da/d25/System_8Net_8Security_2System_8Net_2CertificateValidation_8cs_source.html

using System.Net.Security;

using System.Runtime.InteropServices;

using System.Security.Cryptography;

using System.Security.Cryptography.X509Certificates;

using Microsoft.Win32.SafeHandles;


namespace System.Net;


internal static class CertificateValidation

{


    internal unsafe static SslPolicyErrors BuildChainAndVerifyProperties(X509Chain chain, X509Certificate2 remoteCertificate, bool checkCertName, bool isServer, string hostName)

    {

        SslPolicyErrors sslPolicyErrors = SslPolicyErrors.None;

        bool flag = chain.Build(remoteCertificate);

        if (!flag && chain.SafeHandle.DangerousGetHandle() == IntPtr.Zero)

        {

            throw new CryptographicException(Marshal.GetLastPInvokeError());

        }

        if (checkCertName)

        {

            uint num = 0u;

            global::Interop.Crypt32.SSL_EXTRA_CERT_CHAIN_POLICY_PARA sSL_EXTRA_CERT_CHAIN_POLICY_PARA = default(global::Interop.Crypt32.SSL_EXTRA_CERT_CHAIN_POLICY_PARA);

            sSL_EXTRA_CERT_CHAIN_POLICY_PARA.cbSize = (uint)sizeof(global::Interop.Crypt32.SSL_EXTRA_CERT_CHAIN_POLICY_PARA);

            sSL_EXTRA_CERT_CHAIN_POLICY_PARA.dwAuthType = (isServer ? 1u : 2u);

            sSL_EXTRA_CERT_CHAIN_POLICY_PARA.fdwChecks = 0u;

            sSL_EXTRA_CERT_CHAIN_POLICY_PARA.pwszServerName = null;

            global::Interop.Crypt32.SSL_EXTRA_CERT_CHAIN_POLICY_PARA sSL_EXTRA_CERT_CHAIN_POLICY_PARA2 = sSL_EXTRA_CERT_CHAIN_POLICY_PARA;

            global::Interop.Crypt32.CERT_CHAIN_POLICY_PARA cERT_CHAIN_POLICY_PARA = default(global::Interop.Crypt32.CERT_CHAIN_POLICY_PARA);

            cERT_CHAIN_POLICY_PARA.cbSize = (uint)sizeof(global::Interop.Crypt32.CERT_CHAIN_POLICY_PARA);

            cERT_CHAIN_POLICY_PARA.dwFlags = 0u;

            cERT_CHAIN_POLICY_PARA.pvExtraPolicyPara = &sSL_EXTRA_CERT_CHAIN_POLICY_PARA2;

            global::Interop.Crypt32.CERT_CHAIN_POLICY_PARA cpp = cERT_CHAIN_POLICY_PARA;

            fixed (char* pwszServerName = hostName)

            {

                sSL_EXTRA_CERT_CHAIN_POLICY_PARA2.pwszServerName = pwszServerName;

                cpp.dwFlags |= 4031u;

                SafeX509ChainHandle safeHandle = chain.SafeHandle;

                num = Verify(safeHandle, ref cpp);

                if (num == 2148204815u)

                {

                    sslPolicyErrors |= SslPolicyErrors.RemoteCertificateNameMismatch;

                }

            }

        }

        if (!flag)

        {

            sslPolicyErrors |= SslPolicyErrors.RemoteCertificateChainErrors;

        }

        return sslPolicyErrors;

    }


    private unsafe static uint Verify(SafeX509ChainHandle chainContext, ref global::Interop.Crypt32.CERT_CHAIN_POLICY_PARA cpp)

    {

        global::Interop.Crypt32.CERT_CHAIN_POLICY_STATUS pPolicyStatus = default(global::Interop.Crypt32.CERT_CHAIN_POLICY_STATUS);

        pPolicyStatus.cbSize = (uint)sizeof(global::Interop.Crypt32.CERT_CHAIN_POLICY_STATUS);

        bool flag = global::Interop.Crypt32.CertVerifyCertificateChainPolicy((IntPtr)4, chainContext, ref cpp, ref pPolicyStatus);

        if (System.Net.NetEventSource.Log.IsEnabled())

        {

            System.Net.NetEventSource.Info(chainContext, $"CertVerifyCertificateChainPolicy returned: {flag}. Status: {pPolicyStatus.dwError}", "Verify");

        }

        return pPolicyStatus.dwError;

    }


}

Microsoft.Win32.SafeHandles.SafeX509ChainHandle
Definition SafeX509ChainHandle.cs:6

System.Net.CertificateValidation.BuildChainAndVerifyProperties
static unsafe SslPolicyErrors BuildChainAndVerifyProperties(X509Chain chain, X509Certificate2 remoteCertificate, bool checkCertName, bool isServer, string hostName)
Definition CertificateValidation.cs:11

System.Net.CertificateValidation.Verify
static unsafe uint Verify(SafeX509ChainHandle chainContext, ref global::Interop.Crypt32.CERT_CHAIN_POLICY_PARA cpp)
Definition CertificateValidation.cs:52

System.Net.CertificateValidation
Definition CertificateValidation.cs:10

System.Net.NetEventSource.Log
static readonly System.Net.NetEventSource Log
Definition NetEventSource.cs:20

System.Net.NetEventSource.Info
static void Info(object thisOrContextObject, FormattableString formattableString=null, [CallerMemberName] string memberName=null)
Definition NetEventSource.cs:192

System.Net.NetEventSource
Definition NetEventSource.cs:12

System.Runtime.InteropServices.Marshal.GetLastPInvokeError
static int GetLastPInvokeError()

System.Runtime.InteropServices.Marshal
Definition Marshal.cs:14

System.Runtime.InteropServices.SafeHandle.DangerousGetHandle
IntPtr DangerousGetHandle()
Definition SafeHandle.cs:47

System.Security.Cryptography.CryptographicException
Definition CryptographicException.cs:9

System.Security.Cryptography.X509Certificates.X509Certificate2
Definition X509Certificate2.cs:13

System.Security.Cryptography.X509Certificates.X509Chain.SafeHandle
SafeX509ChainHandle? SafeHandle
Definition X509Chain.cs:69

System.Security.Cryptography.X509Certificates.X509Chain.Build
bool Build(X509Certificate2 certificate)
Definition X509Chain.cs:101

System.Security.Cryptography.X509Certificates.X509Chain
Definition X509Chain.cs:8

Microsoft.Win32.SafeHandles
Definition SafeProcessHandle.cs:3

System.Net.Security.SslPolicyErrors
SslPolicyErrors
Definition SslPolicyErrors.cs:5

System.Net.Security
Definition CertificateHelper.cs:4

System.Net
Definition HttpClientJsonExtensions.cs:8

System.Runtime.InteropServices
Definition SequenceMarshal.cs:4

System.Security.Cryptography.X509Certificates
Definition CertificateAsn.cs:4

System.Security.Cryptography
Definition CryptoPool.cs:3

System
Definition BlockingCollection.cs:8

System.IntPtr.Zero
static readonly IntPtr Zero
Definition IntPtr.cs:18

System.IntPtr
Definition IntPtr.cs:14