dwCertEncodingType.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_SUBJECT_CERT</term>
/// <term>
/// Data type of pvFindPara: CERT_INFO structure. Searches for a certificate with both an issuer and a serial number that match the
/// issuer and serial number in the CERT_INFO structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_SUBJECT_NAME</term>
/// <term>
/// Data type of pvFindPara: CERT_NAME_BLOB structure. Searches for a certificate with an exact match of the entire subject name
/// with the name in the CERT_NAME_BLOB structure. The search is restricted to certificates that match the value of dwCertEncodingType.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_SUBJECT_STR</term>
/// <term>
/// Data type of pvFindPara: Null-terminated Unicode string. Searches for a certificate that contains the specified subject name
/// string. The certificate's subject member is converted to a name string of the appropriate type using the appropriate form of
/// CertNameToStr formatted as CERT_SIMPLE_NAME_STR. Then a case-insensitive substring-within-a-string match is performed. When this
/// value is set, the search is restricted to certificates whose encoding type matches dwCertEncodingType.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_CROSS_CERT_DIST_POINTS</term>
/// <term>
/// Data type of pvFindPara: Not used. Find a certificate that has either a cross certificate distribution point extension or property.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_PUBKEY_MD5_HASH</term>
/// <term>
/// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Find a certificate whose MD5-hashed public key matches the specified hash.
/// </term>
/// </item>
/// </list>
/// <para>
/// <c>Note</c> There are alternate forms of the value of dwFindType that pass a string in pvFindPara. One form uses a Unicode
/// string, and the other an ASCII string. Values that end in "_W" or without a suffix use Unicode. Values that end with "_A" use
/// ASCII strings.
/// </para>
/// </param>
/// <param name="pvFindPara">Points to a data item or structure used with dwFindType.</param>
/// <param name="pPrevCertContext">
/// A pointer to the last CERT_CONTEXT structure returned by this function. This parameter must be <c>NULL</c> on the first call of
/// the function. To find successive certificates meeting the search criteria, set pPrevCertContext to the pointer returned by the
/// previous call to the function. This function frees the <c>CERT_CONTEXT</c> referenced by non- <c>NULL</c> values of this parameter.
/// </param>
/// <returns>
/// <para>If the function succeeds, the function returns a pointer to a read-only CERT_CONTEXT structure.</para>
/// <para>If the function fails and a certificate that matches the search criteria is not found, the return value is <c>NULL</c>.</para>
/// <para>
/// A non- <c>NULL</c> CERT_CONTEXT that <c>CertFindCertificateInStore</c> returns must be freed by CertFreeCertificateContext or by
/// being passed as the pPrevCertContext parameter on a subsequent call to <c>CertFindCertificateInStore</c>.
/// </para>
/// <para>For extended error information, call GetLastError. Some possible error codes follow.</para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>CRYPT_E_NOT_FOUND</term>
/// <term>
/// No certificate was found matching the search criteria. This can happen if the store is empty or the end of the store's list is reached.
/// </term>
/// </item>
/// <item>
/// <term>E_INVALIDARG</term>
/// <term>
/// The handle in the hCertStore parameter is not the same as that in the certificate context pointed to by the pPrevCertContext
/// parameter, or a value that is not valid was specified in the dwFindType parameter.
/// </term>
/// </item>
/// </list>
/// </returns>
/// <remarks>
/// <para>The dwFindFlags parameter is used to modify the criteria of some search types.</para>
/// <para>
/// The CERT_UNICODE_IS_RDN_ATTRS_FLAG dwFindFlags value is used only with the CERT_FIND_SUBJECT_ATTR and CERT_FIND_ISSUER_ATTR
/// values for dwFindType. CERT_UNICODE_IS_RDN_ATTRS_FLAG must be set if the CERT_RDN_ATTR structure pointed to by pvFindPara was
/// initialized with Unicode strings. Before any comparison is made, the string to be matched is converted by using
/// X509_UNICODE_NAME to provide for Unicode comparisons.
/// </para>
/// <para>The following dwFindFlags values are used only with the CERT_FIND_ENKEY_USAGE value for dwFindType:</para>
/// <para>
/// CertDuplicateCertificateContext can be called to make a duplicate of the returned context. The returned context can be added to
/// a different certificate store by using CertAddCertificateContextToStore, or a link to that certificate context can be added to a
/// store that is not a collection store by using CertAddCertificateLinkToStore.
/// </para>
/// <para>
/// The returned pointer is freed when passed as the pPrevCertContext parameter on a subsequent call to the function. Otherwise, the
/// pointer must be explicitly freed by calling CertFreeCertificateContext. A pPrevCertContext that is not <c>NULL</c> is always
/// freed by <c>CertFindCertificateInStore</c> using a call to <c>CertFreeCertificateContext</c>, even if there is an error in the function.
/// </para>
/// <para>Examples</para>
/// <para>
/// The following example shows finding a certificate context in the certificate store meeting a search criterion. For a complete
/// example that includes the context for this example, see Example C Program: Certificate Store Operations.
/// </para>
/// <para>For another example that uses this function, see Example C Program: Collection and Sibling Certificate Store Operations.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certfindcertificateinstore PCCERT_CONTEXT
// CertFindCertificateInStore( HCERTSTORE hCertStore, DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType, const void
// *pvFindPara, PCCERT_CONTEXT pPrevCertContext );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "20b3fcfb-55df-46ff-80a5-70f31a3d03b2")]
public static extern SafePCCERT_CONTEXT CertFindCertificateInStore(HCERTSTORE hCertStore, CertEncodingType dwCertEncodingType, CertFindUsageFlags dwFindFlags,
CertFindType dwFindType, [In] IntPtr pvFindPara, PCCERT_CONTEXT pPrevCertContext);
/// <summary>
/// The <c>CertFindCertificateInStore</c> function finds the first or next certificate context in a certificate store that matches a
/// search criteria established by the dwFindType and its associated pvFindPara. This function can be used in a loop to find all of
/// the certificates in a certificate store that match the specified find criteria.
/// </summary>
/// <param name="hCertStore">A handle of the certificate store to be searched.</param>
/// <param name="dwCertEncodingType">
/// <para>
/// Specifies the type of encoding used. Both the certificate and message encoding types must be specified by combining them with a
/// bitwise- <c>OR</c> operation as shown in the following example:
/// </para>
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:</para>
/// <list type="bullet">
/// <item>
/// <term>X509_ASN_ENCODING</term>
/// </item>
/// <item>
/// <term>PKCS_7_ASN_ENCODING</term>
/// </item>
/// </list>
/// </param>
/// <param name="dwFindFlags">
/// Used with some dwFindType values to modify the search criteria. For most dwFindType values, dwFindFlags is not used and should
/// be set to zero. For detailed information, see Remarks.
/// </param>
/// <param name="dwFindType">
/// <para>
/// Specifies the type of search being made. The search type determines the data type, contents, and the use of pvFindPara. This
/// parameter can be one of the following values.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_FIND_ANY</term>
/// <term>Data type of pvFindPara: NULL, not used. No search criteria used. Returns the next certificate in the store.</term>
/// </item>
/// <item>
/// <term>CERT_FIND_CERT_ID</term>
/// <term>Data type of pvFindPara: CERT_ID structure. Find the certificate identified by the specified CERT_ID.</term>
/// </item>
/// <item>
/// <term>CERT_FIND_CTL_USAGE</term>
/// <term>
/// Data type of pvFindPara: CTL_USAGE structure. Searches for a certificate that has a szOID_ENHANCED_KEY_USAGE extension or a
/// CERT_CTL_PROP_ID that matches the pszUsageIdentifier member of the CTL_USAGE structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_ENHKEY_USAGE</term>
/// <term>
/// Data type of pvFindPara: CERT_ENHKEY_USAGE structure. Searches for a certificate in the store that has either an enhanced key
/// usage extension or an enhanced key usage property and a usage identifier that matches the cUsageIdentifier member in the
/// CERT_ENHKEY_USAGE structure. A certificate has an enhanced key usage extension if it has a CERT_EXTENSION structure with the
/// pszObjId member set to szOID_ENHANCED_KEY_USAGE. A certificate has an enhanced key usage property if its
/// CERT_ENHKEY_USAGE_PROP_ID identifier is set. If CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG is set in dwFindFlags, certificates without
/// the key usage extension or property are also matches. Setting this flag takes precedence over passing NULL in pvFindPara. If
/// CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG is set, a match is done only on the key usage extension. For information about flag
/// modifications to search criteria, see Remarks.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_EXISTING</term>
/// <term>
/// Data type of pvFindPara: CERT_CONTEXT structure. Searches for a certificate that is an exact match of the specified certificate context.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_HASH</term>
/// <term>
/// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a SHA1 hash that matches the hash in the
/// CRYPT_HASH_BLOB structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_HAS_PRIVATE_KEY</term>
/// <term>
/// Data type of pvFindPara: NULL, not used. Searches for a certificate that has a private key. The key can be ephemeral or saved on
/// disk. The key can be a legacy Cryptography API (CAPI) key or a CNG key. Windows 8 and Windows Server 2012: Support for this flag begins.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_ISSUER_ATTR</term>
/// <term>
/// Data type of pvFindPara: CERT_RDN structure. Searches for a certificate with specified issuer attributes that match attributes
/// in the CERT_RDN structure. If these values are set, the function compares attributes of the issuer in a certificate with
/// elements of the CERT_RDN_ATTR array in this CERT_RDN structure. Comparisons iterate through the CERT_RDN_ATTR attributes looking
/// for a match with the certificate's issuer attributes. If the pszObjId member of CERT_RDN_ATTR is NULL, the attribute object
/// identifier is ignored. If the dwValueType member of CERT_RDN_ATTR is CERT_RDN_ANY_TYPE, the value type is ignored. If the pbData
/// member of CERT_RDN_VALUE_BLOB is NULL, any value is a match. Currently only an exact, case-sensitive match is supported. For
/// information about Unicode options, see Remarks. When these values are set, the search is restricted to certificates whose
/// encoding type matches dwCertEncodingType.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_ISSUER_NAME</term>
/// <term>
/// Data type of pvFindPara: CERT_NAME_BLOB structure. Search for a certificate with an exact match of the entire issuer name with
/// the name in CERT_NAME_BLOB The search is restricted to certificates that match the dwCertEncodingType.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_ISSUER_OF</term>
/// <term>
/// Data type of pvFindPara: CERT_CONTEXT structure. Searches for a certificate with an subject that matches the issuer in
/// CERT_CONTEXT. Instead of using CertFindCertificateInStore with this value, use the CertGetCertificateChain function.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_ISSUER_STR</term>
/// <term>
/// Data type of pvFindPara: Null-terminated Unicode string. Searches for a certificate that contains the specified issuer name
/// string. The certificate's issuer member is converted to a name string of the appropriate type using the appropriate form of
/// CertNameToStr formatted as CERT_SIMPLE_NAME_STR. Then a case-insensitive substring-within-a-string match is performed. When this
/// value is set, the search is restricted to certificates whose encoding type matches dwCertEncodingType. If the substring match
/// fails and the subject contains an email RDN with Punycode encoded string, CERT_NAME_STR_ENABLE_PUNYCODE_FLAG is used to convert
/// the subject to a Unicode string and the substring match is performed again.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_KEY_IDENTIFIER</term>
/// <term>
/// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a CERT_KEY_IDENTIFIER_PROP_ID property that
/// matches the key identifier in CRYPT_HASH_BLOB.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_KEY_SPEC</term>
/// <term>
/// Data type of pvFindPara: DWORD variable that contains a key specification. Searches for a certificate that has a
/// CERT_KEY_SPEC_PROP_ID property that matches the key specification in pvFindPara.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_MD5_HASH</term>
/// <term>
/// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with an MD5 hash that matches the hash in CRYPT_HASH_BLOB.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_PROPERTY</term>
/// <term>
/// Data type of pvFindPara: DWORD variable that contains a property identifier. Searches for a certificate with a property that
/// matches the property identifier specified by the DWORD value in pvFindPara.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_PUBLIC_KEY</term>
/// <term>
/// Data type of pvFindPara: CERT_PUBLIC_KEY_INFO structure. Searches for a certificate with a public key that matches the public
/// key in the CERT_PUBLIC_KEY_INFO structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_SHA1_HASH</term>
/// <term>
/// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a SHA1 hash that matches the hash in the
/// CRYPT_HASH_BLOB structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_SIGNATURE_HASH</term>
/// <term>
/// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Searches for a certificate with a signature hash that matches the signature
/// hash in the CRYPT_HASH_BLOB structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_SUBJECT_ATTR</term>
/// <term>
/// Data type of pvFindPara: CERT_RDN structure. Searches for a certificate with specified subject attributes that match attributes
/// in the CERT_RDN structure. If RDN values are set, the function compares attributes of the subject in a certificate with elements
/// of the CERT_RDN_ATTR array in this CERT_RDN structure. Comparisons iterate through the CERT_RDN_ATTR attributes looking for a
/// match with the certificate's subject's attributes. If the pszObjId member of CERT_RDN_ATTR is NULL, the attribute object
/// identifier is ignored. If the dwValueType member of CERT_RDN_ATTR is CERT_RDN_ANY_TYPE, the value type is ignored. If the pbData
/// member of CERT_RDN_VALUE_BLOB is NULL, any value is a match. Currently only an exact, case-sensitive match is supported. For
/// information about Unicode options, see Remarks. When these values are set, the search is restricted to certificates whose
/// encoding type matches dwCertEncodingType.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_SUBJECT_CERT</term>
/// <term>
/// Data type of pvFindPara: CERT_INFO structure. Searches for a certificate with both an issuer and a serial number that match the
/// issuer and serial number in the CERT_INFO structure.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_SUBJECT_NAME</term>
/// <term>
/// Data type of pvFindPara: CERT_NAME_BLOB structure. Searches for a certificate with an exact match of the entire subject name
/// with the name in the CERT_NAME_BLOB structure. The search is restricted to certificates that match the value of dwCertEncodingType.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_SUBJECT_STR</term>
/// <term>
/// Data type of pvFindPara: Null-terminated Unicode string. Searches for a certificate that contains the specified subject name
/// string. The certificate's subject member is converted to a name string of the appropriate type using the appropriate form of
/// CertNameToStr formatted as CERT_SIMPLE_NAME_STR. Then a case-insensitive substring-within-a-string match is performed. When this
/// value is set, the search is restricted to certificates whose encoding type matches dwCertEncodingType.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_CROSS_CERT_DIST_POINTS</term>
/// <term>
/// Data type of pvFindPara: Not used. Find a certificate that has either a cross certificate distribution point extension or property.
/// </term>
/// </item>
/// <item>
/// <term>CERT_FIND_PUBKEY_MD5_HASH</term>
/// <term>
/// Data type of pvFindPara: CRYPT_HASH_BLOB structure. Find a certificate whose MD5-hashed public key matches the specified hash.
/// </term>
/// </item>
/// </list>
/// <para>
/// <c>Note</c> There are alternate forms of the value of dwFindType that pass a string in pvFindPara. One form uses a Unicode
/// string, and the other an ASCII string. Values that end in "_W" or without a suffix use Unicode. Values that end with "_A" use
/// ASCII strings.
/// </para>
/// </param>
/// <param name="pvFindPara">Points to a data item or structure used with dwFindType.</param>
/// <param name="pPrevCertContext">
/// A pointer to the last CERT_CONTEXT structure returned by this function. This parameter must be <c>NULL</c> on the first call of
/// the function. To find successive certificates meeting the search criteria, set pPrevCertContext to the pointer returned by the
/// previous call to the function. This function frees the <c>CERT_CONTEXT</c> referenced by non- <c>NULL</c> values of this parameter.
/// </param>
/// <returns>
/// <para>If the function succeeds, the function returns a pointer to a read-only CERT_CONTEXT structure.</para>
/// <para>If the function fails and a certificate that matches the search criteria is not found, the return value is <c>NULL</c>.</para>
/// <para>
/// A non- <c>NULL</c> CERT_CONTEXT that <c>CertFindCertificateInStore</c> returns must be freed by CertFreeCertificateContext or by
/// being passed as the pPrevCertContext parameter on a subsequent call to <c>CertFindCertificateInStore</c>.
/// </para>
/// <para>For extended error information, call GetLastError. Some possible error codes follow.</para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>CRYPT_E_NOT_FOUND</term>
/// <term>
/// No certificate was found matching the search criteria. This can happen if the store is empty or the end of the store's list is reached.
/// </term>
/// </item>
/// <item>
/// <term>E_INVALIDARG</term>
/// <term>
/// The handle in the hCertStore parameter is not the same as that in the certificate context pointed to by the pPrevCertContext
/// parameter, or a value that is not valid was specified in the dwFindType parameter.
/// </term>
/// </item>
/// </list>
/// </returns>
/// <remarks>
/// <para>The dwFindFlags parameter is used to modify the criteria of some search types.</para>
/// <para>
/// The CERT_UNICODE_IS_RDN_ATTRS_FLAG dwFindFlags value is used only with the CERT_FIND_SUBJECT_ATTR and CERT_FIND_ISSUER_ATTR
/// values for dwFindType. CERT_UNICODE_IS_RDN_ATTRS_FLAG must be set if the CERT_RDN_ATTR structure pointed to by pvFindPara was
/// initialized with Unicode strings. Before any comparison is made, the string to be matched is converted by using
/// X509_UNICODE_NAME to provide for Unicode comparisons.
/// </para>
/// <para>The following dwFindFlags values are used only with the CERT_FIND_ENKEY_USAGE value for dwFindType:</para>
/// <para>
/// CertDuplicateCertificateContext can be called to make a duplicate of the returned context. The returned context can be added to
/// a different certificate store by using CertAddCertificateContextToStore, or a link to that certificate context can be added to a
/// store that is not a collection store by using CertAddCertificateLinkToStore.
/// </para>
/// <para>
/// The returned pointer is freed when passed as the pPrevCertContext parameter on a subsequent call to the function. Otherwise, the
/// pointer must be explicitly freed by calling CertFreeCertificateContext. A pPrevCertContext that is not <c>NULL</c> is always
/// freed by <c>CertFindCertificateInStore</c> using a call to <c>CertFreeCertificateContext</c>, even if there is an error in the function.
/// </para>
/// <para>Examples</para>
/// <para>
/// The following example shows finding a certificate context in the certificate store meeting a search criterion. For a complete
/// example that includes the context for this example, see Example C Program: Certificate Store Operations.
/// </para>
/// <para>For another example that uses this function, see Example C Program: Collection and Sibling Certificate Store Operations.</para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certfindcertificateinstore PCCERT_CONTEXT
// CertFindCertificateInStore( HCERTSTORE hCertStore, DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType, const void
// *pvFindPara, PCCERT_CONTEXT pPrevCertContext );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "20b3fcfb-55df-46ff-80a5-70f31a3d03b2")]
public static extern SafePCCERT_CONTEXT CertFindCertificateInStore(HCERTSTORE hCertStore, CertEncodingType dwCertEncodingType, CertFindUsageFlags dwFindFlags,
CertFindType dwFindType, [In, MarshalAs(UnmanagedType.LPWStr)] string pvFindPara, PCCERT_CONTEXT pPrevCertContext);
/// <summary>
/// The <c>CertFreeServerOcspResponseContext</c> function decrements the reference count for a CERT_SERVER_OCSP_RESPONSE_CONTEXT
/// structure. If the reference count becomes zero, memory allocated for the structure is released.
/// </summary>
/// <param name="pServerOcspResponseContext">
/// A pointer to a CERT_SERVER_OCSP_RESPONSE_CONTEXT structure that contains a value returned by the
/// CertGetServerOcspResponseContext function.
/// </param>
/// <returns>This function has no return value.</returns>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certfreeserverocspresponsecontext void
// CertFreeServerOcspResponseContext( PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "a07fc1e0-6f06-4336-b33c-d4d6a838b609")]
public static extern void CertFreeServerOcspResponseContext(PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext);
/// <summary>
/// The <c>CertGetIssuerCertificateFromStore</c> function retrieves the certificate context from the certificate store for the first
/// or next issuer of the specified subject certificate. The new Certificate Chain Verification Functions are recommended instead of
/// the use of this function.
/// </summary>
/// <param name="hCertStore">Handle of a certificate store.</param>
/// <param name="pSubjectContext">
/// A pointer to a CERT_CONTEXT structure that contains the subject information. This parameter can be obtained from any certificate
/// store or can be created by the calling application using the CertCreateCertificateContext function.
/// </param>
/// <param name="pPrevIssuerContext">
/// <para>
/// A pointer to a CERT_CONTEXT structure that contains the issuer information. An issuer can have multiple certificates, especially
/// when a validity period is about to change. This parameter must be <c>NULL</c> on the call to get the first issuer certificate.
/// To get the next certificate for the issuer, set pPrevIssuerContext to the <c>CERT_CONTEXT</c> structure returned by the previous call.
/// </para>
/// <para>This function frees the CERT_CONTEXT referenced by non- <c>NULL</c> values of this parameter.</para>
/// </param>
/// <param name="pdwFlags">
/// <para>
/// The following flags enable verification checks on the returned certificate. They can be combined using a bitwise- <c>OR</c>
/// operation to enable multiple verifications.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_STORE_NO_CRL_FLAG</term>
/// <term>Indicates no matching CRL was found.</term>
/// </item>
/// <item>
/// <term>CERT_STORE_NO_ISSUER_FLAG</term>
/// <term>Indicates no issuer certificate was found.</term>
/// </item>
/// <item>
/// <term>CERT_STORE_REVOCATION_FLAG</term>
/// <term>Checks whether the subject certificate is on the issuer's revocation list.</term>
/// </item>
/// <item>
/// <term>CERT_STORE_SIGNATURE_FLAG</term>
/// <term>Uses the public key in the issuer's certificate to verify the signature on the subject certificate.</term>
/// </item>
/// <item>
/// <term>CERT_STORE_TIME_VALIDITY_FLAG</term>
/// <term>Gets the current time and verifies that it is within the subject certificate's validity period.</term>
/// </item>
/// </list>
/// <para>
/// If a verification check of an enabled type succeeds, its flag is set to zero. If it fails, its flag remains set upon return. For
/// CERT_STORE_REVOCATION_FLAG, the verification succeeds if the function does not find a CRL related to the subject certificate.
/// </para>
/// <para>
/// If CERT_STORE_REVOCATION_FLAG is set and the issuer does not have a CRL in the store, CERT_STORE_NO_CRL_FLAG is set and
/// CERT_STORE_REVOCATION_FLAG remains set.
/// </para>
/// <para>
/// If CERT_STORE_SIGNATURE_FLAG or CERT_STORE_REVOCATION_FLAG is set, CERT_STORE_NO_ISSUER_FLAG is set if the function does not
/// find an issuer certificate in the store. For more details, see Remarks.
/// </para>
/// <para>
/// In the case of a verification check failure, a pointer to the issuer's CERT_CONTEXT is still returned and GetLastError is not updated.
/// </para>
/// </param>
/// <returns>
/// <para>If the function succeeds, the return value is a pointer to a read-only issuer CERT_CONTEXT.</para>
/// <para>If the function fails and the first or next issuer certificate is not found, the return value is <c>NULL</c>.</para>
/// <para>
/// Only the last returned CERT_CONTEXT structure must be freed by calling CertFreeCertificateContext. When the returned
/// <c>CERT_CONTEXT</c> from one call to the function is supplied as the pPrevIssuerContext parameter on a subsequent call, the
/// context is freed as part of the action of the function.
/// </para>
/// <para>For extended error information, call GetLastError. Some possible error codes follow.</para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>CRYPT_E_NOT_FOUND</term>
/// <term>No issuer was found for the subject certificate.</term>
/// </item>
/// <item>
/// <term>CRYPT_E_SELF_SIGNED</term>
/// <term>The issuer certificate is the same as the subject certificate. It is a self-signed root certificate.</term>
/// </item>
/// <item>
/// <term>E_INVALIDARG</term>
/// <term>
/// The handle in the hCertStore parameter is not the same as that of the certificate context pointed to by the pPrevIssuerContext
/// parameter, or an unsupported flag was set in pdwFlags.
/// </term>
/// </item>
/// </list>
/// </returns>
/// <remarks>
/// <para>
/// The returned pointer is freed when passed as the pPrevIssuerContext parameter on a subsequent call to the function. Otherwise,
/// the pointer must be explicitly freed by calling CertFreeCertificateContext. A pPrevIssuerContext that is not <c>NULL</c> is
/// always freed by <c>CertGetIssuerCertificateFromStore</c> using a call to <c>CertFreeCertificateContext</c>, even if there is an
/// error in the function.
/// </para>
/// <para>CertDuplicateCertificateContext can be called to make a duplicate of the issuer certificate.</para>
/// <para>
/// The hexadecimal values for dwFlags can be combined using a bitwise- <c>OR</c> operation to enable multiple verifications. For
/// example, to enable both signature and time validity, the value 0x00000003 is passed in dwFlags on input. In this case, if
/// CERT_STORE_SIGNATURE_FLAG verification succeeds but CERT_STORE_TIME_VALIDITY_FLAG verification fails, dwFlags returns as
/// 0x00000002 on output.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetissuercertificatefromstore PCCERT_CONTEXT
// CertGetIssuerCertificateFromStore( HCERTSTORE hCertStore, PCCERT_CONTEXT pSubjectContext, PCCERT_CONTEXT pPrevIssuerContext,
// DWORD *pdwFlags );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "b57982d0-cba8-43cd-a544-3635fdf599e2")]
public static extern SafePCCERT_CONTEXT CertGetIssuerCertificateFromStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pSubjectContext, PCCERT_CONTEXT pPrevIssuerContext, ref CertStoreVerification pdwFlags);
/// <summary>
/// The <c>CertGetServerOcspResponseContext</c> function retrieves a non-blocking, time valid online certificate status protocol
/// (OCSP) response context for the specified handle.
/// </summary>
/// <param name="hServerOcspResponse">
/// The OCSP server response handle for which to retrieve a response context. This handle is returned by the
/// CertOpenServerOcspResponse function.
/// </param>
/// <param name="dwFlags">This parameter is reserved for future use and must be zero.</param>
/// <param name="pvReserved">This parameter is reserved for future use and must be <c>NULL</c>.</param>
/// <returns>
/// <para>If the function succeeds, it returns a pointer to a CERT_SERVER_OCSP_RESPONSE_CONTEXT structure.</para>
/// <para>
/// For a response to be time valid, the current time on the system hosting this function call must be less than the next update
/// time for the certificate revocation list (CRL) context. When a time valid OCSP response is not available, this function returns
/// <c>NULL</c> with the last error set to CRYPT_E_REVOCATION_OFFLINE.
/// </para>
/// </returns>
/// <remarks>
/// If you use the <c>CertGetServerOcspResponseContext</c> function to create multiple references to an OCSP response context, you
/// must call CertAddRefServerOcspResponseContext to increment the reference count for the CERT_SERVER_OCSP_RESPONSE_CONTEXT
/// structure. When you have finished using the structure, you must free it by calling the CertFreeServerOcspResponseContext function.
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetserverocspresponsecontext
// PCCERT_SERVER_OCSP_RESPONSE_CONTEXT CertGetServerOcspResponseContext( HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse, DWORD
// dwFlags, LPVOID pvReserved );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "07476e43-db6b-4119-8d6b-41143b98744e")]
public static extern SafePCCERT_SERVER_OCSP_RESPONSE_CONTEXT CertGetServerOcspResponseContext(HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse, uint dwFlags = 0, IntPtr pvReserved = default);
/// <summary>
/// The <c>CertGetSubjectCertificateFromStore</c> function returns from a certificate store a subject certificate context uniquely
/// identified by its issuer and serial number.
/// </summary>
/// <param name="hCertStore">A handle of a certificate store.</param>
/// <param name="dwCertEncodingType">
/// <para>
/// The type of encoding used. It is always acceptable to specify both the certificate and message encoding types by combining them
/// with a bitwise- <c>OR</c> operation as shown in the following example:
/// </para>
/// <para>X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:</para>
/// <list type="bullet">
/// <item>
/// <term>X509_ASN_ENCODING</term>
/// </item>
/// <item>
/// <term>PKCS_7_ASN_ENCODING</term>
/// </item>
/// </list>
/// </param>
/// <param name="pCertId">A pointer to a CERT_INFO structure. Only the <c>Issuer</c> and <c>SerialNumber</c> members are used.</param>
/// <returns>
/// <para>
/// If the function succeeds, the function returns a pointer to a read-only CERT_CONTEXT. The <c>CERT_CONTEXT</c> must be freed by
/// calling CertFreeCertificateContext.
/// </para>
/// <para>The returned certificate might not be valid. Usually, it is verified when getting its issuer certificate (CertGetIssuerCertificateFromStore).</para>
/// <para>For extended error information, call GetLastError. One possible error code is the following.</para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>CRYPT_E_NOT_FOUND</term>
/// <term>The subject certificate was not found in the store.</term>
/// </item>
/// </list>
/// </returns>
/// <remarks>
/// <para>CertDuplicateCertificateContext can be called to make a duplicate certificate.</para>
/// <para>Examples</para>
/// <para>
/// The following example shows retrieving a subject's certificate context, uniquely identified by its issuer and serial number,
/// from the certificate store. For an example that includes the complete context for this example, see Example C Program: Signing,
/// Encoding, Decoding, and Verifying a Message.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetsubjectcertificatefromstore PCCERT_CONTEXT
// CertGetSubjectCertificateFromStore( HCERTSTORE hCertStore, DWORD dwCertEncodingType, PCERT_INFO pCertId );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "61d73501-91b1-4498-b1a3-17392360c700")]
public static extern SafePCCERT_CONTEXT CertGetSubjectCertificateFromStore(HCERTSTORE hCertStore, CertEncodingType dwCertEncodingType, in CERT_INFO pCertId);
/// <summary>
/// The <c>CertGetValidUsages</c> function returns an array of usages that consist of the intersection of the valid usages for all
/// certificates in an array of certificates.
/// </summary>
/// <param name="cCerts">The number of certificates in the array to be checked.</param>
/// <param name="rghCerts">An array of certificates to be checked for valid usage.</param>
/// <param name="cNumOIDs">
/// The number of valid usages found as the intersection of the valid usages of all certificates in the array. If all of the
/// certificates are valid for all usages, cNumOIDs is set to negative one (1).
/// </param>
/// <param name="rghOIDs">
/// An array of the object identifiers (OIDs) of the valid usages that are shared by all of the certificates in the rghCerts array.
/// This parameter can be <c>NULL</c> to set the size of this structure for memory allocation purposes. For more information, see
/// Retrieving Data of Unknown Length.
/// </param>
/// <param name="pcbOIDs">
/// A pointer to a <c>DWORD</c> value that specifies the size, in bytes, of the rghOIDs array and the strings pointed to. When the
/// function returns, the <c>DWORD</c> value contains the number of bytes needed for the array.
/// </param>
/// <returns>
/// If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. For extended error
/// information, call GetLastError.
/// </returns>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetvalidusages BOOL CertGetValidUsages( DWORD cCerts,
// PCCERT_CONTEXT *rghCerts, int *cNumOIDs, LPSTR *rghOIDs, DWORD *pcbOIDs );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "1504f166-2fa9-4041-9d72-b150cd8baa8a")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertGetValidUsages(uint cCerts, [MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 0)] PCCERT_CONTEXT[] rghCerts, out int cNumOIDs, IntPtr rghOIDs, ref uint pcbOIDs);
/// <summary>
/// The <c>CertOpenServerOcspResponse</c> function opens a handle to an online certificate status protocol (OCSP) response
/// associated with a server certificate chain.
/// </summary>
/// <param name="pChainContext">The address of a CERT_CHAIN_CONTEXT structure that contains the certificate chain.</param>
/// <param name="dwFlags">This parameter is not used and must be zero.</param>
/// <param name="pOpenPara">This parameter is not used and must be <c>NULL</c>.</param>
/// <returns>
/// <para>
/// Returns a handle to the OCSP response associated with a server certificate chain if successful; otherwise, <c>NULL</c>. This
/// handle must be passed to the CertCloseServerOcspResponse function when it is no longer needed.
/// </para>
/// <para>
/// For extended error information, call GetLastError. Possible error codes returned by the <c>GetLastError</c> function include,
/// but are not limited to, the following.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>ERROR_INVALID_PARAMETER</term>
/// <term>One or more parameters are not valid.</term>
/// </item>
/// <item>
/// <term>CRYPT_E_NOT_IN_REVOCATION_DATABASE</term>
/// <term>The end certificate does not contain an OCSP authority information access (AIA) URL.</term>
/// </item>
/// </list>
/// </returns>
/// <remarks>
/// <para>
/// The <c>CertOpenServerOcspResponse</c> function tries to retrieve an initial OCSP response before it returns. It blocks its
/// process thread during the retrieval. The <c>CertOpenServerOcspResponse</c> function creates a background thread that prefetches
/// time-valid OCSP responses.
/// </para>
/// <para>
/// The <c>CertOpenServerOcspResponse</c> function increments the reference count for the chain context represented by the
/// pChainContext parameter. When you have finished using the chain context, close the returned handle by calling the
/// CertCloseServerOcspResponse function.
/// </para>
/// <para>The <c>CertOpenServerOcspResponse</c> function initializes configuration settings used by the following functions:</para>
/// <list type="bullet">
/// <item>
/// <term>CertAddRefServerOcspResponse</term>
/// </item>
/// <item>
/// <term>CertCloseServerOcspResponse</term>
/// </item>
/// <item>
/// <term>CertGetServerOcspResponseContext</term>
/// </item>
/// <item>
/// <term>CertAddRefServerOcspResponseContext</term>
/// </item>
/// <item>
/// <term>CertFreeServerOcspResponseContext</term>
/// </item>
/// </list>
/// <para>
/// First, the <c>CertOpenServerOcspResponse</c> function initializes the settings based on default values in Wincrypt.h. If the
/// function subsequently finds the registry key defined in <c>CERT_CHAIN_CONFIG_REGPATH</c>, it updates the previously initialized
/// values with the registry values.
/// </para>
/// <para>The following configuration setting names and default values are initialized by this function:</para>
/// <list type="bullet">
/// <item>
/// <term><c>CERT_SRV_OCSP_RESP_MIN_VALIDITY_SECONDS_VALUE_NAME</c></term>
/// </item>
/// <item>
/// <term><c>CERT_SRV_OCSP_RESP_MIN_VALIDITY_SECONDS_DEFAULT</c></term>
/// </item>
/// <item>
/// <term><c>CERT_SRV_OCSP_RESP_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_VALUE_NAME</c></term>
/// </item>
/// <item>
/// <term><c>CERT_SRV_OCSP_RESP_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_DEFAULT</c></term>
/// </item>
/// <item>
/// <term><c>CERT_SRV_OCSP_RESP_MAX_BEFORE_NEXT_UPDATE_SECONDS_VALUE_NAME</c></term>
/// </item>
/// <item>
/// <term><c>CERT_SRV_OCSP_RESP_MAX_BEFORE_NEXT_UPDATE_SECONDS_DEFAULT</c></term>
/// </item>
/// <item>
/// <term><c>CERT_SRV_OCSP_RESP_MIN_BEFORE_NEXT_UPDATE_SECONDS_VALUE_NAME</c></term>
/// </item>
/// <item>
/// <term><c>CERT_SRV_OCSP_RESP_MIN_BEFORE_NEXT_UPDATE_SECONDS_DEFAULT</c></term>
/// </item>
/// <item>
/// <term><c>CERT_SRV_OCSP_RESP_MIN_AFTER_NEXT_UPDATE_SECONDS_VALUE_NAME</c></term>
/// </item>
/// <item>
/// <term><c>CERT_SRV_OCSP_RESP_MIN_AFTER_NEXT_UPDATE_SECONDS_DEFAULT</c></term>
/// </item>
/// </list>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopenserverocspresponse HCERT_SERVER_OCSP_RESPONSE
// CertOpenServerOcspResponse( PCCERT_CHAIN_CONTEXT pChainContext, DWORD dwFlags, PCERT_SERVER_OCSP_RESPONSE_OPEN_PARA pOpenPara );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "c29d1972-b329-4e32-aead-a038130fb85e")]
public static extern HCERT_SERVER_OCSP_RESPONSE CertOpenServerOcspResponse([In] PCCERT_CHAIN_CONTEXT pChainContext, uint dwFlags = 0, IntPtr pOpenPara = default);
/// <summary>
/// The <c>CertRetrieveLogoOrBiometricInfo</c> function performs a URL retrieval of logo or biometric information specified in
/// either the <c>szOID_LOGOTYPE_EXT</c> or <c>szOID_BIOMETRIC_EXT</c> certificate extension. The <c>szOID_BIOMETRIC_EXT</c>
/// extension (IETF RFC 3739) supports the addition of a signature or a pictorial representation of the human holder of the
/// certificate. The <c>szOID_LOGOTYPE_EXT</c> extension (IETF RFC 3709) supports the addition of organizational pictorial
/// representations in certificates.
/// </summary>
/// <param name="pCertContext">The address of a CERT_CONTEXT structure that contains the certificate.</param>
/// <param name="lpszLogoOrBiometricType">
/// <para>
/// The address of a null-terminated ANSI string that contains an object identifier (OID) string that identifies the type of
/// information to retrieve.
/// </para>
/// <para>This parameter may also contain one of the following predefined values.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_RETRIEVE_ISSUER_LOGO</term>
/// <term>Retrieve the certificate issuer logotype.</term>
/// </item>
/// <item>
/// <term>CERT_RETRIEVE_SUBJECT_LOGO</term>
/// <term>Retrieve the certificate subject logotype.</term>
/// </item>
/// <item>
/// <term>CERT_RETRIEVE_COMMUNITY_LOGO</term>
/// <term>Retrieve the certificate community logotype.</term>
/// </item>
/// <item>
/// <term>CERT_RETRIEVE_BIOMETRIC_PICTURE_TYPE</term>
/// <term>Retrieve the picture associated with the certificate.</term>
/// </item>
/// <item>
/// <term>CERT_RETRIEVE_BIOMETRIC_SIGNATURE_TYPE</term>
/// <term>Retrieve the signature associated with the certificate.</term>
/// </item>
/// </list>
/// </param>
/// <param name="dwRetrievalFlags">
/// A set of flags that specify how the information should be retrieved. This parameter is passed as the dwRetrievalFlags in the
/// CryptRetrieveObjectByUrl function.
/// </param>
/// <param name="dwTimeout">The maximum amount of time, in milliseconds, to wait for the retrieval.</param>
/// <param name="dwFlags">This parameter is not used and must be zero.</param>
/// <param name="pvReserved">This parameter is not used and must be <c>NULL</c>.</param>
/// <param name="ppbData">
/// The address of a <c>BYTE</c> pointer that receives the logotype or biometric data. This memory must be freed when it is no
/// longer needed by passing this pointer to the CryptMemFree function.
/// </param>
/// <param name="pcbData">The address of a <c>DWORD</c> variable that receives the number of bytes in the ppbData buffer.</param>
/// <param name="ppwszMimeType">
/// <para>
/// The address of a pointer to a null-terminated Unicode string that receives the Multipurpose Internet Mail Extensions (MIME) type
/// of the data. This parameter can be <c>NULL</c> if this information is not needed. This memory must be freed when it is no longer
/// needed by passing this pointer to the CryptMemFree function.
/// </para>
/// <para>
/// This address always receives <c>NULL</c> for biometric types. You must always ensure that this parameter contains a valid memory
/// address before attempting to access the memory.
/// </para>
/// </param>
/// <returns>
/// <para>Returns nonzero if successful or zero otherwise.</para>
/// <para>
/// For extended error information, call GetLastError. Possible error codes returned by the <c>GetLastError</c> function include,
/// but are not limited to, the following.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>CRYPT_E_HASH_VALUE</term>
/// <term>The computed hash value does not match the hash value in the certificate.</term>
/// </item>
/// <item>
/// <term>CRYPT_E_NOT_FOUND</term>
/// <term>
/// The certificate does not contain the szOID_LOGOTYPE_EXT or szOID_BIOMETRIC_EXT extension, or the specified
/// lpszLogoOrBiometricType was not found.
/// </term>
/// </item>
/// <item>
/// <term>E_INVALIDARG</term>
/// <term>One or more parameters are not valid.</term>
/// </item>
/// <item>
/// <term>ERROR_INVALID_DATA</term>
/// <term>No data could be retrieved from the URL specified by the certificate extension.</term>
/// </item>
/// <item>
/// <term>ERROR_NOT_SUPPORTED</term>
/// <term>The certificate does not support the required extension.</term>
/// </item>
/// <item>
/// <term>NTE_BAD_ALGID</term>
/// <term>The hash algorithm OID is unknown.</term>
/// </item>
/// </list>
/// </returns>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certretrievelogoorbiometricinfo BOOL
// CertRetrieveLogoOrBiometricInfo( PCCERT_CONTEXT pCertContext, LPCSTR lpszLogoOrBiometricType, DWORD dwRetrievalFlags, DWORD
// dwTimeout, DWORD dwFlags, void *pvReserved, BYTE **ppbData, DWORD *pcbData, LPWSTR *ppwszMimeType );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "35813928-728e-40b7-b627-817d3094eeb1")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertRetrieveLogoOrBiometricInfo(PCCERT_CONTEXT pCertContext, [In] SafeOID lpszLogoOrBiometricType, CryptRetrievalFlags dwRetrievalFlags,
uint dwTimeout, [Optional] uint dwFlags, [Optional] IntPtr pvReserved, out SafeCryptMem ppbData, out uint pcbData, out SafeCryptMem ppwszMimeType);
/// <summary>The <c>CertSelectCertificateChains</c> function retrieves certificate chains based on specified selection criteria.</summary>
/// <param name="pSelectionContext">A pointer to the GUID of the certificate selection scenario to use for this call.</param>
/// <param name="dwFlags">
/// <para>
/// Flags for controlling the certificate selection process. This parameter can be a combination of zero or more of the following flags:
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_SELECT_ALLOW_EXPIRED</term>
/// <term>Select expired certificates that meet selection criteria. By default expired certificates are rejected from selection.</term>
/// </item>
/// <item>
/// <term>CERT_SELECT_TRUSTED_ROOT</term>
/// <term>
/// Select certificates on which the error bit in the certificate chain trust status is not set to CERT_TRUST_IS_UNTRUSTED_ROOT,
/// CERT_TRUST_IS_PARTIAL_CHAIN, or CERT_TRUST_IS_NOT_TIME_VALID. In addition, certificates that have one of the following invalid
/// constraint errors are not selected:
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_DISALLOW_SELFSIGNED</term>
/// <term>Select certificates that are not self-issued and self-signed.</term>
/// </item>
/// <item>
/// <term>CERT_SELECT_HAS_PRIVATE_KEY</term>
/// <term>Select certificates that have a value set for the CERT_KEY_PROV_INFO_PROP_ID property of the certificate.</term>
/// </item>
/// <item>
/// <term>CERT_SELECT_HAS_KEY_FOR_SIGNATURE</term>
/// <term>
/// Select certificates on which the value of the dwKeySpec member of the CERT_KEY_PROV_INFO_PROP_ID property is set to
/// AT_SIGNATURE. If this function is being called as part of a CNG enabled application and the dwKeySpec member of the
/// CERT_KEY_PROV_INFO_PROP_ID property is set to -1, select certificates on which the value of the NCRYPT_KEY_USAGE_PROPERTY
/// property of the associated private key has the NCRYPT_ALLOW_SIGNING_FLAG set.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_HAS_KEY_FOR_KEY_EXCHANGE</term>
/// <term>
/// Select certificates on which the value of the dwKeySpec member of the CERT_KEY_PROV_INFO_PROP_ID property is set to
/// AT_KEYEXCHANGE. If this function is being called as part of a CNG enabled application and the dwKeySpec member of the
/// CERT_KEY_PROV_INFO_PROP_ID property is set to -1, select certificates on which either NCRYPT_ALLOW_DECRYPT_FLAG or
/// NCRYPT_ALLOW_KEY_AGREEMENT_FLAG is set.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_HARDWARE_ONLY</term>
/// <term>
/// Select certificates on which the value of the PP_IMPTYPE property of the associated private key provider is set to either
/// CRYPT_IMPL_HARDWARE or CRYPT_IMPL_REMOVABLE. (For CNG providers, NCRYPT_IMPL_TYPE_PROPERTY property value MUST have either the
/// NCRYPT_IMPL_HARDWARE_FLAG or NCRYPT_IMPL_REMOVABLE_FLAG bit set). If this function is being called as part of a CNG enabled
/// application, select certificates on which the NCRYPT_IMPL_TYPE_PROPERTY property is set to NCRYPT_IMPL_HARDWARE_FLAG or NCRYPT_IMPL_REMOVABLE_FLAG.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_ALLOW_DUPLICATES</term>
/// <term>
/// Allow the selection of certificates on which the Subject and Subject Alt Name contain the same information and the certificate
/// template extension value is equivalent. By default when certificates match this criteria, only the most recent certificate is selected.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="pChainParameters">
/// <para>
/// A pointer to a CERT_SELECT_CHAIN_PARA structure to specify parameters for chain building. If <c>NULL</c>, default parameters
/// will be used.
/// </para>
/// <para>
/// The <c>pChainPara</c> member of the CERT_SELECT_CHAIN_PARA structure points to a CERT_CHAIN_PARA structure that can be used to
/// enable strong signing.
/// </para>
/// </param>
/// <param name="cCriteria">The number of elements in the array pointed to by the rgpCriteria array.</param>
/// <param name="rgpCriteria">
/// A pointer to an array of CERT_SELECT_CRITERIA structures that define the selection criteria. If this parameter is set to
/// <c>NULL</c>, the value of the cCriteria parameter must be zero.
/// </param>
/// <param name="hStore">The handle to a store from which to select the certificates.</param>
/// <param name="pcSelection">
/// A pointer to a <c>DWORD</c> value to receive the number of elements in the array pointed to by the pprgpSelection parameter.
/// </param>
/// <param name="pprgpSelection">
/// <para>
/// A pointer to a pointer to a location to receive an array of CERT_CHAIN_CONTEXT structure. The <c>CertSelectCertificateChains</c>
/// function only returns certificate chains that match all the selection criteria. The entries in the array are ordered by quality,
/// i.e. the chain with the highest quality is the first entry.
/// </para>
/// <para>
/// Storage for the array is allocated by the <c>CertSelectCertificateChains</c> function. To free the allocated memory you must
/// first release each individual chain context in the array by calling the CertFreeCertificateChain function. Then you must free
/// the memory by calling the CertFreeCertificateChainList function.
/// </para>
/// </param>
/// <returns>
/// <para>If the function succeeds, the function returns <c>TRUE</c>.</para>
/// <para>If the function fails, it returns zero (FALSE). For extended error information, call the GetLastError function.</para>
/// <para>
/// <c>Note</c> If the selection does not yield any results, the <c>CertSelectCertificateChains</c> function returns <c>TRUE</c>,
/// but the value pointed to by pcSelection parameter is set to zero.
/// </para>
/// </returns>
/// <remarks>
/// <para>
/// Selection criteria can be specified through either the dwFlags parameter, through the rgpCriteria parameter, or through both
/// parameters. If no selection criteria are specified, the function succeeds and returns certificate chains for all certificates in
/// the store specified by the hStore parameter.
/// </para>
/// <para>Certificate chains that are selected are ordered based on the following preference logic:</para>
/// <list type="bullet">
/// <item>
/// <term>Prefer certificates that are smart card certificates over certificates that are not smart-card based.</term>
/// </item>
/// <item>
/// <term>Prefer certificates that have a longer validity period (the expiration date is later.)</term>
/// </item>
/// <item>
/// <term>If multiple certificates have same expiration date, prefer certificates that were issued more recently.</term>
/// </item>
/// <item>
/// <term>If there is a tie, prefer shorter chains.</term>
/// </item>
/// </list>
/// <para>
/// Certain selection criteria require that a certificate chain be built before you can select that criteria for use. If the
/// intermediate certificates required to build the chain are not available locally, a network retrieval is performed for the issuer
/// certificates. This network retrieval is performed if the <c>CERT_SELECT_TRUSTED_ROOT</c> flag is set or for the following criteria:
/// </para>
/// <list type="bullet">
/// <item>
/// <term><c>CERT_SELECT_BY_ISSUER_NAME</c></term>
/// </item>
/// <item>
/// <term><c>CERT_SELECT_BY_ISSUER_ATTR</c></term>
/// </item>
/// <item>
/// <term><c>CERT_SELECT_BY_POLICY_OID</c></term>
/// </item>
/// </list>
/// <para>Perform the following actions to enable strong signature checking:</para>
/// <list type="bullet">
/// <item>
/// <term>
/// Create a CERT_STRONG_SIGN_PARA structure, specify the required strong signing parameters, and set a pointer to the structure in
/// the <c>pStrongSignPara</c> member of a CERT_CHAIN_PARA structure.
/// </term>
/// </item>
/// <item>
/// <term>Set a pointer to the CERT_CHAIN_PARA structure in the <c>pChainPara</c> member of a CERT_SELECT_CHAIN_PARA structure.</term>
/// </item>
/// <item>
/// <term>Set a pointer to the CERT_SELECT_CHAIN_PARA structure in the pChainParameters parameter of this ( <c>CertSelectCertificateChains</c>)function.</term>
/// </item>
/// </list>
/// <para>
/// When you enable strong signature checking, any certificate chain that returns a <c>CERT_TRUST_IS_NOT_SIGNATURE_VALID</c> error
/// in the <c>dwErrorStatus</c> field of the CERT_TRUST_STATUS structure will be skipped. (The pprgpSelection parameter points to a
/// CERT_CHAIN_CONTEXT structure which, in turn, points to the <c>CERT_TRUST_STATUS</c> structure.) The
/// <c>CERT_TRUST_HAS_WEAK_SIGNATURE</c> value is also set for a weak signature.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certselectcertificatechains BOOL
// CertSelectCertificateChains( LPCGUID pSelectionContext, DWORD dwFlags, PCCERT_SELECT_CHAIN_PARA pChainParameters, DWORD
// cCriteria, PCCERT_SELECT_CRITERIA rgpCriteria, HCERTSTORE hStore, PDWORD pcSelection, PCCERT_CHAIN_CONTEXT **pprgpSelection );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "b740772b-d25b-4b3d-9acb-03f7018750d6")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertSelectCertificateChains(in Guid pSelectionContext, CertSelection dwFlags, [Optional] IntPtr pChainParameters, uint cCriteria, [In, Optional, MarshalAs(UnmanagedType.LPArray)] CERT_SELECT_CRITERIA[] rgpCriteria,
HCERTSTORE hStore, out uint pcSelection, out IntPtr pprgpSelection);
/// <summary>The <c>CertSelectCertificateChains</c> function retrieves certificate chains based on specified selection criteria.</summary>
/// <param name="pSelectionContext">A pointer to the GUID of the certificate selection scenario to use for this call.</param>
/// <param name="dwFlags">
/// <para>
/// Flags for controlling the certificate selection process. This parameter can be a combination of zero or more of the following flags:
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_SELECT_ALLOW_EXPIRED</term>
/// <term>Select expired certificates that meet selection criteria. By default expired certificates are rejected from selection.</term>
/// </item>
/// <item>
/// <term>CERT_SELECT_TRUSTED_ROOT</term>
/// <term>
/// Select certificates on which the error bit in the certificate chain trust status is not set to CERT_TRUST_IS_UNTRUSTED_ROOT,
/// CERT_TRUST_IS_PARTIAL_CHAIN, or CERT_TRUST_IS_NOT_TIME_VALID. In addition, certificates that have one of the following invalid
/// constraint errors are not selected:
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_DISALLOW_SELFSIGNED</term>
/// <term>Select certificates that are not self-issued and self-signed.</term>
/// </item>
/// <item>
/// <term>CERT_SELECT_HAS_PRIVATE_KEY</term>
/// <term>Select certificates that have a value set for the CERT_KEY_PROV_INFO_PROP_ID property of the certificate.</term>
/// </item>
/// <item>
/// <term>CERT_SELECT_HAS_KEY_FOR_SIGNATURE</term>
/// <term>
/// Select certificates on which the value of the dwKeySpec member of the CERT_KEY_PROV_INFO_PROP_ID property is set to
/// AT_SIGNATURE. If this function is being called as part of a CNG enabled application and the dwKeySpec member of the
/// CERT_KEY_PROV_INFO_PROP_ID property is set to -1, select certificates on which the value of the NCRYPT_KEY_USAGE_PROPERTY
/// property of the associated private key has the NCRYPT_ALLOW_SIGNING_FLAG set.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_HAS_KEY_FOR_KEY_EXCHANGE</term>
/// <term>
/// Select certificates on which the value of the dwKeySpec member of the CERT_KEY_PROV_INFO_PROP_ID property is set to
/// AT_KEYEXCHANGE. If this function is being called as part of a CNG enabled application and the dwKeySpec member of the
/// CERT_KEY_PROV_INFO_PROP_ID property is set to -1, select certificates on which either NCRYPT_ALLOW_DECRYPT_FLAG or
/// NCRYPT_ALLOW_KEY_AGREEMENT_FLAG is set.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_HARDWARE_ONLY</term>
/// <term>
/// Select certificates on which the value of the PP_IMPTYPE property of the associated private key provider is set to either
/// CRYPT_IMPL_HARDWARE or CRYPT_IMPL_REMOVABLE. (For CNG providers, NCRYPT_IMPL_TYPE_PROPERTY property value MUST have either the
/// NCRYPT_IMPL_HARDWARE_FLAG or NCRYPT_IMPL_REMOVABLE_FLAG bit set). If this function is being called as part of a CNG enabled
/// application, select certificates on which the NCRYPT_IMPL_TYPE_PROPERTY property is set to NCRYPT_IMPL_HARDWARE_FLAG or NCRYPT_IMPL_REMOVABLE_FLAG.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_ALLOW_DUPLICATES</term>
/// <term>
/// Allow the selection of certificates on which the Subject and Subject Alt Name contain the same information and the certificate
/// template extension value is equivalent. By default when certificates match this criteria, only the most recent certificate is selected.
/// </term>
/// </item>
/// </list>
/// </param>
/// <param name="pChainParameters">
/// <para>
/// A pointer to a CERT_SELECT_CHAIN_PARA structure to specify parameters for chain building. If <c>NULL</c>, default parameters
/// will be used.
/// </para>
/// <para>
/// The <c>pChainPara</c> member of the CERT_SELECT_CHAIN_PARA structure points to a CERT_CHAIN_PARA structure that can be used to
/// enable strong signing.
/// </para>
/// </param>
/// <param name="cCriteria">The number of elements in the array pointed to by the rgpCriteria array.</param>
/// <param name="rgpCriteria">
/// A pointer to an array of CERT_SELECT_CRITERIA structures that define the selection criteria. If this parameter is set to
/// <c>NULL</c>, the value of the cCriteria parameter must be zero.
/// </param>
/// <param name="hStore">The handle to a store from which to select the certificates.</param>
/// <param name="pcSelection">
/// A pointer to a <c>DWORD</c> value to receive the number of elements in the array pointed to by the pprgpSelection parameter.
/// </param>
/// <param name="pprgpSelection">
/// <para>
/// A pointer to a pointer to a location to receive an array of CERT_CHAIN_CONTEXT structure. The <c>CertSelectCertificateChains</c>
/// function only returns certificate chains that match all the selection criteria. The entries in the array are ordered by quality,
/// i.e. the chain with the highest quality is the first entry.
/// </para>
/// <para>
/// Storage for the array is allocated by the <c>CertSelectCertificateChains</c> function. To free the allocated memory you must
/// first release each individual chain context in the array by calling the CertFreeCertificateChain function. Then you must free
/// the memory by calling the CertFreeCertificateChainList function.
/// </para>
/// </param>
/// <returns>
/// <para>If the function succeeds, the function returns <c>TRUE</c>.</para>
/// <para>If the function fails, it returns zero (FALSE). For extended error information, call the GetLastError function.</para>
/// <para>
/// <c>Note</c> If the selection does not yield any results, the <c>CertSelectCertificateChains</c> function returns <c>TRUE</c>,
/// but the value pointed to by pcSelection parameter is set to zero.
/// </para>
/// </returns>
/// <remarks>
/// <para>
/// Selection criteria can be specified through either the dwFlags parameter, through the rgpCriteria parameter, or through both
/// parameters. If no selection criteria are specified, the function succeeds and returns certificate chains for all certificates in
/// the store specified by the hStore parameter.
/// </para>
/// <para>Certificate chains that are selected are ordered based on the following preference logic:</para>
/// <list type="bullet">
/// <item>
/// <term>Prefer certificates that are smart card certificates over certificates that are not smart-card based.</term>
/// </item>
/// <item>
/// <term>Prefer certificates that have a longer validity period (the expiration date is later.)</term>
/// </item>
/// <item>
/// <term>If multiple certificates have same expiration date, prefer certificates that were issued more recently.</term>
/// </item>
/// <item>
/// <term>If there is a tie, prefer shorter chains.</term>
/// </item>
/// </list>
/// <para>
/// Certain selection criteria require that a certificate chain be built before you can select that criteria for use. If the
/// intermediate certificates required to build the chain are not available locally, a network retrieval is performed for the issuer
/// certificates. This network retrieval is performed if the <c>CERT_SELECT_TRUSTED_ROOT</c> flag is set or for the following criteria:
/// </para>
/// <list type="bullet">
/// <item>
/// <term><c>CERT_SELECT_BY_ISSUER_NAME</c></term>
/// </item>
/// <item>
/// <term><c>CERT_SELECT_BY_ISSUER_ATTR</c></term>
/// </item>
/// <item>
/// <term><c>CERT_SELECT_BY_POLICY_OID</c></term>
/// </item>
/// </list>
/// <para>Perform the following actions to enable strong signature checking:</para>
/// <list type="bullet">
/// <item>
/// <term>
/// Create a CERT_STRONG_SIGN_PARA structure, specify the required strong signing parameters, and set a pointer to the structure in
/// the <c>pStrongSignPara</c> member of a CERT_CHAIN_PARA structure.
/// </term>
/// </item>
/// <item>
/// <term>Set a pointer to the CERT_CHAIN_PARA structure in the <c>pChainPara</c> member of a CERT_SELECT_CHAIN_PARA structure.</term>
/// </item>
/// <item>
/// <term>Set a pointer to the CERT_SELECT_CHAIN_PARA structure in the pChainParameters parameter of this ( <c>CertSelectCertificateChains</c>)function.</term>
/// </item>
/// </list>
/// <para>
/// When you enable strong signature checking, any certificate chain that returns a <c>CERT_TRUST_IS_NOT_SIGNATURE_VALID</c> error
/// in the <c>dwErrorStatus</c> field of the CERT_TRUST_STATUS structure will be skipped. (The pprgpSelection parameter points to a
/// CERT_CHAIN_CONTEXT structure which, in turn, points to the <c>CERT_TRUST_STATUS</c> structure.) The
/// <c>CERT_TRUST_HAS_WEAK_SIGNATURE</c> value is also set for a weak signature.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certselectcertificatechains BOOL
// CertSelectCertificateChains( LPCGUID pSelectionContext, DWORD dwFlags, PCCERT_SELECT_CHAIN_PARA pChainParameters, DWORD
// cCriteria, PCCERT_SELECT_CRITERIA rgpCriteria, HCERTSTORE hStore, PDWORD pcSelection, PCCERT_CHAIN_CONTEXT **pprgpSelection );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "b740772b-d25b-4b3d-9acb-03f7018750d6")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertSelectCertificateChains([Optional] IntPtr pSelectionContext, CertSelection dwFlags, [Optional] IntPtr pChainParameters, uint cCriteria, [In, Optional, MarshalAs(UnmanagedType.LPArray)] CERT_SELECT_CRITERIA[] rgpCriteria,
HCERTSTORE hStore, out uint pcSelection, out IntPtr pprgpSelection);
/// <summary>
/// The <c>CertSerializeCertificateStoreElement</c> function serializes a certificate context's encoded certificate and its encoded
/// properties. The result can be persisted to storage so that the certificate and properties can be retrieved at a later time.
/// </summary>
/// <param name="pCertContext">A pointer to the CERT_CONTEXT to be serialized.</param>
/// <param name="dwFlags">Reserved for future use and must be zero.</param>
/// <param name="pbElement">
/// <para>A pointer to a buffer that receives the serialized output, including the encoded certificate and possibly its properties.</para>
/// <para>
/// This parameter can be <c>NULL</c> to set the size of this information for memory allocation purposes. For more information, see
/// Retrieving Data of Unknown Length.
/// </para>
/// </param>
/// <param name="pcbElement">
/// <para>
/// A pointer to a <c>DWORD</c> value specifying the size, in bytes, of the buffer pointed to by the pbElement parameter. When the
/// function returns, <c>DWORD</c> value contains the number of bytes stored in the buffer.
/// </para>
/// <para>
/// <c>Note</c> When processing the data returned in the buffer, applications must use the actual size of the data returned. The
/// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually
/// specified large enough to ensure that the largest possible output data fits in the buffer.) On output, the variable pointed to
/// by this parameter is updated to reflect the actual size of the data copied to the buffer.
/// </para>
/// </param>
/// <returns>
/// <para>If the function succeeds, the return value is <c>TRUE</c>.</para>
/// <para>If the function fails, the return value is <c>FALSE</c>. For extended error information, call GetLastError.</para>
/// </returns>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certserializecertificatestoreelement BOOL
// CertSerializeCertificateStoreElement( PCCERT_CONTEXT pCertContext, DWORD dwFlags, BYTE *pbElement, DWORD *pcbElement );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "104fc986-6344-41b7-8843-23c3c72405a2")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertSerializeCertificateStoreElement(PCCERT_CONTEXT pCertContext, [Optional] uint dwFlags, [In, Out, Optional] IntPtr pbElement, ref uint pcbElement);
/// <summary>
/// The <c>CertVerifySubjectCertificateContext</c> function performs the enabled verification checks on a certificate by checking
/// the validity of the certificate's issuer. The new Certificate Chain Verification Functions are recommended instead of this function.
/// </summary>
/// <param name="pSubject">A pointer to a CERT_CONTEXT structure containing the subject's certificate.</param>
/// <param name="pIssuer">
/// A pointer to a CERT_CONTEXT containing the issuer's certificate. When checking just CERT_STORE_TIME_VALIDITY_FLAG, pIssuer can
/// be <c>NULL</c>.
/// </param>
/// <param name="pdwFlags">
/// <para>
/// A pointer to a <c>DWORD</c> value contain verification check flags. The following flags can be set to enable verification checks
/// on the subject certificate. They can be combined using a bitwise- <c>OR</c> operation to enable multiple verifications.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_STORE_REVOCATION_FLAG</term>
/// <term>Checks whether the subject certificate is on the issuer's revocation list.</term>
/// </item>
/// <item>
/// <term>CERT_STORE_SIGNATURE_FLAG</term>
/// <term>Uses the public key in the issuer's certificate to verify the signature on the subject certificate.</term>
/// </item>
/// <item>
/// <term>CERT_STORE_TIME_VALIDITY_FLAG</term>
/// <term>Gets the current time and verifies that it is within the subject certificate's validity period.</term>
/// </item>
/// </list>
/// <para>If an enabled verification check succeeds, its flag is set to zero. If it fails, then its flag is set upon return.</para>
/// <para>
/// If CERT_STORE_REVOCATION_FLAG was enabled and the issuer does not have a CRL in the store, then CERT_STORE_NO_CRL_FLAG is set in
/// addition to CERT_STORE_REVOCATION_FLAG.
/// </para>
/// </param>
/// <returns>
/// <para>If the function succeeds, the return value is <c>TRUE</c>.</para>
/// <para>If the function fails, the return value is <c>FALSE</c>.</para>
/// <para>
/// For a verification check failure, <c>TRUE</c> is still returned. <c>FALSE</c> is returned only when a bad parameter is passed in.
/// </para>
/// <para>For extended error information, call GetLastError. One possible error code is the following.</para>
/// <list type="table">
/// <listheader>
/// <term>Return code</term>
/// <term>Description</term>
/// </listheader>
/// <item>
/// <term>E_INVALIDARG</term>
/// <term>
/// An unsupported bit was set in pdwFlags. Any combination of CERT_STORE_SIGNATURE_FLAG, CERT_STORE_TIME_VALIDITY_FLAG, and
/// CERT_STORE_REVOCATION_FLAG can be set. If pIssuer is NULL, only CERT_STORE_TIME_VALIDITY_FLAG can be set.
/// </term>
/// </item>
/// </list>
/// </returns>
/// <remarks>
/// <para>
/// The hexadecimal value of the flags can be combined using bitwise- <c>OR</c> operations to enable multiple verifications. For
/// example, to enable both signature and time validity, the value
/// </para>
/// <para>
/// is placed in the pdwFlags <c>DWORD</c> value as an input parameter. If CERT_STORE_SIGNATURE_FLAG verification succeeds, but
/// CERT_STORE_TIME_VALIDITY_FLAG verification fails, pdwFlags is set to CERT_STORE_TIME_VALIDITY_FLAG when the function returns.
/// </para>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certverifysubjectcertificatecontext BOOL
// CertVerifySubjectCertificateContext( PCCERT_CONTEXT pSubject, PCCERT_CONTEXT pIssuer, DWORD *pdwFlags );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "063b19cf-d3b3-4ec3-bfd3-9406eecd3e10")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertVerifySubjectCertificateContext(PCCERT_CONTEXT pSubject, PCCERT_CONTEXT pIssuer, ref CertStoreVerification pdwFlags);
/// <summary>
/// The <c>CERT_CHAIN_CONTEXT</c> structure contains an array of simple certificate chains and a trust status structure that
/// indicates summary validity data on all of the connected simple chains.
/// </summary>
/// <remarks>
/// When a <c>CERT_CHAIN_CONTEXT</c> is built, the first simple chain begins with an end certificate and ends with a self-signed
/// certificate. If that self-signed certificate is not a root or otherwise trusted certificate, an attempt is made to build a new
/// chain. CTLs are used to create the new chain beginning with the self-signed certificate from the original chain as the end
/// certificate of the new chain. This process continues building additional simple chains until the first self-signed certificate
/// is a trusted certificate or until an additional simple chain cannot be built.
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_chain_context typedef struct _CERT_CHAIN_CONTEXT {
// DWORD cbSize; CERT_TRUST_STATUS TrustStatus; DWORD cChain; PCERT_SIMPLE_CHAIN *rgpChain; DWORD cLowerQualityChainContext;
// PCCERT_CHAIN_CONTEXT *rgpLowerQualityChainContext; BOOL fHasRevocationFreshnessTime; DWORD dwRevocationFreshnessTime; DWORD
// dwCreateFlags; GUID ChainId; } CERT_CHAIN_CONTEXT, *PCERT_CHAIN_CONTEXT;
[PInvokeData("wincrypt.h", MSDNShortId = "609311f4-9cd6-4945-9f93-7266b3fc4a74")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_CHAIN_CONTEXT
{
/// <summary>The size, in bytes, of this structure.</summary>
public uint cbSize;
/// <summary>
/// A structure that indicates the combined trust status of the simple chains array. The structure includes an error status code
/// and an information status code. For information about status code values, see CERT_TRUST_STATUS.
/// </summary>
public CERT_TRUST_STATUS TrustStatus;
/// <summary>The number of simple chains in the array.</summary>
public uint cChain;
/// <summary>
/// An array of pointers to simple chain structures. <c>rgpChain</c>[0] is the end certificate simple chain, and
/// <c>rgpChain</c>[ <c>cChain</c>1] is the final chain. If the end certificate is to be considered valid, the final chain must
/// begin with a certificate contained in the root store or an otherwise trusted, self-signed certificate. If the original chain
/// begins with a trusted certificate, there will be only a single simple chain in the array.
/// </summary>
public IntPtr rgpChain;
/// <summary>The number of chains in the <c>rgpLowerQualityChainContext</c> array.</summary>
public uint cLowerQualityChainContext;
/// <summary>
/// An array of pointers to CERT_CHAIN_CONTEXT structures. Returned when CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS is set in dwFlags.
/// </summary>
public IntPtr rgpLowerQualityChainContext;
/// <summary>A Boolean value set to <c>TRUE</c> if <c>dwRevocationFreshnessTime</c> is available.</summary>
[MarshalAs(UnmanagedType.Bool)] public bool fHasRevocationFreshnessTime;
/// <summary>
/// The largest CurrentTime, in seconds, minus the certificate revocation list's (CRL's) ThisUpdate of all elements checked.
/// </summary>
public uint dwRevocationFreshnessTime;
/// <summary/>
public uint dwCreateFlags;
/// <summary/>
public Guid ChainId;
/// <summary>Gets the chain from <see cref="rgpChain"/>.</summary>
public unsafe CERT_SIMPLE_CHAIN*[] GetChain()
{
var ret = new CERT_SIMPLE_CHAIN*[(int)cChain];
for (int i = 0; i < cChain; i++)
ret[i] = ((CERT_SIMPLE_CHAIN**)rgpChain)[i];
return ret;
}
/// <summary>Gets the contexts from <see cref="rgpLowerQualityChainContext"/>.</summary>
public unsafe CERT_CHAIN_CONTEXT*[] GetLowerQualityChainContext()
{
var ret = new CERT_CHAIN_CONTEXT*[(int)cLowerQualityChainContext];
for (int i = 0; i < cLowerQualityChainContext; i++)
ret[i] = ((CERT_CHAIN_CONTEXT**)rgpLowerQualityChainContext)[i];
return ret;
}
}
/// <summary>
/// The <c>CERT_CHAIN_ELEMENT</c> structure is a single element in a simple certificate chain. Each element has a pointer to a
/// certificate context, a pointer to a structure that indicates the error status and information status of the certificate, and a
/// pointer to a structure that indicates the revocation status of the certificate.
/// </summary>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_chain_element typedef struct _CERT_CHAIN_ELEMENT {
// DWORD cbSize; PCCERT_CONTEXT pCertContext; CERT_TRUST_STATUS TrustStatus; PCERT_REVOCATION_INFO pRevocationInfo;
// PCERT_ENHKEY_USAGE pIssuanceUsage; PCERT_ENHKEY_USAGE pApplicationUsage; LPCWSTR pwszExtendedErrorInfo; } CERT_CHAIN_ELEMENT, *PCERT_CHAIN_ELEMENT;
[PInvokeData("wincrypt.h", MSDNShortId = "a1f6ba18-63ef-43ac-a17f-900fa13398aa")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_CHAIN_ELEMENT
{
/// <summary>Size of this structure in bytes.</summary>
public uint cbSize;
/// <summary>A pointer to a certificate context.</summary>
public PCCERT_CONTEXT pCertContext;
/// <summary>
/// Structure indicating the status of the certificate. The structure includes an error status code and an information status
/// code. For information about status code values, see CERT_TRUST_STATUS.
/// </summary>
public CERT_TRUST_STATUS TrustStatus;
/// <summary>
/// A pointer to a CERT_REVOCATION_INFO structure with information on the revocation status of the certificate. If revocation
/// checking was not enabled, <c>pRevocationInfo</c> is <c>NULL</c>.
/// </summary>
public IntPtr pRevocationInfo;
/// <summary>A pointer to a CERT_ENHKEY_USAGE structure. If <c>NULL</c>, any issuance policy is acceptable.</summary>
public IntPtr pIssuanceUsage;
/// <summary>A pointer to a CERT_ENHKEY_USAGE structure. If <c>NULL</c>, any enhanced key usage is acceptable.</summary>
public IntPtr pApplicationUsage;
/// <summary>
/// A pointer to a <c>null</c>-terminated wide character string that contains extended error information. If <c>NULL</c>, there
/// is no extended error information.
/// </summary>
public StrPtrUni pwszExtendedErrorInfo;
}
/// <summary>
/// Contains information updated by a certificate revocation list (CRL) revocation type handler. The <c>CERT_REVOCATION_CRL_INFO</c>
/// structure is used with both base and delta CRLs.
/// </summary>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_revocation_crl_info typedef struct
// _CERT_REVOCATION_CRL_INFO { DWORD cbSize; PCCRL_CONTEXT pBaseCrlContext; PCCRL_CONTEXT pDeltaCrlContext; PCRL_ENTRY pCrlEntry;
// BOOL fDeltaCrlEntry; } CERT_REVOCATION_CRL_INFO, *PCERT_REVOCATION_CRL_INFO;
[PInvokeData("wincrypt.h", MSDNShortId = "069ff521-90fd-4de8-9b5c-045e44e87f75")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_REVOCATION_CRL_INFO
{
/// <summary>Size, in bytes, of the structure.</summary>
public uint cbSize;
/// <summary/>
public PCCRL_CONTEXT pBaseCrlContext;
/// <summary/>
public PCCRL_CONTEXT pDeltaCrlContext;
/// <summary>A pointer to an entry in either the base CRL or the delta CRL.</summary>
public IntPtr pCrlEntry;
/// <summary>
/// <c>TRUE</c> if <c>pCrlEntry</c> points to an entry in the delta CRL. <c>FALSE</c> if <c>pCrlEntry</c> points to an entry in
/// the base CRL.
/// </summary>
[MarshalAs(UnmanagedType.Bool)] public bool fDeltaCrlEntry;
}
/// <summary>The <c>CERT_REVOCATION_INFO</c> structure indicates the revocation status of a certificate in a CERT_CHAIN_ELEMENT.</summary>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_revocation_info typedef struct _CERT_REVOCATION_INFO
// { DWORD cbSize; DWORD dwRevocationResult; LPCSTR pszRevocationOid; LPVOID pvOidSpecificInfo; BOOL fHasFreshnessTime; DWORD
// dwFreshnessTime; PCERT_REVOCATION_CRL_INFO pCrlInfo; } CERT_REVOCATION_INFO, *PCERT_REVOCATION_INFO;
[PInvokeData("wincrypt.h", MSDNShortId = "798aa2d7-bf8a-425f-bc36-98a44ba3a9d6")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_REVOCATION_INFO
{
/// <summary>Size of this structure in bytes.</summary>
public uint cbSize;
/// <summary>
/// <para>Currently defined values are:</para>
/// <list type="bullet">
/// <item>
/// <term>CERT_TRUST_IS_REVOKED</term>
/// </item>
/// <item>
/// <term>CERT_TRUST_REVOCATION_STATUS_IS_UNKNOWN</term>
/// </item>
/// </list>
/// </summary>
public uint dwRevocationResult;
/// <summary>Not currently used and is set to <c>NULL</c>.</summary>
public StrPtrAnsi pszRevocationOid;
/// <summary>Not currently used and is set to <c>NULL</c>.</summary>
public IntPtr pvOidSpecificInfo;
/// <summary>BOOL set to <c>TRUE</c> if dwFreshnessTime has been updated.</summary>
[MarshalAs(UnmanagedType.Bool)] public bool fHasFreshnessTime;
/// <summary>
/// If <c>fHasFreshnessTime</c> is <c>TRUE</c>, holds the CurrentTime minus the certificate revocation list's (CRL's). This time
/// is in seconds.
/// </summary>
public uint dwFreshnessTime;
/// <summary>For CRL base revocation checking, a non- <c>NULL</c> pointer to a CERT_REVOCATION_CRL_INFO structure.</summary>
public IntPtr pCrlInfo;
}
/// <summary>
/// The <c>CERT_SELECT_CHAIN_PARA</c> structure contains the parameters used for building and selecting chains. This structure is
/// used by the CertGetCertificateChain and CertSelectCertificateChains functions.
/// </summary>
/// <remarks>
/// <para>
/// Trust in a particular certificate being a trusted root is based on the current state of the root store and not the state of the
/// root store at a time passed in by this parameter. For revocation, a certificate revocation list (CRL), itself, must be valid at
/// the current time. The value of this parameter is used to determine whether a certificate listed in a CRL has been revoked.
/// </para>
/// <para>The following remarks apply to strong signature checking:</para>
/// <list type="bullet">
/// <item>
/// <term>
/// You can enable strong signature checking by using the CERT_CHAIN_PARA structure referenced by the <c>pChainPara</c> member. The
/// <c>pStrongSignPara</c> member of the <c>CERT_CHAIN_PARA</c> structure points to a CERT_STRONG_SIGN_PARA structure that can be
/// used to determine signature strength.
/// </term>
/// </item>
/// <item>
/// <term>
/// When you enable strong checking and a weak signature is encountered, the <c>CERT_TRUST_IS_NOT_SIGNATURE_VALID</c> and
/// <c>CERT_TRUST_HAS_WEAK_SIGNATURE</c> errors are set in the <c>dwErrorStatus</c> field of the CERT_TRUST_STATUS structure.
/// </term>
/// </item>
/// </list>
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_select_chain_para typedef struct
// _CERT_SELECT_CHAIN_PARA { HCERTCHAINENGINE hChainEngine; PFILETIME pTime; HCERTSTORE hAdditionalStore; PCERT_CHAIN_PARA
// pChainPara; DWORD dwFlags; } CERT_SELECT_CHAIN_PARA, *PCERT_SELECT_CHAIN_PARA;
[PInvokeData("wincrypt.h", MSDNShortId = "55c6c063-2a65-40ad-8d3f-7723b83cf021")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_SELECT_CHAIN_PARA
{
/// <summary>
/// The handle of the chain engine to use to build the chain. If the value of the hChainEngine parameter is <c>NULL</c>, the
/// default chain engine, <c>HCCE_CURRENT_USER</c>, is used.
/// </summary>
public HCERTCHAINENGINE hChainEngine;
/// <summary>
/// <para>
/// A pointer to a FILETIME structure that contains the time for which the chain is to be validated. If the value of the pTime
/// parameter is <c>NULL</c>, the current system time is passed to this parameter.
/// </para>
/// <para><c>Note</c> The time does not affect trust list, revocation, or root store checking.</para>
/// </summary>
public IntPtr pTime;
/// <summary>
/// The handle of any additional store to search for supporting certificates and certificate trust lists (CTLs). This parameter
/// can be <c>NULL</c> if no additional store is to be searched.
/// </summary>
public HCERTSTORE hAdditionalStore;
/// <summary>A pointer to a CERT_CHAIN_PARA structure that includes chain-building parameters.</summary>
public IntPtr pChainPara;
/// <summary>
/// <para>Flag values that indicate special processing during chain build.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY 0x00000004</term>
/// <term>Revocation checking only accesses cached URLs.</term>
/// </item>
/// <item>
/// <term>CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL 0x80000000</term>
/// <term>Use only cached URLs in building a certificate chain. The Internet and intranet are not searched for URL-based objects.</term>
/// </item>
/// </list>
/// </summary>
public uint dwFlags;
}
/// <summary>
/// The <c>CERT_SELECT_CRITERIA</c> structure specifies selection criteria that is passed to the CertSelectCertificateChains function.
/// </summary>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_select_criteria typedef struct _CERT_SELECT_CRITERIA
// { DWORD dwType; DWORD cPara; void **ppPara; } CERT_SELECT_CRITERIA, *PCERT_SELECT_CRITERIA;
[PInvokeData("wincrypt.h", MSDNShortId = "246722a9-5db6-4a82-8f29-f60f0a2263e3")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi)]
public struct CERT_SELECT_CRITERIA
{
/// <summary>
/// <para>
/// Specifies the type of selection criteria used for the <c>ppPara</c> member. This member can have one of the following values.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>CERT_SELECT_BY_ENHKEY_USAGE 1</term>
/// <term>
/// Select certificates based on a specific enhanced key usage. When this flag is set, the ppPara must reference a
/// null-terminated object identifier (OID) ANSI string that specifies the enhanced key usage. This criteria is evaluated on the certificate.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_BY_KEY_USAGE 2</term>
/// <term>
/// Select certificates based on a specific szOID_KEY_USAGE extension in the certificate. When this flag is set, the ppPara
/// member must reference a CERT_EXTENSION structure where the value of the extension is a DWORD that identifies the Key Usage
/// bits. This criteria is evaluated on the certificate.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_BY_POLICY_OID 3</term>
/// <term>
/// Select certificates based on a specific issuance policy. The ppPara member must reference a null-terminated OID ANSI string
/// of the desired issuance policy. This criteria is evaluated on the issuance policy of the certificate chain.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_BY_PROV_NAME 4</term>
/// <term>
/// Select certificates based on a specific private key provider. The ppPara member must reference a null-terminated Unicode
/// string that represents the name of the provider.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_BY_EXTENSION 5</term>
/// <term>
/// Select certificates based on the presence of a specified extension and an optional specified value. The ppPara member must
/// reference a CERT_EXTENSION structure that specifies the extension OID and the associated value.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_BY_SUBJECT_HOST_NAME 6</term>
/// <term>
/// Select certificates based on the Subject DNS HOST Name. The ppPara member must reference a null-terminated Unicode string
/// that contains the subject host name. The selection performed based on this flag is the same as the evaluation of the
/// pwszServerName member of the SSL_EXTRA_CERT_CHAIN_POLICY_PARA structure during a call to the
/// CertVerifyCertificateChainPolicy function. This criteria is evaluated on the certificate.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_BY_ISSUER_ATTR 7</term>
/// <term>
/// Select certificates based on the relative distinguished name (RDN) element of the issuer of the certificate. The ppPara
/// member must reference a CERT_RDN structure that contains the RDN element of the issuer. This criteria is evaluated on the
/// certificate chain.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_BY_SUBJECT_ATTR 8</term>
/// <term>
/// Select certificates based on the RDN element in the Subject of the certificate. The ppPara member must be a reference to a
/// CERT_RDN structure that contains the RDN element of the Subject. This criteria is evaluated on the certificate.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_BY_ISSUER_NAME 9</term>
/// <term>
/// Select certificates based on the issuer of the certificate. The ppPara member must be a reference to a CERT_NAME_BLOB
/// structure that contains the name of the issuer. This criteria is evaluated on the certificate chain.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_BY_PUBLIC_KEY 10</term>
/// <term>
/// Select certificates based on the public key of the certificate. The ppPara member must reference a pointer to a
/// CERT_PUBLIC_KEY_INFO structure that contains the public key. This criteria is evaluated on the certificate.
/// </term>
/// </item>
/// <item>
/// <term>CERT_SELECT_BY_TLS_SIGNATURES 11</term>
/// <term>
/// Select certificates based on the Transport Layer Security protocol (TLS) Signature requirement. The ppPara member must
/// reference a SecPkgContext_SupportedSignatures structure. This criteria is evaluated on the certificate.
/// </term>
/// </item>
/// </list>
/// </summary>
public CertSelectBy dwType;
/// <summary>A <c>DWORD</c> value that specifies the number of search attributes specified in the <c>ppPara</c> member.</summary>
public uint cPara;
/// <summary>
/// A pointer to a pointer to one or more selection values. The data type depends on the selection type specified by the
/// <c>dwType</c> member. If more than one selection value is present, an application must match only one value.
/// </summary>
public IntPtr ppPara;
}
/// <summary>
/// The <c>CERT_SIMPLE_CHAIN</c> structure contains an array of chain elements and a summary trust status for the chain that the
/// array represents.
/// </summary>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_simple_chain typedef struct _CERT_SIMPLE_CHAIN {
// DWORD cbSize; CERT_TRUST_STATUS TrustStatus; DWORD cElement; PCERT_CHAIN_ELEMENT *rgpElement; PCERT_TRUST_LIST_INFO
// pTrustListInfo; BOOL fHasRevocationFreshnessTime; DWORD dwRevocationFreshnessTime; } CERT_SIMPLE_CHAIN, *PCERT_SIMPLE_CHAIN;
[PInvokeData("wincrypt.h", MSDNShortId = "c130cab4-bf8d-429a-beb7-04cb5d37d466")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_SIMPLE_CHAIN
{
/// <summary>The size, in bytes, of this structure.</summary>
public uint cbSize;
/// <summary>
/// A structure that indicates the trust status of the whole chain. The structure includes an error status code and an
/// information status code. For information about status code values, see CERT_TRUST_STATUS.
/// </summary>
public CERT_TRUST_STATUS TrustStatus;
/// <summary>The number of CERT_CHAIN_ELEMENT structures in the array.</summary>
public uint cElement;
/// <summary>
/// An array of pointers to CERT_CHAIN_ELEMENT structures. <c>rgpElement</c>[0] is the end certificate chain element.
/// <c>rgpElement</c>[ <c>cElement</c>1] is the self-signed "root" certificate element.
/// </summary>
public IntPtr rgpElement;
/// <summary>
/// A pointer to a CERT_TRUST_LIST_INFO structure that contains a pointer to a certificate trust list (CTL) connecting this
/// chain to a next certificate chain. If the current chain is the final chain, <c>pTrustListInfo</c> is <c>NULL</c>.
/// </summary>
public IntPtr pTrustListInfo;
/// <summary>BOOL. If <c>TRUE</c>, <c>dwRevocationFreshnessTime</c> has been calculated.</summary>
[MarshalAs(UnmanagedType.Bool)] public bool fHasRevocationFreshnessTime;
/// <summary>
/// The age of a certificate revocation list (CRL) in seconds, calculated as the CurrentTime minus the CRL's ThisUpdate time.
/// This values is the largest time across all elements checked.
/// </summary>
public uint dwRevocationFreshnessTime;
/// <summary>Gets the elements from <see cref="rgpElement"/>.</summary>
public unsafe CERT_CHAIN_ELEMENT*[] GetElements()
{
var ret = new CERT_CHAIN_ELEMENT*[(int)cElement];
for (int i = 0; i < cElement; i++)
ret[i] = ((CERT_CHAIN_ELEMENT**)rgpElement)[i];
return ret;
}
}
/// <summary>The <c>CERT_TRUST_LIST_INFO</c> structure that indicates valid usage of a CTL.</summary>
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_trust_list_info typedef struct _CERT_TRUST_LIST_INFO
// { DWORD cbSize; PCTL_ENTRY pCtlEntry; PCCTL_CONTEXT pCtlContext; } CERT_TRUST_LIST_INFO, *PCERT_TRUST_LIST_INFO;
[PInvokeData("wincrypt.h", MSDNShortId = "774f5626-9b48-4585-b713-adbf191861cc")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_TRUST_LIST_INFO
{
/// <summary>Size of this structure in bytes.</summary>
public uint cbSize;
/// <summary>
/// A pointer to a structure that includes a subject identifier, the count of attributes associated with a CTL, and an array of
/// those attributes.
/// </summary>
public IntPtr pCtlEntry;
/// <summary>A pointer to a CTL context.</summary>
public PCCTL_CONTEXT pCtlContext;
}
/// <summary>Provides a handle to an online certificate status protocol (OCSP) response.</summary>
[StructLayout(LayoutKind.Sequential)]
public struct HCERT_SERVER_OCSP_RESPONSE : IHandle
{
private IntPtr handle;
/// <summary>Initializes a new instance of the <see cref="HCERT_SERVER_OCSP_RESPONSE"/> struct.</summary>
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
public HCERT_SERVER_OCSP_RESPONSE(IntPtr preexistingHandle) => handle = preexistingHandle;
/// <summary>Returns an invalid handle by instantiating a <see cref="HCERT_SERVER_OCSP_RESPONSE"/> object with <see cref="IntPtr.Zero"/>.</summary>
public static HCERT_SERVER_OCSP_RESPONSE NULL => new HCERT_SERVER_OCSP_RESPONSE(IntPtr.Zero);
/// <summary>Gets a value indicating whether this instance is a null handle.</summary>
public bool IsNull => handle == IntPtr.Zero;
/// <summary>Performs an explicit conversion from <see cref="HCERT_SERVER_OCSP_RESPONSE"/> to <see cref="IntPtr"/>.</summary>
/// <param name="h">The handle.</param>
/// <returns>The result of the conversion.</returns>
public static explicit operator IntPtr(HCERT_SERVER_OCSP_RESPONSE h) => h.handle;
/// <summary>Performs an implicit conversion from <see cref="IntPtr"/> to <see cref="HCERT_SERVER_OCSP_RESPONSE"/>.</summary>
/// <param name="h">The pointer to a handle.</param>
/// <returns>The result of the conversion.</returns>
public static implicit operator HCERT_SERVER_OCSP_RESPONSE(IntPtr h) => new HCERT_SERVER_OCSP_RESPONSE(h);
/// <summary>Implements the operator !=.</summary>
/// <param name="h1">The first handle.</param>
/// <param name="h2">The second handle.</param>
/// <returns>The result of the operator.</returns>
public static bool operator !=(HCERT_SERVER_OCSP_RESPONSE h1, HCERT_SERVER_OCSP_RESPONSE h2) => !(h1 == h2);
/// <summary>Implements the operator ==.</summary>
/// <param name="h1">The first handle.</param>
/// <param name="h2">The second handle.</param>
/// <returns>The result of the operator.</returns>
public static bool operator ==(HCERT_SERVER_OCSP_RESPONSE h1, HCERT_SERVER_OCSP_RESPONSE h2) => h1.Equals(h2);
/// <inheritdoc/>
public override bool Equals(object obj) => obj is HCERT_SERVER_OCSP_RESPONSE h ? handle == h.handle : false;
/// <inheritdoc/>
public override int GetHashCode() => handle.GetHashCode();
/// <inheritdoc/>
public IntPtr DangerousGetHandle() => handle;
}
//public static CERT_SELECT_CRITERIA[] CertSelectCertificateChains(in Guid pSelectionContext, HCERTSTORE hStore, CertSelection dwFlags, [Optional] CERT_SELECT_CHAIN_PARA? pChainParameters, [Optional] CERT_SELECT_CRITERIA[] rgpCriteria)
//{
// unsafe
// {
// var cpdef = pChainParameters.GetValueOrDefault();
// if (!CertSelectCertificateChains(pSelectionContext, dwFlags, pChainParameters.HasValue ? &cpdef : null, rgpCriteria?.Length ?? 0, rgpCriteria, hStore, out var cSelections, out var ppSelections))
// throw new Win32Exception();
// var ret = new CERT_CHAIN_CONTEXT[cSelections];
// for (var i = 0; i < cSelections; i++)
// ret[i] = *ppSelections[i];
// return ret;
// }
//}
//[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
//[return: MarshalAs(UnmanagedType.Bool)]
//private static extern unsafe bool CertSelectCertificateChains(in Guid pSelectionContext, CertSelection dwFlags, [In, Optional] CERT_SELECT_CHAIN_PARA* pChainParameters, int cCriteria,
// [In, Optional, MarshalAs(UnmanagedType.LPArray)] CERT_SELECT_CRITERIA[] rgpCriteria, HCERTSTORE hStore, out int pcSelection, out CERT_CHAIN_CONTEXT*[] pprgpSelection);
/// <summary>Provides a handle to a Certificate Chain Engine.</summary>
[StructLayout(LayoutKind.Sequential)]
public struct HCERTCHAINENGINE : IHandle
{
private IntPtr handle;
/// <summary>Initializes a new instance of the <see cref="HCERTCHAINENGINE"/> struct.</summary>
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
public HCERTCHAINENGINE(IntPtr preexistingHandle) => handle = preexistingHandle;
/// <summary>Returns an invalid handle by instantiating a <see cref="HCERTCHAINENGINE"/> object with <see cref="IntPtr.Zero"/>.</summary>
public static HCERTCHAINENGINE NULL => new HCERTCHAINENGINE(IntPtr.Zero);
/// <summary>Gets a value indicating whether this instance is a null handle.</summary>
public bool IsNull => handle == IntPtr.Zero;
/// <summary>Performs an explicit conversion from <see cref="HCERTCHAINENGINE"/> to <see cref="IntPtr"/>.</summary>
/// <param name="h">The handle.</param>
/// <returns>The result of the conversion.</returns>
public static explicit operator IntPtr(HCERTCHAINENGINE h) => h.handle;
/// <summary>Performs an implicit conversion from <see cref="IntPtr"/> to <see cref="HCERTCHAINENGINE"/>.</summary>
/// <param name="h">The pointer to a handle.</param>
/// <returns>The result of the conversion.</returns>
public static implicit operator HCERTCHAINENGINE(IntPtr h) => new HCERTCHAINENGINE(h);
/// <summary>Implements the operator !=.</summary>
/// <param name="h1">The first handle.</param>
/// <param name="h2">The second handle.</param>
/// <returns>The result of the operator.</returns>
public static bool operator !=(HCERTCHAINENGINE h1, HCERTCHAINENGINE h2) => !(h1 == h2);
/// <summary>Implements the operator ==.</summary>
/// <param name="h1">The first handle.</param>
/// <param name="h2">The second handle.</param>
/// <returns>The result of the operator.</returns>
public static bool operator ==(HCERTCHAINENGINE h1, HCERTCHAINENGINE h2) => h1.Equals(h2);
/// <inheritdoc/>
public override bool Equals(object obj) => obj is HCERTCHAINENGINE h ? handle == h.handle : false;
/// <inheritdoc/>
public override int GetHashCode() => handle.GetHashCode();
/// <inheritdoc/>
public IntPtr DangerousGetHandle() => handle;
}
/// <summary>Provides a handle to a CERT_SERVER_OCSP_RESPONSE_CONTEXT.</summary>
[StructLayout(LayoutKind.Sequential)]
public struct PCCERT_SERVER_OCSP_RESPONSE_CONTEXT : IHandle
{
private IntPtr handle;
/// <summary>Initializes a new instance of the <see cref="PCCERT_SERVER_OCSP_RESPONSE_CONTEXT"/> struct.</summary>
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
public PCCERT_SERVER_OCSP_RESPONSE_CONTEXT(IntPtr preexistingHandle) => handle = preexistingHandle;
/// <summary>
/// Returns an invalid handle by instantiating a <see cref="PCCERT_SERVER_OCSP_RESPONSE_CONTEXT"/> object with <see cref="IntPtr.Zero"/>.
/// </summary>
public static PCCERT_SERVER_OCSP_RESPONSE_CONTEXT NULL => new PCCERT_SERVER_OCSP_RESPONSE_CONTEXT(IntPtr.Zero);
/// <summary>Gets a value indicating whether this instance is a null handle.</summary>
public bool IsNull => handle == IntPtr.Zero;
/// <summary>Performs an explicit conversion from <see cref="PCCERT_SERVER_OCSP_RESPONSE_CONTEXT"/> to <see cref="IntPtr"/>.</summary>
/// <param name="h">The handle.</param>
/// <returns>The result of the conversion.</returns>
public static explicit operator IntPtr(PCCERT_SERVER_OCSP_RESPONSE_CONTEXT h) => h.handle;
/// <summary>Performs an implicit conversion from <see cref="IntPtr"/> to <see cref="PCCERT_SERVER_OCSP_RESPONSE_CONTEXT"/>.</summary>
/// <param name="h">The pointer to a handle.</param>
/// <returns>The result of the conversion.</returns>
public static implicit operator PCCERT_SERVER_OCSP_RESPONSE_CONTEXT(IntPtr h) => new PCCERT_SERVER_OCSP_RESPONSE_CONTEXT(h);
/// <summary>Implements the operator !=.</summary>
/// <param name="h1">The first handle.</param>
/// <param name="h2">The second handle.</param>
/// <returns>The result of the operator.</returns>
public static bool operator !=(PCCERT_SERVER_OCSP_RESPONSE_CONTEXT h1, PCCERT_SERVER_OCSP_RESPONSE_CONTEXT h2) => !(h1 == h2);
/// <summary>Implements the operator ==.</summary>
/// <param name="h1">The first handle.</param>
/// <param name="h2">The second handle.</param>
/// <returns>The result of the operator.</returns>
public static bool operator ==(PCCERT_SERVER_OCSP_RESPONSE_CONTEXT h1, PCCERT_SERVER_OCSP_RESPONSE_CONTEXT h2) => h1.Equals(h2);
/// <inheritdoc/>
public override bool Equals(object obj) => obj is PCCERT_SERVER_OCSP_RESPONSE_CONTEXT h ? handle == h.handle : false;
/// <inheritdoc/>
public override int GetHashCode() => handle.GetHashCode();
/// <inheritdoc/>
public IntPtr DangerousGetHandle() => handle;
}
/// <summary>Provides a <see cref="SafeHandle"/> for <see cref="PCCERT_CONTEXT"/> that is disposed using <see cref="CertFreeCertificateContext"/>.</summary>
public class SafePCCERT_CONTEXT : SafeHANDLE
{
/// <summary>Represents a NULL handle for <see cref="SafePCCERT_CONTEXT"/>. This must be used instead of <see langword="null"/>.</summary>
public static readonly SafePCCERT_CONTEXT Null = new SafePCCERT_CONTEXT(IntPtr.Zero, false);
/// <summary>Initializes a new instance of the <see cref="SafePCCERT_CONTEXT"/> class and assigns an existing handle.</summary>
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
/// <param name="ownsHandle">
/// <see langword="true"/> to reliably release the handle during the finalization phase; otherwise, <see langword="false"/> (not recommended).
/// </param>
public SafePCCERT_CONTEXT(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { }
/// <summary>Initializes a new instance of the <see cref="SafePCCERT_CONTEXT"/> class.</summary>
private SafePCCERT_CONTEXT() : base() { }
/// <summary>Performs an implicit conversion from <see cref="SafePCCERT_CONTEXT"/> to <see cref="PCCERT_CONTEXT"/>.</summary>
/// <param name="h">The safe handle instance.</param>
/// <returns>The result of the conversion.</returns>
public static implicit operator PCCERT_CONTEXT(SafePCCERT_CONTEXT h) => h.handle;
/// <summary>
/// Performs an explicit conversion from <see cref="SafePCCERT_CONTEXT"/> to <see cref="CERT_CONTEXT"/>.
/// </summary>
/// <param name="h">The h.</param>
/// <returns>
/// The resulting <see cref="CERT_CONTEXT"/> instance from the conversion.
/// </returns>
public static unsafe explicit operator CERT_CONTEXT*(SafePCCERT_CONTEXT h) => (CERT_CONTEXT*)(void*)h.handle;
/// <inheritdoc/>
protected override bool InternalReleaseHandle() => CertFreeCertificateContext(handle);
}
/// <summary>
/// Provides a <see cref="SafeHandle"/> for <see cref="PCCERT_SERVER_OCSP_RESPONSE_CONTEXT"/> that is disposed using <see cref="CertFreeServerOcspResponseContext"/>.
/// </summary>
public class SafePCCERT_SERVER_OCSP_RESPONSE_CONTEXT : SafeHANDLE
{
/// <summary>
/// Initializes a new instance of the <see cref="SafePCCERT_SERVER_OCSP_RESPONSE_CONTEXT"/> class and assigns an existing handle.
/// </summary>
/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
/// <param name="ownsHandle">
/// <see langword="true"/> to reliably release the handle during the finalization phase; otherwise, <see langword="false"/> (not recommended).
/// </param>
public SafePCCERT_SERVER_OCSP_RESPONSE_CONTEXT(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { }
/// <summary>Initializes a new instance of the <see cref="SafePCCERT_SERVER_OCSP_RESPONSE_CONTEXT"/> class.</summary>
private SafePCCERT_SERVER_OCSP_RESPONSE_CONTEXT() : base() { }
/// <summary>Performs an implicit conversion from <see cref="SafePCCERT_SERVER_OCSP_RESPONSE_CONTEXT"/> to <see cref="PCCERT_SERVER_OCSP_RESPONSE_CONTEXT"/>.</summary>
/// <param name="h">The safe handle instance.</param>
/// <returns>The result of the conversion.</returns>
public static implicit operator PCCERT_SERVER_OCSP_RESPONSE_CONTEXT(SafePCCERT_SERVER_OCSP_RESPONSE_CONTEXT h) => h.handle;
/// <inheritdoc/>
protected override bool InternalReleaseHandle() { CertFreeServerOcspResponseContext(handle); return true; }
}
}
}
Reference in New Issue View Git Blame Copy Permalink