private X509Certificate2 GetCertificateFromStore(ITracer tracer, EventMetadata metadata) { try { using (SystemCertificateStore certificateStore = this.createCertificateStore()) { X509Certificate2Collection findResults = certificateStore.Find( X509FindType.FindBySubjectName, this.certificatePathOrSubjectCommonName, this.ShouldVerify); if (findResults?.Count > 0) { LogWithAppropriateLevel( tracer, metadata, findResults.OfType <X509Certificate2>(), string.Format( "Found {0} certificates by provided name. Matching DNs: {1}", findResults.Count, GetSubjectNameLineForLogging(findResults.OfType <X509Certificate2>()))); X509Certificate2[] certsWithMatchingCns = findResults .OfType <X509Certificate2>() .Where(x => x.HasPrivateKey && Regex.IsMatch(x.Subject, string.Format("(^|,\\s?)CN={0}(,|$)", this.certificatePathOrSubjectCommonName))) // We only want certificates, that have private keys, as we need them. We also want a complete CN match .OrderByDescending(x => this.certificateVerifier.Verify(x)) // Ordering by validity in a descending order will bring valid certificates to the beginning .ThenBy(x => x.NotBefore) // We take the one, that was issued earliest, first .ThenByDescending(x => x.NotAfter) // We then take the one, that is valid for the longest period .ToArray(); LogWithAppropriateLevel( tracer, metadata, certsWithMatchingCns, string.Format( "Found {0} certificates with a private key and an exact CN match. DNs (sorted by priority, will take first): {1}", certsWithMatchingCns.Length, GetSubjectNameLineForLogging(certsWithMatchingCns))); return(certsWithMatchingCns.FirstOrDefault()); } } } catch (CryptographicException cryptEx) { metadata.Add("Exception", cryptEx.ToString()); tracer.RelatedError(metadata, "Error, while searching for certificate in store"); return(null); } return(null); }
public void ExpiredSelfSignedCertificate() { CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); InputStream inputStream = new ByteArrayInputStream(Encoding.ASCII.GetBytes(ExpiredSelfSigned)); X509Certificate cert = (X509Certificate)certFactory.generateCertificate(inputStream); const string hostName = "foo.secure.example.com"; List certs = new ArrayList(); certs.add(cert); try { //no exception registered yet new SystemCertificateStore().verify(hostName, certs); Assert.Fail(); } catch (EntryPointNotFoundException exception) { } //register exception PreferencesFactory.get() .setProperty(hostName + ".certificate.accept", SystemCertificateStore.ConvertCertificate(cert).Thumbprint); Assert.IsTrue(new SystemCertificateStore().verify(hostName, certs)); }
protected virtual void Update() { View.WindowTitle = BookmarkNameProvider.toString(_host); View.Hostname = _host.getHostname(); View.HostFieldEnabled = _host.getProtocol().isHostnameConfigurable(); View.Nickname = BookmarkNameProvider.toString(_host); View.DownloadFolder = new DownloadDirectoryFinder().find(_host).getAbsolute(); View.URL = new HostUrlProvider(true, true).get(_host); View.Port = _host.getPort().ToString(); View.PortFieldEnabled = _host.getProtocol().isPortConfigurable(); View.PathFieldEnabled = _host.getProtocol().isPathConfigurable(); View.Path = _host.getDefaultPath(); View.Username = _host.getCredentials().getUsername(); View.UsernameEnabled = _options.user() && !_host.getCredentials().isAnonymousLogin(); View.UsernameLabel = $"{_host.getProtocol().getUsernamePlaceholder()}:"; View.Password = _host.getCredentials().getPassword(); View.PasswordLabel = $"{_options.getPasswordPlaceholder()}:"; View.PasswordEnabled = _options.password() && !_host.getCredentials().isAnonymousLogin(); View.AnonymousEnabled = _options.anonymous(); View.AnonymousChecked = _host.getCredentials().isAnonymousLogin(); View.SelectedProtocol = _host.getProtocol(); View.SelectedTransferMode = _host.getTransferType(); View.SelectedEncoding = _host.getEncoding() == null ? Default : _host.getEncoding(); View.EncodingFieldEnabled = _host.getProtocol().isEncodingConfigurable(); View.ConnectModeFieldEnabled = _host.getProtocol().getType() == Protocol.Type.ftp; View.SelectedConnectMode = _host.getFTPConnectMode(); View.PrivateKeyFieldEnabled = _options.publickey(); if (_host.getCredentials().isPublicKeyAuthentication()) { String key = _host.getCredentials().getIdentity().getAbsolute(); if (!_keys.Contains(key)) { _keys.Add(key); View.PopulatePrivateKeys(_keys); } View.SelectedPrivateKey = key; } else { View.SelectedPrivateKey = LocaleFactory.localizedString("None"); } View.ClientCertificateFieldEnabled = _options.certificate(); List <string> keys = new List <string> { LocaleFactory.localizedString("None") }; if (_options.certificate()) { foreach (String certificate in SystemCertificateStore.ListAliases()) { keys.Add(certificate); } } View.PopulateClientCertificates(keys); if (_host.getCredentials().isCertificateAuthentication()) { View.SelectedClientCertificate = _host.getCredentials().getCertificate(); } else { View.SelectedClientCertificate = LocaleFactory.localizedString("None"); } View.WebUrlButtonToolTip = new WebUrlProvider(_host).toUrl().getUrl(); View.WebURL = _host.getWebURL(); View.Notes = _host.getComment(); View.TimezoneFieldEnabled = !_host.getProtocol().isUTCTimezone(); if (null == _host.getTimezone()) { if (_host.getProtocol().isUTCTimezone()) { View.SelectedTimezone = UTC.getID(); } else { View.SelectedTimezone = TimeZone.getTimeZone(PreferencesFactory.get().getProperty("ftp.timezone.default")).getID(); } } else { View.SelectedTimezone = _host.getTimezone().getID(); } }
public void UntrustedSelfSignedCertificate() { String host = "-----BEGIN CERTIFICATE-----\n" + "MIIEcDCCAligAwIBAgIEAP+quzANBgkqhkiG9w0BAQUFADA2MQswCQYDVQQGEwJE\n" + "RTELMAkGA1UECAwCQlcxDTALBgNVBAoMBFNZU1MxCzAJBgNVBAMMAkNBMB4XDTE0\n" + "MDQxMDA3Mzg0MFoXDTE1MDQxMDA3Mzg0MFowQTELMAkGA1UEBhMCREUxCzAJBgNV\n" + "BAgMAkJXMQ0wCwYDVQQKDARTWVNTMRYwFAYDVQQDDA13d3cuZ29vZ2xlLmNoMIIB\n" + "IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8P4nPfLKOXtl+uOOUF7YO+mH\n" + "ee9hYHuDLusgyDpLEQAqnBHtBi6RCP5XmArpunNfTF8yls5QdyjKogJ6nXafzlGa\n" + "If1fe6iI/OMp9oUBdqJh2mU9OfZm5he9sLobunrVWqlm5fIbSRZkhZe5o8Dutcsa\n" + "p74TClaHbXTcsVbw6/aScXibj5ARIK71JgtPFUNp1QanF78GmXUu2MOROaz2duUF\n" + "LxzJJCxnNElNkt663LUjtgfbcEgKQDZ0k0uNchAyDHDIkNr6FmilgBmt1LI0sjdH\n" + "llY6Z/r8waH9ztTqlf78jG1AhmUSTbBNtYU92rqdRqPa21WBbhaEhNtFg8EZywID\n" + "AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy\n" + "YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU48hgd+eZiIeWwiDJ3XPIb6PI+0gw\n" + "HwYDVR0jBBgwFoAUWc4WPc0maSLX2fTyx9YLvqqPs8YwDQYJKoZIhvcNAQEFBQAD\n" + "ggIBAA8T4LM8FKvRQh+/UWmKkMFFMVcSav2UYYHwbDQ1G+38lKT9G1pddslA450H\n" + "XkaOZnRIb31+bgIK/WRt16sowt/wxK34p0kphKS7ubszF6SQI/rUF7Z/44MBnyng\n" + "CsJhO+hu9vk7qTBSx7wL5MI9lsmalzwmQhEnNBKyYxxwBKRpZzlns6bX/nysfIPd\n" + "lJ28Q01VfuFI4LZn6XoCgP3a5KMbvkFCcoQ0BWaJZUJXj8Taunn52+4yd02CojXJ\n" + "6jnM8asmeZLME7k4BZrYGzmEZWqEWlArltpo315/lEdgPvmmIsSMn3N3wi8IJnlj\n" + "1LRzDy3HF2m8Kk/3HPYorUKItEFdZ2yBHJd8SvrsoahoyqLN3rPkQ6TXFg5GD6XF\n" + "76GUMSbr92sjKtWI4fta5CZi2iRnQEhiuAW9mvmsr9/g9fHAvNbs8QjLfYxdG8KW\n" + "oLQIuTllXuQRiWJ6X33ea4seNDpD53I7rhZNhDxkns7YdEy9IsJjHJganVBY+/3f\n" + "15bn34p3g3mQlsnLA2WMX2ZyLrVWaEt82iIZKAFzHjO38fANno6IXh0HP1xy6uQd\n" + "37SZV2h0nUlJYw483RIUcJghkEBkKnIJInb6wGKXSpEZE2ObDJV0cH9vJflygh+G\n" + "P6IvpzJ9dGNO8yNuyxvxcG7C+yDjgWjXkHqBYDS8lY9rM0yk\n" + "-----END CERTIFICATE-----\n"; String ca = "-----BEGIN CERTIFICATE-----\n" + "MIIFPzCCAyegAwIBAgIJAODkvo4frTJPMA0GCSqGSIb3DQEBBQUAMDYxCzAJBgNV\n" + "BAYTAkRFMQswCQYDVQQIDAJCVzENMAsGA1UECgwEU1lTUzELMAkGA1UEAwwCQ0Ew\n" + "HhcNMTQwNDEwMDczODI2WhcNMjQwNDA5MDczODI2WjA2MQswCQYDVQQGEwJERTEL\n" + "MAkGA1UECAwCQlcxDTALBgNVBAoMBFNZU1MxCzAJBgNVBAMMAkNBMIICIjANBgkq\n" + "hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxYEqG0gr2sxp1KJtj8VKmv802cdfXvIv\n" + "3M10eB4weWtbRim/g8NcZUzPac5R672JxdQTpGERVl4y+6fxjjc9NsxuXBBoMOam\n" + "ihINUsZzhxQatQ0Vos9WHX9rVdVQXLnVDrfn//thx8pLCzN777q8xDYwuyNeiUzG\n" + "KVtlQV7ltbMTCL0jLRWiKe/pX27qDx0j+VipgohVZc6UHTFgbsWIn/x9tcCYaGPU\n" + "IORUDYKLxURgUxikGipGxEaLa4zyOoniH9LqAVKZ0mXGV2OKYQqppb60zPm/N5Ke\n" + "9R2fjBYdY8QAkkRDe6ZfEy9/+8dJTheVIxfQ2IAh4CKmgRCutlhD99n9xtUzXfJU\n" + "X8E7+t2SKgdkC3uQvLWdABO5cLqw+JC8kn1alz9mQDuhjq/63iJ9kFa3mv6/GCPd\n" + "oyQ5Ey+vqKwyWP/2Y42HF5Kj8eCiLV71Jf7Njifnnn6N7DgjHeJJPfLCBxmxFuiO\n" + "aB4P9fLvoUpLkCIE3bYVCXiHKc6NrZ7Bx/5QVA8471KDH9YngFF7DpbnqwYVdRys\n" + "kqMEupb2kUf0W0ObjLHAAUFMcPUdY081QFrVi9m78B2wAbW3ynguzrFBK4lmj6L3\n" + "5rQipe5lEVFUbDnMYLONz55kLROGyw8H4EhgRuGCPwpiJtWYq3Tyc7smEy8Y9JcS\n" + "iuskbUOgTgECAwEAAaNQME4wHQYDVR0OBBYEFFnOFj3NJmki19n08sfWC76qj7PG\n" + "MB8GA1UdIwQYMBaAFFnOFj3NJmki19n08sfWC76qj7PGMAwGA1UdEwQFMAMBAf8w\n" + "DQYJKoZIhvcNAQEFBQADggIBAC+mnC3rSJnDkKhMuL88DG0tErvHEUwL+qrgoeNN\n" + "1rOdXxv2hsVFfRMG9ieVvyMd9aHVvSgbWf43o0NHCX347eFWRq7n6A9QFNvcx4lD\n" + "DFgt8eptIgRAChbRg4QV0+GdsKeBSlOL/Y03zXwxvrCEpKBrluBYz8NZ4LTDtO6Q\n" + "g//+q0lnd49Gk1+PENzKKLVk2OzyQFh70o7pkm16KlpmQLnhvtkQJQPsOBVizk7v\n" + "hKtdUnn/fJytniJ5F4dZykH5GV4owILTRpjiuqO0BEOAznjvFDiMnzKif/jxX6XR\n" + "PMyqlWTk9VS23i1ghcU223+oeDiSNj8lbla8lHFcI8ztsvY469206pfCrK51FanL\n" + "dB/G7zd9P3zQRinwfaG9/9eL4nDsvPMVqotFiyrHhJJOAeZNQtRDB+e8c+334coS\n" + "Y6GQpdmCPQeL1grxH5g5VypkITPgq+aPmgHv6jk5cHdFhHy25tOwpdrk1ppN3ln4\n" + "GG2QjTbVnOEH01+ySZpB4eMaqF2wME0LQYuZo4OYz5Dfu565ft3E81TWqsaOxXyQ\n" + "kLHLnzzlATLh7F30aUV254MJTLwf4TL2/p4DJklo9t47iS1ckYAwtFYwgbDIziGZ\n" + "hJYa6ulLyko8z7MPf8OSOipYKOW/gXfV1XxMYh+k5qwaKLK4BsoXuwiB/kMVJtTJ\n" + "ndIN\n" + "-----END CERTIFICATE-----\n"; CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); InputStream his = new ByteArrayInputStream(Encoding.ASCII.GetBytes(host)); X509Certificate hostCert = (X509Certificate)certFactory.generateCertificate(his); InputStream cais = new ByteArrayInputStream(Encoding.ASCII.GetBytes(ca)); X509Certificate caCert = (X509Certificate)certFactory.generateCertificate(cais); const string hostName = "www.google.ch"; List certs = new ArrayList(); certs.add(hostCert); certs.add(caCert); try { //no exception registered yet new SystemCertificateStore().verify(hostName, certs); Assert.Fail(); } catch (EntryPointNotFoundException exception) { Console.WriteLine("TEST"); } //register exception PreferencesFactory.get() .setProperty(hostName + ".certificate.accept", SystemCertificateStore.ConvertCertificate(hostCert).Thumbprint); Assert.IsTrue(new SystemCertificateStore().verify(hostName, certs)); }