public static X509Certificate[] GetCertificateChain(this SystemX509.X509Certificate2 cert2) { List <X509Certificate> list = new List <X509Certificate>(); SystemX509.X509Chain chain = new SystemX509.X509Chain(); chain.ChainPolicy.RevocationFlag = SystemX509.X509RevocationFlag.EntireChain; chain.ChainPolicy.RevocationMode = SystemX509.X509RevocationMode.Online; chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 30); chain.ChainPolicy.VerificationFlags = SystemX509.X509VerificationFlags.NoFlag; if (chain.Build(cert2) == true) { foreach (SystemX509.X509ChainElement element in chain.ChainElements) { list.Add(new X509CertificateParser().ReadCertificate(element.Certificate.GetRawCertData())); } } else { list.Add(new X509CertificateParser().ReadCertificate(cert2.GetRawCertData())); } return(list.ToArray()); }
public static void DisplayCertificate (X509Certificate2 certificate, IntPtr hwndParent) { if (certificate == null) throw new ArgumentNullException ("certificate"); /*byte[] raw = */ certificate.GetRawCertData (); throw new NotImplementedException (); }
public static XadesInfo GetXadesInfo(X509Certificate2 certificate) { XadesInfo xadesInfo = new XadesInfo(); xadesInfo.RawPK = Convert.ToBase64String(certificate.GetRawCertData()); xadesInfo.SigningDateTimeUTC = DateTime.UtcNow; TimeSpan delta = TimeZoneInfo.Local.GetUtcOffset(DateTime.Now); xadesInfo.TimeZoneOffsetMinutes = Convert.ToInt32(delta.TotalMinutes); return xadesInfo; }
public static void DisplayCertificate(X509Certificate2 certificate, IntPtr hwndParent) { if (certificate == null) { throw new ArgumentNullException("certificate"); } /*byte[] raw = */ certificate.GetRawCertData(); throw new NotImplementedException(); }
private CertificateSet CreateCertificate() { //TODO: randomize the password string password = "******"; CertificateSet certificateSet = new CertificateSet { Password = password, PfxRawData = Certificate.CreateSelfSignCertificatePfx("O=tnLabs1,CN=tnLabs,SN=tnLabs3", DateTime.Now.AddDays(-1), DateTime.Now.AddYears(10), password) }; //CN is showed in the Azure Management X509Certificate2 cert = new X509Certificate2(certificateSet.PfxRawData, password); certificateSet.CerRawData = cert.GetRawCertData(); return certificateSet; }
public static CertificadoDigital GetCertificadoDigital_v2(byte[] archivoCer) { var srtBase64 = ""; var certificado = new CertificadoDigital(); System.Security.Cryptography.X509Certificates.X509Certificate2 certEmisor = new System.Security.Cryptography.X509Certificates.X509Certificate2(); byte[] data = archivoCer; certEmisor.Import(data); srtBase64 = Convert.ToBase64String(certEmisor.GetRawCertData()); certificado.Certificado = certEmisor.GetRawCertDataString(); certificado.CertificadoBase64 = srtBase64; byte[] byteArray = certEmisor.GetSerialNumber(); //string test = byteArray.ToString(); string strSerialHex = certEmisor.GetSerialNumberString(); string serialTest2 = certEmisor.SerialNumber; var strSerial = ConvertHexToString(strSerialHex); //var str = System.Text.Encoding.Default.GetString(byteArray); //string result = System.Text.Encoding.UTF8.GetString(byteArray); //System.Text.Encoding enc = System.Text.Encoding.ASCII; //string myString = enc.GetString(byteArray); //string s = System.Text.UTF8Encoding.UTF8.GetString(byteArray); //char[] array = str.ToCharArray(); //Array.Reverse(array); //var nuevoStr = new string(array); certificado.NoCertificado = strSerial;//str; return(certificado); }
public static string GetSignedRequestXades(string request, X509Certificate2 certificate, string privateKeyPassword) { var originalDoc = new XmlDocument() { PreserveWhitespace = _PRESERVE_WHITESPACE }; originalDoc.LoadXml(request); var signatureid = String.Format("xmldsig-{0}", Guid.NewGuid().ToString().ToLower()); var signedXml = GetXadesSignedXml(certificate, originalDoc, signatureid, privateKeyPassword); var keyInfo = GetKeyInfo(Convert.ToBase64String(certificate.GetRawCertData())); signedXml.KeyInfo = keyInfo; var xadesInfo = GetXadesInfo(certificate); var xadesObject = GetXadesObject(xadesInfo, signatureid); signedXml.AddXadesObject(xadesObject); signedXml.ComputeSignature(); InjectSignatureToOriginalDoc(signedXml, originalDoc); return originalDoc.OuterXml; }
protected override void ProcessRecord() { if (!System.IO.Path.IsPathRooted(CertPath)) { CertPath = System.IO.Path.Combine(SessionState.Path.CurrentFileSystemLocation.Path, CertPath); } var cert = new X509Certificate2(CertPath); var rawCert = cert.GetRawCertData(); var base64Cert = Convert.ToBase64String(rawCert); var rawCertHash = cert.GetCertHash(); var base64CertHash = Convert.ToBase64String(rawCertHash); var keyId = Guid.NewGuid().ToString(); var output = string.Format("\"keyCredentials\": [\n\t{{\n\t\t\"customKeyIdentifier\": \"{0}\",\n\t\t\"keyId\": \"{1}\",\n\t\t\"type\": \"AsymmetricX509Cert\",\n\t\t\"usage\": \"Verify\",\n\t\t\"value\": \"{2}\"\n\t}}\n],", base64CertHash, keyId, base64Cert); WriteObject(output); }
internal void SetCertificate(X509Certificate2 certificate) { if (certificate == null) throw new ArgumentNullException("certificate"); _certificate = certificate; // persist to the part Byte[] byteArray = _certificate.GetRawCertData(); // FileMode.Create will ensure that the stream will shrink if overwritten using (Stream s = _part.GetStream(FileMode.Create, FileAccess.Write)) { s.Write(byteArray, 0, byteArray.Length); } }
static HttpContent GetPatchContent(JObject appObject, X509Certificate2 certificate) { var cred = new JObject(); cred["startDate"] = DateTime.UtcNow.ToString("o"); cred["endDate"] = DateTime.UtcNow.AddYears(1).ToString("o"); cred["type"] = "AsymmetricX509Cert"; cred["usage"] = "Verify"; cred["customKeyIdentifier"] = Convert.ToBase64String(certificate.GetCertHash()); cred["value"] = Convert.ToBase64String(certificate.GetRawCertData()); var creds = GetKeyCredentials(appObject); creds.Add(cred); var json = new JObject(); json["odata.type"] = "Microsoft.DirectoryServices.Application"; json["*****@*****.**"] = "Collection(Microsoft.DirectoryServices.KeyCredential)"; json["keyCredentials"] = creds; return new StringContent(json.ToString(Newtonsoft.Json.Formatting.None), Encoding.UTF8, "application/json"); }
public static void WriteCertificate(X509Certificate2 cert) { byte[] certBytes = cert.GetRawCertData(); string fileName = string.Format("{0}.cer", cert.SerialNumber); File.WriteAllBytes(fileName, certBytes); Console.WriteLine("Wrote: " + fileName); }
public static string serialize(X509Certificate2 certificate) { var data = certificate.GetRawCertData(); return Convert.ToBase64String(data); }
public static Asn1EncodableVector GenerateSignerInfo(X509Certificate2 cert, String digestAlgorithmName, byte[] datos, AdESPolicy policy, bool signingCertificateV2, byte[] messageDigest, DateTime signDate, bool padesMode, String contentType, String contentDescription) { // ALGORITMO DE HUELLA DIGITAL AlgorithmIdentifier digestAlgorithmOID = SigUtils.MakeAlgId(AOAlgorithmID.GetOID(digestAlgorithmName)); // // ATRIBUTOS // authenticatedAttributes Asn1EncodableVector contexExpecific = InitContexExpecific( digestAlgorithmName, datos, Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Data.Id, messageDigest, signDate, padesMode ); // Serial Number // comentar lo de abajo para version del rfc 3852 if (signingCertificateV2) { // INICIO SINGING CERTIFICATE-V2 /** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber * CertificateSerialNumber */ TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance( Asn1Object.FromByteArray( new Org.BouncyCastle.X509.X509Certificate( X509CertificateStructure.GetInstance( Asn1Object.FromByteArray( cert.GetRawCertData()))).GetTbsCertificate())); GeneralNames gns = new GeneralNames(new GeneralName(tbs.Issuer)); IssuerSerial isuerSerial = new IssuerSerial(gns, tbs.SerialNumber); /** ESSCertIDv2 ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier * DEFAULT {algorithm id-sha256}, certHash Hash, issuerSerial * IssuerSerial OPTIONAL } * Hash ::= OCTET STRING */ byte[] certHash = Digester.Digest(cert.GetRawCertData(), digestAlgorithmName); EssCertIDv2[] essCertIDv2 = { new EssCertIDv2(digestAlgorithmOID, certHash, isuerSerial) }; /** PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId, * policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo * OPTIONAL } * CertPolicyId ::= OBJECT IDENTIFIER * PolicyQualifierInfo ::= SEQUENCE { policyQualifierId * PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */ SigningCertificateV2 scv2; if (policy.GetPolicyIdentifier() != null) { /** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF * ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL * } */ scv2 = new SigningCertificateV2(essCertIDv2, GetPolicyInformation(policy)); // con politica } else { scv2 = new SigningCertificateV2(essCertIDv2); // Sin politica } // Secuencia con singningCertificate contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2))); // FIN SINGING CERTIFICATE-V2 } else { // INICIO SINGNING CERTIFICATE /** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber * CertificateSerialNumber } */ TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance( Asn1Object.FromByteArray( new Org.BouncyCastle.X509.X509Certificate( X509CertificateStructure.GetInstance( Asn1Object.FromByteArray( cert.GetRawCertData()))).GetTbsCertificate())); GeneralName gn = new GeneralName(tbs.Issuer); GeneralNames gns = new GeneralNames(gn); IssuerSerial isuerSerial = new IssuerSerial(gns, tbs.SerialNumber); /** ESSCertID ::= SEQUENCE { certHash Hash, issuerSerial IssuerSerial * OPTIONAL } * Hash ::= OCTET STRING -- SHA1 hash of entire certificate */ byte[] certHash = Digester.Digest(cert.GetRawCertData(), digestAlgorithmName); EssCertID essCertID = new EssCertID(certHash, isuerSerial); /** PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId, * policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo * OPTIONAL } * CertPolicyId ::= OBJECT IDENTIFIER * PolicyQualifierInfo ::= SEQUENCE { policyQualifierId * PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */ SigningCertificate scv; if (policy.GetPolicyIdentifier() != null) { /** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF * ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL * } */ /* * HAY QUE HACER UN SEQUENCE, YA QUE EL CONSTRUCTOR DE BOUNCY * CASTLE NO TIENE DICHO CONSTRUCTOR. */ Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(new DerSequence(essCertID)); v.Add(new DerSequence(GetPolicyInformation(policy))); scv = SigningCertificate.GetInstance(new DerSequence(v)); // con politica } else { scv = new SigningCertificate(essCertID); // Sin politica } /** id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) * member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) * id-aa(2) 12 } */ // Secuencia con singningCertificate contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(scv))); } // INICIO SIGPOLICYID ATTRIBUTE if (policy.GetPolicyIdentifier() != null) { /** * SigPolicyId ::= OBJECT IDENTIFIER Politica de firma. */ DerObjectIdentifier doiSigPolicyId = new DerObjectIdentifier(policy.GetPolicyIdentifier().ToLower().Replace("urn:oid:", "")); /** * OtherHashAlgAndValue ::= SEQUENCE { * hashAlgorithm AlgorithmIdentifier, * hashValue OCTET STRING } * */ // Algoritmo para el hash AlgorithmIdentifier hashid; // si tenemos algoritmo de calculo de hash, lo ponemos if (policy.GetPolicyIdentifierHashAlgorithm() != null) { hashid = SigUtils.MakeAlgId( AOAlgorithmID.GetOID( AOSignConstants.GetDigestAlgorithmName( policy.GetPolicyIdentifierHashAlgorithm()))); } // si no tenemos, ponemos el algoritmo de firma. else { hashid = digestAlgorithmOID; } // hash del documento, descifrado en b64 byte[] hashed; if (policy.GetPolicyIdentifierHash() != null) { hashed = System.Convert.FromBase64String(policy.GetPolicyIdentifierHash()); } else { hashed = new byte[] { 0 }; } DigestInfo otherHashAlgAndValue = new DigestInfo(hashid, hashed); /** * SigPolicyQualifierInfo ::= SEQUENCE { * SigPolicyQualifierId SigPolicyQualifierId, * SigQualifier ANY DEFINED BY policyQualifierId } */ AOSigPolicyQualifierInfo spqInfo = null; if (policy.GetPolicyQualifier() != null) { spqInfo = new AOSigPolicyQualifierInfo(policy.GetPolicyQualifier().ToString()); } /** * SignaturePolicyId ::= SEQUENCE { * sigPolicyId SigPolicyId, * sigPolicyHash SigPolicyHash, * sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF * AOSigPolicyQualifierInfo OPTIONAL} * */ Asn1EncodableVector v = new Asn1EncodableVector(); // sigPolicyId v.Add(doiSigPolicyId); // sigPolicyHash v.Add(otherHashAlgAndValue.ToAsn1Object()); // como sequence // sigPolicyQualifiers if (spqInfo != null) { v.Add(spqInfo.toASN1Primitive()); } DerSequence ds = new DerSequence(v); // Secuencia con singningCertificate contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAAEtsSigPolicyID, new DerSet(ds.ToAsn1Object()))); // FIN SIGPOLICYID ATTRIBUTE } /** * Secuencia con el tipo de contenido firmado. No se agrega en firmas PAdES. * * ContentHints ::= SEQUENCE { * contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL, * contentType ContentType } */ if (contentType != null && !padesMode) { ContentHints contentHints; if (contentDescription != null) { contentHints = new ContentHints(new DerObjectIdentifier(contentType), new DerUtf8String(contentDescription)); } else { contentHints = new ContentHints(new DerObjectIdentifier(contentType)); } contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute( Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAAContentHint, new DerSet(contentHints.ToAsn1Object()))); } return contexExpecific; }
public void Ctor_FileName () { string tempFile = Path.GetTempFileName (); try { using (FileStream fs = File.OpenWrite (tempFile)) { fs.Write (cert_1, 0, cert_1.Length); fs.Close (); } X509Certificate2 cert = new X509Certificate2 (tempFile); Assert.IsNotNull (cert.RawData, "#C1"); Assert.AreEqual (cert_1.Length, cert.RawData.Length, "#C2"); Assert.AreEqual (cert_1, cert.RawData, "#C3"); Assert.IsNotNull (cert.GetRawCertData (), "#C4"); Assert.AreEqual (cert_1.Length, cert.GetRawCertData ().Length, "#C5"); Assert.AreEqual (cert_1, cert.GetRawCertData (), "#C6"); Assert.IsFalse (cert.HasPrivateKey, "#C7"); Assert.IsNull (cert.PrivateKey, "#C8"); } finally { File.Delete (tempFile); } }
public void TestDigest() { String serviceFingerprint = "96964dfed390fc3a884d897f00bc4446cb9d9429"; String serviceCertificateString = "MIIB8zCCAVygAwIBAgIETSMjbDANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJCRTEPMA0GA1UEChMGRmVkSUNUMQ8wDQYDVQQLEwZGZWRJQ1QxDTALBgNVBAMTBFRlc3QwHhcNMTEwMTA0MTM0MTAwWhcNMTEwNzAzMTM0MTAwWjA+MQswCQYDVQQGEwJCRTEPMA0GA1UEChMGRmVkSUNUMQ8wDQYDVQQLEwZGZWRJQ1QxDTALBgNVBAMTBFRlc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIWZDsOroiTb8rlDy6GoUhoG632DGSPjcvHHr/PVT1qsv7+goC6gUPo/4HHxSS67oJZxMABYYLFosBM/wtz5MIBlfCZYcxaVwhxd8HbWtzkBWvaZ9UobWoa83DL5ns1g4zOYkYA4KMBzDTP/s36dVT4vnB0WQvjqxHFtheoNacDNAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAecWebvuTk04zuYO7npHgpNi0IgmOafBW9mmeQBWq7gJlm5sy8nK/HJjtmRxjnRzo+iQ89On5Acipg5H0PIH5HVLf4zoLdH86tohzj0ohpw+rUma4aCwhyQfO+QqS2PokHM7elF0yUNYrZdoY3InoYuXvS1oejGeOJ6wiZ4dqN/c="; X509Certificate2 serviceCertificate = new X509Certificate2(Convert.FromBase64String(serviceCertificateString)); Assert.NotNull(serviceCertificate); String resultServiceCertificateString = Convert.ToBase64String(serviceCertificate.GetRawCertData()); Assert.True(serviceCertificateString.Equals(resultServiceCertificateString)); byte[] actualServiceFingerprint = SHA1.Create().ComputeHash(serviceCertificate.GetRawCertData()); String resultFingerprint = BitConverter.ToString(actualServiceFingerprint).Replace("-", "").ToLower(); Console.WriteLine("result: " + resultFingerprint); Assert.True(serviceFingerprint.Equals(resultFingerprint)); }
/// <summary cref="ICertificateStore.Add(X509Certificate2)" /> public void Add(X509Certificate2 certificate) { if (certificate == null) throw new ArgumentNullException("certificate"); lock (m_lock) { IntPtr hStore = IntPtr.Zero; IntPtr pCertContext = IntPtr.Zero; // get the DER encoded data. byte[] buffer = certificate.GetRawCertData(); IntPtr pData = Copy(buffer); // find the certificate. try { // open store. hStore = OpenStore(false, true, true); // check for existing certificate. pCertContext = FindCertificate(hStore, certificate.Thumbprint); if (pCertContext != IntPtr.Zero) { throw ServiceResultException.Create( StatusCodes.BadUnexpectedError, "Certificate is already in the store.\r\nType={0}, Name={1}, Subject={2}", m_storeType, m_symbolicName, certificate.Subject); } // add certificate. Opc.Ua.CertificateFactory.AddCertificateToWindowsStore( m_storeType == WindowsStoreType.LocalMachine, m_symbolicName, certificate); } finally { if (pData != IntPtr.Zero) { Marshal.FreeHGlobal(pData); } if (pCertContext != IntPtr.Zero) { NativeMethods.CertFreeCertificateContext(pCertContext); } if (hStore != IntPtr.Zero) { NativeMethods.CertCloseStore(hStore, 0); } } } }
/// <summary> /// Inserta en la lista de certificados el certificado y comprueba la valided del certificado. /// </summary> /// <param name="cert"></param> /// <param name="unsignedProperties"></param> /// <param name="addCertValue"></param> /// <param name="extraCerts"></param> private void AddCertificate(X509Certificate2 cert, UnsignedProperties unsignedProperties, bool addCert, X509Certificate2[] extraCerts = null) { if (addCert) { if (CertificateChecked(cert, unsignedProperties)) { return; } string guidCert = Guid.NewGuid().ToString(); Cert chainCert = new Cert(); chainCert.IssuerSerial.X509IssuerName = cert.IssuerName.Name; chainCert.IssuerSerial.X509SerialNumber = CertUtil.HexToDecimal(cert.SerialNumber); DigestUtil.SetCertDigest(cert.GetRawCertData(), _firma.RefsDigestMethod, chainCert.CertDigest); chainCert.URI = "#Cert" + guidCert; unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.CertRefs.CertCollection.Add(chainCert); EncapsulatedX509Certificate encapsulatedX509Certificate = new EncapsulatedX509Certificate(); encapsulatedX509Certificate.Id = "Cert" + guidCert; encapsulatedX509Certificate.PkiData = cert.GetRawCertData(); unsignedProperties.UnsignedSignatureProperties.CertificateValues.EncapsulatedX509CertificateCollection.Add(encapsulatedX509Certificate); } var chain = CertUtil.GetCertChain(cert, extraCerts).ChainElements; if (chain.Count > 1) { X509ChainElementEnumerator enumerator = chain.GetEnumerator(); enumerator.MoveNext(); // el mismo certificado que el pasado por parametro enumerator.MoveNext(); bool valid = ValidateCertificateByCRL(unsignedProperties, cert, enumerator.Current.Certificate); if (!valid) { var ocspCerts = ValidateCertificateByOCSP(unsignedProperties, cert, enumerator.Current.Certificate); if (ocspCerts != null) { X509Certificate2 startOcspCert = DetermineStartCert(new List<X509Certificate2>(ocspCerts)); if (startOcspCert.IssuerName.Name != enumerator.Current.Certificate.SubjectName.Name) { var chainOcsp = CertUtil.GetCertChain(startOcspCert, ocspCerts); AddCertificate(chainOcsp.ChainElements[1].Certificate, unsignedProperties, true, ocspCerts); } } } AddCertificate(enumerator.Current.Certificate, unsignedProperties, true, extraCerts); } }
private void ConfigureCertInstall(IOfferRemoteOperations server, X509Certificate2 cert) { var certScript = string.Format("[byte[]]$byteArray = {0}; $myCert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2(,$byteArray); ", string.Join(",", cert.GetRawCertData())); certScript += string.Format("$store = new-object System.Security.Cryptography.X509Certificates.X509Store('{0}', '{1}'); $store.open(“MaxAllowed”); $store.add($myCert); $store.close();", StoreName.My, StoreLocation.LocalMachine); server.ExecuteRemote.PowerShell(certScript, o => o.WaitIntervalInSeconds(15).RetryAttempts(3)); }
[Test] // bug #79028 public void Ctor_FileName_Password () { string tempFile = Path.GetTempFileName (); try { using (FileStream fs = File.OpenWrite (tempFile)) { fs.Write (cert_1, 0, cert_1.Length); fs.Close (); } // password isn't required but supplied X509Certificate2 cert = new X509Certificate2 (tempFile, "mono"); Assert.IsNotNull (cert.RawData, "#1"); Assert.AreEqual (cert_1.Length, cert.RawData.Length, "#2"); Assert.AreEqual (cert_1, cert.RawData, "#3"); Assert.IsNotNull (cert.GetRawCertData (), "#4"); Assert.AreEqual (cert_1.Length, cert.GetRawCertData ().Length, "#5"); Assert.AreEqual (cert_1, cert.GetRawCertData (), "#6"); } finally { File.Delete (tempFile); } }
private static void InstallCertificateMono(X509Certificate2 cert, ushort port) { string dirname = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData); string path = Path.Combine(dirname, ".mono"); path = Path.Combine(path, "httplistener"); string cert_file = Path.Combine(path, String.Format("{0}.cer", port)); string pvk_file = Path.Combine(path, String.Format("{0}.pvk", port)); Directory.CreateDirectory(path); WriteCertificate(cert_file, cert.GetRawCertData()); var privKey = new PrivateKey(); privKey.RSA = (RSA)cert.PrivateKey; privKey.Save(pvk_file); }
/// <summary cref="ICertificateStore.Add(X509Certificate2)" /> public void Add(X509Certificate2 certificate) { if (certificate == null) throw new ArgumentNullException("certificate"); lock (m_lock) { byte[] data = null; // check for certificate file. Entry entry = Find(certificate.Thumbprint); if (entry != null) { throw new ArgumentException("A certificate with the same thumbprint is already in the store."); } if (certificate.HasPrivateKey) { data = certificate.Export(X509ContentType.Pkcs12, new System.Security.SecureString()); } else { data = certificate.GetRawCertData(); } // build file name. string fileName = GetFileName(certificate); // write the private and public key. WriteFile(data, fileName, certificate.HasPrivateKey); if (certificate.HasPrivateKey) { WriteFile(certificate.GetRawCertData(), fileName, false); } m_lastDirectoryCheck = DateTime.MinValue; } }
/// <summary> /// Adds the certificate to the Trusted Certificate Store /// </summary> /// <param name="configuration">The application's configuration which specifies the location of the TrustedStore.</param> /// <param name="certificate">The certificate to register.</param> private static void AddToTrustedStore(ApplicationConfiguration configuration, X509Certificate2 certificate) { string storePath = null; if (configuration != null && configuration.SecurityConfiguration != null && configuration.SecurityConfiguration.TrustedPeerCertificates != null) { storePath = configuration.SecurityConfiguration.TrustedPeerCertificates.StorePath; } if (String.IsNullOrEmpty(storePath)) { Utils.Trace(Utils.TraceMasks.Information, "WARNING: Trusted peer store not specified."); return; } try { ICertificateStore store = configuration.SecurityConfiguration.TrustedPeerCertificates.OpenStore(); if (store == null) { Utils.Trace("Could not open trusted peer store. StorePath={0}", storePath); return; } try { // check if it already exists. X509Certificate2 certificate2 = store.FindByThumbprint(certificate.Thumbprint); if (certificate2 != null) { return; } Utils.Trace(Utils.TraceMasks.Information, "Adding certificate to trusted peer store. StorePath={0}", storePath); List<string> subjectName = Utils.ParseDistinguishedName(certificate.Subject); // check for old certificate. X509Certificate2Collection certificates = store.Enumerate(); for (int ii = 0; ii < certificates.Count; ii++) { if (Utils.CompareDistinguishedName(certificates[ii], subjectName)) { if (certificates[ii].Thumbprint == certificate.Thumbprint) { return; } store.Delete(certificates[ii].Thumbprint); break; } } // add new certificate. X509Certificate2 publicKey = new X509Certificate2(certificate.GetRawCertData()); store.Add(publicKey); } finally { store.Close(); } } catch (Exception e) { Utils.Trace(e, "Could not add certificate to trusted peer store. StorePath={0}", storePath); } }
/// <summary> /// Read CA private key file from .key or pfx file /// Read data from certificate request file .csr /// Generate signed certificate request file .cer /// </summary> /// <param name="signedCERFile"></param> /// <param name="privateKeyFile"></param> /// <param name="v"></param> /// <param name="password"></param> private async void GenerateCerFile(string certRequestFile, string privateKeyFile, string generateSignedCertificateFile, string password, string friendlyName, DateTime startDate, DateTime endDate) { #region LoadCertificate // read public & private key from file AsymmetricKeyParameter privateKey = null; AsymmetricKeyParameter publicKey = null; System.Security.Cryptography.X509Certificates.X509Certificate2 issuerCertificate = null; Org.BouncyCastle.X509.X509Certificate issuerCertificateX509 = null; // Ovo NE radi //issuerCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2( // privateKeyFile, // password // ); // Ovo RADI issuerCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2( privateKeyFile, password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable ); // This doesn't work for selfsign certificate //bool isOK = issuerCertificate.Verify(); bool isHasPrivateKey = issuerCertificate.HasPrivateKey; DateTime noAfter = issuerCertificate.NotAfter; DateTime noBefore = issuerCertificate.NotBefore; X509ExtensionCollection x509extensions = issuerCertificate.Extensions; int errorNum = 0; X509CertificateParser parser = new X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate bouncyCertificate = parser.ReadCertificate(issuerCertificate.RawData); BasicConstraints basicConstraints = null; bool isCa = false; Asn1OctetString str = bouncyCertificate.GetExtensionValue(new DerObjectIdentifier("2.5.29.19")); if (str != null) { basicConstraints = BasicConstraints.GetInstance( X509ExtensionUtilities.FromExtensionValue(str)); if (basicConstraints != null) { isCa = basicConstraints.IsCA(); } } if (!isCa) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "Loaded CA file: " + privateKeyFile + " IS NOT CA authority certificate file!" + "\n"; tbOutputMessageBox.Foreground = bckForeground; } // This doesn't work for selfsign certificate //if (!isOK) //{ // errorNum++; // Brush bckForeground = tbOutputMessageBox.Foreground; // tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); // tbOutputMessageBox.Text += "File with CA certificate NOT valid." + "\n"; // tbOutputMessageBox.Foreground = bckForeground; //} if (!isHasPrivateKey) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "File with CA certificate DOES NOT have a private key." + "\n"; tbOutputMessageBox.Foreground = bckForeground; } if (noBefore > startDate) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "File with CA certificate start date: " + startDate.ToLocalTime() + " DOES NOT valid value. Certificate start date is: " + noBefore.ToLocalTime() + "\n"; tbOutputMessageBox.Foreground = bckForeground; } if (noAfter < endDate) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "File with CA certificate end date: " + endDate.ToLocalTime() + " DOES NOT valid value. Certificate end date is: " + noAfter.ToLocalTime() + "\n"; tbOutputMessageBox.Foreground = bckForeground; } if (errorNum > 0) { Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "File with CA certificate has error!!!" + "\n"; tbOutputMessageBox.Foreground = bckForeground; return; } bool isOk = issuerCertificate.Verify(); AsymmetricCipherKeyPair issuerKeyPairTmp = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey); privateKey = issuerKeyPairTmp.Private; publicKey = issuerKeyPairTmp.Public; issuerCertificateX509 = new Org.BouncyCastle.X509.X509CertificateParser().ReadCertificate(issuerCertificate.GetRawCertData()); issuerCertificateX509.Verify(publicKey); Org.BouncyCastle.X509.X509Certificate x509 = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(issuerCertificate); x509.Verify(publicKey); x509.CheckValidity(startDate); #endregion // Read certificate request .csr file Pkcs10CertificationRequest cerRequest = null; try { String input_data = File.ReadAllText(certRequestFile); StringReader sr = new StringReader(input_data); PemReader pr = new PemReader(sr); cerRequest = (Pkcs10CertificationRequest)pr.ReadObject(); tbOutputMessageBox.Text += "Verify file with certificate request : " + certRequestFile + "\n"; bool requestIsOK = cerRequest.Verify(); if (requestIsOK) { tbOutputMessageBox.Text += "File with certificate request : " + certRequestFile + " is OK." + "\n"; } else { tbOutputMessageBox.Text += "File with certificate request : " + certRequestFile + " NOT valid." + "\n"; return; } } catch (Exception ex) { var metroWindow = (Application.Current.MainWindow as MetroWindow); await metroWindow.ShowMessageAsync("Info Warning", "ERROR reading certificate request file (.csr)" + "\n" + "Error: " + ex.Source + " " + ex.Message, MessageDialogStyle.Affirmative); return; } Org.BouncyCastle.X509.X509Certificate genCert = GenerateSignedCertificate( cerRequest, x509, issuerKeyPairTmp, startDate, endDate); try { File.WriteAllBytes(System.IO.Path.ChangeExtension(generateSignedCertificateFile, ".cer"), genCert.GetEncoded()); tbOutputMessageBox.Text += "Certificate file: " + generateSignedCertificateFile + " sucessfully saved." + "\n"; signedRequestFileNamePath = generateSignedCertificateFile; btnContinue.IsEnabled = true; } catch (Exception) { tbOutputMessageBox.Text += "Certificate file sucessfully generated." + "\n"; } #region Public Key //try //{ // var store = new Pkcs12Store(); // string friendlyName1 = issuerCertificateX509.SubjectDN.ToString(); // var certificateEntry = new X509CertificateEntry(issuerCertificateX509); // store.SetCertificateEntry(friendlyName1, certificateEntry); // store.SetKeyEntry(friendlyName1, new AsymmetricKeyEntry(privateKey), new[] { certificateEntry }); // var stream = new MemoryStream(); // var random1 = GetSecureRandom(); // store.Save(stream, "password".ToCharArray(), random1); // //Verify that the certificate is valid. // var convertedCertificate = new X509Certificate2(stream.ToArray(), "password", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); // //Write the file. // File.WriteAllBytes(generateSignedCertificateFile, stream.ToArray()); // File.WriteAllBytes(System.IO.Path.ChangeExtension(generateSignedCertificateFile, ".cer"), genCert.GetEncoded()); // //using (TextWriter tw = new StreamWriter(outputPublicKeyName)) // //{ // // PemWriter pw = new PemWriter(tw); // // pw.WriteObject(subjectKeyPair.Public); // // tw.Flush(); // //} // tbOutputMessageBox.Text += "File with private key: " + generateSignedCertificateFile + " sucessfully generated." + "\n"; //} //catch (Exception ex) //{ // var metroWindow = (Application.Current.MainWindow as MetroWindow); // await metroWindow.ShowMessageAsync("Info Warning", // "ERROR creating certificate private key file (.key)" + "\n" + // "Error: " + ex.Source + " " + ex.Message, // MessageDialogStyle.Affirmative); // return; //} //StringBuilder publicKeyStrBuilder = new StringBuilder(); //PemWriter publicKeyPemWriter = new PemWriter(new StringWriter(publicKeyStrBuilder)); //publicKeyPemWriter.WriteObject(genCert.GetPublicKey()); //publicKeyPemWriter.Writer.Flush(); //string publicKey = publicKeyStrBuilder.ToString(); //try //{ // using (TextWriter tw = new StreamWriter(generateSignedCertificateFile)) // { // PemWriter pw = new PemWriter(tw); // pw.WriteObject(genCert.GetPublicKey()); // tw.Flush(); // } // tbOutputMessageBox.Text += "File with private key: " + generateSignedCertificateFile + " sucessfully generated." + "\n"; //} //catch (Exception ex) //{ // var metroWindow = (Application.Current.MainWindow as MetroWindow); // await metroWindow.ShowMessageAsync("Info Warning", // "ERROR creating certificate private key file (.key)" + "\n" + // "Error: " + ex.Source + " " + ex.Message, // MessageDialogStyle.Affirmative); // return; //} #endregion Public Key }
public void Export_SerializedCert () { X509Certificate cert = new X509Certificate (cert1); byte[] data = cert.Export (X509ContentType.SerializedCert); // usable X509Certificate2 c = new X509Certificate2 (data); Assert.AreEqual (cert1, c.GetRawCertData (), "Equals"); }
public void Ctor_ByteArray () { X509Certificate2 cert = new X509Certificate2 (cert_1); Assert.IsNotNull (cert.RawData, "#1"); Assert.AreEqual (cert_1.Length, cert.RawData.Length, "#2"); Assert.AreEqual (cert_1, cert.RawData, "#3"); Assert.IsNotNull (cert.GetRawCertData (), "#4"); Assert.AreEqual (cert_1.Length, cert.GetRawCertData ().Length, "#5"); Assert.AreEqual (cert_1, cert.GetRawCertData (), "#6"); }
/// <summary> /// Method to update vault certificate /// </summary> /// <param name="cert">certificate object </param> /// <returns>Upload Certificate Response</returns> private async Task<UploadCertificateResponse> UpdateVaultCertificate(X509Certificate2 cert) { var certificateArgs = new CertificateArgs(); certificateArgs.Properties = new Dictionary<string, string>(); certificateArgs.Properties.Add("certificate", Convert.ToBase64String(cert.GetRawCertData())); // CertificateArgs.Properties.Add("ContractVersion", "V2012_12"); UploadCertificateResponse response = await this.UpdateVaultCertificate(certificateArgs, cert.FriendlyName); return response; }
[Test] // bug #79028 public void Ctor_ByteArray_Password () { // password isn't required but supplied X509Certificate2 cert = new X509Certificate2 (cert_1, "mono"); Assert.IsNotNull (cert.RawData, "#1"); Assert.AreEqual (cert_1.Length, cert.RawData.Length, "#2"); Assert.AreEqual (cert_1, cert.RawData, "#3"); Assert.IsNotNull (cert.GetRawCertData (), "#4"); Assert.AreEqual (cert_1.Length, cert.GetRawCertData ().Length, "#5"); Assert.AreEqual (cert_1, cert.GetRawCertData (), "#6"); }
/// <summary> /// Compares two certificates. /// </summary> protected static void CompareCertificates(X509Certificate2 expected, X509Certificate2 actual, bool allowNull) { bool equal = true; if (expected == null) { equal = actual == null; // accept everything if no expected certificate and nulls are allowed. if (allowNull) { equal = true; } } else if (actual == null) { equal = allowNull; } else if (!Utils.IsEqual(expected.GetRawCertData(), actual.GetRawCertData())) { equal = false; } if (!equal) { throw ServiceResultException.Create( StatusCodes.BadCertificateInvalid, "Certificate mismatch. Expecting '{0}'/{1},. Received '{2}'/{3}.", (expected != null) ? expected.Subject : "(null)", (expected != null) ? expected.Thumbprint : "(null)", (actual != null) ? actual.Subject : "(null)", (actual != null) ? actual.Thumbprint : "(null)"); } }
/// <summary> /// Create an X509 certificate based Asymmetric key credential. /// </summary> /// <param name="startTime">Start time.</param> /// <param name="endTime">End time of the credential.</param> /// <param name="certificate">Certificate credential.</param> /// <returns>Asymmetric key credential.</returns> public static KeyCredential CreateAsymmetricKeyCredential( DateTime startTime, DateTime endTime, X509Certificate2 certificate) { Utils.ThrowIfNullOrEmpty(certificate, "certificate"); ValidateStartAndEndTime(startTime, endTime); KeyCredential keyCredential = new KeyCredential(); keyCredential.StartDate = startTime; keyCredential.EndDate = endTime; keyCredential.Type = KeyType.AsymmetricX509Cert.ToString(); keyCredential.Usage = KeyUsage.Verify.ToString(); keyCredential.Value = certificate.GetRawCertData(); return keyCredential; }
public static byte[] CalculateCertificateID(X509Certificate2 x) { System.Security.Cryptography.MD5CryptoServiceProvider m = new System.Security.Cryptography.MD5CryptoServiceProvider(); return m.ComputeHash(x.GetRawCertData()); }
private static AsymmetricKeyParameter retornaParametrosCertificado(string caminhoCertificado) { try { X509Certificate2 chaveCertificada = new X509Certificate2(caminhoCertificado); X509CertificateParser parserChaveCertificada = new X509CertificateParser(); AsymmetricKeyParameter parametrosCertificado = parserChaveCertificada.ReadCertificate(chaveCertificada.GetRawCertData()).GetPublicKey(); return parametrosCertificado; } catch (Exception ex) { throw new excecao.excecao(MSG_CHAVE_INVALIDA); } }
public MasFacturacion.StampingConnector.StampingService.comprobante EncryptPFX(MasFacturacion.StampingConnector.StampingService.comprobante cfd, TypeCryptoServiceProvider Algorithm, byte[] pfx, string Password) { string pathXSLT = ConfigurationManager.AppSettings["pathSATFiles"] + @"files SAT/localxslt/cadenaoriginal_3_2.xslt"; string xmlComprobante = Serializer.SerializeComprobante(cfd); if (null == pfx) { throw new Exception("No existe el certificado de la empresa"); } try { X509Certificate2 certX509 = default(X509Certificate2); RSACryptoServiceProvider rsa = default(RSACryptoServiceProvider); SHA1CryptoServiceProvider cspSha1 = default(SHA1CryptoServiceProvider); MD5CryptoServiceProvider cspMd5 = default(MD5CryptoServiceProvider); NumberFormatInfo nfi = new CultureInfo("en-US", false).NumberFormat; byte[] bytesFirmados = default(byte[]); nfi.NumberDecimalDigits = 1; certX509 = new X509Certificate2(pfx, Password, X509KeyStorageFlags.MachineKeySet); string strOriginal = MasFacturacion.StampingConnector.Utilities.Util.generaCadenaOriginal(pathXSLT, xmlComprobante); rsa = (RSACryptoServiceProvider)certX509.PrivateKey; byte[] data = Encoding.UTF8.GetBytes(strOriginal); switch (Algorithm) { case TypeCryptoServiceProvider.MD5: cspMd5 = new MD5CryptoServiceProvider(); bytesFirmados = rsa.SignData(data, cspMd5); break; case TypeCryptoServiceProvider.SHA1: cspSha1 = new SHA1CryptoServiceProvider(); bytesFirmados = rsa.SignData(data, cspSha1); break; } cfd.sello = Convert.ToBase64String(bytesFirmados); cfd.noCertificado = hexString2Ascii(certX509.SerialNumber); // cfd.version = certX509.Version.ToString("N", nfi); cfd.certificado = Convert.ToBase64String(certX509.GetRawCertData()); } catch (Exception) { throw new Exception("No se puede generar el sello"); } return cfd; }
/// <summary> /// Determina si un certificado ya ha sido añadido a la colección de certificados /// </summary> /// <param name="cert"></param> /// <param name="unsignedProperties"></param> /// <returns></returns> private bool CertificateChecked(X509Certificate2 cert, UnsignedProperties unsignedProperties) { string certHash = null; using (var hashAlg = DigestUtil.GetHashAlg(_firma.RefsDigestMethod)) { certHash = Convert.ToBase64String(hashAlg.ComputeHash(cert.GetRawCertData())); } foreach (Cert item in unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs.CertRefs.CertCollection) { if (Convert.ToBase64String(item.CertDigest.DigestValue) == certHash) { return true; } } return false; }
/// <summary> /// Upload cert to idmgmt /// </summary> /// <param name="managementCert">certificate to be uploaded</param> /// <param name="vault">vault object</param> /// <returns>Upload Certificate Response</returns> public UploadCertificateResponse UploadCertificate(X509Certificate2 managementCert, ARSVault vault) { var certificateArgs = new CertificateArgs(); certificateArgs.Properties = new Dictionary<string, string>(); certificateArgs.Properties.Add("certificate", Convert.ToBase64String(managementCert.GetRawCertData())); var response = this.recoveryServicesClient.VaultExtendedInfo.UploadCertificateAsync( vault.ResourceGroupName, vault.Name, certificateArgs, managementCert.FriendlyName, this.GetRequestHeaders()); response.Wait(); return response.Result; }