/
X509Certificate2UI.cs
175 lines (150 loc) · 8.09 KB
/
X509Certificate2UI.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
using Microsoft.Win32.SafeHandles;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
namespace System.Security.Cryptography.X509Certificates
{
public enum X509SelectionFlag
{
SingleSelection = 0x00,
MultiSelection = 0x01
}
public sealed class X509Certificate2UI
{
internal const int ERROR_SUCCESS = 0;
internal const int ERROR_CANCELLED = 1223;
public static void DisplayCertificate(X509Certificate2 certificate)
{
ArgumentNullException.ThrowIfNull(certificate);
DisplayX509Certificate(certificate, IntPtr.Zero);
}
public static void DisplayCertificate(X509Certificate2 certificate, IntPtr hwndParent)
{
ArgumentNullException.ThrowIfNull(certificate);
DisplayX509Certificate(certificate, hwndParent);
}
public static X509Certificate2Collection SelectFromCollection(X509Certificate2Collection certificates, string? title, string? message, X509SelectionFlag selectionFlag)
{
return SelectFromCollectionHelper(certificates, title, message, selectionFlag, IntPtr.Zero);
}
public static X509Certificate2Collection SelectFromCollection(X509Certificate2Collection certificates, string? title, string? message, X509SelectionFlag selectionFlag, IntPtr hwndParent)
{
return SelectFromCollectionHelper(certificates, title, message, selectionFlag, hwndParent);
}
private static unsafe void DisplayX509Certificate(X509Certificate2 certificate, IntPtr hwndParent)
{
using (SafeCertContextHandle safeCertContext = X509Utils.DuplicateCertificateContext(certificate))
{
if (safeCertContext.IsInvalid)
throw new CryptographicException(SR.Format(SR.Cryptography_InvalidHandle, nameof(safeCertContext)));
int dwErrorCode = ERROR_SUCCESS;
// Initialize view structure.
Interop.CryptUI.CRYPTUI_VIEWCERTIFICATE_STRUCTW ViewInfo = default;
#if NET7_0_OR_GREATER
ViewInfo.dwSize = (uint)sizeof(Interop.CryptUI.CRYPTUI_VIEWCERTIFICATE_STRUCTW.Marshaller.Native);
#else
ViewInfo.dwSize = (uint)Marshal.SizeOf<Interop.CryptUI.CRYPTUI_VIEWCERTIFICATE_STRUCTW>();
#endif
ViewInfo.hwndParent = hwndParent;
ViewInfo.dwFlags = 0;
ViewInfo.szTitle = null;
ViewInfo.pCertContext = safeCertContext.DangerousGetHandle();
ViewInfo.rgszPurposes = IntPtr.Zero;
ViewInfo.cPurposes = 0;
ViewInfo.pCryptProviderData = IntPtr.Zero;
ViewInfo.fpCryptProviderDataTrustedUsage = false;
ViewInfo.idxSigner = 0;
ViewInfo.idxCert = 0;
ViewInfo.fCounterSigner = false;
ViewInfo.idxCounterSigner = 0;
ViewInfo.cStores = 0;
ViewInfo.rghStores = IntPtr.Zero;
ViewInfo.cPropSheetPages = 0;
ViewInfo.rgPropSheetPages = IntPtr.Zero;
ViewInfo.nStartPage = 0;
// View the certificate
if (!Interop.CryptUI.CryptUIDlgViewCertificateW(ViewInfo, IntPtr.Zero))
dwErrorCode = Marshal.GetLastPInvokeError();
// CryptUIDlgViewCertificateW returns ERROR_CANCELLED if the user closes
// the window through the x button or by pressing CANCEL, so ignore this error code
if (dwErrorCode != ERROR_SUCCESS && dwErrorCode != ERROR_CANCELLED)
throw new CryptographicException(dwErrorCode);
}
}
private static X509Certificate2Collection SelectFromCollectionHelper(X509Certificate2Collection certificates, string? title, string? message, X509SelectionFlag selectionFlag, IntPtr hwndParent)
{
ArgumentNullException.ThrowIfNull(certificates);
if (selectionFlag < X509SelectionFlag.SingleSelection || selectionFlag > X509SelectionFlag.MultiSelection)
throw new ArgumentException(SR.Format(SR.Enum_InvalidValue, nameof(selectionFlag)));
using (SafeCertStoreHandle safeSourceStoreHandle = X509Utils.ExportToMemoryStore(certificates))
using (SafeCertStoreHandle safeTargetStoreHandle = SelectFromStore(safeSourceStoreHandle, title, message, selectionFlag, hwndParent))
{
return X509Utils.GetCertificates(safeTargetStoreHandle);
}
}
private static unsafe SafeCertStoreHandle SelectFromStore(SafeCertStoreHandle safeSourceStoreHandle, string? title, string? message, X509SelectionFlag selectionFlags, IntPtr hwndParent)
{
int dwErrorCode = ERROR_SUCCESS;
SafeCertStoreHandle safeCertStoreHandle = Interop.Crypt32.CertOpenStore(
(IntPtr)Interop.Crypt32.CERT_STORE_PROV_MEMORY,
Interop.Crypt32.X509_ASN_ENCODING | Interop.Crypt32.PKCS_7_ASN_ENCODING,
IntPtr.Zero,
0,
IntPtr.Zero);
if (safeCertStoreHandle == null || safeCertStoreHandle.IsInvalid)
{
Exception e = new CryptographicException(Marshal.GetLastPInvokeError());
safeCertStoreHandle?.Dispose();
throw e;
}
Interop.CryptUI.CRYPTUI_SELECTCERTIFICATE_STRUCTW csc = default;
// Older versions of CRYPTUI do not check the size correctly,
// so always force it to the oldest version of the structure.
#if NET7_0_OR_GREATER
// Declare a local for Native to enable us to get the managed byte offset
// without having a null check cause a failure.
Interop.CryptUI.CRYPTUI_SELECTCERTIFICATE_STRUCTW.Marshaller.Native native;
Unsafe.SkipInit(out native);
csc.dwSize = (uint)Unsafe.ByteOffset(ref Unsafe.As<Interop.CryptUI.CRYPTUI_SELECTCERTIFICATE_STRUCTW.Marshaller.Native, byte>(ref native), ref Unsafe.As<IntPtr, byte>(ref native.hSelectedCertStore));
#else
csc.dwSize = (uint)Marshal.OffsetOf(typeof(Interop.CryptUI.CRYPTUI_SELECTCERTIFICATE_STRUCTW), "hSelectedCertStore");
#endif
csc.hwndParent = hwndParent;
csc.dwFlags = (uint)selectionFlags;
csc.szTitle = title;
csc.dwDontUseColumn = 0;
csc.szDisplayString = message;
csc.pFilterCallback = IntPtr.Zero;
csc.pDisplayCallback = IntPtr.Zero;
csc.pvCallbackData = IntPtr.Zero;
csc.cDisplayStores = 1;
IntPtr hSourceCertStore = safeSourceStoreHandle.DangerousGetHandle();
csc.rghDisplayStores = new IntPtr(&hSourceCertStore);
csc.cStores = 0;
csc.rghStores = IntPtr.Zero;
csc.cPropSheetPages = 0;
csc.rgPropSheetPages = IntPtr.Zero;
csc.hSelectedCertStore = safeCertStoreHandle.DangerousGetHandle();
SafeCertContextHandle safeCertContextHandle = Interop.CryptUI.CryptUIDlgSelectCertificateW(ref csc);
if (safeCertContextHandle != null && !safeCertContextHandle.IsInvalid)
{
// Single select, so add it to our hCertStore
SafeCertContextHandle ppStoreContext = SafeCertContextHandle.InvalidHandle;
if (!Interop.Crypt32.CertAddCertificateLinkToStore(safeCertStoreHandle,
safeCertContextHandle,
Interop.Crypt32.CERT_STORE_ADD_ALWAYS,
ppStoreContext))
{
dwErrorCode = Marshal.GetLastPInvokeError();
}
}
if (dwErrorCode != ERROR_SUCCESS)
{
safeCertContextHandle?.Dispose();
throw new CryptographicException(dwErrorCode);
}
return safeCertStoreHandle;
}
}
}