static X509Store GetStoreFromName(string storeName, bool machine)
{
X509Stores stores = ((machine) ? X509StoreManager.LocalMachine : X509StoreManager.CurrentUser);
X509Store store = null;
switch (storeName)
{
case X509Stores.Names.Personal:
return(stores.Personal);
case X509Stores.Names.OtherPeople:
return(stores.OtherPeople);
case X509Stores.Names.IntermediateCA:
return(stores.IntermediateCA);
case "Root": // special case (same as trusted root)
case X509Stores.Names.TrustedRoot:
return(stores.TrustedRoot);
case X509Stores.Names.Untrusted:
return(stores.Untrusted);
}
return(store);
}
public static bool LdapSSLHandler(System.Security.Cryptography.X509Certificates.X509Certificate certificate, int[] certificateErrors)
{
#if !MONO
X509Store store = null;
X509Stores stores = X509StoreManager.LocalMachine;
store = stores.TrustedRoot;
X509Certificate x509 = null;
byte[] data = certificate.GetRawCertData();
if (data != null)
{
x509 = new X509Certificate(data);
}
if (x509 != null)
{
//coll.Add(x509);
if (!store.Certificates.Contains(x509))
{
store.Import(x509);
}
}
#endif
return(true);
}
static int Process()
{
X509CertificateCollection roots = DecodeCollection();
if (roots == null)
{
return(1);
}
else if (roots.Count == 0)
{
WriteLine("No certificates were found.");
return(0);
}
X509Stores stores = userStore ? X509StoreManager.CurrentUser : X509StoreManager.LocalMachine;
X509CertificateCollection trusted = stores.TrustedRoot.Certificates;
int additions = 0;
WriteLine("I already trust {0}, your new list has {1}", trusted.Count, roots.Count);
foreach (X509Certificate root in roots)
{
if (!trusted.Contains(root))
{
try {
stores.TrustedRoot.Import(root);
WriteLine("Certificate added: {0}", root.SubjectName);
additions++;
} catch (Exception e) {
WriteLine("Warning: Could not import {0}", root.SubjectName);
WriteLine(e.ToString());
}
}
}
if (additions > 0)
{
WriteLine("{0} new root certificates were added to your trust store.", additions);
}
X509CertificateCollection removed = new X509CertificateCollection();
foreach (X509Certificate trust in trusted)
{
if (!roots.Contains(trust))
{
removed.Add(trust);
}
}
if (removed.Count > 0)
{
WriteLine("{0} previously trusted certificates were removed.", removed.Count);
foreach (X509Certificate old in removed)
{
stores.TrustedRoot.Remove(old);
WriteLine("Certificate removed: {0}", old.SubjectName);
}
}
WriteLine("Import process completed.");
return(0);
}
static int Main(string [] args)
{
bool machine = false;
for (int i = 0; i < args.Length; i++)
{
switch (args [i])
{
case "-m":
case "--m":
machine = true;
break;
case "-v":
case "--v":
verbose = true;
break;
case "-f":
case "--f":
force = true;
break;
case "-help":
case "--help":
case "-?":
case "--?":
Help();
return(0);
}
}
try {
X509Stores stores = ((machine) ? X509StoreManager.LocalMachine : X509StoreManager.CurrentUser);
// for all store (expect Untrusted)
UpdateStore(stores.TrustedRoot);
UpdateStore(stores.IntermediateCA);
UpdateStore(stores.Personal);
UpdateStore(stores.OtherPeople);
return(0);
}
catch (Exception e) {
Console.WriteLine("ERROR: Unexpected exception: {0}", e);
return(1);
}
}
public static bool MySSLHandler(Syscert.X509Certificate certificate,
int[] certificateErrors)
{
X509Store store = null;
X509Stores stores = X509StoreManager.CurrentUser;
String input;
store = stores.TrustedRoot;
//Import the details of the certificate from the server.
X509Certificate x509 = null;
X509CertificateCollection coll = new X509CertificateCollection();
byte[] data = certificate.GetRawCertData();
if (data != null)
{
x509 = new X509Certificate(data);
}
//List the details of the Server
//check for ceritficate in store
X509CertificateCollection check = store.Certificates;
if (!check.Contains(x509))
{
if (bindCount == 1)
{
Console.WriteLine(" \n\nCERTIFICATE DETAILS: \n");
Console.WriteLine(" {0}X.509 v{1} Certificate", (x509.IsSelfSigned ? "Self-signed " : String.Empty), x509.Version);
Console.WriteLine(" Serial Number: {0}", CryptoConvert.ToHex(x509.SerialNumber));
Console.WriteLine(" Issuer Name: {0}", x509.IssuerName);
Console.WriteLine(" Subject Name: {0}", x509.SubjectName);
Console.WriteLine(" Valid From: {0}", x509.ValidFrom);
Console.WriteLine(" Valid Until: {0}", x509.ValidUntil);
Console.WriteLine(" Unique Hash: {0}", CryptoConvert.ToHex(x509.Hash));
Console.WriteLine();
}
//Get the response from the Client
do
{
Console.WriteLine("\nDo you want to proceed with the connection (y/n)?");
input = Console.ReadLine();
if (input == "y" || input == "Y")
{
bHowToProceed = true;
}
if (input == "n" || input == "N")
{
bHowToProceed = false;
}
} while (input != "y" && input != "Y" && input != "n" && input != "N");
}
else
{
if (bHowToProceed == true)
{
//Add the certificate to the store.
if (x509 != null)
{
coll.Add(x509);
}
store.Import(x509);
if (bindCount == 1)
{
removeFlag = true;
}
}
}
if (bHowToProceed == false)
{
//Remove the certificate added from the store.
if (removeFlag == true && bindCount > 1)
{
foreach (X509Certificate xt509 in store.Certificates)
{
if (CryptoConvert.ToHex(xt509.Hash) == CryptoConvert.ToHex(x509.Hash))
{
store.Remove(x509);
}
}
}
Console.WriteLine("SSL Bind Failed.");
}
return(bHowToProceed);
}
static int Process()
{
X509CertificateCollection roots = DecodeCollection();
if (roots == null)
{
return(1);
}
else if (roots.Count == 0)
{
WriteLine("No certificates were found.");
return(0);
}
if (pkcs7filename != null)
{
SoftwarePublisherCertificate pkcs7 = new SoftwarePublisherCertificate();
pkcs7.Certificates.AddRange(roots);
WriteLine("Saving root certificates into '{0}' file...", pkcs7filename);
using (FileStream fs = File.OpenWrite(pkcs7filename)) {
byte[] data = pkcs7.GetBytes();
fs.Write(data, 0, data.Length);
fs.Close();
}
}
if (import)
{
WriteLine("Importing certificates into {0} store...",
machine ? "machine" : "user");
X509Stores stores = (machine ? X509StoreManager.LocalMachine : X509StoreManager.CurrentUser);
X509CertificateCollection trusted = stores.TrustedRoot.Certificates;
int additions = 0;
foreach (X509Certificate root in roots)
{
if (!trusted.Contains(root))
{
if (!confirmAddition || AskConfirmation("add", root))
{
stores.TrustedRoot.Import(root);
if (confirmAddition)
{
WriteLine("Certificate added.{0}", Environment.NewLine);
}
additions++;
}
}
}
if (additions > 0)
{
WriteLine("{0} new root certificates were added to your trust store.", additions);
}
X509CertificateCollection removed = new X509CertificateCollection();
foreach (X509Certificate trust in trusted)
{
if (!roots.Contains(trust))
{
removed.Add(trust);
}
}
if (removed.Count > 0)
{
if (confirmRemoval)
{
WriteLine("{0} previously trusted certificates were not part of the update.", removed.Count);
}
else
{
WriteLine("{0} previously trusted certificates were removed.", removed.Count);
}
foreach (X509Certificate old in removed)
{
if (!confirmRemoval || AskConfirmation("remove", old))
{
stores.TrustedRoot.Remove(old);
if (confirmRemoval)
{
WriteLine("Certificate removed.{0}", Environment.NewLine);
}
}
}
}
WriteLine("Import process completed.{0}", Environment.NewLine);
}
return(0);
}
static int Process()
{
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => {
if (sslPolicyErrors != System.Net.Security.SslPolicyErrors.None)
{
Console.WriteLine("WARNING: Downloading the trusted certificate list couldn't be done securely (error: {0}), continuing anyway. If you're using mozroots to bootstrap Mono's trust store on a clean system this might be OK, otherwise it could indicate a network intrusion. Please ensure you're using a trusted network or move to cert-sync.", sslPolicyErrors);
}
// this is very bad, but on a clean system without an existing trust store we don't really have a better option
return(true);
};
X509CertificateCollection roots = DecodeCollection();
if (roots == null)
{
return(1);
}
else if (roots.Count == 0)
{
WriteLine("No certificates were found.");
return(0);
}
if (pkcs7filename != null)
{
SoftwarePublisherCertificate pkcs7 = new SoftwarePublisherCertificate();
pkcs7.Certificates.AddRange(roots);
WriteLine("Saving root certificates into '{0}' file...", pkcs7filename);
using (FileStream fs = File.OpenWrite(pkcs7filename)) {
byte[] data = pkcs7.GetBytes();
fs.Write(data, 0, data.Length);
fs.Close();
}
}
if (import)
{
WriteLine("Importing certificates into {0} store...",
machine ? "machine" : "user");
X509Stores stores = (machine ? X509StoreManager.LocalMachine : X509StoreManager.CurrentUser);
X509CertificateCollection trusted = stores.TrustedRoot.Certificates;
int additions = 0;
foreach (X509Certificate root in roots)
{
if (!trusted.Contains(root))
{
if (!confirmAddition || AskConfirmation("add", root))
{
stores.TrustedRoot.Import(root);
if (confirmAddition)
{
WriteLine("Certificate added.{0}", Environment.NewLine);
}
additions++;
}
}
}
if (additions > 0)
{
WriteLine("{0} new root certificates were added to your trust store.", additions);
}
X509CertificateCollection removed = new X509CertificateCollection();
foreach (X509Certificate trust in trusted)
{
if (!roots.Contains(trust))
{
removed.Add(trust);
}
}
if (removed.Count > 0)
{
if (confirmRemoval)
{
WriteLine("{0} previously trusted certificates were not part of the update.", removed.Count);
}
else
{
WriteLine("{0} previously trusted certificates were removed.", removed.Count);
}
foreach (X509Certificate old in removed)
{
if (!confirmRemoval || AskConfirmation("remove", old))
{
stores.TrustedRoot.Remove(old);
if (confirmRemoval)
{
WriteLine("Certificate removed.{0}", Environment.NewLine);
}
}
}
}
WriteLine("Import process completed.{0}", Environment.NewLine);
}
return(0);
}
