diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs index 4f98d32cbd0c33..82edf1a0f701c7 100644 --- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs +++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs @@ -53,48 +53,58 @@ public KeyInfoX509Data(X509Certificate cert, X509IncludeOption includeOption) X509Certificate2 certificate = new X509Certificate2(cert); X509ChainElementCollection elements; - X509Chain chain; - switch (includeOption) + X509Chain? chain = null; + try { - case X509IncludeOption.ExcludeRoot: - // Build the certificate chain - chain = new X509Chain(); - chain.Build(certificate); - - // Can't honor the option if we only have a partial chain. - if ((chain.ChainStatus.Length > 0) && - ((chain.ChainStatus[0].Status & X509ChainStatusFlags.PartialChain) == X509ChainStatusFlags.PartialChain)) - { - throw new CryptographicException(SR.Cryptography_Partial_Chain); - } - - elements = (X509ChainElementCollection)chain.ChainElements; - for (int index = 0; index < (Utils.IsSelfSigned(chain) ? 1 : elements.Count - 1); index++) - { - AddCertificate(elements[index].Certificate); - } - break; - case X509IncludeOption.EndCertOnly: - AddCertificate(certificate); - break; - case X509IncludeOption.WholeChain: - // Build the certificate chain - chain = new X509Chain(); - chain.Build(certificate); - - // Can't honor the option if we only have a partial chain. - if ((chain.ChainStatus.Length > 0) && - ((chain.ChainStatus[0].Status & X509ChainStatusFlags.PartialChain) == X509ChainStatusFlags.PartialChain)) - { - throw new CryptographicException(SR.Cryptography_Partial_Chain); - } - - elements = (X509ChainElementCollection)chain.ChainElements; - foreach (X509ChainElement element in elements) - { - AddCertificate(element.Certificate); - } - break; + switch (includeOption) + { + case X509IncludeOption.ExcludeRoot: + // Build the certificate chain + chain = new X509Chain(); + chain.Build(certificate); + + // Can't honor the option if we only have a partial chain. + if ((chain.ChainStatus.Length > 0) && + ((chain.ChainStatus[0].Status & X509ChainStatusFlags.PartialChain) == X509ChainStatusFlags.PartialChain)) + { + throw new CryptographicException(SR.Cryptography_Partial_Chain); + } + + elements = (X509ChainElementCollection)chain.ChainElements; + for (int index = 0; index < (Utils.IsSelfSigned(chain) ? 1 : elements.Count - 1); index++) + { + AddCertificate(elements[index].Certificate); + } + break; + case X509IncludeOption.EndCertOnly: + AddCertificate(certificate); + break; + case X509IncludeOption.WholeChain: + // Build the certificate chain + chain = new X509Chain(); + chain.Build(certificate); + + // Can't honor the option if we only have a partial chain. + if ((chain.ChainStatus.Length > 0) && + ((chain.ChainStatus[0].Status & X509ChainStatusFlags.PartialChain) == X509ChainStatusFlags.PartialChain)) + { + throw new CryptographicException(SR.Cryptography_Partial_Chain); + } + + elements = (X509ChainElementCollection)chain.ChainElements; + foreach (X509ChainElement element in elements) + { + AddCertificate(element.Certificate); + } + break; + } + } + finally + { + if (chain != null) + { + chain.Dispose(); + } } }