本文整理汇总了C#中Microsoft.Win32.SafeHandles.SafeX509Handle类的典型用法代码示例。如果您正苦于以下问题:C# SafeX509Handle类的具体用法?C# SafeX509Handle怎么用?C# SafeX509Handle使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
SafeX509Handle类属于Microsoft.Win32.SafeHandles命名空间,在下文中一共展示了SafeX509Handle类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: AllocateSslContext
//TODO (Issue #3362) Set remote certificate options
internal static SafeSslHandle AllocateSslContext(long options, SafeX509Handle certHandle, SafeEvpPKeyHandle certKeyHandle, bool isServer, bool remoteCertRequired)
{
SafeSslHandle context = null;
IntPtr method = GetSslMethod(isServer, options);
using (libssl.SafeSslContextHandle innerContext = new libssl.SafeSslContextHandle(method))
{
if (innerContext.IsInvalid)
{
throw CreateSslException(SR.net_allocate_ssl_context_failed);
}
libssl.SSL_CTX_ctrl(innerContext, libssl.SSL_CTRL_OPTIONS, options, IntPtr.Zero);
libssl.SSL_CTX_set_quiet_shutdown(innerContext, 1);
if (certHandle != null && certKeyHandle != null)
{
SetSslCertificate(innerContext, certHandle, certKeyHandle);
}
context = SafeSslHandle.Create(innerContext, isServer);
Debug.Assert(context != null, "Expected non-null return value from SafeSslHandle.Create");
if (context.IsInvalid)
{
context.Dispose();
throw CreateSslException(SR.net_allocate_ssl_context_failed);
}
}
return context;
}示例2: OpenSslX509CertificateReader
internal unsafe OpenSslX509CertificateReader(byte[] data)
{
SafeX509Handle cert;
// If the first byte is a hyphen then this is likely PEM-encoded,
// otherwise it's DER-encoded (or not a certificate).
if (data[0] == '-')
{
using (SafeBioHandle bio = Interop.libcrypto.BIO_new(Interop.libcrypto.BIO_s_mem()))
{
Interop.libcrypto.CheckValidOpenSslHandle(bio);
Interop.libcrypto.BIO_write(bio, data, data.Length);
cert = Interop.libcrypto.PEM_read_bio_X509_AUX(bio, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero);
}
}
else
{
cert = Interop.libcrypto.OpenSslD2I(Interop.libcrypto.d2i_X509, data);
}
Interop.libcrypto.CheckValidOpenSslHandle(cert);
// X509_check_purpose has the effect of populating the sha1_hash value,
// and other "initialize" type things.
bool init = Interop.libcrypto.X509_check_purpose(cert, -1, 0);
if (!init)
{
throw Interop.libcrypto.CreateOpenSslCryptographicException();
}
_cert = cert;
}示例3: X509GetSerialNumber
internal static SafeSharedAsn1IntegerHandle X509GetSerialNumber(SafeX509Handle x)
{
CheckValidOpenSslHandle(x);
return SafeInteriorHandle.OpenInteriorHandle(
handle => X509GetSerialNumber_private(handle),
x);
}示例4: AllocateSslContext
internal static SafeSslHandle AllocateSslContext(SslProtocols protocols, SafeX509Handle certHandle, SafeEvpPKeyHandle certKeyHandle, EncryptionPolicy policy, bool isServer, bool remoteCertRequired)
{
SafeSslHandle context = null;
IntPtr method = GetSslMethod(protocols);
using (SafeSslContextHandle innerContext = Ssl.SslCtxCreate(method))
{
if (innerContext.IsInvalid)
{
throw CreateSslException(SR.net_allocate_ssl_context_failed);
}
// Configure allowed protocols. It's ok to use DangerousGetHandle here without AddRef/Release as we just
// create the handle, it's rooted by the using, no one else has a reference to it, etc.
Ssl.SetProtocolOptions(innerContext.DangerousGetHandle(), protocols);
// The logic in SafeSslHandle.Disconnect is simple because we are doing a quiet
// shutdown (we aren't negotiating for session close to enable later session
// restoration).
//
// If you find yourself wanting to remove this line to enable bidirectional
// close-notify, you'll probably need to rewrite SafeSslHandle.Disconnect().
// https://www.openssl.org/docs/manmaster/ssl/SSL_shutdown.html
Ssl.SslCtxSetQuietShutdown(innerContext);
if (!Ssl.SetEncryptionPolicy(innerContext, policy))
{
throw new PlatformNotSupportedException(SR.Format(SR.net_ssl_encryptionpolicy_notsupported, policy));
}
if (certHandle != null && certKeyHandle != null)
{
SetSslCertificate(innerContext, certHandle, certKeyHandle);
}
if (remoteCertRequired)
{
Debug.Assert(isServer, "isServer flag should be true");
Ssl.SslCtxSetVerify(innerContext,
s_verifyClientCertificate);
//update the client CA list
UpdateCAListFromRootStore(innerContext);
}
context = SafeSslHandle.Create(innerContext, isServer);
Debug.Assert(context != null, "Expected non-null return value from SafeSslHandle.Create");
if (context.IsInvalid)
{
context.Dispose();
throw CreateSslException(SR.net_allocate_ssl_context_failed);
}
}
return context;
}示例5: PKCS12_create
internal static extern SafePkcs12Handle PKCS12_create(
string pass,
string name,
SafeEvpPKeyHandle pkey,
SafeX509Handle cert,
SafeX509StackHandle ca,
int nid_key,
int nid_cert,
int iter,
int mac_iter,
int keytype);示例6: OpenSslX509CertificateReader
internal OpenSslX509CertificateReader(SafeX509Handle handle)
{
// X509_check_purpose has the effect of populating the sha1_hash value,
// and other "initialize" type things.
bool init = Interop.Crypto.X509CheckPurpose(handle, -1, 0);
if (!init)
{
throw Interop.Crypto.CreateOpenSslCryptographicException();
}
_cert = handle;
}示例7: SafeFreeCertContext
public SafeFreeCertContext(SafeX509Handle certificate) : base(IntPtr.Zero, true)
{
// In certain scenarios (eg. server querying for a client cert), the
// input certificate may be invalid and this is OK
if ((null != certificate) && !certificate.IsInvalid)
{
bool gotRef = false;
certificate.DangerousAddRef(ref gotRef);
Debug.Assert(gotRef, "Unexpected failure in AddRef of certificate");
_certificate = certificate;
handle = _certificate.DangerousGetHandle();
}
}示例8: AllocateSslContext
internal static SafeSslHandle AllocateSslContext(long options, SafeX509Handle certHandle, SafeEvpPKeyHandle certKeyHandle, string encryptionPolicy, bool isServer, bool remoteCertRequired)
{
SafeSslHandle context = null;
IntPtr method = GetSslMethod(isServer, options);
using (libssl.SafeSslContextHandle innerContext = Ssl.SslCtxCreate(method))
{
if (innerContext.IsInvalid)
{
throw CreateSslException(SR.net_allocate_ssl_context_failed);
}
libssl.SSL_CTX_ctrl(innerContext, libssl.SSL_CTRL_OPTIONS, options, IntPtr.Zero);
libssl.SSL_CTX_set_quiet_shutdown(innerContext, 1);
libssl.SSL_CTX_set_cipher_list(innerContext, encryptionPolicy);
if (certHandle != null && certKeyHandle != null)
{
SetSslCertificate(innerContext, certHandle, certKeyHandle);
}
if (remoteCertRequired)
{
Debug.Assert(isServer, "isServer flag should be true");
libssl.SSL_CTX_set_verify(innerContext,
(int)libssl.ClientCertOption.SSL_VERIFY_PEER |
(int)libssl.ClientCertOption.SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
s_verifyClientCertificate);
//update the client CA list
UpdateCAListFromRootStore(innerContext);
}
context = SafeSslHandle.Create(innerContext, isServer);
Debug.Assert(context != null, "Expected non-null return value from SafeSslHandle.Create");
if (context.IsInvalid)
{
context.Dispose();
throw CreateSslException(SR.net_allocate_ssl_context_failed);
}
}
return context;
}示例9: AllocateSslContext
internal static SafeSslHandle AllocateSslContext(SslProtocols protocols, SafeX509Handle certHandle, SafeEvpPKeyHandle certKeyHandle, EncryptionPolicy policy, bool isServer, bool remoteCertRequired)
{
SafeSslHandle context = null;
IntPtr method = GetSslMethod(protocols);
using (SafeSslContextHandle innerContext = Ssl.SslCtxCreate(method))
{
if (innerContext.IsInvalid)
{
throw CreateSslException(SR.net_allocate_ssl_context_failed);
}
Ssl.SetProtocolOptions(innerContext, protocols);
Ssl.SslCtxSetQuietShutdown(innerContext);
Ssl.SetEncryptionPolicy(innerContext, policy);
if (certHandle != null && certKeyHandle != null)
{
SetSslCertificate(innerContext, certHandle, certKeyHandle);
}
if (remoteCertRequired)
{
Debug.Assert(isServer, "isServer flag should be true");
Ssl.SslCtxSetVerify(innerContext,
s_verifyClientCertificate);
//update the client CA list
UpdateCAListFromRootStore(innerContext);
}
context = SafeSslHandle.Create(innerContext, isServer);
Debug.Assert(context != null, "Expected non-null return value from SafeSslHandle.Create");
if (context.IsInvalid)
{
context.Dispose();
throw CreateSslException(SR.net_allocate_ssl_context_failed);
}
}
return context;
}示例10: X509IssuerNameHash
internal static extern ulong X509IssuerNameHash(SafeX509Handle x);示例11: SslAddExtraChainCert
internal static extern bool SslAddExtraChainCert(SafeSslHandle ssl, SafeX509Handle x509);示例12: X509Duplicate
internal static extern SafeX509Handle X509Duplicate(SafeX509Handle handle);示例13: GetX509EvpPublicKey
internal static extern SafeEvpPKeyHandle GetX509EvpPublicKey(SafeX509Handle x509);示例14: TlsClientCertCallback
private int TlsClientCertCallback(IntPtr ssl, out IntPtr certHandle, out IntPtr privateKeyHandle)
{
Interop.Crypto.CheckValidOpenSslHandle(ssl);
using (SafeSslHandle sslHandle = new SafeSslHandle(ssl, false))
{
certHandle = IntPtr.Zero;
privateKeyHandle = IntPtr.Zero;
VerboseTrace("libssl's client certificate callback");
ISet<string> issuerNames = GetRequestCertificateAuthorities(sslHandle);
X509Certificate2 certificate;
X509Chain chain;
if (!GetClientCertificate(issuerNames, out certificate, out chain))
{
VerboseTrace("no cert or chain");
return 0;
}
Interop.Crypto.CheckValidOpenSslHandle(certificate.Handle);
using (RSAOpenSsl rsa = certificate.GetRSAPrivateKey() as RSAOpenSsl)
{
if (rsa != null)
{
_privateKeyHandle = rsa.DuplicateKeyHandle();
}
else
{
using (ECDsaOpenSsl ecdsa = certificate.GetECDsaPrivateKey() as ECDsaOpenSsl)
{
if (ecdsa != null)
{
_privateKeyHandle = ecdsa.DuplicateKeyHandle();
}
}
}
}
if (_privateKeyHandle == null || _privateKeyHandle.IsInvalid)
{
VerboseTrace("invalid private key");
return 0;
}
_certHandle = Interop.Crypto.X509Duplicate(certificate.Handle);
Interop.Crypto.CheckValidOpenSslHandle(_certHandle);
if (chain != null)
{
for (int i = chain.ChainElements.Count - 2; i > 0; i--)
{
SafeX509Handle dupCertHandle = Interop.Crypto.X509Duplicate(chain.ChainElements[i].Certificate.Handle);
Interop.Crypto.CheckValidOpenSslHandle(dupCertHandle);
if (!Interop.Ssl.SslAddExtraChainCert(sslHandle, dupCertHandle))
{
VerboseTrace("failed to add extra chain cert");
return -1;
}
}
}
certHandle = _certHandle.DangerousGetHandle();
privateKeyHandle = _privateKeyHandle.DangerousGetHandle();
return 1;
}
}示例15: X509StoreAddCert
internal static extern bool X509StoreAddCert(SafeX509StoreHandle ctx, SafeX509Handle x);