Use a SafeHandle when duplicating a certificate context.

[vcsjones]

CertDuplicateCertificateContext does not ensure the CERT_CONTEXT pointer it is incrementing has not been freed. If the duplicate and dispose race, duplicating a disposed handle will lead to unspecified behavior.

For .NET 10, we can use the SafeHandle around the certificate before we duplicate the handle. For OOB, we don't have access to the internals, so we will continue to use the IntPtr Handle property.

Contributes to #119313

[Copilot]

Pull Request Overview

This PR addresses a race condition in certificate context duplication by using SafeHandle to ensure thread safety. The changes prevent potential crashes when CertDuplicateCertificateContext is called on a certificate handle that has been freed.

• Uses SafeHandle for certificate context duplication instead of raw IntPtr
• Implements conditional compilation to support both .NET 10 (with SafeHandle access) and OOB packages (with IntPtr fallback)
• Adds proper reference counting around the duplication operation to prevent use-after-free

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
CertificatePal.Windows.cs	Adds SafeHandle property to expose the internal certificate context handle
System.Security.Cryptography CertificateHelpers.Windows.cs	Implements SafeHandle-based certificate duplication with proper reference counting
Microsoft.Bcl.Cryptography CertificateHelpers.Windows.cs	Provides fallback implementation using IntPtr for OOB packages
Common CertificateHelpers.Windows.cs	Adds partial method declaration and updates GetPrivateKey to use new duplication method

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

[vcsjones]

/backport to release/10.0

[github-actions]

Started backporting to release/10.0: https://github.com/dotnet/runtime/actions/runs/17477676496