public void SubTest()
{
X509Certificate2 x509 = new X509Certificate2(@"C:\Users\bxu.CHINA\Desktop\HYD-801\1234\cert\ABCFR_ABCFRALMMACC1.crt");
//X509Certificate2 x509 = new X509Certificate2(@"..\..\..\ApacheQpidClient\certificates\LiquidCapital\LCMLO_ABCFRALMMACC1.crt");
byte[] rawdata = x509.RawData;
Console.WriteLine("Content Type: {0}{1}", X509Certificate2.GetCertContentType(rawdata), Environment.NewLine);
Console.WriteLine("Friendly Name: {0}{1}", x509.FriendlyName, Environment.NewLine);
Console.WriteLine("Certificate Verified?: {0}{1}", x509.Verify(), Environment.NewLine);
Console.WriteLine("Simple Name: {0}{1}", x509.GetNameInfo(X509NameType.SimpleName, true), Environment.NewLine);
Console.WriteLine("Signature Algorithm: {0}{1}", x509.SignatureAlgorithm.FriendlyName, Environment.NewLine);
// Console.WriteLine("Private Key: {0}{1}", x509.PrivateKey.ToXmlString(false), Environment.NewLine); // cer里面并没有私钥信息
Console.WriteLine("Public Key: {0}{1}", x509.PublicKey.Key.ToXmlString(false), Environment.NewLine);
Console.WriteLine("Certificate Archived?: {0}{1}", x509.Archived, Environment.NewLine);
Console.WriteLine("Length of Raw Data: {0}{1}", x509.RawData.Length, Environment.NewLine);
Console.WriteLine("SubjectName: {0}{1}", x509.SubjectName, Environment.NewLine);
Console.WriteLine("Subject: {0}{1}", x509.Subject, Environment.NewLine);
}
internal static bool IsValid(string filePath, string certPassword)
{
Logger.EnteringMethod();
System.Security.Cryptography.X509Certificates.X509Certificate2 certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(filePath, certPassword);
return(certificate.Verify());
}
/// <summary>
/// Check if a .NET assembly can be loaded and has a valid certificate
/// </summary>
/// <param name="assemblyPath">Path of the assembly file</param>
/// <returns></returns>
public static bool CheckAssemblyForValidCertificate(string assemblyPath)
{
//Verify the assembly exists
if (!File.Exists(assemblyPath))
{
throw new Exception(String.Format(
"A dll file was not found at {0}. No certificate was able to be verified.", assemblyPath));
}
//Verify that you can load the assembly into a Reflection only context
Assembly asm;
try
{
asm = Assembly.ReflectionOnlyLoadFrom(assemblyPath);
}
catch
{
throw new Exception(String.Format(
"A dll file found at {0} could not be loaded.", assemblyPath));
}
//Verify the node library has a verified signed certificate
X509Certificate cert;
try
{
cert = X509Certificate.CreateFromSignedFile(assemblyPath);
}
catch
{
throw new Exception(String.Format(
"A dll file found at {0} did not have a certificate attached.", assemblyPath));
}
if (cert != null)
{
var cert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(cert);
if (cert2.Verify())
{
return(true);
}
}
throw new Exception(String.Format(
"A dll file found at {0} did not have a signed certificate.", assemblyPath));
}
static int Test (string site)
{
#if NET_2_0
string certFile = Path.Combine (AppDomain.CurrentDomain.BaseDirectory,
"www.microsoft.com.crt");
SSCX.X509Certificate2 cer = new SSCX.X509Certificate2 (certFile);
Assert.IsTrue (cer.Verify (), "#1");
SSCX.X509Chain chain = new SSCX.X509Chain ();
Assert.IsTrue (chain.Build (cer), "#2");
#endif
HttpWebRequest request = (HttpWebRequest) WebRequest.Create (site);
request.Method = "GET";
try {
HttpWebResponse response = (HttpWebResponse) request.GetResponse ();
using (StreamReader sr = new StreamReader (response.GetResponseStream (), Encoding.UTF8, true)) {
string result = sr.ReadToEnd ();
if (result.IndexOf ("<title>Microsoft Corporation</title>") == -1) {
Console.WriteLine (result);
return 1;
}
}
response.Close ();
} catch (WebException ex) {
if (ex.Response != null) {
StreamReader sr = new StreamReader (ex.Response.GetResponseStream ());
Console.WriteLine (sr.ReadToEnd ());
} else {
Console.WriteLine (ex.ToString ());
}
return 2;
}
return 0;
}
private void VerifyCertificate(Domain domain)
{
try
{
_Certificate = HttpGet.GetCertificate(domain.Server);
BtnCertificateStatus.Cursor = Cursors.Hand;
if (_Certificate.Verify() == true)
{
_CertificateStatus = Resources.CertificateStatusValid;
BtnCertificateStatus.BackgroundImage = Resources.certificate_valid;
}
else
{
throw new Exception(Resources.CertificateStatusInvalid);
}
}
catch (Exception ex)
{
_CertificateStatus = ex.Message;
BtnCertificateStatus.BackgroundImage = Resources.certificate_invalid;
}
}
/// <summary>
/// Gets the certificate corresponding to the specified URL from the cache of certificates. If the cache doesn't contain the certificate, it is downloaded and verified.
/// </summary>
/// <param name="certUrl">The URL pointing to the certificate.</param>
/// <returns>An <see cref="System.Security.Cryptography.X509Certificates.X509Certificate2"/> object containing the details of the certificate.</returns>
/// <exception cref="PayPal.PayPalException">Thrown if the downloaded certificate cannot be verified.</exception>
public X509Certificate2Collection GetCertificatesFromUrl(string certUrl)
{
// If we haven't already cached this URL, then download, verify, and cache it.
if(!certificates.ContainsKey(certUrl))
{
// Download the certificate.
string certData;
using (var webClient = new WebClient())
{
certData = webClient.DownloadString(certUrl);
}
// Load all the certificates.
// NOTE: The X509Certificate2Collection.Import() method only
// imports the first certifcate, even if a stream contains
// multiple certificates. For this reason, we'll load the
// certificates one-by-one, verifying as we go.
var results = certData.Split(new string[] { "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----" }, StringSplitOptions.RemoveEmptyEntries);
var collection = new X509Certificate2Collection();
foreach (var result in results)
{
var trimmed = result.Trim();
if (!string.IsNullOrEmpty(trimmed))
{
var certificate = new X509Certificate2(System.Text.Encoding.UTF8.GetBytes(trimmed));
// Verify the certificate before adding it to the collection.
if(certificate.Verify())
{
collection.Add(certificate);
}
else
{
throw new PayPalException("Unable to verify the certificate(s) found at " + certUrl);
}
}
}
certificates[certUrl] = collection;
}
return certificates[certUrl];
}
/// <summary>
/// Generate a random init value.
/// </summary>
/// <param name="internetSource">Use random.org for random source</param>
/// <returns>Byte array IV</returns>
private byte[] generateValidIV(bool internetSource)
{
byte[] result = new byte[16];
if (!internetSource)
{
RandomNumberGenerator rng = new RNGCryptoServiceProvider();
rng.GetBytes(result);
}
else
{
if (checkRandomORGQuota())
{
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://www.random.org/integers/?num=16&min=0&max=255&col=1&base=10&format=plain&rnd=new");
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Stream receiveStream = response.GetResponseStream();
Encoding encode = System.Text.Encoding.GetEncoding("utf-8");
StreamReader readStream = new StreamReader(receiveStream, encode);
string[] randomNumbers = (readStream.ReadToEnd()).Trim().Split('\n');
for (int i = 0; i < 16; i++)
{
result[i] = Convert.ToByte(randomNumbers[i]);
}
response.Close();
X509Certificate cert = request.ServicePoint.Certificate;
X509Certificate2 cert2 = new X509Certificate2(cert);
if (isConsole)
{
util.writeFullWidth("Random.org Certificate Information:", ConsoleColor.White, ConsoleColor.DarkBlue);
Console.WriteLine("\n" + cert2.SubjectName.Decode(X500DistinguishedNameFlags.UseNewLines) + "\n");
}
if (cert2.Verify())
{
if (isConsole)
Console.WriteLine("OK!");
}
else
throw new Exception("Certificate Chain Cannot Be Verified!");
}
else
throw new Exception("Exceeded Random.Org Quota");
}
return result;
}
private static X509Certificate2 LoadCertificate(string certificateType, string certifcateLocation, string certKeyPassword)
{
try
{
if (certificateType == "file")
{
X509Certificate2 serverCertificate = new X509Certificate2(certifcateLocation, certKeyPassword);
//DisplayCertificateChain(m_serverCertificate);
bool verifyCert = serverCertificate.Verify();
logger.Debug("Server Certificate loaded from file, Subject=" + serverCertificate.Subject + ", valid=" + verifyCert + ".");
return serverCertificate;
}
else
{
StoreLocation store = (certificateType == "machinestore") ? StoreLocation.LocalMachine : StoreLocation.CurrentUser;
return AppState.LoadCertificate(store, certifcateLocation, true);
}
}
catch (Exception excp)
{
logger.Error("Exception LoadCertificate. " + excp.Message);
return null;
}
}
public bool IsAuthenticated(HttpClientCertificate httpClientCertificate)
{
var certificate = new X509Certificate2(httpClientCertificate.Certificate);
return !certificate.Archived && certificate.Verify();
}
private bool VerifyInAllStores(X509Certificate2 certificate2)
{
try
{
X509Chain chain = new X509Chain(true);
return chain.Build(certificate2) || certificate2.Verify();
}
catch (CryptographicException)
{
return false;
}
}
internal static CertificateStatusResult GetCertificateStatus(string certFilePath, bool ignoreCertificateErrors)
{
CertificateStatusResult result = new CertificateStatusResult();
System.Security.Cryptography.X509Certificates.X509Certificate2 certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certFilePath);
DateTime expirationDate = certificate.NotAfter;
DateTime effectiveDate = certificate.NotBefore;
Logger.Write("EffectiveDate : " + effectiveDate.ToString() + " / ExpirationDate : " + expirationDate.ToString());
bool valid = certificate.Verify();
result.ExpirationDate = expirationDate;
System.IO.File.Delete(certFilePath);
if (!valid)
{
if (DateTime.Compare(DateTime.Now, expirationDate) == 1)
{
Logger.Write("Expired ! ");
if (ignoreCertificateErrors)
{
Logger.Write("Will ignore Code-Signing Certificate Errors !!!");
result.Status = CertificateStatus.Valid;
return(result);
}
else
{
result.Status = CertificateStatus.Expired;
return(result);
}
}
if (DateTime.Compare(DateTime.Now, effectiveDate) == -1)
{
Logger.Write("Not Yet Valid ! ");
if (ignoreCertificateErrors)
{
Logger.Write("Will ignore Code-Signing Certificate Errors !!!");
result.Status = CertificateStatus.Valid;
return(result);
}
else
{
result.Status = CertificateStatus.NotYetValid;
return(result);
}
}
Logger.Write("Invalid !");
if (ignoreCertificateErrors)
{
Logger.Write("Will ignore Code-Signing Certificate Errors !!!");
result.Status = CertificateStatus.Valid;
return(result);
}
else
{
result.Status = CertificateStatus.Invalid;
return(result);
}
}
if (expirationDate.Subtract(DateTime.Now).Days < 30)
{
Logger.Write("Near Expiration");
result.Status = CertificateStatus.NearExpiration;
return(result);
}
Logger.Write("Valid");
result.Status = CertificateStatus.Valid;
return(result);
}
static void Main(string[] args)
{
Console.Error.WriteLine("ShowAdCerts v1.0, (c) 2012 Zetetic LLC");
if (args.Length == 1 && args[0].EndsWith("?"))
{
Console.Error.WriteLine(@"Switches (all are optional):
-h host or domain name (default = default logon server)
-f ldap filter (default = userCertificate=* )
-b search base (default = domain root NC )
-v (turn on cert validation of non-expired certs )
-r (dump raw cert data )
");
System.Environment.ExitCode = 1;
return;
}
string searchbase = null, filter = "(&(userCertificate=*))", host = "";
bool validate = false, raw = false;
try
{
for (int i = 0; i < args.Length; i++)
{
switch (args[i])
{
case "-h":
host = args[++i];
break;
case "-r":
raw = true;
break;
case "-f":
filter = args[++i];
switch (filter.ToLowerInvariant())
{
case "computer":
filter = "(&(userCertificate=*)(objectCategory=computer))";
break;
case "user":
case "person":
filter = "(&(userCertificate=*)(objectCategory=person))";
break;
}
break;
case "-b":
searchbase = args[++i];
break;
case "-v":
validate = true;
break;
default:
Console.Error.WriteLine("Unknown argument {0}", args[i]);
break;
}
}
using (var conn = new LdapConnection(host))
{
conn.SessionOptions.ProtocolVersion = 3;
if (string.IsNullOrEmpty(searchbase))
{
var e = ((SearchResponse)conn.SendRequest(new SearchRequest(
"",
"(&(objectClass=*))",
SearchScope.Base,
"defaultNamingContext"))).Entries[0];
searchbase = e.Attributes["defaultNamingContext"][0].ToString();
}
var srch = new SearchRequest(searchbase, filter, SearchScope.Subtree, "userCertificate");
var pager = new PageResultRequestControl();
srch.Controls.Add(pager);
int count = 0;
while (true)
{
var resp = (SearchResponse)conn.SendRequest(srch);
foreach (SearchResultEntry se in resp.Entries)
{
if (!se.Attributes.Contains("userCertificate"))
{
continue;
}
Console.WriteLine("# {0}", ++count);
Console.WriteLine("dn: {0}", se.DistinguishedName);
foreach (var o in se.Attributes["userCertificate"].GetValues(typeof(byte[])))
{
byte[] bytes = (byte[])o;
try
{
X509Certificate2 cert = new X509Certificate2(bytes);
Console.WriteLine("subject: {0}", string.IsNullOrEmpty(cert.Subject) ? cert.SubjectName.Name : cert.Subject);
Console.WriteLine("issuer: {0}", cert.Issuer);
Console.WriteLine("thumbprint: {0}", cert.Thumbprint);
Console.WriteLine("serial: {0}", cert.SerialNumber);
var estr = cert.GetExpirationDateString();
var expired = false;
if (!string.IsNullOrEmpty(estr))
{
Console.WriteLine("exp: {0}", estr);
DateTime dt;
if (DateTime.TryParse(estr, out dt) && dt < DateTime.Now)
{
Console.WriteLine("expired: TRUE");
expired = true;
}
}
if (validate && !expired)
{
Console.WriteLine("valid: {0}", cert.Verify().ToString().ToUpperInvariant());
}
}
catch (Exception e)
{
Console.WriteLine("exception: {0}, {1}", e.GetType(), e.Message);
}
if (raw)
{
var s = Convert.ToBase64String(bytes);
Console.WriteLine("-----BEGIN CERTIFICATE-----");
for (int i = 0; i < s.Length; i += 78)
{
Console.WriteLine(s.Substring(i, Math.Min(78, s.Length - i)));
}
Console.WriteLine("-----END CERTIFICATE-----");
}
Console.WriteLine("-");
}
Console.WriteLine("");
}
var rc = resp.Controls.SingleOrDefault(t => t is PageResultResponseControl) as PageResultResponseControl;
if (rc == null || rc.Cookie == null || rc.Cookie.Length == 0)
break;
pager.Cookie = rc.Cookie;
}
}
}
catch (Exception e)
{
Console.Error.WriteLine("Error type = {0}, message = {1}, stack = {2}", e.GetType(), e.Message, e.StackTrace);
System.Environment.ExitCode = 2;
}
}
/// <summary>
/// Read CA private key file from .key or pfx file
/// Read data from certificate request file .csr
/// Generate signed certificate request file .cer
/// </summary>
/// <param name="signedCERFile"></param>
/// <param name="privateKeyFile"></param>
/// <param name="v"></param>
/// <param name="password"></param>
private async void GenerateCerFile(string certRequestFile,
string privateKeyFile,
string generateSignedCertificateFile,
string password, string friendlyName,
DateTime startDate, DateTime endDate)
{
#region LoadCertificate
// read public & private key from file
AsymmetricKeyParameter privateKey = null;
AsymmetricKeyParameter publicKey = null;
System.Security.Cryptography.X509Certificates.X509Certificate2 issuerCertificate = null;
Org.BouncyCastle.X509.X509Certificate issuerCertificateX509 = null;
// Ovo NE radi
//issuerCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(
// privateKeyFile,
// password
// );
// Ovo RADI
issuerCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(
privateKeyFile,
password,
System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable
);
// This doesn't work for selfsign certificate
//bool isOK = issuerCertificate.Verify();
bool isHasPrivateKey = issuerCertificate.HasPrivateKey;
DateTime noAfter = issuerCertificate.NotAfter;
DateTime noBefore = issuerCertificate.NotBefore;
X509ExtensionCollection x509extensions = issuerCertificate.Extensions;
int errorNum = 0;
X509CertificateParser parser = new X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate bouncyCertificate = parser.ReadCertificate(issuerCertificate.RawData);
BasicConstraints basicConstraints = null;
bool isCa = false;
Asn1OctetString str = bouncyCertificate.GetExtensionValue(new DerObjectIdentifier("2.5.29.19"));
if (str != null)
{
basicConstraints = BasicConstraints.GetInstance(
X509ExtensionUtilities.FromExtensionValue(str));
if (basicConstraints != null)
{
isCa = basicConstraints.IsCA();
}
}
if (!isCa)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "Loaded CA file: " + privateKeyFile + " IS NOT CA authority certificate file!" + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
// This doesn't work for selfsign certificate
//if (!isOK)
//{
// errorNum++;
// Brush bckForeground = tbOutputMessageBox.Foreground;
// tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
// tbOutputMessageBox.Text += "File with CA certificate NOT valid." + "\n";
// tbOutputMessageBox.Foreground = bckForeground;
//}
if (!isHasPrivateKey)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "File with CA certificate DOES NOT have a private key." + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
if (noBefore > startDate)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "File with CA certificate start date: " + startDate.ToLocalTime() + " DOES NOT valid value. Certificate start date is: " + noBefore.ToLocalTime() + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
if (noAfter < endDate)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "File with CA certificate end date: " + endDate.ToLocalTime() + " DOES NOT valid value. Certificate end date is: " + noAfter.ToLocalTime() + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
if (errorNum > 0)
{
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "File with CA certificate has error!!!" + "\n";
tbOutputMessageBox.Foreground = bckForeground;
return;
}
bool isOk = issuerCertificate.Verify();
AsymmetricCipherKeyPair issuerKeyPairTmp = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey);
privateKey = issuerKeyPairTmp.Private;
publicKey = issuerKeyPairTmp.Public;
issuerCertificateX509 = new Org.BouncyCastle.X509.X509CertificateParser().ReadCertificate(issuerCertificate.GetRawCertData());
issuerCertificateX509.Verify(publicKey);
Org.BouncyCastle.X509.X509Certificate x509 = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(issuerCertificate);
x509.Verify(publicKey);
x509.CheckValidity(startDate);
#endregion
// Read certificate request .csr file
Pkcs10CertificationRequest cerRequest = null;
try
{
String input_data = File.ReadAllText(certRequestFile);
StringReader sr = new StringReader(input_data);
PemReader pr = new PemReader(sr);
cerRequest = (Pkcs10CertificationRequest)pr.ReadObject();
tbOutputMessageBox.Text += "Verify file with certificate request : " + certRequestFile + "\n";
bool requestIsOK = cerRequest.Verify();
if (requestIsOK)
{
tbOutputMessageBox.Text += "File with certificate request : " + certRequestFile + " is OK." + "\n";
}
else
{
tbOutputMessageBox.Text += "File with certificate request : " + certRequestFile + " NOT valid." + "\n";
return;
}
}
catch (Exception ex)
{
var metroWindow = (Application.Current.MainWindow as MetroWindow);
await metroWindow.ShowMessageAsync("Info Warning",
"ERROR reading certificate request file (.csr)" + "\n" +
"Error: " + ex.Source + " " + ex.Message,
MessageDialogStyle.Affirmative);
return;
}
Org.BouncyCastle.X509.X509Certificate genCert = GenerateSignedCertificate(
cerRequest,
x509,
issuerKeyPairTmp,
startDate, endDate);
try
{
File.WriteAllBytes(System.IO.Path.ChangeExtension(generateSignedCertificateFile, ".cer"), genCert.GetEncoded());
tbOutputMessageBox.Text += "Certificate file: " + generateSignedCertificateFile + " sucessfully saved." + "\n";
signedRequestFileNamePath = generateSignedCertificateFile;
btnContinue.IsEnabled = true;
}
catch (Exception)
{
tbOutputMessageBox.Text += "Certificate file sucessfully generated." + "\n";
}
#region Public Key
//try
//{
// var store = new Pkcs12Store();
// string friendlyName1 = issuerCertificateX509.SubjectDN.ToString();
// var certificateEntry = new X509CertificateEntry(issuerCertificateX509);
// store.SetCertificateEntry(friendlyName1, certificateEntry);
// store.SetKeyEntry(friendlyName1, new AsymmetricKeyEntry(privateKey), new[] { certificateEntry });
// var stream = new MemoryStream();
// var random1 = GetSecureRandom();
// store.Save(stream, "password".ToCharArray(), random1);
// //Verify that the certificate is valid.
// var convertedCertificate = new X509Certificate2(stream.ToArray(), "password", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
// //Write the file.
// File.WriteAllBytes(generateSignedCertificateFile, stream.ToArray());
// File.WriteAllBytes(System.IO.Path.ChangeExtension(generateSignedCertificateFile, ".cer"), genCert.GetEncoded());
// //using (TextWriter tw = new StreamWriter(outputPublicKeyName))
// //{
// // PemWriter pw = new PemWriter(tw);
// // pw.WriteObject(subjectKeyPair.Public);
// // tw.Flush();
// //}
// tbOutputMessageBox.Text += "File with private key: " + generateSignedCertificateFile + " sucessfully generated." + "\n";
//}
//catch (Exception ex)
//{
// var metroWindow = (Application.Current.MainWindow as MetroWindow);
// await metroWindow.ShowMessageAsync("Info Warning",
// "ERROR creating certificate private key file (.key)" + "\n" +
// "Error: " + ex.Source + " " + ex.Message,
// MessageDialogStyle.Affirmative);
// return;
//}
//StringBuilder publicKeyStrBuilder = new StringBuilder();
//PemWriter publicKeyPemWriter = new PemWriter(new StringWriter(publicKeyStrBuilder));
//publicKeyPemWriter.WriteObject(genCert.GetPublicKey());
//publicKeyPemWriter.Writer.Flush();
//string publicKey = publicKeyStrBuilder.ToString();
//try
//{
// using (TextWriter tw = new StreamWriter(generateSignedCertificateFile))
// {
// PemWriter pw = new PemWriter(tw);
// pw.WriteObject(genCert.GetPublicKey());
// tw.Flush();
// }
// tbOutputMessageBox.Text += "File with private key: " + generateSignedCertificateFile + " sucessfully generated." + "\n";
//}
//catch (Exception ex)
//{
// var metroWindow = (Application.Current.MainWindow as MetroWindow);
// await metroWindow.ShowMessageAsync("Info Warning",
// "ERROR creating certificate private key file (.key)" + "\n" +
// "Error: " + ex.Source + " " + ex.Message,
// MessageDialogStyle.Affirmative);
// return;
//}
#endregion Public Key
}
private void OutputCertificate(X509Certificate2 x509Certificate)
{
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("Certificate Data: ******************************************************************");
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("Basic Certificate Information");
//System.Diagnostics.Debug.WriteLine("\t Content Type: " + X509Certificate2.GetCertContentType(x509Certificate.RawData));
System.Diagnostics.Debug.WriteLine("\t Format: " + x509Certificate.GetFormat());
System.Diagnostics.Debug.WriteLine("\t Version: " + x509Certificate.Version.ToString());
System.Diagnostics.Debug.WriteLine("\t Hash String: " + x509Certificate.GetCertHashString());
System.Diagnostics.Debug.WriteLine("\t Issuer Name: " + x509Certificate.IssuerName.Name);
System.Diagnostics.Debug.WriteLine("\t Issuer Name OID: " + x509Certificate.IssuerName.Oid.Value);
System.Diagnostics.Debug.WriteLine("\t Subject Name: " + x509Certificate.SubjectName.Name);
System.Diagnostics.Debug.WriteLine("\t Serial Number: " + x509Certificate.GetSerialNumberString());
System.Diagnostics.Debug.WriteLine("\t Thumb Print: " + x509Certificate.Thumbprint);
System.Diagnostics.Debug.WriteLine("\t Friendly Name: " + x509Certificate.FriendlyName);
System.Diagnostics.Debug.WriteLine("\t Signature Algorithm: " + x509Certificate.SignatureAlgorithm.FriendlyName);
if (null != x509Certificate.PrivateKey)
System.Diagnostics.Debug.WriteLine("\t Signature Key Exchange Algorithm: " + x509Certificate.PrivateKey.KeyExchangeAlgorithm);
else
System.Diagnostics.Debug.WriteLine("\t Signature Key Exchange Algorithm: ");
System.Diagnostics.Debug.WriteLine("\t Key Algorithm Parameters: " + x509Certificate.GetKeyAlgorithmParametersString());
System.Diagnostics.Debug.WriteLine("\t Not Valid Before: " + x509Certificate.NotBefore.ToString());
System.Diagnostics.Debug.WriteLine("\t Not Valid After: " + x509Certificate.NotAfter.ToString());
System.Diagnostics.Debug.WriteLine("\t Can Be Verified: " + x509Certificate.Verify());
System.Diagnostics.Debug.WriteLine("\t Is Archived: " + x509Certificate.Archived);
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("X509 Name Elements");
System.Diagnostics.Debug.WriteLine("\t X509 Simple Name: " + x509Certificate.GetNameInfo(X509NameType.SimpleName, false));
System.Diagnostics.Debug.WriteLine("\t X509 DNS From Alternative Name: " + x509Certificate.GetNameInfo(X509NameType.DnsFromAlternativeName, false));
System.Diagnostics.Debug.WriteLine("\t X509 DNS Name: " + x509Certificate.GetNameInfo(X509NameType.DnsName, false));
System.Diagnostics.Debug.WriteLine("\t X509 Email Name: " + x509Certificate.GetNameInfo(X509NameType.EmailName, false));
System.Diagnostics.Debug.WriteLine("\t X509 UPN Name: " + x509Certificate.GetNameInfo(X509NameType.UpnName, false));
System.Diagnostics.Debug.WriteLine("\t X509 URL Name: " + x509Certificate.GetNameInfo(X509NameType.UrlName, false));
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("X509 Name Elements for Issuer");
System.Diagnostics.Debug.WriteLine("\t X509 Simple Name: " + x509Certificate.GetNameInfo(X509NameType.SimpleName, true));
System.Diagnostics.Debug.WriteLine("\t X509 DNS From Alternative Name: " + x509Certificate.GetNameInfo(X509NameType.DnsFromAlternativeName, true));
System.Diagnostics.Debug.WriteLine("\t X509 DNS Name: " + x509Certificate.GetNameInfo(X509NameType.DnsName, true));
System.Diagnostics.Debug.WriteLine("\t X509 Email Name: " + x509Certificate.GetNameInfo(X509NameType.EmailName, true));
System.Diagnostics.Debug.WriteLine("\t X509 UPN Name: " + x509Certificate.GetNameInfo(X509NameType.UpnName, true));
System.Diagnostics.Debug.WriteLine("\t X509 URL Name: " + x509Certificate.GetNameInfo(X509NameType.UrlName, true));
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("Keys");
System.Diagnostics.Debug.WriteLine("\t Public Key: " + x509Certificate.PublicKey.Key.ToXmlString(false));
if (null != x509Certificate.PrivateKey)
System.Diagnostics.Debug.WriteLine("\t Private Key: " + x509Certificate.PrivateKey.ToXmlString(false));
else
System.Diagnostics.Debug.WriteLine("\t Private Key: ");
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("Raw Cert");
System.Diagnostics.Debug.WriteLine("\t " + x509Certificate.GetRawCertDataString());
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("************************************************************************************");
System.Diagnostics.Debug.WriteLine("");
}
public bool VerifySignature(string msiFileName)
{
try
{
X509Certificate basicSigner = X509Certificate.CreateFromSignedFile(msiFileName);
X509Certificate2 cert = new X509Certificate2(basicSigner);
System.Console.WriteLine("issuer:" + cert.Issuer);
System.Console.WriteLine("serial:" + cert.SerialNumber);
System.Console.WriteLine("expiration date:" + cert.NotAfter.ToString());
System.Console.WriteLine("subject:" + cert.Subject);
System.Console.WriteLine("verified:" + (cert.Verify() ? "true" : "false"));
if (DateTime.Now > cert.NotAfter)
{
System.Console.WriteLine("cert has expired: " + cert.NotAfter.ToString());
return false;
}
if (DateTime.Now < cert.NotBefore)
{
System.Console.WriteLine("cert not yet active: " + cert.NotBefore.ToString());
return false;
}
string serial = cert.SerialNumber;
string issuer = cert.Issuer;
string company = cert.Subject;
foreach (CertStrings o in mCertStrings)
{
if (o.Matches(serial, issuer, company))
{
return true;
}
}
System.Console.WriteLine("creds not found >> serial: " + serial + " issuer: " + issuer + " company: " + company);
}
catch (SystemException e)
{
System.Console.WriteLine("could not extract cert from file: " + msiFileName + " (" + e + ")");
}
return false;
}
public X509Certificate2Collection Find(X509FindType findType, object findValue, bool validOnly)
{
if (findValue == null)
{
throw new ArgumentNullException("findValue");
}
string text = string.Empty;
string text2 = string.Empty;
X509KeyUsageFlags x509KeyUsageFlags = X509KeyUsageFlags.None;
DateTime t = DateTime.MinValue;
switch (findType)
{
case X509FindType.FindByThumbprint:
case X509FindType.FindBySubjectName:
case X509FindType.FindBySubjectDistinguishedName:
case X509FindType.FindByIssuerName:
case X509FindType.FindByIssuerDistinguishedName:
case X509FindType.FindBySerialNumber:
case X509FindType.FindByTemplateName:
case X509FindType.FindBySubjectKeyIdentifier:
try
{
text = (string)findValue;
}
catch (Exception inner)
{
string text3 = Locale.GetText("Invalid find value type '{0}', expected '{1}'.", new object[]
{
findValue.GetType(),
"string"
});
throw new CryptographicException(text3, inner);
}
break;
case X509FindType.FindByTimeValid:
case X509FindType.FindByTimeNotYetValid:
case X509FindType.FindByTimeExpired:
try
{
t = (DateTime)findValue;
}
catch (Exception inner2)
{
string text4 = Locale.GetText("Invalid find value type '{0}', expected '{1}'.", new object[]
{
findValue.GetType(),
"X509DateTime"
});
throw new CryptographicException(text4, inner2);
}
break;
case X509FindType.FindByApplicationPolicy:
case X509FindType.FindByCertificatePolicy:
case X509FindType.FindByExtension:
try
{
text2 = (string)findValue;
}
catch (Exception inner3)
{
string text5 = Locale.GetText("Invalid find value type '{0}', expected '{1}'.", new object[]
{
findValue.GetType(),
"X509KeyUsageFlags"
});
throw new CryptographicException(text5, inner3);
}
try
{
CryptoConfig.EncodeOID(text2);
}
catch (CryptographicUnexpectedOperationException)
{
string text6 = Locale.GetText("Invalid OID value '{0}'.", new object[]
{
text2
});
throw new ArgumentException("findValue", text6);
}
break;
case X509FindType.FindByKeyUsage:
try
{
x509KeyUsageFlags = (X509KeyUsageFlags)((int)findValue);
}
catch (Exception inner4)
{
string text7 = Locale.GetText("Invalid find value type '{0}', expected '{1}'.", new object[]
{
findValue.GetType(),
"X509KeyUsageFlags"
});
throw new CryptographicException(text7, inner4);
}
break;
default:
{
string text8 = Locale.GetText("Invalid find type '{0}'.", new object[]
{
findType
});
throw new CryptographicException(text8);
}
}
CultureInfo invariantCulture = CultureInfo.InvariantCulture;
X509Certificate2Collection x509Certificate2Collection = new X509Certificate2Collection();
foreach (object obj in base.InnerList)
{
X509Certificate2 x509Certificate = (X509Certificate2)obj;
bool flag = false;
switch (findType)
{
case X509FindType.FindByThumbprint:
flag = (string.Compare(text, x509Certificate.Thumbprint, true, invariantCulture) == 0 || string.Compare(text, x509Certificate.GetCertHashString(), true, invariantCulture) == 0);
break;
case X509FindType.FindBySubjectName:
{
string nameInfo = x509Certificate.GetNameInfo(X509NameType.SimpleName, false);
flag = (nameInfo.IndexOf(text, StringComparison.InvariantCultureIgnoreCase) >= 0);
break;
}
case X509FindType.FindBySubjectDistinguishedName:
flag = (string.Compare(text, x509Certificate.Subject, true, invariantCulture) == 0);
break;
case X509FindType.FindByIssuerName:
{
string nameInfo2 = x509Certificate.GetNameInfo(X509NameType.SimpleName, true);
flag = (nameInfo2.IndexOf(text, StringComparison.InvariantCultureIgnoreCase) >= 0);
break;
}
case X509FindType.FindByIssuerDistinguishedName:
flag = (string.Compare(text, x509Certificate.Issuer, true, invariantCulture) == 0);
break;
case X509FindType.FindBySerialNumber:
flag = (string.Compare(text, x509Certificate.SerialNumber, true, invariantCulture) == 0);
break;
case X509FindType.FindByTimeValid:
flag = (t >= x509Certificate.NotBefore && t <= x509Certificate.NotAfter);
break;
case X509FindType.FindByTimeNotYetValid:
flag = (t < x509Certificate.NotBefore);
break;
case X509FindType.FindByTimeExpired:
flag = (t > x509Certificate.NotAfter);
break;
case X509FindType.FindByApplicationPolicy:
flag = (x509Certificate.Extensions.Count == 0);
break;
case X509FindType.FindByExtension:
flag = (x509Certificate.Extensions[text2] != null);
break;
case X509FindType.FindByKeyUsage:
{
X509KeyUsageExtension x509KeyUsageExtension = x509Certificate.Extensions["2.5.29.15"] as X509KeyUsageExtension;
flag = (x509KeyUsageExtension == null || (x509KeyUsageExtension.KeyUsages & x509KeyUsageFlags) == x509KeyUsageFlags);
break;
}
case X509FindType.FindBySubjectKeyIdentifier:
{
X509SubjectKeyIdentifierExtension x509SubjectKeyIdentifierExtension = x509Certificate.Extensions["2.5.29.14"] as X509SubjectKeyIdentifierExtension;
if (x509SubjectKeyIdentifierExtension != null)
{
flag = (string.Compare(text, x509SubjectKeyIdentifierExtension.SubjectKeyIdentifier, true, invariantCulture) == 0);
}
break;
}
}
if (flag)
{
if (validOnly)
{
try
{
if (x509Certificate.Verify())
{
x509Certificate2Collection.Add(x509Certificate);
}
}
catch
{
}
}
else
{
x509Certificate2Collection.Add(x509Certificate);
}
}
}
return(x509Certificate2Collection);
}
public static void GetSignatureInformation(string filename) {
if (HasValidSignature(filename)) {
var cert = new X509Certificate2(filename);
Console.WriteLine("Cert: {0}", cert.Subject);
var ch = new X509Chain();
ch.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;
ch.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 0);
ch.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;
ch.Build(cert);
ch.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;
Console.WriteLine("Chain Information");
Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag);
Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode);
Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags);
Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime);
Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length);
Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count);
Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine);
//Output chain element information.
Console.WriteLine("Chain Element Information");
Console.WriteLine("Number of chain elements: {0}", ch.ChainElements.Count);
foreach (var element in ch.ChainElements) {
Console.WriteLine("Element issuer name: {0}", element.Certificate.Issuer);
Console.WriteLine("Element certificate valid until: {0}", element.Certificate.NotAfter);
Console.WriteLine("Element certificate is valid: {0}", element.Certificate.Verify());
Console.WriteLine("Element error status length: {0}", element.ChainElementStatus.Length);
Console.WriteLine("Element information: {0}", element.Information);
Console.WriteLine("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine);
}
if (ch.ChainStatus.Length > 0) {
for (int index = 0; index < ch.ChainStatus.Length; index++) {
Console.WriteLine(ch.ChainStatus[index].Status);
Console.WriteLine(ch.ChainStatus[index].StatusInformation);
}
}
Console.WriteLine("Cert Valid?: {0}", cert.Verify());
}
}
public void RootTest()
{
// 验证根证书签名
X509Certificate2 x509Root = new X509Certificate2(@"..\..\..\ApacheQpidClient\certificates\LiquidCapital\LCMLO_LIQSPALBB.crt");
Console.WriteLine("Root Certificate Verified?: {0}{1}", x509Root.Verify(), Environment.NewLine); // 根证书是自签名,所以可以通过。
}
