public KeyStoreViewModel(SystemX509.StoreName storeName, SystemX509.StoreLocation storeLocation) { var storeBuilder = new Pkcs12StoreBuilder(); _store = storeBuilder.Build(); Name = String.Format("System KeyStore: [{0} : {1}]", storeLocation.ToString(), storeName.ToString()); Load(storeName, storeLocation); }
/// <summary> /// Loads the specified system keystore and puts /// the keys store in read-only mode /// </summary> /// <param name="storeName">one of the enum values </param> /// <param name="storelocation">one of the enum values</param> public void Load(SystemX509.StoreName storeName, SystemX509.StoreLocation storelocation) { ReadOnlyKeyStore = true; _listItems.Clear(); var store = new SystemX509.X509Store(storeName, storelocation); store.Open(SystemX509.OpenFlags.ReadOnly); foreach (SystemX509.X509Certificate2 cert in store.Certificates) { AddEntry(cert.FriendlyName, DotNetUtilities.FromX509Certificate(cert), null); } }
private void StoreCertificate(string name, byte[] raw, RSA key, MSX509.StoreName storeName, MSX509.StoreLocation location) { PKCS12 p12 = BuildPkcs12(raw, key); MSX509.X509Certificate2 certificate = new MSX509.X509Certificate2(p12.GetBytes(), "advtools", MSX509.X509KeyStorageFlags.PersistKeySet | MSX509.X509KeyStorageFlags.MachineKeySet | MSX509.X509KeyStorageFlags.Exportable); MSX509.X509Store store = new MSX509.X509Store(storeName, location); store.Open(MSX509.OpenFlags.ReadWrite); store.Add(certificate); store.Close(); certificates_[name] = certificate; }
/// <summary> /// Adds a certificate to the specified store /// </summary> /// <param name="cert"></param> /// <param name="st"></param> /// <param name="sl"></param> /// <returns></returns> public static bool AddCertToStore(X509Certificate2 cert, System.Security.Cryptography.X509Certificates.StoreName st, System.Security.Cryptography.X509Certificates.StoreLocation sl) { bool bRet = false; try { X509Store store = new X509Store(st, sl); store.Open(OpenFlags.ReadWrite); store.Add(cert); store.Close(); } catch { } return(bRet); }
public static X509Certificate2 GetCertificate(StoreLocation storeLocation, System.Security.Cryptography.X509Certificates.StoreName storeName, X509FindType x509FindType, object value) { X509Store store = new X509Store(storeName, storeLocation); store.Open(OpenFlags.ReadOnly); try { var certs = store.Certificates.Find(x509FindType, value, false); if (certs.Count == 0) { return(null); } return(certs[0]); } finally { store.Close(); } }
internal static void InstallCertificate(string certFile, System.Security.Cryptography.X509Certificates.StoreName store, string password) { Logger.EnteringMethod(store.ToString()); try { System.Security.Cryptography.X509Certificates.X509Certificate2 certificate; if (!string.IsNullOrEmpty(password)) { certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certFile, password); } else { certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certFile); } System.Security.Cryptography.X509Certificates.X509Store certStore = new System.Security.Cryptography.X509Certificates.X509Store(store, System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine); certStore.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite); certStore.Add(certificate); certStore.Close(); Logger.Write("Successfuly imported in " + store.ToString()); } catch (Exception ex) { Logger.Write("**** " + ex.Message); } }
private MSX509.X509Certificate2 LoadCertificate(X509Name name, MSX509.StoreName storeName, MSX509.StoreLocation location) { if (certificates_.ContainsKey(name)) { return(certificates_[name]); } string dn = name.ToString(); MSX509.X509Store store = new MSX509.X509Store(storeName, location); store.Open(MSX509.OpenFlags.ReadOnly); var certificates = store.Certificates.Find(MSX509.X509FindType.FindBySubjectDistinguishedName, dn, true); store.Close(); if (certificates.Count <= 0) { return(null); } MSX509.X509Certificate2 certificate = certificates[0]; certificates_[name] = certificate; return(certificate); }
/*private void WriteCertificate(string name, byte[] raw) * { * using(FileStream stream = new FileStream(GetCertificateFilePath(name), FileMode.Create, FileAccess.Write)) * stream.Write(raw, 0, raw.Length); * }*/ private MSX509.X509Certificate2 LoadCertificate(string name, MSX509.StoreName storeName, MSX509.StoreLocation location) { if (certificates_.ContainsKey(name)) { return(certificates_[name]); } MSX509.X509Store store = new MSX509.X509Store(storeName, location); store.Open(MSX509.OpenFlags.ReadOnly); var certificates = store.Certificates.Find(MSX509.X509FindType.FindBySubjectName, name, true); store.Close(); if (certificates.Count <= 0) { return(null); } state_.Logger.Information("X509v3 '{0}' loaded from store", name); MSX509.X509Certificate2 certificate = certificates[0]; certificates_[name] = certificate; return(certificate); }
internal static void InstallCertificate(string certFile, System.Security.Cryptography.X509Certificates.StoreName store) { Logger.EnteringMethod(); InstallCertificate(certFile, store, string.Empty); }
private void StoreCertificate(X509Name name, MSX509.X509Certificate2 certificate, MSX509.StoreName storeName) { MSX509.X509Store store = new MSX509.X509Store(storeName, store_); store.Open(MSX509.OpenFlags.ReadWrite); store.Add(certificate); store.Close(); certificates_[name] = certificate; }
//public static void SaveAsPVK(X509Certificate2 cert, string path) //{ // File.WriteAllBytes(path, cert.Export(X509ContentType.Pkcs12, (string)null)); //} //public static void SaveToPFX(X509Certificate newCert, // AsymmetricCipherKeyPair kp, // string FilePath, // string CertAlias, // string Password) //{ // //Org.BouncyCastle.X509.X509Certificate newCert, // var newStore = new Pkcs12Store(); // var certEntry = new X509CertificateEntry(newCert); // newStore.SetCertificateEntry( // CertAlias, // certEntry // ); // newStore.SetKeyEntry( // CertAlias, // new AsymmetricKeyEntry(kp.Private), // new[] { certEntry } // ); // using (var certFile = File.Create(FilePath)) // { // newStore.Save( // certFile, // Password.ToCharArray(), // new SecureRandom(new CryptoApiRandomGenerator()) // ); // } //} #endregion // public static void dfsdfoui9() // { // //X509Certificate2 cert; // //save to file // var cert = new X509Certificate2(bytes, password, X509KeyStorageFlags.UserKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); // var store = new X509Store(StoreName.My, StoreLocation.LocalMachine); //store.Open(OpenFlags.ReadWrite); //store.Add(cert); //store.Close(); // //key goes to C:\Users\Paul\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\62207B818FC553C92CC6D2C2F869603C190544FB // //var file = Path.Combine(Path.GetTempPath(), "Octo-" + Guid.NewGuid()); // try // { // File.WriteAllBytes(file, bytes); // return new X509Certificate2(file, /* ...options... */); // } // finally // { // File.Delete(file); // } // store.Remove(cert); // } ///// <summary> ///// ///// </summary> ///// <param name="subjectName">eg. "CN=127.0.01"</param> ///// <param name="durationInMins"></param> ///// <param name="issuerName">eg. "CN=MYTESTCA"</param> //public static X509Certificate2 GenerateAndRegisterSelfSignedCertificate(string subjectName, int durationInMins, string issuerName) //{ // try // { // AsymmetricKeyParameter myCAprivateKey = null; // //generate a root CA cert and obtain the privateKey // X509Certificate2 MyRootCAcert = GenerateCACertificate(issuerName, durationInMins, ref myCAprivateKey); // //add CA cert to store // AddCertToStore(MyRootCAcert, StoreName.Root, StoreLocation.LocalMachine); // //generate cert based on the CA cert privateKey // X509Certificate2 MyCert = GenerateSelfSignedCertificate(subjectName, durationInMins, issuerName, myCAprivateKey); // //add cert to store // AddCertToStore(MyCert, StoreName.My, StoreLocation.LocalMachine); // return MyCert; // } // catch // { // return null; // } //} //public static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, int durationInMins, string issuerName, AsymmetricKeyParameter issuerPrivKey) //{ // const int keyStrength = 2048; // // Generating Random Numbers // CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator(); // SecureRandom random = new SecureRandom(randomGenerator); // // The Certificate Generator // X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); // // Serial Number // BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); // certificateGenerator.SetSerialNumber(serialNumber); // // Signature Algorithm // const string signatureAlgorithm = "SHA256WithRSA"; // certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); // // Issuer and Subject Name // X509Name subjectDN = new X509Name(subjectName); // X509Name issuerDN = new X509Name(issuerName); // certificateGenerator.SetIssuerDN(issuerDN); // certificateGenerator.SetSubjectDN(subjectDN); // // Valid For // DateTime notBefore = DateTime.UtcNow.Date; // DateTime notAfter = notBefore.AddMinutes(durationInMins); // certificateGenerator.SetNotBefore(notBefore); // certificateGenerator.SetNotAfter(notAfter); // // Subject Public Key // AsymmetricCipherKeyPair subjectKeyPair; // var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); // var keyPairGenerator = new RsaKeyPairGenerator(); // keyPairGenerator.Init(keyGenerationParameters); // subjectKeyPair = keyPairGenerator.GenerateKeyPair(); // certificateGenerator.SetPublicKey(subjectKeyPair.Public); // // Generating the Certificate // AsymmetricCipherKeyPair issuerKeyPair = subjectKeyPair; // // selfsign certificate // Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(issuerPrivKey, random); // // correcponding private key // PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); // // merge into X509Certificate2 // X509Certificate2 x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); // Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded()); // if (seq.Count != 9) // { // //throw new PemException("malformed sequence in RSA private key"); // } // RsaPrivateKeyStructure rsa = new RsaPrivateKeyStructure(seq); // RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters( // rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); // x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams); // return x509; //} // /// <summary> // /// builds the boss cert // /// </summary> // /// <param name="subjectName"></param> // /// <param name="CaPrivateKey"></param> // /// <returns></returns> // public static X509Certificate2 GenerateCACertificate(string subjectName, int durationInMins, out AsymmetricCipherKeyPair kp) // { // const int keyStrength = 2048; // // Generating Random Numbers // CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator(); // SecureRandom random = new SecureRandom(randomGenerator); // // The Certificate Generator // X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); // var certName = new X509Name("CN=" + subjectName); // BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); // certificateGenerator.SetSerialNumber(serialNumber); // certificateGenerator.SetSubjectDN(certName); // certificateGenerator.SetIssuerDN(certName); // certificateGenerator.SetNotBefore(DateTime.Now); // certificateGenerator.SetNotAfter(DateTime.Now.AddMinutes(durationInMins)); // certificateGenerator.SetSignatureAlgorithm("SHA256WithRSA"); // var kpgen = new RsaKeyPairGenerator(); // // certificate strength 1024 bits // kpgen.Init(new KeyGenerationParameters(random, keyStrength)); // kp = kpgen.GenerateKeyPair(); // certificateGenerator.SetPublicKey(kp.Public); // certificateGenerator.AddExtension( //X509Extensions.AuthorityKeyIdentifier.Id, //false, //new AuthorityKeyIdentifier( // SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public), // new GeneralNames(new GeneralName(certName)), // serialNumber)); // /* // 1.3.6.1.5.5.7.3.1 - id_kp_serverAuth // 1.3.6.1.5.5.7.3.2 - id_kp_clientAuth // 1.3.6.1.5.5.7.3.3 - id_kp_codeSigning // 1.3.6.1.5.5.7.3.4 - id_kp_emailProtection // 1.3.6.1.5.5.7.3.5 - id-kp-ipsecEndSystem // 1.3.6.1.5.5.7.3.6 - id-kp-ipsecTunnel // 1.3.6.1.5.5.7.3.7 - id-kp-ipsecUser // 1.3.6.1.5.5.7.3.8 - id_kp_timeStamping // 1.3.6.1.5.5.7.3.9 - OCSPSigning // */ // certificateGenerator.AddExtension( // X509Extensions.ExtendedKeyUsage.Id, // false, // new ExtendedKeyUsage(new[] { KeyPurposeID.IdKPServerAuth })); // var newCert = certificateGenerator.Generate(kp.Private); // return newCert; // //// Generating the Certificate // //AsymmetricCipherKeyPair issuerKeyPair = subjectKeyPair; // //// selfsign certificate // //Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(issuerKeyPair.Private, random); // //X509Certificate2 x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); // //CaPrivateKey = issuerKeyPair.Private; // //return x509; // //return issuerKeyPair.Private; // } public static System.Security.Cryptography.X509Certificates.X509Certificate2 GetCert(string certName, System.Security.Cryptography.X509Certificates.StoreName st, System.Security.Cryptography.X509Certificates.StoreLocation sl) { System.Security.Cryptography.X509Certificates.X509Certificate2 cert = null; try { X509Store store = new X509Store(st, sl); store.Open(OpenFlags.ReadOnly); X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectName, certName, true); if (certs.Count > 0) { cert = certs[0]; } store.Close(); } catch { } return(cert); }
private MSX509.X509Certificate2 GetCertificate(X509Name name, Usage usage, int validity, MSX509.StoreName storeName, MSX509.X509Certificate2 issuer) { // Try to load the certificate from the machine store MSX509.X509Certificate2 certificate = LoadCertificate(name, storeName, MSX509.StoreLocation.LocalMachine); if (certificate != null) { return(certificate); } // Try to load the certificate from the user store certificate = LoadCertificate(name, storeName, MSX509.StoreLocation.CurrentUser); if (certificate != null) { return(certificate); } return(InternalGenerateCertificate(name, usage, validity, storeName, issuer)); }
public MSX509.X509Certificate2 SignRequest(string csrFile, Usage usage, int validity, MSX509.StoreName storeName) { Pkcs10CertificationRequest request = ReadPkcs10(csrFile); var info = request.GetCertificationRequestInfo(); SubjectPublicKeyInfo publicKeyInfo = info.SubjectPublicKeyInfo; RsaPublicKeyStructure publicKeyStructure = RsaPublicKeyStructure.GetInstance(publicKeyInfo.GetPublicKey()); RsaKeyParameters publicKey = new RsaKeyParameters(false, publicKeyStructure.Modulus, publicKeyStructure.PublicExponent); if (!request.Verify(publicKey)) { throw new ApplicationException("The CSR is not valid: verification failed"); } MSX509.X509Certificate2 root = GetRootCertificate(); if (root == null) { throw new ApplicationException("Root certificate not found"); } return(InternalGenerateCertificate(info.Subject, usage, validity, storeName, publicKey, null, DotNetUtilities.GetKeyPair(root.PrivateKey).Private)); }
internal static bool addCertToStore(System.Security.Cryptography.X509Certificates.X509Certificate2 cert, System.Security.Cryptography.X509Certificates.StoreName st, System.Security.Cryptography.X509Certificates.StoreLocation sl) { bool bRet = false; try { X509Store store = new X509Store(st, sl); store.Open(OpenFlags.ReadWrite); var certs = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, cert.SubjectName.Name, false); //Remove existing Certificates foreach (X509Certificate2 cer in certs) { store.Remove(cer); } store.Add(cert); store.Close(); } catch { } return(bRet); }
private MSX509.X509Certificate2 InternalGenerateCertificate(X509Name name, Usage usage, int validity, MSX509.StoreName storeName, MSX509.X509Certificate2 issuer) { // Create a pair of keys RsaKeyPairGenerator keyGenerator = new RsaKeyPairGenerator(); keyGenerator.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024)); var keys = keyGenerator.GenerateKeyPair(); // Get the signator (issuer or itself in the case of a root certificate which is self-signed) AsymmetricKeyParameter signator = issuer == null ? keys.Private : DotNetUtilities.GetKeyPair(issuer.PrivateKey).Private; return(InternalGenerateCertificate(name, usage, validity, storeName, keys.Public, keys.Private, signator)); }
private MSX509.X509Certificate2 CreateCertificate(string name, List <X509Extension> extensions, MSX509.X509Certificate2 issuerCertificate, string issuer, MSX509.StoreName storeName, int validity) { MSX509.X509Certificate2 certificate = LoadCertificate(name, storeName, location_); if (certificate != null) { return(certificate); } state_.Logger.Information("Create X509.v3 certificate for '{0}'", name); PrivateKey key = new PrivateKey(); key.RSA = RSA.Create(); X509CertificateBuilder builder = new X509CertificateBuilder(3); builder.SerialNumber = GenerateSerial(); builder.IssuerName = "CN=" + issuer; builder.SubjectName = "CN=" + name; builder.SubjectPublicKey = key.RSA; builder.NotBefore = DateTime.Now; builder.NotAfter = builder.NotBefore.AddDays(validity); builder.Hash = "SHA1"; foreach (X509Extension extension in extensions) { builder.Extensions.Add(extension); } var signator = issuerCertificate == null ? key.RSA : issuerCertificate.PrivateKey; byte[] raw = builder.Sign(signator); StoreCertificate(name, raw, key.RSA, storeName, location_); certificate = new MSX509.X509Certificate2(raw); certificate.PrivateKey = key.RSA; return(certificate); }
private MSX509.X509Certificate2 InternalGenerateCertificate(X509Name name, Usage usage, int validity, MSX509.StoreName storeName, AsymmetricKeyParameter publicKey, AsymmetricKeyParameter privateKey, AsymmetricKeyParameter signator) { DateTime notBefore = DateTime.Now.AddDays(-1); // Build a X509v3 certificate X509V3CertificateGenerator builder = new X509V3CertificateGenerator(); builder.SetSerialNumber(new BigInteger(GenerateSerial())); builder.SetIssuerDN(authorityName_ ?? name); builder.SetSubjectDN(name); builder.SetPublicKey(publicKey); builder.SetNotBefore(notBefore); builder.SetNotAfter(notBefore.AddDays(validity == 0 ? defaultCertificatesValidity_ : validity)); builder.SetSignatureAlgorithm("SHA1WithRSA"); // Add the extensions AddExtensions(builder, usage); // Sign the certificate X509Certificate newCertificate = builder.Generate(signator); // Create a .NET X509Certificate2 from the BouncyCastle one and put the private key into it MSX509.X509Certificate2 certificate = CreateCertificate(name, newCertificate, privateKey); // Store the certificate StoreCertificate(name, certificate, storeName); return(certificate); }
public static bool addCertToStore(System.Security.Cryptography.X509Certificates.X509Certificate2 cert, System.Security.Cryptography.X509Certificates.StoreName st, System.Security.Cryptography.X509Certificates.StoreLocation sl) { bool bRet = false; try { X509Store store = new X509Store(st, sl); store.Open(OpenFlags.ReadWrite); store.Add(cert); store.Close(); } catch (Exception ex) { Console.WriteLine(ex.Message); } return(bRet); }
public bool addCertToStore(System.Security.Cryptography.X509Certificates.X509Certificate2 cert, System.Security.Cryptography.X509Certificates.StoreName st, System.Security.Cryptography.X509Certificates.StoreLocation sl) { X509Store x509store; try { x509store = new X509Store(st, sl); x509store.Open(OpenFlags.ReadWrite); x509store.Add(cert); x509store.Close(); } catch { return(false); } return(true); }