/// <summary>
/// 根据 机器名或IP地址 判断证书是否在 相应的存储区的名称、位置中 已经存在
/// </summary>
/// <param name="AStrMachineNameOrIPAddress">机器名或IP地址</param>
/// <param name="AStoreNameArea">存储区的名称</param>
/// <param name="AStoreLocationPositon">存储区的位置</param>
/// <param name="AStrHashString">当返回True时,返回该证书的HashString</param>
/// <param name="AStrReturn">Catch错误信息返回</param>
/// <returns></returns>
public static bool CertificateIsExist(string AStrMachineNameOrIPAddress, StoreName AStoreNameArea, StoreLocation AStoreLocationPositon, ref string AStrHashString, ref string AStrReturn)
{
bool LBoolReturn = false;
string LStrCNOptions = string.Empty;
try
{
AStrHashString = string.Empty;
AStrReturn = string.Empty;
LStrCNOptions = "CN=" + AStrMachineNameOrIPAddress;
X509Store LX509Store = new X509Store(AStoreNameArea, AStoreLocationPositon);
LX509Store.Open(OpenFlags.ReadOnly);
foreach (X509Certificate2 LX509CertificateSingle in LX509Store.Certificates)
{
if (LX509CertificateSingle.Subject.IndexOf(LStrCNOptions) >= 0)
{
AStrHashString = LX509CertificateSingle.GetCertHashString();
LBoolReturn = true;
break;
}
}
LX509Store.Close(); LX509Store = null;
}
catch (Exception ex)
{
LBoolReturn = false;
AStrReturn = ex.Message;
}
return(LBoolReturn);
}
/// <summary>
/// 根据 HashString 判断证书是否在 指定的存储区域、存储位置 中存在
/// </summary>
/// <param name="AStrHashString">HashString</param>
/// <param name="AStoreNameArea">存储区的名称</param>
/// <param name="AStoreLocationPositon">存储区的位置</param>
/// <param name="AStrReturn">当返回False时,返回获取时的错误信息</param>
/// <returns>True / False</returns>
private bool CertificateIsExist(string AStrHashString, StoreName AStoreNameArea, StoreLocation AStoreLocationPositon, ref string AStrReturn)
{
bool LBoolReturn = false;
try
{
AStrReturn = string.Empty;
X509Store LX509Store = new X509Store(AStoreNameArea, AStoreLocationPositon);
LX509Store.Open(OpenFlags.ReadOnly);
foreach (X509Certificate LX509CertificateSingle in LX509Store.Certificates)
{
var certHashString = LX509CertificateSingle.GetCertHashString();
if (certHashString != null && certHashString.Trim() == AStrHashString)
{
LBoolReturn = true; break;
}
}
LX509Store.Close();
}
catch (Exception ex)
{
LBoolReturn = false;
AStrReturn = "CertificateIsExist()\n" + ex;
}
return(LBoolReturn);
}
/// <summary>
/// 根据 机器名或IP地址 移除证书
/// </summary>
/// <param name="AStrMachineNameOrIPAddress">机器名或IP地址</param>
/// <param name="AStoreNameArea">存储区的名称</param>
/// <param name="AStoreLocationPositon">存储区的位置</param>
/// <param name="AStrHashString">与该Hash值相等的不移除</param>
/// <param name="AStrReturn">False:Catch错误信息返回;True:1-存在,0-不存在</param>
/// <returns></returns>
public static bool RemoveCertificates(string AStrMachineNameOrIPAddress, StoreName AStoreNameArea, StoreLocation AStoreLocationPositon, string AStrHashString, ref string AStrReturn)
{
bool LBoolReturn = true;
string LStrCNOptions = string.Empty;
try
{
AStrReturn = "0";
LStrCNOptions = "CN=" + AStrMachineNameOrIPAddress;
X509Store LX509Store = new X509Store(AStoreNameArea, AStoreLocationPositon);
LX509Store.Open(OpenFlags.MaxAllowed);
foreach (X509Certificate2 LX509CertificateSingle in LX509Store.Certificates)
{
if (LX509CertificateSingle.Subject.IndexOf(LStrCNOptions) >= 0)
{
if (LX509CertificateSingle.GetCertHashString() == AStrHashString)
{
AStrReturn = "1"; continue;
}
LX509Store.Remove(LX509CertificateSingle);
}
}
LX509Store.Close(); LX509Store = null;
}
catch (Exception ex)
{
LBoolReturn = false;
AStrReturn = ex.Message;
}
return(LBoolReturn);
}
/// <summary>
/// 根据HashString获取证书的 Hash 值,作为字节数组返回
/// </summary>
/// <param name="AStrHashString">HashString</param>
/// <param name="AStoreNameArea">存储区的名称</param>
/// <param name="AStoreLocationPositon">存储区的位置</param>
/// <param name="AStrReturn">当返回False时,返回获取时的错误信息</param>
/// <returns>Hash 值的字节数组</returns>
public static byte[] ObtainCertificateCertHash(string AStrHashString, StoreName AStoreNameArea, StoreLocation AStoreLocationPositon, ref string AStrReturn)
{
byte[] LByteReturn = null;
try
{
AStrReturn = string.Empty;
X509Store LX509Store = new X509Store(AStoreNameArea, AStoreLocationPositon);
LX509Store.Open(OpenFlags.ReadOnly);
foreach (X509Certificate LX509CertificateSingle in LX509Store.Certificates)
{
if (LX509CertificateSingle.GetCertHashString().Trim() == AStrHashString)
{
LByteReturn = LX509CertificateSingle.GetCertHash();
break;
}
}
LX509Store.Close(); LX509Store = null;
}
catch (Exception ex)
{
LByteReturn = null;
AStrReturn = "ObtainCertificateCertHash()\n" + ex.ToString();
}
return(LByteReturn);
}
/// <summary>
/// 从StoreLocation.CurrentUser的StoreName.My中导出证书
/// </summary>
/// <param name="AStrHashString">证书的HashString</param>
/// <param name="AStrExportPassword">导出证书时的密码</param>
/// <param name="AStrExportTargerFile">证书保存的路径</param>
/// <param name="AStrReturn">当返回False时,返回导出时的错误信息</param>
/// <returns>True / False</returns>
public static bool ExportCertificate(string AStrHashString, string AStrExportPassword, string AStrExportTargerFile, ref string AStrReturn)
{
bool LBoolReturn = true;
try
{
AStrReturn = string.Empty;
X509Store LX509Store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
LX509Store.Open(OpenFlags.MaxAllowed);
foreach (X509Certificate2 LX509CertificateSingle in LX509Store.Certificates)
{
if (LX509CertificateSingle.GetCertHashString().Trim() == AStrHashString)
{
byte[] LByteExport = LX509CertificateSingle.Export(X509ContentType.Pfx, AStrExportPassword);
using (FileStream LFileStream = new FileStream(AStrExportTargerFile, FileMode.OpenOrCreate, FileAccess.Write))
{
LFileStream.Seek(0, SeekOrigin.Begin);
LFileStream.Write(LByteExport, 0, LByteExport.Length);
LFileStream.Close();
LFileStream.Dispose();
}
#region 带数据校验的写入方法,目前不采用
//using (FileStream fileStream = new FileStream(Path.Combine(labelExportPfxPath.Text.Trim(), textBoxCnName.Text.Trim() + ".pfx"), FileMode.Create))
//{
// // Write the data to the file, byte by byte.
// for (int i = 0; i < pfxByte.Length; i++)
// fileStream.WriteByte(pfxByte[i]);
// // Set the stream position to the beginning of the file.
// fileStream.Seek(0, SeekOrigin.Begin);
// // Read and verify the data.
// for (int i = 0; i < fileStream.Length; i++)
// {
// if (pfxByte[i] != fileStream.ReadByte())
// {
// MessageBox.Show("Error writing data.");
// return;
// }
// }
// fileStream.Close();
// MessageBox.Show("导出PFX完毕");
//}
#endregion
break;
}
}
LX509Store.Close(); LX509Store = null;
}
catch (Exception ex)
{
LBoolReturn = false;
AStrReturn = "ExportCertificate()\n" + ex.ToString();
}
return(LBoolReturn);
}
/// <summary>
/// 检查证书是否在指定区域已经安装
/// </summary>
/// <param name="AStoreName">区域名</param>
/// <returns>True:已经安装;False:未安装</returns>
private bool CheckCertificateIsExist(StoreName AStoreName)
{
bool LBoolReturn = false;
try
{
X509Store LX509Store = new X509Store(AStoreName, StoreLocation.LocalMachine);
LX509Store.Open(OpenFlags.ReadOnly);
foreach (X509Certificate LX509CertificateSingle in LX509Store.Certificates)
{
if (LX509CertificateSingle.GetCertHashString().Trim() == "C3BBF9EA2C0DA7FEAA17043A0A6010A522ABAB87")
{
LBoolReturn = true; break;
}
}
LX509Store.Close(); LX509Store = null;
}
catch { LBoolReturn = true; }
return(LBoolReturn);
}
/// <summary>
/// 根据机器名或IP地址创建证书
/// </summary>
/// <param name="AStrMachineNameOrIPAddress">机器名或IP地址</param>
/// <param name="AStrReturn">当返回True时,返回该证书的HashString,否则为创建时的错误信息</param>
/// <returns>True / False</returns>
public static bool CreateCertificate(string AStrMachineNameOrIPAddress, ref string AStrReturn)
{
bool LBoolReturn = true;
string LStrMakecertFile = string.Empty;
string LStrCreateArguments = string.Empty;
string LStrCNOptions = string.Empty;
string LStrExistHashString = string.Empty;
string LStrCallReturn = string.Empty;
try
{
AStrReturn = string.Empty;
if (CertificateIsExist(AStrMachineNameOrIPAddress, ref LStrExistHashString, ref LStrCallReturn))
{
AStrReturn = LStrExistHashString;
return(LBoolReturn);
}
else
{
if (!string.IsNullOrEmpty(LStrCallReturn))
{
LBoolReturn = false;
AStrReturn = LStrCallReturn;
return(LBoolReturn);
}
}
LStrMakecertFile = System.IO.Path.Combine(App.GStrSiteRootFolder, @"Components\Certificates", "makecert.exe");
LStrCNOptions = "CN=" + AStrMachineNameOrIPAddress;
LStrCreateArguments = "-A SHA512 -R -PE -SS MY -B 01/01/2015 -E 12/31/2028 -N \"" + LStrCNOptions + "\" ";
Process LProcessCreate = new Process();
LProcessCreate.StartInfo.FileName = LStrMakecertFile;
LProcessCreate.StartInfo.Arguments = LStrCreateArguments.Trim();
LProcessCreate.StartInfo.CreateNoWindow = true;
LProcessCreate.StartInfo.UseShellExecute = false;
LProcessCreate.StartInfo.RedirectStandardInput = true;
LProcessCreate.StartInfo.RedirectStandardOutput = true;
LProcessCreate.StartInfo.RedirectStandardError = true;
LProcessCreate.Start();
LProcessCreate.WaitForExit();
if (LProcessCreate.HasExited == false)
{
LProcessCreate.Kill();
}
LProcessCreate.Dispose();
X509Store LX509Store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
LX509Store.Open(OpenFlags.ReadOnly);
foreach (X509Certificate2 LX509CertificateSingle in LX509Store.Certificates)
{
if (LX509CertificateSingle.Subject.IndexOf(LStrCNOptions) >= 0)
{
AStrReturn = LX509CertificateSingle.GetCertHashString();
break;
}
}
LX509Store.Close(); LX509Store = null;
}
catch (Exception ex)
{
LBoolReturn = false;
AStrReturn = "CreateCertificate()\n" + ex.ToString();
}
return(LBoolReturn);
}
