public static string GetCertData(string pfxPath, string password)
{
if (!string.IsNullOrEmpty(pfxPath))
{
var cert = new X509Certificate2();
cert.Import(pfxPath, password, X509KeyStorageFlags.Exportable);
return cert.HasPrivateKey
? Convert.ToBase64String(cert.Export(X509ContentType.Pfx, password))
: Convert.ToBase64String(cert.Export(X509ContentType.Pkcs12));
}
return null;
}
public virtual void Starttls()
{
var store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
X509Certificate2 ca_cert = new X509Certificate2();
ca_cert.Import(System.IO.File.ReadAllBytes("/tmp/CA.p12"));
store.Add(ca_cert);
store.Close();
System.Security.Cryptography.X509Certificates.X509Certificate2 CPrivate = new System.Security.Cryptography.X509Certificates.X509Certificate2();
CPrivate.Import(System.IO.File.ReadAllBytes("/tmp/ffwronbpi.feuerwehrcloud.de.p12"));
System.Security.Cryptography.X509Certificates.X509Certificate CPublic = new System.Security.Cryptography.X509Certificates.X509Certificate2();
CPublic.Import(System.IO.File.ReadAllBytes("/tmp/ffwronbpi.feuerwehrcloud.de.cer"));
try {
SSLStream = new System.Net.Security.SslStream(this.NetworkStream, false, null, null);
SSLStream.AuthenticateAsServer(CPrivate, false, System.Security.Authentication.SslProtocols.Default, true);
//SSLStream.
} catch (Exception ex) {
System.Diagnostics.Debug.WriteLine(ex.Message);
}
SSLWriter = new StreamWriter(SSLStream);
SSLReader = new StringReaderStream(SSLStream, 4096);
UseSSL = true;
}
private static X509Certificate2 GetCertFromPfxFile(string path, SecureString password)
{
X509Certificate2 x509Certificate2 = new X509Certificate2();
string stringFromSecureString = SecurityUtils.GetStringFromSecureString(password);
x509Certificate2.Import(path, stringFromSecureString, X509KeyStorageFlags.DefaultKeySet);
return x509Certificate2;
}
public static X509Certificate2 deserialize(string rawData)
{
var raw = Convert.FromBase64String(rawData);
var cert = new X509Certificate2();
cert.Import(raw);
return cert;
}
/// <summary>
/// This method is used to create the security token from certificate from pfx file
/// </summary>
internal static X509SecurityToken GetSecurityToken()
{
X509Certificate2 certificateToBeAdded = new X509Certificate2();
string certificateFile = ConfigurationManager.AppSettings["PfxCertificateFile"];
certificateToBeAdded.Import(certificateFile, "", X509KeyStorageFlags.MachineKeySet);
return new X509SecurityToken(certificateToBeAdded);
}
/// <summary>
/// Create new RSACryptography from byte array
/// </summary>
/// <param name="certificated"></param>
public RSACryptography(byte[] certificated)
{
if (certificated == null)
throw new CryptographicException("Thông tư chứng thư cần khác empty và null.");
cert = new X509Certificate2();
cert.Import(certificated);
ValidateCert();
}
/// <summary>
/// Create new RSACryptography from base64 string
/// </summary>
/// <param name="certificated"></param>
public RSACryptography(string certificated)
{
if (String.IsNullOrEmpty(certificated))
throw new CryptographicException("Thông tư chứng thư cần khác empty và null.");
byte[] b = Convert.FromBase64String(certificated);
cert = new X509Certificate2();
cert.Import(b);
ValidateCert();
}
public static X509Certificate2 Create(ushort keyLength, DateTime start, DateTime end)
{
byte[] rawData = CreatePfxWithSelfSignedCertificate(keyLength, start, end);
X509Certificate2 certToReturn = new X509Certificate2();
certToReturn.Import(rawData);
return certToReturn;
}
public static X509Certificate2 GetCertificate(string publishSettings)
{
XmlDocument xmlPublicSetting = new XmlDocument();
xmlPublicSetting.LoadXml(publishSettings);
X509Certificate2 cert = new X509Certificate2();
XmlNode publishProfile = xmlPublicSetting.SelectSingleNode("/PublishData/PublishProfile");
string certificateString = publishProfile.Attributes["ManagementCertificate"].Value;
cert.Import(Convert.FromBase64String(certificateString));
return cert;
}
public X509Certificate2 GetX5092()
{
X509Certificate2 xc = new X509Certificate2();
try
{
byte[] x509 = Read();
xc.Import(x509, "", X509KeyStorageFlags.DefaultKeySet);
}
catch { }
return xc;
}
private Nenshkrim MerrNenshkrimInfo(AcroFields af, string name)
{
PdfPKCS7 pkcs7 = af.VerifySignature(name);
var certificate = new X509Certificate2();
var cert = (Org.BouncyCastle.X509.X509Certificate)pkcs7.Certificates[0];
certificate.Import(cert.GetEncoded());
Nenshkrim nenshkruesi = new Nenshkrim();
nenshkruesi.Nenshkruesi = CertificateInfo.GetSubjectFields(cert).GetField("CN");
string issuer = certificate.Issuer;
nenshkruesi.IssuerCN = GetIssuer(issuer, "CN=");
nenshkruesi.IssuerOU = GetIssuer(issuer, "OU=");
nenshkruesi.IssuerO = GetIssuer(issuer, "O=");
nenshkruesi.IssuerC = GetIssuer(issuer, "C=");
if (nenshkruesi.IssuerC == "KS")
{
//largimi i [EMAIL] prej cn
nenshkruesi.Nenshkruesi = nenshkruesi.Nenshkruesi.Substring(8);
}
nenshkruesi.Emri = CertificateInfo.GetSubjectFields(cert).GetField("GIVENNAME");
nenshkruesi.Mbiemri = CertificateInfo.GetSubjectFields(cert).GetField("SURNAME");
//algoritmi hash
nenshkruesi.AlgoritmiHash = pkcs7.GetHashAlgorithm();
//algoritmi hash
nenshkruesi.AlgoritmiEnkriptimit = pkcs7.GetEncryptionAlgorithm();
//data e nenshrimit
nenshkruesi.DataNenshkrimit = pkcs7.SignDate;
//certifikata valide prej, deri
nenshkruesi.CertifikataValidePrej = certificate.GetEffectiveDateString();
nenshkruesi.CertifikataValideDeri = certificate.GetExpirationDateString();
nenshkruesi.SerialNumber = certificate.SerialNumber;
//verifikimi
if (pkcs7.Verify())
{
nenshkruesi.Valid = true;
}
else
{
nenshkruesi.Valid = false;
}
return nenshkruesi;
}
public override void AwakeFromNib ()
{
base.AwakeFromNib ();
SolutionUserDto = SolutionUserDtoOriginal.DeepCopy();
TxtName.StringValue = SolutionUserDto.Name;
TxtDescription.StringValue = string.IsNullOrEmpty(SolutionUserDto.Description)?string.Empty:SolutionUserDto.Description;
CbDisabled.StringValue = SolutionUserDto.Disabled ? "1" : "0";
Window.Title = SolutionUserDto.Name + " Properties";
var cert = new X509Certificate2 (Encoding.ASCII.GetBytes(SolutionUserDto.Certificate.Encoded));
try {
TxtIssuer.StringValue = cert.Issuer;
TxtValidFrom.StringValue = cert.NotBefore.ToShortDateString();
TxtValidTo.StringValue = cert.NotAfter.ToShortDateString();
TxtDC.StringValue = cert.IssuerName.Format(true);
} catch (Exception) {
UtilityService.ShowAlert ("Invalid X509 certificate", "Alert");
}
//Events
this.BtnSave.Activated += OnClickSaveButton;
this.BtnClose.Activated += (object sender, EventArgs e) => {
this.Close ();
NSApplication.SharedApplication.StopModalWithCode (0);
};
this.BtnChangeCertificate.Activated += (object sender, EventArgs e) => {
var openPanel = new NSOpenPanel();
openPanel.ReleasedWhenClosed = true;
openPanel.Prompt = "Select file";
var result = openPanel.RunModal();
if (result == 1)
{
var filePath = openPanel.Url.AbsoluteString.Replace("file://",string.Empty);
var cert1 = new X509Certificate2 ();
try {
cert1.Import (filePath);
TxtIssuer.StringValue = cert1.Issuer;
TxtValidFrom.StringValue = cert1.NotBefore.ToShortDateString();
TxtValidTo.StringValue = cert1.NotAfter.ToShortDateString();
TxtDC.StringValue = cert1.IssuerName.Format(true);
} catch (Exception) {
UtilityService.ShowAlert ("Invalid X509 certificate", "Alert");
}
SolutionUserDto.Certificate.Encoded = cert.ToPem();
}
};
}
public static void InstallPfx(string filePath, string password, string[] privateKeyUsers)
{
Console.WriteLine(string.Format("Installing certificate using file: [{0}].", filePath));
var cert = new X509Certificate2();
cert.Import(filePath, password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet );
if (cert.HasPrivateKey)
{
GrantUserReadAccessToCertificate(privateKeyUsers, cert);
}
AddCertToStore(cert);
RemoveCertFileFromDisk(filePath);
}
/// <summary>
/// Lee certificado de disco
/// </summary>
/// <param name="argArchivo">Ruta del certificado a leer.</param>
/// <returns>Un objeto certificado X509</returns>
/// <remarks></remarks>
public static X509Certificate2 ObtieneCertificadoDesdeArchivo(string argArchivo, string key)
{
X509Certificate2 objCert = new X509Certificate2();
try
{
objCert.Import(Microsoft.VisualBasic.FileIO.FileSystem.ReadAllBytes(argArchivo), key, X509KeyStorageFlags.DefaultKeySet);
return objCert;
}
catch (Exception excepcionAlImportarCertificado)
{
throw new Exception("argArchivo=" + argArchivo + " excepcion=" + excepcionAlImportarCertificado.Message + " " + excepcionAlImportarCertificado.StackTrace);
}
}
public RequestInvoker(string publishSettings)
{
XmlDocument xmlPublicSetting = new XmlDocument();
xmlPublicSetting.LoadXml(publishSettings);
X509Certificate2 cert = new X509Certificate2();
XmlNode publishProfile = xmlPublicSetting.SelectSingleNode("/PublishData/PublishProfile");
string certificateString = publishProfile.Attributes["ManagementCertificate"].Value;
cert.Import(Convert.FromBase64String(certificateString));
this.Certificate = cert;
XmlNode subscriptionNode = xmlPublicSetting.SelectSingleNode("/PublishData/PublishProfile/Subscription");
this.SubscriptionId = subscriptionNode.Attributes["Id"].Value;
this.SubscriptionName = subscriptionNode.Attributes["Name"].Value;
}
private X509Certificate2 ObtieneCertificadoDesdeArchivo( string argArchivo )
{
X509Certificate2 objCert = new X509Certificate2();
try
{
objCert.Import( this.accesoDisco.ObtenerBytes( argArchivo ) );
}
catch ( Exception error )
{
this.manejadorErrores.ManejarError( error, "ObtieneCertificadoDesdeArchivo", error.Message );
}
return objCert;
}
public bool IsResponseValid(XmlDocument xDoc)
{
XmlNamespaceManager manager = new XmlNamespaceManager(xDoc.NameTable);
manager.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
XmlNodeList nodeList = xDoc.SelectNodes("//ds:Signature", manager);
SignedXml signedXml = new SignedXml(xDoc);
signedXml.LoadXml((XmlElement)nodeList[0]);
X509Certificate2 cSigningCertificate = new X509Certificate2();
cSigningCertificate.Import(HttpContext.Current.Server.MapPath(".") + @"\Certificates\SignCertFromCentrify.cer");
return signedXml.CheckSignature(cSigningCertificate, true);
}
public override void SetFromNetMQMessage(NetMQMessage message)
{
base.SetFromNetMQMessage(message);
if (message.FrameCount != 1)
{
throw new NetMQSecurityException(NetMQSecurityErrorCode.InvalidFramesCount, "Malformed message");
}
NetMQFrame certificateFrame = message.Pop();
byte[] certificteBytes = certificateFrame.ToByteArray();
Certificate = new X509Certificate2();
Certificate.Import(certificteBytes);
}
private PeerNode AuthenticateNode(SslStream clientSslStream, Socket clientSocket)
{
string nodeIP = clientSocket.RemoteEndPoint.ToString().Split(':')[0];
// if cert is empty or come with the default/harcoded hash, this a new node.
// Generate and send him a certificate
if (clientSslStream.RemoteCertificate == null ||
clientSslStream.RemoteCertificate.GetCertHashString() == "3EE15BE077586D9CB9AEC105AE8AB0613ED6C34B")
{
//TODO : make certmanager directly return an X509Certificate2
//TODO : store the whole cert into a 'Password' structure (need private key if client
// node is lost (or its certificate is lost), or to do cross-restores
Mono.Security.X509.PKCS12 newCert = GenerateNewClientCertificate(nodeIP);
// new node, unknown by hub. let's add it in "pending for approval" status
var x509cert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2();
x509cert2.Import(newCert.Certificates[0].RawData, "",
System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.PersistKeySet | System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable);
var u = CreateNewNode(nodeIP, new NodeCertificate(x509cert2));
u.SetSockets(clientSslStream, clientSocket);
u.SendCertificate(newCert.GetBytes());
u.Disconnect();
return(null);
}
X509Certificate2 remoteCert = new X509Certificate2(clientSslStream.RemoteCertificate);
PeerNode node = new DAL.NodeDAO().NodeApproved(remoteCert.GetSerialNumber());
node.IP = nodeIP;
if (node != null)
{
Logger.Append("HUBRN", Severity.TRIVIA, "Newly connected node : Id=" + node.Id + ", NodeName=" + node.Name + ",IP=" + node.IP + ", status=" + node.Status);
if (!node.Locked)
{
node.Status = NodeStatus.Idle;
}
else
{
node.Status = NodeStatus.Locked; // pending for manual approval
Logger.Append("HUBRN", Severity.NOTICE, "Newly connected node #" + node.Id + " is locked.");
}
}
node.SetSockets(clientSslStream, clientSocket);
node.SendAuthStatus();
return(node);
}
/// <summary>
/// Load certicate key from file
/// </summary>
private void LoadCertificateKey()
{
//Import Certificate
_CertificateKey = new X509Certificate2();
_CertificateKey.Import(_extranetType == @"EXE" ? System.IO.Path.GetDirectoryName(System.Reflection.Assembly.GetEntryAssembly().Location) + @"/" + _Tenant.D3S_KeyStorePathFilename : HttpContext.Current.Server.MapPath("~/bin/" + _Tenant.D3S_KeyStorePathFilename), _Tenant.D3S_KeyStorePassword, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
ServicePointManager.ServerCertificateValidationCallback += delegate(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
// If the certificate is a valid, signed certificate, return true.
if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None)
{
return true;
}
return false;
};
}
public static void Main(string[] args)
{
string sn = string.Empty;
X509Certificate2 cert = new X509Certificate2();
cert.Import("CSD01_AAA010101AAA.cer");
foreach (var b in cert.GetSerialNumber()) {
sn = (char)b + sn;
}
Console.WriteLine (cert.Subject);
Console.WriteLine (cert.Version);
Console.WriteLine (cert.SignatureAlgorithm.Value.Replace("1.2.840.113549.1.1.5", "RSA_SHA1RSA"));
Console.WriteLine (cert.NotBefore);
Console.WriteLine (cert.NotAfter);
Console.WriteLine (cert.SerialNumber);
Console.WriteLine (sn);
}
private ClaimsPrincipal Validate(ServerDto serverDto, string audience, CertificateChainDto certificateChain, string tenantName, string token)
{
var certificate = certificateChain.Certificates[0];
var publicKey = certificate.Encoded;
var x509Certificate2 = new X509Certificate2();
var cert = Encoding.UTF8.GetBytes(publicKey);
x509Certificate2.Import(cert);
var hostName = ServiceHelper.GetHostName(serverDto.ServerName);
var validationParams = new TokenValidationParameters
{
ValidIssuer = string.Format(ServiceConfigManager.ValidationUri, serverDto.Protocol, hostName, tenantName),
ValidAudience = audience,
IssuerSigningToken = new X509SecurityToken(x509Certificate2),
ValidateIssuer = false
};
var jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
SecurityToken validatedToken;
return jwtSecurityTokenHandler.ValidateToken(token, validationParams, out validatedToken);
}
static void Main(string[] args)
{
// issue
//makecert -r -pe -n "CN=Centaman Software Licensing" -b 01/01/2000 -e 01/01/2099 -eku 1.3.6.1.5.5.7.3.3 -ss My -a sha256
// message
var data = new byte[32];
// sign
var cert = new X509Certificate2();
cert.Import(@"c:\development\visual studio\frameworktests\signingtest\almostpurple-root.pfx", "EnxnApv1", X509KeyStorageFlags.PersistKeySet);
var sigbytes = ((RSACryptoServiceProvider)cert.PrivateKey).SignData(data, "SHA1");
// verify
var verifier = new RSACryptoServiceProvider();
verifier.ImportParameters(LoadParameters(Assembly.GetExecutingAssembly().GetName().GetPublicKey()));
Console.WriteLine(verifier.VerifyData(data, "SHA1", sigbytes));
if (Debugger.IsAttached) Console.ReadLine();
}
public static CertificadoDigital GetCertificadoDigital_v2(byte[] archivoCer)
{
var srtBase64 = "";
var certificado = new CertificadoDigital();
System.Security.Cryptography.X509Certificates.X509Certificate2 certEmisor = new System.Security.Cryptography.X509Certificates.X509Certificate2();
byte[] data = archivoCer;
certEmisor.Import(data);
srtBase64 = Convert.ToBase64String(certEmisor.GetRawCertData());
certificado.Certificado = certEmisor.GetRawCertDataString();
certificado.CertificadoBase64 = srtBase64;
byte[] byteArray = certEmisor.GetSerialNumber();
//string test = byteArray.ToString();
string strSerialHex = certEmisor.GetSerialNumberString();
string serialTest2 = certEmisor.SerialNumber;
var strSerial = ConvertHexToString(strSerialHex);
//var str = System.Text.Encoding.Default.GetString(byteArray);
//string result = System.Text.Encoding.UTF8.GetString(byteArray);
//System.Text.Encoding enc = System.Text.Encoding.ASCII;
//string myString = enc.GetString(byteArray);
//string s = System.Text.UTF8Encoding.UTF8.GetString(byteArray);
//char[] array = str.ToCharArray();
//Array.Reverse(array);
//var nuevoStr = new string(array);
certificado.NoCertificado = strSerial;//str;
return(certificado);
}
/// <summary>
/// Loads the Strong Name Key at the specified path with a optional password.
/// </summary>
/// <param name="context">The working context.</param>
/// <param name="path">The path to the key.</param>
/// <param name="pass">
/// The password of the certificate at <paramref name="path" /> if
/// it is a pfx file; otherwise, <c>null</c>.
/// </param>
/// <returns>The loaded Strong Name Key.</returns>
public static StrongNameKey LoadSNKey(ConfuserContext context, string path, string pass) {
if (path == null) return null;
try {
if (pass != null) //pfx
{
// http://stackoverflow.com/a/12196742/462805
var cert = new X509Certificate2();
cert.Import(path, pass, X509KeyStorageFlags.Exportable);
var rsa = cert.PrivateKey as RSACryptoServiceProvider;
if (rsa == null)
throw new ArgumentException("RSA key does not present in the certificate.", "path");
return new StrongNameKey(rsa.ExportCspBlob(true));
}
return new StrongNameKey(path);
}
catch (Exception ex) {
context.Logger.ErrorException("Cannot load the Strong Name Key located at: " + path, ex);
throw new ConfuserException(ex);
}
}
public void OnClickAddButton (object sender, EventArgs e)
{
if (string.IsNullOrEmpty (TxtUsername.StringValue)) {
UIErrorHelper.ShowAlert ("Please enter valid username", "Alert");
} else if (string.IsNullOrEmpty (TxtDescription.StringValue)) {
UIErrorHelper.ShowAlert ("Please enter valid Description", "Alert");
} else if (string.IsNullOrEmpty (TxtCertificatePath.StringValue)) {
UIErrorHelper.ShowAlert ("Please enter valid Certificate", "Alert");
} else {
var cert = new X509Certificate2 ();
ActionHelper.Execute (delegate() {
cert.Import (TxtCertificatePath.StringValue.Replace ("file://", string.Empty));
});
SolutionUserDto = new SolutionUserDto () {
Name = TxtUsername.StringValue,
Description = TxtDescription.StringValue,
Certificate = new CertificateDto { Encoded = cert.ToPem() }
};
this.Close ();
NSApplication.SharedApplication.StopModalWithCode (1);
}
}
/// <summary>
/// Lee el Certificado desde el archivo abriendolo con la password
/// </summary>
/// <returns>Un objeto certificado X509</returns>
/// <remarks></remarks>
public X509Certificate2 ObtenerCertificadoDesdeArchivo()
{
Entidades.Configuracion_Certificado objEntidadesConf_Certificado = new Entidades.Configuracion_Certificado();
Logica.Configuracion_Certificado objLogicaConf_Certificado = new Logica.Configuracion_Certificado();
SecureString passwordCertificadoPFX;
objEntidadesConf_Certificado = objLogicaConf_Certificado.TraerConfiguracion();
passwordCertificadoPFX = ConvertirPasswordSecureString(objEntidadesConf_Certificado.PasswordPFX);
//Se instancia un objeto Certificado
X509Certificate2 objCertificado = new X509Certificate2();
try
{
//Se importa al objeto certificado el archivo leido abriendolo con la password
objCertificado.Import(Microsoft.VisualBasic.FileIO.FileSystem.ReadAllBytes(objEntidadesConf_Certificado.ArchivoCertificadoPFX), passwordCertificadoPFX, X509KeyStorageFlags.PersistKeySet);
//Retorno certificado
return objCertificado;
}
catch (Exception excepcionAlImportarCertificado)
{
throw new Exception("ERROR: Procedimiento: ObtenerCertificadoDesdeArchivo. Ruta del archivo=" + objEntidadesConf_Certificado.ArchivoCertificadoPFX + ". Excepcion=" + excepcionAlImportarCertificado.Message + " " + excepcionAlImportarCertificado.StackTrace);
}
}
public override void AwakeFromNib ()
{
base.AwakeFromNib ();
_certificates = new List<CertificateDto> ();
_currentStep = WizardSteps.One;
SetWizardStep ();
ReloadCertificates ();
//Events
this.BtnTestConnection.Activated += TestConnection;
this.BtnNext.Activated += OnClickNextButton;
this.BtnBack.Activated += OnClickBackButton;
this.BtnAddCertificate.Activated += (object sender, EventArgs e) => {
var openPanel = new NSOpenPanel();
openPanel.ReleasedWhenClosed = true;
openPanel.Prompt = "Select file";
var result = openPanel.RunModal();
if (result == 1)
{
var filePath = openPanel.Url.AbsoluteString.Replace("file://",string.Empty);
var cert = new X509Certificate2 ();
ActionHelper.Execute (delegate() {
cert.Import (filePath);
var certfificateDto = new CertificateDto { Encoded = cert.ToPem(), Chain = cert.GetFormattedThumbPrint()};
_certificates.Add(certfificateDto);
ReloadCertificates();
});
}
};
this.RdoIdentitySource.Activated += (object sender, EventArgs e) =>
{
SetSpnControls();
};
this.RdoDomainController.Activated += (object sender, EventArgs e) =>
{
var anyDc = RdoDomainController.SelectedTag == 1;
if(anyDc)
{
SetConnectionString();
}
else
{
TxtLdapConnection.StringValue = (NSString) string.Empty;
}
ChkProtect.Enabled = anyDc;
EnableDisableConnectionString(!anyDc);
};
this.BtnRemoveCertificate.Activated += (object sender, EventArgs e) => {
if (LstCertificates.SelectedRows.Count > 0) {
foreach (var row in LstCertificates.SelectedRows) {
_certificates.RemoveAt ((int)row);
}
ReloadCertificates();
}
};
this.BtnPrimaryImport.Activated += (object sender, EventArgs e) => {
};
this.BtnSecondaryImport.Activated += (object sender, EventArgs e) => {
};
this.TxtDomainName.Changed += (object sender, EventArgs e) => {
SetConnectionString();
};
this.ChkProtect.Activated += (object sender, EventArgs e) => {
SetConnectionString();
};
this.RdoSpn.Activated += (object sender, EventArgs e) => {
SetSpnControls();
};
BtnPrimaryImport.Enabled = false;
BtnSecondaryImport.Enabled = false;
this.TxtPrimaryUrl.Activated += (object sender, EventArgs e) =>
{
BtnPrimaryImport.Enabled = this.TxtPrimaryUrl.StringValue!= null && this.TxtPrimaryUrl.StringValue.StartsWith("ldaps://");
};
this.TxtSecondaryConnection.Activated += (object sender, EventArgs e) =>
{
BtnSecondaryImport.Enabled = this.TxtSecondaryConnection.StringValue!= null && this.TxtSecondaryConnection.StringValue.StartsWith("ldaps://");
};
BtnPrimaryImport.Activated += (object sender, EventArgs e) =>
{
ImportCertificates(TxtPrimaryUrl.StringValue);
};
BtnSecondaryImport.Activated += (object sender, EventArgs e) =>
{
ImportCertificates(TxtSecondaryConnection.StringValue);
};
if (IdentityProviderDto != null)
DtoToView ();
else
IdentityProviderDto = new IdentityProviderDto ();
this.BtnAdvanced.Activated += (object sender, EventArgs e) =>
{
var form = new ExternalDomainAdvancedSettingsController ()
{
IdentityProviderDto = new IdentityProviderDto
{
Schema = IdentityProviderDto.Schema == null ? new Dictionary<string, SchemaObjectMappingDto>() :new Dictionary<string, SchemaObjectMappingDto>(IdentityProviderDto.Schema),
AttributesMap = IdentityProviderDto.AttributesMap == null ? new Dictionary<string, string>() : new Dictionary<string, string>(IdentityProviderDto.AttributesMap),
BaseDnForNestedGroupsEnabled = IdentityProviderDto.BaseDnForNestedGroupsEnabled,
MatchingRuleInChainEnabled = IdentityProviderDto.MatchingRuleInChainEnabled,
DirectGroupsSearchEnabled = IdentityProviderDto.DirectGroupsSearchEnabled
}
};
var result = NSApplication.SharedApplication.RunModalForWindow (form.Window);
if(result == 1)
{
IdentityProviderDto.Schema = GetSchema(form.IdentityProviderDto.Schema);
IdentityProviderDto.AttributesMap = new Dictionary<string, string>(form.IdentityProviderDto.AttributesMap);
IdentityProviderDto.BaseDnForNestedGroupsEnabled = form.IdentityProviderDto.BaseDnForNestedGroupsEnabled;
IdentityProviderDto.MatchingRuleInChainEnabled = form.IdentityProviderDto.MatchingRuleInChainEnabled;
IdentityProviderDto.DirectGroupsSearchEnabled = form.IdentityProviderDto.DirectGroupsSearchEnabled;
}
};
SetSpnControls ();
}
/// <summary>
/// Load certicate key from file
/// </summary>
private void LoadCertificateKey()
{
//Import Certificate
_CertificateKey = new X509Certificate2();
_CertificateKey.Import(HttpContext.Current.Server.MapPath("~/bin/" + _Tenant.DTP_KeyStorePathFilename), _Tenant.DTP_KeyStorePassword, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
ServicePointManager.ServerCertificateValidationCallback += delegate(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
// If the certificate is a valid, signed certificate, return true.
if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None)
{
//Console.WriteLine("X509Certificate [{0}] : No error", cert.Subject);
return true;
}
//Console.WriteLine("X509Certificate [{0}] Policy Error: '{1}'", cert.Subject, sslPolicyErrors.ToString());
return false;
};
}
private bool ResolveManifestKey()
{
bool certSuccess = false;
bool certInStore = false;
if (!string.IsNullOrEmpty(CertificateThumbprint))
{
// look for cert in the cert store
X509Store personalStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
try
{
personalStore.Open(OpenFlags.ReadWrite);
X509Certificate2Collection foundCerts = personalStore.Certificates.Find(X509FindType.FindByThumbprint, CertificateThumbprint, false);
if (foundCerts.Count == 1)
{
certInStore = true;
ResolvedThumbprint = CertificateThumbprint;
certSuccess = true;
}
}
finally
{
personalStore.Close();
}
if (!certSuccess)
{
Log.LogWarningWithCodeFromResources("ResolveKeySource.ResolvedThumbprintEmpty");
}
}
if (!string.IsNullOrEmpty(CertificateFile) && !certInStore)
{
// if the cert isn't on disk, we can't import it
if (!File.Exists(CertificateFile))
{
Log.LogErrorWithCodeFromResources("ResolveKeySource.CertificateNotInStore");
}
else
{
// add the cert to the store optionally prompting for the password
if (X509Certificate2.GetCertContentType(CertificateFile) == X509ContentType.Pfx)
{
bool imported = false;
// first try it with no password
X509Certificate2 cert = new X509Certificate2();
X509Store personalStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
try
{
personalStore.Open(OpenFlags.ReadWrite);
cert.Import(CertificateFile, (string)null, X509KeyStorageFlags.PersistKeySet);
personalStore.Add(cert);
ResolvedThumbprint = cert.Thumbprint;
imported = true;
certSuccess = true;
}
catch (CryptographicException)
{
// cert has a password, move on and prompt for it
}
finally
{
personalStore.Close();
}
if (!imported && ShowImportDialogDespitePreviousFailures)
{
Log.LogErrorWithCodeFromResources("ResolveKeySource.KeyFileForManifestNotImported", KeyFile);
}
if (!certSuccess)
{
Log.LogErrorWithCodeFromResources("ResolveKeySource.KeyImportError", CertificateFile);
}
}
else
{
X509Store personalStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
try
{
X509Certificate2 cert = new X509Certificate2(CertificateFile);
personalStore.Open(OpenFlags.ReadWrite);
personalStore.Add(cert);
ResolvedThumbprint = cert.Thumbprint;
certSuccess = true;
}
catch (CryptographicException)
{
Log.LogErrorWithCodeFromResources("ResolveKeySource.KeyImportError", CertificateFile);
}
finally
{
personalStore.Close();
}
}
}
}
else if (!certInStore && !string.IsNullOrEmpty(CertificateFile) && !string.IsNullOrEmpty(CertificateThumbprint))
{
// no file and not in store, error out
Log.LogErrorWithCodeFromResources("ResolveKeySource.CertificateNotInStore");
certSuccess = false;
}
else
certSuccess = true;
return certSuccess;
}
private void Add()
{
if (this.FileName == null)
{
this.Log.LogError("FileName not provided");
return;
}
if (System.IO.File.Exists(this.FileName.GetMetadata("FullPath")) == false)
{
this.Log.LogError(string.Format(CultureInfo.CurrentCulture, "FileName not found: {0}", this.FileName.GetMetadata("FullPath")));
return;
}
X509Certificate2 cert = new X509Certificate2();
X509KeyStorageFlags keyflags = this.MachineStore ? X509KeyStorageFlags.MachineKeySet : X509KeyStorageFlags.DefaultKeySet;
if (this.Exportable)
{
keyflags |= X509KeyStorageFlags.Exportable;
}
keyflags |= X509KeyStorageFlags.PersistKeySet;
cert.Import(this.FileName.GetMetadata("FullPath"), this.CertPassword, keyflags);
StoreLocation locationFlag = this.MachineStore ? StoreLocation.LocalMachine : StoreLocation.CurrentUser;
this.LogTaskMessage(string.Format(CultureInfo.CurrentCulture, "Adding Certificate: {0} to Store: {1}", this.FileName.GetMetadata("FullPath"), this.StoreName));
X509Store store = this.GetStore(locationFlag);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
this.Thumbprint = cert.Thumbprint;
this.SubjectDName = cert.SubjectName.Name;
}
public void Pkcs7_Import ()
{
X509Certificate2 x = new X509Certificate2 ();
x.Import (farscape_pkcs7);
}
public static byte[] GetCertificateData(string certPath, string password)
{
var cert = new X509Certificate2();
cert.Import(certPath, password, X509KeyStorageFlags.Exportable);
return cert.HasPrivateKey ? cert.Export(X509ContentType.Pfx, password) : cert.Export(X509ContentType.Pkcs12);
}
