Example #1
0
        public ActionResult Details(string id)
        {
            Guid publicKey;

            if (!Guid.TryParse(id, out publicKey))
            {
                return(new HttpStatusCodeResult(System.Net.HttpStatusCode.BadRequest));
            }

            var certificado = DBContext.Certificados.Where(e => e.PublicKey == publicKey).SingleOrDefault();

            if (certificado == null)
            {
                return(HttpNotFound());
            }


            System.Security.Cryptography.SHA1CryptoServiceProvider sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider();
            //System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo,
            //     certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet);
            //// System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;
            System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo,
                                                                                                                                                     certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet);
            System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;



            //System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();
            //byte[] binData = encoder.GetBytes(cadenaOriginal);
            //byte[] binSignature = rsaCryptoIPT.SignData(binData, sha1);
            //string sello = Convert.ToBase64String(binSignature);
            //return sello;


            var model = new CertificadoDetailsViewModel(certificado);

            //model.Issuer = cert.Issuer;
            model.Issuer  = cert.IssuerName.Name;
            model.Subject = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);



            model.Issuer = cert.GetEffectiveDateString();
            model.Issuer = cert.GetExpirationDateString();
            model.Issuer = cert.Subject;
            model.Issuer = certificado.GetNumeroSerie(); //  cert.SerialNumber; // cert.GetSerialNumberString();
            model.Issuer = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, true);
            //model.Issuer = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);
            return(View(model));
        }
        public ActionResult Create(CertificadoCreateViewModel model) {
            //var model = new CertificadoCreateViewModel();
           if (ModelState.IsValid) {
               if (model.CertificadoArchivo == null || model.CertificadoArchivo.ContentLength == 0) {
                    return View();
                }
                try {
                    // var user = UserManager.FindById(this.GetUserId());
                    Guid publicKey = Guid.NewGuid();
                    Certificado certificado = new Certificado();
                    //certificado.NumSerie = model.NumSerie;
                    //certificado.RFC = model.RFC;
                    //certificado.Inicia = model.Inicia; // DateTime.Parse(post["inicia"].ToString(), new System.Globalization.CultureInfo("es-MX"));
                    //certificado.Finaliza = model.Finaliza;
                    ////certificado.CertificadoBase64 = model.CertificadoArchivo;
                    ////certificado.PFXArchivo = model.PFXArchivo;

                    certificado.PFXContrasena = model.PFXContrasena;
                    certificado.Estado = model.Estado;

                    if (model.CertificadoArchivo != null) {
                        MemoryStream target = new MemoryStream();
                        model.CertificadoArchivo.InputStream.CopyTo(target);
                        Byte[] data = target.ToArray();
                        certificado.CertificadoDER = data;
                        //certificado.PFXArchivo = data;
                        certificado.CertificadoBase64 = Convert.ToBase64String(data);

                        System.Security.Cryptography.SHA1CryptoServiceProvider sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider();
                        //System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(data, certificado.PFXContrasena);
                        System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(data);
                        // cert.FriendlyName.ToString();

                        certificado.NumSerie = Certificado.GetSerialNumberString(cert);
                        
                        //certificado.RFC = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);
                        string[] subject = cert.Subject.Split(',');
                        foreach (string strVal in subject) {
                            string value = strVal.Trim();
                            if (value.StartsWith("OID.2.5.4.45=")) {
                                string value2 = value.Replace("OID.2.5.4.45=", "");
                                certificado.RFC = value2.Substring(0, value2.IndexOf('/') >= 0 ? value2.IndexOf('/') : value2.Length).Trim();
                            }
                        }

                        certificado.Inicia = DateTime.Parse(cert.GetEffectiveDateString());
                        certificado.Finaliza = DateTime.Parse(cert.GetExpirationDateString());
                        //certificado.CertificadoBase64 = model.CertificadoArchivo;
                        //certificado.PFXArchivo = model.PFXArchivo;

                    }

                    if (model.PFXArchivo != null) {
                        MemoryStream target2 = new MemoryStream();
                        model.PFXArchivo.InputStream.CopyTo(target2);
                        Byte[] dataPFX = target2.ToArray();
                        certificado.PFXArchivo = dataPFX;



                    //    MemoryStream target3 = new MemoryStream();
                    //    model.CertificadoArchivo.InputStream.Position = 0;
                    //    model.CertificadoArchivo.InputStream.CopyTo(target3);
                    //    Byte[] data3 = target3.ToArray();
                    //    //string certificadoBase64 = Convert.ToBase64String(data);

                        
                    //    //System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo,
                    //    //     certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet);
                    //    //System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;




                    }
                    //else {
                    //    MemoryStream target3 = new MemoryStream();
                    //    model.CertificadoArchivo.InputStream.CopyTo(target3);
                    //    Byte[] data3 = target3.ToArray();
                    //    //string certificadoBase64 = Convert.ToBase64String(data);

                    //    System.Security.Cryptography.SHA1CryptoServiceProvider sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider();
                    //    System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(data3, certificado.PFXContrasena);
                    //    cert.FriendlyName.ToString();
                    //    //System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo,
                    //    //     certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet);
                    //    System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;


                    //}

                    if (model.PrivateKeyDER != null) {
                        MemoryStream ms = new MemoryStream();
                        model.PrivateKeyDER.InputStream.CopyTo(ms);
                        Byte[] dataDER = ms.ToArray();
                        certificado.PrivateKeyDER = dataDER;
                    }
                    certificado.PrivateKeyContrasena = model.PrivateKeyContrasena;

                    this.DBContext.Certificados.Add(certificado);
                    this.DBContext.SaveChanges();
                }
                catch (Exception ex) {
                    //log.Error(ex, "Error upload photo blob to storage");
                    ex.ToString();
                }
            }
            return RedirectToAction("Index", "Home");
        }
        public ActionResult Details(string id) {
            Guid publicKey;
            if (!Guid.TryParse(id, out publicKey))
                return new HttpStatusCodeResult(System.Net.HttpStatusCode.BadRequest);

            var certificado = DBContext.Certificados.Where(e => e.PublicKey == publicKey).SingleOrDefault();

            if (certificado == null)
                return HttpNotFound();


            System.Security.Cryptography.SHA1CryptoServiceProvider sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider();
            //System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo,
            //     certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet);
            //// System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;
            System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo,
                 certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet);
            System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;

             

            //System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();
            //byte[] binData = encoder.GetBytes(cadenaOriginal);
            //byte[] binSignature = rsaCryptoIPT.SignData(binData, sha1);
            //string sello = Convert.ToBase64String(binSignature);
            //return sello;


            var model = new CertificadoDetailsViewModel(certificado);
            //model.Issuer = cert.Issuer;
            model.Issuer = cert.IssuerName.Name;
            model.Subject = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);

           

            model.Issuer = cert.GetEffectiveDateString();
            model.Issuer = cert.GetExpirationDateString();
            model.Issuer = cert.Subject;
            model.Issuer = certificado.GetNumeroSerie(); //  cert.SerialNumber; // cert.GetSerialNumberString();
            model.Issuer = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, true);
            //model.Issuer = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);
            return View(model);
        }            
Example #4
0
        /// <summary>
        /// Once validation has completed for our requested domains we can complete the certificate
        /// request by submitting a Certificate Signing Request (CSR) to the CA
        /// </summary>
        /// <param name="log">  </param>
        /// <param name="primaryDnsIdentifier">  </param>
        /// <param name="alternativeDnsIdentifiers">  </param>
        /// <param name="config">  </param>
        /// <returns>  </returns>
        public async Task <ProcessStepResult> CompleteCertificateRequest(ILog log, CertRequestConfig config, string orderId)
        {
            var orderContext = _currentOrders[orderId];

            // check order status, if it's not 'ready' then try a few more times before giving up
            var order = await orderContext.Resource();

            var attempts = 5;

            while (attempts > 0 && (order?.Status != OrderStatus.Ready && order?.Status != OrderStatus.Valid))
            {
                await Task.Delay(2000);

                order = await orderContext.Resource();

                attempts--;
            }

            if (order?.Status != OrderStatus.Ready && order?.Status != OrderStatus.Valid)
            {
                return(new ProcessStepResult {
                    IsSuccess = false, ErrorMessage = "Certificate Request did not complete. Order did not reach Ready status in the time allowed.", Result = order
                });
            }

            // generate temp keypair for signing CSR
            var keyAlg = KeyAlgorithm.RS256;

            if (!string.IsNullOrEmpty(config.CSRKeyAlg))
            {
                if (config.CSRKeyAlg == "RS256")
                {
                    keyAlg = KeyAlgorithm.RS256;
                }

                if (config.CSRKeyAlg == "ECDSA256")
                {
                    keyAlg = KeyAlgorithm.ES256;
                }

                if (config.CSRKeyAlg == "ECDSA384")
                {
                    keyAlg = KeyAlgorithm.ES384;
                }

                if (config.CSRKeyAlg == "ECDSA521")
                {
                    keyAlg = KeyAlgorithm.ES512;
                }
            }

            var csrKey = KeyFactory.NewKey(keyAlg);

            var certFriendlyName = $"{config.PrimaryDomain} [Certify] ";

            // generate cert
            CertificateChain certificateChain = null;
            DateTime?        certExpiration   = null;

            try
            {
                if (order.Status == OrderStatus.Valid)
                {
                    // download existing cert, TODO: need to re-use key from time of last finalize
                    certificateChain = await orderContext.Download();
                }
                else
                {
                    // finalise and download
                    certificateChain = await orderContext.Generate(new CsrInfo
                    {
                        CommonName = _idnMapping.GetAscii(config.PrimaryDomain)
                    }, csrKey);
                }


                var cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificateChain.Certificate.ToDer());
                certExpiration    = cert.NotAfter;
                certFriendlyName += $"{cert.GetEffectiveDateString()} to {cert.GetExpirationDateString()}";
            }
            catch (AcmeRequestException exp)
            {
                var msg = $"Failed to finalize certificate order:  {exp.Error?.Detail}";
                log.Error(msg);

                return(new ProcessStepResult {
                    ErrorMessage = msg, IsSuccess = false, Result = exp.Error
                });
            }

            // file will be named as {expiration yyyyMMdd}_{guid} e.g. 20290301_4fd1b2ea-7b6e-4dca-b5d9-e0e7254e568b
            var certId = certExpiration.Value.ToString("yyyyMMdd") + "_" + Guid.NewGuid().ToString().Substring(0, 8);

            var domainAsPath = config.PrimaryDomain.Replace("*", "_");

            var pfxPath = ExportFullCertPFX(certFriendlyName, csrKey, certificateChain, certId, domainAsPath);

            return(new ProcessStepResult {
                IsSuccess = true, Result = pfxPath
            });
        }
Example #5
0
        public ActionResult Create(CertificadoCreateViewModel model)
        {
            //var model = new CertificadoCreateViewModel();
            if (ModelState.IsValid)
            {
                if (model.CertificadoArchivo == null || model.CertificadoArchivo.ContentLength == 0)
                {
                    return(View());
                }
                try {
                    // var user = UserManager.FindById(this.GetUserId());
                    Guid        publicKey   = Guid.NewGuid();
                    Certificado certificado = new Certificado();
                    //certificado.NumSerie = model.NumSerie;
                    //certificado.RFC = model.RFC;
                    //certificado.Inicia = model.Inicia; // DateTime.Parse(post["inicia"].ToString(), new System.Globalization.CultureInfo("es-MX"));
                    //certificado.Finaliza = model.Finaliza;
                    ////certificado.CertificadoBase64 = model.CertificadoArchivo;
                    ////certificado.PFXArchivo = model.PFXArchivo;

                    certificado.PFXContrasena = model.PFXContrasena;
                    certificado.Estado        = model.Estado;

                    if (model.CertificadoArchivo != null)
                    {
                        MemoryStream target = new MemoryStream();
                        model.CertificadoArchivo.InputStream.CopyTo(target);
                        Byte[] data = target.ToArray();
                        certificado.CertificadoDER = data;
                        //certificado.PFXArchivo = data;
                        certificado.CertificadoBase64 = Convert.ToBase64String(data);

                        System.Security.Cryptography.SHA1CryptoServiceProvider sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider();
                        //System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(data, certificado.PFXContrasena);
                        System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(data);
                        // cert.FriendlyName.ToString();

                        certificado.NumSerie = Certificado.GetSerialNumberString(cert);

                        //certificado.RFC = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);
                        string[] subject = cert.Subject.Split(',');
                        foreach (string strVal in subject)
                        {
                            string value = strVal.Trim();
                            if (value.StartsWith("OID.2.5.4.45="))
                            {
                                string value2 = value.Replace("OID.2.5.4.45=", "");
                                certificado.RFC = value2.Substring(0, value2.IndexOf('/') >= 0 ? value2.IndexOf('/') : value2.Length).Trim();
                            }
                        }

                        certificado.Inicia   = DateTime.Parse(cert.GetEffectiveDateString());
                        certificado.Finaliza = DateTime.Parse(cert.GetExpirationDateString());
                        //certificado.CertificadoBase64 = model.CertificadoArchivo;
                        //certificado.PFXArchivo = model.PFXArchivo;
                    }

                    if (model.PFXArchivo != null)
                    {
                        MemoryStream target2 = new MemoryStream();
                        model.PFXArchivo.InputStream.CopyTo(target2);
                        Byte[] dataPFX = target2.ToArray();
                        certificado.PFXArchivo = dataPFX;



                        //    MemoryStream target3 = new MemoryStream();
                        //    model.CertificadoArchivo.InputStream.Position = 0;
                        //    model.CertificadoArchivo.InputStream.CopyTo(target3);
                        //    Byte[] data3 = target3.ToArray();
                        //    //string certificadoBase64 = Convert.ToBase64String(data);


                        //    //System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo,
                        //    //     certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet);
                        //    //System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;
                    }
                    //else {
                    //    MemoryStream target3 = new MemoryStream();
                    //    model.CertificadoArchivo.InputStream.CopyTo(target3);
                    //    Byte[] data3 = target3.ToArray();
                    //    //string certificadoBase64 = Convert.ToBase64String(data);

                    //    System.Security.Cryptography.SHA1CryptoServiceProvider sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider();
                    //    System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(data3, certificado.PFXContrasena);
                    //    cert.FriendlyName.ToString();
                    //    //System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo,
                    //    //     certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet);
                    //    System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;


                    //}

                    if (model.PrivateKeyDER != null)
                    {
                        MemoryStream ms = new MemoryStream();
                        model.PrivateKeyDER.InputStream.CopyTo(ms);
                        Byte[] dataDER = ms.ToArray();
                        certificado.PrivateKeyDER = dataDER;
                    }
                    certificado.PrivateKeyContrasena = model.PrivateKeyContrasena;

                    this.DBContext.Certificados.Add(certificado);
                    this.DBContext.SaveChanges();
                }
                catch (Exception ex) {
                    //log.Error(ex, "Error upload photo blob to storage");
                    ex.ToString();
                }
            }
            return(RedirectToAction("Index", "Home"));
        }