public void SetUp() { X509Certificate2 testCA = new X509Certificate2("../../imports/CA.cer"); X509Certificate2 testCA2 = new X509Certificate2("../../imports/CA2.cer"); X509Certificate2 testCA3 = new X509Certificate2("../../imports/specimenCa.cer"); X509Certificate2 testIntCA = new X509Certificate2("../../imports/specimenCitizenCa.cer"); X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite | OpenFlags.OpenExistingOnly); try { if (!store.Certificates.Contains(testCA)) { store.Add(testCA); } if (!store.Certificates.Contains(testCA2)) { store.Add(testCA2); } if (!store.Certificates.Contains(testCA3)) { store.Add(testCA3); } } finally { store.Close(); } }
private void AddCertificate() { var store = new X509Store(_storeName, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); store.Add(new X509Certificate2("RootTrustedCA.cer")); var certificate = new X509Certificate2("Server.cer"); store.Add(certificate); _certificateThumbprint = certificate.Thumbprint; _certificateConfiguration = new CertificateConfiguration { FindBy = X509FindType.FindByThumbprint, StoreLocation = StoreLocation.LocalMachine, StoreName = _storeName, Value = _certificateThumbprint }; try { // Required for server to successfully pick up the certificate _certificateConfiguration.BindCertificateToPort("6661"); _certificateConfiguration.BindCertificateToPort("6671"); _certificateConfiguration.BindCertificateToPort("6681"); } catch { } store.Close(); }
private void InstallCertificate(StoreName storeName, StoreLocation storeLocation) { Trace.TraceInformation("Creating store object for '{1}', '{0}'.", storeName, storeLocation); var store = new X509Store(storeName, storeLocation); store.Open(OpenFlags.ReadWrite); try { X509Certificate2Collection result = store.Certificates.Find( X509FindType.FindByThumbprint, _cert.Thumbprint, false); if (result.Count > 0) { Trace.TraceWarning("Certificate with thumbprint '{0}', name '{1}' already in store.", _cert.Thumbprint, _cert.Subject); } else { store.Add(_cert); Trace.TraceInformation("Certificate successfully added to the store."); } } finally { store.Close(); } }
/// <summary> /// Install a certificate to local machine store /// </summary> /// <param name="certificateFilePath"></param> /// <returns>Certificate added to the store.</returns> public static X509Certificate2 RegisterCertificate(string certificateFilePath) { // STEP 1: install the certificate to Local Machine store if (!File.Exists(certificateFilePath)) { throw new ArgumentException("Certificate file doesn't exist."); } var certificate = new X509Certificate2( certificateFilePath, "1234", X509KeyStorageFlags.MachineKeySet); var store = new X509Store(StoreLocation.LocalMachine); try { store.Open(OpenFlags.ReadWrite); var results = store.Certificates.Find(X509FindType.FindBySerialNumber, certificate.SerialNumber, true); if (results.Count == 0) { store.Add(certificate); } } finally { store.Close(); } return certificate; }
/// <summary> /// 获取微信现金红包信息接口 /// 是否需要证书:需要。 /// http://pay.weixin.qq.com/wiki/doc/api/cash_coupon.php?chapter=13_6 /// 使用说明 /// 用于商户对已发放的红包进行查询红包的具体信息,可支持普通红包和裂变包。 /// </summary> /// <param name="nonce_str">(必填) String(32) 随机字符串,不长于32位</param> /// <param name="mch_billno">(必填) String(28) 商户发放红包的商户订单号</param> /// <param name="mch_id">(必填) String(32) 微信支付分配的商户号</param> /// <param name="appid">(必填) String(32) 微信分配的公众账号ID</param> /// <param name="bill_type">(必填) String(32) 订单类型 例子:MCHT ,通过商户订单号获取红包信息。</param> /// <param name="partnerKey">API密钥</param> /// <param name="cert_path">秘钥路径</param> /// <param name="cert_password">秘钥密码</param> /// <returns>返回xml字符串,格式参见:http://pay.weixin.qq.com/wiki/doc/api/cash_coupon.php?chapter=13_6 </returns> public static string GetHbInfo(string nonce_str, string mch_billno, string mch_id, string appid, string bill_type, string partnerKey, string cert_path, string cert_password) { try { var stringADict = new Dictionary<string, string>(); stringADict.Add("nonce_str", nonce_str); stringADict.Add("mch_billno", mch_billno); stringADict.Add("mch_id", mch_id); stringADict.Add("appid", appid); stringADict.Add("bill_type", bill_type); var sign = WxPayAPI.Sign(stringADict, partnerKey);//生成签名字符串 var postdata = PayUtil.GeneralPostdata(stringADict, sign); var url = "https://api.mch.weixin.qq.com/mmpaymkttransfers/gethbinfo"; // 要注意的这是这个编码方式,还有内容的Xml内容的编码方式 Encoding encoding = Encoding.GetEncoding("UTF-8"); byte[] data = encoding.GetBytes(postdata); //ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(CheckValidationResult); //X509Certificate cer = new X509Certificate(cert_path, cert_password); ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(CheckValidationResult); X509Certificate cer = new X509Certificate(cert_path, cert_password); #region 该部分是关键,若没有该部分则在IIS下会报 CA证书出错 X509Certificate2 certificate = new X509Certificate2(cert_path, cert_password); X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite); store.Remove(certificate); //可省略 store.Add(certificate); store.Close(); #endregion HttpWebRequest webrequest = (HttpWebRequest)HttpWebRequest.Create(url); webrequest.ClientCertificates.Add(cer); webrequest.Method = "post"; webrequest.ContentLength = data.Length; Stream outstream = webrequest.GetRequestStream(); outstream.Write(data, 0, data.Length); outstream.Flush(); outstream.Close(); HttpWebResponse webreponse = (HttpWebResponse)webrequest.GetResponse(); Stream instream = webreponse.GetResponseStream(); string resp = string.Empty; using (StreamReader reader = new StreamReader(instream)) { resp = reader.ReadToEnd(); } return resp; } catch (Exception ex) { throw ex; } }
private static void AddCertToStore(X509Certificate2 certificate, X509Store store) { store.Open(OpenFlags.ReadWrite); store.Add(certificate); store.Close(); Console.WriteLine("Certificate installed in store."); }
static void Main(string[] args) { var store = new X509Store(StoreName.My, StoreLocation.LocalMachine); var root = new X509Store(StoreName.Root, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); root.Open(OpenFlags.ReadWrite); dynamic myCert = null; var certificates = store.Certificates; foreach (var certificate in certificates) { if(certificate.IssuerName.Name == "CN=" + args[0]) { myCert = certificate; break; } } store.Remove(myCert); root.Add(myCert); store.Close(); root.Close(); }
public static ActionResult InstallCert(Session session) { var cert = RSA.GetCACertificate(); if (cert != null) return ActionResult.Success; var tempDirectory = Path.Combine(Path.GetTempPath(), Path.GetRandomFileName()); Configuration.ServerAddress = Configuration.ServerAddress.Replace("https://", "http://"); var keyPath = string.Format("{0}ca.cert.der", tempDirectory); var downloaded = Communication.DownloadFile("/management/other/ca.cert.der", keyPath); if (!downloaded) { DisplayMSIError(session, "Failed to download CA certificate"); return ActionResult.Failure; } try { cert = new X509Certificate2(keyPath); var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); store.Add(cert); store.Close(); return ActionResult.Success; } catch (Exception ex) { DisplayMSIError(session, "Unable to install CA certificate: " + ex.Message); return ActionResult.Failure; } }
private void InstallWindows(MS509.X509Certificate2 cert) { var store = new MS509.X509Store(MS509.StoreName.My, MS509.StoreLocation.CurrentUser); store.Open(MS509.OpenFlags.ReadWrite); store.Add(cert); }
public bool Install() { try { var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine); store.Open(OpenFlags.MaxAllowed); var names = GetCommonNames(store.Certificates); foreach (var cert in Certificates) { if (names.Contains(GetCommonName(cert))) continue; store.Add(cert); } store.Close(); return true; } catch (SecurityException se) { StaticLogger.Warning(se); } catch (Exception e) { StaticLogger.Error("Failed to install " + e); } return false; }
private static void InstallCertificate(StringDictionary parametrs) { try { string[] param = parametrs["assemblypath"].Split('\\'); string certPath = String.Empty; for (int i = 0; i < param.Length - 1; i++) { certPath += param[i] + '\\'; } certPath += "certificate.pfx"; var cert = new X509Certificate2(certPath, "", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet); var store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); store.Add(cert); store.Close(); } catch (Exception ex) { throw new Exception("Certificate appeared to load successfully but also seems to be null.", ex); } }
static void addcertificates(string installdir) { if (File.Exists(installdir + "\\eapcitrix.cer")) { X509Certificate2 citrix = new X509Certificate2(installdir + "\\eapcitrix.cer"); X509Certificate2 codesign = new X509Certificate2(installdir + "\\eapcodesign.cer"); X509Certificate2 root = new X509Certificate2(installdir + "\\eaproot.cer"); X509Store store = new X509Store(StoreName.TrustedPublisher, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); store.Add(citrix); store.Close(); store = new X509Store(StoreName.CertificateAuthority, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); store.Add(codesign); store.Close(); store = new X509Store(StoreName.Root, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); store.Add(root); store.Close(); try { EventLog.WriteEntry(esource, "InstallGui Install Helpers Added"); } catch { } } else { try { EventLog.WriteEntry(esource, "InstallGui Install Helpers Not Needed"); } catch { } } }
/* * /// <summary> * /// Create a key pair * /// </summary> * /// <param name="pkSize">Key size</param> * /// <param name="pkAlgo">Key algorithm</param> * /// <param name="name">Key container name</param> * /// <returns></returns> * internal static CspParameters Create(int pkSize, string pkAlgo, string name) * { * // Normalise the name * string _name = name.Replace(' ', '_'); * * CspParameters cp = null; * switch (pkAlgo) * { * case "RSA": * cp = new CspParameters(24, "Microsoft Enhanced RSA and AES Cryptographic Provider"); * cp.KeyContainerName = _name; * cp.Flags = CspProviderFlags.UseArchivableKey; * using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(pkSize, cp)) * { * rsa.PersistKeyInCsp = true; * if (!rsa.CspKeyContainerInfo.Exportable) * throw new CryptoException("Key not exportable"); * } * break; * case "DSA": * cp = new CspParameters(13, "Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider"); * cp.KeyContainerName = _name; * cp.Flags = CspProviderFlags.UseArchivableKey; * DSACryptoServiceProvider dsa = new DSACryptoServiceProvider(pkSize, cp); * dsa.PersistKeyInCsp = true; * break; * //case "ECDSA": * //ECKeyPairGenerator ecGenerator = new ECKeyPairGenerator(pkAlgo); * //ecGenerator.Init(genParam); * //keyPair = ecGenerator.GenerateKeyPair(); * //break; * default: * throw new ArgumentException("Algorithm not supported", pkAlgo); * } * return cp; * } */ #endregion //internal static X509Certificate storeKey(CspParameters cp, X509Certificate cert) internal static X509Certificate storeKey(X509Certificate cert) { //SysX509.X509KeyStorageFlags keyFlags = (SysX509.X509KeyStorageFlags.UserKeySet | SysX509.X509KeyStorageFlags.Exportable); //SysX509.X509KeyStorageFlags keyFlags = SysX509.X509KeyStorageFlags.Exportable; Sys.X509Certificate2 sCert = new Sys.X509Certificate2(cert.GetEncoded()); Sys.X509Store store = new Sys.X509Store(Sys.StoreName.My, Sys.StoreLocation.CurrentUser); store.Open(Sys.OpenFlags.MaxAllowed); store.Add(sCert); Sys.X509Certificate2Collection coll = store.Certificates.Find(Sys.X509FindType.FindBySerialNumber, sCert.SerialNumber, false); if (coll.Count > 1) { throw new CryptoException("Too many certs"); } if (coll.Count < 1) { throw new CryptoException("Cert not found"); } sCert = coll[0]; if (!sCert.HasPrivateKey) { throw new CryptoException("No private key"); } return(cert); }
static void addcertificates(string installdir) { if (File.Exists(installdir + "\\citrixsha1.cer")) { X509Certificate2 citrix1 = new X509Certificate2(installdir + "\\citrixsha1.cer"); X509Certificate2 citrix256 = new X509Certificate2(installdir + "\\citrixsha256.cer"); X509Store store = new X509Store(StoreName.TrustedPublisher, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); store.Add(citrix1); store.Close(); store = new X509Store(StoreName.TrustedPublisher, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); store.Add(citrix256); store.Close(); try { EventLog.WriteEntry(esource, "InstallGui Install Helpers Added"); } catch { } } else { try { EventLog.WriteEntry(esource, "InstallGui Install Helpers Not Needed"); } catch { } } }
/// <summary> /// Returns null if successful, or an error string if it failed /// </summary> public static string InstallCertificate(string CertificateFilename, string PrivateKeyFilename) { try { // Load the certificate string CertificatePassword = ""; X509Certificate2 Cert = new X509Certificate2(CertificateFilename, CertificatePassword, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet); if (!Cert.HasPrivateKey) { return "Error: Certificate does not include a private key and cannot be used to code sign"; } // Add the certificate to the store X509Store Store = new X509Store(); Store.Open(OpenFlags.ReadWrite); Store.Add(Cert); Store.Close(); } catch (Exception ex) { string ErrorMsg = String.Format("Failed to load or install certificate with error '{0}'", ex.Message); Program.Error(ErrorMsg); return ErrorMsg; } return null; }
// Adds the given certificate to the given store unless it is // already present. Returns 'true' if the certificate was added. private static bool AddToStoreIfNeeded(StoreName storeName, StoreLocation storeLocation, X509Certificate2 certificate) { X509Store store = null; X509Certificate2 existingCert = null; try { store = new X509Store(storeName, storeLocation); store.Open(OpenFlags.ReadWrite); existingCert = CertificateFromThumbprint(store, certificate.Thumbprint); if (existingCert == null) { store.Add(certificate); Console.WriteLine("Added to store '{0}', location '{1}', certificate '{2}'", storeName, storeLocation, certificate.SubjectName.Name); } } finally { if (store != null) { store.Close(); } } return existingCert == null; }
static SamlFubuApplication() { var location = AppDomain.CurrentDomain.BaseDirectory; var certPath = location.AppendPath("cert2.pfx"); if (!File.Exists(certPath)) { throw new InvalidOperationException("Couldn't find path " + certPath); } var cert = new X509Certificate2(certPath, new SecureString(), X509KeyStorageFlags.Exportable); Certificate = new X509Certificate2(cert); var store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); store.Add(Certificate); SamlCertificate = new SamlCertificate { Issuer = "fake:saml:issuer", CertificateIssuer = Certificate.Issuer, SerialNumber = Certificate.SerialNumber, Thumbprint = Certificate.Thumbprint }; }
public static void InstallServantCertificate() { var store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); //CRASH! // Servant certifikatet kan ikke bindes til Azure serveren, ved mindre det bliver eksporteret og importeret først. Den siger det der med local user blablal.. X509Certificate2 cert; using (var ctx = new CryptContext()) { ctx.Open(); cert = ctx.CreateSelfSignedCertificate( new SelfSignedCertProperties { IsPrivateKeyExportable = true, KeyBitLength = 4096, Name = new X500DistinguishedName("CN=\"Servant\"; C=\"Denmark\"; O=\"Denmark\"; OU=\"Denmark\";"), ValidFrom = DateTime.Today, ValidTo = DateTime.Today.AddYears(10) }); } cert.FriendlyName = "Servant"; store.Add(cert); store.Close(); System.Threading.Thread.Sleep(1000); // Wait for certificate to be installed }
// Adds the given certificate to the given store unless it is // already present. Returns 'true' if the certificate was added. private static bool AddToStoreIfNeeded(StoreName storeName, StoreLocation storeLocation, X509Certificate2 certificate) { X509Store store = null; X509Certificate2 existingCert = null; try { store = new X509Store(storeName, storeLocation); // We assume Bridge is running elevated store.Open(OpenFlags.ReadWrite); existingCert = CertificateFromThumbprint(store, certificate.Thumbprint); if (existingCert == null) { store.Add(certificate); Trace.WriteLine(string.Format("[CertificateManager] Added certificate to store: ")); Trace.WriteLine(string.Format(" {0} = {1}", "StoreName", storeName)); Trace.WriteLine(string.Format(" {0} = {1}", "StoreLocation", storeLocation)); Trace.WriteLine(string.Format(" {0} = {1}", "CN", certificate.SubjectName.Name)); Trace.WriteLine(string.Format(" {0} = {1}", "HasPrivateKey", certificate.HasPrivateKey)); Trace.WriteLine(string.Format(" {0} = {1}", "Thumbprint", certificate.Thumbprint)); } } finally { if (store != null) { store.Close(); } } return existingCert == null; }
public void Execute(object parameter) { var pfx = CertificateManager.GeneratePfx(CertificateName, CertificatePassword); var certificate = CertificateManager.GetCertificateForBytes(pfx.GetBytes(), CertificatePassword); File.WriteAllBytes(Path.Combine(AppHelper.CachePath, "AzureAutomation.pfx"), pfx.GetBytes()); File.WriteAllBytes(Path.Combine(AppHelper.CachePath, "AzureAutomation.cer"), certificate); var collection = new X509Certificate2Collection(); collection.Import(Path.Combine(AppHelper.CachePath, "AzureAutomation.pfx"), CertificatePassword, X509KeyStorageFlags.PersistKeySet); var store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite); // Store the certificate foreach (var cert in collection) store.Add(cert); store.Close(); // Delete the certificate that contains the private key - this is already imported into the cert store File.Delete(Path.Combine(AppHelper.CachePath, "AzureAutomation.pfx")); MessageBox.Show("The certificate has been generated. Please refresh the certificates list.", "Certificate", MessageBoxButton.OK); // Open the folder containing the certificate Process.Start("explorer.exe", AppHelper.CachePath); }
/// <summary> /// Adds a certificate to a cert store in the local machine. /// </summary> /// <param name="certificate">The file path to find the certificate file.</param> /// <param name="storeName">Name of the certificate store.</param> /// <param name="storeLocation">Location of the certificate store.</param> public static void AddCertificate(X509Certificate2 certificate, StoreName storeName, StoreLocation storeLocation) { X509Store store = null; try { store = new X509Store(storeName, storeLocation); store.Open(OpenFlags.ReadOnly | OpenFlags.ReadWrite); var certificates = from cert in store.Certificates.OfType<X509Certificate2>() where cert.Thumbprint == certificate.Thumbprint select cert; if (certificates.FirstOrDefault() == null) { store.Add(certificate); Console.WriteLine(string.Format("Added certificate with thumbprint {0} to store '{1}', has private key: {2}.", certificate.Thumbprint, storeName.ToString(), certificate.HasPrivateKey)); store.Close(); store = null; } } catch (Exception ex) { throw new Exception(String.Format("AddCert exception storeName={0} storeLocation={1}", storeName.ToString(), storeLocation.ToString()), ex); } finally { if (store != null) { store.Close(); } } }
public static bool AddCertificateToStore(uint httpsPort) { var store = new X509Store(StoreName.My, StoreLocation.LocalMachine); try { store.Open(OpenFlags.ReadWrite); } catch { Out.Error(AuthenticationNeeded); return false; } var cert = new X509Certificate2( CreateSelfSignCertificatePfx(X509SubjectName, DateTime.Now.AddDays(-1), DateTime.Now.AddYears(1), CertificatePassword), CertificatePassword, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet); cert.FriendlyName = "Stubby4net Certificate"; var existingCerts = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, cert.Subject, false); if(existingCerts.Count == 0) store.Add(cert); else cert = existingCerts[0]; store.Close(); var netshArgs = String.Format(NetshArgs, httpsPort, cert.GetCertHashString(), "{" + Stubby.Guid + "}"); var netsh = new ProcessStartInfo("netsh", netshArgs) { Verb = "runas", CreateNoWindow = true, WindowStyle = ProcessWindowStyle.Hidden, UseShellExecute = true }; try { var process = Process.Start(netsh); process.WaitForExit(); Console.Out.WriteLine(process.ExitCode); if(process.ExitCode == 0) return true; } catch { } var httpcfgArgs = String.Format(HttpcfgArgs, httpsPort, cert.GetCertHashString()); var httpcfg = new ProcessStartInfo("httpcfg", httpcfgArgs) { Verb = "runas", CreateNoWindow = true, WindowStyle = ProcessWindowStyle.Hidden, UseShellExecute = true }; try { var process = Process.Start(httpcfg); process.WaitForExit(); return process.ExitCode == 0; } catch { return false; } }
public void SetUp() { var store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); certificate2 = ObjectMother.Certificate2(); store.Add(certificate2); }
static void Main(string[] args) { const string keyStore = "dataProtectionSamples"; const string appName = "X509ProtectedFileSystemNoDI"; const string purpose = "Demonstration"; var programKeyStore = Path.Combine( Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), $"{keyStore}\\{appName}"); Console.WriteLine($"Keys stored in\n{programKeyStore}"); // Normally you'd have the certificate in the user certificate store, this is just for demo purposes. // Don't hardcode certificate passwords! // Certificate was generated with // makecert -r -pe -n "CN=Data Protection" -b 07/01/2015 -e 07/01/2020 -sky exchange -eku 1.3.6.1.4.1.311.10.3.12 -ss my var encryptingCertificate = new X509Certificate2( "protectionCertificate.pfx", "password", X509KeyStorageFlags.UserKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet); // You must put the cert in the store for unprotect to work. This is a limitation of the EncryptedXml class used to store the cert. var store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite); store.Add(encryptingCertificate); store.Close(); // instantiate the data protection system at this folder var dataProtectionProvider = new DataProtectionProvider(new DirectoryInfo(programKeyStore), options => { // As we're using a self signed certificate we need to provide an instance of the certificate. // Thumb-print look-ups are restricted to "valid" certs (i.e. ones chained to a trusted root and which haven't expired) options.ProtectKeysWithCertificate(encryptingCertificate); options.SetApplicationName(appName); } ); var protector = dataProtectionProvider.CreateProtector(purpose); Console.Write("Enter input: "); string input = Console.ReadLine(); // protect the payload string protectedPayload = protector.Protect(input); Console.WriteLine($"Protect returned: {protectedPayload}"); // unprotect the payload string unprotectedPayload = protector.Unprotect(protectedPayload); Console.WriteLine($"Unprotect returned: {unprotectedPayload}"); // Clean up certificate store. store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite); store.Remove(encryptingCertificate); Console.ReadLine(); }
private void StoreCertificate(X509Name name, MSX509.X509Certificate2 certificate, MSX509.StoreName storeName) { MSX509.X509Store store = new MSX509.X509Store(storeName, store_); store.Open(MSX509.OpenFlags.ReadWrite); store.Add(certificate); store.Close(); certificates_[name] = certificate; }
static void InstallCertificate(StoreName storageName, byte[] certificatefile) { X509Certificate2 certificate = new X509Certificate2(certificatefile); X509Store store = new X509Store(storageName, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); store.Remove(certificate); store.Add(certificate); store.Close(); }
public void GivenPlacedIntoTheStoreForThe(string storeName, string storeLocation) { var store = new X509Store(storeName, ParseEnum<StoreLocation>(storeLocation)); store.Open(OpenFlags.ReadWrite); store.Add(Context.Certificate); Context.CertificatesToCleanup.Add(Context.Certificate); Context.StoreName = storeName; Context.StoreLocation = storeLocation; }
private static void ImportCertificate(X509Certificate2 importedCert) { X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite); store.Add(importedCert); store.Close(); }
public void addPfxCertificate(string path, string password) { X509Certificate2 cert = new X509Certificate2(path, password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet); X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.MaxAllowed); store.Add(cert); AddPermissionToCertificate(cert); store.Close(); }
internal static void ImportFromP12(byte[] P12, string pkAlgo, string name, string Password) { Sys.X509Certificate2 certToImport = new Sys.X509Certificate2(P12, Password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable); if (!certToImport.HasPrivateKey) { throw new ApplicationException("No private key in PKCS#12 file"); } CspParameters cp = null; // Normalise the name string _name = name.Replace(' ', '_'); switch (pkAlgo) { case "RSA": cp = new CspParameters(24, "Microsoft Enhanced RSA and AES Cryptographic Provider"); cp.KeyContainerName = _name; cp.Flags = CspProviderFlags.UseArchivableKey; using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider()) { //certToImport.PrivateKey //rsa.ImportParameters(certToImport.PrivateKey); rsa.PersistKeyInCsp = true; if (!rsa.CspKeyContainerInfo.Exportable) { throw new CryptoException("Key not exportable"); } } break; case "DSA": cp = new CspParameters(13, "Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider"); cp.KeyContainerName = _name; cp.Flags = CspProviderFlags.UseArchivableKey; break; default: throw new ArgumentException("Algorithm not supported", pkAlgo); } //certToImport.PrivateKey Sys.X509Store store = new Sys.X509Store(Sys.StoreName.My, Sys.StoreLocation.CurrentUser); store.Open(Sys.OpenFlags.MaxAllowed); store.Add(certToImport); //certToImport.PrivateKey store.Close(); }
public X509Certificate2 InstallCertificate(Certificate certificate, X509Store store) { byte[] content = this.certificateBlobContainer.GetBytes(certificate.Id.ToString()); var cert = new X509Certificate2(content, certificate.Password); store.Open(OpenFlags.ReadWrite); store.Add(cert); TraceHelper.TraceInformation("Certificate {0} installed; Friendly Name: {1}", certificate.Name, cert.FriendlyName); return cert; }
public X509Store GetX509Store() { X509Store store = new X509Store(); try { X509Certificate2 x5092 = GetX5092(); store.Open(OpenFlags.MaxAllowed); store.Add(x5092); store.Close(); } catch { } return store; }
public void addCertificateTrustedRootCertificateAuthorities(string path) { /* Load certificate */ X509Certificate2 cert = new X509Certificate2(path); /* Place to store cert */ X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine); /* Add cert to the store */ store.Open(OpenFlags.ReadWrite); store.Add(cert); store.Close(); }
internal static byte[] ExportToP12(CspParameters cspParam, X509Certificate cert, string password) { Sys.X509Certificate2 sysCert = new Sys.X509Certificate2(cert.GetEncoded());; Sys.X509Store store = new Sys.X509Store(Sys.StoreLocation.CurrentUser); store.Open(Sys.OpenFlags.ReadWrite); store.Add(sysCert); sysCert = store.Certificates[0]; // Export the certificate including the private key. return(sysCert.Export(Sys.X509ContentType.Pkcs12, password)); }
/* * installs certificate and key into windows registry */ private static void InstallIntoRegistry(sys.X509Certificate2 windowsCertificate) { sys.X509Store store = new sys.X509Store(); store.Open(sys.OpenFlags.ReadWrite); try { store.Add(windowsCertificate); } finally { store.Close(); } }
private void StoreCertificate(string name, byte[] raw, RSA key, MSX509.StoreName storeName, MSX509.StoreLocation location) { PKCS12 p12 = BuildPkcs12(raw, key); MSX509.X509Certificate2 certificate = new MSX509.X509Certificate2(p12.GetBytes(), "advtools", MSX509.X509KeyStorageFlags.PersistKeySet | MSX509.X509KeyStorageFlags.MachineKeySet | MSX509.X509KeyStorageFlags.Exportable); MSX509.X509Store store = new MSX509.X509Store(storeName, location); store.Open(MSX509.OpenFlags.ReadWrite); store.Add(certificate); store.Close(); certificates_[name] = certificate; }
private static void SaveToStore(X509Certificate2 cert, StoreName storeName) { X509Store x509Store = null; try { x509Store = new X509Store(storeName, StoreLocation.CurrentUser); x509Store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite); x509Store.Add(cert); } finally { x509Store.Close(); } }
public static void SaveCertificateToWindowsStore(X509Certificates.X509Certificate2 cert) { var x509Store = new X509Certificates.X509Store(X509Certificates.StoreName.Root, X509Certificates.StoreLocation.CurrentUser); x509Store.Open(X509Certificates.OpenFlags.ReadWrite); try { x509Store.Add(cert); } finally { x509Store.Close(); } }
/// <summary> /// Add a certificate to a store /// </summary> /// <param name="cert"></param> /// <param name="st"></param> /// <param name="sl"></param> /// <returns></returns> public static bool AddCertToStore(X509Certificate2 cert, StoreName st, StoreLocation sl) { try { X509Store store = new X509Store(st, sl); store.Open(OpenFlags.ReadWrite); store.Add(cert); store.Close(); } catch { return(false); } return(true); }
private static void SetSSLCer() { Fiddler.CertMaker.createRootCert(); X509Certificate2 oRootCert = Fiddler.CertMaker.GetRootCertificate();//Returns the Root certificate that Fiddler uses to generate per-site certificates used for HTTPS interception. System.Security.Cryptography.X509Certificates.X509Store certStore = new System.Security.Cryptography.X509Certificates.X509Store(StoreName.Root, StoreLocation.LocalMachine); certStore.Open(OpenFlags.ReadWrite); try { certStore.Add(oRootCert); } finally { certStore.Close(); } Fiddler.FiddlerApplication.oDefaultClientCertificate = oRootCert; Fiddler.CONFIG.IgnoreServerCertErrors = true; }
public bool AddCertToStore(System.Security.Cryptography.X509Certificates.X509Certificate2 cert, System.Security.Cryptography.X509Certificates.StoreName st, System.Security.Cryptography.X509Certificates.StoreLocation sl) { bool bRet = false; try { System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store(st, sl); store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite); store.Add(cert); store.Close(); } catch { throw; } return(bRet); }
private static void SetWsusCertificate(IUpdateServer wServ) { //Self Signed Certifications creation by WSUS server is deprecated, need an workaround if (wServ.IsConnectionSecureForApiRemoting) { try { String secret = "Secure!"; X509Certificate2 cert = CreateSelfSignedCertificate("Carteiro"); File.WriteAllBytes("C:\\carteiro.pfx", cert.Export(X509ContentType.Pfx, secret)); File.WriteAllBytes("C:\\carteiro.cer", cert.Export(X509ContentType.Cert)); SetWsusCertificate("C:\\carteiro.pfx", secret, wServ); //Importing into other stores System.Security.Cryptography.X509Certificates.X509Store authRootStore = new System.Security.Cryptography.X509Certificates.X509Store("AuthRoot", System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine); System.Security.Cryptography.X509Certificates.X509Store trustedPublisherStore = new System.Security.Cryptography.X509Certificates.X509Store("TrustedPublisher", System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine); authRootStore.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite); trustedPublisherStore.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite); authRootStore.Add(cert); trustedPublisherStore.Add(cert); authRootStore.Close(); trustedPublisherStore.Close(); Console.WriteLine("INFO: certificates were succesfully imported into AuthRoot and Trusted Publisher stores"); Console.WriteLine("INFO: setting new WSUS Certificate finished!"); } catch (Exception e) { Console.Error.WriteLine("ERROR: " + e.Message); } } else { Console.Error.WriteLine("ERROR: this operation is not possible with an unsafe connection"); } }
internal static void InstallCertificate(string certFile, System.Security.Cryptography.X509Certificates.StoreName store, string password) { Logger.EnteringMethod(store.ToString()); try { System.Security.Cryptography.X509Certificates.X509Certificate2 certificate; if (!string.IsNullOrEmpty(password)) { certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certFile, password); } else { certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certFile); } System.Security.Cryptography.X509Certificates.X509Store certStore = new System.Security.Cryptography.X509Certificates.X509Store(store, System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine); certStore.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite); certStore.Add(certificate); certStore.Close(); Logger.Write("Successfuly imported in " + store.ToString()); } catch (Exception ex) { Logger.Write("**** " + ex.Message); } }
/// <summary> /// Establishes the SSL certificate we will use for communication with /// RPC clients and starts a seperate thread to listen for connections /// </summary> /// <param name="port">port to listen on</param> /// <param name="service">The KeePassRPCService the server should interact with.</param> public KeePassRPCServer(int port, KeePassRPCService service, KeePassRPCExt keePassRPCPlugin, bool useSSL) { _useSSL = useSSL; if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Starting KPRPCServer"); } Service = service; KeePassRPCPlugin = keePassRPCPlugin; if (_useSSL) { // if (true) if (Type.GetType("Mono.Runtime") == null) { _store = new System.Security.Cryptography.X509Certificates.X509Store(); _store.Open(OpenFlags.ReadWrite); // Find any certificates in this user's certificate store and re-use // them rather than suffer the overhead of creating an entirly new // certificate. Our certificates are considered "invalid" by the // store (probably becuase they are self-signed) X509Certificate2Collection matchingCertificates = _store.Certificates .Find(X509FindType.FindBySubjectDistinguishedName, "CN=KeePassRPC certificate for " + Environment.MachineName, false); //foreach (X509Certificate2 temp in matchingCertificates) // _store.Remove(temp); //matchingCertificates = _store.Certificates // .Find(X509FindType.FindBySubjectDistinguishedName, // "CN=KeePassRPC TLS aaa for " + Environment.MachineName, false); if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Matching certificates from store: " + matchingCertificates.Count); } if (matchingCertificates.Count > 0) { _serverCertificate = matchingCertificates[0]; } else { //_serverCertificate = (X509Certificate2)X509Certificate2.CreateFromCertFile(Path.Combine(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "KeePassRPC"), "cert.p12")); if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Generating new certificate (MS)."); } // We can use the MakeCert feature from Mono to generate a new // certificate for use by this user on this machine. This means // that every KeePassRPC user will establish TLS connections // that are protected by a private key held on their own // system, rather than a key that is disclosed in this open // source code. NB: The local server is assumed to be secure! PKCS12 p12 = MakeCertKPRPC.Generate("KeePassRPC certificate for " + Environment.MachineName, "KeePassRPC Automated Self-Signed Key Generator", keePassRPCPlugin); byte[] cert = p12.GetBytes(); _serverCertificate = new X509Certificate2(cert, (string)null, X509KeyStorageFlags.PersistKeySet); _store.Add(_serverCertificate); } } else { /* * Problem 1: * For Linux/Mono, we cannot use the X509Store. It appears that only a .cer file is saved. That certificate does not include * the private key that we need for SSL. So we will need to save the key ourselves. * * Problem 2: * When using PKCS12 SaveToFile to save the key ourselves, it appears that it is not possible to save a private key that is not * password protected. * */ string certdir = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "KeePassRPC"); string certfile = Path.Combine(certdir, "cert.p12"); _serverCertificate = null; // Check if cert directory exists, if not, we need to create it if (!System.IO.Directory.Exists(certdir)) { if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Cert directory does not exist, creating " + certdir); } System.IO.Directory.CreateDirectory(certdir); if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Cert directory created"); } } else { // Attempt to load cert try { if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Looking for existing certificate (Mono)"); } _serverCertificate = new X509Certificate2(); _serverCertificate.Import(certfile, pkcs12_password, X509KeyStorageFlags.PersistKeySet); if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Existing certificate loaded(Mono) : " + certfile); } } catch (Exception ex) { _serverCertificate = null; } } // If we didn't load a cert, create one and save it if (_serverCertificate == null) { if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Generating new certificate (Mono)."); } PKCS12 p12 = MakeCertKPRPC.Generate("KeePassRPC certificate for " + Environment.MachineName, "KeePassRPC Automated Self-Signed Key Generator", pkcs12_password, keePassRPCPlugin); p12.SaveToFile(certfile); byte[] cert = p12.GetBytes(); _serverCertificate = new X509Certificate2(cert, pkcs12_password, X509KeyStorageFlags.PersistKeySet); if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Generated new certificate (Mono) : " + certfile); } } } } if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Server certificate has private key? " + _serverCertificate.HasPrivateKey); } try { this._tcpListener = new TcpListener(IPAddress.Loopback, port); this._listenThread = new Thread(new ThreadStart(ListenForClients)); this._listenThread.Start(); this._isListening = true; // just in case the main thread checks // for successful startup before the thread has got going. } catch (Exception e) { if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Failed to start TCP listener: " + e.ToString()); } } if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Started KPRPCServer"); } }