private static RenewCertificateResponse RenewCertificates(PKIClient client, CertStore store)
{
var myLoadedCryptoCert = store.GetCertificate(CertStore.Certificiates.ClientIssuedEncryption);
var myLoadedSigningCert = store.GetCertificate(CertStore.Certificiates.ClientIssuedSigning);
var myGeneratedCryptoCert = store.GetCertificate(CertStore.Certificiates.ClientGeneratedEncryption);
var myGeneratedSigningCert = store.GetCertificate(CertStore.Certificiates.ClientGeneratedSigning);
// This issues a new set of certificates without revoking the old ones.
var res = client.RenewCertificate(myLoadedSigningCert, myLoadedCryptoCert, KeyGeneratorTypeType.software);
if (!CheckForError(res))
{
return(null);
}
// Read the x509 certificates returned from the server and attach the private keys
X509Certificate2 issuedCryptoCertificate = new X509Certificate2(res.Response.RenewCertificateResponse.EncryptionCert);
X509Certificate2 issuedSigningCertificate = new X509Certificate2(res.Response.RenewCertificateResponse.SigningCert);
// Set the private key on the X509Certificate2 instances, so we can easiliy store them
issuedCryptoCertificate.PrivateKey = myGeneratedCryptoCert.PrivateKey;
issuedSigningCertificate.PrivateKey = myGeneratedSigningCert.PrivateKey;
// Save the newly issued certificates in the certificate store
store.SetCertificate(CertStore.Certificiates.ClientIssuedEncryption, issuedCryptoCertificate.Export(X509ContentType.Pkcs12));
store.SetCertificate(CertStore.Certificiates.ClientIssuedSigning, issuedSigningCertificate.Export(X509ContentType.Pkcs12));
return(res.Response.RenewCertificateResponse);
}
private static void ObtainLatestBankCertificates()
{
/*
* This obtains the latest certificates used by the bank.
* They have a finite lifecycle, so they must be renewed a regular interval
* - Root certifiate: 10 years
* - Signing certificate: 2 years
* - Encryption certificate: 2 years
*/
Console.WriteLine("Requesting bank certificates ...");
// Obtain bank certificate
var res = PKIClient.GetBankCertificate();
if (!CheckForError(res))
{
exitProgram(Int32.Parse(res.Error.ReturnCode));
return;
}
Console.WriteLine(" Retrieved new certificates from bank.");
Console.WriteLine("Saving bank certificates ...");
// Save the bank certificates
CertStore.SetCertificate(CertStore.Certificiates.BankRoot, res.Response.GetBankCertificateResponse.BankRootCert);
CertStore.SetCertificate(CertStore.Certificiates.BankEncryption, res.Response.GetBankCertificateResponse.BankEncryptionCert);
CertStore.SetCertificate(CertStore.Certificiates.BankSigning, res.Response.GetBankCertificateResponse.BankSigningCert);
Console.WriteLine(" Bank certificates successfully saved.");
// Instruct the PKIClient to use the new certificates
PKIClient.BankRootCertificate = CertStore.GetCertificate(CertStore.Certificiates.BankRoot);
PKIClient.SetBankCertificates(CertStore.GetCertificate(CertStore.Certificiates.BankEncryption), CertStore.GetCertificate(CertStore.Certificiates.BankSigning));
Console.WriteLine(" Using new bank certificates.");
}
private static void SaveClientCertificates(CreateCertificateOutType res, CertStore store)
{
// Read the x509 certificates returned from the server and attach the private keys
X509Certificate2 issuedCryptoCertificate = new X509Certificate2(res.CreateCertificateResponse.EncryptionCert);
X509Certificate2 issuedSigningCertificate = new X509Certificate2(res.CreateCertificateResponse.SigningCert);
// Set the private key on the X509Certificate2 instances, so we can easiliy store them
issuedCryptoCertificate.PrivateKey = store.GetCertificate(CertStore.Certificiates.ClientGeneratedEncryption).PrivateKey;
issuedSigningCertificate.PrivateKey = store.GetCertificate(CertStore.Certificiates.ClientGeneratedSigning).PrivateKey;
// The certificate used by the bank for issuing certificates for our signing requests
X509Certificate2 bankCACertificate = new X509Certificate2(res.CreateCertificateResponse.CACert);
// Save the issued certificataes
store.SetCertificate(CertStore.Certificiates.ClientIssuedEncryption, issuedCryptoCertificate.Export(X509ContentType.Pkcs12));
store.SetCertificate(CertStore.Certificiates.ClientIssuedSigning, issuedSigningCertificate.Export(X509ContentType.Pkcs12));
}
private static CreateCertificateResponse CreateCertificates()
{
Console.WriteLine("Loading own certificates ...");
var myLoadedCryptoCert = CertStore.GetCertificate(CertStore.Certificiates.ClientGeneratedEncryption);
var myLoadedSigningCert = CertStore.GetCertificate(CertStore.Certificiates.ClientGeneratedSigning);
if (myLoadedCryptoCert == null || myLoadedSigningCert == null)
{
Console.WriteLine("Client generated certificates and private keys were not set in certificate CertStore.");
Console.WriteLine("Please set the encryption and signing certificates in the \"DanskeBank.PKIFactory\" CertStore using the friendlyname names:");
Console.WriteLine(" Signing: \"" + CertStore.Certificiates.ClientGeneratedSigning.ToString() + "\".");
Console.WriteLine(" Encryption: \"" + CertStore.Certificiates.ClientGeneratedEncryption.ToString() + "\".");
exitProgram(1);
return(null);
}
Console.WriteLine("Sending certificate signing requests for own certificates ...");
var res = PKIClient.CreateCertificate(myLoadedSigningCert, myLoadedCryptoCert, CustomerPIN, KeyGeneratorTypeType.software);
if (!CheckForError(res))
{
exitProgram(Int32.Parse(res.Error.ReturnCode));
return(null);
}
// Read the x509 certificates returned from the server
var issuedCryptoCert = new X509Certificate2(res.Response.CreateCertificateResponse.EncryptionCert);
var issuedSigningCert = new X509Certificate2(res.Response.CreateCertificateResponse.SigningCert);
// Set the private key on the X509Certificate2 instances, so we can easily CertStore them
issuedCryptoCert.PrivateKey = myLoadedCryptoCert.PrivateKey;
issuedSigningCert.PrivateKey = myLoadedSigningCert.PrivateKey;
// Save the issued certificataes
CertStore.SetCertificate(CertStore.Certificiates.ClientIssuedEncryption, issuedCryptoCert.Export(X509ContentType.Pkcs12));
CertStore.SetCertificate(CertStore.Certificiates.ClientIssuedSigning, issuedSigningCert.Export(X509ContentType.Pkcs12));
Console.WriteLine(" Certificates created successfully.");
return(res.Response.CreateCertificateResponse);
}
private static RenewCertificateResponse RenewCertificates()
{
Console.WriteLine("Renewing own certificates ...");
var myIssuedCryptoCert = CertStore.GetCertificate(CertStore.Certificiates.ClientIssuedEncryption);
var myIssuedSigningCert = CertStore.GetCertificate(CertStore.Certificiates.ClientIssuedSigning);
// This issues a new set of certificates without revoking the old ones.
var res = PKIClient.RenewCertificate(myIssuedSigningCert, myIssuedCryptoCert, KeyGeneratorTypeType.software);
if (!CheckForError(res))
{
exitProgram(Int32.Parse(res.Error.ReturnCode));
return(null);
}
// backup old certificates
CertStore.SetCertificate(CertStore.Certificiates.BackupClientIssuedEncryption, myIssuedCryptoCert.Export(X509ContentType.Pkcs12));
CertStore.SetCertificate(CertStore.Certificiates.BackupClientIssuedSigning, myIssuedSigningCert.Export(X509ContentType.Pkcs12));
// Read the x509 certificates returned from the server and attach the private keys
X509Certificate2 newIssuedCryptoCert = new X509Certificate2(res.Response.RenewCertificateResponse.EncryptionCert);
X509Certificate2 newIssuedSigningCert = new X509Certificate2(res.Response.RenewCertificateResponse.SigningCert);
// Set the private key on the X509Certificate2 instances, so we can easily store them
newIssuedCryptoCert.PrivateKey = myIssuedCryptoCert.PrivateKey;
newIssuedSigningCert.PrivateKey = myIssuedSigningCert.PrivateKey;
// Save the newly issued certificates in the certificate store
CertStore.SetCertificate(CertStore.Certificiates.ClientIssuedEncryption, newIssuedCryptoCert.Export(X509ContentType.Pkcs12));
CertStore.SetCertificate(CertStore.Certificiates.ClientIssuedSigning, newIssuedSigningCert.Export(X509ContentType.Pkcs12));
Console.WriteLine(" Renewal was successful.");
return(res.Response.RenewCertificateResponse);
}
private static void SaveBankCertificates(GetBankCertificateOutType certRes, CertStore store)
{
store.SetCertificate(CertStore.Certificiates.BankRoot, certRes.GetBankCertificateResponse.BankRootCert);
store.SetCertificate(CertStore.Certificiates.BankEncryption, certRes.GetBankCertificateResponse.BankEncryptionCert);
store.SetCertificate(CertStore.Certificiates.BankSigning, certRes.GetBankCertificateResponse.BankSigningCert);
}