using System;
using System.Runtime.InteropServices;
-using System.Runtime.InteropServices.ComTypes;
internal static partial class Interop
{
internal DATA_BLOB SerialNumber;
internal CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
internal DATA_BLOB Issuer;
- internal FILETIME NotBefore;
- internal FILETIME NotAfter;
+ internal System.Runtime.InteropServices.ComTypes.FILETIME NotBefore;
+ internal System.Runtime.InteropServices.ComTypes.FILETIME NotAfter;
internal DATA_BLOB Subject;
internal CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
internal CRYPT_BIT_BLOB IssuerUniqueId;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
- internal struct CERT_CONTEXT
- {
- internal uint dwCertEncodingType;
- internal IntPtr pbCertEncoded;
- internal uint cbCertEncoded;
- internal IntPtr pCertInfo;
- internal IntPtr hCertStore;
- }
-
- [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
internal unsafe struct SSL_EXTRA_CERT_CHAIN_POLICY_PARA
{
internal uint cbSize;
SecurityPackageInfoClass[]? SecurityPackages { get; set; }
int EnumerateSecurityPackages(out int pkgnum, out SafeFreeContextBuffer pkgArray);
int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, ref SafeSspiAuthDataHandle authdata, out SafeFreeCredentials outCredential);
- int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, ref Interop.SspiCli.SCHANNEL_CRED authdata, out SafeFreeCredentials outCredential);
+ unsafe int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, Interop.SspiCli.SCHANNEL_CRED* authdata, out SafeFreeCredentials outCredential);
unsafe int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, Interop.SspiCli.SCH_CREDENTIALS* authdata, out SafeFreeCredentials outCredential);
int AcquireDefaultCredential(string moduleName, Interop.SspiCli.CredentialUse usage, out SafeFreeCredentials outCredential);
int AcceptSecurityContext(SafeFreeCredentials? credential, ref SafeDeleteSslContext? context, InputSecurityBuffers inputBuffers, Interop.SspiCli.ContextFlags inFlags, Interop.SspiCli.Endianness endianness, ref SecurityBuffer outputBuffer, ref Interop.SspiCli.ContextFlags outFlags);
}
[StructLayout(LayoutKind.Sequential)]
- internal struct SCHANNEL_CRED
+ internal unsafe struct SCHANNEL_CRED
{
public const int CurrentVersion = 0x4;
public int dwVersion;
public int cCreds;
- // ptr to an array of pointers
- // There is a hack done with this field. AcquireCredentialsHandle requires an array of
- // certificate handles; we only ever use one. In order to avoid pinning a one element array,
- // we copy this value onto the stack, create a pointer on the stack to the copied value,
- // and replace this field with the pointer, during the call to AcquireCredentialsHandle.
- // Then we fix it up afterwards. Fine as long as all the SSPI credentials are not
- // supposed to be threadsafe.
- public IntPtr paCred;
+ public Crypt32.CERT_CONTEXT** paCred;
public IntPtr hRootStore; // == always null, OTHERWISE NOT RELIABLE
public int cMappers;
public int dwCredformat;
public int cCreds;
- // This is pointer to arry of CERT_CONTEXT*
- // We do not use it directly in .NET. Instead, we wrap returned OS pointer in safe handle.
- public void* paCred;
+ public Crypt32.CERT_CONTEXT** paCred;
public IntPtr hRootStore; // == always null, OTHERWISE NOT RELIABLE
public int cMappers;
[In] string moduleName,
[In] int usage,
[In] void* logonID,
- [In] ref SCHANNEL_CRED authData,
+ [In] SCHANNEL_CRED* authData,
[In] void* keyCallback,
[In] void* keyArgument,
ref CredHandle handlePtr,
return SafeFreeCredentials.AcquireDefaultCredential(moduleName, usage, out outCredential);
}
- public int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, ref Interop.SspiCli.SCHANNEL_CRED authdata, out SafeFreeCredentials outCredential)
+ public unsafe int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, Interop.SspiCli.SCHANNEL_CRED* authdata, out SafeFreeCredentials outCredential)
{
- return SafeFreeCredentials.AcquireCredentialsHandle(moduleName, usage, ref authdata, out outCredential);
+ return SafeFreeCredentials.AcquireCredentialsHandle(moduleName, usage, authdata, out outCredential);
}
public unsafe int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, Interop.SspiCli.SCH_CREDENTIALS* authdata, out SafeFreeCredentials outCredential)
return SafeFreeCredentials.AcquireDefaultCredential(moduleName, usage, out outCredential);
}
- public int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, ref Interop.SspiCli.SCHANNEL_CRED authdata, out SafeFreeCredentials outCredential)
+ public unsafe int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, Interop.SspiCli.SCHANNEL_CRED* authdata, out SafeFreeCredentials outCredential)
{
- return SafeFreeCredentials.AcquireCredentialsHandle(moduleName, usage, ref authdata, out outCredential);
+ return SafeFreeCredentials.AcquireCredentialsHandle(moduleName, usage, authdata, out outCredential);
}
public unsafe int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, Interop.SspiCli.SCH_CREDENTIALS* authdata, out SafeFreeCredentials outCredential)
return credentialsHandle;
}
- public static SafeFreeCredentials AcquireCredentialsHandle(ISSPIInterface secModule, string package, Interop.SspiCli.CredentialUse intent, Interop.SspiCli.SCHANNEL_CRED scc)
+ public static unsafe SafeFreeCredentials AcquireCredentialsHandle(ISSPIInterface secModule, string package, Interop.SspiCli.CredentialUse intent, Interop.SspiCli.SCHANNEL_CRED* scc)
{
int errorCode = secModule.AcquireCredentialsHandle(
package,
intent,
- ref scc,
+ scc,
out SafeFreeCredentials outCredential);
if (errorCode != 0)
public static unsafe int AcquireCredentialsHandle(
string package,
Interop.SspiCli.CredentialUse intent,
- ref Interop.SspiCli.SCHANNEL_CRED authdata,
+ Interop.SspiCli.SCHANNEL_CRED* authdata,
out SafeFreeCredentials outCredential)
{
int errorCode = -1;
long timeStamp;
- // If there is a certificate, wrap it into an array.
- // Not threadsafe.
- IntPtr copiedPtr = authdata.paCred;
- try
- {
- IntPtr certArrayPtr = new IntPtr(&copiedPtr);
- if (copiedPtr != IntPtr.Zero)
- {
- authdata.paCred = certArrayPtr;
- }
-
- outCredential = new SafeFreeCredential_SECURITY();
+ outCredential = new SafeFreeCredential_SECURITY();
- errorCode = Interop.SspiCli.AcquireCredentialsHandleW(
+ errorCode = Interop.SspiCli.AcquireCredentialsHandleW(
null,
package,
(int)intent,
null,
- ref authdata,
+ authdata,
null,
null,
ref outCredential._handle,
out timeStamp);
- }
- finally
- {
- authdata.paCred = copiedPtr;
- }
if (NetEventSource.Log.IsEnabled()) NetEventSource.Verbose(null, $"{nameof(Interop.SspiCli.AcquireCredentialsHandleW)} returns 0x{errorCode:x}, handle = {outCredential}");
<ItemGroup Condition="'$(TargetsWindows)' == 'true'" >
<Compile Include="$(CommonPath)\Interop\Windows\Interop.Libraries.cs"
Link="Common\Interop\Windows\Interop.Libraries.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_CONTEXT.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.CERT_CONTEXT.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_INFO.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.CERT_INFO.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_PUBLIC_KEY_INFO.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.CERT_PUBLIC_KEY_INFO.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CRYPT_ALGORITHM_IDENTIFIER.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.CRYPT_ALGORITHM_IDENTIFIER.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CRYPT_BIT_BLOB.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.CRYPT_BIT_BLOB.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.DATA_BLOB.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.DATA_BLOB.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.MsgEncodingType.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.MsgEncodingType.cs" />
<Compile Include="$(CommonPath)\Interop\Windows\Crypt32\Interop.CertEnumCertificatesInStore.cs"
Link="Common\Interop\Windows\Crypt32\Interop.CertEnumCertificatesInStore.cs" />
<Compile Include="$(CommonPath)\Interop\Windows\Crypt32\Interop.certificates_types.cs"
{
internal static partial class Crypt32
{
+ [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+ internal unsafe struct CERT_CHAIN_POLICY_PARA
+ {
+ public uint cbSize;
+ public uint dwFlags;
+ public void* pvExtraPolicyPara;
+ }
+
+ [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+ internal unsafe struct CERT_CHAIN_POLICY_STATUS
+ {
+ public uint cbSize;
+ public uint dwError;
+ public int lChainIndex;
+ public int lElementIndex;
+ public void* pvExtraPolicyStatus;
+ }
+
+ [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+ internal struct CERT_CONTEXT
+ {
+ internal uint dwCertEncodingType;
+ internal IntPtr pbCertEncoded;
+ internal uint cbCertEncoded;
+ internal IntPtr pCertInfo;
+ internal IntPtr hCertStore;
+ }
+
public static bool CertFreeCertificateContext(IntPtr certContext)
{
return true;
{
return true;
}
+
}
internal static partial class Kernel32
using System.Diagnostics;
using System.Net.Http.WinHttpHandlerUnitTests;
+using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
+namespace System.Net.Http
+{
+ internal static class WinHttpCertificateHelper
+ {
+ public static void BuildChain(
+ X509Certificate2 certificate,
+ X509Certificate2Collection remoteCertificateStore,
+ string hostName,
+ bool checkCertificateRevocationList,
+ out X509Chain chain,
+ out SslPolicyErrors sslPolicyErrors)
+ {
+ chain = null;
+ sslPolicyErrors = SslPolicyErrors.None;
+ }
+ }
+}
+
namespace System.Security.Cryptography.X509Certificates
{
public class X509Store : IDisposable
Link="Common\Interop\Windows\Interop.Libraries.cs" />
<Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CertEnumCertificatesInStore.cs"
Link="Common\Interop\Windows\Crypt32\Interop.CertEnumCertificatesInStore.cs" />
- <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.certificates_types.cs"
- Link="Common\Interop\Windows\Crypt32\Interop.certificates_types.cs" />
<Compile Include="$(CommonPath)Interop\Windows\Interop.HRESULT_FROM_WIN32.cs"
Link="Common\Interop\Windows\Interop.HRESULT_FROM_WIN32.cs" />
<Compile Include="$(CommonPath)Interop\Windows\SChannel\UnmanagedCertificateContext.IntPtr.cs"
Link="ProductionCode\NoWriteNoSeekStreamContent.cs" />
<Compile Include="..\..\src\System\Net\Http\WinHttpAuthHelper.cs"
Link="ProductionCode\WinHttpAuthHelper.cs" />
- <Compile Include="..\..\src\System\Net\Http\WinHttpCertificateHelper.cs"
- Link="ProductionCode\WinHttpCertificateHelper.cs" />
<Compile Include="..\..\src\System\Net\Http\WinHttpChannelBinding.cs"
Link="ProductionCode\WinHttpChannelBinding.cs" />
<Compile Include="..\..\src\System\Net\Http\WinHttpCookieContainerAdapter.cs"
Link="Common\Interop\Windows\Interop.Libraries.cs" />
<Compile Include="$(CommonPath)Interop\Windows\Interop.UNICODE_STRING.cs"
Link="Common\Interop\Windows\Interop.UNICODE_STRING.cs" />
- <Compile Include="$(CommonPath)\Interop\Windows\Crypt32\Interop.CertEnumCertificatesInStore.cs"
- Link="Common\Interop\Windows\Crypt32\Interop.CertEnumCertificatesInStore.cs" />
- <Compile Include="$(CommonPath)\Interop\Windows\Crypt32\Interop.certificates_types.cs"
- Link="Common\Interop\Windows\Crypt32\Interop.certificates_types.cs" />
- <Compile Include="$(CommonPath)\Interop\Windows\Crypt32\Interop.certificates.cs"
- Link="Common\Interop\Windows\Crypt32\Interop.certificates.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_CONTEXT.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.CERT_CONTEXT.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_INFO.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.CERT_INFO.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_PUBLIC_KEY_INFO.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.CERT_PUBLIC_KEY_INFO.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CRYPT_ALGORITHM_IDENTIFIER.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.CRYPT_ALGORITHM_IDENTIFIER.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CRYPT_BIT_BLOB.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.CRYPT_BIT_BLOB.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.DATA_BLOB.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.DATA_BLOB.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.MsgEncodingType.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.MsgEncodingType.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CertFreeCertificateContext.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.CertFreeCertificateContext.cs" />
<Compile Include="$(CommonPath)Interop\Windows\Kernel32\Interop.FormatMessage.cs"
Link="Common\Interop\Windows\Kernel32\Interop.FormatMessage.cs" />
<Compile Include="$(CommonPath)\Interop\Windows\Kernel32\Interop.GetModuleHandle.cs"
Link="Common\Interop\Windows\Kernel32\Interop.GetModuleHandle.cs" />
<Compile Include="$(CommonPath)\Interop\Windows\Interop.HRESULT_FROM_WIN32.cs"
Link="Common\Interop\Windows\Interop.HRESULT_FROM_WIN32.cs" />
- <Compile Include="$(CommonPath)\Interop\Windows\SChannel\UnmanagedCertificateContext.IntPtr.cs"
- Link="Common\Interop\Windows\SChannel\UnmanagedCertificateContext.IntPtr.cs" />
<Compile Include="$(CommonPath)\Interop\Windows\WinHttp\Interop.SafeWinHttpHandle.cs"
Link="Common\Interop\Windows\WinHttp\Interop.SafeWinHttpHandle.cs" />
<Compile Include="$(CommonPath)\Interop\Windows\WinHttp\Interop.winhttp_types.cs"
Link="Common\System\Net\Security\CertificateHelper.Windows.cs" />
<Compile Include="$(CommonPath)\System\Runtime\ExceptionServices\ExceptionStackTrace.cs"
Link="Common\System\Runtime\ExceptionServices\ExceptionStackTrace.cs" />
- <Compile Include="$(CommonPath)\System\Threading\Tasks\RendezvousAwaitable.cs"
- Link="Common\System\Threading\Tasks\RendezvousAwaitable.cs" />
<Compile Include="$(CommonPath)System\Threading\Tasks\TaskToApm.cs"
Link="Common\System\Threading\Tasks\TaskToApm.cs" />
- <Compile Include="$(CommonPath)Interop\Windows\SChannel\Interop.SecPkgContext_ApplicationProtocol.cs"
- Link="Common\Interop\Windows\SChannel\Interop.SecPkgContext_ApplicationProtocol.cs" />
<Compile Include="$(CommonPath)System\Net\Security\SecurityBuffer.Windows.cs"
Link="Common\System\Net\Security\SecurityBuffer.Windows.cs" />
<Compile Include="$(CommonPath)System\Net\Security\SecurityBufferType.Windows.cs"
Link="Common\Interop\Windows\SspiCli\SecPkgContext_NegotiationInfoW.cs" />
<Compile Include="$(CommonPath)Interop\Windows\SspiCli\NegotiationInfoClass.cs"
Link="Common\Interop\Windows\SspiCli\NegotiationInfoClass.cs" />
- <Compile Include="$(CommonPath)Interop\Windows\SChannel\SecPkgContext_ConnectionInfo.cs"
- Link="Common\Interop\Windows\SChannel\SecPkgContext_ConnectionInfo.cs" />
<Compile Include="$(CommonPath)Interop\Windows\SChannel\SecPkgContext_CipherInfo.cs"
Link="Common\Interop\Windows\SChannel\SecPkgContext_CipherInfo.cs" />
<Compile Include="$(CommonPath)Interop\Windows\SspiCli\SSPISecureChannelType.cs"
Link="ProductionCode\System\Net\Http\WinHttpTraceHelper.cs" />
<Compile Include="$(CommonPath)Interop\Windows\Interop.Libraries.cs"
Link="ProductionCode\Common\Interop\Windows\Interop.Libraries.cs" />
- <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CertEnumCertificatesInStore.cs"
- Link="ProductionCode\Common\Interop\Windows\Crypt32\Interop.CertEnumCertificatesInStore.cs" />
- <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.certificates_types.cs"
- Link="ProductionCode\Common\Interop\Windows\Crypt32\Interop.certificates_types.cs" />
<Compile Include="$(CommonPath)Interop\Windows\Interop.HRESULT_FROM_WIN32.cs"
Link="ProductionCode\Common\Interop\Windows\Interop.HRESULT_FROM_WIN32.cs" />
<Compile Include="$(CommonPath)Interop\Windows\WinHttp\Interop.SafeWinHttpHandle.cs"
Link="Common\Interop\Windows\Interop.Libraries.cs" />
<Compile Include="$(CommonPath)Interop\Windows\Interop.UNICODE_STRING.cs"
Link="Common\Interop\Windows\Interop.UNICODE_STRING.cs" />
- <Compile Include="$(CommonPath)Interop\Windows\SChannel\Interop.SecPkgContext_ApplicationProtocol.cs"
- Link="Common\Interop\Windows\SChannel\Interop.SecPkgContext_ApplicationProtocol.cs" />
<Compile Include="$(CommonPath)Interop\Windows\Interop.BOOL.cs"
Link="Common\Interop\Windows\Interop.BOOL.cs" />
<Compile Include="$(CommonPath)Interop\Windows\WebSocket\Interop.Structs.cs"
Link="Common\System\Net\Security\NegotiateStreamPal.Windows.cs" />
<Compile Include="$(CommonPath)System\Net\Security\NetEventSource.Security.Windows.cs"
Link="Common\System\Net\Security\NetEventSource.Security.Windows.cs" />
- <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.certificates_types.cs"
- Link="Common\Interop\Windows\Crypt32\Interop.certificates_types.cs" />
- <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.certificates.cs"
- Link="Common\Interop\Windows\Crypt32\Interop.certificates.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_CONTEXT.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.CERT_CONTEXT.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CertFreeCertificateContext.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.CertFreeCertificateContext.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_INFO.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.CERT_INFO.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_PUBLIC_KEY_INFO.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.CERT_PUBLIC_KEY_INFO.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CRYPT_ALGORITHM_IDENTIFIER.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.CRYPT_ALGORITHM_IDENTIFIER.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CRYPT_BIT_BLOB.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.CRYPT_BIT_BLOB.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.DATA_BLOB.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.DATA_BLOB.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.MsgEncodingType.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.MsgEncodingType.cs" />
<Compile Include="$(CommonPath)Interop\Windows\SspiCli\SecPkgContext_Bindings.cs"
Link="Common\Interop\Windows\SspiCli\SecPkgContext_Bindings.cs" />
<Compile Include="$(CommonPath)Interop\Windows\SChannel\Interop.SECURITY_STATUS.cs"
</ItemGroup>
<!-- Windows specific files -->
<ItemGroup Condition="'$(TargetsWindows)'=='true'">
- <Compile Include="$(CommonPath)Interop\Windows\SChannel\Interop.SecPkgContext_ApplicationProtocol.cs"
- Link="Common\Interop\Windows\SChannel\Interop.SecPkgContext_ApplicationProtocol.cs" />
<Compile Include="$(CommonPath)System\Net\Security\SecurityBuffer.Windows.cs"
Link="Common\System\Net\Security\SecurityBuffer.Windows.cs" />
<Compile Include="$(CommonPath)System\Net\Security\SecurityBufferType.Windows.cs"
Link="Common\System\Net\Security\NegotiateStreamPal.Windows.cs" />
<Compile Include="$(CommonPath)System\Net\Security\NetEventSource.Security.Windows.cs"
Link="Common\System\Net\Security\NetEventSource.Security.Windows.cs" />
- <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.certificates_types.cs"
- Link="Common\Interop\Windows\Crypt32\Interop.certificates_types.cs" />
- <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.certificates.cs"
- Link="Common\Interop\Windows\Crypt32\Interop.certificates.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_CONTEXT.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.CERT_CONTEXT.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CertFreeCertificateContext.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.CertFreeCertificateContext.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_INFO.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.CERT_INFO.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_PUBLIC_KEY_INFO.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.CERT_PUBLIC_KEY_INFO.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CRYPT_ALGORITHM_IDENTIFIER.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.CRYPT_ALGORITHM_IDENTIFIER.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CRYPT_BIT_BLOB.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.CRYPT_BIT_BLOB.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.DATA_BLOB.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.DATA_BLOB.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.MsgEncodingType.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.MsgEncodingType.cs" />
<Compile Include="$(CommonPath)Interop\Windows\Interop.Libraries.cs"
Link="Common\Interop\Windows\Interop.Libraries.cs" />
<Compile Include="$(CommonPath)Interop\Windows\SspiCli\SecPkgContext_Bindings.cs"
Link="Common\System\Net\Security\NegotiateStreamPal.Windows.cs" />
<Compile Include="$(CommonPath)System\Net\Security\NetEventSource.Security.Windows.cs"
Link="Common\System\Net\Security\NetEventSource.Security.Windows.cs" />
- <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.certificates_types.cs"
- Link="Common\Interop\Windows\Crypt32\Interop.certificates_types.cs" />
- <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.certificates.cs"
- Link="Common\Interop\Windows\Crypt32\Interop.certificates.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_CONTEXT.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.CERT_CONTEXT.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_INFO.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.CERT_INFO.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_PUBLIC_KEY_INFO.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.CERT_PUBLIC_KEY_INFO.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CRYPT_ALGORITHM_IDENTIFIER.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.CRYPT_ALGORITHM_IDENTIFIER.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CRYPT_BIT_BLOB.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.CRYPT_BIT_BLOB.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.DATA_BLOB.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.DATA_BLOB.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.MsgEncodingType.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.MsgEncodingType.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CertFreeCertificateContext.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.CertFreeCertificateContext.cs" />
<Compile Include="$(CommonPath)Interop\Windows\Interop.Libraries.cs"
Link="Common\Interop\Windows\Interop.Libraries.cs" />
<Compile Include="$(CommonPath)Interop\Windows\SspiCli\SecPkgContext_Bindings.cs"
Link="Common\Interop\Windows\Interop.Libraries.cs" />
<Compile Include="$(CommonPath)Interop\Windows\Interop.UNICODE_STRING.cs"
Link="Common\Interop\Windows\Interop.UNICODE_STRING.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_CONTEXT.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.CERT_CONTEXT.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_INFO.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.CERT_INFO.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_PUBLIC_KEY_INFO.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.CERT_PUBLIC_KEY_INFO.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CRYPT_ALGORITHM_IDENTIFIER.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.CRYPT_ALGORITHM_IDENTIFIER.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CRYPT_BIT_BLOB.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.CRYPT_BIT_BLOB.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.DATA_BLOB.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.DATA_BLOB.cs" />
<Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.certificates.cs"
Link="Common\Interop\Windows\Crypt32\Interop.certificates.cs" />
<Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.certificates_types.cs"
Link="Common\Interop\Windows\Crypt32\Interop.certificates_types.cs" />
<Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CertEnumCertificatesInStore.cs"
Link="Common\Interop\Windows\Crypt32\Interop.CertEnumCertificatesInStore.cs" />
+ <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.MsgEncodingType.cs"
+ Link="Common\Interop\Windows\Crypt32\Interop.Interop.MsgEncodingType.cs" />
<Compile Include="$(CommonPath)Interop\Windows\Kernel32\Interop.CloseHandle.cs"
Link="Common\Interop\Windows\Kernel32\Interop.CloseHandle.cs" />
- <Compile Include="$(CommonPath)Interop\Windows\NtDll\Interop.RtlGetVersion.cs"
- Link="Common\Interop\Windows\NtDll\Interop.RtlGetVersion.cs" />
<Compile Include="$(CommonPath)Interop\Windows\SChannel\Interop.Alerts.cs"
Link="Common\Interop\Windows\SChannel\Interop.Alerts.cs" />
<Compile Include="$(CommonPath)Interop\Windows\SChannel\Interop.SchProtocols.cs"
// This is legacy crypto API used on .NET Framework and older Windows versions.
// It only supports TLS up to 1.2
- public static SafeFreeCredentials AcquireCredentialsHandleSchannelCred(X509Certificate? certificate, SslProtocols protocols, EncryptionPolicy policy, bool isServer)
+ public static unsafe SafeFreeCredentials AcquireCredentialsHandleSchannelCred(X509Certificate? certificate, SslProtocols protocols, EncryptionPolicy policy, bool isServer)
{
int protocolFlags = GetProtocolFlagsFromSslProtocols(protocols, isServer);
Interop.SspiCli.SCHANNEL_CRED.Flags flags;
if (NetEventSource.Log.IsEnabled()) NetEventSource.Info($"flags=({flags}), ProtocolFlags=({protocolFlags}), EncryptionPolicy={policy}");
Interop.SspiCli.SCHANNEL_CRED secureCredential = CreateSecureCredential(
- Interop.SspiCli.SCHANNEL_CRED.CurrentVersion,
- certificate,
flags,
protocolFlags,
policy);
- return AcquireCredentialsHandle(direction, secureCredential);
+ Interop.Crypt32.CERT_CONTEXT* certificateHandle = null;
+ if (certificate != null)
+ {
+ secureCredential.cCreds = 1;
+ certificateHandle = (Interop.Crypt32.CERT_CONTEXT*)certificate.Handle;
+ secureCredential.paCred = &certificateHandle;
+ }
+
+ return AcquireCredentialsHandle(direction, &secureCredential);
}
// This function uses new crypto API to support TLS 1.3 and beyond.
credential.dwVersion = Interop.SspiCli.SCH_CREDENTIALS.CurrentVersion;
credential.dwFlags = flags;
- IntPtr certificateHandle = IntPtr.Zero;
+ Interop.Crypt32.CERT_CONTEXT *certificateHandle = null;
if (certificate != null)
{
credential.cCreds = 1;
- certificateHandle = certificate.Handle;
+ certificateHandle = (Interop.Crypt32.CERT_CONTEXT *)certificate.Handle;
credential.paCred = &certificateHandle;
}
}
private static Interop.SspiCli.SCHANNEL_CRED CreateSecureCredential(
- int version,
- X509Certificate? certificate,
Interop.SspiCli.SCHANNEL_CRED.Flags flags,
int protocols, EncryptionPolicy policy)
{
hRootStore = IntPtr.Zero,
aphMappers = IntPtr.Zero,
palgSupportedAlgs = IntPtr.Zero,
- paCred = IntPtr.Zero,
+ paCred = null,
cCreds = 0,
cMappers = 0,
cSupportedAlgs = 0,
dwSessionLifespan = 0,
- reserved = 0
+ reserved = 0,
+ dwVersion = Interop.SspiCli.SCHANNEL_CRED.CurrentVersion
};
if (policy == EncryptionPolicy.RequireEncryption)
throw new ArgumentException(SR.Format(SR.net_invalid_enum, "EncryptionPolicy"), nameof(policy));
}
- credential.dwVersion = version;
credential.dwFlags = flags;
credential.grbitEnabledProtocols = protocols;
- if (certificate != null)
- {
- credential.paCred = certificate.Handle;
- credential.cCreds = 1;
- }
return credential;
}
//
// Security: we temporarily reset thread token to open the handle under process account.
//
- private static SafeFreeCredentials AcquireCredentialsHandle(Interop.SspiCli.CredentialUse credUsage, Interop.SspiCli.SCHANNEL_CRED secureCredential)
+ private static unsafe SafeFreeCredentials AcquireCredentialsHandle(Interop.SspiCli.CredentialUse credUsage, Interop.SspiCli.SCHANNEL_CRED* secureCredential)
{
// First try without impersonation, if it fails, then try the process account.
// I.E. We don't know which account the certificate context was created under.