static void Main(string[] args) { X509FindType x509FindType; if ((args.Length < 2) || !args[0].Equals("-find") || String.IsNullOrWhiteSpace(args[1])) { throw new ArgumentException("usage: CertExplorer -find {x509FindValue}"); } var certs = CertExplorer.FindMatchingCertificates(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, args[1], String.Empty, doTakeMostRecentOnly: true); List <string> issuers = new List <string> { "1b45ec255e0668375043ed5fe78a09ff1655844d", "d7fe717b5ff3593764f4d90654d86e8362ec26c8", "3ac7c3cac8de0dd392c02789c8be97474f456960", "96ea05926e2e42cc207e358668be2c316857fb5e" }; foreach (var cert in certs) { var isValid = CertExplorer.TryValidateX509Certificate(cert, issuers); } //CertExplorer.SetAccessRuleForMatchingCertificates( // StoreLocation.LocalMachine, // StoreName.My, // X509FindType.FindBySubjectName, // "WinFabric-Test-SAN1-Alice", // //"NC encryption cert", // "NT AUTHORITY\\NETWORK SERVICE", // CryptoKeyRights.GenericExecute | CryptoKeyRights.GenericRead); //CertExplorer.TestCertificateRetrieval(); //CertExplorer.FindMatchingCertificates(StoreName.My, StoreLocation.CurrentUser, args[1]); //ListEnvVars(); //var certList = CertExplorer.ListCertificates(); //foreach(var certTp in certList) //{ // Console.WriteLine("* {0}", certTp); //} //CertExplorer.DumpCertificateProperties("B90A554DD29AD2F6DA3F5ADFB367738053F984C3"); //CertExplorer.DumpCertificateProperties("C2A92DD7764004BC906B87974F4186E5F9064112"); return; }
public static void CertificateInventoryCallback(object state) { string correlationId = Guid.NewGuid().ToString("N").Substring(16); CertificateProbe typedState = (CertificateProbe)state; typedState.logger_.Log(LogLevel.Info, $"{DateTime.UtcNow:u} | {correlationId} | === beginning local certificate inventory; finding matches for {typedState.localFindType_}={typedState.localFindValue_} in {StoreLocation.LocalMachine}\\{typedState.localStore_}"); var matchingCerts = CertExplorer.FindMatchingCertificates( StoreLocation.LocalMachine, typedState.localStore_, typedState.localFindType_, typedState.localFindValue_, secondaryFindValue: string.Empty, doTakeMostRecentOnly: false, excludeExpiredCerts: true); bool anyAtRisk = false; int countAtRisk = 0; foreach (var cert in matchingCerts) { var isLinked = CertExplorer.IsLinkedCertificate(cert, out string linkedToTP); var renewalTP = isLinked && !String.IsNullOrWhiteSpace(linkedToTP) ? linkedToTP : "(none)"; var isAtRisk = cert.Issuer.Contains(v1IssuerPrefix); var certCN = cert.GetNameInfo(X509NameType.SimpleName, forIssuer: false); var certIssuerCN = cert.GetNameInfo(X509NameType.SimpleName, forIssuer: true); var certDesc = String.Format($"TP={cert.Thumbprint}, CN={certCN}, issued by: {certIssuerCN}, NBF={cert.NotBefore.ToShortDateString()}, NA={cert.NotAfter.ToShortDateString()}, renewal={renewalTP}, at risk: {(isAtRisk ? "YES" : "no")}"); typedState.logger_.Log(LogLevel.Info, $"{DateTime.UtcNow:u} | {correlationId} | cert probe | match: {certDesc}"); anyAtRisk |= isAtRisk; if (isAtRisk) { countAtRisk++; } } typedState.logger_.Log(LogLevel.Info, $"{DateTime.UtcNow:u} | {correlationId} | === completed local certificate inventory; certs at risk: {countAtRisk}"); }