static ArrayList LoadCRLs(string filename)
{
X509Crl crl = null;
ArrayList list = new ArrayList();
switch (Path.GetExtension(filename).ToUpper())
{
case ".P7B":
case ".SPC":
SoftwarePublisherCertificate spc = SoftwarePublisherCertificate.CreateFromFile(filename);
list.AddRange(spc.Crls);
spc = null;
break;
case ".CRL":
using (FileStream fs = File.OpenRead(filename)) {
byte[] data = new byte [fs.Length];
fs.Read(data, 0, data.Length);
crl = new X509Crl(data);
}
list.Add(crl);
break;
default:
Console.WriteLine("Unknown file extension: {0}",
Path.GetExtension(filename));
break;
}
return(list);
}
public void ReadNavy()
{
WriteBuffer(navy, false, false, false);
SoftwarePublisherCertificate spc = SoftwarePublisherCertificate.CreateFromFile(testfile);
Assert.AreEqual(3, spc.Certificates.Count, "navy.Certificates");
Assert.AreEqual(2, spc.Crls.Count, "navy.Crl");
}
public void ReadCRLOnly()
{
WriteBuffer(crlonly, false, false, false);
SoftwarePublisherCertificate spc = SoftwarePublisherCertificate.CreateFromFile(testfile);
Assert.AreEqual(0, spc.Certificates.Count, "crlonly.Certificates");
Assert.AreEqual(1, spc.Crls.Count, "crlonly.Crl");
}
public void ReadCertificateOnly_Base64Unicode()
{
WriteBuffer(certonly, true, true, false);
SoftwarePublisherCertificate spc = SoftwarePublisherCertificate.CreateFromFile(testfile);
Assert.AreEqual(1, spc.Certificates.Count, "certonly.Certificates");
Assert.AreEqual(0, spc.Crls.Count, "certonly.Crl");
}
static X509CertificateCollection LoadCertificates(string filename)
{
X509Certificate x509 = null;
X509CertificateCollection coll = new X509CertificateCollection();
switch (Path.GetExtension(filename).ToUpper())
{
case ".P7B":
case ".SPC":
SoftwarePublisherCertificate spc = SoftwarePublisherCertificate.CreateFromFile(filename);
coll.AddRange(spc.Certificates);
spc = null;
break;
case ".CER":
case ".CRT":
using (FileStream fs = File.OpenRead(filename)) {
byte[] data = new byte [fs.Length];
fs.Read(data, 0, data.Length);
if (data [0] != 0x30)
{
// maybe it's ASCII PEM base64 encoded ?
data = PEM("CERTIFICATE", data);
}
if (data != null)
{
x509 = new X509Certificate(data);
}
}
if (x509 != null)
{
coll.Add(x509);
}
break;
case ".P12":
case ".PFX":
// TODO - support PKCS12 with passwords
PKCS12 p12 = PKCS12.LoadFromFile(filename);
coll.AddRange(p12.Certificates);
p12 = null;
break;
default:
Console.WriteLine("Unknown file extension: {0}",
Path.GetExtension(filename));
break;
}
return(coll);
}
public void CompareCRLOnly()
{
WriteBuffer(crlonly, false, false, false);
SoftwarePublisherCertificate spc = SoftwarePublisherCertificate.CreateFromFile(testfile);
SoftwarePublisherCertificate newspc = new SoftwarePublisherCertificate();
newspc.Crls.Add(spc.Crls [0]);
byte[] newcrlonly = newspc.GetBytes();
Assert.AreEqual(crlonly, newcrlonly, "crlonly.compare");
SoftwarePublisherCertificate newerspc = new SoftwarePublisherCertificate(newcrlonly);
Assert.AreEqual(0, newerspc.Certificates.Count, "crlonly.Certificates");
Assert.AreEqual(1, newerspc.Crls.Count, "crlonly.Crl");
}
static private X509CertificateCollection GetCertificates(string spcfile)
{
if (spcfile == null)
{
Console.WriteLine("Missing SPC (certificate) file.");
return(null);
}
if (!File.Exists(spcfile))
{
Console.WriteLine("Couldn't find '{0}' file.", spcfile);
return(null);
}
SoftwarePublisherCertificate spc = SoftwarePublisherCertificate.CreateFromFile(spcfile);
return(spc.Certificates);
}
// methods
public void Open(string name, string location, bool readOnly, bool createIfNonExisting, bool includeArchives)
{
_name = name;
_location = location;
_readOnly = readOnly;
_createIfRequired = createIfNonExisting;
_includeArchives = includeArchives;
_saveOnClose = false;
if (File.Exists(_name))
{
_spc = SoftwarePublisherCertificate.CreateFromFile(_name);
}
else if (_createIfRequired)
{
_spc = new SoftwarePublisherCertificate();
_saveOnClose = true;
}
}
static int Process(string[] args)
{
int nargs = args.Length - 1;
if (nargs < 1)
{
error = "At least one input and output files must be specified";
return(1);
}
string output = args [nargs];
SoftwarePublisherCertificate spc = new SoftwarePublisherCertificate();
for (int i = 0; i < args.Length - 1; i++)
{
switch (Path.GetExtension(args[i]).ToLower())
{
case ".cer":
case ".crt":
spc.Certificates.Add(new X509Certificate(GetFile(args[i])));
break;
case ".crl":
spc.Crls.Add(GetFile(args[i]));
break;
default:
error = "Unknown file extension : " + args[i];
return(1);
}
}
using (FileStream fs = File.Open(output, FileMode.Create, FileAccess.Write))
{
byte[] data = spc.GetBytes();
fs.Write(data, 0, data.Length);
fs.Close();
}
return(0);
}
public void CompareReadNavy()
{
WriteBuffer(navy, false, false, false);
SoftwarePublisherCertificate spc = SoftwarePublisherCertificate.CreateFromFile(testfile);
SoftwarePublisherCertificate newspc = new SoftwarePublisherCertificate();
foreach (MSX.X509Certificate x in spc.Certificates)
{
newspc.Certificates.Add(x);
}
foreach (byte[] crl in spc.Crls)
{
newspc.Crls.Add(crl);
}
byte[] newnavy = newspc.GetBytes();
Assert.AreEqual(navy, newnavy, "navy.compare");
SoftwarePublisherCertificate newerspc = new SoftwarePublisherCertificate(newnavy);
Assert.AreEqual(3, newerspc.Certificates.Count, "navy.Certificates");
Assert.AreEqual(2, newerspc.Crls.Count, "navy.Crl");
}
static int Process()
{
X509CertificateCollection roots = DecodeCollection();
if (roots == null)
{
return(1);
}
else if (roots.Count == 0)
{
WriteLine("No certificates were found.");
return(0);
}
if (pkcs7filename != null)
{
SoftwarePublisherCertificate pkcs7 = new SoftwarePublisherCertificate();
pkcs7.Certificates.AddRange(roots);
WriteLine("Saving root certificates into '{0}' file...", pkcs7filename);
using (FileStream fs = File.OpenWrite(pkcs7filename)) {
byte[] data = pkcs7.GetBytes();
fs.Write(data, 0, data.Length);
fs.Close();
}
}
if (import)
{
WriteLine("Importing certificates into {0} store...",
machine ? "machine" : "user");
X509Stores stores = (machine ? X509StoreManager.LocalMachine : X509StoreManager.CurrentUser);
X509CertificateCollection trusted = stores.TrustedRoot.Certificates;
int additions = 0;
foreach (X509Certificate root in roots)
{
if (!trusted.Contains(root))
{
if (!confirmAddition || AskConfirmation("add", root))
{
stores.TrustedRoot.Import(root);
if (confirmAddition)
{
WriteLine("Certificate added.{0}", Environment.NewLine);
}
additions++;
}
}
}
if (additions > 0)
{
WriteLine("{0} new root certificates were added to your trust store.", additions);
}
X509CertificateCollection removed = new X509CertificateCollection();
foreach (X509Certificate trust in trusted)
{
if (!roots.Contains(trust))
{
removed.Add(trust);
}
}
if (removed.Count > 0)
{
if (confirmRemoval)
{
WriteLine("{0} previously trusted certificates were not part of the update.", removed.Count);
}
else
{
WriteLine("{0} previously trusted certificates were removed.", removed.Count);
}
foreach (X509Certificate old in removed)
{
if (!confirmRemoval || AskConfirmation("remove", old))
{
stores.TrustedRoot.Remove(old);
if (confirmRemoval)
{
WriteLine("Certificate removed.{0}", Environment.NewLine);
}
}
}
}
WriteLine("Import process completed.{0}", Environment.NewLine);
}
return(0);
}
static X509CertificateCollection LoadCertificates(string filename, string password, bool verbose)
{
X509Certificate x509 = null;
X509CertificateCollection coll = new X509CertificateCollection();
switch (Path.GetExtension(filename).ToUpper())
{
case ".P7B":
case ".SPC":
SoftwarePublisherCertificate spc = SoftwarePublisherCertificate.CreateFromFile(filename);
coll.AddRange(spc.Certificates);
spc = null;
break;
case ".CER":
case ".CRT":
using (FileStream fs = File.OpenRead(filename)) {
byte[] data = new byte [fs.Length];
fs.Read(data, 0, data.Length);
if (data [0] != 0x30)
{
// maybe it's ASCII PEM base64 encoded ?
data = PEM("CERTIFICATE", data);
}
if (data != null)
{
x509 = new X509Certificate(data);
}
}
if (x509 != null)
{
coll.Add(x509);
}
break;
case ".P12":
case ".PFX":
PKCS12 p12 = password == null?PKCS12.LoadFromFile(filename)
: PKCS12.LoadFromFile(filename, password);
X509CertificateCollection tmp = new X509CertificateCollection(p12.Certificates);
for (int i = 0; i != p12.Keys.Count; i++)
{
X509Certificate cert = p12.Certificates[i];
RSACryptoServiceProvider pk = p12.Keys[i] as RSACryptoServiceProvider;
if (pk == null || pk.PublicOnly)
{
continue;
}
if (verbose)
{
Console.WriteLine("Found key for certificate: {0}", cert.SubjectName);
}
tmp[0].RSA = pk;
}
coll.AddRange(tmp);
p12 = null;
break;
default:
Console.WriteLine("Unknown file extension: {0}",
Path.GetExtension(filename));
break;
}
return(coll);
}
static int Process()
{
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => {
if (sslPolicyErrors != System.Net.Security.SslPolicyErrors.None)
{
Console.WriteLine("WARNING: Downloading the trusted certificate list couldn't be done securely (error: {0}), continuing anyway. If you're using mozroots to bootstrap Mono's trust store on a clean system this might be OK, otherwise it could indicate a network intrusion. Please ensure you're using a trusted network or move to cert-sync.", sslPolicyErrors);
}
// this is very bad, but on a clean system without an existing trust store we don't really have a better option
return(true);
};
X509CertificateCollection roots = DecodeCollection();
if (roots == null)
{
return(1);
}
else if (roots.Count == 0)
{
WriteLine("No certificates were found.");
return(0);
}
if (pkcs7filename != null)
{
SoftwarePublisherCertificate pkcs7 = new SoftwarePublisherCertificate();
pkcs7.Certificates.AddRange(roots);
WriteLine("Saving root certificates into '{0}' file...", pkcs7filename);
using (FileStream fs = File.OpenWrite(pkcs7filename)) {
byte[] data = pkcs7.GetBytes();
fs.Write(data, 0, data.Length);
fs.Close();
}
}
if (import)
{
WriteLine("Importing certificates into {0} store...",
machine ? "machine" : "user");
X509Stores stores = (machine ? X509StoreManager.LocalMachine : X509StoreManager.CurrentUser);
X509CertificateCollection trusted = stores.TrustedRoot.Certificates;
int additions = 0;
foreach (X509Certificate root in roots)
{
if (!trusted.Contains(root))
{
if (!confirmAddition || AskConfirmation("add", root))
{
stores.TrustedRoot.Import(root);
if (confirmAddition)
{
WriteLine("Certificate added.{0}", Environment.NewLine);
}
additions++;
}
}
}
if (additions > 0)
{
WriteLine("{0} new root certificates were added to your trust store.", additions);
}
X509CertificateCollection removed = new X509CertificateCollection();
foreach (X509Certificate trust in trusted)
{
if (!roots.Contains(trust))
{
removed.Add(trust);
}
}
if (removed.Count > 0)
{
if (confirmRemoval)
{
WriteLine("{0} previously trusted certificates were not part of the update.", removed.Count);
}
else
{
WriteLine("{0} previously trusted certificates were removed.", removed.Count);
}
foreach (X509Certificate old in removed)
{
if (!confirmRemoval || AskConfirmation("remove", old))
{
stores.TrustedRoot.Remove(old);
if (confirmRemoval)
{
WriteLine("Certificate removed.{0}", Environment.NewLine);
}
}
}
}
WriteLine("Import process completed.{0}", Environment.NewLine);
}
return(0);
}
public void CreateFromFile_Null()
{
SoftwarePublisherCertificate spc = SoftwarePublisherCertificate.CreateFromFile(null);
}
public void Constructor_BadOid()
{
byte[] bad = (byte[])certonly.Clone();
bad [9] -= 1;
SoftwarePublisherCertificate spc = new SoftwarePublisherCertificate(bad);
}
public void Constructor_Null()
{
SoftwarePublisherCertificate spc = new SoftwarePublisherCertificate(null);
}
