| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416 |
- using System;
- using System.Runtime.InteropServices;
- using System.Security.Cryptography.X509Certificates;
- using SecureString = System.Security.SecureString;
- using RuntimeHelpers = System.Runtime.CompilerServices.RuntimeHelpers;
- namespace FietsLibrary
- {
- internal class SelfSignedCertificate
- {
- public static byte[] CreateSelfSignCertificatePfx(
- string x500,
- DateTime startTime,
- DateTime endTime)
- {
- byte[] pfxData = CreateSelfSignCertificatePfx(
- x500,
- startTime,
- endTime,
- (SecureString)null);
- return pfxData;
- }
- public static byte[] CreateSelfSignCertificatePfx(
- string x500,
- DateTime startTime,
- DateTime endTime,
- string insecurePassword)
- {
- byte[] pfxData;
- SecureString password = null;
- try
- {
- if (!string.IsNullOrEmpty(insecurePassword))
- {
- password = new SecureString();
- foreach (char ch in insecurePassword)
- {
- password.AppendChar(ch);
- }
- password.MakeReadOnly();
- }
- pfxData = CreateSelfSignCertificatePfx(
- x500,
- startTime,
- endTime,
- password);
- }
- finally
- {
- if (password != null)
- {
- password.Dispose();
- }
- }
- return pfxData;
- }
- public static byte[] CreateSelfSignCertificatePfx(
- string x500,
- DateTime startTime,
- DateTime endTime,
- SecureString password)
- {
- byte[] pfxData;
- if (x500 == null)
- {
- x500 = "";
- }
- SystemTime startSystemTime = ToSystemTime(startTime);
- SystemTime endSystemTime = ToSystemTime(endTime);
- string containerName = Guid.NewGuid().ToString();
- GCHandle dataHandle = new GCHandle();
- IntPtr providerContext = IntPtr.Zero;
- IntPtr cryptKey = IntPtr.Zero;
- IntPtr certContext = IntPtr.Zero;
- IntPtr certStore = IntPtr.Zero;
- IntPtr storeCertContext = IntPtr.Zero;
- IntPtr passwordPtr = IntPtr.Zero;
- RuntimeHelpers.PrepareConstrainedRegions();
- try
- {
- Check(NativeMethods.CryptAcquireContextW(
- out providerContext,
- containerName,
- null,
- 1, // PROV_RSA_FULL
- 8)); // CRYPT_NEWKEYSET
- Check(NativeMethods.CryptGenKey(
- providerContext,
- 1, // AT_KEYEXCHANGE
- 1, // CRYPT_EXPORTABLE
- out cryptKey));
- IntPtr errorStringPtr;
- int nameDataLength = 0;
- byte[] nameData;
- // errorStringPtr gets a pointer into the middle of the x500 string,
- // so x500 needs to be pinned until after we've copied the value
- // of errorStringPtr.
- dataHandle = GCHandle.Alloc(x500, GCHandleType.Pinned);
- if (!NativeMethods.CertStrToNameW(
- 0x00010001, // X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
- dataHandle.AddrOfPinnedObject(),
- 3, // CERT_X500_NAME_STR = 3
- IntPtr.Zero,
- null,
- ref nameDataLength,
- out errorStringPtr))
- {
- string error = Marshal.PtrToStringUni(errorStringPtr);
- throw new ArgumentException(error);
- }
- nameData = new byte[nameDataLength];
- if (!NativeMethods.CertStrToNameW(
- 0x00010001, // X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
- dataHandle.AddrOfPinnedObject(),
- 3, // CERT_X500_NAME_STR = 3
- IntPtr.Zero,
- nameData,
- ref nameDataLength,
- out errorStringPtr))
- {
- string error = Marshal.PtrToStringUni(errorStringPtr);
- throw new ArgumentException(error);
- }
- dataHandle.Free();
- dataHandle = GCHandle.Alloc(nameData, GCHandleType.Pinned);
- CryptoApiBlob nameBlob = new CryptoApiBlob(
- nameData.Length,
- dataHandle.AddrOfPinnedObject());
- CryptKeyProviderInformation kpi = new CryptKeyProviderInformation();
- kpi.ContainerName = containerName;
- kpi.ProviderType = 1; // PROV_RSA_FULL
- kpi.KeySpec = 1; // AT_KEYEXCHANGE
- certContext = NativeMethods.CertCreateSelfSignCertificate(
- providerContext,
- ref nameBlob,
- 0,
- ref kpi,
- IntPtr.Zero, // default = SHA1RSA
- ref startSystemTime,
- ref endSystemTime,
- IntPtr.Zero);
- Check(certContext != IntPtr.Zero);
- dataHandle.Free();
- certStore = NativeMethods.CertOpenStore(
- "Memory", // sz_CERT_STORE_PROV_MEMORY
- 0,
- IntPtr.Zero,
- 0x2000, // CERT_STORE_CREATE_NEW_FLAG
- IntPtr.Zero);
- Check(certStore != IntPtr.Zero);
- Check(NativeMethods.CertAddCertificateContextToStore(
- certStore,
- certContext,
- 1, // CERT_STORE_ADD_NEW
- out storeCertContext));
- NativeMethods.CertSetCertificateContextProperty(
- storeCertContext,
- 2, // CERT_KEY_PROV_INFO_PROP_ID
- 0,
- ref kpi);
- if (password != null)
- {
- passwordPtr = Marshal.SecureStringToCoTaskMemUnicode(password);
- }
- CryptoApiBlob pfxBlob = new CryptoApiBlob();
- Check(NativeMethods.PFXExportCertStoreEx(
- certStore,
- ref pfxBlob,
- passwordPtr,
- IntPtr.Zero,
- 7)); // EXPORT_PRIVATE_KEYS | REPORT_NO_PRIVATE_KEY | REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY
- pfxData = new byte[pfxBlob.DataLength];
- dataHandle = GCHandle.Alloc(pfxData, GCHandleType.Pinned);
- pfxBlob.Data = dataHandle.AddrOfPinnedObject();
- Check(NativeMethods.PFXExportCertStoreEx(
- certStore,
- ref pfxBlob,
- passwordPtr,
- IntPtr.Zero,
- 7)); // EXPORT_PRIVATE_KEYS | REPORT_NO_PRIVATE_KEY | REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY
- dataHandle.Free();
- }
- finally
- {
- if (passwordPtr != IntPtr.Zero)
- {
- Marshal.ZeroFreeCoTaskMemUnicode(passwordPtr);
- }
- if (dataHandle.IsAllocated)
- {
- dataHandle.Free();
- }
- if (certContext != IntPtr.Zero)
- {
- NativeMethods.CertFreeCertificateContext(certContext);
- }
- if (storeCertContext != IntPtr.Zero)
- {
- NativeMethods.CertFreeCertificateContext(storeCertContext);
- }
- if (certStore != IntPtr.Zero)
- {
- NativeMethods.CertCloseStore(certStore, 0);
- }
- if (cryptKey != IntPtr.Zero)
- {
- NativeMethods.CryptDestroyKey(cryptKey);
- }
- if (providerContext != IntPtr.Zero)
- {
- NativeMethods.CryptReleaseContext(providerContext, 0);
- NativeMethods.CryptAcquireContextW(
- out providerContext,
- containerName,
- null,
- 1, // PROV_RSA_FULL
- 0x10); // CRYPT_DELETEKEYSET
- }
- }
- return pfxData;
- }
- private static SystemTime ToSystemTime(DateTime dateTime)
- {
- long fileTime = dateTime.ToFileTime();
- SystemTime systemTime;
- Check(NativeMethods.FileTimeToSystemTime(ref fileTime, out systemTime));
- return systemTime;
- }
- private static void Check(bool nativeCallSucceeded)
- {
- if (!nativeCallSucceeded)
- {
- int error = Marshal.GetHRForLastWin32Error();
- Marshal.ThrowExceptionForHR(error);
- }
- }
- [StructLayout(LayoutKind.Sequential)]
- private struct SystemTime
- {
- public short Year;
- public short Month;
- public short DayOfWeek;
- public short Day;
- public short Hour;
- public short Minute;
- public short Second;
- public short Milliseconds;
- }
- [StructLayout(LayoutKind.Sequential)]
- private struct CryptoApiBlob
- {
- public int DataLength;
- public IntPtr Data;
- public CryptoApiBlob(int dataLength, IntPtr data)
- {
- this.DataLength = dataLength;
- this.Data = data;
- }
- }
- [StructLayout(LayoutKind.Sequential)]
- private struct CryptKeyProviderInformation
- {
- [MarshalAs(UnmanagedType.LPWStr)]
- public string ContainerName;
- [MarshalAs(UnmanagedType.LPWStr)]
- public string ProviderName;
- public int ProviderType;
- public int Flags;
- public int ProviderParameterCount;
- public IntPtr ProviderParameters; // PCRYPT_KEY_PROV_PARAM
- public int KeySpec;
- }
- private static class NativeMethods
- {
- [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
- [return: MarshalAs(UnmanagedType.Bool)]
- public static extern bool FileTimeToSystemTime(
- [In] ref long fileTime,
- out SystemTime systemTime);
- [DllImport("AdvApi32.dll", SetLastError = true, ExactSpelling = true)]
- [return: MarshalAs(UnmanagedType.Bool)]
- public static extern bool CryptAcquireContextW(
- out IntPtr providerContext,
- [MarshalAs(UnmanagedType.LPWStr)] string container,
- [MarshalAs(UnmanagedType.LPWStr)] string provider,
- int providerType,
- int flags);
- [DllImport("AdvApi32.dll", SetLastError = true, ExactSpelling = true)]
- [return: MarshalAs(UnmanagedType.Bool)]
- public static extern bool CryptReleaseContext(
- IntPtr providerContext,
- int flags);
- [DllImport("AdvApi32.dll", SetLastError = true, ExactSpelling = true)]
- [return: MarshalAs(UnmanagedType.Bool)]
- public static extern bool CryptGenKey(
- IntPtr providerContext,
- int algorithmId,
- int flags,
- out IntPtr cryptKeyHandle);
- [DllImport("AdvApi32.dll", SetLastError = true, ExactSpelling = true)]
- [return: MarshalAs(UnmanagedType.Bool)]
- public static extern bool CryptDestroyKey(
- IntPtr cryptKeyHandle);
- [DllImport("Crypt32.dll", SetLastError = true, ExactSpelling = true)]
- [return: MarshalAs(UnmanagedType.Bool)]
- public static extern bool CertStrToNameW(
- int certificateEncodingType,
- IntPtr x500,
- int strType,
- IntPtr reserved,
- [MarshalAs(UnmanagedType.LPArray)] [Out] byte[] encoded,
- ref int encodedLength,
- out IntPtr errorString);
- [DllImport("Crypt32.dll", SetLastError = true, ExactSpelling = true)]
- public static extern IntPtr CertCreateSelfSignCertificate(
- IntPtr providerHandle,
- [In] ref CryptoApiBlob subjectIssuerBlob,
- int flags,
- [In] ref CryptKeyProviderInformation keyProviderInformation,
- IntPtr signatureAlgorithm,
- [In] ref SystemTime startTime,
- [In] ref SystemTime endTime,
- IntPtr extensions);
- [DllImport("Crypt32.dll", SetLastError = true, ExactSpelling = true)]
- [return: MarshalAs(UnmanagedType.Bool)]
- public static extern bool CertFreeCertificateContext(
- IntPtr certificateContext);
- [DllImport("Crypt32.dll", SetLastError = true, ExactSpelling = true)]
- public static extern IntPtr CertOpenStore(
- [MarshalAs(UnmanagedType.LPStr)] string storeProvider,
- int messageAndCertificateEncodingType,
- IntPtr cryptProvHandle,
- int flags,
- IntPtr parameters);
- [DllImport("Crypt32.dll", SetLastError = true, ExactSpelling = true)]
- [return: MarshalAs(UnmanagedType.Bool)]
- public static extern bool CertCloseStore(
- IntPtr certificateStoreHandle,
- int flags);
- [DllImport("Crypt32.dll", SetLastError = true, ExactSpelling = true)]
- [return: MarshalAs(UnmanagedType.Bool)]
- public static extern bool CertAddCertificateContextToStore(
- IntPtr certificateStoreHandle,
- IntPtr certificateContext,
- int addDisposition,
- out IntPtr storeContextPtr);
- [DllImport("Crypt32.dll", SetLastError = true, ExactSpelling = true)]
- [return: MarshalAs(UnmanagedType.Bool)]
- public static extern bool CertSetCertificateContextProperty(
- IntPtr certificateContext,
- int propertyId,
- int flags,
- [In] ref CryptKeyProviderInformation data);
- [DllImport("Crypt32.dll", SetLastError = true, ExactSpelling = true)]
- [return: MarshalAs(UnmanagedType.Bool)]
- public static extern bool PFXExportCertStoreEx(
- IntPtr certificateStoreHandle,
- ref CryptoApiBlob pfxBlob,
- IntPtr password,
- IntPtr reserved,
- int flags);
- }
- }
- }
|
