public void Import(string fileName, string password, X509KeyStorageFlags keyStorageFlags) {
uint dwFlags = X509Utils.MapKeyStorageFlags(keyStorageFlags);
Cryptography.SafeCertStoreHandle safeCertStoreHandle = Cryptography.SafeCertStoreHandle.InvalidHandle;
#if !FEATURE_CORESYSTEM
//
// We need to Assert all StorePermission flags since this is a memory store and we want
// semi-trusted code to be able to import certificates to a memory store.
//
StorePermission sp = new StorePermission(StorePermissionFlags.AllFlags);
sp.Assert();
#endif
safeCertStoreHandle = LoadStoreFromFile(fileName, password, dwFlags, (keyStorageFlags & X509KeyStorageFlags.PersistKeySet) != 0);
X509Certificate2Collection collection = X509Utils.GetCertificates(safeCertStoreHandle);
safeCertStoreHandle.Dispose();
X509Certificate2[] x509Certs = new X509Certificate2[collection.Count];
collection.CopyTo(x509Certs, 0);
this.AddRange(x509Certs);
}
public byte[] Export(X509ContentType contentType, string password) {
#if !FEATURE_CORESYSTEM
//
// We need to Assert all StorePermission flags since this is a memory store and we want
// semi-trusted code to be able to export certificates to a memory store.
//
StorePermission sp = new StorePermission(StorePermissionFlags.AllFlags);
sp.Assert();
#endif
Cryptography.SafeCertStoreHandle safeCertStoreHandle = X509Utils.ExportToMemoryStore(this);
byte[] result = ExportCertificatesToBlob(safeCertStoreHandle, contentType, password);
safeCertStoreHandle.Dispose();
return result;
}
internal static Cryptography.SafeCertStoreHandle ExportToMemoryStore (X509Certificate2Collection collection) {
//
// We need to Assert all StorePermission flags since this is a memory store and we want
// semi-trusted code to be able to export certificates to a memory store.
//
#if !FEATURE_CORESYSTEM
StorePermission sp = new StorePermission(StorePermissionFlags.AllFlags);
sp.Assert();
#endif
Cryptography.SafeCertStoreHandle safeCertStoreHandle = Cryptography.SafeCertStoreHandle.InvalidHandle;
// we always want to use CERT_STORE_ENUM_ARCHIVED_FLAG since we want to preserve the collection in this operation.
// By default, Archived certificates will not be included.
safeCertStoreHandle = CAPI.CertOpenStore(new IntPtr(CAPI.CERT_STORE_PROV_MEMORY),
CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING,
IntPtr.Zero,
CAPI.CERT_STORE_ENUM_ARCHIVED_FLAG | CAPI.CERT_STORE_CREATE_NEW_FLAG,
null);
if (safeCertStoreHandle == null || safeCertStoreHandle.IsInvalid)
throw new CryptographicException(Marshal.GetLastWin32Error());
//
// We use CertAddCertificateLinkToStore to keep a link to the original store, so any property changes get
// applied to the original store. This has a limit of 99 links per cert context however.
//
foreach (X509Certificate2 x509 in collection) {
if (!CAPI.CertAddCertificateLinkToStore(safeCertStoreHandle,
x509.CertContext,
CAPI.CERT_STORE_ADD_ALWAYS,
Cryptography.SafeCertContextHandle.InvalidHandle))
throw new CryptographicException(Marshal.GetLastWin32Error());
}
return safeCertStoreHandle;
}
public X509Certificate2Collection Find(X509FindType findType, Object findValue, bool validOnly) {
#if !FEATURE_CORESYSTEM
//
// We need to Assert all StorePermission flags since this is a memory store and we want
// semi-trusted code to be able to find certificates in a memory store.
//
StorePermission sp = new StorePermission(StorePermissionFlags.AllFlags);
sp.Assert();
#endif
Cryptography.SafeCertStoreHandle safeSourceStoreHandle = X509Utils.ExportToMemoryStore(this);
Cryptography.SafeCertStoreHandle safeTargetStoreHandle = FindCertInStore(safeSourceStoreHandle, findType, findValue, validOnly);
X509Certificate2Collection collection = X509Utils.GetCertificates(safeTargetStoreHandle);
safeTargetStoreHandle.Dispose();
safeSourceStoreHandle.Dispose();
return collection;
}
internal static X509Certificate2Collection BuildBagOfCerts (KeyInfoX509Data keyInfoX509Data, CertUsageType certUsageType) {
X509Certificate2Collection collection = new X509Certificate2Collection();
ArrayList decryptionIssuerSerials = (certUsageType == CertUsageType.Decryption ? new ArrayList() : null);
if (keyInfoX509Data.Certificates != null) {
foreach (X509Certificate2 certificate in keyInfoX509Data.Certificates) {
switch (certUsageType) {
case CertUsageType.Verification:
collection.Add(certificate);
break;
case CertUsageType.Decryption:
decryptionIssuerSerials.Add(new X509IssuerSerial(certificate.IssuerName.Name, certificate.SerialNumber));
break;
}
}
}
if (keyInfoX509Data.SubjectNames == null && keyInfoX509Data.IssuerSerials == null &&
keyInfoX509Data.SubjectKeyIds == null && decryptionIssuerSerials == null)
return collection;
// Open LocalMachine and CurrentUser "Other People"/"My" stores.
// Assert OpenStore since we are not giving back any certificates to the user.
StorePermission sp = new StorePermission(StorePermissionFlags.OpenStore);
sp.Assert();
X509Store[] stores = new X509Store[2];
string storeName = (certUsageType == CertUsageType.Verification ? "AddressBook" : "My");
stores[0] = new X509Store(storeName, StoreLocation.CurrentUser);
stores[1] = new X509Store(storeName, StoreLocation.LocalMachine);
for (int index=0; index < stores.Length; index++) {
if (stores[index] != null) {
X509Certificate2Collection filters = null;
// We don't care if we can't open the store.
try {
stores[index].Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
filters = stores[index].Certificates;
stores[index].Close();
if (keyInfoX509Data.SubjectNames != null) {
foreach (string subjectName in keyInfoX509Data.SubjectNames) {
filters = filters.Find(X509FindType.FindBySubjectDistinguishedName, subjectName, false);
}
}
if (keyInfoX509Data.IssuerSerials != null) {
foreach (X509IssuerSerial issuerSerial in keyInfoX509Data.IssuerSerials) {
filters = filters.Find(X509FindType.FindByIssuerDistinguishedName, issuerSerial.IssuerName, false);
filters = filters.Find(X509FindType.FindBySerialNumber, issuerSerial.SerialNumber, false);
}
}
if (keyInfoX509Data.SubjectKeyIds != null) {
foreach (byte[] ski in keyInfoX509Data.SubjectKeyIds) {
string hex = X509Utils.EncodeHexString(ski);
filters = filters.Find(X509FindType.FindBySubjectKeyIdentifier, hex, false);
}
}
if (decryptionIssuerSerials != null) {
foreach (X509IssuerSerial issuerSerial in decryptionIssuerSerials) {
filters = filters.Find(X509FindType.FindByIssuerDistinguishedName, issuerSerial.IssuerName, false);
filters = filters.Find(X509FindType.FindBySerialNumber, issuerSerial.SerialNumber, false);
}
}
}
catch (CryptographicException) {}
if (filters != null)
collection.AddRange(filters);
}
}
return collection;
}
public AjaxResponse UploadCertificate(string fileName, string password)
{
var response = new AjaxResponse();
try
{
var filePath = Path.Combine(Path.GetTempPath(), fileName);
var store2 = new X509Store(StoreName.My, StoreLocation.LocalMachine);
var sp = new StorePermission(PermissionState.Unrestricted) {Flags = StorePermissionFlags.AllFlags};
sp.Assert();
store2.Open(OpenFlags.MaxAllowed);
var cert = fileName.EndsWith(".pfx")
? new X509Certificate2(filePath, password) {FriendlyName = fileName}
: new X509Certificate2(new X509Certificate(filePath));
store2.Add(cert);
store2.Close();
if (CoreContext.Configuration.Standalone)
UploadStandAloneCertificate(store2, cert);
else
UploadSaaSCertificate(store2, cert);
response.status = "success";
response.message = Resource.UploadHttpsSettingsSuccess;
}
catch (Exception e)
{
response.status = "error";
response.message = e.Message;
}
return response;
}
public void Import(byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags) {
uint dwFlags = X509Utils.MapKeyStorageFlags(keyStorageFlags);
SafeCertStoreHandle safeCertStoreHandle = SafeCertStoreHandle.InvalidHandle;
//
// We need to Assert all StorePermission flags since this is a memory store and we want
// semi-trusted code to be able to import certificates to a memory store.
//
StorePermission sp = new StorePermission(StorePermissionFlags.AllFlags);
sp.Assert();
safeCertStoreHandle = LoadStoreFromBlob(rawData, password, dwFlags, (keyStorageFlags & X509KeyStorageFlags.PersistKeySet) != 0);
X509Certificate2Collection collection = X509Utils.GetCertificates(safeCertStoreHandle);
safeCertStoreHandle.Dispose();
X509Certificate2[] x509Certs = new X509Certificate2[collection.Count];
collection.CopyTo(x509Certs, 0);
this.AddRange(x509Certs);
}
private static X509Certificate2Collection SelectFromCollectionHelper (X509Certificate2Collection certificates, string title, string message, X509SelectionFlag selectionFlag, IntPtr hwndParent) {
if (certificates == null)
throw new ArgumentNullException("certificates");
if (selectionFlag < X509SelectionFlag.SingleSelection || selectionFlag > X509SelectionFlag.MultiSelection)
throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, SecurityResources.GetResourceString("Arg_EnumIllegalVal"), "selectionFlag"));
//
// We need to Assert all StorePermission flags since this is a memory store and we want
// semi-trusted code to be able to select certificates from a memory store.
//
StorePermission sp = new StorePermission(StorePermissionFlags.AllFlags);
sp.Assert();
using (SafeCertStoreHandle safeSourceStoreHandle = X509Utils.ExportToMemoryStore(certificates))
using (SafeCertStoreHandle safeTargetStoreHandle = SelectFromStore(safeSourceStoreHandle, title, message, selectionFlag, hwndParent))
{
return X509Utils.GetCertificates(safeTargetStoreHandle);
}
}
private void uninstallCert()
{
X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
StorePermission sp = new StorePermission(PermissionState.Unrestricted);
sp.Flags = StorePermissionFlags.OpenStore;
sp.Assert();
store.Open(OpenFlags.ReadWrite);
consoleLine("Removing Touchmote Test Certificate.");
foreach (X509Certificate2 c in store.Certificates)
{
if (c.IssuerName.Name.Contains("Touchmote"))
{
store.Remove(c);
}
}
store.Close();
}
private void installCert()
{
X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
StorePermission sp = new StorePermission(PermissionState.Unrestricted);
sp.Flags = StorePermissionFlags.OpenStore;
sp.Assert();
store.Open(OpenFlags.ReadWrite);
X509Certificate2Collection collection = new X509Certificate2Collection();
string path = System.AppDomain.CurrentDomain.BaseDirectory + "CodeSign.cer";
X509Certificate2 cert = new X509Certificate2(path);
byte[] encodedCert = cert.GetRawCertData();
consoleLine("Adding Touchmote Test Certificate to trusted root.");
store.Add(cert);
store.Close();
}
public AjaxResponse UploadCertificate(string fileName, string password)
{
var response = new AjaxResponse();
try
{
const string newbindinginformation = "*:443:";
var store2 = new X509Store(StoreName.My, StoreLocation.LocalMachine);
var sp = new StorePermission(PermissionState.Unrestricted) {Flags = StorePermissionFlags.AllFlags};
sp.Assert();
store2.Open(OpenFlags.MaxAllowed);
var cert = new X509Certificate2(fileName, password) {FriendlyName = fileName.Split('\\').Last()};
store2.Add(cert);
store2.Close();
using (var serverManager = new ServerManager())
{
foreach (var s in serverManager.Sites)
{
var bindingIndex = -1;
foreach (var b in s.Bindings.Where(r => r.BindingInformation.Contains(newbindinginformation)))
{
bindingIndex = s.Bindings.IndexOf(b);
}
if (bindingIndex != -1)
{
s.Bindings.RemoveAt(bindingIndex);
}
}
var site = serverManager.Sites[HostingEnvironment.ApplicationHost.GetSiteName()];
var binding = site.Bindings.Add(newbindinginformation, cert.GetCertHash(), store2.Name);
binding.Protocol = "https";
AddRewriteRules(serverManager);
serverManager.CommitChanges();
}
response.status = "success";
response.message = Resource.UploadHttpsSettingsSuccess;
}
catch (Exception e)
{
response.status = "error";
response.message = e.Message;
}
return response;
}
