private static void installCertificates()
{
byte[] root_cert = Properties.Resources.rootsert;
X509Certificate2Collection root_certs = new X509Certificate2Collection();
root_certs.Import(root_cert);
X509Store root_store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
root_store.Open(OpenFlags.ReadWrite);
var sp = new StorePermission(PermissionState.Unrestricted)
{
Flags = StorePermissionFlags.AddToStore
};
sp.Assert();
root_store.AddRange(root_certs);
root_store.Close();
byte[] auth_cert = Properties.Resources.casert;
X509Certificate2Collection auth_certs = new X509Certificate2Collection();
auth_certs.Import(auth_cert);
X509Store auth_store = new X509Store(StoreName.CertificateAuthority, StoreLocation.LocalMachine);
auth_store.Open(OpenFlags.ReadWrite);
auth_store.AddRange(auth_certs);
auth_store.Close();
}
public static CertificateStore CreateCertificate()
{
using (var ctx = new CryptContext())
{
ctx.Open();
var cert = ctx.CreateSelfSignedCertificate(
new SelfSignedCertProperties
{
IsPrivateKeyExportable = true,
KeyBitLength = 4096,
Name = new X500DistinguishedName(CERT_DISTINGUISHED_NAME),
ValidFrom = DateTime.Today.AddDays(-1),
ValidTo = DateTime.Today.AddYears(1),
});
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
var storePermissions = new StorePermission(PermissionState.Unrestricted);
storePermissions.Flags = StorePermissionFlags.OpenStore;
storePermissions.Assert();
store.Open(OpenFlags.ReadWrite);
X509Certificate2Collection collection = new X509Certificate2Collection();
collection.Add(cert);
store.AddRange(collection);
store.Close();
return(new CertificateStore(cert));
}
}
private static X509Certificate2Collection SelectFromCollectionHelper(X509Certificate2Collection certificates, string title, string message, X509SelectionFlag selectionFlag, IntPtr hwndParent)
{
if (certificates == null)
{
throw new ArgumentNullException("certificates");
}
if (selectionFlag < X509SelectionFlag.SingleSelection || selectionFlag > X509SelectionFlag.MultiSelection)
{
throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, SecurityResources.GetResourceString("Arg_EnumIllegalVal"), "selectionFlag"));
}
//
// We need to Assert all StorePermission flags since this is a memory store and we want
// semi-trusted code to be able to select certificates from a memory store.
//
StorePermission sp = new StorePermission(StorePermissionFlags.AllFlags);
sp.Assert();
using (SafeCertStoreHandle safeSourceStoreHandle = X509Utils.ExportToMemoryStore(certificates))
using (SafeCertStoreHandle safeTargetStoreHandle = SelectFromStore(safeSourceStoreHandle, title, message, selectionFlag, hwndParent))
{
return(X509Utils.GetCertificates(safeTargetStoreHandle));
}
}
public AjaxResponse UploadCertificate(string fileName, string password)
{
var response = new AjaxResponse();
try
{
const string newbindinginformation = "*:443:";
var store2 = new X509Store(StoreName.My, StoreLocation.LocalMachine);
var sp = new StorePermission(PermissionState.Unrestricted)
{
Flags = StorePermissionFlags.AllFlags
};
sp.Assert();
store2.Open(OpenFlags.MaxAllowed);
var cert = new X509Certificate2(fileName, password)
{
FriendlyName = fileName.Split('\\').Last()
};
store2.Add(cert);
store2.Close();
using (var serverManager = new ServerManager())
{
foreach (var s in serverManager.Sites)
{
var bindingIndex = -1;
foreach (var b in s.Bindings.Where(r => r.BindingInformation.Contains(newbindinginformation)))
{
bindingIndex = s.Bindings.IndexOf(b);
}
if (bindingIndex != -1)
{
s.Bindings.RemoveAt(bindingIndex);
}
}
var site = serverManager.Sites[HostingEnvironment.ApplicationHost.GetSiteName()];
var binding = site.Bindings.Add(newbindinginformation, cert.GetCertHash(), store2.Name);
binding.Protocol = "https";
AddRewriteRules(serverManager);
serverManager.CommitChanges();
}
response.status = "success";
response.message = Resource.UploadHttpsSettingsSuccess;
}
catch (Exception e)
{
response.status = "error";
response.message = e.Message;
}
return(response);
}
public static void UploadCertificate(string filePath, string password)
{
if (!CoreContext.Configuration.Standalone)
{
throw new Exception("Functionality not available");
}
if (string.IsNullOrEmpty(filePath))
{
throw new ArgumentException("filePath");
}
if (string.IsNullOrEmpty(password))
{
throw new ArgumentException("password");
}
var fileName = Path.GetFileName(filePath);
var fileExt = Path.GetExtension(fileName);
if (string.IsNullOrEmpty(fileExt))
{
throw new ArgumentException("filePath");
}
var store2 = new X509Store(StoreName.My, StoreLocation.LocalMachine);
var sp = new StorePermission(PermissionState.Unrestricted)
{
Flags = StorePermissionFlags.AllFlags
};
sp.Assert();
store2.Open(OpenFlags.MaxAllowed);
var cert = fileExt.Equals(".pfx", StringComparison.InvariantCultureIgnoreCase)
? new X509Certificate2(filePath, password)
{
FriendlyName = fileName
}
: new X509Certificate2(new X509Certificate(filePath));
store2.Add(cert);
store2.Close();
UploadStandAloneCertificate(store2, cert);
//UploadSaaSCertificate(store2, cert);
}
internal static Cryptography.SafeCertStoreHandle ExportToMemoryStore(X509Certificate2Collection collection)
{
//
// We need to Assert all StorePermission flags since this is a memory store and we want
// semi-trusted code to be able to export certificates to a memory store.
//
#if !FEATURE_CORESYSTEM
StorePermission sp = new StorePermission(StorePermissionFlags.AllFlags);
sp.Assert();
#endif
Cryptography.SafeCertStoreHandle safeCertStoreHandle = Cryptography.SafeCertStoreHandle.InvalidHandle;
// we always want to use CERT_STORE_ENUM_ARCHIVED_FLAG since we want to preserve the collection in this operation.
// By default, Archived certificates will not be included.
safeCertStoreHandle = CAPI.CertOpenStore(new IntPtr(CAPI.CERT_STORE_PROV_MEMORY),
CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING,
IntPtr.Zero,
CAPI.CERT_STORE_ENUM_ARCHIVED_FLAG | CAPI.CERT_STORE_CREATE_NEW_FLAG,
null);
if (safeCertStoreHandle == null || safeCertStoreHandle.IsInvalid)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
//
// We use CertAddCertificateLinkToStore to keep a link to the original store, so any property changes get
// applied to the original store. This has a limit of 99 links per cert context however.
//
foreach (X509Certificate2 x509 in collection)
{
if (!CAPI.CertAddCertificateLinkToStore(safeCertStoreHandle,
x509.CertContext,
CAPI.CERT_STORE_ADD_ALWAYS,
Cryptography.SafeCertContextHandle.InvalidHandle))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
return(safeCertStoreHandle);
}
private void installCert()
{
X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
StorePermission sp = new StorePermission(PermissionState.Unrestricted);
sp.Flags = StorePermissionFlags.OpenStore;
sp.Assert();
store.Open(OpenFlags.ReadWrite);
X509Certificate2Collection collection = new X509Certificate2Collection();
string path = System.AppDomain.CurrentDomain.BaseDirectory + "CodeSign.cer";
X509Certificate2 cert = new X509Certificate2(path);
byte[] encodedCert = cert.GetRawCertData();
consoleLine("Adding Touchmote Test Certificate to trusted root.");
store.Add(cert);
store.Close();
}
public AjaxResponse UploadCertificate(string fileName, string password)
{
var response = new AjaxResponse();
try
{
var filePath = Path.Combine(Path.GetTempPath(), fileName);
var store2 = new X509Store(StoreName.My, StoreLocation.LocalMachine);
var sp = new StorePermission(PermissionState.Unrestricted)
{
Flags = StorePermissionFlags.AllFlags
};
sp.Assert();
store2.Open(OpenFlags.MaxAllowed);
var cert = fileName.EndsWith(".pfx")
? new X509Certificate2(filePath, password)
{
FriendlyName = fileName
}
: new X509Certificate2(new X509Certificate(filePath));
store2.Add(cert);
store2.Close();
if (CoreContext.Configuration.Standalone)
{
UploadStandAloneCertificate(store2, cert);
}
else
{
UploadSaaSCertificate(store2, cert);
}
response.status = "success";
response.message = Resource.UploadHttpsSettingsSuccess;
}
catch (Exception e)
{
response.status = "error";
response.message = e.Message;
}
return(response);
}
private void uninstallCert()
{
X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
StorePermission sp = new StorePermission(PermissionState.Unrestricted);
sp.Flags = StorePermissionFlags.OpenStore;
sp.Assert();
store.Open(OpenFlags.ReadWrite);
consoleLine("Removing Touchmote Test Certificate.");
foreach (X509Certificate2 c in store.Certificates)
{
if (c.IssuerName.Name.Contains("Touchmote"))
{
store.Remove(c);
}
}
store.Close();
}
private static void InstallCertificate(X509Certificate2 certObj, string certificatePath, string certificatePassword)
{
try
{
var serviceRuntimeUserCertificateStore = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
StorePermission sp = new StorePermission(PermissionState.Unrestricted);
sp.Flags = StorePermissionFlags.AllFlags;
sp.Assert();
serviceRuntimeUserCertificateStore.Open(OpenFlags.ReadWrite);
X509Certificate2 cert = null;
try
{
cert = certObj;// new X509Certificate2(certificatePath, certificatePassword);
}
catch (Exception ex)
{
Console.WriteLine("Failed to load certificate " + certificatePath);
//throw new DataException("Certificate appeared to load successfully but also seems to be null.", ex);
}
try
{
serviceRuntimeUserCertificateStore.Add(cert);
var certs = serviceRuntimeUserCertificateStore.Certificates;
var locations = serviceRuntimeUserCertificateStore.Location;
var handle = serviceRuntimeUserCertificateStore.StoreHandle;
serviceRuntimeUserCertificateStore.Close();
}
catch (CryptographicException ex)
{
}
}
catch (Exception ex)
{
Console.WriteLine("Failed to install {0}. Check the certificate index entry and verify the certificate file exists.", certificatePath);
}
}
internal static SafeCertStoreHandle ExportToMemoryStore(X509Certificate2Collection collection,
X509Certificate2Collection collection2 = null)
{
//
// We need to Assert all StorePermission flags since this is a memory store and we want
// semi-trusted code to be able to export certificates to a memory store.
//
StorePermission sp = new StorePermission(StorePermissionFlags.AllFlags);
sp.Assert();
SafeCertStoreHandle safeCertStoreHandle;
// we always want to use CERT_STORE_ENUM_ARCHIVED_FLAG since we want to preserve the collection in this operation.
// By default, Archived certificates will not be included.
safeCertStoreHandle = CAPI.CertOpenStore(new IntPtr(CAPI.CERT_STORE_PROV_MEMORY),
CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING,
IntPtr.Zero,
CAPI.CERT_STORE_ENUM_ARCHIVED_FLAG | CAPI.CERT_STORE_CREATE_NEW_FLAG,
null);
if (safeCertStoreHandle == null || safeCertStoreHandle.IsInvalid)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
AddToStore(safeCertStoreHandle, collection);
if (collection2 != null)
{
AddToStore(safeCertStoreHandle, collection2);
}
return(safeCertStoreHandle);
}
internal static X509Certificate2Collection BuildBagOfCerts(KeyInfoX509Data keyInfoX509Data, CertUsageType certUsageType)
{
X509Certificate2Collection collection = new X509Certificate2Collection();
ArrayList decryptionIssuerSerials = (certUsageType == CertUsageType.Decryption ? new ArrayList() : null);
if (keyInfoX509Data.Certificates != null)
{
foreach (X509Certificate2 certificate in keyInfoX509Data.Certificates)
{
switch (certUsageType)
{
case CertUsageType.Verification:
collection.Add(certificate);
break;
case CertUsageType.Decryption:
decryptionIssuerSerials.Add(new X509IssuerSerial(certificate.IssuerName.Name, certificate.SerialNumber));
break;
}
}
}
if (keyInfoX509Data.SubjectNames == null && keyInfoX509Data.IssuerSerials == null &&
keyInfoX509Data.SubjectKeyIds == null && decryptionIssuerSerials == null)
{
return(collection);
}
// Open LocalMachine and CurrentUser "Other People"/"My" stores.
// Assert OpenStore since we are not giving back any certificates to the user.
StorePermission sp = new StorePermission(StorePermissionFlags.OpenStore);
sp.Assert();
X509Store[] stores = new X509Store[2];
string storeName = (certUsageType == CertUsageType.Verification ? "AddressBook" : "My");
stores[0] = new X509Store(storeName, StoreLocation.CurrentUser);
stores[1] = new X509Store(storeName, StoreLocation.LocalMachine);
for (int index = 0; index < stores.Length; index++)
{
if (stores[index] != null)
{
X509Certificate2Collection filters = null;
// We don't care if we can't open the store.
try {
stores[index].Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
filters = stores[index].Certificates;
stores[index].Close();
if (keyInfoX509Data.SubjectNames != null)
{
foreach (string subjectName in keyInfoX509Data.SubjectNames)
{
filters = filters.Find(X509FindType.FindBySubjectDistinguishedName, subjectName, false);
}
}
if (keyInfoX509Data.IssuerSerials != null)
{
foreach (X509IssuerSerial issuerSerial in keyInfoX509Data.IssuerSerials)
{
filters = filters.Find(X509FindType.FindByIssuerDistinguishedName, issuerSerial.IssuerName, false);
filters = filters.Find(X509FindType.FindBySerialNumber, issuerSerial.SerialNumber, false);
}
}
if (keyInfoX509Data.SubjectKeyIds != null)
{
foreach (byte[] ski in keyInfoX509Data.SubjectKeyIds)
{
string hex = X509Utils.EncodeHexString(ski);
filters = filters.Find(X509FindType.FindBySubjectKeyIdentifier, hex, false);
}
}
if (decryptionIssuerSerials != null)
{
foreach (X509IssuerSerial issuerSerial in decryptionIssuerSerials)
{
filters = filters.Find(X509FindType.FindByIssuerDistinguishedName, issuerSerial.IssuerName, false);
filters = filters.Find(X509FindType.FindBySerialNumber, issuerSerial.SerialNumber, false);
}
}
}
catch (CryptographicException) {}
if (filters != null)
{
collection.AddRange(filters);
}
}
}
return(collection);
}
public bool Sign(string iSignReason, string iSignContact, string iSignLocation, bool visible, string iImageString)
{
string vCertificatesPath = "CN=" + CertificatesName;
#region Geting Certs
X509Store store = new X509Store(_storedName, _storedLocation);
StorePermission sp = new StorePermission(PermissionState.Unrestricted);
sp.Flags = StorePermissionFlags.OpenStore;
sp.Assert();
store.Open(OpenFlags.MaxAllowed);
X509Certificate2 cert = null;
int i = 0;
while ((i < store.Certificates.Count) && (cert == null))
{
if (store.Certificates[i].Subject.ToUpper().Contains(vCertificatesPath))
{
cert = store.Certificates[i];
}
else
{
i++;
}
}
store.Close();
if (cert == null)
{
throw new CryptographicException("Certificate is NULL. Certificate can not be found");
}
Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
var cerRawData = cert.RawData;
var certificates = cp.ReadCertificate(cerRawData);
Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { certificates };
var chainFirst = GetChainBouncyCastle(cert);
#endregion Geting Certs
PdfReader reader = null;
if (string.IsNullOrEmpty(inputPdfFileString))
{
reader = new PdfReader(inputPdfStream);
}
else
{
reader = new PdfReader(this.inputPdfFileString);
}
if (outputPdfStream == null && string.IsNullOrEmpty(outputPdfFileString) == false)
{
outputPdfStream = new FileStream(this.outputPdfFileString, FileMode.OpenOrCreate, FileAccess.Write);
}
if (reader != null && outputPdfStream != null)
{
#region Standard Signing
PdfStamper vStamper = PdfStamper.CreateSignature(reader, outputPdfStream, '\0', null, false);
vStamper.MoreInfo = this.settingMetadata.GetMetaDataHashtable();
vStamper.XmpMetadata = this.settingMetadata.GetStreamedMetaData();
PdfSignatureAppearance vSignatureAppearance = vStamper.SignatureAppearance;
vSignatureAppearance.SetCrypto(null, chain, null, PdfSignatureAppearance.SELF_SIGNED);
vSignatureAppearance.SignDate = SignDate;
vSignatureAppearance.Reason = iSignReason;
vSignatureAppearance.Contact = iSignContact;
vSignatureAppearance.Location = iSignLocation;
vSignatureAppearance.Acro6Layers = true;
vSignatureAppearance.Render = PdfSignatureAppearance.SignatureRender.Description;
if (visible)
{
vSignatureAppearance.SetVisibleSignature(
new iTextSharp.text.Rectangle(ImageLocation.Width, ImageLocation.Height, ImageLocation.Width + ImageSize.Width, ImageLocation.Height + ImageSize.Height),
1, null);
if (File.Exists(iImageString))
{
iTextSharp.text.Image vImage = iTextSharp.text.Image.GetInstance(iImageString);
vSignatureAppearance.Image = vImage;
}
}
vSignatureAppearance.SetExternalDigest(new byte[128], new byte[20], "RSA");
#endregion Standard Signing
#region Self Signed Mode
PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKMS, PdfName.ADBE_PKCS7_SHA1);
dic.Date = new PdfDate(vSignatureAppearance.SignDate);
var vName = PdfPKCS7.GetSubjectFields(chain[0]).GetField("CN");
dic.Name = vName;
if (vSignatureAppearance.Reason != null)
{
dic.Reason = vSignatureAppearance.Reason;
}
if (vSignatureAppearance.Location != null)
{
dic.Location = vSignatureAppearance.Location;
}
vSignatureAppearance.CryptoDictionary = dic;
int csize = 4000;
Dictionary <PdfName, int> exc = new Dictionary <PdfName, int>();
exc[PdfName.CONTENTS] = csize * 2 + 2;
vSignatureAppearance.PreClose(new Hashtable(exc));
HashAlgorithm sha = new SHA1CryptoServiceProvider();
Stream s = vSignatureAppearance.RangeStream;
int read = 0;
byte[] buff = new byte[8192];
while ((read = s.Read(buff, 0, 8192)) > 0)
{
sha.TransformBlock(buff, 0, read, buff, 0);
}
sha.TransformFinalBlock(buff, 0, 0);
byte[] pk = SignMsg(sha.Hash, cert, false);
byte[] outc = new byte[csize];
PdfDictionary dic2 = new PdfDictionary();
Array.Copy(pk, 0, outc, 0, pk.Length);
dic2.Put(PdfName.CONTENTS, new PdfString(outc).SetHexWriting(true));
vSignatureAppearance.Close(dic2);
#endregion Self Signed Mode
if (vSignatureAppearance.IsPreClosed() == false)
{
vStamper.Close();
}
reader.Close();
return(true);
}
return(false);
}