/// <summary>
/// Changes the delimiter used to seperate fields in a subject name.
/// </summary>
private static string ChangeSubjectNameDelimiter(string name, char delimiter)
{
StringBuilder buffer = new StringBuilder();
List <string> elements = Utils.ParseDistinguishedName(name);
for (int ii = 0; ii < elements.Count; ii++)
{
string element = elements[ii];
if (buffer.Length > 0)
{
buffer.Append(delimiter);
}
if (element.IndexOf(delimiter) != -1)
{
int index = element.IndexOf('=');
buffer.Append(element.Substring(0, index + 1));
buffer.Append('"');
buffer.Append(element.Substring(index + 1));
buffer.Append('"');
continue;
}
buffer.Append(elements[ii]);
}
return(buffer.ToString());
}
/// <summary>
/// Finds a certificate in a collection.
/// </summary>
/// <param name="collection">The collection of the <see cref="X509Certificate2"/> certificates objects.</param>
/// <param name="needPrivateKey">If set to <c>true</c> the certificate must have private key.</param>
/// <returns>An <see cref="X509Certificate2"/> certificate with matching subject name.</returns>
public static X509Certificate2 Find(X509Certificate2Collection collection, string thumbprint, string subjectName, bool needPrivateKey)
{
#if !SILVERLIGHT
// find by thumbprint.
if (!String.IsNullOrEmpty(thumbprint))
{
collection = collection.Find(X509FindType.FindByThumbprint, thumbprint, false);
foreach (X509Certificate2 certificate in collection)
{
if (!needPrivateKey || certificate.HasPrivateKey)
{
if (String.IsNullOrEmpty(subjectName))
{
return(certificate);
}
List <string> subjectName2 = Utils.ParseDistinguishedName(subjectName);
if (Utils.CompareDistinguishedName(certificate, subjectName2))
{
return(certificate);
}
}
}
return(null);
}
// find by subject name.
if (!String.IsNullOrEmpty(subjectName))
{
List <string> subjectName2 = Utils.ParseDistinguishedName(subjectName);
foreach (X509Certificate2 certificate in collection)
{
if (Utils.CompareDistinguishedName(certificate, subjectName2))
{
if (!needPrivateKey || certificate.HasPrivateKey)
{
return(certificate);
}
}
}
collection = collection.Find(X509FindType.FindBySubjectName, subjectName, false);
foreach (X509Certificate2 certificate in collection)
{
if (!needPrivateKey || certificate.HasPrivateKey)
{
return(certificate);
}
}
}
#endif
// certificate not found.
return(null);
}
private void Initialize(byte[] crl)
{
X509CrlParser parser = new X509CrlParser();
m_crl = parser.ReadCrl(crl);
UpdateTime = m_crl.ThisUpdate;
NextUpdateTime = (m_crl.NextUpdate == null) ? DateTime.MinValue : m_crl.NextUpdate.Value;
// a few conversions to match System.Security conventions
string issuerDN = m_crl.IssuerDN.ToString();
// replace state ST= with S=
issuerDN = issuerDN.Replace("ST=", "S=");
// reverse DN order to match System.Security
List <string> issuerList = Utils.ParseDistinguishedName(issuerDN);
issuerList.Reverse();
Issuer = string.Join(", ", issuerList);
}
/// <summary>
/// Returns the file name to use for the certificate.
/// </summary>
private string GetFileName(X509Certificate2 certificate)
{
// build file name.
string commonName = certificate.FriendlyName;
List <string> names = Utils.ParseDistinguishedName(certificate.Subject);
for (int ii = 0; ii < names.Count; ii++)
{
if (names[ii].StartsWith("CN="))
{
commonName = names[ii].Substring(3).Trim();
break;
}
}
StringBuilder fileName = new StringBuilder();
// remove any special characters.
for (int ii = 0; ii < commonName.Length; ii++)
{
char ch = commonName[ii];
if ("<>:\"/\\|?*".IndexOf(ch) != -1)
{
ch = '+';
}
fileName.Append(ch);
}
fileName.Append(" [");
fileName.Append(certificate.Thumbprint);
fileName.Append("]");
return(fileName.ToString());
}
/// <summary>
/// Sets the parameters to suitable defaults.
/// </summary>
private static void SetSuitableDefaults(
ref string applicationUri,
ref string applicationName,
ref string subjectName,
ref IList <String> domainNames,
ref ushort keySize,
ref ushort lifetimeInMonths,
bool isCA)
{
// enforce recommended keysize unless lower value is enforced.
if (keySize < 1024)
{
keySize = defaultKeySize;
}
if (keySize % 1024 != 0)
{
throw new ArgumentNullException("keySize", "KeySize must be a multiple of 1024.");
}
// enforce minimum lifetime.
if (lifetimeInMonths < 1)
{
lifetimeInMonths = 1;
}
// parse the subject name if specified.
List <string> subjectNameEntries = null;
if (!String.IsNullOrEmpty(subjectName))
{
subjectNameEntries = Utils.ParseDistinguishedName(subjectName);
}
// check the application name.
if (String.IsNullOrEmpty(applicationName))
{
if (subjectNameEntries == null)
{
throw new ArgumentNullException("applicationName", "Must specify a applicationName or a subjectName.");
}
// use the common name as the application name.
for (int ii = 0; ii < subjectNameEntries.Count; ii++)
{
if (subjectNameEntries[ii].StartsWith("CN="))
{
applicationName = subjectNameEntries[ii].Substring(3).Trim();
break;
}
}
}
// remove special characters from name.
StringBuilder buffer = new StringBuilder();
for (int ii = 0; ii < applicationName.Length; ii++)
{
char ch = applicationName[ii];
if (Char.IsControl(ch) || ch == '/' || ch == ',' || ch == ';')
{
ch = '+';
}
buffer.Append(ch);
}
applicationName = buffer.ToString();
// ensure at least one host name.
if (domainNames == null || domainNames.Count == 0)
{
domainNames = new List <string>();
domainNames.Add(Utils.GetHostName());
}
// create the application uri.
if (String.IsNullOrEmpty(applicationUri))
{
StringBuilder builder = new StringBuilder();
builder.Append("urn:");
builder.Append(domainNames[0]);
builder.Append(":");
builder.Append(applicationName);
applicationUri = builder.ToString();
}
Uri uri = Utils.ParseUri(applicationUri);
if (uri == null)
{
throw new ArgumentNullException("applicationUri", "Must specify a valid URL.");
}
// create the subject name,
if (String.IsNullOrEmpty(subjectName))
{
subjectName = Utils.Format("CN={0}/DC={1}", applicationName, domainNames[0]);
}
}
/// <summary>
/// Loads the private key from a PFX file in the certificate store.
/// </summary>
public X509Certificate2 LoadPrivateKey(string thumbprint, string subjectName, string password)
{
if (m_certificateSubdir == null || !m_certificateSubdir.Exists)
{
return(null);
}
if (string.IsNullOrEmpty(thumbprint) && string.IsNullOrEmpty(subjectName))
{
return(null);
}
foreach (FileInfo file in m_certificateSubdir.GetFiles("*.der"))
{
try
{
X509Certificate2 certificate = new X509Certificate2(file.FullName);
if (!String.IsNullOrEmpty(thumbprint))
{
if (!string.Equals(certificate.Thumbprint, thumbprint, StringComparison.CurrentCultureIgnoreCase))
{
continue;
}
}
if (!String.IsNullOrEmpty(subjectName))
{
if (!Utils.CompareDistinguishedName(subjectName, certificate.Subject))
{
if (subjectName.Contains("="))
{
continue;
}
if (!Utils.ParseDistinguishedName(certificate.Subject).Any(s => s.Equals("CN=" + subjectName, StringComparison.OrdinalIgnoreCase)))
{
continue;
}
}
}
string fileRoot = file.Name.Substring(0, file.Name.Length - file.Extension.Length);
StringBuilder filePath = new StringBuilder();
filePath.Append(m_privateKeySubdir.FullName);
filePath.Append(Path.DirectorySeparatorChar);
filePath.Append(fileRoot);
FileInfo privateKeyFile = new FileInfo(filePath.ToString() + ".pfx");
password = password ?? String.Empty;
try
{
certificate = new X509Certificate2(
privateKeyFile.FullName,
password,
X509KeyStorageFlags.Exportable | X509KeyStorageFlags.UserKeySet);
if (CertificateFactory.VerifyRSAKeyPair(certificate, certificate, true))
{
return(certificate);
}
}
catch (Exception)
{
certificate = new X509Certificate2(
privateKeyFile.FullName,
password,
X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet);
if (CertificateFactory.VerifyRSAKeyPair(certificate, certificate, true))
{
return(certificate);
}
}
}
catch (Exception e)
{
Utils.Trace(e, "Could not load private key for certificate " + subjectName);
}
}
return(null);
}
