/// <summary>
/// Import an existing pfx certificate
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private async void ImportPfx_Click(object sender, RoutedEventArgs e)
{
TextBlock outputTextBlock = rootPage.FindName("OutputTextBlock") as TextBlock;
try
{
outputTextBlock.Text = "Importing PFX certificate ...";
// Load the pfx certificate from resource string.
ResourceLoader rl = new ResourceLoader();
string pfxCertificate = rl.GetString("Certificate");
string password = "******"; //password to access the certificate in PFX format
string friendlyName = "test pfx certificate";
//call Certificate Enrollment funciton importPFXData to install the certificate
await CertificateEnrollmentManager.ImportPfxDataAsync(pfxCertificate,
password,
ExportOption.NotExportable,
KeyProtectionLevel.NoConsent,
InstallOptions.None,
friendlyName);
outputTextBlock.Text += "\nCertificate installation succeeded. The certificate is in the appcontainer Personal certificate store";
}
catch (Exception ex)
{
outputTextBlock.Text += "\nCertificate installation failed with error: " + ex.ToString();
}
}
/*
* Private Helper method
* will import certificate into App's key store
*/
private async Task <Certificate> ImportCertificateHelperAsync(string certFolder, string certFileName)
{
StorageFolder packageLocation = Windows.ApplicationModel.Package.Current.InstalledLocation;
StorageFolder certificateFolder = await packageLocation.GetFolderAsync(certFolder);
StorageFile certificate = await certificateFolder.GetFileAsync(certFileName);
IBuffer buffer = await Windows.Storage.FileIO.ReadBufferAsync(certificate);
string encodedString = Windows.Security.Cryptography.CryptographicBuffer.EncodeToBase64String(buffer);
System.Diagnostics.Debug.WriteLine("Encoded Certificate: " + encodedString);
await CertificateEnrollmentManager.ImportPfxDataAsync(
encodedString,
certificatePassword,
ExportOption.NotExportable,
KeyProtectionLevel.NoConsent,
InstallOptions.DeleteExpired,
"userCert");
IReadOnlyList <Windows.Security.Cryptography.Certificates.Certificate> certs = await Windows.Security.Cryptography.Certificates.CertificateStores.FindAllAsync(new Windows.Security.Cryptography.Certificates.CertificateQuery()
{
FriendlyName = "userCert"
});
this.certificate = certs.FirstOrDefault();
System.Diagnostics.Debug.WriteLine("Certificate ready for user (CN): " + this.certificate.Subject);
return(certs.FirstOrDefault());
}
private async Task AddToWinCertStore()
{
Pkcs12Store store = new Pkcs12Store();
string friendlyName = "Limelight-Client";
var certEntry = new X509CertificateEntry(cert);
store.SetCertificateEntry(friendlyName, certEntry);
var keyEntry = new AsymmetricKeyEntry(keyPair.Private);
store.SetKeyEntry(friendlyName, keyEntry, new[] { certEntry });
// Copy the Pkcs12Store to a stream using an arbitrary password
const string password = "******";
var stream = new MemoryStream();
store.Save(stream, password.ToCharArray(), new SecureRandom());
// Write to .PFX string
byte[] arr = stream.ToArray();
IBuffer buf = arr.AsBuffer();
string pfx = CryptographicBuffer.EncodeToBase64String(buf);
await CertificateEnrollmentManager.ImportPfxDataAsync(pfx, password, ExportOption.NotExportable, KeyProtectionLevel.NoConsent, InstallOptions.None, friendlyName);
}
private async Task <Certificate> InstallClientCertificateAsync()
{
// Load the certificate from the clientCert.pfx file packaged with this sample.
// This certificate has been signed with a trusted root certificate installed on the server.
// The installation is done by running the setupServer.ps1 file, which should have been done
// before running the app.
// WARNING: Including a pfx file in the app package violates the Windows Store
// certification requirements. We are shipping the pfx file with the package for demonstrating
// the usage of client certificates. Apps that will be published through Windows Store
// need to use other approaches to obtain a client certificate.
StorageFile clientCertFile = await StorageFile.GetFileFromApplicationUriAsync(new Uri(ClientCertUriPath));
IBuffer buffer = await FileIO.ReadBufferAsync(clientCertFile);
AppendOutputLine("Reading certificate succeeded.");
string clientCertData = Windows.Security.Cryptography.CryptographicBuffer.EncodeToBase64String(buffer);
try
{
// Install the certificate to the app's certificate store.
// The app certificate store is removed when the app is uninstalled.
//To install a certificate to the CurrentUser\MY store, which is not app specific,
// you need to use CertificateEnrollmentManager.UserCertificateEnrollmentManager.ImportPfxDataAsync().
// In order to call that method, an app must have the "sharedUserCertificates" capability.
// There are two ways to add this capability:
//
// 1. You can double click on the Package.appxmanifest file from the
// solution explorer, select the "Capabilities" tab in the opened page, and then check the
// "Shared User Certificates" box from the capabilities list.
// 2. You can right click on the Package.appxmanifest file from the
// solution explorer, select "View Code", and add "sharedUserCertificates" under the <Capabilities>
// element directly.
// Package.appxmanifest in this sample shows this capability commented out.
//
// The certificate will remain even when the app is uninstalled.
await CertificateEnrollmentManager.ImportPfxDataAsync(
clientCertData,
ClientCertPassword,
ExportOption.Exportable,
KeyProtectionLevel.NoConsent,
InstallOptions.DeleteExpired,
ClientCertFriendlyName);
AppendOutputLine("Installing certificate succeeded.");
// Return the certificate we just instaled.
return(await FindCertificateFromStoreAsync());
}
catch (Exception ex)
{
// This can happen if the certificate has already expired.
AppendOutputLine("Installing certificate failed with" + ex.Message);
return(null);
}
}
/// <summary>
/// Import an existing pfx certificate
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private async void RunSample_Click(object sender, RoutedEventArgs e)
{
CheckBox storeSelectionCheckbox = rootPage.FindName("UserStoreCheckBox") as CheckBox;
TextBlock outputTextBlock = rootPage.FindName("OutputTextBlock") as TextBlock;
PasswordBox pfxPasswordBox = rootPage.FindName("PfxPasswordBox") as PasswordBox;
if (String.IsNullOrEmpty(pfxCertificate))
{
outputTextBlock.Text = "Please select a valid PFX file\n";
return;
}
try
{
// Import PFX
outputTextBlock.Text = "Importing PFX certificate ...";
string friendlyName = "test pfx certificate";
pfxPassword = pfxPasswordBox.Password;
if (true == storeSelectionCheckbox.IsChecked)
{
// target store is User's Certificate Store
// call User Certificate Enrollment function importPfxData to install the certificate
await CertificateEnrollmentManager.UserCertificateEnrollmentManager.ImportPfxDataAsync(
pfxCertificate,
pfxPassword,
ExportOption.NotExportable,
KeyProtectionLevel.NoConsent,
InstallOptions.None,
friendlyName);
outputTextBlock.Text += "\nCertificate installation succeeded. The certificate is in the User's certificate store";
}
else
{
// target store is App's certificate store
// call Certificate Enrollment function importPFXData to install the certificate
await CertificateEnrollmentManager.ImportPfxDataAsync(
pfxCertificate,
pfxPassword,
ExportOption.NotExportable,
KeyProtectionLevel.NoConsent,
InstallOptions.None,
friendlyName);
outputTextBlock.Text += "\nCertificate installation succeeded. The certificate is in the App's certificate store";
}
}
catch (Exception ex)
{
outputTextBlock.Text += "\nCertificate installation failed with error: " + ex.ToString();
}
}
private async Task <string> CreteRequest()
{
CertificateRequestProperties certRequestProperties = new CertificateRequestProperties();
certRequestProperties.Exportable = ExportOption.NotExportable;
certRequestProperties.FriendlyName = "Bigsby Client";
certRequestProperties.KeyProtectionLevel = KeyProtectionLevel.NoConsent;
certRequestProperties.KeyUsages = EnrollKeyUsages.Signing;
certRequestProperties.Subject = "BigsbyClient";
return(await CertificateEnrollmentManager.CreateRequestAsync(certRequestProperties));
}
private async void SetClientCertificate(ClientCertificate certificate)
{
if (certificate == null)
{
return;
}
this.ClientCertificateOptions = ClientCertificateOption.Automatic;
await CertificateEnrollmentManager.ImportPfxDataAsync(certificate.RawData,
certificate.Passphrase, // the password is blank, but you can specify one here
ExportOption.NotExportable, // there is no reason to keep the certificate Exportable
KeyProtectionLevel.NoConsent, // whether any consent is required
InstallOptions.DeleteExpired, // no installation options
Package.Current.DisplayName);
}
public async Task InstallAsync(string certResponse)
{
#region Bouncy castle PKCS #12 cert file generation
var data = Convert.FromBase64String(certResponse);
var parser = new X509CertificateParser();
var cert = parser.ReadCertificate(data);
Pkcs12Store store = new Pkcs12StoreBuilder().Build();
X509CertificateEntry certEntry = new X509CertificateEntry(cert);
store.SetCertificateEntry(cert.SubjectDN.ToString(), certEntry); // use DN as the Alias.
AsymmetricKeyEntry keyEntry = new AsymmetricKeyEntry(_privateKey);
store.SetKeyEntry(cert.SubjectDN.ToString() + "_key", keyEntry, new X509CertificateEntry[] { certEntry }); //
string pfx = string.Empty;
string password = "";
using (MemoryStream ms = new MemoryStream())
{
store.Save(ms, password.ToCharArray(), _random);
ms.Position = 0;
await _storage.SetAsync("accessCert", ms.GetWindowsRuntimeBuffer());
StreamReader streamReader = new StreamReader(ms);
// Write to .PFX string
byte[] arr = ms.ToArray();
pfx = CryptographicBuffer.EncodeToBase64String(arr.AsBuffer());
}
#endregion
await _storage.SetAsync(StorageKeyNames.PrivateKey, pfx);
await CertificateEnrollmentManager.ImportPfxDataAsync(pfx, password, ExportOption.NotExportable, KeyProtectionLevel.NoConsent, InstallOptions.None, "MAG_CERT");
// Store the registered cert subject
if (cert.SubjectDN != null)
{
var valueList = cert.SubjectDN.GetValueList(X509Name.CN);
if (valueList.Count > 0)
{
await _storage.SetAsync(StorageKeyNames.RegisteredCertSubject, (string)valueList[0]);
}
}
}
private static async Task InstallCertificate(string filePath, string friendlyName)
{
//string certPath = @"Assets\BigsbyClientCert.pfx";
StorageFile file = await Windows.ApplicationModel.Package.Current.InstalledLocation.GetFileAsync(filePath);
IBuffer buffer = await FileIO.ReadBufferAsync(file);
string certData = CryptographicBuffer.EncodeToBase64String(buffer);
// Will ask the user if they want this app to install the certificate if its not already installed.
await CertificateEnrollmentManager.ImportPfxDataAsync(
certData,
"",
ExportOption.NotExportable,
KeyProtectionLevel.NoConsent,
InstallOptions.None,
friendlyName);
}
public async Task <Certificate> GetIfExistsAsync()
{
var Certificate = await GetAsync();
try
{
if (Certificate == null)
{
string pfx = await _storage.GetTextAsync(StorageKeyNames.PrivateKey);
if (pfx != null)
{
await CertificateEnrollmentManager.ImportPfxDataAsync(pfx, string.Empty, ExportOption.NotExportable, KeyProtectionLevel.NoConsent, InstallOptions.None, "MAG_CERT");
}
Certificate = await GetAsync();
}
}
catch (Exception)
{
}
return(Certificate);
}
/// <summary>
/// Create a certificate request
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private async void CreateRequest_Click(object sender, RoutedEventArgs e)
{
TextBlock outputTextBlock = rootPage.FindName("OutputTextBlock") as TextBlock;
outputTextBlock.Text = "Creating certificate request...";
try
{
//call the default constructor of CertificateRequestProperties
CertificateRequestProperties reqProp = new CertificateRequestProperties();
reqProp.Subject = "Toby";
reqProp.FriendlyName = "Toby's Cert";
//call Certificate Enrollment function createRequest to create a certificate request
certificateRequest = await CertificateEnrollmentManager.CreateRequestAsync(reqProp);
outputTextBlock.Text += "\nRequest created, content:\n" + certificateRequest;
}
catch (Exception ex)
{
outputTextBlock.Text += "\n\nCertificate request creation failed with error: " + ex.Message;
}
}
/// <summary>
/// Basic settings are configured on the view that is attached to this VM.
/// </summary>
/// <param name="screen"></param>
public BasicSettingsViewModel(IScreen screen)
{
HostScreen = screen;
// Look for a currently loaded cert and update the status...
// We can't start this b.c. the ToProperty is lazy - and it won't
// fire until Status is data-bound!
LookupCertStatus = ReactiveCommand.CreateAsyncTask(a => SecurityUtils.FindCert(SecurityUtils.CERNCertName));
LookupCertStatus
.Select(c => c == null ? "No Cert Loaded" : string.Format("Loaded (expires {0})", c.ValidTo.ToLocalTime().ToString("yyyy-MM-dd HH:mm")))
.ToProperty(this, x => x.Status, out _status, "", RxApp.MainThreadScheduler);
LookupCertStatus
.ExecuteAsync()
.Subscribe();
// Error and status messages...
var errors = new Subject <string>();
errors
.ToProperty(this, x => x.Error, out _error, "", RxApp.MainThreadScheduler);
// Given a file and a password, see if we can install it as a cert
// in our internal repository.
LoadFiles = ReactiveCommand.Create();
LoadFiles
.Subscribe(x => errors.OnNext(""));
var files = LoadFiles
.Cast <Tuple <IReadOnlyList <StorageFile>, string> >();
files
.Where(finfo => finfo.Item1 == null || finfo.Item1.Count != 1)
.Select(f => "Invalid certificate file")
.Subscribe(errors);
files
.Where(finfo => finfo.Item1 != null && finfo.Item1.Count == 1)
.ObserveOn(RxApp.MainThreadScheduler)
.Select(mf =>
{
// We use this double subscribe because the readBufferAsync and ImportPfxDataAsync often return exceptions.
// If we let the exception bubble all the way up, it terminates the sequence. Which means if the user entered
// the wrong password they wouldn't get a chance to try again!
return(Observable.Return(mf)
.SelectMany(async f =>
{
// Work around for the TplEventListener not working correctly.
// https://social.msdn.microsoft.com/Forums/windowsapps/en-US/3e505e04-7f30-4313-aa47-275eaef333dd/systemargumentexception-use-of-undefined-keyword-value-1-for-event-taskscheduled-in-async?forum=wpdevelop
await Task.Delay(1);
var fs = f.Item1[0] as StorageFile;
var buffer = await FileIO.ReadBufferAsync(fs);
var cert = CryptographicBuffer.EncodeToBase64String(buffer);
await CertificateEnrollmentManager.ImportPfxDataAsync(cert, f.Item2, ExportOption.NotExportable, KeyProtectionLevel.NoConsent, InstallOptions.DeleteExpired, SecurityUtils.CERNCertName);
return Unit.Default;
}));
})
.Subscribe(c => c.Subscribe(
g => LookupCertStatus.ExecuteAsync().Subscribe(),
e => errors.OnNext(e.Message.TakeFirstLine())
));
// Set/Get the file expiration policy.
CacheDecayOptions = ExpirationOptions.GetListExpirationOptions();
// Get the list of indico api keys we are watching
// and hook up the MV for doing the api key manipulation
ApiKeysForIndico = new ReactiveList <IndicoApiKey>();
ApiKeysForIndico.AddRange(IndicoApiKeyAccess.LoadAllKeys());
IndicoApiKeyAccess.IndicoApiKeysUpdated
.Subscribe(_ =>
{
using (ApiKeysForIndico.SuppressChangeNotifications())
{
ApiKeysForIndico.Clear();
ApiKeysForIndico.AddRange(IndicoApiKeyAccess.LoadAllKeys());
}
});
ShowIndicoApiKey = ReactiveCommand.Create();
ShowIndicoApiKey
.Cast <IndicoApiKey>()
.Select(x => new AddOrUpdateIndicoApiKeyViewModel(x))
.ToProperty(this, x => x.IndicoApiKey, out _indicoApiKeyVM, new AddOrUpdateIndicoApiKeyViewModel(null));
}
