// Helper methods
private static void IndexFolder(string folderName, StringBuilder sb, bool noProgress, bool verify)
{
// Process all file in folder
foreach (var fileName in Directory.GetFiles(folderName))
{
if (!_certExts.Contains(Path.GetExtension(fileName).ToLowerInvariant()))
{
continue;
}
// Get basic cert properties
var cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(fileName);
var serialNumberHex = "0x" + cert.GetSerialNumberString();
var serialNumberDec = uint.Parse(cert.GetSerialNumberString(), System.Globalization.NumberStyles.HexNumber);
var email = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.EmailName, false);
var domain = email.Substring(email.IndexOf('@') + 1);
var name = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);
if (!noProgress)
{
Console.Write($"0x{serialNumberHex,-8} {email,-40} {name,-30} ");
}
// Verify certificate
var status = "Unknown";
if (verify)
{
var certValid = ValidateCertificate(cert);
status = certValid ? "OK" : "Revoked";
}
if (!noProgress)
{
Console.WriteLine(status);
}
// Add line to index
sb.AppendLine(string.Join(CSV_SEPARATOR,
serialNumberHex,
serialNumberDec,
cert.GetCertHashString(),
cert.NotBefore.ToString("yyyy-MM-dd"),
cert.NotAfter.ToString("yyyy-MM-dd"),
cert.PublicKey.Key.KeySize,
status,
domain,
name,
email,
cert.Issuer,
cert.Subject));
}
// Crafl subfolders
foreach (var subFolderName in Directory.GetDirectories(folderName))
{
IndexFolder(subFolderName, sb, noProgress, verify);
}
}
public static Dictionary <string, string> ParseCert(byte[] certDER)
{
var ret = new Dictionary <string, string>();
try {
var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certDER);
//logger.Debug("X.509v3証明書の発行先であるプリンシパルの名前(古い形式)");
//logger.Debug(x509.GetName());
ret.Add("X.509v3証明書の形式の名前", x509.GetFormat());
ret.Add("バージョン", $"{x509.Version}");
ret.Add("シリアル番号", x509.GetSerialNumberString());
ret.Add("署名アルゴリズム", x509.SignatureAlgorithm.FriendlyName);
ret.Add("証明書を発行した証明機関の名前", x509.Issuer);
ret.Add("サブジェクトの識別名", x509.Subject);
ret.Add("証明書のハッシュ値の16進文字列", x509.GetCertHashString());
ret.Add("証明書の発効日", x509.GetEffectiveDateString());
ret.Add("証明書の失効日", x509.GetExpirationDateString());
ret.Add("キーアルゴリズム情報", x509.GetKeyAlgorithm());
ret.Add("キーアルゴリズムパラメータ", x509.GetKeyAlgorithmParametersString());
ret.Add("公開鍵", x509.GetPublicKeyString());
foreach (var extension in x509.Extensions)
{
/*
* if (extension.Oid.FriendlyName == "キー使用法") {
* var ext = (X509KeyUsageExtension)extension;
* ret.Add("Extension キー使用法", ext.KeyUsages.ToString());
* }
* if (extension.Oid.FriendlyName == "拡張キー使用法") {
* var ext = (X509EnhancedKeyUsageExtension)extension;
* string value = "";
* var oids = ext.EnhancedKeyUsages;
* foreach (var oid in oids) {
* value = value + oid.FriendlyName + "(" + oid.Value + ")";
* }
* ret.Add("Extension 拡張キー使用法", value);
* }
*/
ret.Add($"- Extension {extension.Oid.FriendlyName}", extension.Oid.Value);
}
//logger.Debug("X.509v3証明書を発行した証明機関の名前(古い形式)");
//logger.Debug(x509.GetIssuerName());
//logger.Debug("X.509証明書全体の生データ");
//logger.Debug(x509.GetRawCertDataString());
} catch (Exception ex) {
logger.Debug(ex);
}
return(ret);
}
public static CertificadoDigital GetCertificadoDigital_v2(byte[] archivoCer)
{
var srtBase64 = "";
var certificado = new CertificadoDigital();
System.Security.Cryptography.X509Certificates.X509Certificate2 certEmisor = new System.Security.Cryptography.X509Certificates.X509Certificate2();
byte[] data = archivoCer;
certEmisor.Import(data);
srtBase64 = Convert.ToBase64String(certEmisor.GetRawCertData());
certificado.Certificado = certEmisor.GetRawCertDataString();
certificado.CertificadoBase64 = srtBase64;
byte[] byteArray = certEmisor.GetSerialNumber();
//string test = byteArray.ToString();
string strSerialHex = certEmisor.GetSerialNumberString();
string serialTest2 = certEmisor.SerialNumber;
var strSerial = ConvertHexToString(strSerialHex);
//var str = System.Text.Encoding.Default.GetString(byteArray);
//string result = System.Text.Encoding.UTF8.GetString(byteArray);
//System.Text.Encoding enc = System.Text.Encoding.ASCII;
//string myString = enc.GetString(byteArray);
//string s = System.Text.UTF8Encoding.UTF8.GetString(byteArray);
//char[] array = str.ToCharArray();
//Array.Reverse(array);
//var nuevoStr = new string(array);
certificado.NoCertificado = strSerial;//str;
return(certificado);
}
protected override void ProcessRecord()
{
using (var vp = InitializeVault.GetVaultProvider(VaultProfile))
{
vp.OpenStorage();
var v = vp.LoadVault();
if (v.Registrations == null || v.Registrations.Count < 1)
throw new InvalidOperationException("No registrations found");
var ri = v.Registrations[0];
var r = ri.Registration;
if (v.Certificates == null || v.Certificates.Count < 1)
throw new InvalidOperationException("No certificates found");
var ci = v.Certificates.GetByRef(Ref);
if (ci == null)
throw new Exception("Unable to find a Certificate for the given reference");
if (!LocalOnly)
{
if (ci.CertificateRequest == null)
throw new Exception("Certificate has not been submitted yet; cannot update status");
using (var c = ClientHelper.GetClient(v, ri))
{
c.Init();
c.GetDirectory(true);
c.RefreshCertificateRequest(ci.CertificateRequest, UseBaseURI);
}
if ((Repeat || string.IsNullOrEmpty(ci.CrtPemFile))
&& !string.IsNullOrEmpty(ci.CertificateRequest.CertificateContent))
{
var crtDerFile = $"{ci.Id}-crt.der";
var crtPemFile = $"{ci.Id}-crt.pem";
var crtDerAsset = vp.ListAssets(crtDerFile, VaultAssetType.CrtDer).FirstOrDefault();
var crtPemAsset = vp.ListAssets(crtPemFile, VaultAssetType.CrtPem).FirstOrDefault();
if (crtDerAsset == null)
crtDerAsset = vp.CreateAsset(VaultAssetType.CrtDer, crtDerFile);
if (crtPemAsset == null)
crtPemAsset = vp.CreateAsset(VaultAssetType.CrtPem, crtPemFile);
using (var s = vp.SaveAsset(crtDerAsset))
{
ci.CertificateRequest.SaveCertificate(s);
ci.CrtDerFile = crtDerFile;
}
using (Stream source = vp.LoadAsset(crtDerAsset), target = vp.SaveAsset(crtPemAsset))
{
CsrHelper.Crt.ConvertDerToPem(source, target);
ci.CrtPemFile = crtPemFile;
}
var crt = new X509Certificate2(ci.CertificateRequest.GetCertificateContent());
ci.SerialNumber = crt.SerialNumber;
ci.Thumbprint = crt.Thumbprint;
ci.SignatureAlgorithm = crt.SignatureAlgorithm?.FriendlyName;
ci.Signature = crt.GetCertHashString();
}
if (Repeat || string.IsNullOrEmpty(ci.IssuerSerialNumber))
{
var linksEnum = ci.CertificateRequest.Links;
if (linksEnum != null)
{
var links = new LinkCollection(linksEnum);
var upLink = links.GetFirstOrDefault("up");
if (upLink != null)
{
var tmp = Path.GetTempFileName();
try
{
using (var web = new WebClient())
{
if (v.Proxy != null)
web.Proxy = v.Proxy.GetWebProxy();
var uri = new Uri(new Uri(v.BaseURI), upLink.Uri);
web.DownloadFile(uri, tmp);
}
var cacert = new X509Certificate2(tmp);
var sernum = cacert.GetSerialNumberString();
var tprint = cacert.Thumbprint;
var sigalg = cacert.SignatureAlgorithm?.FriendlyName;
var sigval = cacert.GetCertHashString();
if (v.IssuerCertificates == null)
v.IssuerCertificates = new OrderedNameMap<IssuerCertificateInfo>();
if (Repeat || !v.IssuerCertificates.ContainsKey(sernum))
{
var cacertDerFile = $"ca-{sernum}-crt.der";
var cacertPemFile = $"ca-{sernum}-crt.pem";
var issuerDerAsset = vp.ListAssets(cacertDerFile,
VaultAssetType.IssuerDer).FirstOrDefault();
var issuerPemAsset = vp.ListAssets(cacertPemFile,
VaultAssetType.IssuerPem).FirstOrDefault();
if (Repeat || issuerDerAsset == null)
{
if (issuerDerAsset == null)
issuerDerAsset = vp.CreateAsset(VaultAssetType.IssuerDer, cacertDerFile);
using (Stream fs = new FileStream(tmp, FileMode.Open),
s = vp.SaveAsset(issuerDerAsset))
{
fs.CopyTo(s);
}
}
if (Repeat || issuerPemAsset == null)
{
if (issuerPemAsset == null)
issuerPemAsset = vp.CreateAsset(VaultAssetType.IssuerPem, cacertPemFile);
using (Stream source = vp.LoadAsset(issuerDerAsset),
target = vp.SaveAsset(issuerPemAsset))
{
CsrHelper.Crt.ConvertDerToPem(source, target);
}
}
v.IssuerCertificates[sernum] = new IssuerCertificateInfo
{
SerialNumber = sernum,
Thumbprint = tprint,
SignatureAlgorithm = sigalg,
Signature = sigval,
CrtDerFile = cacertDerFile,
CrtPemFile = cacertPemFile,
};
}
ci.IssuerSerialNumber = sernum;
}
finally
{
if (File.Exists(tmp))
File.Delete(tmp);
}
}
}
}
}
v.Alias = StringHelper.IfNullOrEmpty(Alias);
v.Label = StringHelper.IfNullOrEmpty(Label);
v.Memo = StringHelper.IfNullOrEmpty(Memo);
vp.SaveVault(v);
WriteObject(ci);
}
}
public static string GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp)
{
var linksEnum = certificate.Links;
if (linksEnum != null)
{
var links = new LinkCollection(linksEnum);
var upLink = links.GetFirstOrDefault("up");
if (upLink != null)
{
var tmp = Path.GetTempFileName();
try
{
using (var web = new WebClient())
{
var uri = new Uri(new Uri(BaseURI), upLink.Uri);
web.DownloadFile(uri, tmp);
}
var cacert = new X509Certificate2(tmp);
var sernum = cacert.GetSerialNumberString();
var tprint = cacert.Thumbprint;
var sigalg = cacert.SignatureAlgorithm?.FriendlyName;
var sigval = cacert.GetCertHashString();
var cacertDerFile = Path.Combine(certificatePath, $"ca-{sernum}-crt.der");
var cacertPemFile = Path.Combine(certificatePath, $"ca-{sernum}-crt.pem");
if (!File.Exists(cacertDerFile))
File.Copy(tmp, cacertDerFile, true);
Console.WriteLine($" Saving Issuer Certificate to {cacertPemFile}");
Log.Information("Saving Issuer Certificate to {cacertPemFile}", cacertPemFile);
if (!File.Exists(cacertPemFile))
using (FileStream source = new FileStream(cacertDerFile, FileMode.Open),
target = new FileStream(cacertPemFile, FileMode.Create))
{
var caCrt = cp.ImportCertificate(EncodingFormat.DER, source);
cp.ExportCertificate(caCrt, EncodingFormat.PEM, target);
}
return cacertPemFile;
}
finally
{
if (File.Exists(tmp))
File.Delete(tmp);
}
}
}
return null;
}
protected override void ProcessRecord()
{
using (var vlt = Util.VaultHelper.GetVault(VaultProfile))
{
vlt.OpenStorage();
var v = vlt.LoadVault();
if (v.Registrations == null || v.Registrations.Count < 1)
throw new InvalidOperationException("No registrations found");
var ri = v.Registrations[0];
var r = ri.Registration;
if (v.Certificates == null || v.Certificates.Count < 1)
throw new InvalidOperationException("No certificates found");
var ci = v.Certificates.GetByRef(CertificateRef, throwOnMissing: false);
if (ci == null)
throw new Exception("Unable to find a Certificate for the given reference");
// If we're renaming the Alias, do that
// first in case there are any problems
if (NewAlias != null)
{
v.Certificates.Rename(CertificateRef, NewAlias);
ci.Alias = NewAlias == "" ? null : NewAlias;
}
if (!LocalOnly)
{
if (ci.CertificateRequest == null)
throw new Exception("Certificate has not been submitted yet; cannot update status");
using (var c = ClientHelper.GetClient(v, ri))
{
c.Init();
c.GetDirectory(true);
c.RefreshCertificateRequest(ci.CertificateRequest, UseBaseUri);
}
if ((Repeat || string.IsNullOrEmpty(ci.CrtPemFile))
&& !string.IsNullOrEmpty(ci.CertificateRequest.CertificateContent))
{
var crtDerFile = $"{ci.Id}-crt.der";
var crtPemFile = $"{ci.Id}-crt.pem";
var crtDerAsset = vlt.ListAssets(crtDerFile, VaultAssetType.CrtDer).FirstOrDefault();
var crtPemAsset = vlt.ListAssets(crtPemFile, VaultAssetType.CrtPem).FirstOrDefault();
if (crtDerAsset == null)
crtDerAsset = vlt.CreateAsset(VaultAssetType.CrtDer, crtDerFile);
if (crtPemAsset == null)
crtPemAsset = vlt.CreateAsset(VaultAssetType.CrtPem, crtPemFile);
using (var cp = PkiHelper.GetPkiTool(
StringHelper.IfNullOrEmpty(PkiTool, v.PkiTool)))
{
var bytes = ci.CertificateRequest.GetCertificateContent();
using (Stream source = new MemoryStream(bytes),
derTarget = vlt.SaveAsset(crtDerAsset),
pemTarget = vlt.SaveAsset(crtPemAsset))
{
var crt = cp.ImportCertificate(EncodingFormat.DER, source);
// We're saving the DER format cert "through"
// the CP in order to validate its content
cp.ExportCertificate(crt, EncodingFormat.DER, derTarget);
ci.CrtDerFile = crtDerFile;
cp.ExportCertificate(crt, EncodingFormat.PEM, pemTarget);
ci.CrtPemFile = crtPemFile;
}
}
var x509 = new X509Certificate2(ci.CertificateRequest.GetCertificateContent());
ci.SerialNumber = x509.SerialNumber;
ci.Thumbprint = x509.Thumbprint;
ci.SignatureAlgorithm = x509.SignatureAlgorithm?.FriendlyName;
ci.Signature = x509.GetCertHashString();
}
if (Repeat || string.IsNullOrEmpty(ci.IssuerSerialNumber))
{
var linksEnum = ci.CertificateRequest.Links;
if (linksEnum != null)
{
var links = new LinkCollection(linksEnum);
var upLink = links.GetFirstOrDefault("up");
if (upLink != null)
{
// We need to save the ICA certificate to a local
// temp file so that we can read it in and store
// it properly as a vault asset through a stream
var tmp = Path.GetTempFileName();
try
{
using (var web = new WebClient())
{
if (v.Proxy != null)
web.Proxy = v.Proxy.GetWebProxy();
var uri = new Uri(new Uri(v.BaseUri), upLink.Uri);
web.DownloadFile(uri, tmp);
}
var cacert = new X509Certificate2(tmp);
var sernum = cacert.GetSerialNumberString();
var tprint = cacert.Thumbprint;
var sigalg = cacert.SignatureAlgorithm?.FriendlyName;
var sigval = cacert.GetCertHashString();
if (v.IssuerCertificates == null)
v.IssuerCertificates = new OrderedNameMap<IssuerCertificateInfo>();
if (Repeat || !v.IssuerCertificates.ContainsKey(sernum))
{
var cacertDerFile = $"ca-{sernum}-crt.der";
var cacertPemFile = $"ca-{sernum}-crt.pem";
var issuerDerAsset = vlt.ListAssets(cacertDerFile,
VaultAssetType.IssuerDer).FirstOrDefault();
var issuerPemAsset = vlt.ListAssets(cacertPemFile,
VaultAssetType.IssuerPem).FirstOrDefault();
if (Repeat || issuerDerAsset == null)
{
if (issuerDerAsset == null)
issuerDerAsset = vlt.CreateAsset(VaultAssetType.IssuerDer, cacertDerFile);
using (Stream fs = new FileStream(tmp, FileMode.Open),
s = vlt.SaveAsset(issuerDerAsset))
{
fs.CopyTo(s);
}
}
if (Repeat || issuerPemAsset == null)
{
if (issuerPemAsset == null)
issuerPemAsset = vlt.CreateAsset(VaultAssetType.IssuerPem, cacertPemFile);
using (var cp = PkiHelper.GetPkiTool(
StringHelper.IfNullOrEmpty(PkiTool, v.PkiTool)))
{
using (Stream source = vlt.LoadAsset(issuerDerAsset),
target = vlt.SaveAsset(issuerPemAsset))
{
var crt = cp.ImportCertificate(EncodingFormat.DER, source);
cp.ExportCertificate(crt, EncodingFormat.PEM, target);
}
}
}
v.IssuerCertificates[sernum] = new IssuerCertificateInfo
{
SerialNumber = sernum,
Thumbprint = tprint,
SignatureAlgorithm = sigalg,
Signature = sigval,
CrtDerFile = cacertDerFile,
CrtPemFile = cacertPemFile,
};
}
ci.IssuerSerialNumber = sernum;
}
finally
{
if (File.Exists(tmp))
File.Delete(tmp);
}
}
}
}
}
ci.Label = StringHelper.IfNullOrEmpty(Label);
ci.Memo = StringHelper.IfNullOrEmpty(Memo);
vlt.SaveVault(v);
WriteObject(ci);
}
}
public override void AssignSession(Session oS)
{
base.AssignSession(oS);
var dataItems = new List<DataItem>();
dataItems.Add(new DataItem("Is Https", oS.isHTTPS));
if (oS.isHTTPS && oS.oFlags.ContainsKey(CertificateStorage.CeritificateRequestPropertyName))
{
try
{
var thumbprint = oS.oFlags[CertificateStorage.CeritificateRequestPropertyName];
FiddlerApplication.Log.LogString(thumbprint);
if (CertificateStorage.Certificates.ContainsKey(thumbprint))
{
var certificate = CertificateStorage.Certificates[thumbprint];
var cert = new X509Certificate2(certificate);
_informationTab.Certificate = cert;
//most commonly desired information up top.
dataItems.InsertRange(0, new[] { new DataItem("FriendlyName", cert.FriendlyName),
new DataItem("Subject", cert.Subject),
new DataItem("Issuer", cert.Issuer),
new DataItem("Effective Date", cert.GetEffectiveDateString()),
new DataItem("Expiration Date", cert.GetExpirationDateString()),
new DataItem("Thumbprint", cert.Thumbprint),
new DataItem("------------------------", "------------------------")});
//alphabatized data properties below
dataItems.Add(new DataItem("Archived", cert.Archived));
dataItems.Add(new DataItem("FriendlyName", cert.FriendlyName));
dataItems.Add(new DataItem("Certficate Hash", cert.GetCertHashString()));
dataItems.Add(new DataItem("Certificate Format", cert.GetFormat()));
dataItems.Add(new DataItem("Effective Date", cert.GetEffectiveDateString()));
dataItems.Add(new DataItem("Expiration Date", cert.GetExpirationDateString()));
dataItems.Add(new DataItem("Full Issuer Name", cert.IssuerName.Format(true)));
dataItems.Add(new DataItem("Full Subject Name", cert.SubjectName.Format(true)));
dataItems.Add(new DataItem("Has Private Key", cert.HasPrivateKey));
dataItems.Add(new DataItem("Issuer", cert.Issuer));
dataItems.Add(new DataItem("Key Algorithm", cert.GetKeyAlgorithm()));
dataItems.Add(new DataItem("Key Algorithm Parameters", cert.GetKeyAlgorithmParametersString()));
dataItems.Add(new DataItem("Public Key", cert.GetPublicKeyString()));
dataItems.Add(new DataItem("Raw Certificate Data", cert.GetRawCertDataString()));
dataItems.Add(new DataItem("SerialNumberString", cert.GetSerialNumberString()));
dataItems.Add(new DataItem("Subject", cert.Subject));
dataItems.Add(new DataItem("Thumbprint", cert.Thumbprint));
dataItems.Add(new DataItem("Version", cert.Version));
dataItems.Add(new DataItem("------------------------", "------------------------"));
dataItems.Add(new DataItem("Extensions", string.Empty));
dataItems.Add(new DataItem("------------------------", "------------------------"));
foreach (var extension in cert.Extensions)
{
dataItems.Add(new DataItem(extension.Oid.FriendlyName, extension.Format(true)));
}
}
}
catch (Exception ex)
{
FiddlerApplication.Log.LogString("Unexpected error loading the assigned certificate." + ex.Message);
}
}
_informationTab.DataGrid.DataSource = dataItems;
}
private void OutputCertificate(X509Certificate2 x509Certificate)
{
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("Certificate Data: ******************************************************************");
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("Basic Certificate Information");
//System.Diagnostics.Debug.WriteLine("\t Content Type: " + X509Certificate2.GetCertContentType(x509Certificate.RawData));
System.Diagnostics.Debug.WriteLine("\t Format: " + x509Certificate.GetFormat());
System.Diagnostics.Debug.WriteLine("\t Version: " + x509Certificate.Version.ToString());
System.Diagnostics.Debug.WriteLine("\t Hash String: " + x509Certificate.GetCertHashString());
System.Diagnostics.Debug.WriteLine("\t Issuer Name: " + x509Certificate.IssuerName.Name);
System.Diagnostics.Debug.WriteLine("\t Issuer Name OID: " + x509Certificate.IssuerName.Oid.Value);
System.Diagnostics.Debug.WriteLine("\t Subject Name: " + x509Certificate.SubjectName.Name);
System.Diagnostics.Debug.WriteLine("\t Serial Number: " + x509Certificate.GetSerialNumberString());
System.Diagnostics.Debug.WriteLine("\t Thumb Print: " + x509Certificate.Thumbprint);
System.Diagnostics.Debug.WriteLine("\t Friendly Name: " + x509Certificate.FriendlyName);
System.Diagnostics.Debug.WriteLine("\t Signature Algorithm: " + x509Certificate.SignatureAlgorithm.FriendlyName);
if (null != x509Certificate.PrivateKey)
System.Diagnostics.Debug.WriteLine("\t Signature Key Exchange Algorithm: " + x509Certificate.PrivateKey.KeyExchangeAlgorithm);
else
System.Diagnostics.Debug.WriteLine("\t Signature Key Exchange Algorithm: ");
System.Diagnostics.Debug.WriteLine("\t Key Algorithm Parameters: " + x509Certificate.GetKeyAlgorithmParametersString());
System.Diagnostics.Debug.WriteLine("\t Not Valid Before: " + x509Certificate.NotBefore.ToString());
System.Diagnostics.Debug.WriteLine("\t Not Valid After: " + x509Certificate.NotAfter.ToString());
System.Diagnostics.Debug.WriteLine("\t Can Be Verified: " + x509Certificate.Verify());
System.Diagnostics.Debug.WriteLine("\t Is Archived: " + x509Certificate.Archived);
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("X509 Name Elements");
System.Diagnostics.Debug.WriteLine("\t X509 Simple Name: " + x509Certificate.GetNameInfo(X509NameType.SimpleName, false));
System.Diagnostics.Debug.WriteLine("\t X509 DNS From Alternative Name: " + x509Certificate.GetNameInfo(X509NameType.DnsFromAlternativeName, false));
System.Diagnostics.Debug.WriteLine("\t X509 DNS Name: " + x509Certificate.GetNameInfo(X509NameType.DnsName, false));
System.Diagnostics.Debug.WriteLine("\t X509 Email Name: " + x509Certificate.GetNameInfo(X509NameType.EmailName, false));
System.Diagnostics.Debug.WriteLine("\t X509 UPN Name: " + x509Certificate.GetNameInfo(X509NameType.UpnName, false));
System.Diagnostics.Debug.WriteLine("\t X509 URL Name: " + x509Certificate.GetNameInfo(X509NameType.UrlName, false));
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("X509 Name Elements for Issuer");
System.Diagnostics.Debug.WriteLine("\t X509 Simple Name: " + x509Certificate.GetNameInfo(X509NameType.SimpleName, true));
System.Diagnostics.Debug.WriteLine("\t X509 DNS From Alternative Name: " + x509Certificate.GetNameInfo(X509NameType.DnsFromAlternativeName, true));
System.Diagnostics.Debug.WriteLine("\t X509 DNS Name: " + x509Certificate.GetNameInfo(X509NameType.DnsName, true));
System.Diagnostics.Debug.WriteLine("\t X509 Email Name: " + x509Certificate.GetNameInfo(X509NameType.EmailName, true));
System.Diagnostics.Debug.WriteLine("\t X509 UPN Name: " + x509Certificate.GetNameInfo(X509NameType.UpnName, true));
System.Diagnostics.Debug.WriteLine("\t X509 URL Name: " + x509Certificate.GetNameInfo(X509NameType.UrlName, true));
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("Keys");
System.Diagnostics.Debug.WriteLine("\t Public Key: " + x509Certificate.PublicKey.Key.ToXmlString(false));
if (null != x509Certificate.PrivateKey)
System.Diagnostics.Debug.WriteLine("\t Private Key: " + x509Certificate.PrivateKey.ToXmlString(false));
else
System.Diagnostics.Debug.WriteLine("\t Private Key: ");
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("Raw Cert");
System.Diagnostics.Debug.WriteLine("\t " + x509Certificate.GetRawCertDataString());
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("************************************************************************************");
System.Diagnostics.Debug.WriteLine("");
}
/// <summary>
/// Signs the SOAP document and adds a digital signature to it.
///
/// Note a lot of optional settings are applied against
/// key and certificate info to match the required XML document
/// structure the server requests.
/// </summary>
/// <param name="xmlDoc"></param>
/// <param name="certFriendlyName">Friendly Name of Cert installed in the Certificate Store under CurrentUser | Personal</param>
/// <returns></returns>
public XmlDocument SignSoapBody(XmlDocument xmlDoc, X509Certificate2 cert)
{
// *** Add search Namespaces references to ensure we can reliably work
// *** against any SOAP docs regardless of tag naming
XmlNamespaceManager ns = new XmlNamespaceManager(xmlDoc.NameTable);
ns.AddNamespace("SOAP", STR_SOAP_NS);
ns.AddNamespace("SOAP-SEC", STR_SOAPSEC_NS);
// *** Grab the body element - this is what we create the signature from
XmlElement body = xmlDoc.DocumentElement.SelectSingleNode(@"//SOAP:Body", ns) as XmlElement;
if (body == null)
throw new ApplicationException("No body tag found");
// *** We'll only encode the <SOAP:Body> - add id: Reference as #Body
body.SetAttribute("id", "Body");
// *** Signed XML will create Xml Signature - Xml fragment
SignedXml signedXml = new SignedXml(xmlDoc);
// *** Create a KeyInfo structure
KeyInfo keyInfo = new KeyInfo();
// *** The actual key for signing - MAKE SURE THIS ISN'T NULL!
signedXml.SigningKey = cert.PrivateKey;
// *** Specifically use the issuer and serial number for the data rather than the default
KeyInfoX509Data keyInfoData = new KeyInfoX509Data();
keyInfoData.AddIssuerSerial(cert.Issuer, cert.GetSerialNumberString());
keyInfo.AddClause(keyInfoData);
// *** provide the certficate info that gets embedded - note this is only
// *** for specific formatting of the message to provide the cert info
signedXml.KeyInfo = keyInfo;
// *** Again unusual - meant to make the document match template
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
// *** Now create reference to sign: Point at the Body element
Reference reference = new Reference();
reference.Uri = "#Body";
// reference id=body section in same doc
reference.AddTransform(new XmlDsigExcC14NTransform());
// required to match doc
signedXml.AddReference(reference);
// *** Finally create the signature
signedXml.ComputeSignature();
// *** Result is an XML node with the signature detail below it
// *** Now let's add the sucker into the SOAP-HEADER
XmlElement signedElement = signedXml.GetXml();
// *** Create SOAP-SEC:Signature element
XmlElement soapSignature = xmlDoc.CreateElement("Signature", STR_SOAPSEC_NS);
soapSignature.Prefix = "SOAP-SEC"; soapSignature.SetAttribute("MustUnderstand", "", "1");
// *** And add our signature as content
soapSignature.AppendChild(signedElement);
// *** Now add the signature header into the master header
XmlElement soapHeader = xmlDoc.DocumentElement.SelectSingleNode("//SOAP:Header", ns) as XmlElement;
if (soapHeader == null)
{
soapHeader = xmlDoc.CreateElement("Header", STR_SOAP_NS);
soapHeader.Prefix = "SOAP";
xmlDoc.DocumentElement.InsertBefore(soapHeader, xmlDoc.DocumentElement.ChildNodes[0]);
}
soapHeader.AppendChild(soapSignature);
return xmlDoc;
}
static string GetIssuerCertificate(CertificateRequest certificate)
{
var linksEnum = certificate.Links;
if (linksEnum != null)
{
var links = new LinkCollection(linksEnum);
var upLink = links.GetFirstOrDefault("up");
if (upLink != null)
{
var tmp = Path.GetTempFileName();
try
{
using (var web = new WebClient())
{
//if (v.Proxy != null)
// web.Proxy = v.Proxy.GetWebProxy();
var uri = new Uri(new Uri(BaseURI), upLink.Uri);
web.DownloadFile(uri, tmp);
}
var cacert = new X509Certificate2(tmp);
var sernum = cacert.GetSerialNumberString();
var tprint = cacert.Thumbprint;
var sigalg = cacert.SignatureAlgorithm?.FriendlyName;
var sigval = cacert.GetCertHashString();
var cacertDerFile = Path.Combine(configPath, $"ca-{sernum}-crt.der");
var cacertPemFile = Path.Combine(configPath, $"ca-{sernum}-crt.pem");
if (!File.Exists(cacertDerFile))
File.Copy(tmp, cacertDerFile, true);
Console.WriteLine($" Saving Issuer Certificate to {cacertPemFile}");
if (!File.Exists(cacertPemFile))
CsrHelper.Crt.ConvertDerToPem(cacertDerFile, cacertPemFile);
return cacertPemFile;
}
finally
{
if (File.Exists(tmp))
File.Delete(tmp);
}
}
}
return null;
}
