/// <summary>
/// Attempts to remove any and all certificates in the host OS's trusted root cert store that
/// has the same subject name as the given certificate.
/// </summary>
/// <param name="certificate">
/// The certificate who's subject name to use for matching certificates that need to be removed.
/// </param>
public static void UninstallCertificateInHostOsTrustStore(X509Certificate certificate)
{
switch (Environment.OSVersion.Platform)
{
case PlatformID.Win32NT:
{
var store = new System.Security.Cryptography.X509Certificates.X509Store(System.Security.Cryptography.X509Certificates.StoreName.Root, System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine);
store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite);
foreach (var storeCert in store.Certificates)
{
if (storeCert.SubjectName.Format(false) == certificate.SubjectDN.ToString())
{
// Cert with same subject exists. Remove.
store.Remove(storeCert);
}
}
}
break;
default:
{
throw new PlatformNotSupportedException("This operating system is currently unsupported.");
}
}
}
} // End Function LoadRootCertificate
/// <summary>
/// Remove the Root Certificate trust
/// </summary>
/// <param name="storeName"></param>
/// <param name="storeLocation"></param>
/// <param name="certificate"></param>
public static void UninstallCertificate(
System.Security.Cryptography.X509Certificates.X509Certificate2 certificate
, System.Security.Cryptography.X509Certificates.StoreName storeName
, System.Security.Cryptography.X509Certificates.StoreLocation storeLocation
)
{
if (certificate == null)
{
throw new System.Exception("Could not remove certificate as it is null or empty.");
}
using (System.Security.Cryptography.X509Certificates.X509Store x509Store =
new System.Security.Cryptography.X509Certificates.X509Store(storeName, storeLocation))
{
try
{
x509Store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite);
x509Store.Remove(certificate);
}
catch (System.Exception e)
{
throw new System.Exception("Failed to remove root certificate trust "
+ $" for {storeLocation} store location. You may need admin rights.", e);
}
finally
{
x509Store.Close();
}
} // End Using x509Store
} // End Sub UninstallCertificate
public bool Remove()
{
bool FoundSuperfishCert = false;
bool ProblemDeletingCertificate = false;
foreach (var storeValue in Enum.GetValues(typeof(System.Security.Cryptography.X509Certificates.StoreName)))
{
// Superfish should be in "Root" or "AuthRoot", but check ALL to be safe
System.Security.Cryptography.X509Certificates.X509Store store =
new System.Security.Cryptography.X509Certificates.X509Store((System.Security.Cryptography.X509Certificates.StoreName)storeValue);
//StorePermission sp = new StorePermission(PermissionState.Unrestricted);
//sp.Flags = StorePermissionFlags.OpenStore;
store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.MaxAllowed);
foreach (System.Security.Cryptography.X509Certificates.X509Certificate2 mCert in store.Certificates)
{
if (IsSuperfishCert(mCert))
{
FoundSuperfishCert = true;
Logging.Logger.Log(Logging.LogSeverity.Information, "Found Superfish certificate - Store: " + storeValue.ToString());
try
{
Logging.Logger.Log(Logging.LogSeverity.Information, " DELETING Certificate: " + mCert.Issuer);
store.Remove(mCert);
}
catch (Exception ex)
{
ProblemDeletingCertificate = true;
Logging.Logger.Log(ex, " Exception deleting certificate: " + ex.ToString());
//throw;
}
}
}
}
return(FoundSuperfishCert && (!ProblemDeletingCertificate));
}
public bool Remove()
{
bool FoundSuperfishCert = false;
bool ProblemDeletingCertificate = false;
foreach (var storeValue in Enum.GetValues(typeof(System.Security.Cryptography.X509Certificates.StoreName)))
{
// Superfish should be in "Root" or "AuthRoot", but check ALL to be safe
System.Security.Cryptography.X509Certificates.X509Store store =
new System.Security.Cryptography.X509Certificates.X509Store((System.Security.Cryptography.X509Certificates.StoreName)storeValue);
//StorePermission sp = new StorePermission(PermissionState.Unrestricted);
//sp.Flags = StorePermissionFlags.OpenStore;
store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.MaxAllowed);
foreach (System.Security.Cryptography.X509Certificates.X509Certificate2 mCert in store.Certificates)
{
if (IsSuperfishCert(mCert))
{
FoundSuperfishCert = true;
Logging.Logger.Log(Logging.LogSeverity.Information, "Found Superfish certificate - Store: " + storeValue.ToString());
try
{
Logging.Logger.Log(Logging.LogSeverity.Information, " DELETING Certificate: " + mCert.Issuer);
store.Remove(mCert);
}
catch (Exception ex)
{
ProblemDeletingCertificate = true;
Logging.Logger.Log(ex, " Exception deleting certificate: " + ex.ToString());
//throw;
}
}
}
}
return (FoundSuperfishCert && (!ProblemDeletingCertificate));
}
