예제 #1
0
        protected virtual bool DestroySignedCertificates(
            X509Certificate2Collection myCertificates, X509Certificate2Collection rootCertificates)
        {
            try
            {
                var certificateNames = new List<string>();
                if (MyStore != null)
                {
                    MyStore.RemoveRange(myCertificates);

                    IEnumerable<string> myCertNames = myCertificates.Cast<X509Certificate2>()
                        .Select(c => c.GetNameInfo(X509NameType.SimpleName, false));

                    certificateNames.AddRange(myCertNames);
                }

                if (RootStore != null)
                {
                    RootStore.RemoveRange(rootCertificates);

                    IEnumerable<string> rootCertNames = rootCertificates.Cast<X509Certificate2>()
                        .Select(c => c.GetNameInfo(X509NameType.SimpleName, false));

                    certificateNames.AddRange(rootCertNames);
                }

                foreach (string certificateName in certificateNames)
                {
                    if (_certificateCache.ContainsKey(certificateName))
                        _certificateCache.Remove(certificateName);
                }

                return true;
            }
            catch (CryptographicException) { return false; }
        }
        public override IResult Execute(IResult previousResults)
        {
            X509Store store = null;
            try
            {
                var certificate = GetCertificateFromWrapper();
                if (certificate == null)
                {
                    Log.Warn("Certificate does not exist in settings store; cannot remove similiar certificates");
                    return new NextResult();
                }

                var authorityKey = CertificateUtilities.GetAuthorityKeyFromCertificate(certificate);
                if (string.IsNullOrWhiteSpace(authorityKey))
                {
                    Log.WarnFormat("Cannot retrieve authority key from certificate; cannot remove similiar certificates");
                    return new NextResult();
                }

                var subjectKey = CertificateUtilities.GetSubjectKeyFromCertificate(certificate);
                if (string.IsNullOrWhiteSpace(subjectKey))
                {
                    Log.WarnFormat("Cannot retrieve subject key from certificate; cannot remove similiar certificates");
                    return new NextResult();
                }

                store = new X509Store(StoreName, StoreLocation.CurrentUser);
                store.Open(OpenFlags.ReadWrite);
                var instances = new X509Certificate2Collection();
                foreach (var instance in store.Certificates)
                {
                    // shouldn't remove new cert
                    if (instance.Equals(certificate))
                        continue;

                    if (!authorityKey.Equals(
                        CertificateUtilities.GetAuthorityKeyFromCertificate(instance),
                        StringComparison.InvariantCultureIgnoreCase))
                        continue;

                    if (!subjectKey.Equals(
                        CertificateUtilities.GetSubjectKeyFromCertificate(instance),
                        StringComparison.InvariantCultureIgnoreCase))

                    Log.InfoFormat("Similar certificate found: serial number {0}; subject name {1}", instance.SerialNumber, instance.SubjectName.Name);
                    instances.Add(instance);
                }

                if (instances.Count == 0)
                    return new NextResult();

                Log.InfoFormat("Removing {0} similar certificates", instances.Count);
                store.RemoveRange(instances);

                var notRemoved = new X509Certificate2Collection();
                foreach (var instance in instances.Cast<X509Certificate2>().Where(instance => store.Certificates.Contains(instance)))
                {
                    notRemoved.Add(instance);
                }

                if (notRemoved.Count == 0)
                    Log.InfoFormat("{0} similiar certificates removed", instances.Count);
                else
                {
                    foreach (var instance in notRemoved)
                        Log.WarnFormat("Certificate with serial number {0} not removed", instance.SerialNumber);
                }

                return new NextResult();
            }
            catch (Exception e)
            {
                return new ExceptionOccurred(e);
            }
            finally
            {
                if (store != null)
                    store.Close();
            }
        }