Exemplo n.º 1
0
        private static void ObtainLatestBankCertificates()
        {
            /*
             * This obtains the latest certificates used by the bank.
             * They have a finite lifecycle, so they must be renewed a regular interval
             *  - Root certifiate: 10 years
             *  - Signing certificate: 2 years
             *  - Encryption certificate: 2 years
             */
            Console.WriteLine("Requesting bank certificates ...");

            // Obtain bank certificate
            var res = PKIClient.GetBankCertificate();

            if (!CheckForError(res))
            {
                exitProgram(Int32.Parse(res.Error.ReturnCode));
                return;
            }

            Console.WriteLine("  Retrieved new certificates from bank.");
            Console.WriteLine("Saving bank certificates ...");

            // Save the bank certificates
            CertStore.SetCertificate(CertStore.Certificiates.BankRoot, res.Response.GetBankCertificateResponse.BankRootCert);
            CertStore.SetCertificate(CertStore.Certificiates.BankEncryption, res.Response.GetBankCertificateResponse.BankEncryptionCert);
            CertStore.SetCertificate(CertStore.Certificiates.BankSigning, res.Response.GetBankCertificateResponse.BankSigningCert);
            Console.WriteLine(" Bank certificates successfully saved.");

            // Instruct the PKIClient to use the new certificates
            PKIClient.BankRootCertificate = CertStore.GetCertificate(CertStore.Certificiates.BankRoot);
            PKIClient.SetBankCertificates(CertStore.GetCertificate(CertStore.Certificiates.BankEncryption), CertStore.GetCertificate(CertStore.Certificiates.BankSigning));
            Console.WriteLine(" Using new bank certificates.");
        }
Exemplo n.º 2
0
        static void Main(string[] args)
        {
            var client = new PKIClient(Customer_Id);

            /*
             * Create a software based XML signing strategy
             * A custom implementation backed by a hardware security module could be used here instead
             */
            SoftwareBasedXmlSigningService xmlSigningStrategy = new SoftwareBasedXmlSigningService();

            client.SetXmlSigningService(xmlSigningStrategy);

            // Create a utility class for accessing the windows certificate store
            var store = new CertStore();

            X509Certificate2 rootCert = store.GetCertificate(CertStore.Certificiates.BankRoot);

            if (rootCert == null)
            {
                Console.WriteLine("Bank root certificate was not set in certificate store.");
                Console.WriteLine("Please set the correct bank root certificate in the \"DanskeBank.PKIFactory\" store using the friendlyname \"" + CertStore.Certificiates.BankRoot.ToString() + "\".");
                Console.ReadLine();
                return;
            }

            // Tell the client proxy to use the loaded root certificate
            client.SetBankRootCertificate(rootCert);

            #region Obtain bank certificates

            /*
             * This obtains the latest certificates used by the bank.
             * They have a finite lifecycle, so they must be renewed a regular interval
             *  - Root certifiate: 10 years
             *  - Signing certificate: 2 years
             *  - Encryption certificate: 2 years
             */
            Console.WriteLine("Requesting bank certificates ...");

            // Obtain bank certificate
            var res = ObtainLatestBankCertificates(client);
            if (res.IsSuccessful)
            {
                Console.WriteLine("  Retrieved new certificates from bank.");

                // Save the bank certificates
                Console.WriteLine("  Saving bank certificates ...");
                SaveBankCertificates(res.Response, store);
            }

            // Instruct the client to use the new certificates
            client.SetBankCertificates(store.GetCertificate(CertStore.Certificiates.BankEncryption), store.GetCertificate(CertStore.Certificiates.BankSigning));
            #endregion


            // Determine whether we have already been issued certificates from the bank by querying the key store
            bool mustRequestCertificates = store.GetCertificate(CertStore.Certificiates.ClientIssuedSigning) == null ||
                                           store.GetCertificate(CertStore.Certificiates.ClientIssuedEncryption) == null;

            if (mustRequestCertificates)
            {
                if (store.GetCertificate(CertStore.Certificiates.ClientGeneratedEncryption) == null ||
                    store.GetCertificate(CertStore.Certificiates.ClientGeneratedEncryption) == null)
                {
                    Console.WriteLine("Client generated certificates and private keys were not set in certificate store.");
                    Console.WriteLine("Please set the encryption and signing certificates in the \"DanskeBank.PKIFactory\" store using the friendlyname names:");
                    Console.WriteLine("  Signing: \"" + CertStore.Certificiates.ClientGeneratedSigning.ToString() + "\".");
                    Console.WriteLine("  Encryption: \"" + CertStore.Certificiates.ClientGeneratedEncryption.ToString() + "\".");
                    Console.ReadLine();
                    return;
                }


                Console.WriteLine("Sending certificate signing requests for own certificates ...");
                var createCertRes = CreateCertificates(client, Customer_PIN, store);

                SaveClientCertificates(createCertRes.Response, store);
            }

            // Use the (potentially newly) issued certificates
            Console.WriteLine("Using certificates issued to client ...");
            xmlSigningStrategy.SetClientCertificate(store.GetCertificate(CertStore.Certificiates.ClientIssuedSigning), (RSACryptoServiceProvider)store.GetCertificate(CertStore.Certificiates.ClientGeneratedSigning).PrivateKey);

            // Check status of the certificates we're using
            Console.WriteLine("Checking status of own certificates ...");
            CertificateStatus(client, store.GetCertificate(CertStore.Certificiates.ClientIssuedSigning));
            CertificateStatus(client, store.GetCertificate(CertStore.Certificiates.ClientIssuedEncryption));

            /*
             * Console.WriteLine("Getting all our own certificates");
             * GetOwnCertificiateList(client);
             */
            Console.WriteLine("Renewing own certificates");
            var renewedCerts = RenewCertificates(client, store);

            Console.WriteLine("Using certificates issued to client ...");
            xmlSigningStrategy.SetClientCertificate(new X509Certificate2(renewedCerts.SigningCert), (RSACryptoServiceProvider)store.GetCertificate(CertStore.Certificiates.ClientGeneratedSigning).PrivateKey);


            // Revoke the newly renew'ed certificates
            // Note: Revoking this certificate will force you to request new certificates based on the locally generated ones
            // client.RevokeCertificates(KeyGeneratorTypeType.software, new[] { HexToDec(new X509Certificate2(renewedCerts.EncryptionCert).SerialNumber) });

            /*
             *  // Revoke all certificates except our initial ones.
             * client.RevokeAllCertificates(KeyGeneratorTypeType.software, new[] {
             *  new X509Certificate2(ownInitialEncryptionCert).SerialNumber,
             *  new X509Certificate2(ownInitialigningCert).SerialNumber,
             * });
             */


            Console.WriteLine("Press enter to close.");
            Console.ReadLine();
        }