private string GetCCSPath(string bindingName)
{
return((CCSUncPath.EndsWith("/") ? CCSUncPath : CCSUncPath + "/") + bindingName + ".pfx");
}
public new SSLCertificate InstallPfx(byte[] certificate, string password, WebSite website)
{
SSLCertificate newcert = null, oldcert = null;
// Ensure we perform operations safely and preserve the original state during all manipulations, save the oldcert if one is used
if (CheckCertificate(website))
{
oldcert = GetCurrentSiteCertificate(website);
}
X509Certificate2 x509Cert;
var store = new X509Store(CertificateStoreName, StoreLocation.LocalMachine);
if (UseCCS)
{
// We need to use this constructor or we won't be able to export this certificate
x509Cert = new X509Certificate2(certificate, password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
var certData = x509Cert.Export(X509ContentType.Pfx);
var convertedCert = new X509Certificate2(certData, string.Empty, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
// Attempts to move certificate to CCS UNC path
try
{
// Create a stream out of that new certificate
certData = convertedCert.Export(X509ContentType.Pfx, CCSCommonPassword);
// Open UNC path and set path to certificate subject
var filename = (CCSUncPath.EndsWith("/") ? CCSUncPath : CCSUncPath + "/") + x509Cert.GetNameInfo(X509NameType.SimpleName, false) + ".pfx";
var writer = new BinaryWriter(File.Open(filename, FileMode.Create));
writer.Write(certData);
writer.Flush();
writer.Close();
// Certificate saved
}
catch (Exception ex)
{
// Log error
Log.WriteError("SSLModuleService could not save certificate to Centralized Certificate Store", ex);
// Re-throw
throw;
}
}
else
{
x509Cert = new X509Certificate2(certificate, password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
// Step 1: Register X.509 certificate in the store
// Trying to keep X.509 store open as less as possible
try
{
store.Open(OpenFlags.ReadWrite);
store.Add(x509Cert);
}
catch (Exception ex)
{
Log.WriteError(String.Format("SSLModuleService could not import PFX into X509Store('{0}', '{1}')", store.Name, store.Location), ex);
// Re-throw error
throw;
}
finally
{
store.Close();
}
}
// Step 2: Instantiate a copy of new X.509 certificate
try
{
newcert = GetSSLCertificateFromX509Certificate2(x509Cert);
}
catch (Exception ex)
{
HandleExceptionAndRollbackCertificate(store, x509Cert, null, website, "SSLModuleService could not instantiate a copy of new X.509 certificate.", ex);
}
// Step 3: Remove old certificate from the web site if any
try
{
// Check if certificate already exists, remove it.
if (oldcert != null)
{
DeleteCertificate(oldcert, website);
}
}
catch (Exception ex)
{
HandleExceptionAndRollbackCertificate(store, x509Cert, null, website, string.Format("SSLModuleService could not remove existing certificate from '{0}' web site.", website.Name), ex);
}
// Step 4: Register new certificate with HTTPS binding on the web site
try
{
AddBinding(x509Cert, website);
}
catch (Exception ex)
{
HandleExceptionAndRollbackCertificate(store, x509Cert, oldcert, website, String.Format("SSLModuleService could not add new X.509 certificate to '{0}' web site.", website.Name), ex);
}
return(newcert);
}