/// <summary>
/// Attempts to install the given certificate in the host OS's trusted root store.
/// </summary>
/// <param name="certificate">
/// The certificate to install.
/// </param>
/// <param name="overwrite">
/// Whether or not to overwrite. If true, any and all certificates in the host OS store with
/// a matching subject name will be deleted before the supplied certificate is installed.
/// </param>
public static void InstallCertificateInHostOsTrustStore(X509Certificate certificate, bool overwrite = false)
{
switch (Environment.OSVersion.Platform)
{
case PlatformID.Win32NT:
{
var store = new System.Security.Cryptography.X509Certificates.X509Store(System.Security.Cryptography.X509Certificates.StoreName.Root, System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine);
store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite);
if (overwrite)
{
UninstallCertificateInHostOsTrustStore(certificate);
}
store.Add(new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()));
store.Close();
}
break;
default:
{
throw new PlatformNotSupportedException("This operating system is currently unsupported.");
}
}
}
} // End Sub UninstallCertificate
/// <summary>
/// Make current machine trust the Root Certificate used by this proxy
/// </summary>
/// <param name="storeName"></param>
/// <param name="storeLocation"></param>
/// <param name="certificate"></param>
public static void InstallCertificate(
System.Security.Cryptography.X509Certificates.X509Certificate2 certificate
, System.Security.Cryptography.X509Certificates.StoreName storeName
, System.Security.Cryptography.X509Certificates.StoreLocation storeLocation
)
{
if (certificate == null)
{
throw new System.Exception("Could not install certificate as it is null or empty.");
}
using (System.Security.Cryptography.X509Certificates.X509Store x509Store =
new System.Security.Cryptography.X509Certificates.X509Store(storeName, storeLocation))
{
// todo
// also it should do not duplicate if certificate already exists
try
{
x509Store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite);
x509Store.Add(certificate);
}
catch (System.Exception e)
{
throw new System.Exception("Failed to make system trust root certificate "
+ $" for {storeName}\\{storeLocation} store location. You may need admin rights.",
e);
}
finally
{
x509Store.Close();
}
} // End Using x509Store
} // End Sub InstallCertificate
protected static void AddCertToStore(X509Certificate2 cert, StoreName name, StoreLocation location)
{
X509Store store = new X509Store(name, location);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
}
/// <summary>
/// Lädt ein Zertifikat in einen Zertifikatsspeicher
/// </summary>
/// <param name="certificate">Zertifikat</param>
/// <param name="zertifikatziel">Bereich in dem Zertifikatsspeicher in dem das Zertifikat abgelegt werden soll</param>
/// <param name="zertifikatspeicher">Zertifikatspeicher (Computerkonto, Benutzerkonto, Dienstkonto)</param>
private static void LadeX509InZertifikatsspeicher(X509Certificate certificate,
string passwort,
System.Security.Cryptography.X509Certificates.StoreName zertifikatziel,
System.Security.Cryptography.X509Certificates.StoreLocation zertifikatspeicher)
{
System.Security.Cryptography.X509Certificates.X509Certificate2 tempCert =
new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded(),
passwort,
System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.PersistKeySet);
System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store(zertifikatziel, zertifikatspeicher);
store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite);
store.Add(tempCert);
store.Close();
}
public void writeCertificate(Org.BouncyCastle.X509.X509Certificate cert, long enrollmentID)
{
// converting from bouncycastle X509Certificate to System.Security.Cryptography.X509Certificates.X509Certificate2
System.Security.Cryptography.X509Certificates.X509Certificate2 certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2();
certificate.Import(cert.GetEncoded());
// Finding the corresponding privatekey from windows keystore using the container-name
RSACryptoServiceProvider rsaPrivate = retrievePrivateKey(enrollmentID);
// linking the retrieved private key to the certificate
certificate.PrivateKey = rsaPrivate;
// opening up the windows cert store because thats where I want to save it.
System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store(System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser);
store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.MaxAllowed);
store.Add(certificate);
store.Close();
}
//addCertToStore(MyRootCAcert, StoreName.Root, StoreLocation.LocalMachine);
//addCertToStore(MyCert, StoreName.My, StoreLocation.LocalMachine);
public static bool addCertToStore(System.Security.Cryptography.X509Certificates.X509Certificate2 cert, System.Security.Cryptography.X509Certificates.StoreName st, System.Security.Cryptography.X509Certificates.StoreLocation sl)
{
bool bRet = false;
try
{
X509Store store = new X509Store(st, sl);
store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
}
catch (Exception e)
{
Debug.WriteLine(e.Message);
}
return(bRet);
}
private void AddToStore(System.Security.Cryptography.X509Certificates.X509Certificate2 cert, System.Security.Cryptography.X509Certificates.StoreName storeName, string storeLocation)
{
System.Security.Cryptography.X509Certificates.StoreLocation location;
if (storeLocation == "currentuser")
{
location = System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser;
}
else
{
location = System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine;
}
System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store(storeName, location);
store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
}