private string GetCommonName(X509Certificate2 certificate)
{
foreach (string element in X509Utils.ParseDistinguishedName(certificate.Subject))
{
if (element.StartsWith("CN=", StringComparison.OrdinalIgnoreCase))
{
return(element.Substring(3));
}
}
return("(unknown)");
}
private async Task DeleteExistingFromStore(string storePath)
{
if (String.IsNullOrEmpty(storePath))
{
return;
}
using (DirectoryCertificateStore store = (DirectoryCertificateStore)CertificateStoreIdentifier.OpenStore(storePath))
{
X509Certificate2Collection certificates = await store.Enumerate();
foreach (var certificate in certificates)
{
if (store.GetPrivateKeyFilePath(certificate.Thumbprint) != null)
{
continue;
}
List <string> fields = X509Utils.ParseDistinguishedName(certificate.Subject);
if (fields.Contains("CN=UA Local Discovery Server"))
{
continue;
}
if (store is DirectoryCertificateStore ds)
{
string path = Utils.GetAbsoluteFilePath(m_application.CertificatePublicKeyPath, true, false, false);
if (path != null)
{
if (String.Compare(path, ds.GetPublicKeyFilePath(certificate.Thumbprint), StringComparison.OrdinalIgnoreCase) == 0)
{
continue;
}
}
path = Utils.GetAbsoluteFilePath(m_application.CertificatePrivateKeyPath, true, false, false);
if (path != null)
{
if (String.Compare(path, ds.GetPrivateKeyFilePath(certificate.Thumbprint), StringComparison.OrdinalIgnoreCase) == 0)
{
continue;
}
}
}
await store.Delete(certificate.Thumbprint);
}
}
}
/// <summary>
/// Adds the certificate to the Trusted Certificate Store
/// </summary>
/// <param name="configuration">The application's configuration which specifies the location of the TrustedStore.</param>
/// <param name="certificate">The certificate to register.</param>
private static async Task AddToTrustedStore(ApplicationConfiguration configuration, X509Certificate2 certificate)
{
if (certificate == null)
{
throw new ArgumentNullException(nameof(certificate));
}
string storePath = null;
if (configuration != null && configuration.SecurityConfiguration != null && configuration.SecurityConfiguration.TrustedPeerCertificates != null)
{
storePath = configuration.SecurityConfiguration.TrustedPeerCertificates.StorePath;
}
if (String.IsNullOrEmpty(storePath))
{
Utils.Trace(Utils.TraceMasks.Information, "WARNING: Trusted peer store not specified.");
return;
}
try
{
ICertificateStore store = configuration.SecurityConfiguration.TrustedPeerCertificates.OpenStore();
if (store == null)
{
Utils.Trace("Could not open trusted peer store. StorePath={0}", storePath);
return;
}
try
{
// check if it already exists.
X509Certificate2Collection existingCertificates = await store.FindByThumbprint(certificate.Thumbprint);
if (existingCertificates.Count > 0)
{
return;
}
Utils.Trace(Utils.TraceMasks.Information, "Adding certificate to trusted peer store. StorePath={0}", storePath);
List <string> subjectName = X509Utils.ParseDistinguishedName(certificate.Subject);
// check for old certificate.
X509Certificate2Collection certificates = await store.Enumerate();
for (int ii = 0; ii < certificates.Count; ii++)
{
if (X509Utils.CompareDistinguishedName(certificates[ii], subjectName))
{
if (certificates[ii].Thumbprint == certificate.Thumbprint)
{
return;
}
await store.Delete(certificates[ii].Thumbprint);
break;
}
}
// add new certificate.
X509Certificate2 publicKey = new X509Certificate2(certificate.RawData);
await store.Add(publicKey);
}
finally
{
store.Close();
}
}
catch (Exception e)
{
Utils.Trace(e, "Could not add certificate to trusted peer store. StorePath={0}", storePath);
}
}
/// <summary>
/// Displays the dialog.
/// </summary>
public async Task<bool> ShowDialog(CertificateIdentifier certificate)
{
m_certificate = certificate;
CertificateStoreCTRL.StoreType = null;
CertificateStoreCTRL.StorePath = null;
CertificateStoreCTRL.ReadOnly = true;
ApplicationNameTB.Text = null;
ApplicationUriTB.Text = null;
OrganizationTB.Text = null;
DomainsTB.Text = System.Net.Dns.GetHostName();
SubjectNameTB.Text = null;
IssuerNameTB.Text = null;
ValidFromTB.Text = null;
ValidToTB.Text = null;
ThumbprintTB.Text = null;
if (certificate != null)
{
CertificateStoreCTRL.StoreType = certificate.StoreType;
CertificateStoreCTRL.StorePath = certificate.StorePath;
SubjectNameTB.Text = certificate.SubjectName;
ThumbprintTB.Text = certificate.Thumbprint;
X509Certificate2 data = await certificate.Find();
if (data != null)
{
// fill in subject name.
StringBuilder buffer = new StringBuilder();
foreach (string element in X509Utils.ParseDistinguishedName(data.Subject))
{
if (element.StartsWith("CN="))
{
ApplicationNameTB.Text = element.Substring(3);
}
if (element.StartsWith("O="))
{
OrganizationTB.Text = element.Substring(2);
}
if (buffer.Length > 0)
{
buffer.Append('/');
}
buffer.Append(element);
}
if (buffer.Length > 0)
{
SubjectNameTB.Text = buffer.ToString();
}
// fill in issuer name.
buffer = new StringBuilder();
foreach (string element in X509Utils.ParseDistinguishedName(data.Issuer))
{
if (buffer.Length > 0)
{
buffer.Append('/');
}
buffer.Append(element);
}
if (buffer.Length > 0)
{
IssuerNameTB.Text = buffer.ToString();
}
// fill in application uri.
string applicationUri = X509Utils.GetApplicationUriFromCertificate(data);
if (!String.IsNullOrEmpty(applicationUri))
{
ApplicationUriTB.Text = applicationUri;
}
// fill in domains.
buffer = new StringBuilder();
foreach (string domain in X509Utils.GetDomainsFromCertficate(data))
{
if (buffer.Length > 0)
{
buffer.Append(", ");
}
buffer.Append(domain);
}
if (buffer.Length > 0)
{
DomainsTB.Text = buffer.ToString();
}
ValidFromTB.Text = data.NotBefore.ToLocalTime().ToString("yyyy-MM-dd HH:mm:ss");
ValidToTB.Text = data.NotAfter.ToLocalTime().ToString("yyyy-MM-dd HH:mm:ss");
ThumbprintTB.Text = data.Thumbprint;
}
}
if (ShowDialog() != DialogResult.OK)
{
return false;
}
return true;
}
private async void ExportBTN_Click(object sender, EventArgs e)
{
try
{
const string caption = "Export Certificate";
if (m_currentDirectory == null)
{
m_currentDirectory = Utils.GetAbsoluteDirectoryPath("%LocalApplicationData%", false, false, false);
}
if (m_currentDirectory == null)
{
m_currentDirectory = Environment.CurrentDirectory;
}
X509Certificate2 certificate = await m_certificate.Find();
if (certificate == null)
{
MessageBox.Show("Cannot export an invalid certificate.", caption, MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
string displayName = null;
foreach (string element in X509Utils.ParseDistinguishedName(certificate.Subject))
{
if (element.StartsWith("CN="))
{
displayName = element.Substring(3);
break;
}
}
StringBuilder filePath = new StringBuilder();
if (!String.IsNullOrEmpty(displayName))
{
filePath.Append(displayName);
filePath.Append(" ");
}
filePath.Append("[");
filePath.Append(certificate.Thumbprint);
filePath.Append("].der");
SaveFileDialog dialog = new SaveFileDialog();
dialog.CheckFileExists = false;
dialog.CheckPathExists = true;
dialog.DefaultExt = ".der";
dialog.Filter = "Certificate Files (*.der)|*.der|All Files (*.*)|*.*";
dialog.ValidateNames = true;
dialog.Title = "Save Certificate File";
dialog.FileName = filePath.ToString();
dialog.InitialDirectory = m_currentDirectory;
if (dialog.ShowDialog() != DialogResult.OK)
{
return;
}
FileInfo fileInfo = new FileInfo(dialog.FileName);
m_currentDirectory = fileInfo.DirectoryName;
// save the file.
using (Stream ostrm = fileInfo.Open(FileMode.Create, FileAccess.ReadWrite, FileShare.None))
{
byte[] data = certificate.RawData;
ostrm.Write(data, 0, data.Length);
}
}
catch (Exception exception)
{
GuiUtils.HandleException(this.Text, System.Reflection.MethodBase.GetCurrentMethod(), exception);
}
}
/// <summary>
/// Updates an item in the view.
/// </summary>
protected override void UpdateItem(ListViewItem listItem, object item)
{
X509Certificate2 certificate = item as X509Certificate2;
if (certificate == null)
{
base.UpdateItem(listItem, item);
return;
}
listItem.SubItems[0].Text = null;
listItem.SubItems[1].Text = null;
listItem.SubItems[2].Text = null;
listItem.SubItems[3].Text = null;
listItem.SubItems[4].Text = null;
listItem.SubItems[5].Text = null;
if (certificate != null)
{
List <string> fields = X509Utils.ParseDistinguishedName(certificate.Subject);
for (int ii = 0; ii < fields.Count; ii++)
{
if (fields[ii].StartsWith("CN="))
{
listItem.SubItems[0].Text = fields[ii].Substring(3);
}
if (fields[ii].StartsWith("DC="))
{
listItem.SubItems[1].Text = fields[ii].Substring(3);
}
}
if (String.IsNullOrEmpty(listItem.SubItems[0].Text))
{
listItem.SubItems[0].Text = String.Format("{0}", certificate.Subject);
}
// determine certificate type.
foreach (X509Extension extension in certificate.Extensions)
{
X509BasicConstraintsExtension basicContraints = extension as X509BasicConstraintsExtension;
if (basicContraints != null)
{
if (basicContraints.CertificateAuthority)
{
listItem.SubItems[1].Text = "CA";
}
else
{
listItem.SubItems[1].Text = "End-Entity";
}
break;
}
}
// check if a private key is available.
if (certificate.HasPrivateKey)
{
listItem.SubItems[2].Text = "Yes";
}
else
{
listItem.SubItems[2].Text = "No";
}
// look up domains.
IList <string> domains = X509Utils.GetDomainsFromCertficate(certificate);
StringBuilder buffer = new StringBuilder();
for (int ii = 0; ii < domains.Count; ii++)
{
if (buffer.Length > 0)
{
buffer.Append(";");
}
buffer.Append(domains[ii]);
}
listItem.SubItems[3].Text = buffer.ToString();
listItem.SubItems[4].Text = X509Utils.GetApplicationUriFromCertificate(certificate);
listItem.SubItems[5].Text = String.Format("{0:yyyy-MM-dd}", certificate.NotAfter);
}
listItem.ImageKey = GuiUtils.Icons.Certificate;
listItem.Tag = item;
}
public List <string> GetDomainNames(X509Certificate2 certificate)
{
List <string> domainNames = new List <string>();
if (!String.IsNullOrEmpty(Domains))
{
var domains = Domains.Split(',');
List <string> trimmedDomains = new List <string>();
foreach (var domain in domains)
{
var d = domain.Trim();
if (d.Length > 0)
{
trimmedDomains.Add(d);
}
}
if (trimmedDomains.Count > 0)
{
return(trimmedDomains);
}
}
if (DiscoveryUrl != null)
{
foreach (var discoveryUrl in DiscoveryUrl)
{
if (Uri.IsWellFormedUriString(discoveryUrl, UriKind.Absolute))
{
string name = new Uri(discoveryUrl).DnsSafeHost;
if (name == "localhost")
{
name = Utils.GetHostName();
}
bool found = false;
//domainNames.Any(n => String.Compare(n, name, StringComparison.OrdinalIgnoreCase) == 0);
foreach (var domainName in domainNames)
{
if (String.Compare(domainName, name, StringComparison.OrdinalIgnoreCase) == 0)
{
found = true;
break;
}
}
if (!found)
{
domainNames.Add(name);
}
}
}
}
if (domainNames != null && domainNames.Count > 0)
{
return(domainNames);
}
if (certificate != null)
{
var names = X509Utils.GetDomainsFromCertficate(certificate);
if (names != null && names.Count > 0)
{
domainNames.AddRange(names);
return(domainNames);
}
var fields = X509Utils.ParseDistinguishedName(certificate.Subject);
string name = null;
foreach (var field in fields)
{
if (field.StartsWith("DC=", StringComparison.Ordinal))
{
if (name != null)
{
name += ".";
}
name += field.Substring(3);
}
}
if (names != null)
{
domainNames.AddRange(names);
return(domainNames);
}
}
domainNames.Add(Utils.GetHostName());
return(domainNames);
}
