public static byte[] HybridDecrypt
(
X509Certificate2 decryptorPrivateKeyPfx
, Secret data
)
{
X509Certificate2 encryptorPublicKeyCer = null;
try
{
RSACryptoServiceProvider decryptorPrivateKeyPfxProvider = decryptorPrivateKeyPfx.PrivateKey as RSACryptoServiceProvider;
encryptorPublicKeyCer = new X509Certificate2(data.EncryptorPublicKeyCerRawData);
RSACryptoServiceProvider encryptorPublicKeyCerProvider = encryptorPublicKeyCer.PublicKey.Key as RSACryptoServiceProvider;
return HybridDecrypt
(
decryptorPrivateKeyPfxProvider
, encryptorPublicKeyCerProvider
, data
);
}
catch
{
return null;
}
finally
{
if (encryptorPublicKeyCer != null)
{
encryptorPublicKeyCer.Reset();
}
}
}
public static X509Certificate2 BuscaNome(string Nome)
{
X509Certificate2 _X509Cert = new X509Certificate2();
try
{
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
X509Certificate2Collection collection1 = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid, HLP.GeraXml.dao.daoUtil.GetDateServidor(), false);
X509Certificate2Collection collection2 = (X509Certificate2Collection)collection.Find(X509FindType.FindByKeyUsage, X509KeyUsageFlags.DigitalSignature, false);
if (Nome == "")
{
X509Certificate2Collection scollection = X509Certificate2UI.SelectFromCollection(collection2, "Certificado(s) Digital(is) disponível(is)", "Selecione o Certificado Digital para uso no aplicativo", X509SelectionFlag.SingleSelection);
if (scollection.Count == 0)
{
_X509Cert.Reset();
Console.WriteLine("Nenhum certificado escolhido", "Atenção");
}
else
{
_X509Cert = scollection[0];
}
}
else
{
X509Certificate2Collection scollection = (X509Certificate2Collection)collection2.Find(X509FindType.FindBySubjectDistinguishedName, Nome, false);
if (scollection.Count == 0)
{
Console.WriteLine("Nenhum certificado válido foi encontrado com o nome informado: " + Nome, "Atenção");
_X509Cert.Reset();
}
else
{
_X509Cert = scollection[0];
}
}
store.Close();
return _X509Cert;
}
catch (System.Exception ex)
{
Console.WriteLine(ex.Message);
return _X509Cert;
}
}
public X509Certificate2 BuscaNroSerie(string NroSerie)
{
X509Certificate2 _X509Cert = new X509Certificate2();
try
{
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
X509Certificate2Collection collection1 = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid, DateTime.Now, true);
X509Certificate2Collection collection2 = (X509Certificate2Collection)collection1.Find(X509FindType.FindByKeyUsage, X509KeyUsageFlags.DigitalSignature, true);
if (NroSerie == "")
{
X509Certificate2Collection scollection = X509Certificate2UI.SelectFromCollection(collection2, "Certificados Digitais", "Selecione o Certificado Digital para uso no aplicativo", X509SelectionFlag.SingleSelection);
if (scollection.Count == 0)
{
_X509Cert.Reset();
Console.WriteLine("Nenhum certificado válido foi encontrado com o número de série informado: " + NroSerie, "Atenção");
}
else
{
_X509Cert = scollection[0];
}
}
else
{
X509Certificate2Collection scollection = (X509Certificate2Collection)collection2.Find(X509FindType.FindBySerialNumber, NroSerie, true);
if (scollection.Count == 0)
{
_X509Cert.Reset();
Console.WriteLine("Nenhum certificado válido foi encontrado com o número de série informado: " + NroSerie, "Atenção");
}
else
{
_X509Cert = scollection[0];
}
}
store.Close();
return _X509Cert;
}
catch (System.Exception ex)
{
Console.WriteLine(ex.Message);
return _X509Cert;
}
}
private bool TryGetMatchingX509Certificate(IntPtr certContext, X509FindType findType, uint dwFindType, object findValue, bool validOnly, out X509Certificate2 cert)
{
cert = new X509Certificate2(certContext);
if (dwFindType == 0)
{
switch (findType)
{
case X509FindType.FindBySubjectDistinguishedName:
if (string.Compare((string) findValue, cert.SubjectName.Name, StringComparison.OrdinalIgnoreCase) == 0)
{
break;
}
cert.Reset();
cert = null;
return false;
case X509FindType.FindByIssuerDistinguishedName:
if (string.Compare((string) findValue, cert.IssuerName.Name, StringComparison.OrdinalIgnoreCase) == 0)
{
break;
}
cert.Reset();
cert = null;
return false;
case X509FindType.FindBySerialNumber:
if (this.BinaryMatches((byte[]) findValue, cert.GetSerialNumber()))
{
break;
}
cert.Reset();
cert = null;
return false;
case X509FindType.FindBySubjectKeyIdentifier:
{
X509SubjectKeyIdentifierExtension extension = cert.Extensions["2.5.29.14"] as X509SubjectKeyIdentifierExtension;
if ((extension == null) || !this.BinaryMatches((byte[]) findValue, extension.RawData))
{
cert.Reset();
cert = null;
return false;
}
break;
}
}
}
if (validOnly && !new X509Chain(false) { ChainPolicy = { RevocationMode = X509RevocationMode.NoCheck, RevocationFlag = X509RevocationFlag.ExcludeRoot } }.Build(cert))
{
cert.Reset();
cert = null;
return false;
}
return (cert != null);
}
public static Secret HybridEncrypt
(
string encryptorPrivateKeyPfxFileName
, string encryptorPublicKeyCerFileName
, string decryptorPublicKeyCerFileName
, HashSignatureMode hashSignatureMode
, bool DoOAEPadding
, byte[] data
)
{
X509Certificate2 encryptorPrivateKeyPfx = null;
X509Certificate2 encryptorPublicKeyCer = null;
X509Certificate2 decryptorPublicKeyCer = null;
try
{
encryptorPrivateKeyPfx = new X509Certificate2(encryptorPrivateKeyPfxFileName);
encryptorPublicKeyCer = new X509Certificate2(encryptorPublicKeyCerFileName);
decryptorPublicKeyCer = new X509Certificate2(decryptorPublicKeyCerFileName);
return HybridEncrypt
(
encryptorPrivateKeyPfx
, encryptorPublicKeyCer
, decryptorPublicKeyCer
, hashSignatureMode
, DoOAEPadding
, data
);
}
catch
{
return null;
}
finally
{
if (encryptorPrivateKeyPfx != null)
{
encryptorPrivateKeyPfx.Reset();
}
if (encryptorPublicKeyCer != null)
{
encryptorPublicKeyCer.Reset();
}
if (decryptorPublicKeyCer != null)
{
decryptorPublicKeyCer.Reset();
}
}
}
/////////////////////////////////////////////////////
// //
// InstallClientCertificateToKeystore() //
// //
/////////////////////////////////////////////////////
//Description: Takes a public or private key file and
// adds it to the local user's key store
//Returns: the key data as a string
/////////////////////////////////////////////////////
internal static bool InstallClientCertificateToKeystore(X509Certificate2 certificate)
{
//try to open local machine's crypto store
X509Store store;
try
{
//open the user's certificate store
store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite | OpenFlags.OpenExistingOnly);
}
catch (Exception ex)
{
throw new Exception("Failed to open MY store: " + ex.Message);
}
//add the new X509 cert to the opened store
store.Add(certificate);
//close store
store.Close();
certificate.Reset();
return true;
}
/// <summary>
/// Busca certificados instalado se informado uma serie
/// se não abre caixa de dialogos de certificados.
/// </summary>
/// <param name="cerSerie">Serie do certificado.</param>
/// <returns>X509Certificate2.</returns>
/// <exception cref="System.Exception">
/// Nenhum certificado digital foi selecionado ou o certificado selecionado está com problemas.
/// or
/// Certificado digital não encontrado
/// or
/// </exception>
public static X509Certificate2 SelecionarCertificado(string cerSerie)
{
var certificate = new X509Certificate2();
try
{
X509Certificate2Collection certificatesSel = null;
var store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.OpenExistingOnly);
var certificates = store.Certificates.Find(X509FindType.FindByTimeValid, DateTime.Now, true)
.Find(X509FindType.FindByKeyUsage, X509KeyUsageFlags.DigitalSignature, true);
if ((string.IsNullOrEmpty(cerSerie)))
{
certificatesSel = X509Certificate2UI.SelectFromCollection(certificates, "Certificados Digitais", "Selecione o Certificado Digital para uso no aplicativo", X509SelectionFlag.SingleSelection);
if ((certificatesSel.Count == 0))
{
certificate.Reset();
throw new Exception("Nenhum certificado digital foi selecionado ou o certificado selecionado está com problemas.");
}
certificate = certificatesSel[0];
}
else
{
certificatesSel = certificates.Find(X509FindType.FindBySerialNumber, cerSerie, true);
if ((certificatesSel.Count == 0))
{
certificate.Reset();
throw new Exception("Certificado digital não encontrado");
}
certificate = certificatesSel[0];
}
store.Close();
return certificate;
}
catch (Exception exception)
{
throw new Exception(exception.Message);
}
}
bool TryGetMatchingX509Certificate(IntPtr certContext, X509FindType findType,
uint dwFindType, object findValue, bool validOnly, out X509Certificate2 cert)
{
cert = new X509Certificate2(certContext);
if (dwFindType == CAPI.CERT_FIND_ANY)
{
switch (findType)
{
case X509FindType.FindBySubjectDistinguishedName:
if (0 != String.Compare((string)findValue, cert.SubjectName.Name, StringComparison.OrdinalIgnoreCase))
{
cert.Reset();
cert = null;
return false;
}
break;
case X509FindType.FindByIssuerDistinguishedName:
if (0 != String.Compare((string)findValue, cert.IssuerName.Name, StringComparison.OrdinalIgnoreCase))
{
cert.Reset();
cert = null;
return false;
}
break;
case X509FindType.FindBySerialNumber:
if (!BinaryMatches((byte[])findValue, cert.GetSerialNumber()))
{
cert.Reset();
cert = null;
return false;
}
break;
case X509FindType.FindBySubjectKeyIdentifier:
X509SubjectKeyIdentifierExtension skiExtension =
cert.Extensions[CAPI.SubjectKeyIdentifierOid] as X509SubjectKeyIdentifierExtension;
if (skiExtension == null || !BinaryMatches((byte[])findValue, skiExtension.RawData))
{
cert.Reset();
cert = null;
return false;
}
break;
default:
DiagnosticUtility.DebugAssert(findType + " is not supported!");
break;
}
}
if (validOnly)
{
X509Chain chain = new X509Chain(false);
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
chain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
if (!chain.Build(cert))
{
cert.Reset();
cert = null;
return false;
}
}
return cert != null;
}
