protected async Task UpdateGroupStore(string storePath, X509Certificate2Collection certs, IList <Opc.Ua.X509CRL> crls) { if (!String.IsNullOrEmpty(storePath)) { using (ICertificateStore store = CertificateStoreIdentifier.OpenStore(storePath)) { X509Certificate2Collection oldCertificates = await store.Enumerate(); foreach (var cert in oldCertificates) { await store.Delete(cert.Thumbprint); } foreach (var crl in store.EnumerateCRLs()) { store.DeleteCRL(crl); } foreach (var cert in certs) { await store.Add(cert); } foreach (var crl in crls) { store.AddCRL(crl); } } } }
/// <summary> /// Displays the dialog. /// </summary> public CertificateIdentifier ShowDialog(CertificateStoreIdentifier store, bool allowStoreChange) { CertificateStoreCTRL.StoreType = CertificateStoreType.Directory; CertificateStoreCTRL.StorePath = String.Empty; CertificateStoreCTRL.ReadOnly = !allowStoreChange; CertificatesCTRL.Initialize(null); OkBTN.Enabled = false; if (store != null) { CertificateStoreCTRL.StoreType = store.StoreType; CertificateStoreCTRL.StorePath = store.StorePath; } if (ShowDialog() != DialogResult.OK) { return null; } CertificateIdentifier id = new CertificateIdentifier(); id.StoreType = CertificateStoreCTRL.StoreType; id.StorePath = CertificateStoreCTRL.StorePath; id.Certificate = CertificatesCTRL.SelectedCertificate; return id; }
/// <summary> /// Displays the dialog. /// </summary> public CertificateIdentifier ShowDialog( CertificateStoreIdentifier targetStore, string issuerKeyFilePath, string issuerCertificatePassword) { CertificateStoreCTRL.StoreType = null; CertificateStoreCTRL.StorePath = null; IssuerKeyFilePathTB.Text = issuerKeyFilePath; IssuerPasswordTB.Text = issuerCertificatePassword; SubjectNameCK.Checked = false; DomainNameTB.Text = System.Net.Dns.GetHostName(); KeySizeCB.SelectedIndex = 0; LifeTimeInMonthsUD.Value = 60; if (targetStore != null) { CertificateStoreCTRL.StoreType = targetStore.StoreType; CertificateStoreCTRL.StorePath = targetStore.StorePath; } if (ShowDialog() != DialogResult.OK) { return(null); } return(m_certificate); }
private bool EraseStore(string storePath) { bool result = true; try { using (ICertificateStore store = CertificateStoreIdentifier.OpenStore(storePath)) { var storeCerts = store.Enumerate().Result; foreach (var cert in storeCerts) { if (!store.Delete(cert.Thumbprint).Result) { result = false; } } var storeCrls = store.EnumerateCRLs(); foreach (var crl in storeCrls) { if (!store.DeleteCRL(crl)) { result = false; } } } } catch { result = false; } return(result); }
/// <summary> /// Displays the dialog. /// </summary> public CertificateIdentifier ShowDialog(CertificateStoreIdentifier store, bool allowStoreChange) { CertificateStoreCTRL.StoreType = CertificateStoreType.Directory; CertificateStoreCTRL.StorePath = String.Empty; CertificateStoreCTRL.ReadOnly = !allowStoreChange; CertificatesCTRL.Initialize(null); OkBTN.Enabled = false; if (store != null) { CertificateStoreCTRL.StoreType = store.StoreType; CertificateStoreCTRL.StorePath = store.StorePath; } if (ShowDialog() != DialogResult.OK) { return(null); } CertificateIdentifier id = new CertificateIdentifier(); id.StoreType = CertificateStoreCTRL.StoreType; id.StorePath = CertificateStoreCTRL.StorePath; id.Certificate = CertificatesCTRL.SelectedCertificate; return(id); }
/// <summary> /// Displays the dialog. /// </summary> public bool ShowDialog(CertificateStoreIdentifier defaultStore) { // save the default store (used when creating new bindings). m_defaultStore = defaultStore; if (m_defaultStore == null) { m_defaultStore = new CertificateStoreIdentifier(); m_defaultStore.StoreType = Utils.DefaultStoreType; m_defaultStore.StorePath = Utils.DefaultStorePath; } // populate the grid. foreach (SslCertificateBinding binding in HttpAccessRule.GetSslCertificateBindings()) { AddRow(binding); } m_dataset.AcceptChanges(); BindingsDV.DataSource = m_dataset.Tables[0].DefaultView; if (base.ShowDialog() == DialogResult.Cancel) { return false; } return true; }
private void CopyMI_Click(object sender, EventArgs e) { try { TreeNode node = NodesTV.SelectedNode; // check if valid store selected. ContainerInfo info = node.Tag as ContainerInfo; if (info == null) { return; } if (info.Type != ContainerInfoType.Store || node.Parent == null) { return; } CertificateStoreIdentifier store = info.GetCertificateStore(); StringBuilder builder = new StringBuilder(); XmlWriter writer = XmlWriter.Create(builder); try { DataContractSerializer serializer = new DataContractSerializer(typeof(CertificateStoreIdentifier)); serializer.WriteObject(writer, store); } finally { writer.Close(); } ClipboardHack.SetData(DataFormats.Text, builder.ToString()); } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
/// <summary> /// Displays the dialog. /// </summary> public CertificateIdentifier ShowDialog( CertificateStoreIdentifier targetStore, string issuerKeyFilePath, string issuerCertificatePassword) { CertificateStoreCTRL.StoreType = null; CertificateStoreCTRL.StorePath = null; IssuerKeyFilePathTB.Text = issuerKeyFilePath; IssuerPasswordTB.Text = issuerCertificatePassword; SubjectNameCK.Checked = false; DomainNameTB.Text = System.Net.Dns.GetHostName(); KeySizeCB.SelectedIndex = 0; LifeTimeInMonthsUD.Value = 60; if (targetStore != null) { CertificateStoreCTRL.StoreType = targetStore.StoreType; CertificateStoreCTRL.StorePath = targetStore.StorePath; } if (ShowDialog() != DialogResult.OK) { return null; } return m_certificate; }
/// <summary> /// Updates the certificate authority certificate and CRL in the trusted list. /// </summary> private async Task UpdateAuthorityCertInTrustedList() { string trustedListStorePath = Configuration.TrustedListPath; if (!String.IsNullOrEmpty(Configuration.TrustedListPath)) { using (ICertificateStore store = CertificateStoreIdentifier.OpenStore(trustedListStorePath)) { X509Certificate2Collection certs = await store.FindByThumbprint(Certificate.Thumbprint); if (certs.Count == 0) { await store.Add(Certificate); } // delete existing CRL in trusted list foreach (var crl in store.EnumerateCRLs(Certificate, false)) { if (crl.VerifySignature(Certificate, false)) { store.DeleteCRL(crl); } } // copy latest CRL to trusted list using (ICertificateStore storeAuthority = CertificateStoreIdentifier.OpenStore(m_authoritiesStorePath)) { foreach (var crl in storeAuthority.EnumerateCRLs(Certificate, true)) { store.AddCRL(crl); } } } } }
private void TrustListBTN_Click(object sender, EventArgs e) { try { // determine default store. CertificateStoreIdentifier store = new CertificateStoreIdentifier(); if (m_trustList != null) { store.StoreType = m_trustList.StoreType; store.StorePath = m_trustList.StorePath; } else { store.StoreType = Utils.DefaultStoreType; store.StorePath = Utils.DefaultStorePath; } // select store. CertificateStoreIdentifier trustList = new CertificateStoreDlg().ShowDialog(store); if (trustList != null) { m_trustList = trustList; TrustListTB.Text = m_trustList.ToString(); } } catch (Exception exception) { GuiUtils.HandleException(this.Text, System.Reflection.MethodBase.GetCurrentMethod(), exception); } }
/// <summary> /// Displays the dialog. /// </summary> public CertificateIdentifier ShowDialog(CertificateStoreIdentifier store, string issuerKeyFilePath, X509Certificate2 certificate) { CertificateStoreCTRL.StoreType = null; CertificateStoreCTRL.StorePath = null; IssuerKeyFilePathTB.Text = null; IssuerPasswordTB.Text = null; ApplicationNameTB.Text = null; ApplicationUriTB.Text = null; SubjectNameTB.Text = null; DomainsTB.Text = System.Net.Dns.GetHostName(); KeySizeCB.SelectedIndex = 0; LifeTimeInMonthsUD.Value = 60; if (store != null) { CertificateStoreCTRL.StoreType = store.StoreType; CertificateStoreCTRL.StorePath = store.StorePath; } if (issuerKeyFilePath != null) { IssuerKeyFilePathTB.Text = issuerKeyFilePath; } UpdateWithCertificate(certificate); if (ShowDialog() != DialogResult.OK) { return(null); } return(m_certificate); }
private ICertificateStore CreateStore(string storePath) { ICertificateStore store = CertificateStoreIdentifier.CreateStore(CertificateStoreIdentifier.DetermineStoreType(storePath)); store.Open(storePath); return(store); }
/// <summary> /// Displays the applications in the control. /// </summary> internal void Initialize(CertificateStoreIdentifier id, IList <string> thumbprints) { ItemsLV.Items.Clear(); m_storeId = id; m_thumbprints = thumbprints; if (m_storeId == null || String.IsNullOrEmpty(m_storeId.StoreType) || String.IsNullOrEmpty(m_storeId.StorePath)) { Instructions = "No certificates are in the store."; AdjustColumns(); return; } try { // get the store. using (ICertificateStore store = m_storeId.OpenStore()) { // only show certificates with the specified thumbprint. if (thumbprints != null) { Instructions = "None of the selected certificates can be found in the store."; foreach (string thumbprint in thumbprints) { X509Certificate2 certificate = store.FindByThumbprint(thumbprint); if (certificate != null) { AddItem(certificate); } } } // show all certificates. else { Instructions = "No certificates are in the store."; foreach (X509Certificate2 certificate in store.Enumerate()) { AddItem(certificate); } } } } catch (Exception e) { Instructions = "An error occurred opening the store: " + e.Message; } // save the unfiltered list. m_items = new List <ListViewItem>(ItemsLV.Items.Count); foreach (ListViewItem item in ItemsLV.Items) { m_items.Add(item); } AdjustColumns(); }
protected CertificateGroup( string authoritiesStorePath, CertificateGroupConfiguration certificateGroupConfiguration ) { m_authoritiesStorePath = authoritiesStorePath; m_authoritiesStoreType = CertificateStoreIdentifier.DetermineStoreType(m_authoritiesStorePath); Configuration = certificateGroupConfiguration; }
private ServiceResult AddCertificate( ISystemContext context, MethodState method, NodeId objectId, byte[] certificate, bool isTrustedCertificate) { HasSecureWriteAccess(context); lock (m_lock) { if (m_sessionId != null) { return StatusCodes.BadInvalidState; } if (certificate == null) { return StatusCodes.BadInvalidArgument; } X509Certificate2 cert = null; X509CRL crl = null; try { cert = new X509Certificate2(certificate); } catch { try { crl = new X509CRL(certificate); } catch { return StatusCodes.BadCertificateInvalid; } } using (ICertificateStore store = CertificateStoreIdentifier.OpenStore(isTrustedCertificate ? m_trustedStorePath : m_issuerStorePath)) { if (cert != null) { store.Add(cert).Wait(); } if (crl != null) { store.AddCRL(crl); } } m_node.LastUpdateTime.Value = DateTime.UtcNow; } return ServiceResult.Good; }
/// <summary> /// Handles a drop event. /// </summary> protected override void NodesTV_DragDrop(object sender, DragEventArgs e) { try { TreeNode node = NodesTV.GetNodeAt(PointToClient(new Point(e.X, e.Y))); if (node == null) { return; } ContainerInfo info = node.Tag as ContainerInfo; if (info == null) { return; } if (info.Type == ContainerInfoType.Store) { CertificateStoreIdentifier id = info.GetCertificateStore(); if (id == null) { return; } object[] certificates = e.Data.GetData(typeof(object[])) as object[]; if (certificates == null) { return; } using (ICertificateStore store = id.OpenStore()) { for (int ii = 0; ii < certificates.Length; ii++) { X509Certificate2 certificate = certificates[ii] as X509Certificate2; if (certificate != null) { store.Add(certificate); } } } NodesTV.SelectedNode = node; return; } } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
// Create an empty CRL static void CreateCACRL(string storePath, X509Certificate2 caCert) { Console.WriteLine("Creating an empty certificate revocation list (CRL) for the CA"); using (ICertificateStore store = CertificateStoreIdentifier.OpenStore(storePath)) { List <X509CRL> caCRL = store.EnumerateCRLs(caCert, false); X509CRL updatedCRL = CertificateFactory.RevokeCertificate(caCert, caCRL, null); store.AddCRL(updatedCRL); } }
protected CertificateGroup( string authoritiesStorePath, CertificateGroupConfiguration certificateGroupConfiguration ) { m_authoritiesStorePath = authoritiesStorePath; m_authoritiesStoreType = CertificateStoreIdentifier.DetermineStoreType(m_authoritiesStorePath); Configuration = certificateGroupConfiguration; m_subjectName = Configuration.SubjectName.Replace("localhost", Utils.GetHostName()); }
public async Task <X509CertificateCollection> KeyVaultSigningRequestAsync() { Skip.If(!_fixture.KeyVaultInitOk); X509CertificateCollection certCollection = new X509CertificateCollection(); string[] groups = await _keyVault.GetCertificateGroupIds(); foreach (string group in groups) { var certificateGroupConfiguration = await _keyVault.GetCertificateGroupConfiguration(group); ApplicationTestData randomApp = _fixture.RandomGenerator.RandomApplicationTestData(); X509Certificate2 csrCertificate = CertificateFactory.CreateCertificate( null, null, null, randomApp.ApplicationRecord.ApplicationUri, null, randomApp.Subject, randomApp.DomainNames.ToArray(), certificateGroupConfiguration.DefaultCertificateKeySize, DateTime.UtcNow.AddDays(-10), certificateGroupConfiguration.DefaultCertificateLifetime, certificateGroupConfiguration.DefaultCertificateHashSize ); byte[] certificateRequest = CertificateFactory.CreateSigningRequest(csrCertificate, randomApp.DomainNames); X509Certificate2 newCert = await _keyVault.SigningRequestAsync( group, randomApp.ApplicationRecord.ApplicationUri, certificateRequest); // get issuer cert used for signing X509Certificate2Collection issuerCerts = await _keyVault.GetIssuerCACertificateChainAsync(group); #if WRITECERT // save cert for debugging using (ICertificateStore store = CertificateStoreIdentifier.CreateStore(CertificateStoreType.Directory)) { Assert.NotNull(store); store.Open("d:\\unittest"); await store.Add(newCert); foreach (var cert in issuerCerts) { await store.Add(cert); } } #endif Assert.NotNull(issuerCerts); Assert.True(issuerCerts.Count >= 1); X509TestUtils.VerifySignedApplicationCert(randomApp, newCert, issuerCerts); certCollection.Add(newCert); } return(certCollection); }
/// <summary> /// Displays the dialog. /// </summary> public CertificateStoreIdentifier ShowDialog(CertificateStoreIdentifier store) { ContainersCTRL.Initialize(); if (ShowDialog() != DialogResult.OK) { return null; } return ContainersCTRL.SelectedStore; }
private async void DeleteExistingFromStore(string storePath) { if (String.IsNullOrEmpty(storePath)) { return; } using (ICertificateStore store = CertificateStoreIdentifier.OpenStore(storePath)) { X509Certificate2Collection certificates = await store.Enumerate(); foreach (var certificate in certificates) { if (store.GetPrivateKeyFilePath(certificate.Thumbprint) != null) { continue; } List <string> fields = Utils.ParseDistinguishedName(certificate.Subject); if (fields.Contains("CN=UA Local Discovery Server")) { continue; } DirectoryCertificateStore ds = store as DirectoryCertificateStore; if (ds != null) { string path = Utils.GetAbsoluteFilePath(m_application.CertificatePublicKeyPath, true, false, false); if (path != null) { if (String.Compare(path, ds.GetPublicKeyFilePath(certificate.Thumbprint), StringComparison.OrdinalIgnoreCase) == 0) { continue; } } path = Utils.GetAbsoluteFilePath(m_application.CertificatePrivateKeyPath, true, false, false); if (path != null) { if (String.Compare(path, ds.GetPrivateKeyFilePath(certificate.Thumbprint), StringComparison.OrdinalIgnoreCase) == 0) { continue; } } } await store.Delete(certificate.Thumbprint); } } }
private void ViewBTN_Click(object sender, EventArgs e) { try { CertificateStoreIdentifier store = new CertificateStoreIdentifier(); store.StoreType = CertificateStoreCTRL.StoreType; store.StorePath = CertificateStoreCTRL.StorePath; new CertificateListDlg().ShowDialog(store, false); } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
/// <summary> /// Displays the dialog. /// </summary> public CertificateStoreIdentifier ShowDialog(CertificateStoreIdentifier store) { ContainersCTRL.Initialize(); if (ShowDialog() != DialogResult.OK) { return(null); } return(ContainersCTRL.SelectedStore); }
private ServiceResult AddCertificate( ISystemContext context, MethodState method, NodeId objectId, byte[] certificate, bool isTrustedCertificate) { HasSecureWriteAccess(context); ServiceResult result = StatusCodes.Good; lock (m_lock) { if (m_sessionId != null) { result = StatusCodes.BadInvalidState; } else if (certificate == null) { result = StatusCodes.BadInvalidArgument; } else { X509Certificate2 cert = null; try { cert = new X509Certificate2(certificate); } catch { // note: a previous version of the sample code accepted also CRL, // but the behaviour was not as specified and removed // https://mantis.opcfoundation.org/view.php?id=6342 result = StatusCodes.BadCertificateInvalid; } using (ICertificateStore store = CertificateStoreIdentifier.OpenStore(isTrustedCertificate ? m_trustedStorePath : m_issuerStorePath)) { if (cert != null) { store.Add(cert).GetAwaiter().GetResult(); } } m_node.LastUpdateTime.Value = DateTime.UtcNow; } } // report the TrustListUpdatedAuditEvent object[] inputParameters = new object[] { certificate, isTrustedCertificate }; m_node.ReportTrustListUpdatedAuditEvent(context, objectId, "Method/AddCertificate", method.NodeId, inputParameters, result.StatusCode); return(result); }
/// <summary> /// Default constructor /// </summary> public MqttTlsOptions() { m_certificates = null; m_SslProtocolVersion = SslProtocols.None; m_allowUntrustedCertificates = false; m_ignoreCertificateChainErrors = false; m_ignoreRevocationListErrors = false; m_trustedIssuerCertificates = null; m_trustedPeerCertificates = null; m_rejectedCertificateStore = null; }
/// <summary> /// Constructor /// </summary> /// <param name="kvpMqttOptions">The key value pairs representing the values from which to construct MqttTlsOptions</param> public MqttTlsOptions(KeyValuePairCollection kvpMqttOptions) { m_certificates = new MqttTlsCertificates(kvpMqttOptions); QualifiedName qSslProtocolVersion = EnumMqttClientConfigurationParameters.TlsProtocolVersion.ToString(); m_SslProtocolVersion = (SslProtocols)Convert.ToInt32(kvpMqttOptions.Find(kvp => kvp.Key.Name.Equals(qSslProtocolVersion.Name))?.Value.Value); QualifiedName qAllowUntrustedCertificates = EnumMqttClientConfigurationParameters.TlsAllowUntrustedCertificates.ToString(); m_allowUntrustedCertificates = Convert.ToBoolean(kvpMqttOptions.Find(kvp => kvp.Key.Name.Equals(qAllowUntrustedCertificates.Name))?.Value.Value); QualifiedName qIgnoreCertificateChainErrors = EnumMqttClientConfigurationParameters.TlsIgnoreCertificateChainErrors.ToString(); m_ignoreCertificateChainErrors = Convert.ToBoolean(kvpMqttOptions.Find(kvp => kvp.Key.Name.Equals(qIgnoreCertificateChainErrors.Name))?.Value.Value); QualifiedName qIgnoreRevocationListErrors = EnumMqttClientConfigurationParameters.TlsIgnoreRevocationListErrors.ToString(); m_ignoreRevocationListErrors = Convert.ToBoolean(kvpMqttOptions.Find(kvp => kvp.Key.Name.Equals(qIgnoreRevocationListErrors.Name))?.Value.Value); QualifiedName qTrustedIssuerCertificatesStoreType = EnumMqttClientConfigurationParameters.TrustedIssuerCertificatesStoreType.ToString(); string issuerCertificatesStoreType = kvpMqttOptions.Find(kvp => kvp.Key.Name.Equals(qTrustedIssuerCertificatesStoreType.Name))?.Value.Value as string; QualifiedName qTrustedIssuerCertificatesStorePath = EnumMqttClientConfigurationParameters.TrustedIssuerCertificatesStorePath.ToString(); string issuerCertificatesStorePath = kvpMqttOptions.Find(kvp => kvp.Key.Name.Equals(qTrustedIssuerCertificatesStorePath.Name))?.Value.Value as string; m_trustedIssuerCertificates = new CertificateTrustList { StoreType = issuerCertificatesStoreType, StorePath = issuerCertificatesStorePath }; QualifiedName qTrustedPeerCertificatesStoreType = EnumMqttClientConfigurationParameters.TrustedPeerCertificatesStoreType.ToString(); string peerCertificatesStoreType = kvpMqttOptions.Find(kvp => kvp.Key.Name.Equals(qTrustedPeerCertificatesStoreType.Name))?.Value.Value as string; QualifiedName qTrustedPeerCertificatesStorePath = EnumMqttClientConfigurationParameters.TrustedPeerCertificatesStorePath.ToString(); string peerCertificatesStorePath = kvpMqttOptions.Find(kvp => kvp.Key.Name.Equals(qTrustedPeerCertificatesStorePath.Name))?.Value.Value as string; m_trustedPeerCertificates = new CertificateTrustList { StoreType = peerCertificatesStoreType, StorePath = peerCertificatesStorePath }; QualifiedName qRejectedCertificateStoreStoreType = EnumMqttClientConfigurationParameters.RejectedCertificateStoreStoreType.ToString(); string rejectedCertificateStoreStoreType = kvpMqttOptions.Find(kvp => kvp.Key.Name.Equals(qRejectedCertificateStoreStoreType.Name))?.Value.Value as string; QualifiedName qRejectedCertificateStoreStorePath = EnumMqttClientConfigurationParameters.RejectedCertificateStoreStorePath.ToString(); string rejectedCertificateStoreStorePath = kvpMqttOptions.Find(kvp => kvp.Key.Name.Equals(qRejectedCertificateStoreStorePath.Name))?.Value.Value as string; m_rejectedCertificateStore = new CertificateTrustList { StoreType = rejectedCertificateStoreStoreType, StorePath = rejectedCertificateStoreStorePath }; m_keyValuePairs = kvpMqttOptions; }
public virtual async Task Init() { Utils.Trace(Utils.TraceMasks.Information, "InitializeCertificateGroup: {0}", m_subjectName); using (ICertificateStore store = CertificateStoreIdentifier.OpenStore(m_authoritiesStorePath)) { X509Certificate2Collection certificates = await store.Enumerate(); foreach (var certificate in certificates) { if (Utils.CompareDistinguishedName(certificate.Subject, m_subjectName)) { using (RSA rsa = certificate.GetRSAPublicKey()) { if (rsa.KeySize != Configuration.CACertificateKeySize) { continue; } // TODO check hash size } if (Certificate != null) { // always use latest issued cert in store if (certificate.NotBefore > DateTime.UtcNow || Certificate.NotBefore > certificate.NotBefore) { continue; } } Certificate = certificate; } } } if (Certificate == null) { Utils.Trace(Utils.TraceMasks.Security, "Create new CA Certificate: {0}, KeySize: {1}, HashSize: {2}, LifeTime: {3} months", m_subjectName, Configuration.CACertificateKeySize, Configuration.CACertificateHashSize, Configuration.CACertificateLifetime ); X509Certificate2 newCertificate = await CreateCACertificateAsync(m_subjectName); Certificate = new X509Certificate2(newCertificate.RawData); } }
private void StorePathCB_SelectedIndexChanged(object sender, EventArgs e) { try { CertificateStoreIdentifier store = new CertificateStoreIdentifier(); store.StoreType = StoreTypeCB.SelectedItem as string; store.StorePath = StorePathCB.Text; if (StorePathCB.SelectedIndex != -1) { store.StorePath = StorePathCB.SelectedItem as string; } } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
private void CertificateStoreCTRL_StoreChanged(object sender, EventArgs e) { try { CertificateStoreIdentifier store = new CertificateStoreIdentifier(); store.StoreType = CertificateStoreCTRL.StoreType; store.StorePath = CertificateStoreCTRL.StorePath; CertificatesCTRL.Initialize(store, null); FilterBTN_Click(sender, e); } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
private ServiceResult AddCertificate( ISystemContext context, MethodState method, NodeId objectId, byte[] certificate, bool isTrustedCertificate) { HasSecureWriteAccess(context); lock (m_lock) { if (m_sessionId != null) { return(StatusCodes.BadInvalidState); } if (certificate == null) { return(StatusCodes.BadInvalidArgument); } X509Certificate2 cert = null; try { cert = new X509Certificate2(certificate); } catch { // note: a previous version of the sample code accepted also CRL, // but the behaviour was not as specified and removed // https://mantis.opcfoundation.org/view.php?id=6342 return(StatusCodes.BadCertificateInvalid); } using (ICertificateStore store = CertificateStoreIdentifier.OpenStore(isTrustedCertificate ? m_trustedStorePath : m_issuerStorePath)) { if (cert != null) { store.Add(cert).Wait(); } } m_node.LastUpdateTime.Value = DateTime.UtcNow; } return(ServiceResult.Good); }
public async Task CertifcateStoreTypeConfigTest() { var fileInfo = new FileInfo(Path.Combine(TestContext.CurrentContext.TestDirectory, "Security", "Certificates", "CertificateStoreTypeTestConfig.xml")); var appConfig = await ApplicationConfiguration.Load(fileInfo, ApplicationType.Client, null).ConfigureAwait(false); int instancesCreatedWhileLoadingConfig = TestCertStore.InstancesCreated; Assert.IsTrue(instancesCreatedWhileLoadingConfig > 0); var trustedIssuers = appConfig.SecurityConfiguration.TrustedIssuerCertificates; ICertificateStore trustedIssuersStore = trustedIssuers.OpenStore(); trustedIssuersStore.Close(); int instancesCreatedWhileOpeningAuthRootStore = TestCertStore.InstancesCreated; Assert.IsTrue(instancesCreatedWhileLoadingConfig < instancesCreatedWhileOpeningAuthRootStore); CertificateStoreIdentifier.OpenStore(TestCertStore.StoreTypePrefix + @"CurrentUser\Disallowed"); Assert.IsTrue(instancesCreatedWhileOpeningAuthRootStore < TestCertStore.InstancesCreated); }
private void PasteMI_Click(object sender, EventArgs e) { try { string xml = (string)ClipboardHack.GetData(DataFormats.Text); if (String.IsNullOrEmpty(xml)) { return; } // check if in the favorites list. ContainerInfo info = NodesTV.SelectedNode.Tag as ContainerInfo; // check if pasting into a store. if (info.Type == ContainerInfoType.Store) { CertificateIdentifier id = null; using (XmlTextReader reader = new XmlTextReader(new StringReader(xml))) { DataContractSerializer serializer = new DataContractSerializer(typeof(CertificateIdentifier)); id = (CertificateIdentifier)serializer.ReadObject(reader, false); } if (id.Certificate != null) { CertificateStoreIdentifier storeId = info.GetCertificateStore(); using (ICertificateStore store = storeId.OpenStore()) { store.Add(id.Certificate); } } SelectNode(); return; } } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
/// <summary> /// Returns a store for the container. /// </summary> public CertificateStoreIdentifier GetCertificateStore() { if (this.Store != null) { return(this.Store); } if (this.CertificateStore != null) { CertificateStoreIdentifier store = new CertificateStoreIdentifier(); store.StoreType = CertificateStoreType.Windows; store.StorePath = this.CertificateStore.Format(); return(store); } return(null); }
/// <summary> /// Adds an application certificate to a store. /// </summary> private static void AddApplicationCertificateToStore( CertificateStoreIdentifier csid, X509Certificate2 certificate, string oldThumbprint) { ICertificateStore store = csid.OpenStore(); try { // delete the old certificate. if (oldThumbprint != null) { store.Delete(oldThumbprint); } // delete certificates with the same application uri. if (store.FindByThumbprint(certificate.Thumbprint) != null) { return; } string applicationUri = Utils.GetApplicationUriFromCertficate(certificate); // delete any existing certificates. foreach (X509Certificate2 target in store.Enumerate()) { if (!Utils.CompareDistinguishedName(target.Subject, certificate.Subject)) { continue; } if (Utils.GetApplicationUriFromCertficate(target) == applicationUri) { store.Delete(target.Thumbprint); } } // add new certificate. store.Add(new X509Certificate2(certificate.RawData)); } finally { store.Close(); } }
private void BrowseBTN_Click(object sender, EventArgs e) { CertificateStoreIdentifier store = new CertificateStoreIdentifier(); store.StoreType = CertificateStoreIdentifier.DetermineStoreType(CertificateStoreControl.Text); store.StorePath = CertificateStoreControl.Text; store = new CertificateStoreDlg().ShowDialog(store); if (store == null) { return; } CertificateStoreControl.Text = store.StorePath; if (m_CertificateStoreSelected != null) { m_CertificateStoreSelected(this, new EventArgs()); } }
/// <summary> /// Displays the dialog. /// </summary> public CertificateStoreIdentifier ShowDialog(CertificateStoreIdentifier store) { CertificateStoreCTRL.StoreType = CertificateStoreType.Directory; CertificateStoreCTRL.StorePath = null; if (store != null) { CertificateStoreCTRL.StoreType = store.StoreType; CertificateStoreCTRL.StorePath = store.StorePath; } if (ShowDialog() != DialogResult.OK) { return null; } store = new CertificateStoreIdentifier(); store.StoreType = CertificateStoreCTRL.StoreType; store.StorePath = CertificateStoreCTRL.StorePath; return store; }
/// <summary> /// Displays the dialog. /// </summary> public CertificateIdentifier ShowDialog(CertificateStoreIdentifier store) { CertificateStoreCTRL.StoreType = null; CertificateStoreCTRL.StorePath = null; ApplicationNameTB.Text = null; SubjectNameTB.Text = null; KeySizeCB.SelectedIndex = 0; LifeTimeInMonthsUD.Value = 60; if (store != null) { CertificateStoreCTRL.StoreType = store.StoreType; CertificateStoreCTRL.StorePath = store.StorePath; } if (ShowDialog() != DialogResult.OK) { return null; } return m_certificate; }
private void ExportPrivateKeyBTN_Click(object sender, EventArgs e) { try { const string caption = "Select Certificate to Export"; CertificateStoreIdentifier store = new CertificateStoreIdentifier(); store.StoreType = ManagedStoreCTRL.StoreType; store.StorePath = ManagedStoreCTRL.StorePath; CertificateIdentifier id = new CertificateListDlg().ShowDialog(store, true); if (id == null) { return; } X509Certificate2 certificate = id.Find(false); if (certificate == null) { MessageBox.Show( this, "Certificate does not exist or its private key cannot be accessed.", caption, MessageBoxButtons.OK, MessageBoxIcon.Information); return; } string displayName = null; foreach (string element in Utils.ParseDistinguishedName(certificate.Subject)) { if (element.StartsWith("CN=")) { displayName = element.Substring(3); break; } } StringBuilder filePath = new StringBuilder(); if (!String.IsNullOrEmpty(displayName)) { filePath.Append(displayName); filePath.Append(" "); } filePath.Append("["); filePath.Append(certificate.Thumbprint); filePath.Append("].pfx"); SaveFileDialog dialog = new SaveFileDialog(); dialog.CheckFileExists = false; dialog.CheckPathExists = true; dialog.DefaultExt = ".pfx"; dialog.Filter = "PKCS#12 Files (*.pfx)|*.pfx|All Files (*.*)|*.*"; dialog.ValidateNames = true; dialog.Title = "Save Private File"; dialog.FileName = filePath.ToString(); dialog.InitialDirectory = m_currentDirectory; if (dialog.ShowDialog() != DialogResult.OK) { return; } string password = new PasswordDlg().ShowDialog(null, "Password recommended"); FileInfo fileInfo = new FileInfo(dialog.FileName); m_currentDirectory = fileInfo.DirectoryName; // save the file. using (Stream ostrm = fileInfo.Open(FileMode.Create, FileAccess.ReadWrite, FileShare.None)) { byte[] data = certificate.Export(X509ContentType.Pkcs12, password); ostrm.Write(data, 0, data.Length); } // save the public key. string fileRoot = fileInfo.FullName.Substring(0, fileInfo.FullName.Length - fileInfo.Extension.Length); fileRoot += ".der"; using (Stream ostrm = File.Open(fileRoot, FileMode.Create, FileAccess.ReadWrite, FileShare.None)) { byte[] data = certificate.RawData; ostrm.Write(data, 0, data.Length); } // check if original certificate should be deleted. if (new YesNoDlg().ShowDialog("Delete original certificate?", caption) == DialogResult.Yes) { ICertificateStore physicalStore = id.OpenStore(); try { physicalStore.Delete(certificate.Thumbprint); } finally { physicalStore.Close(); } } } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
/// <summary> /// Gets the default store. /// </summary> private CertificateStoreIdentifier GetDefaultStore(ManagedApplication application, bool useApplicationCertificate) { CertificateStoreIdentifier store = m_currentStore; if (m_currentStore != null) { return m_currentStore; } store = new CertificateStoreIdentifier(); if (application != null) { if (useApplicationCertificate && application.Certificate != null && !String.IsNullOrEmpty(application.Certificate.StorePath)) { store.StoreType = application.Certificate.StoreType; store.StorePath = application.Certificate.StorePath; return store; } if (application.TrustList != null && !String.IsNullOrEmpty(application.TrustList.StorePath)) { store.StoreType = application.TrustList.StoreType; store.StorePath = application.TrustList.StorePath; return store; } } store.StoreType = Utils.DefaultStoreType; store.StorePath = Utils.DefaultStorePath; return store; }
public ContainerInfo(ContainerInfoType type, CertificateStoreIdentifier store) { Type = type; DisplayName = store.ToString(); Store = store; }
private void ImportCertificateListToStoreBTN_Click(object sender, EventArgs e) { try { const string caption = "Import Certificate List"; CertificateStoreIdentifier list1 = new CertificateStoreIdentifier(); list1.StoreType = ManagedStoreCTRL.StoreType; list1.StorePath = ManagedStoreCTRL.StorePath; if (m_currentStore == null) { m_currentStore = new CertificateStoreIdentifier(); m_currentStore.StoreType = Utils.DefaultStoreType; m_currentStore.StorePath = Utils.DefaultStorePath; } CertificateStoreIdentifier list2 = new CertificateStoreDlg().ShowDialog(m_currentStore); if (list2 == null) { return; } m_currentStore = list2; int count = 0; ICertificateStore store1 = list1.OpenStore(); ICertificateStore store2 = list2.OpenStore(); try { foreach (X509Certificate2 certificate in store2.Enumerate()) { if (store1.FindByThumbprint(certificate.Thumbprint) == null) { store1.Add(certificate); count++; } } } finally { store1.Close(); store2.Close(); } MessageBox.Show( this, count.ToString() + " certificates added.", caption, MessageBoxButtons.OK, MessageBoxIcon.Information); } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
private void CertificateBTN_Click(object sender, EventArgs e) { try { CertificateStoreIdentifier store = new CertificateStoreIdentifier(); store.StoreType = m_certificate.StoreType; store.StorePath = m_certificate.StorePath; CertificateIdentifier certificate = new CertificateListDlg().ShowDialog(store, true); if (certificate != null) { m_certificate = certificate; CertificateTB.Text = m_certificate.Thumbprint; } } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
/// <summary> /// Returns a store for the container. /// </summary> public CertificateStoreIdentifier GetCertificateStore() { if (this.Store != null) { return this.Store; } if (this.CertificateStore != null) { CertificateStoreIdentifier store = new CertificateStoreIdentifier(); store.StoreType = CertificateStoreType.Windows; store.StorePath = this.CertificateStore.Format(); return store; } return null; }
private void ImportAndIssueCertificateBTN_Click(object sender, EventArgs e) { try { const string caption = "Select Certificate to Import"; // set current directory. if (m_currentDirectory == null) { m_currentDirectory = Utils.GetAbsoluteDirectoryPath("%LocalApplicationData%", false, false, false); } // open file dialog. OpenFileDialog dialog = new OpenFileDialog(); dialog.CheckFileExists = true; dialog.CheckPathExists = true; dialog.DefaultExt = ".pfx"; dialog.Filter = "Certificate Files (*.der)|*.der|All Files (*.*)|*.*"; dialog.Multiselect = false; dialog.ValidateNames = true; dialog.Title = "Open Certificate File"; dialog.FileName = null; dialog.InitialDirectory = m_currentDirectory; dialog.RestoreDirectory = true; if (dialog.ShowDialog() != DialogResult.OK) { return; } FileInfo fileInfo = new FileInfo(dialog.FileName); m_currentDirectory = fileInfo.Directory.FullName; X509Certificate2 certificate = new X509Certificate2(fileInfo.FullName); if (certificate == null) { return; } CertificateStoreIdentifier store = new CertificateStoreIdentifier(); store.StoreType = ManagedStoreCTRL.StoreType; store.StorePath = ManagedStoreCTRL.StorePath; CertificateIdentifier id = new CreateCertificateDlg().ShowDialog(store, IssuerKeyFilePathTB.Text, certificate); if (id == null) { return; } certificate = id.Find(true); MessageBox.Show( this, certificate.Subject + " issued.", caption, MessageBoxButtons.OK, MessageBoxIcon.Information); } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
private void UpdateApplicationCertificate(Opc.Ua.Security.SecuredApplication application, CertificateStoreIdentifier store, X509Certificate2 certificate) { if (!certificate.HasPrivateKey) { MessageBox.Show("Cannot use a certificate without an accessible private key.", "Import Certificate", MessageBoxButtons.OK, MessageBoxIcon.Error); return; } // check if the old certificate should be deleted. Opc.Ua.Security.CertificateIdentifier oldId = application.ApplicationCertificate; if (oldId != null) { X509Certificate2 oldCertificate = oldId.Find(); if (oldCertificate != null && oldCertificate.Thumbprint != certificate.Thumbprint) { if (new YesNoDlg().ShowDialog("Would you like to delete the old certificate?", "Delete Certificate") == DialogResult.Yes) { DeleteApplicationCertificate(application, oldCertificate); } } } // set the application name. List<string> subjectName = Utils.ParseDistinguishedName(certificate.Subject); foreach (string subjectField in subjectName) { if (subjectField.StartsWith("CN=")) { application.ApplicationName = subjectField.Substring(3); break; } } // set the application uri. string applicationUri = Utils.GetApplicationUriFromCertficate(certificate); if (applicationUri != null) { application.ApplicationUri = applicationUri; } // update the certificate. application.ApplicationCertificate = new Opc.Ua.Security.CertificateIdentifier(); application.ApplicationCertificate.StorePath = store.StorePath; application.ApplicationCertificate.StoreType = store.StoreType; application.ApplicationCertificate.SubjectName = certificate.Subject; application.ApplicationCertificate.Thumbprint = certificate.Thumbprint; // save the configuration. new Opc.Ua.Security.SecurityConfigurationManager().WriteConfiguration(application.ConfigurationFile, application); }
private void IssueSslCertificateBTN_Click(object sender, EventArgs e) { try { CertificateStoreIdentifier store = new CertificateStoreIdentifier(); store.StoreType = ManagedStoreCTRL.StoreType; store.StorePath = ManagedStoreCTRL.StorePath; CertificateIdentifier id = new CreateSslCertificateDlg().ShowDialog(store, IssuerKeyFilePathTB.Text, null); if (id == null) { return; } } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
private void BindSslCertificateBTN_Click(object sender, EventArgs e) { try { CertificateStoreIdentifier store = new CertificateStoreIdentifier(); store.StoreType = ManagedStoreCTRL.StoreType; store.StorePath = ManagedStoreCTRL.StorePath; new ManageSslBindingsDlg().ShowDialog(store); } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
private void OkBTN_Click(object sender, EventArgs e) { try { string storeType = null; string storePath = null; string domainName = null; string organization = null; string subjectName = SubjectNameTB.Text.Trim(); string issuerKeyFilePath = IssuerKeyFilePathTB.Text.Trim(); string issuerKeyFilePassword = IssuerPasswordTB.Text.Trim(); if (String.IsNullOrEmpty(issuerKeyFilePath)) { throw new ApplicationException("Must provide an issuer certificate."); } // verify certificate. X509Certificate2 issuer = new X509Certificate2( issuerKeyFilePath, issuerKeyFilePassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet); if (!issuer.HasPrivateKey) { throw new ApplicationException("Issuer certificate does not have a private key."); } // determine certificate type. foreach (X509Extension extension in issuer.Extensions) { X509BasicConstraintsExtension basicContraints = extension as X509BasicConstraintsExtension; if (basicContraints != null) { if (!basicContraints.CertificateAuthority) { throw new ApplicationException("Certificate cannot be used to issue new certificates."); } } } // check traget store. if (!String.IsNullOrEmpty(CertificateStoreCTRL.StorePath)) { storeType = CertificateStoreCTRL.StoreType; storePath = CertificateStoreCTRL.StorePath; } if (String.IsNullOrEmpty(storePath)) { throw new ApplicationException("Please specify a store path."); } domainName = DomainNameTB.Text; organization = OrganizationTB.Text; // extract key fields from the subject name. if (SubjectNameCK.Checked) { List<string> parts = Utils.ParseDistinguishedName(SubjectNameTB.Text); for (int ii = 0; ii < parts.Count; ii++) { if (parts[ii].StartsWith("CN=")) { domainName = parts[ii].Substring(3).Trim(); } if (parts[ii].StartsWith("O=")) { organization = parts[ii].Substring(2).Trim(); } } } if (String.IsNullOrEmpty(domainName)) { throw new ApplicationException("Please specify a domain name."); } if (!String.IsNullOrEmpty(DomainNameTB.Text) && domainName != DomainNameTB.Text) { throw new ApplicationException("The domain name must be the common name for the certificate."); } if (!String.IsNullOrEmpty(OrganizationTB.Text) && organization != OrganizationTB.Text) { throw new ApplicationException("The organization must be the organization for the certificate."); } X509Certificate2 certificate = Opc.Ua.CertificateFactory.CreateCertificate( storeType, storePath, null, null, domainName, subjectName, null, Convert.ToUInt16(KeySizeCB.SelectedItem.ToString()), DateTime.MinValue, (ushort)LifeTimeInMonthsUD.Value, 0, false, false, issuerKeyFilePath, issuerKeyFilePassword); m_certificate = new CertificateIdentifier(); m_certificate.StoreType = storeType; m_certificate.StorePath = storePath; m_certificate.Certificate = certificate; try { CertificateStoreIdentifier rootStore = new CertificateStoreIdentifier(); rootStore.StoreType = CertificateStoreType.Windows; rootStore.StorePath = "LocalMachine\\Root"; using (ICertificateStore store = rootStore.OpenStore()) { X509Certificate2 rootCertificate = new X509Certificate2(issuerKeyFilePath, issuerKeyFilePassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet); if (store.FindByThumbprint(rootCertificate.Thumbprint) == null) { if (Ask("Would you like to install the signing certificate as a trusted root authority on this machine?")) { store.Add(new X509Certificate2(rootCertificate.RawData)); } } } } catch (Exception exception) { GuiUtils.HandleException(this.Text, System.Reflection.MethodBase.GetCurrentMethod(), exception); } // close the dialog. DialogResult = DialogResult.OK; } catch (Exception exception) { GuiUtils.HandleException(this.Text, System.Reflection.MethodBase.GetCurrentMethod(), exception); } }
/// <summary> /// Creates a new self signed for a certificate. /// </summary> private void CreateApplicationCertificateBTN_Click(object sender, EventArgs e) { try { // get application. ManagedApplication application = ApplicationToManageCTRL.GetSelectedApplication();; if (application == null) { return; } // load the configuration. application.Reload(); // can't set application certificate for non-sdk apps. if (!application.IsSdkCompatible) { return; } // create the certificate. CertificateIdentifier certificate = new CreateCertificateDlg().ShowDialog(application.Application); if (certificate == null) { return; } // save the configuration. CertificateStoreIdentifier store = new CertificateStoreIdentifier(); store.StorePath = certificate.StorePath; store.StoreType = certificate.StoreType; m_currentStore = store; UpdateApplicationCertificate(application.Application, store, certificate.Certificate); } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
private void ImportCertificateToStoreBTN_Click(object sender, EventArgs e) { try { const string caption = "Import Certificate"; CertificateStoreIdentifier list1 = new CertificateStoreIdentifier(); list1.StoreType = ManagedStoreCTRL.StoreType; list1.StorePath = ManagedStoreCTRL.StorePath; // set current directory. if (m_currentDirectory == null) { m_currentDirectory = Utils.GetAbsoluteDirectoryPath("%CommonApplicationData%\\OPC Foundation\\CertificateStores\\UA Applications", false, false); } if (m_currentDirectory == null) { m_currentDirectory = new FileInfo(Application.ExecutablePath).DirectoryName; } // open file dialog. OpenFileDialog dialog = new OpenFileDialog(); dialog.CheckFileExists = true; dialog.CheckPathExists = true; dialog.DefaultExt = ".der"; dialog.Filter = "DER Files (*.der)|*.der|PKCS #12 Files (*.pfx)|*.pfx|All Files (*.*)|*.*"; dialog.Multiselect = false; dialog.ValidateNames = true; dialog.Title = caption; dialog.FileName = null; dialog.InitialDirectory = m_currentDirectory; dialog.RestoreDirectory = true; if (dialog.ShowDialog() != DialogResult.OK) { return; } FileInfo fileInfo = new FileInfo(dialog.FileName); m_currentDirectory = fileInfo.Directory.FullName; if (!fileInfo.Exists) { return; } X509Certificate2 certificate = new X509Certificate2(fileInfo.FullName, (string)null, X509KeyStorageFlags.Exportable); ValidateAndImport(list1, certificate); } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
private void OkBTN_Click(object sender, EventArgs e) { try { IPAddress address = IPAddress.Parse(IPAddressTB.Text); ushort port = (ushort)PortUD.Value; if (m_certificate == null) { throw new ArgumentException("You must specify a certificate."); } X509Certificate2 certificate = m_certificate.Find(true); if (certificate == null) { throw new ArgumentException("Certificate does not exist or has no private key."); } // setup policy chain X509ChainPolicy policy = new X509ChainPolicy(); policy.RevocationFlag = X509RevocationFlag.EntireChain; policy.RevocationMode = X509RevocationMode.Offline; policy.VerificationFlags = X509VerificationFlags.NoFlag; policy.VerificationFlags |= X509VerificationFlags.IgnoreCertificateAuthorityRevocationUnknown; policy.VerificationFlags |= X509VerificationFlags.IgnoreCtlSignerRevocationUnknown; policy.VerificationFlags |= X509VerificationFlags.IgnoreEndRevocationUnknown; policy.VerificationFlags |= X509VerificationFlags.IgnoreRootRevocationUnknown; // build chain. X509Chain chain = new X509Chain(); chain.ChainPolicy = policy; chain.Build(certificate); for (int ii = 0; ii < chain.ChainElements.Count; ii++) { X509ChainElement element = chain.ChainElements[ii]; // check for chain status errors. foreach (X509ChainStatus status in element.ChainElementStatus) { if (status.Status == X509ChainStatusFlags.UntrustedRoot) { if (!Ask("Cannot verify certificate up to a trusted root.\r\nAdd anyways?")) { return; } continue; } if (status.Status == X509ChainStatusFlags.RevocationStatusUnknown) { if (!Ask("The revocation status of this certificate cannot be verified.\r\nAdd anyways?")) { return; } continue; } // ignore informational messages. if (status.Status == X509ChainStatusFlags.OfflineRevocation) { continue; } if (status.Status != X509ChainStatusFlags.NoError) { throw new ArgumentException("[" + status.Status + "] " + status.StatusInformation); } } } // get the target store. if (m_store == null) { m_store = new CertificateStoreIdentifier(); m_store.StoreType = CertificateStoreType.Windows; m_store.StorePath = CertificateStoreTB.Text; } if (m_store.StoreType != CertificateStoreType.Windows) { throw new ArgumentException("You must choose a Windows store for SSL certificates."); } if (!m_store.StorePath.StartsWith("LocalMachine\\", StringComparison.OrdinalIgnoreCase)) { throw new ArgumentException("You must choose a machine store for SSL certificates."); } bool deleteExisting = false; using (ICertificateStore store = m_store.OpenStore()) { if (store.FindByThumbprint(certificate.Thumbprint) == null) { store.Add(certificate); deleteExisting = true; } } if (deleteExisting) { if (Ask("Would you like to delete the certificate from its current location?")) { using (ICertificateStore store = m_certificate.OpenStore()) { store.Delete(certificate.Thumbprint); } } } SslCertificateBinding binding = new SslCertificateBinding(); binding.IPAddress = address; binding.Port = port; binding.Thumbprint = certificate.Thumbprint; binding.ApplicationId = s_DefaultApplicationId; binding.StoreName = null; if (!m_store.StorePath.EndsWith("\\My")) { int index = m_store.StorePath.LastIndexOf("\\"); binding.StoreName = m_store.StorePath.Substring(index+1); } HttpAccessRule.SetSslCertificateBinding(binding); m_binding = binding; DialogResult = DialogResult.OK; } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
/// <summary> /// Displays the applications in the control. /// </summary> internal void Initialize(CertificateStoreIdentifier id, IList<string> thumbprints) { ItemsLV.Items.Clear(); m_storeId = id; m_thumbprints = thumbprints; if (m_storeId == null || String.IsNullOrEmpty(m_storeId.StoreType) || String.IsNullOrEmpty(m_storeId.StorePath)) { Instructions = "No certificates are in the store."; AdjustColumns(); return; } try { // get the store. using (ICertificateStore store = m_storeId.OpenStore()) { // only show certificates with the specified thumbprint. if (thumbprints != null) { Instructions = "None of the selected certificates can be found in the store."; foreach (string thumbprint in thumbprints) { X509Certificate2 certificate = store.FindByThumbprint(thumbprint); if (certificate != null) { AddItem(certificate); } } } // show all certificates. else { Instructions = "No certificates are in the store."; foreach (X509Certificate2 certificate in store.Enumerate()) { AddItem(certificate); } } } } catch (Exception e) { Instructions = "An error occurred opening the store: " + e.Message; } // save the unfiltered list. m_items = new List<ListViewItem>(ItemsLV.Items.Count); foreach (ListViewItem item in ItemsLV.Items) { m_items.Add(item); } AdjustColumns(); }
/// <summary> /// Assigns a certificate to the application. /// </summary> private void AssignTrustListBTN_Click(object sender, EventArgs e) { try { // get application. ManagedApplication application = ApplicationToManageCTRL.GetSelectedApplication();; if (application == null) { return; } // load the configuration. application.Reload(); // can't set application certificate for non-sdk apps. if (!application.IsSdkCompatible) { return; } CertificateStoreIdentifier store = application.TrustList; if (store == null) { store = GetDefaultStore(application, false); } // prompt for the store to open. store = new CertificateStoreDlg().ShowDialog(store); if (store == null) { return; } // update the trust list. application.Application.TrustedCertificateStore = new Opc.Ua.Security.CertificateStoreIdentifier(); application.Application.TrustedCertificateStore.StorePath = store.StorePath; application.Application.TrustedCertificateStore.StoreType = store.StoreType; application.Application.TrustedCertificates = new Opc.Ua.Security.CertificateList(); m_currentStore = store; // save the configuration. new Opc.Ua.Security.SecurityConfigurationManager().WriteConfiguration(application.Application.ConfigurationFile, application.Application); } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
private void AddCertificateToTrustListBTN_Click(object sender, EventArgs e) { try { // get application. ManagedApplication application = ApplicationToManageCTRL.GetSelectedApplication();; if (application == null) { return; } // load the configuration. application.Reload(); CertificateStoreIdentifier store = GetDefaultStore(application, false); // show the list of rejected certificates. CertificateIdentifier id = new CertificateListDlg().ShowDialog(store, true); if (id == null) { return; } store = new CertificateStoreIdentifier(); store.StoreType = id.StoreType; store.StorePath = id.StorePath; m_currentStore = store; X509Certificate2 certificate = id.Find(); ValidateAndImport(application.TrustList, certificate); } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
private void CertificateStoreCTRL_StoreChanged(object sender, EventArgs e) { try { CertificateStoreIdentifier store = new CertificateStoreIdentifier(); store.StoreType = CertificateStoreCTRL.StoreType; store.StorePath = CertificateStoreCTRL.StorePath; Task.Run( async () => await CertificatesCTRL.Initialize(store, null)).Wait(); FilterBTN_Click(sender, e); } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
private void ImportCertificateListToTrustBTN_Click(object sender, EventArgs e) { try { const string caption = "Import Certificate List"; ManagedApplication application = ManageApplicationSecurityCTRL.GetSelectedApplication(); if (application == null) { return; } if (application.TrustList == null) { MessageBox.Show(application.ToString() + " does not have a trust list defined.", caption, MessageBoxButtons.OK, MessageBoxIcon.Error); return; } if (m_currentStore == null) { m_currentStore = new CertificateStoreIdentifier(); m_currentStore.StoreType = Utils.DefaultStoreType; m_currentStore.StorePath = Utils.DefaultStorePath; } CertificateStoreIdentifier store = new CertificateStoreDlg().ShowDialog(m_currentStore); if (store == null) { return; } m_currentStore = store; int count = 0; ICertificateStore store1 = application.TrustList.OpenStore(); ICertificateStore store2 = store.OpenStore(); try { foreach (X509Certificate2 certificate in store2.Enumerate()) { if (store1.FindByThumbprint(certificate.Thumbprint) == null) { store1.Add(certificate); count++; } } } finally { store1.Close(); store2.Close(); } MessageBox.Show( this, count.ToString() + " certificates added.", caption, MessageBoxButtons.OK, MessageBoxIcon.Information); } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
/// <summary> /// Validates a certificate and adds it to the trust list. /// </summary> private void ValidateAndImport(CertificateStoreIdentifier store, X509Certificate2 certificate) { if (store == null || certificate == null) { return; } // validate the certificate using the trust lists for the certificate tool. try { CertificateValidator validator = new CertificateValidator(); validator.Update(m_configuration); validator.Validate(certificate); } catch (ServiceResultException exception) { if (!HandleValidationError(certificate, exception)) { return; } } // confirm import. StringBuilder buffer = new StringBuilder(); buffer.Append("You are adding this certificate to a trust list that may be shared with other applications."); buffer.Append("\r\n"); buffer.Append("\r\n"); buffer.Append("Would you still like to accept the certificate?\r\n"); buffer.Append("\r\n"); buffer.Append("Target Trust List = "); buffer.Append(store.ToString()); buffer.Append("\r\n"); buffer.Append("Certificate to Add = "); buffer.Append(certificate.Subject); DialogResult result = new YesNoDlg().ShowDialog(buffer.ToString(), "Import Certificate to Trust List"); if (result != DialogResult.Yes) { return; } // update store. ICertificateStore physicalStore = store.OpenStore(); if (physicalStore.FindByThumbprint(certificate.Thumbprint) == null) { physicalStore.Add(new X509Certificate2(certificate.RawData)); } }
/// <summary> /// Browses for a certificate to import. /// </summary> private void ImportApplicationCertificateBTN_Click(object sender, EventArgs e) { try { // get application. ManagedApplication application = ApplicationToManageCTRL.GetSelectedApplication();; if (application == null) { return; } // load the configuration. application.Reload(); // can't set application certificate for non-sdk apps. if (!application.IsSdkCompatible) { return; } // set current directory. if (m_currentDirectory == null) { m_currentDirectory = Utils.GetAbsoluteDirectoryPath("%CommonApplicationData%\\OPC Foundation\\CertificateStores\\MachineDefault", false, false); } if (m_currentDirectory == null) { m_currentDirectory = new FileInfo(Application.ExecutablePath).DirectoryName; } // open file dialog. OpenFileDialog dialog = new OpenFileDialog(); dialog.CheckFileExists = true; dialog.CheckPathExists = true; dialog.DefaultExt = ".pfx"; dialog.Filter = "PKCS#12 Files (*.pfx)|*.pfx|All Files (*.*)|*.*"; dialog.Multiselect = false; dialog.ValidateNames = true; dialog.Title = "Open Application Certificate File"; dialog.FileName = null; dialog.InitialDirectory = m_currentDirectory; dialog.RestoreDirectory = true; if (dialog.ShowDialog() != DialogResult.OK) { return; } FileInfo fileInfo = new FileInfo(dialog.FileName); m_currentDirectory = fileInfo.Directory.FullName; CertificateStoreIdentifier store = GetDefaultStore(application, true); // prompt for the store to import into. store = new CertificateStoreDlg().ShowDialog(store); if (store == null) { return; } m_currentStore = store; string password = String.Empty; X509Certificate2 certificate = null; do { try { // load the certificate. certificate = new X509Certificate2( fileInfo.FullName, password, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet); if (!certificate.HasPrivateKey) { MessageBox.Show("Certificate does not have a private key.", "Import Certificate", MessageBoxButtons.OK, MessageBoxIcon.Error); return; } // import certificate. ICertificateStore physicalStore = store.OpenStore(); physicalStore.Add(certificate); physicalStore.Close(); break; } catch (System.Security.Cryptography.CryptographicException exception) { // prompt for password. password = new PasswordDlg().ShowDialog(password, exception.Message); if (password == null) { return; } } } while (true); UpdateApplicationCertificate(application.Application, store, certificate); } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }
private void SelectCertificateToTrustBTN_Click(object sender, EventArgs e) { try { const string caption = "Select Certificate to Trust"; ManagedApplication application = ManageApplicationSecurityCTRL.GetSelectedApplication(); if (application == null) { return; } if (application.TrustList == null) { MessageBox.Show(application.ToString() + " does not have a trust list defined.", caption, MessageBoxButtons.OK, MessageBoxIcon.Error); return; } if (m_currentStore == null) { m_currentStore = new CertificateStoreIdentifier(); m_currentStore.StoreType = Utils.DefaultStoreType; m_currentStore.StorePath = Utils.DefaultStorePath; } CertificateIdentifier id = new CertificateListDlg().ShowDialog(m_currentStore, true); if (id == null) { return; } m_currentStore.StoreType = id.StoreType; m_currentStore.StorePath = id.StorePath; X509Certificate2 certificate = id.Find(); if (certificate == null) { return; } ICertificateStore store = application.TrustList.OpenStore(); try { if (store.FindByThumbprint(certificate.Thumbprint) == null) { store.Add(new X509Certificate2(certificate.RawData)); } } finally { store.Close(); } MessageBox.Show( this, certificate.Subject + " now trusted.", caption, MessageBoxButtons.OK, MessageBoxIcon.Information); } catch (Exception exception) { GuiUtils.HandleException(this.Text, MethodBase.GetCurrentMethod(), exception); } }