public KeyStoreViewModel(SystemX509.StoreName storeName, SystemX509.StoreLocation storeLocation)
{
var storeBuilder = new Pkcs12StoreBuilder();
_store = storeBuilder.Build();
Name = String.Format("System KeyStore: [{0} : {1}]", storeLocation.ToString(), storeName.ToString());
Load(storeName, storeLocation);
}
/// <summary>
/// Loads the specified system keystore and puts
/// the keys store in read-only mode
/// </summary>
/// <param name="storeName">one of the enum values </param>
/// <param name="storelocation">one of the enum values</param>
public void Load(SystemX509.StoreName storeName, SystemX509.StoreLocation storelocation)
{
ReadOnlyKeyStore = true;
_listItems.Clear();
var store = new SystemX509.X509Store(storeName, storelocation);
store.Open(SystemX509.OpenFlags.ReadOnly);
foreach (SystemX509.X509Certificate2 cert in store.Certificates)
{
AddEntry(cert.FriendlyName, DotNetUtilities.FromX509Certificate(cert), null);
}
}
private void StoreCertificate(string name, byte[] raw, RSA key, MSX509.StoreName storeName, MSX509.StoreLocation location)
{
PKCS12 p12 = BuildPkcs12(raw, key);
MSX509.X509Certificate2 certificate = new MSX509.X509Certificate2(p12.GetBytes(), "advtools", MSX509.X509KeyStorageFlags.PersistKeySet | MSX509.X509KeyStorageFlags.MachineKeySet | MSX509.X509KeyStorageFlags.Exportable);
MSX509.X509Store store = new MSX509.X509Store(storeName, location);
store.Open(MSX509.OpenFlags.ReadWrite);
store.Add(certificate);
store.Close();
certificates_[name] = certificate;
}
/// <summary>
/// Adds a certificate to the specified store
/// </summary>
/// <param name="cert"></param>
/// <param name="st"></param>
/// <param name="sl"></param>
/// <returns></returns>
public static bool AddCertToStore(X509Certificate2 cert, System.Security.Cryptography.X509Certificates.StoreName st, System.Security.Cryptography.X509Certificates.StoreLocation sl)
{
bool bRet = false;
try
{
X509Store store = new X509Store(st, sl);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
}
catch
{
}
return(bRet);
}
public static X509Certificate2 GetCertificate(StoreLocation storeLocation, System.Security.Cryptography.X509Certificates.StoreName storeName, X509FindType x509FindType, object value)
{
X509Store store = new X509Store(storeName, storeLocation);
store.Open(OpenFlags.ReadOnly);
try
{
var certs = store.Certificates.Find(x509FindType, value, false);
if (certs.Count == 0)
{
return(null);
}
return(certs[0]);
}
finally
{
store.Close();
}
}
internal static void InstallCertificate(string certFile, System.Security.Cryptography.X509Certificates.StoreName store, string password)
{
Logger.EnteringMethod(store.ToString());
try
{
System.Security.Cryptography.X509Certificates.X509Certificate2 certificate;
if (!string.IsNullOrEmpty(password))
{
certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certFile, password);
}
else
{
certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certFile);
}
System.Security.Cryptography.X509Certificates.X509Store certStore = new System.Security.Cryptography.X509Certificates.X509Store(store, System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine);
certStore.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite);
certStore.Add(certificate);
certStore.Close();
Logger.Write("Successfuly imported in " + store.ToString());
}
catch (Exception ex)
{ Logger.Write("**** " + ex.Message); }
}
private MSX509.X509Certificate2 LoadCertificate(X509Name name, MSX509.StoreName storeName, MSX509.StoreLocation location)
{
if (certificates_.ContainsKey(name))
{
return(certificates_[name]);
}
string dn = name.ToString();
MSX509.X509Store store = new MSX509.X509Store(storeName, location);
store.Open(MSX509.OpenFlags.ReadOnly);
var certificates = store.Certificates.Find(MSX509.X509FindType.FindBySubjectDistinguishedName, dn, true);
store.Close();
if (certificates.Count <= 0)
{
return(null);
}
MSX509.X509Certificate2 certificate = certificates[0];
certificates_[name] = certificate;
return(certificate);
}
/*private void WriteCertificate(string name, byte[] raw)
* {
* using(FileStream stream = new FileStream(GetCertificateFilePath(name), FileMode.Create, FileAccess.Write))
* stream.Write(raw, 0, raw.Length);
* }*/
private MSX509.X509Certificate2 LoadCertificate(string name, MSX509.StoreName storeName, MSX509.StoreLocation location)
{
if (certificates_.ContainsKey(name))
{
return(certificates_[name]);
}
MSX509.X509Store store = new MSX509.X509Store(storeName, location);
store.Open(MSX509.OpenFlags.ReadOnly);
var certificates = store.Certificates.Find(MSX509.X509FindType.FindBySubjectName, name, true);
store.Close();
if (certificates.Count <= 0)
{
return(null);
}
state_.Logger.Information("X509v3 '{0}' loaded from store", name);
MSX509.X509Certificate2 certificate = certificates[0];
certificates_[name] = certificate;
return(certificate);
}
internal static void InstallCertificate(string certFile, System.Security.Cryptography.X509Certificates.StoreName store)
{
Logger.EnteringMethod();
InstallCertificate(certFile, store, string.Empty);
}
private void StoreCertificate(X509Name name, MSX509.X509Certificate2 certificate, MSX509.StoreName storeName)
{
MSX509.X509Store store = new MSX509.X509Store(storeName, store_);
store.Open(MSX509.OpenFlags.ReadWrite);
store.Add(certificate);
store.Close();
certificates_[name] = certificate;
}
//public static void SaveAsPVK(X509Certificate2 cert, string path)
//{
// File.WriteAllBytes(path, cert.Export(X509ContentType.Pkcs12, (string)null));
//}
//public static void SaveToPFX(X509Certificate newCert,
// AsymmetricCipherKeyPair kp,
// string FilePath,
// string CertAlias,
// string Password)
//{
// //Org.BouncyCastle.X509.X509Certificate newCert,
// var newStore = new Pkcs12Store();
// var certEntry = new X509CertificateEntry(newCert);
// newStore.SetCertificateEntry(
// CertAlias,
// certEntry
// );
// newStore.SetKeyEntry(
// CertAlias,
// new AsymmetricKeyEntry(kp.Private),
// new[] { certEntry }
// );
// using (var certFile = File.Create(FilePath))
// {
// newStore.Save(
// certFile,
// Password.ToCharArray(),
// new SecureRandom(new CryptoApiRandomGenerator())
// );
// }
//}
#endregion
// public static void dfsdfoui9()
// {
// //X509Certificate2 cert;
// //save to file
// var cert = new X509Certificate2(bytes, password, X509KeyStorageFlags.UserKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
// var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
//store.Open(OpenFlags.ReadWrite);
//store.Add(cert);
//store.Close();
// //key goes to C:\Users\Paul\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\62207B818FC553C92CC6D2C2F869603C190544FB
// //var file = Path.Combine(Path.GetTempPath(), "Octo-" + Guid.NewGuid());
// try
// {
// File.WriteAllBytes(file, bytes);
// return new X509Certificate2(file, /* ...options... */);
// }
// finally
// {
// File.Delete(file);
// }
// store.Remove(cert);
// }
///// <summary>
/////
///// </summary>
///// <param name="subjectName">eg. "CN=127.0.01"</param>
///// <param name="durationInMins"></param>
///// <param name="issuerName">eg. "CN=MYTESTCA"</param>
//public static X509Certificate2 GenerateAndRegisterSelfSignedCertificate(string subjectName, int durationInMins, string issuerName)
//{
// try
// {
// AsymmetricKeyParameter myCAprivateKey = null;
// //generate a root CA cert and obtain the privateKey
// X509Certificate2 MyRootCAcert = GenerateCACertificate(issuerName, durationInMins, ref myCAprivateKey);
// //add CA cert to store
// AddCertToStore(MyRootCAcert, StoreName.Root, StoreLocation.LocalMachine);
// //generate cert based on the CA cert privateKey
// X509Certificate2 MyCert = GenerateSelfSignedCertificate(subjectName, durationInMins, issuerName, myCAprivateKey);
// //add cert to store
// AddCertToStore(MyCert, StoreName.My, StoreLocation.LocalMachine);
// return MyCert;
// }
// catch
// {
// return null;
// }
//}
//public static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, int durationInMins, string issuerName, AsymmetricKeyParameter issuerPrivKey)
//{
// const int keyStrength = 2048;
// // Generating Random Numbers
// CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
// SecureRandom random = new SecureRandom(randomGenerator);
// // The Certificate Generator
// X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
// // Serial Number
// BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
// certificateGenerator.SetSerialNumber(serialNumber);
// // Signature Algorithm
// const string signatureAlgorithm = "SHA256WithRSA";
// certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
// // Issuer and Subject Name
// X509Name subjectDN = new X509Name(subjectName);
// X509Name issuerDN = new X509Name(issuerName);
// certificateGenerator.SetIssuerDN(issuerDN);
// certificateGenerator.SetSubjectDN(subjectDN);
// // Valid For
// DateTime notBefore = DateTime.UtcNow.Date;
// DateTime notAfter = notBefore.AddMinutes(durationInMins);
// certificateGenerator.SetNotBefore(notBefore);
// certificateGenerator.SetNotAfter(notAfter);
// // Subject Public Key
// AsymmetricCipherKeyPair subjectKeyPair;
// var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
// var keyPairGenerator = new RsaKeyPairGenerator();
// keyPairGenerator.Init(keyGenerationParameters);
// subjectKeyPair = keyPairGenerator.GenerateKeyPair();
// certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// // Generating the Certificate
// AsymmetricCipherKeyPair issuerKeyPair = subjectKeyPair;
// // selfsign certificate
// Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(issuerPrivKey, random);
// // correcponding private key
// PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
// // merge into X509Certificate2
// X509Certificate2 x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded());
// Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded());
// if (seq.Count != 9)
// {
// //throw new PemException("malformed sequence in RSA private key");
// }
// RsaPrivateKeyStructure rsa = new RsaPrivateKeyStructure(seq);
// RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters(
// rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
// x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams);
// return x509;
//}
// /// <summary>
// /// builds the boss cert
// /// </summary>
// /// <param name="subjectName"></param>
// /// <param name="CaPrivateKey"></param>
// /// <returns></returns>
// public static X509Certificate2 GenerateCACertificate(string subjectName, int durationInMins, out AsymmetricCipherKeyPair kp)
// {
// const int keyStrength = 2048;
// // Generating Random Numbers
// CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
// SecureRandom random = new SecureRandom(randomGenerator);
// // The Certificate Generator
// X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
// var certName = new X509Name("CN=" + subjectName);
// BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
// certificateGenerator.SetSerialNumber(serialNumber);
// certificateGenerator.SetSubjectDN(certName);
// certificateGenerator.SetIssuerDN(certName);
// certificateGenerator.SetNotBefore(DateTime.Now);
// certificateGenerator.SetNotAfter(DateTime.Now.AddMinutes(durationInMins));
// certificateGenerator.SetSignatureAlgorithm("SHA256WithRSA");
// var kpgen = new RsaKeyPairGenerator();
// // certificate strength 1024 bits
// kpgen.Init(new KeyGenerationParameters(random, keyStrength));
// kp = kpgen.GenerateKeyPair();
// certificateGenerator.SetPublicKey(kp.Public);
// certificateGenerator.AddExtension(
//X509Extensions.AuthorityKeyIdentifier.Id,
//false,
//new AuthorityKeyIdentifier(
// SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public),
// new GeneralNames(new GeneralName(certName)),
// serialNumber));
// /*
// 1.3.6.1.5.5.7.3.1 - id_kp_serverAuth
// 1.3.6.1.5.5.7.3.2 - id_kp_clientAuth
// 1.3.6.1.5.5.7.3.3 - id_kp_codeSigning
// 1.3.6.1.5.5.7.3.4 - id_kp_emailProtection
// 1.3.6.1.5.5.7.3.5 - id-kp-ipsecEndSystem
// 1.3.6.1.5.5.7.3.6 - id-kp-ipsecTunnel
// 1.3.6.1.5.5.7.3.7 - id-kp-ipsecUser
// 1.3.6.1.5.5.7.3.8 - id_kp_timeStamping
// 1.3.6.1.5.5.7.3.9 - OCSPSigning
// */
// certificateGenerator.AddExtension(
// X509Extensions.ExtendedKeyUsage.Id,
// false,
// new ExtendedKeyUsage(new[] { KeyPurposeID.IdKPServerAuth }));
// var newCert = certificateGenerator.Generate(kp.Private);
// return newCert;
// //// Generating the Certificate
// //AsymmetricCipherKeyPair issuerKeyPair = subjectKeyPair;
// //// selfsign certificate
// //Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);
// //X509Certificate2 x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded());
// //CaPrivateKey = issuerKeyPair.Private;
// //return x509;
// //return issuerKeyPair.Private;
// }
public static System.Security.Cryptography.X509Certificates.X509Certificate2 GetCert(string certName, System.Security.Cryptography.X509Certificates.StoreName st, System.Security.Cryptography.X509Certificates.StoreLocation sl)
{
System.Security.Cryptography.X509Certificates.X509Certificate2 cert = null;
try
{
X509Store store = new X509Store(st, sl);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs =
store.Certificates.Find(X509FindType.FindBySubjectName,
certName,
true);
if (certs.Count > 0)
{
cert = certs[0];
}
store.Close();
}
catch
{
}
return(cert);
}
private MSX509.X509Certificate2 GetCertificate(X509Name name, Usage usage, int validity, MSX509.StoreName storeName, MSX509.X509Certificate2 issuer)
{
// Try to load the certificate from the machine store
MSX509.X509Certificate2 certificate = LoadCertificate(name, storeName, MSX509.StoreLocation.LocalMachine);
if (certificate != null)
{
return(certificate);
}
// Try to load the certificate from the user store
certificate = LoadCertificate(name, storeName, MSX509.StoreLocation.CurrentUser);
if (certificate != null)
{
return(certificate);
}
return(InternalGenerateCertificate(name, usage, validity, storeName, issuer));
}
public MSX509.X509Certificate2 SignRequest(string csrFile, Usage usage, int validity, MSX509.StoreName storeName)
{
Pkcs10CertificationRequest request = ReadPkcs10(csrFile);
var info = request.GetCertificationRequestInfo();
SubjectPublicKeyInfo publicKeyInfo = info.SubjectPublicKeyInfo;
RsaPublicKeyStructure publicKeyStructure = RsaPublicKeyStructure.GetInstance(publicKeyInfo.GetPublicKey());
RsaKeyParameters publicKey = new RsaKeyParameters(false, publicKeyStructure.Modulus, publicKeyStructure.PublicExponent);
if (!request.Verify(publicKey))
{
throw new ApplicationException("The CSR is not valid: verification failed");
}
MSX509.X509Certificate2 root = GetRootCertificate();
if (root == null)
{
throw new ApplicationException("Root certificate not found");
}
return(InternalGenerateCertificate(info.Subject, usage, validity, storeName, publicKey, null, DotNetUtilities.GetKeyPair(root.PrivateKey).Private));
}
internal static bool addCertToStore(System.Security.Cryptography.X509Certificates.X509Certificate2 cert, System.Security.Cryptography.X509Certificates.StoreName st, System.Security.Cryptography.X509Certificates.StoreLocation sl)
{
bool bRet = false;
try
{
X509Store store = new X509Store(st, sl);
store.Open(OpenFlags.ReadWrite);
var certs = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, cert.SubjectName.Name, false);
//Remove existing Certificates
foreach (X509Certificate2 cer in certs)
{
store.Remove(cer);
}
store.Add(cert);
store.Close();
}
catch
{
}
return(bRet);
}
private MSX509.X509Certificate2 InternalGenerateCertificate(X509Name name, Usage usage, int validity, MSX509.StoreName storeName, MSX509.X509Certificate2 issuer)
{
// Create a pair of keys
RsaKeyPairGenerator keyGenerator = new RsaKeyPairGenerator();
keyGenerator.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));
var keys = keyGenerator.GenerateKeyPair();
// Get the signator (issuer or itself in the case of a root certificate which is self-signed)
AsymmetricKeyParameter signator = issuer == null ? keys.Private : DotNetUtilities.GetKeyPair(issuer.PrivateKey).Private;
return(InternalGenerateCertificate(name, usage, validity, storeName, keys.Public, keys.Private, signator));
}
private MSX509.X509Certificate2 CreateCertificate(string name, List <X509Extension> extensions, MSX509.X509Certificate2 issuerCertificate, string issuer, MSX509.StoreName storeName, int validity)
{
MSX509.X509Certificate2 certificate = LoadCertificate(name, storeName, location_);
if (certificate != null)
{
return(certificate);
}
state_.Logger.Information("Create X509.v3 certificate for '{0}'", name);
PrivateKey key = new PrivateKey();
key.RSA = RSA.Create();
X509CertificateBuilder builder = new X509CertificateBuilder(3);
builder.SerialNumber = GenerateSerial();
builder.IssuerName = "CN=" + issuer;
builder.SubjectName = "CN=" + name;
builder.SubjectPublicKey = key.RSA;
builder.NotBefore = DateTime.Now;
builder.NotAfter = builder.NotBefore.AddDays(validity);
builder.Hash = "SHA1";
foreach (X509Extension extension in extensions)
{
builder.Extensions.Add(extension);
}
var signator = issuerCertificate == null ? key.RSA : issuerCertificate.PrivateKey;
byte[] raw = builder.Sign(signator);
StoreCertificate(name, raw, key.RSA, storeName, location_);
certificate = new MSX509.X509Certificate2(raw);
certificate.PrivateKey = key.RSA;
return(certificate);
}
private MSX509.X509Certificate2 InternalGenerateCertificate(X509Name name, Usage usage, int validity, MSX509.StoreName storeName, AsymmetricKeyParameter publicKey, AsymmetricKeyParameter privateKey, AsymmetricKeyParameter signator)
{
DateTime notBefore = DateTime.Now.AddDays(-1);
// Build a X509v3 certificate
X509V3CertificateGenerator builder = new X509V3CertificateGenerator();
builder.SetSerialNumber(new BigInteger(GenerateSerial()));
builder.SetIssuerDN(authorityName_ ?? name);
builder.SetSubjectDN(name);
builder.SetPublicKey(publicKey);
builder.SetNotBefore(notBefore);
builder.SetNotAfter(notBefore.AddDays(validity == 0 ? defaultCertificatesValidity_ : validity));
builder.SetSignatureAlgorithm("SHA1WithRSA");
// Add the extensions
AddExtensions(builder, usage);
// Sign the certificate
X509Certificate newCertificate = builder.Generate(signator);
// Create a .NET X509Certificate2 from the BouncyCastle one and put the private key into it
MSX509.X509Certificate2 certificate = CreateCertificate(name, newCertificate, privateKey);
// Store the certificate
StoreCertificate(name, certificate, storeName);
return(certificate);
}
public static bool addCertToStore(System.Security.Cryptography.X509Certificates.X509Certificate2 cert, System.Security.Cryptography.X509Certificates.StoreName st, System.Security.Cryptography.X509Certificates.StoreLocation sl)
{
bool bRet = false;
try
{
X509Store store = new X509Store(st, sl);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
return(bRet);
}
public bool addCertToStore(System.Security.Cryptography.X509Certificates.X509Certificate2 cert, System.Security.Cryptography.X509Certificates.StoreName st, System.Security.Cryptography.X509Certificates.StoreLocation sl)
{
X509Store x509store;
try
{
x509store = new X509Store(st, sl);
x509store.Open(OpenFlags.ReadWrite);
x509store.Add(cert);
x509store.Close();
}
catch
{
return(false);
}
return(true);
}
