public static X509Certificate2Collection LoadAllPublic()
{
using (SystemX509Store store = SystemX509Store.OpenExternal())
{
return(store.GetAllCertificates());
}
}
public void ResetStores(string[] args)
{
SystemX509Store store;
WriteLine("Removing all Machine Private Certs");
using (store = SystemX509Store.OpenPrivateEdit())
{
foreach (var certificate in store.GetAllCertificates())
{
store.Remove(certificate);
}
}
WriteLine("Removing all Machine Public Certs");
using (store = SystemX509Store.OpenExternalEdit())
{
foreach (var certificate in store.GetAllCertificates())
{
store.Remove(certificate);
}
}
WriteLine("Removing all Machine Anchors Certs");
using (store = SystemX509Store.OpenAnchorEdit())
{
foreach (var certificate in store.GetAllCertificates())
{
store.Remove(certificate);
}
}
}
/// <summary>
/// Creates the machine store trust anchor resolver from configuration settings.
/// </summary>
/// <returns>The configured machine store trust anchor resolver.</returns>
public override ITrustAnchorResolver CreateResolver()
{
this.Validate();
SystemX509Store outgoing = null;
SystemX509Store incoming = null;
try
{
outgoing = this.Outgoing.OpenStore();
incoming = this.Incoming.OpenStore();
return(new TrustAnchorResolver((IX509CertificateStore)outgoing, (IX509CertificateStore)incoming));
}
finally
{
if (outgoing != null)
{
outgoing.Dispose();
}
if (incoming != null)
{
incoming.Dispose();
}
}
}
public void CertificateAddMachine(string[] args)
{
using (SystemX509Store store = OpenStore(args.GetRequiredValue(0)))
{
CertificateFileInfo certFileInfo = CertificateFileInfo.Create(1, args);
store.ImportKeyFile(certFileInfo.FilePath, certFileInfo.Password, MachineKeyFlags);
}
}
/// <summary>
/// Creates the maachine store based certificate resolver.
/// </summary>
/// <returns>An instance of a machine-based certificate store resolver.</returns>
public override ICertificateResolver CreateResolver()
{
this.Validate();
using (SystemX509Store store = this.OpenStore())
{
return(store.CreateResolver());
}
}
public void AnchorAddMachine(string[] args)
{
CertificateFileInfo certFileInfo = CertificateFileInfo.Create(0, args);
using (SystemX509Store store = SystemX509Store.OpenAnchorEdit())
{
store.ImportKeyFile(certFileInfo.FilePath, certFileInfo.Password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
}
}
public void Verify(string[] args)
{
string path = args.GetRequiredValue(0);
X509Certificate2 cert = new X509Certificate2(path);
X509Certificate2Collection anchors = SystemX509Store.OpenAnchor().GetAllCertificates();
TrustChainValidator validator = new TrustChainValidator();
validator.IsTrustedCertificate(cert, anchors);
}
public void CertificateExportMachine(string[] args)
{
string storeName = args.GetOptionalValue(0, "NHINDPrivate");
string outputFile = args.GetOptionalValue(1, null);
using (SystemX509Store store = new SystemX509Store(CryptoUtility.OpenStoreRead(storeName, StoreLocation.LocalMachine), null))
{
ExportCerts(store, outputFile);
}
}
public void CachingVerifyDisabledNullCacheSettings()
{
using (SystemX509Store store = SystemX509Store.OpenExternal())
{
m_resolver = new CertificateResolver(store, null);
m_cache = m_resolver.Cache;
string domain = DomainIncubator;
X509Certificate2Collection source = m_resolver.GetCertificatesForDomain(domain);
Assert.Null(m_resolver.Cache);
Assert.True(source.Count > 0);
}
}
public void EnsureMachineStores(string[] args)
{
SystemX509Store store = null;
using (store = SystemX509Store.OpenPrivateEdit())
{
WriteLine("Created Private Store");
}
using (store = SystemX509Store.OpenExternalEdit())
{
WriteLine("Created Public Store");
}
using (store = SystemX509Store.OpenAnchorEdit())
{
WriteLine("Created Anchor Store");
}
}
private static SystemX509Store OpenStore(string storeName)
{
SystemX509Store store;
switch (storeName.ToLower())
{
case "public":
store = SystemX509Store.OpenExternalEdit();
break;
case "private":
store = SystemX509Store.OpenPrivateEdit();
break;
default:
throw new ArgumentException(storeName);
}
return(store);
}
public void CertificateEnsureMachine(string[] args)
{
using (SystemX509Store store = OpenStore(args.GetRequiredValue(0)))
{
CertificateFileInfo certFileInfo = CertificateFileInfo.Create(1, args);
MemoryX509Store certs = certFileInfo.LoadCerts(MachineKeyFlags);
foreach (X509Certificate2 cert in certs)
{
string comment = "EXISTS";
if (!store.Contains(cert))
{
store.Add(cert);
comment = "ADDED";
}
WriteLine("{0}: {1}, Thumbprint:{2}", comment, cert.Subject, cert.Thumbprint);
}
}
}
private CertificateResolver CreateResolver(bool cachingEnabled, int ttlSeconds, bool negativeCache)
{
if (m_certStore != null)
{
m_certStore.Dispose();
}
m_certStore = SystemX509Store.OpenExternal();
m_negativeCache = negativeCache;
return(new CertificateResolver(
m_certStore,
new CacheSettings()
{
Name = TestCacheName,
Cache = cachingEnabled,
NegativeCache = negativeCache,
CacheTTLSeconds = ttlSeconds
}));
}
/// <summary>
/// Sets up standard stores for Testing
/// WARNING: This may require elevated permissions
/// </summary>
public static void EnsureStandardMachineStores()
{
SystemX509Store.CreateAll();
string basePath = Directory.GetCurrentDirectory();
string redmondCertsPath = MakeCertificatesPath(basePath, "redmond");
string nhindCertsPath = MakeCertificatesPath(basePath, "nhind");
X509Store privateStore = CryptoUtility.OpenStoreReadWrite(SystemX509Store.PrivateCertsStoreName, StoreLocation.LocalMachine);
if (!DoPrivateKeysExist(privateStore, redmondCertsPath))
{
InstallPrivateKeys(privateStore, LoadPrivateCerts(redmondCertsPath, true));
}
if (!DoPrivateKeysExist(privateStore, nhindCertsPath))
{
InstallPrivateKeys(privateStore, LoadPrivateCerts(nhindCertsPath, true));
}
privateStore.Close();
SystemX509Store store;
using (store = SystemX509Store.OpenExternalEdit())
{
InstallCerts(store, LoadPublicCerts(redmondCertsPath));
InstallCerts(store, LoadPublicCerts(nhindCertsPath));
}
using (store = SystemX509Store.OpenAnchorEdit())
{
InstallCerts(store, LoadIncomingAnchors(redmondCertsPath));
InstallCerts(store, LoadOutgoingAnchors(redmondCertsPath));
InstallCerts(store, LoadIncomingAnchors(nhindCertsPath));
InstallCerts(store, LoadOutgoingAnchors(nhindCertsPath));
}
}
void EnsureStandardMachineStores(string path)
{
SystemX509Store.CreateAll();
string basePath = path;
string redmondCertsPath = MakeCertificatesPath(basePath, "redmond");
string nhindCertsPath = MakeCertificatesPath(basePath, "nhind");
string noAnchorCertsPath = MakeCertificatesPath(basePath, "noAnchor");
SystemX509Store store;
WriteLine("Installing Private Certs");
using (store = SystemX509Store.OpenPrivateEdit())
{
InstallCerts(store, LoadCerts(redmondCertsPath, "Private"));
InstallCerts(store, LoadCerts(nhindCertsPath, "Private"));
}
WriteLine("Installing Public Certs");
using (store = SystemX509Store.OpenExternalEdit())
{
InstallCerts(store, LoadCerts(redmondCertsPath, "Public"));
InstallCerts(store, LoadCerts(nhindCertsPath, "Public"));
InstallCerts(store, LoadCerts(noAnchorCertsPath, "Public"));
}
WriteLine("Installing Anchors Certs");
using (store = SystemX509Store.OpenAnchorEdit())
{
InstallCerts(store, LoadCerts(redmondCertsPath, "IncomingAnchors"));
InstallCerts(store, LoadCerts(redmondCertsPath, "OutgoingAnchors"));
InstallCerts(store, LoadCerts(nhindCertsPath, "IncomingAnchors"));
InstallCerts(store, LoadCerts(nhindCertsPath, "OutgoingAnchors"));
}
}
/// <summary>
/// Creates a DirectAgent instance using local certificate stores and the standard trust and cryptography models.
/// </summary>
/// <param name="domain">
/// The local domain name managed by this agent.
/// </param>
public DirectAgent(string domain)
: this(new StaticDomainResolver(domain), SystemX509Store.OpenPrivate().CreateResolver(),
SystemX509Store.OpenExternal().CreateResolver(),
TrustAnchorResolver.CreateDefault())
{
}
public void EnsureStandardMachineStores()
{
SystemX509Store.CreateAll();
}
