public static X509Certificate[] GetCertificateChain(this SystemX509.X509Certificate2 cert2)
{
List <X509Certificate> list = new List <X509Certificate>();
SystemX509.X509Chain chain = new SystemX509.X509Chain();
chain.ChainPolicy.RevocationFlag = SystemX509.X509RevocationFlag.EntireChain;
chain.ChainPolicy.RevocationMode = SystemX509.X509RevocationMode.Online;
chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 30);
chain.ChainPolicy.VerificationFlags = SystemX509.X509VerificationFlags.NoFlag;
if (chain.Build(cert2) == true)
{
foreach (SystemX509.X509ChainElement element in chain.ChainElements)
{
list.Add(new X509CertificateParser().ReadCertificate(element.Certificate.GetRawCertData()));
}
}
else
{
list.Add(new X509CertificateParser().ReadCertificate(cert2.GetRawCertData()));
}
return(list.ToArray());
}
public static void DisplayCertificate (X509Certificate2 certificate, IntPtr hwndParent)
{
if (certificate == null)
throw new ArgumentNullException ("certificate");
/*byte[] raw = */ certificate.GetRawCertData ();
throw new NotImplementedException ();
}
public static XadesInfo GetXadesInfo(X509Certificate2 certificate)
{
XadesInfo xadesInfo = new XadesInfo();
xadesInfo.RawPK = Convert.ToBase64String(certificate.GetRawCertData());
xadesInfo.SigningDateTimeUTC = DateTime.UtcNow;
TimeSpan delta = TimeZoneInfo.Local.GetUtcOffset(DateTime.Now);
xadesInfo.TimeZoneOffsetMinutes = Convert.ToInt32(delta.TotalMinutes);
return xadesInfo;
}
public static void DisplayCertificate(X509Certificate2 certificate, IntPtr hwndParent)
{
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
/*byte[] raw = */ certificate.GetRawCertData();
throw new NotImplementedException();
}
private CertificateSet CreateCertificate()
{
//TODO: randomize the password
string password = "******";
CertificateSet certificateSet = new CertificateSet
{
Password = password,
PfxRawData =
Certificate.CreateSelfSignCertificatePfx("O=tnLabs1,CN=tnLabs,SN=tnLabs3",
DateTime.Now.AddDays(-1), DateTime.Now.AddYears(10), password)
};
//CN is showed in the Azure Management
X509Certificate2 cert = new X509Certificate2(certificateSet.PfxRawData, password);
certificateSet.CerRawData = cert.GetRawCertData();
return certificateSet;
}
public static CertificadoDigital GetCertificadoDigital_v2(byte[] archivoCer)
{
var srtBase64 = "";
var certificado = new CertificadoDigital();
System.Security.Cryptography.X509Certificates.X509Certificate2 certEmisor = new System.Security.Cryptography.X509Certificates.X509Certificate2();
byte[] data = archivoCer;
certEmisor.Import(data);
srtBase64 = Convert.ToBase64String(certEmisor.GetRawCertData());
certificado.Certificado = certEmisor.GetRawCertDataString();
certificado.CertificadoBase64 = srtBase64;
byte[] byteArray = certEmisor.GetSerialNumber();
//string test = byteArray.ToString();
string strSerialHex = certEmisor.GetSerialNumberString();
string serialTest2 = certEmisor.SerialNumber;
var strSerial = ConvertHexToString(strSerialHex);
//var str = System.Text.Encoding.Default.GetString(byteArray);
//string result = System.Text.Encoding.UTF8.GetString(byteArray);
//System.Text.Encoding enc = System.Text.Encoding.ASCII;
//string myString = enc.GetString(byteArray);
//string s = System.Text.UTF8Encoding.UTF8.GetString(byteArray);
//char[] array = str.ToCharArray();
//Array.Reverse(array);
//var nuevoStr = new string(array);
certificado.NoCertificado = strSerial;//str;
return(certificado);
}
public static string GetSignedRequestXades(string request, X509Certificate2 certificate, string privateKeyPassword)
{
var originalDoc = new XmlDocument() { PreserveWhitespace = _PRESERVE_WHITESPACE };
originalDoc.LoadXml(request);
var signatureid = String.Format("xmldsig-{0}", Guid.NewGuid().ToString().ToLower());
var signedXml = GetXadesSignedXml(certificate, originalDoc, signatureid, privateKeyPassword);
var keyInfo = GetKeyInfo(Convert.ToBase64String(certificate.GetRawCertData()));
signedXml.KeyInfo = keyInfo;
var xadesInfo = GetXadesInfo(certificate);
var xadesObject = GetXadesObject(xadesInfo, signatureid);
signedXml.AddXadesObject(xadesObject);
signedXml.ComputeSignature();
InjectSignatureToOriginalDoc(signedXml, originalDoc);
return originalDoc.OuterXml;
}
protected override void ProcessRecord()
{
if (!System.IO.Path.IsPathRooted(CertPath))
{
CertPath = System.IO.Path.Combine(SessionState.Path.CurrentFileSystemLocation.Path, CertPath);
}
var cert = new X509Certificate2(CertPath);
var rawCert = cert.GetRawCertData();
var base64Cert = Convert.ToBase64String(rawCert);
var rawCertHash = cert.GetCertHash();
var base64CertHash = Convert.ToBase64String(rawCertHash);
var keyId = Guid.NewGuid().ToString();
var output = string.Format("\"keyCredentials\": [\n\t{{\n\t\t\"customKeyIdentifier\": \"{0}\",\n\t\t\"keyId\": \"{1}\",\n\t\t\"type\": \"AsymmetricX509Cert\",\n\t\t\"usage\": \"Verify\",\n\t\t\"value\": \"{2}\"\n\t}}\n],", base64CertHash, keyId, base64Cert);
WriteObject(output);
}
internal void SetCertificate(X509Certificate2 certificate)
{
if (certificate == null)
throw new ArgumentNullException("certificate");
_certificate = certificate;
// persist to the part
Byte[] byteArray = _certificate.GetRawCertData();
// FileMode.Create will ensure that the stream will shrink if overwritten
using (Stream s = _part.GetStream(FileMode.Create, FileAccess.Write))
{
s.Write(byteArray, 0, byteArray.Length);
}
}
static HttpContent GetPatchContent(JObject appObject, X509Certificate2 certificate)
{
var cred = new JObject();
cred["startDate"] = DateTime.UtcNow.ToString("o");
cred["endDate"] = DateTime.UtcNow.AddYears(1).ToString("o");
cred["type"] = "AsymmetricX509Cert";
cred["usage"] = "Verify";
cred["customKeyIdentifier"] = Convert.ToBase64String(certificate.GetCertHash());
cred["value"] = Convert.ToBase64String(certificate.GetRawCertData());
var creds = GetKeyCredentials(appObject);
creds.Add(cred);
var json = new JObject();
json["odata.type"] = "Microsoft.DirectoryServices.Application";
json["*****@*****.**"] = "Collection(Microsoft.DirectoryServices.KeyCredential)";
json["keyCredentials"] = creds;
return new StringContent(json.ToString(Newtonsoft.Json.Formatting.None), Encoding.UTF8, "application/json");
}
public static void WriteCertificate(X509Certificate2 cert)
{
byte[] certBytes = cert.GetRawCertData();
string fileName = string.Format("{0}.cer", cert.SerialNumber);
File.WriteAllBytes(fileName, certBytes);
Console.WriteLine("Wrote: " + fileName);
}
public static string serialize(X509Certificate2 certificate)
{
var data = certificate.GetRawCertData();
return Convert.ToBase64String(data);
}
public static Asn1EncodableVector GenerateSignerInfo(X509Certificate2 cert,
String digestAlgorithmName,
byte[] datos,
AdESPolicy policy,
bool signingCertificateV2,
byte[] messageDigest,
DateTime signDate,
bool padesMode,
String contentType,
String contentDescription)
{
// ALGORITMO DE HUELLA DIGITAL
AlgorithmIdentifier digestAlgorithmOID = SigUtils.MakeAlgId(AOAlgorithmID.GetOID(digestAlgorithmName));
// // ATRIBUTOS
// authenticatedAttributes
Asn1EncodableVector contexExpecific = InitContexExpecific(
digestAlgorithmName,
datos,
Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Data.Id,
messageDigest,
signDate,
padesMode
);
// Serial Number
// comentar lo de abajo para version del rfc 3852
if (signingCertificateV2)
{
// INICIO SINGING CERTIFICATE-V2
/** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber
* CertificateSerialNumber */
TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(
new Org.BouncyCastle.X509.X509Certificate(
X509CertificateStructure.GetInstance(
Asn1Object.FromByteArray(
cert.GetRawCertData()))).GetTbsCertificate()));
GeneralNames gns = new GeneralNames(new GeneralName(tbs.Issuer));
IssuerSerial isuerSerial = new IssuerSerial(gns, tbs.SerialNumber);
/** ESSCertIDv2 ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier
* DEFAULT {algorithm id-sha256}, certHash Hash, issuerSerial
* IssuerSerial OPTIONAL }
* Hash ::= OCTET STRING */
byte[] certHash = Digester.Digest(cert.GetRawCertData(), digestAlgorithmName);
EssCertIDv2[] essCertIDv2 = { new EssCertIDv2(digestAlgorithmOID, certHash, isuerSerial) };
/** PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId,
* policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo
* OPTIONAL }
* CertPolicyId ::= OBJECT IDENTIFIER
* PolicyQualifierInfo ::= SEQUENCE { policyQualifierId
* PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */
SigningCertificateV2 scv2;
if (policy.GetPolicyIdentifier() != null)
{
/** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF
* ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL
* } */
scv2 = new SigningCertificateV2(essCertIDv2, GetPolicyInformation(policy)); // con politica
}
else
{
scv2 = new SigningCertificateV2(essCertIDv2); // Sin politica
}
// Secuencia con singningCertificate
contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2)));
// FIN SINGING CERTIFICATE-V2
}
else
{
// INICIO SINGNING CERTIFICATE
/** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber
* CertificateSerialNumber } */
TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(
new Org.BouncyCastle.X509.X509Certificate(
X509CertificateStructure.GetInstance(
Asn1Object.FromByteArray(
cert.GetRawCertData()))).GetTbsCertificate()));
GeneralName gn = new GeneralName(tbs.Issuer);
GeneralNames gns = new GeneralNames(gn);
IssuerSerial isuerSerial = new IssuerSerial(gns, tbs.SerialNumber);
/** ESSCertID ::= SEQUENCE { certHash Hash, issuerSerial IssuerSerial
* OPTIONAL }
* Hash ::= OCTET STRING -- SHA1 hash of entire certificate */
byte[] certHash = Digester.Digest(cert.GetRawCertData(), digestAlgorithmName);
EssCertID essCertID = new EssCertID(certHash, isuerSerial);
/** PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId,
* policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo
* OPTIONAL }
* CertPolicyId ::= OBJECT IDENTIFIER
* PolicyQualifierInfo ::= SEQUENCE { policyQualifierId
* PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */
SigningCertificate scv;
if (policy.GetPolicyIdentifier() != null)
{
/** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF
* ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL
* } */
/*
* HAY QUE HACER UN SEQUENCE, YA QUE EL CONSTRUCTOR DE BOUNCY
* CASTLE NO TIENE DICHO CONSTRUCTOR.
*/
Asn1EncodableVector v = new Asn1EncodableVector();
v.Add(new DerSequence(essCertID));
v.Add(new DerSequence(GetPolicyInformation(policy)));
scv = SigningCertificate.GetInstance(new DerSequence(v)); // con politica
}
else
{
scv = new SigningCertificate(essCertID); // Sin politica
}
/** id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
* member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16)
* id-aa(2) 12 } */
// Secuencia con singningCertificate
contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(scv)));
}
// INICIO SIGPOLICYID ATTRIBUTE
if (policy.GetPolicyIdentifier() != null)
{
/**
* SigPolicyId ::= OBJECT IDENTIFIER Politica de firma.
*/
DerObjectIdentifier doiSigPolicyId = new DerObjectIdentifier(policy.GetPolicyIdentifier().ToLower().Replace("urn:oid:", ""));
/**
* OtherHashAlgAndValue ::= SEQUENCE {
* hashAlgorithm AlgorithmIdentifier,
* hashValue OCTET STRING }
*
*/
// Algoritmo para el hash
AlgorithmIdentifier hashid;
// si tenemos algoritmo de calculo de hash, lo ponemos
if (policy.GetPolicyIdentifierHashAlgorithm() != null)
{
hashid = SigUtils.MakeAlgId(
AOAlgorithmID.GetOID(
AOSignConstants.GetDigestAlgorithmName(
policy.GetPolicyIdentifierHashAlgorithm())));
}
// si no tenemos, ponemos el algoritmo de firma.
else
{
hashid = digestAlgorithmOID;
}
// hash del documento, descifrado en b64
byte[] hashed;
if (policy.GetPolicyIdentifierHash() != null)
{
hashed = System.Convert.FromBase64String(policy.GetPolicyIdentifierHash());
}
else
{
hashed = new byte[] { 0 };
}
DigestInfo otherHashAlgAndValue = new DigestInfo(hashid, hashed);
/**
* SigPolicyQualifierInfo ::= SEQUENCE {
* SigPolicyQualifierId SigPolicyQualifierId,
* SigQualifier ANY DEFINED BY policyQualifierId }
*/
AOSigPolicyQualifierInfo spqInfo = null;
if (policy.GetPolicyQualifier() != null)
{
spqInfo = new AOSigPolicyQualifierInfo(policy.GetPolicyQualifier().ToString());
}
/**
* SignaturePolicyId ::= SEQUENCE {
* sigPolicyId SigPolicyId,
* sigPolicyHash SigPolicyHash,
* sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF
* AOSigPolicyQualifierInfo OPTIONAL}
*
*/
Asn1EncodableVector v = new Asn1EncodableVector();
// sigPolicyId
v.Add(doiSigPolicyId);
// sigPolicyHash
v.Add(otherHashAlgAndValue.ToAsn1Object()); // como sequence
// sigPolicyQualifiers
if (spqInfo != null)
{
v.Add(spqInfo.toASN1Primitive());
}
DerSequence ds = new DerSequence(v);
// Secuencia con singningCertificate
contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAAEtsSigPolicyID, new DerSet(ds.ToAsn1Object())));
// FIN SIGPOLICYID ATTRIBUTE
}
/**
* Secuencia con el tipo de contenido firmado. No se agrega en firmas PAdES.
*
* ContentHints ::= SEQUENCE {
* contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL,
* contentType ContentType }
*/
if (contentType != null && !padesMode)
{
ContentHints contentHints;
if (contentDescription != null)
{
contentHints = new ContentHints(new DerObjectIdentifier(contentType),
new DerUtf8String(contentDescription));
}
else
{
contentHints = new ContentHints(new DerObjectIdentifier(contentType));
}
contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(
Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAAContentHint,
new DerSet(contentHints.ToAsn1Object())));
}
return contexExpecific;
}
public void Ctor_FileName ()
{
string tempFile = Path.GetTempFileName ();
try {
using (FileStream fs = File.OpenWrite (tempFile)) {
fs.Write (cert_1, 0, cert_1.Length);
fs.Close ();
}
X509Certificate2 cert = new X509Certificate2 (tempFile);
Assert.IsNotNull (cert.RawData, "#C1");
Assert.AreEqual (cert_1.Length, cert.RawData.Length, "#C2");
Assert.AreEqual (cert_1, cert.RawData, "#C3");
Assert.IsNotNull (cert.GetRawCertData (), "#C4");
Assert.AreEqual (cert_1.Length, cert.GetRawCertData ().Length, "#C5");
Assert.AreEqual (cert_1, cert.GetRawCertData (), "#C6");
Assert.IsFalse (cert.HasPrivateKey, "#C7");
Assert.IsNull (cert.PrivateKey, "#C8");
}
finally {
File.Delete (tempFile);
}
}
public void TestDigest()
{
String serviceFingerprint = "96964dfed390fc3a884d897f00bc4446cb9d9429";
String serviceCertificateString = "MIIB8zCCAVygAwIBAgIETSMjbDANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJCRTEPMA0GA1UEChMGRmVkSUNUMQ8wDQYDVQQLEwZGZWRJQ1QxDTALBgNVBAMTBFRlc3QwHhcNMTEwMTA0MTM0MTAwWhcNMTEwNzAzMTM0MTAwWjA+MQswCQYDVQQGEwJCRTEPMA0GA1UEChMGRmVkSUNUMQ8wDQYDVQQLEwZGZWRJQ1QxDTALBgNVBAMTBFRlc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIWZDsOroiTb8rlDy6GoUhoG632DGSPjcvHHr/PVT1qsv7+goC6gUPo/4HHxSS67oJZxMABYYLFosBM/wtz5MIBlfCZYcxaVwhxd8HbWtzkBWvaZ9UobWoa83DL5ns1g4zOYkYA4KMBzDTP/s36dVT4vnB0WQvjqxHFtheoNacDNAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAecWebvuTk04zuYO7npHgpNi0IgmOafBW9mmeQBWq7gJlm5sy8nK/HJjtmRxjnRzo+iQ89On5Acipg5H0PIH5HVLf4zoLdH86tohzj0ohpw+rUma4aCwhyQfO+QqS2PokHM7elF0yUNYrZdoY3InoYuXvS1oejGeOJ6wiZ4dqN/c=";
X509Certificate2 serviceCertificate = new X509Certificate2(Convert.FromBase64String(serviceCertificateString));
Assert.NotNull(serviceCertificate);
String resultServiceCertificateString = Convert.ToBase64String(serviceCertificate.GetRawCertData());
Assert.True(serviceCertificateString.Equals(resultServiceCertificateString));
byte[] actualServiceFingerprint = SHA1.Create().ComputeHash(serviceCertificate.GetRawCertData());
String resultFingerprint = BitConverter.ToString(actualServiceFingerprint).Replace("-", "").ToLower();
Console.WriteLine("result: " + resultFingerprint);
Assert.True(serviceFingerprint.Equals(resultFingerprint));
}
/// <summary cref="ICertificateStore.Add(X509Certificate2)" />
public void Add(X509Certificate2 certificate)
{
if (certificate == null) throw new ArgumentNullException("certificate");
lock (m_lock)
{
IntPtr hStore = IntPtr.Zero;
IntPtr pCertContext = IntPtr.Zero;
// get the DER encoded data.
byte[] buffer = certificate.GetRawCertData();
IntPtr pData = Copy(buffer);
// find the certificate.
try
{
// open store.
hStore = OpenStore(false, true, true);
// check for existing certificate.
pCertContext = FindCertificate(hStore, certificate.Thumbprint);
if (pCertContext != IntPtr.Zero)
{
throw ServiceResultException.Create(
StatusCodes.BadUnexpectedError,
"Certificate is already in the store.\r\nType={0}, Name={1}, Subject={2}",
m_storeType,
m_symbolicName,
certificate.Subject);
}
// add certificate.
Opc.Ua.CertificateFactory.AddCertificateToWindowsStore(
m_storeType == WindowsStoreType.LocalMachine,
m_symbolicName,
certificate);
}
finally
{
if (pData != IntPtr.Zero)
{
Marshal.FreeHGlobal(pData);
}
if (pCertContext != IntPtr.Zero)
{
NativeMethods.CertFreeCertificateContext(pCertContext);
}
if (hStore != IntPtr.Zero)
{
NativeMethods.CertCloseStore(hStore, 0);
}
}
}
}
/// <summary>
/// Inserta en la lista de certificados el certificado y comprueba la valided del certificado.
/// </summary>
/// <param name="cert"></param>
/// <param name="unsignedProperties"></param>
/// <param name="addCertValue"></param>
/// <param name="extraCerts"></param>
private void AddCertificate(X509Certificate2 cert, UnsignedProperties unsignedProperties, bool addCert, X509Certificate2[] extraCerts = null)
{
if (addCert)
{
if (CertificateChecked(cert, unsignedProperties))
{
return;
}
string guidCert = Guid.NewGuid().ToString();
Cert chainCert = new Cert();
chainCert.IssuerSerial.X509IssuerName = cert.IssuerName.Name;
chainCert.IssuerSerial.X509SerialNumber = CertUtil.HexToDecimal(cert.SerialNumber);
DigestUtil.SetCertDigest(cert.GetRawCertData(), _firma.RefsDigestMethod, chainCert.CertDigest);
chainCert.URI = "#Cert" + guidCert;
unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.CertRefs.CertCollection.Add(chainCert);
EncapsulatedX509Certificate encapsulatedX509Certificate = new EncapsulatedX509Certificate();
encapsulatedX509Certificate.Id = "Cert" + guidCert;
encapsulatedX509Certificate.PkiData = cert.GetRawCertData();
unsignedProperties.UnsignedSignatureProperties.CertificateValues.EncapsulatedX509CertificateCollection.Add(encapsulatedX509Certificate);
}
var chain = CertUtil.GetCertChain(cert, extraCerts).ChainElements;
if (chain.Count > 1)
{
X509ChainElementEnumerator enumerator = chain.GetEnumerator();
enumerator.MoveNext(); // el mismo certificado que el pasado por parametro
enumerator.MoveNext();
bool valid = ValidateCertificateByCRL(unsignedProperties, cert, enumerator.Current.Certificate);
if (!valid)
{
var ocspCerts = ValidateCertificateByOCSP(unsignedProperties, cert, enumerator.Current.Certificate);
if (ocspCerts != null)
{
X509Certificate2 startOcspCert = DetermineStartCert(new List<X509Certificate2>(ocspCerts));
if (startOcspCert.IssuerName.Name != enumerator.Current.Certificate.SubjectName.Name)
{
var chainOcsp = CertUtil.GetCertChain(startOcspCert, ocspCerts);
AddCertificate(chainOcsp.ChainElements[1].Certificate, unsignedProperties, true, ocspCerts);
}
}
}
AddCertificate(enumerator.Current.Certificate, unsignedProperties, true, extraCerts);
}
}
private void ConfigureCertInstall(IOfferRemoteOperations server, X509Certificate2 cert)
{
var certScript = string.Format("[byte[]]$byteArray = {0}; $myCert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2(,$byteArray); ", string.Join(",", cert.GetRawCertData()));
certScript += string.Format("$store = new-object System.Security.Cryptography.X509Certificates.X509Store('{0}', '{1}'); $store.open(“MaxAllowed”); $store.add($myCert); $store.close();", StoreName.My, StoreLocation.LocalMachine);
server.ExecuteRemote.PowerShell(certScript, o => o.WaitIntervalInSeconds(15).RetryAttempts(3));
}
[Test] // bug #79028
public void Ctor_FileName_Password ()
{
string tempFile = Path.GetTempFileName ();
try {
using (FileStream fs = File.OpenWrite (tempFile)) {
fs.Write (cert_1, 0, cert_1.Length);
fs.Close ();
}
// password isn't required but supplied
X509Certificate2 cert = new X509Certificate2 (tempFile, "mono");
Assert.IsNotNull (cert.RawData, "#1");
Assert.AreEqual (cert_1.Length, cert.RawData.Length, "#2");
Assert.AreEqual (cert_1, cert.RawData, "#3");
Assert.IsNotNull (cert.GetRawCertData (), "#4");
Assert.AreEqual (cert_1.Length, cert.GetRawCertData ().Length, "#5");
Assert.AreEqual (cert_1, cert.GetRawCertData (), "#6");
}
finally {
File.Delete (tempFile);
}
}
private static void InstallCertificateMono(X509Certificate2 cert, ushort port)
{
string dirname = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
string path = Path.Combine(dirname, ".mono");
path = Path.Combine(path, "httplistener");
string cert_file = Path.Combine(path, String.Format("{0}.cer", port));
string pvk_file = Path.Combine(path, String.Format("{0}.pvk", port));
Directory.CreateDirectory(path);
WriteCertificate(cert_file, cert.GetRawCertData());
var privKey = new PrivateKey();
privKey.RSA = (RSA)cert.PrivateKey;
privKey.Save(pvk_file);
}
/// <summary cref="ICertificateStore.Add(X509Certificate2)" />
public void Add(X509Certificate2 certificate)
{
if (certificate == null) throw new ArgumentNullException("certificate");
lock (m_lock)
{
byte[] data = null;
// check for certificate file.
Entry entry = Find(certificate.Thumbprint);
if (entry != null)
{
throw new ArgumentException("A certificate with the same thumbprint is already in the store.");
}
if (certificate.HasPrivateKey)
{
data = certificate.Export(X509ContentType.Pkcs12, new System.Security.SecureString());
}
else
{
data = certificate.GetRawCertData();
}
// build file name.
string fileName = GetFileName(certificate);
// write the private and public key.
WriteFile(data, fileName, certificate.HasPrivateKey);
if (certificate.HasPrivateKey)
{
WriteFile(certificate.GetRawCertData(), fileName, false);
}
m_lastDirectoryCheck = DateTime.MinValue;
}
}
/// <summary>
/// Adds the certificate to the Trusted Certificate Store
/// </summary>
/// <param name="configuration">The application's configuration which specifies the location of the TrustedStore.</param>
/// <param name="certificate">The certificate to register.</param>
private static void AddToTrustedStore(ApplicationConfiguration configuration, X509Certificate2 certificate)
{
string storePath = null;
if (configuration != null && configuration.SecurityConfiguration != null && configuration.SecurityConfiguration.TrustedPeerCertificates != null)
{
storePath = configuration.SecurityConfiguration.TrustedPeerCertificates.StorePath;
}
if (String.IsNullOrEmpty(storePath))
{
Utils.Trace(Utils.TraceMasks.Information, "WARNING: Trusted peer store not specified.");
return;
}
try
{
ICertificateStore store = configuration.SecurityConfiguration.TrustedPeerCertificates.OpenStore();
if (store == null)
{
Utils.Trace("Could not open trusted peer store. StorePath={0}", storePath);
return;
}
try
{
// check if it already exists.
X509Certificate2 certificate2 = store.FindByThumbprint(certificate.Thumbprint);
if (certificate2 != null)
{
return;
}
Utils.Trace(Utils.TraceMasks.Information, "Adding certificate to trusted peer store. StorePath={0}", storePath);
List<string> subjectName = Utils.ParseDistinguishedName(certificate.Subject);
// check for old certificate.
X509Certificate2Collection certificates = store.Enumerate();
for (int ii = 0; ii < certificates.Count; ii++)
{
if (Utils.CompareDistinguishedName(certificates[ii], subjectName))
{
if (certificates[ii].Thumbprint == certificate.Thumbprint)
{
return;
}
store.Delete(certificates[ii].Thumbprint);
break;
}
}
// add new certificate.
X509Certificate2 publicKey = new X509Certificate2(certificate.GetRawCertData());
store.Add(publicKey);
}
finally
{
store.Close();
}
}
catch (Exception e)
{
Utils.Trace(e, "Could not add certificate to trusted peer store. StorePath={0}", storePath);
}
}
/// <summary>
/// Read CA private key file from .key or pfx file
/// Read data from certificate request file .csr
/// Generate signed certificate request file .cer
/// </summary>
/// <param name="signedCERFile"></param>
/// <param name="privateKeyFile"></param>
/// <param name="v"></param>
/// <param name="password"></param>
private async void GenerateCerFile(string certRequestFile,
string privateKeyFile,
string generateSignedCertificateFile,
string password, string friendlyName,
DateTime startDate, DateTime endDate)
{
#region LoadCertificate
// read public & private key from file
AsymmetricKeyParameter privateKey = null;
AsymmetricKeyParameter publicKey = null;
System.Security.Cryptography.X509Certificates.X509Certificate2 issuerCertificate = null;
Org.BouncyCastle.X509.X509Certificate issuerCertificateX509 = null;
// Ovo NE radi
//issuerCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(
// privateKeyFile,
// password
// );
// Ovo RADI
issuerCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(
privateKeyFile,
password,
System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable
);
// This doesn't work for selfsign certificate
//bool isOK = issuerCertificate.Verify();
bool isHasPrivateKey = issuerCertificate.HasPrivateKey;
DateTime noAfter = issuerCertificate.NotAfter;
DateTime noBefore = issuerCertificate.NotBefore;
X509ExtensionCollection x509extensions = issuerCertificate.Extensions;
int errorNum = 0;
X509CertificateParser parser = new X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate bouncyCertificate = parser.ReadCertificate(issuerCertificate.RawData);
BasicConstraints basicConstraints = null;
bool isCa = false;
Asn1OctetString str = bouncyCertificate.GetExtensionValue(new DerObjectIdentifier("2.5.29.19"));
if (str != null)
{
basicConstraints = BasicConstraints.GetInstance(
X509ExtensionUtilities.FromExtensionValue(str));
if (basicConstraints != null)
{
isCa = basicConstraints.IsCA();
}
}
if (!isCa)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "Loaded CA file: " + privateKeyFile + " IS NOT CA authority certificate file!" + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
// This doesn't work for selfsign certificate
//if (!isOK)
//{
// errorNum++;
// Brush bckForeground = tbOutputMessageBox.Foreground;
// tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
// tbOutputMessageBox.Text += "File with CA certificate NOT valid." + "\n";
// tbOutputMessageBox.Foreground = bckForeground;
//}
if (!isHasPrivateKey)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "File with CA certificate DOES NOT have a private key." + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
if (noBefore > startDate)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "File with CA certificate start date: " + startDate.ToLocalTime() + " DOES NOT valid value. Certificate start date is: " + noBefore.ToLocalTime() + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
if (noAfter < endDate)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "File with CA certificate end date: " + endDate.ToLocalTime() + " DOES NOT valid value. Certificate end date is: " + noAfter.ToLocalTime() + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
if (errorNum > 0)
{
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "File with CA certificate has error!!!" + "\n";
tbOutputMessageBox.Foreground = bckForeground;
return;
}
bool isOk = issuerCertificate.Verify();
AsymmetricCipherKeyPair issuerKeyPairTmp = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey);
privateKey = issuerKeyPairTmp.Private;
publicKey = issuerKeyPairTmp.Public;
issuerCertificateX509 = new Org.BouncyCastle.X509.X509CertificateParser().ReadCertificate(issuerCertificate.GetRawCertData());
issuerCertificateX509.Verify(publicKey);
Org.BouncyCastle.X509.X509Certificate x509 = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(issuerCertificate);
x509.Verify(publicKey);
x509.CheckValidity(startDate);
#endregion
// Read certificate request .csr file
Pkcs10CertificationRequest cerRequest = null;
try
{
String input_data = File.ReadAllText(certRequestFile);
StringReader sr = new StringReader(input_data);
PemReader pr = new PemReader(sr);
cerRequest = (Pkcs10CertificationRequest)pr.ReadObject();
tbOutputMessageBox.Text += "Verify file with certificate request : " + certRequestFile + "\n";
bool requestIsOK = cerRequest.Verify();
if (requestIsOK)
{
tbOutputMessageBox.Text += "File with certificate request : " + certRequestFile + " is OK." + "\n";
}
else
{
tbOutputMessageBox.Text += "File with certificate request : " + certRequestFile + " NOT valid." + "\n";
return;
}
}
catch (Exception ex)
{
var metroWindow = (Application.Current.MainWindow as MetroWindow);
await metroWindow.ShowMessageAsync("Info Warning",
"ERROR reading certificate request file (.csr)" + "\n" +
"Error: " + ex.Source + " " + ex.Message,
MessageDialogStyle.Affirmative);
return;
}
Org.BouncyCastle.X509.X509Certificate genCert = GenerateSignedCertificate(
cerRequest,
x509,
issuerKeyPairTmp,
startDate, endDate);
try
{
File.WriteAllBytes(System.IO.Path.ChangeExtension(generateSignedCertificateFile, ".cer"), genCert.GetEncoded());
tbOutputMessageBox.Text += "Certificate file: " + generateSignedCertificateFile + " sucessfully saved." + "\n";
signedRequestFileNamePath = generateSignedCertificateFile;
btnContinue.IsEnabled = true;
}
catch (Exception)
{
tbOutputMessageBox.Text += "Certificate file sucessfully generated." + "\n";
}
#region Public Key
//try
//{
// var store = new Pkcs12Store();
// string friendlyName1 = issuerCertificateX509.SubjectDN.ToString();
// var certificateEntry = new X509CertificateEntry(issuerCertificateX509);
// store.SetCertificateEntry(friendlyName1, certificateEntry);
// store.SetKeyEntry(friendlyName1, new AsymmetricKeyEntry(privateKey), new[] { certificateEntry });
// var stream = new MemoryStream();
// var random1 = GetSecureRandom();
// store.Save(stream, "password".ToCharArray(), random1);
// //Verify that the certificate is valid.
// var convertedCertificate = new X509Certificate2(stream.ToArray(), "password", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
// //Write the file.
// File.WriteAllBytes(generateSignedCertificateFile, stream.ToArray());
// File.WriteAllBytes(System.IO.Path.ChangeExtension(generateSignedCertificateFile, ".cer"), genCert.GetEncoded());
// //using (TextWriter tw = new StreamWriter(outputPublicKeyName))
// //{
// // PemWriter pw = new PemWriter(tw);
// // pw.WriteObject(subjectKeyPair.Public);
// // tw.Flush();
// //}
// tbOutputMessageBox.Text += "File with private key: " + generateSignedCertificateFile + " sucessfully generated." + "\n";
//}
//catch (Exception ex)
//{
// var metroWindow = (Application.Current.MainWindow as MetroWindow);
// await metroWindow.ShowMessageAsync("Info Warning",
// "ERROR creating certificate private key file (.key)" + "\n" +
// "Error: " + ex.Source + " " + ex.Message,
// MessageDialogStyle.Affirmative);
// return;
//}
//StringBuilder publicKeyStrBuilder = new StringBuilder();
//PemWriter publicKeyPemWriter = new PemWriter(new StringWriter(publicKeyStrBuilder));
//publicKeyPemWriter.WriteObject(genCert.GetPublicKey());
//publicKeyPemWriter.Writer.Flush();
//string publicKey = publicKeyStrBuilder.ToString();
//try
//{
// using (TextWriter tw = new StreamWriter(generateSignedCertificateFile))
// {
// PemWriter pw = new PemWriter(tw);
// pw.WriteObject(genCert.GetPublicKey());
// tw.Flush();
// }
// tbOutputMessageBox.Text += "File with private key: " + generateSignedCertificateFile + " sucessfully generated." + "\n";
//}
//catch (Exception ex)
//{
// var metroWindow = (Application.Current.MainWindow as MetroWindow);
// await metroWindow.ShowMessageAsync("Info Warning",
// "ERROR creating certificate private key file (.key)" + "\n" +
// "Error: " + ex.Source + " " + ex.Message,
// MessageDialogStyle.Affirmative);
// return;
//}
#endregion Public Key
}
public void Export_SerializedCert ()
{
X509Certificate cert = new X509Certificate (cert1);
byte[] data = cert.Export (X509ContentType.SerializedCert);
// usable
X509Certificate2 c = new X509Certificate2 (data);
Assert.AreEqual (cert1, c.GetRawCertData (), "Equals");
}
public void Ctor_ByteArray ()
{
X509Certificate2 cert = new X509Certificate2 (cert_1);
Assert.IsNotNull (cert.RawData, "#1");
Assert.AreEqual (cert_1.Length, cert.RawData.Length, "#2");
Assert.AreEqual (cert_1, cert.RawData, "#3");
Assert.IsNotNull (cert.GetRawCertData (), "#4");
Assert.AreEqual (cert_1.Length, cert.GetRawCertData ().Length, "#5");
Assert.AreEqual (cert_1, cert.GetRawCertData (), "#6");
}
/// <summary>
/// Method to update vault certificate
/// </summary>
/// <param name="cert">certificate object </param>
/// <returns>Upload Certificate Response</returns>
private async Task<UploadCertificateResponse> UpdateVaultCertificate(X509Certificate2 cert)
{
var certificateArgs = new CertificateArgs();
certificateArgs.Properties = new Dictionary<string, string>();
certificateArgs.Properties.Add("certificate", Convert.ToBase64String(cert.GetRawCertData()));
// CertificateArgs.Properties.Add("ContractVersion", "V2012_12");
UploadCertificateResponse response = await this.UpdateVaultCertificate(certificateArgs, cert.FriendlyName);
return response;
}
[Test] // bug #79028
public void Ctor_ByteArray_Password ()
{
// password isn't required but supplied
X509Certificate2 cert = new X509Certificate2 (cert_1, "mono");
Assert.IsNotNull (cert.RawData, "#1");
Assert.AreEqual (cert_1.Length, cert.RawData.Length, "#2");
Assert.AreEqual (cert_1, cert.RawData, "#3");
Assert.IsNotNull (cert.GetRawCertData (), "#4");
Assert.AreEqual (cert_1.Length, cert.GetRawCertData ().Length, "#5");
Assert.AreEqual (cert_1, cert.GetRawCertData (), "#6");
}
/// <summary>
/// Compares two certificates.
/// </summary>
protected static void CompareCertificates(X509Certificate2 expected, X509Certificate2 actual, bool allowNull)
{
bool equal = true;
if (expected == null)
{
equal = actual == null;
// accept everything if no expected certificate and nulls are allowed.
if (allowNull)
{
equal = true;
}
}
else if (actual == null)
{
equal = allowNull;
}
else if (!Utils.IsEqual(expected.GetRawCertData(), actual.GetRawCertData()))
{
equal = false;
}
if (!equal)
{
throw ServiceResultException.Create(
StatusCodes.BadCertificateInvalid,
"Certificate mismatch. Expecting '{0}'/{1},. Received '{2}'/{3}.",
(expected != null) ? expected.Subject : "(null)",
(expected != null) ? expected.Thumbprint : "(null)",
(actual != null) ? actual.Subject : "(null)",
(actual != null) ? actual.Thumbprint : "(null)");
}
}
/// <summary>
/// Create an X509 certificate based Asymmetric key credential.
/// </summary>
/// <param name="startTime">Start time.</param>
/// <param name="endTime">End time of the credential.</param>
/// <param name="certificate">Certificate credential.</param>
/// <returns>Asymmetric key credential.</returns>
public static KeyCredential CreateAsymmetricKeyCredential(
DateTime startTime,
DateTime endTime,
X509Certificate2 certificate)
{
Utils.ThrowIfNullOrEmpty(certificate, "certificate");
ValidateStartAndEndTime(startTime, endTime);
KeyCredential keyCredential = new KeyCredential();
keyCredential.StartDate = startTime;
keyCredential.EndDate = endTime;
keyCredential.Type = KeyType.AsymmetricX509Cert.ToString();
keyCredential.Usage = KeyUsage.Verify.ToString();
keyCredential.Value = certificate.GetRawCertData();
return keyCredential;
}
public static byte[] CalculateCertificateID(X509Certificate2 x)
{
System.Security.Cryptography.MD5CryptoServiceProvider m = new System.Security.Cryptography.MD5CryptoServiceProvider();
return m.ComputeHash(x.GetRawCertData());
}
private static AsymmetricKeyParameter retornaParametrosCertificado(string caminhoCertificado)
{
try
{
X509Certificate2 chaveCertificada = new X509Certificate2(caminhoCertificado);
X509CertificateParser parserChaveCertificada = new X509CertificateParser();
AsymmetricKeyParameter parametrosCertificado = parserChaveCertificada.ReadCertificate(chaveCertificada.GetRawCertData()).GetPublicKey();
return parametrosCertificado;
}
catch (Exception ex)
{
throw new excecao.excecao(MSG_CHAVE_INVALIDA);
}
}
public MasFacturacion.StampingConnector.StampingService.comprobante EncryptPFX(MasFacturacion.StampingConnector.StampingService.comprobante cfd, TypeCryptoServiceProvider Algorithm, byte[] pfx, string Password)
{
string pathXSLT = ConfigurationManager.AppSettings["pathSATFiles"] + @"files SAT/localxslt/cadenaoriginal_3_2.xslt";
string xmlComprobante = Serializer.SerializeComprobante(cfd);
if (null == pfx)
{
throw new Exception("No existe el certificado de la empresa");
}
try
{
X509Certificate2 certX509 = default(X509Certificate2);
RSACryptoServiceProvider rsa = default(RSACryptoServiceProvider);
SHA1CryptoServiceProvider cspSha1 = default(SHA1CryptoServiceProvider);
MD5CryptoServiceProvider cspMd5 = default(MD5CryptoServiceProvider);
NumberFormatInfo nfi = new CultureInfo("en-US", false).NumberFormat;
byte[] bytesFirmados = default(byte[]);
nfi.NumberDecimalDigits = 1;
certX509 = new X509Certificate2(pfx, Password, X509KeyStorageFlags.MachineKeySet);
string strOriginal = MasFacturacion.StampingConnector.Utilities.Util.generaCadenaOriginal(pathXSLT, xmlComprobante);
rsa = (RSACryptoServiceProvider)certX509.PrivateKey;
byte[] data = Encoding.UTF8.GetBytes(strOriginal);
switch (Algorithm)
{
case TypeCryptoServiceProvider.MD5:
cspMd5 = new MD5CryptoServiceProvider();
bytesFirmados = rsa.SignData(data, cspMd5);
break;
case TypeCryptoServiceProvider.SHA1:
cspSha1 = new SHA1CryptoServiceProvider();
bytesFirmados = rsa.SignData(data, cspSha1);
break;
}
cfd.sello = Convert.ToBase64String(bytesFirmados);
cfd.noCertificado = hexString2Ascii(certX509.SerialNumber);
// cfd.version = certX509.Version.ToString("N", nfi);
cfd.certificado = Convert.ToBase64String(certX509.GetRawCertData());
}
catch (Exception)
{
throw new Exception("No se puede generar el sello");
}
return cfd;
}
/// <summary>
/// Determina si un certificado ya ha sido añadido a la colección de certificados
/// </summary>
/// <param name="cert"></param>
/// <param name="unsignedProperties"></param>
/// <returns></returns>
private bool CertificateChecked(X509Certificate2 cert, UnsignedProperties unsignedProperties)
{
string certHash = null;
using (var hashAlg = DigestUtil.GetHashAlg(_firma.RefsDigestMethod))
{
certHash = Convert.ToBase64String(hashAlg.ComputeHash(cert.GetRawCertData()));
}
foreach (Cert item in unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.CertRefs.CertCollection)
{
if (Convert.ToBase64String(item.CertDigest.DigestValue) == certHash)
{
return true;
}
}
return false;
}
/// <summary>
/// Upload cert to idmgmt
/// </summary>
/// <param name="managementCert">certificate to be uploaded</param>
/// <param name="vault">vault object</param>
/// <returns>Upload Certificate Response</returns>
public UploadCertificateResponse UploadCertificate(X509Certificate2 managementCert, ARSVault vault)
{
var certificateArgs = new CertificateArgs();
certificateArgs.Properties = new Dictionary<string, string>();
certificateArgs.Properties.Add("certificate", Convert.ToBase64String(managementCert.GetRawCertData()));
var response = this.recoveryServicesClient.VaultExtendedInfo.UploadCertificateAsync(
vault.ResourceGroupName,
vault.Name,
certificateArgs, managementCert.FriendlyName,
this.GetRequestHeaders());
response.Wait();
return response.Result;
}
