Esempio n. 1
0
            /// <summary>
            /// Load the response from the CA -- just the signed certificate, not the signers.
            /// </summary>
            /// <param name="pem_response">Signed certificate</param>
            /// <returns>The full certificate</returns>
            public static X509Certificate2 LoadResponse(string pem_response, StoreLocation loc)
            {
                X509Certificate2 cert;

                CX509Enrollment objEnroll = new CX509Enrollment();

                if (loc == StoreLocation.LocalMachine)
                {
                    objEnroll.Initialize(X509CertificateEnrollmentContext.ContextMachine);
                }
                else
                {
                    objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser);
                }

                objEnroll.InstallResponse(
                    InstallResponseRestrictionFlags.AllowUntrustedRoot,
                    pem_response,
                    EncodingType.XCN_CRYPT_STRING_BASE64HEADER,
                    null
                    );

                string pfx_string = objEnroll.CreatePFX("dummypw", PFXExportOptions.PFXExportEEOnly, EncodingType.XCN_CRYPT_STRING_BASE64);

                byte[] pfx_binary_data = System.Convert.FromBase64String(pfx_string);
                cert = new X509Certificate2(pfx_binary_data, "dummypw", X509KeyStorageFlags.Exportable);

                //CreatedCert = cert;
                return(cert);
            }
        public void InstallResponse(string strCert, string strRequest)
        {
            // Create Objects
            var objEnroll = new CX509Enrollment();

            // Install the cert
            objEnroll.Initialize(X509CertificateEnrollmentContext.ContextMachine);
            objEnroll.InstallResponse(InstallResponseRestrictionFlags.AllowNone,
                                      strCert, EncodingType.XCN_CRYPT_STRING_BASE64, null);
        }
Esempio n. 3
0
        protected static void ExportCertificate(byte[] certificateData, string outputPath, string password)
        {
            var certificateEnrollmentContext = X509CertificateEnrollmentContext.ContextUser;

            CX509Enrollment cx509Enrollment = new CX509Enrollment();

            cx509Enrollment.Initialize(certificateEnrollmentContext);
            cx509Enrollment.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedCertificate, Convert.ToBase64String(certificateData), EncodingType.XCN_CRYPT_STRING_BASE64, null);
            var pfx = cx509Enrollment.CreatePFX(password, PFXExportOptions.PFXExportChainNoRoot, EncodingType.XCN_CRYPT_STRING_BASE64);

            using (var fs = File.OpenWrite(outputPath))
            {
                var decoded = Convert.FromBase64String(pfx);
                fs.Write(decoded, 0, decoded.Length);
            }
        }
Esempio n. 4
0
        /*Install Certificate On the Machine For future Renew Expired Certificate */
        public int InstallCert(string Cert)
        {
            //  Create all the objects that will be required
            CX509Enrollment objEnroll = new CX509Enrollment();

            try
            {
                // Install the certificate
                objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser);
                objEnroll.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedRoot, Cert, EncodingType.XCN_CRYPT_STRING_BASE64HEADER, null);
                return(0);
            }

            catch (Exception ex)
            {
                Database db = new Database();
                db.InsertToErrorMessageTable("", 0, ex.Message, "InstallCert");//insert Error Message into The Error Table Log In The DataBase
                return(1);
            }
        }
Esempio n. 5
0
        public void InstallAndDownload(string certText, string password, string friendlyName)
        {
            var enroll = new CX509Enrollment();

            enroll.Initialize(X509CertificateEnrollmentContext.ContextUser);
            enroll.CertificateFriendlyName = friendlyName;
            enroll.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedRoot,
                                   certText,
                                   EncodingType.XCN_CRYPT_STRING_BASE64REQUESTHEADER,
                                   password
                                   );
            var dir = Directory.GetParent(Assembly.GetExecutingAssembly().Location).ToString();
            var pfx = enroll.CreatePFX(password, PFXExportOptions.PFXExportChainWithRoot);

            var fileName = "cert.pfx";
            var filePath = $@"{dir}\{fileName}";

            Download(filePath, pfx);
            Install(filePath, password);
        }
        /*Install Certificate On the Machine For future Renew Expired Certificate */
        public int InstallCert(string Cert)
        {
            //  Create all the objects that will be required
            CX509Enrollment objEnroll = new CX509Enrollment();

            try
            {
                // Install the certificate
                objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser);
                objEnroll.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedRoot, Cert, EncodingType.XCN_CRYPT_STRING_BASE64HEADER, null);
                return(0);
            }

            catch (Exception ex)

            {
                Console.Write(ex.Message);
                return(1);
            }
        }
Esempio n. 7
0
        public static Certificate InstallResponse(string response)
        {
            Trace.TraceInformation(Resources.CertificateInstallResponce);

            if (String.IsNullOrWhiteSpace(response))
            {
                Trace.TraceError(Resources.CertificateResponseNull);

                throw new ArgumentNullException(Resources.CertificateResponseNull);
            }

            var enrollment =
                new CX509Enrollment();

            enrollment.Initialize(X509CertificateEnrollmentContext.ContextMachine);

            enrollment.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedCertificate, response, EncodingType.XCN_CRYPT_STRING_BASE64_ANY, null);

            var cerificateData =
                Convert.FromBase64String(enrollment.Certificate);

            return(new Certificate(cerificateData));
        }
Esempio n. 8
0
        public SSLCertificate InstallCertificate(SSLCertificate cert, WebSite website)
        {
            CX509Enrollment response = Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509Enrollment", true)) as CX509Enrollment;

            try
            {
                response.Initialize(X509CertificateEnrollmentContext.ContextMachine);
                response.InstallResponse(
                    InstallResponseRestrictionFlags.AllowUntrustedRoot,
                    cert.Certificate, EncodingType.XCN_CRYPT_STRING_BASE64HEADER,
                    null
                    );

                SSLCertificate servercert = (from c in GetServerCertificates()
                                             where c.FriendlyName == cert.FriendlyName
                                             select c).Single();

                cert.SerialNumber      = servercert.SerialNumber;
                cert.ValidFrom         = servercert.ValidFrom;
                cert.ExpiryDate        = servercert.ExpiryDate;
                cert.Hash              = servercert.Hash;
                cert.DistinguishedName = servercert.DistinguishedName;

                if (cert.IsRenewal && CheckCertificate(website))
                {
                    DeleteCertificate(GetCurrentSiteCertificate(website), website);
                }

                AddBinding(cert, website);
            }
            catch (Exception ex)
            {
                Log.WriteError("Error adding SSL certificate", ex);
                cert.Success = false;
            }
            return(cert);
        }
        static void Main(string[] args)
        {
            string requesterName = @"DOMAIN\otherUser";
            string caName        = @"CA1.DOMAIN.LOCAL\DOMAIN-CA1-CA";
            string template      = "User";
            // signerCertificate's private key must be accessible to this process
            var signerCertificate = FindCertificateByThumbprint("3f817d138f32a9a8df2aa6e43b8aed76eb93a932");

            // create a new private key for the certificate
            CX509PrivateKey privateKey = new CX509PrivateKey();

            // http://blogs.technet.com/b/pki/archive/2009/08/05/how-to-create-a-web-server-ssl-certificate-manually.aspx
            privateKey.ProviderName   = "Microsoft Enhanced Cryptographic Provider v1.0";
            privateKey.MachineContext = false;
            privateKey.Length         = 2048;
            privateKey.KeySpec        = X509KeySpec.XCN_AT_KEYEXCHANGE;
            privateKey.ExportPolicy   = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_NONE;
            privateKey.Create();

            // PKCS 10 Request
            // we use v1 to avoid compat issues on w2k8
            IX509CertificateRequestPkcs10 req = (IX509CertificateRequestPkcs10) new CX509CertificateRequestPkcs10();

            req.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextUser, privateKey, template);

            // PKCS 7 Wrapper
            var signer = new CSignerCertificate();

            signer.Initialize(false, X509PrivateKeyVerify.VerifyAllowUI, EncodingType.XCN_CRYPT_STRING_BASE64_ANY,
                              Convert.ToBase64String(signerCertificate.GetRawCertData()));

            var wrapper = new CX509CertificateRequestPkcs7();

            wrapper.InitializeFromInnerRequest(req);
            wrapper.RequesterName     = requesterName;
            wrapper.SignerCertificate = signer;

            // get CSR
            var enroll = new CX509Enrollment();

            enroll.InitializeFromRequest(wrapper);
            var csr = enroll.CreateRequest();
            //File.WriteAllText("csr.p7b", csr);

            // submit
            const int     CR_IN_BASE64 = 1, CR_OUT_BASE64 = 1;
            const int     CR_IN_PKCS7 = 0x300;
            ICertRequest2 liveCsr     = new CCertRequest();
            var           disposition = (RequestDisposition)liveCsr.Submit(CR_IN_BASE64 | CR_IN_PKCS7, csr, null, caName);

            if (disposition == RequestDisposition.CR_DISP_ISSUED)
            {
                string resp = liveCsr.GetCertificate(CR_OUT_BASE64);
                //File.WriteAllText("resp.cer", resp);

                // install the response
                var install = new CX509Enrollment();
                install.Initialize(X509CertificateEnrollmentContext.ContextUser);

                install.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedRoot,
                                        resp, EncodingType.XCN_CRYPT_STRING_BASE64_ANY, null);
            }
            else
            {
                Console.WriteLine("disp: " + disposition.ToString());
            }
            Console.WriteLine("done");
            Console.ReadLine();
        }
Esempio n. 10
0
		public SSLCertificate InstallCertificate(SSLCertificate cert, WebSite website)
		{
			CX509Enrollment response = new CX509Enrollment();
			try
			{

				response.Initialize(X509CertificateEnrollmentContext.ContextMachine);
				response.InstallResponse(
					InstallResponseRestrictionFlags.AllowUntrustedRoot,
					cert.Certificate, EncodingType.XCN_CRYPT_STRING_BASE64HEADER,
					null
				);

				SSLCertificate servercert = (from c in GetServerCertificates()
											 where c.FriendlyName == cert.FriendlyName
											 select c).Single();

				cert.SerialNumber = servercert.SerialNumber;
				cert.ValidFrom = servercert.ValidFrom;
				cert.ExpiryDate = servercert.ExpiryDate;
				cert.Hash = servercert.Hash;
				cert.DistinguishedName = servercert.DistinguishedName;

				if (cert.IsRenewal && CheckCertificate(website))
				{
					DeleteCertificate(GetCurrentSiteCertificate(website), website);
				}

				AddBinding(cert, website);

			}
			catch (Exception ex)
			{


				Log.WriteError("Error adding SSL certificate", ex);
				cert.Success = false;
			}
			return cert;
		}