public ActionResult Details(string id)
{
Guid publicKey;
if (!Guid.TryParse(id, out publicKey))
{
return(new HttpStatusCodeResult(System.Net.HttpStatusCode.BadRequest));
}
var certificado = DBContext.Certificados.Where(e => e.PublicKey == publicKey).SingleOrDefault();
if (certificado == null)
{
return(HttpNotFound());
}
System.Security.Cryptography.SHA1CryptoServiceProvider sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider();
//System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo,
// certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet);
//// System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;
System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo,
certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet);
System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;
//System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();
//byte[] binData = encoder.GetBytes(cadenaOriginal);
//byte[] binSignature = rsaCryptoIPT.SignData(binData, sha1);
//string sello = Convert.ToBase64String(binSignature);
//return sello;
var model = new CertificadoDetailsViewModel(certificado);
//model.Issuer = cert.Issuer;
model.Issuer = cert.IssuerName.Name;
model.Subject = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);
model.Issuer = cert.GetEffectiveDateString();
model.Issuer = cert.GetExpirationDateString();
model.Issuer = cert.Subject;
model.Issuer = certificado.GetNumeroSerie(); // cert.SerialNumber; // cert.GetSerialNumberString();
model.Issuer = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, true);
//model.Issuer = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);
return(View(model));
}
public ActionResult Create(CertificadoCreateViewModel model) {
//var model = new CertificadoCreateViewModel();
if (ModelState.IsValid) {
if (model.CertificadoArchivo == null || model.CertificadoArchivo.ContentLength == 0) {
return View();
}
try {
// var user = UserManager.FindById(this.GetUserId());
Guid publicKey = Guid.NewGuid();
Certificado certificado = new Certificado();
//certificado.NumSerie = model.NumSerie;
//certificado.RFC = model.RFC;
//certificado.Inicia = model.Inicia; // DateTime.Parse(post["inicia"].ToString(), new System.Globalization.CultureInfo("es-MX"));
//certificado.Finaliza = model.Finaliza;
////certificado.CertificadoBase64 = model.CertificadoArchivo;
////certificado.PFXArchivo = model.PFXArchivo;
certificado.PFXContrasena = model.PFXContrasena;
certificado.Estado = model.Estado;
if (model.CertificadoArchivo != null) {
MemoryStream target = new MemoryStream();
model.CertificadoArchivo.InputStream.CopyTo(target);
Byte[] data = target.ToArray();
certificado.CertificadoDER = data;
//certificado.PFXArchivo = data;
certificado.CertificadoBase64 = Convert.ToBase64String(data);
System.Security.Cryptography.SHA1CryptoServiceProvider sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider();
//System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(data, certificado.PFXContrasena);
System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(data);
// cert.FriendlyName.ToString();
certificado.NumSerie = Certificado.GetSerialNumberString(cert);
//certificado.RFC = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);
string[] subject = cert.Subject.Split(',');
foreach (string strVal in subject) {
string value = strVal.Trim();
if (value.StartsWith("OID.2.5.4.45=")) {
string value2 = value.Replace("OID.2.5.4.45=", "");
certificado.RFC = value2.Substring(0, value2.IndexOf('/') >= 0 ? value2.IndexOf('/') : value2.Length).Trim();
}
}
certificado.Inicia = DateTime.Parse(cert.GetEffectiveDateString());
certificado.Finaliza = DateTime.Parse(cert.GetExpirationDateString());
//certificado.CertificadoBase64 = model.CertificadoArchivo;
//certificado.PFXArchivo = model.PFXArchivo;
}
if (model.PFXArchivo != null) {
MemoryStream target2 = new MemoryStream();
model.PFXArchivo.InputStream.CopyTo(target2);
Byte[] dataPFX = target2.ToArray();
certificado.PFXArchivo = dataPFX;
// MemoryStream target3 = new MemoryStream();
// model.CertificadoArchivo.InputStream.Position = 0;
// model.CertificadoArchivo.InputStream.CopyTo(target3);
// Byte[] data3 = target3.ToArray();
// //string certificadoBase64 = Convert.ToBase64String(data);
// //System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo,
// // certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet);
// //System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;
}
//else {
// MemoryStream target3 = new MemoryStream();
// model.CertificadoArchivo.InputStream.CopyTo(target3);
// Byte[] data3 = target3.ToArray();
// //string certificadoBase64 = Convert.ToBase64String(data);
// System.Security.Cryptography.SHA1CryptoServiceProvider sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider();
// System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(data3, certificado.PFXContrasena);
// cert.FriendlyName.ToString();
// //System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo,
// // certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet);
// System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;
//}
if (model.PrivateKeyDER != null) {
MemoryStream ms = new MemoryStream();
model.PrivateKeyDER.InputStream.CopyTo(ms);
Byte[] dataDER = ms.ToArray();
certificado.PrivateKeyDER = dataDER;
}
certificado.PrivateKeyContrasena = model.PrivateKeyContrasena;
this.DBContext.Certificados.Add(certificado);
this.DBContext.SaveChanges();
}
catch (Exception ex) {
//log.Error(ex, "Error upload photo blob to storage");
ex.ToString();
}
}
return RedirectToAction("Index", "Home");
}
public ActionResult Details(string id) {
Guid publicKey;
if (!Guid.TryParse(id, out publicKey))
return new HttpStatusCodeResult(System.Net.HttpStatusCode.BadRequest);
var certificado = DBContext.Certificados.Where(e => e.PublicKey == publicKey).SingleOrDefault();
if (certificado == null)
return HttpNotFound();
System.Security.Cryptography.SHA1CryptoServiceProvider sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider();
//System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo,
// certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet);
//// System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;
System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo,
certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet);
System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;
//System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();
//byte[] binData = encoder.GetBytes(cadenaOriginal);
//byte[] binSignature = rsaCryptoIPT.SignData(binData, sha1);
//string sello = Convert.ToBase64String(binSignature);
//return sello;
var model = new CertificadoDetailsViewModel(certificado);
//model.Issuer = cert.Issuer;
model.Issuer = cert.IssuerName.Name;
model.Subject = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);
model.Issuer = cert.GetEffectiveDateString();
model.Issuer = cert.GetExpirationDateString();
model.Issuer = cert.Subject;
model.Issuer = certificado.GetNumeroSerie(); // cert.SerialNumber; // cert.GetSerialNumberString();
model.Issuer = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, true);
//model.Issuer = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);
return View(model);
}
/// <summary>
/// Once validation has completed for our requested domains we can complete the certificate
/// request by submitting a Certificate Signing Request (CSR) to the CA
/// </summary>
/// <param name="log"> </param>
/// <param name="primaryDnsIdentifier"> </param>
/// <param name="alternativeDnsIdentifiers"> </param>
/// <param name="config"> </param>
/// <returns> </returns>
public async Task <ProcessStepResult> CompleteCertificateRequest(ILog log, CertRequestConfig config, string orderId)
{
var orderContext = _currentOrders[orderId];
// check order status, if it's not 'ready' then try a few more times before giving up
var order = await orderContext.Resource();
var attempts = 5;
while (attempts > 0 && (order?.Status != OrderStatus.Ready && order?.Status != OrderStatus.Valid))
{
await Task.Delay(2000);
order = await orderContext.Resource();
attempts--;
}
if (order?.Status != OrderStatus.Ready && order?.Status != OrderStatus.Valid)
{
return(new ProcessStepResult {
IsSuccess = false, ErrorMessage = "Certificate Request did not complete. Order did not reach Ready status in the time allowed.", Result = order
});
}
// generate temp keypair for signing CSR
var keyAlg = KeyAlgorithm.RS256;
if (!string.IsNullOrEmpty(config.CSRKeyAlg))
{
if (config.CSRKeyAlg == "RS256")
{
keyAlg = KeyAlgorithm.RS256;
}
if (config.CSRKeyAlg == "ECDSA256")
{
keyAlg = KeyAlgorithm.ES256;
}
if (config.CSRKeyAlg == "ECDSA384")
{
keyAlg = KeyAlgorithm.ES384;
}
if (config.CSRKeyAlg == "ECDSA521")
{
keyAlg = KeyAlgorithm.ES512;
}
}
var csrKey = KeyFactory.NewKey(keyAlg);
var certFriendlyName = $"{config.PrimaryDomain} [Certify] ";
// generate cert
CertificateChain certificateChain = null;
DateTime? certExpiration = null;
try
{
if (order.Status == OrderStatus.Valid)
{
// download existing cert, TODO: need to re-use key from time of last finalize
certificateChain = await orderContext.Download();
}
else
{
// finalise and download
certificateChain = await orderContext.Generate(new CsrInfo
{
CommonName = _idnMapping.GetAscii(config.PrimaryDomain)
}, csrKey);
}
var cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificateChain.Certificate.ToDer());
certExpiration = cert.NotAfter;
certFriendlyName += $"{cert.GetEffectiveDateString()} to {cert.GetExpirationDateString()}";
}
catch (AcmeRequestException exp)
{
var msg = $"Failed to finalize certificate order: {exp.Error?.Detail}";
log.Error(msg);
return(new ProcessStepResult {
ErrorMessage = msg, IsSuccess = false, Result = exp.Error
});
}
// file will be named as {expiration yyyyMMdd}_{guid} e.g. 20290301_4fd1b2ea-7b6e-4dca-b5d9-e0e7254e568b
var certId = certExpiration.Value.ToString("yyyyMMdd") + "_" + Guid.NewGuid().ToString().Substring(0, 8);
var domainAsPath = config.PrimaryDomain.Replace("*", "_");
var pfxPath = ExportFullCertPFX(certFriendlyName, csrKey, certificateChain, certId, domainAsPath);
return(new ProcessStepResult {
IsSuccess = true, Result = pfxPath
});
}
public ActionResult Create(CertificadoCreateViewModel model)
{
//var model = new CertificadoCreateViewModel();
if (ModelState.IsValid)
{
if (model.CertificadoArchivo == null || model.CertificadoArchivo.ContentLength == 0)
{
return(View());
}
try {
// var user = UserManager.FindById(this.GetUserId());
Guid publicKey = Guid.NewGuid();
Certificado certificado = new Certificado();
//certificado.NumSerie = model.NumSerie;
//certificado.RFC = model.RFC;
//certificado.Inicia = model.Inicia; // DateTime.Parse(post["inicia"].ToString(), new System.Globalization.CultureInfo("es-MX"));
//certificado.Finaliza = model.Finaliza;
////certificado.CertificadoBase64 = model.CertificadoArchivo;
////certificado.PFXArchivo = model.PFXArchivo;
certificado.PFXContrasena = model.PFXContrasena;
certificado.Estado = model.Estado;
if (model.CertificadoArchivo != null)
{
MemoryStream target = new MemoryStream();
model.CertificadoArchivo.InputStream.CopyTo(target);
Byte[] data = target.ToArray();
certificado.CertificadoDER = data;
//certificado.PFXArchivo = data;
certificado.CertificadoBase64 = Convert.ToBase64String(data);
System.Security.Cryptography.SHA1CryptoServiceProvider sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider();
//System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(data, certificado.PFXContrasena);
System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(data);
// cert.FriendlyName.ToString();
certificado.NumSerie = Certificado.GetSerialNumberString(cert);
//certificado.RFC = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);
string[] subject = cert.Subject.Split(',');
foreach (string strVal in subject)
{
string value = strVal.Trim();
if (value.StartsWith("OID.2.5.4.45="))
{
string value2 = value.Replace("OID.2.5.4.45=", "");
certificado.RFC = value2.Substring(0, value2.IndexOf('/') >= 0 ? value2.IndexOf('/') : value2.Length).Trim();
}
}
certificado.Inicia = DateTime.Parse(cert.GetEffectiveDateString());
certificado.Finaliza = DateTime.Parse(cert.GetExpirationDateString());
//certificado.CertificadoBase64 = model.CertificadoArchivo;
//certificado.PFXArchivo = model.PFXArchivo;
}
if (model.PFXArchivo != null)
{
MemoryStream target2 = new MemoryStream();
model.PFXArchivo.InputStream.CopyTo(target2);
Byte[] dataPFX = target2.ToArray();
certificado.PFXArchivo = dataPFX;
// MemoryStream target3 = new MemoryStream();
// model.CertificadoArchivo.InputStream.Position = 0;
// model.CertificadoArchivo.InputStream.CopyTo(target3);
// Byte[] data3 = target3.ToArray();
// //string certificadoBase64 = Convert.ToBase64String(data);
// //System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo,
// // certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet);
// //System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;
}
//else {
// MemoryStream target3 = new MemoryStream();
// model.CertificadoArchivo.InputStream.CopyTo(target3);
// Byte[] data3 = target3.ToArray();
// //string certificadoBase64 = Convert.ToBase64String(data);
// System.Security.Cryptography.SHA1CryptoServiceProvider sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider();
// System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(data3, certificado.PFXContrasena);
// cert.FriendlyName.ToString();
// //System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo,
// // certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet);
// System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey;
//}
if (model.PrivateKeyDER != null)
{
MemoryStream ms = new MemoryStream();
model.PrivateKeyDER.InputStream.CopyTo(ms);
Byte[] dataDER = ms.ToArray();
certificado.PrivateKeyDER = dataDER;
}
certificado.PrivateKeyContrasena = model.PrivateKeyContrasena;
this.DBContext.Certificados.Add(certificado);
this.DBContext.SaveChanges();
}
catch (Exception ex) {
//log.Error(ex, "Error upload photo blob to storage");
ex.ToString();
}
}
return(RedirectToAction("Index", "Home"));
}