// Helper methods private static void IndexFolder(string folderName, StringBuilder sb, bool noProgress, bool verify) { // Process all file in folder foreach (var fileName in Directory.GetFiles(folderName)) { if (!_certExts.Contains(Path.GetExtension(fileName).ToLowerInvariant())) { continue; } // Get basic cert properties var cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(fileName); var serialNumberHex = "0x" + cert.GetSerialNumberString(); var serialNumberDec = uint.Parse(cert.GetSerialNumberString(), System.Globalization.NumberStyles.HexNumber); var email = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.EmailName, false); var domain = email.Substring(email.IndexOf('@') + 1); var name = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false); if (!noProgress) { Console.Write($"0x{serialNumberHex,-8} {email,-40} {name,-30} "); } // Verify certificate var status = "Unknown"; if (verify) { var certValid = ValidateCertificate(cert); status = certValid ? "OK" : "Revoked"; } if (!noProgress) { Console.WriteLine(status); } // Add line to index sb.AppendLine(string.Join(CSV_SEPARATOR, serialNumberHex, serialNumberDec, cert.GetCertHashString(), cert.NotBefore.ToString("yyyy-MM-dd"), cert.NotAfter.ToString("yyyy-MM-dd"), cert.PublicKey.Key.KeySize, status, domain, name, email, cert.Issuer, cert.Subject)); } // Crafl subfolders foreach (var subFolderName in Directory.GetDirectories(folderName)) { IndexFolder(subFolderName, sb, noProgress, verify); } }
public static Dictionary <string, string> ParseCert(byte[] certDER) { var ret = new Dictionary <string, string>(); try { var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certDER); //logger.Debug("X.509v3証明書の発行先であるプリンシパルの名前(古い形式)"); //logger.Debug(x509.GetName()); ret.Add("X.509v3証明書の形式の名前", x509.GetFormat()); ret.Add("バージョン", $"{x509.Version}"); ret.Add("シリアル番号", x509.GetSerialNumberString()); ret.Add("署名アルゴリズム", x509.SignatureAlgorithm.FriendlyName); ret.Add("証明書を発行した証明機関の名前", x509.Issuer); ret.Add("サブジェクトの識別名", x509.Subject); ret.Add("証明書のハッシュ値の16進文字列", x509.GetCertHashString()); ret.Add("証明書の発効日", x509.GetEffectiveDateString()); ret.Add("証明書の失効日", x509.GetExpirationDateString()); ret.Add("キーアルゴリズム情報", x509.GetKeyAlgorithm()); ret.Add("キーアルゴリズムパラメータ", x509.GetKeyAlgorithmParametersString()); ret.Add("公開鍵", x509.GetPublicKeyString()); foreach (var extension in x509.Extensions) { /* * if (extension.Oid.FriendlyName == "キー使用法") { * var ext = (X509KeyUsageExtension)extension; * ret.Add("Extension キー使用法", ext.KeyUsages.ToString()); * } * if (extension.Oid.FriendlyName == "拡張キー使用法") { * var ext = (X509EnhancedKeyUsageExtension)extension; * string value = ""; * var oids = ext.EnhancedKeyUsages; * foreach (var oid in oids) { * value = value + oid.FriendlyName + "(" + oid.Value + ")"; * } * ret.Add("Extension 拡張キー使用法", value); * } */ ret.Add($"- Extension {extension.Oid.FriendlyName}", extension.Oid.Value); } //logger.Debug("X.509v3証明書を発行した証明機関の名前(古い形式)"); //logger.Debug(x509.GetIssuerName()); //logger.Debug("X.509証明書全体の生データ"); //logger.Debug(x509.GetRawCertDataString()); } catch (Exception ex) { logger.Debug(ex); } return(ret); }
public static CertificadoDigital GetCertificadoDigital_v2(byte[] archivoCer) { var srtBase64 = ""; var certificado = new CertificadoDigital(); System.Security.Cryptography.X509Certificates.X509Certificate2 certEmisor = new System.Security.Cryptography.X509Certificates.X509Certificate2(); byte[] data = archivoCer; certEmisor.Import(data); srtBase64 = Convert.ToBase64String(certEmisor.GetRawCertData()); certificado.Certificado = certEmisor.GetRawCertDataString(); certificado.CertificadoBase64 = srtBase64; byte[] byteArray = certEmisor.GetSerialNumber(); //string test = byteArray.ToString(); string strSerialHex = certEmisor.GetSerialNumberString(); string serialTest2 = certEmisor.SerialNumber; var strSerial = ConvertHexToString(strSerialHex); //var str = System.Text.Encoding.Default.GetString(byteArray); //string result = System.Text.Encoding.UTF8.GetString(byteArray); //System.Text.Encoding enc = System.Text.Encoding.ASCII; //string myString = enc.GetString(byteArray); //string s = System.Text.UTF8Encoding.UTF8.GetString(byteArray); //char[] array = str.ToCharArray(); //Array.Reverse(array); //var nuevoStr = new string(array); certificado.NoCertificado = strSerial;//str; return(certificado); }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider(VaultProfile)) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) throw new InvalidOperationException("No registrations found"); var ri = v.Registrations[0]; var r = ri.Registration; if (v.Certificates == null || v.Certificates.Count < 1) throw new InvalidOperationException("No certificates found"); var ci = v.Certificates.GetByRef(Ref); if (ci == null) throw new Exception("Unable to find a Certificate for the given reference"); if (!LocalOnly) { if (ci.CertificateRequest == null) throw new Exception("Certificate has not been submitted yet; cannot update status"); using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); c.RefreshCertificateRequest(ci.CertificateRequest, UseBaseURI); } if ((Repeat || string.IsNullOrEmpty(ci.CrtPemFile)) && !string.IsNullOrEmpty(ci.CertificateRequest.CertificateContent)) { var crtDerFile = $"{ci.Id}-crt.der"; var crtPemFile = $"{ci.Id}-crt.pem"; var crtDerAsset = vp.ListAssets(crtDerFile, VaultAssetType.CrtDer).FirstOrDefault(); var crtPemAsset = vp.ListAssets(crtPemFile, VaultAssetType.CrtPem).FirstOrDefault(); if (crtDerAsset == null) crtDerAsset = vp.CreateAsset(VaultAssetType.CrtDer, crtDerFile); if (crtPemAsset == null) crtPemAsset = vp.CreateAsset(VaultAssetType.CrtPem, crtPemFile); using (var s = vp.SaveAsset(crtDerAsset)) { ci.CertificateRequest.SaveCertificate(s); ci.CrtDerFile = crtDerFile; } using (Stream source = vp.LoadAsset(crtDerAsset), target = vp.SaveAsset(crtPemAsset)) { CsrHelper.Crt.ConvertDerToPem(source, target); ci.CrtPemFile = crtPemFile; } var crt = new X509Certificate2(ci.CertificateRequest.GetCertificateContent()); ci.SerialNumber = crt.SerialNumber; ci.Thumbprint = crt.Thumbprint; ci.SignatureAlgorithm = crt.SignatureAlgorithm?.FriendlyName; ci.Signature = crt.GetCertHashString(); } if (Repeat || string.IsNullOrEmpty(ci.IssuerSerialNumber)) { var linksEnum = ci.CertificateRequest.Links; if (linksEnum != null) { var links = new LinkCollection(linksEnum); var upLink = links.GetFirstOrDefault("up"); if (upLink != null) { var tmp = Path.GetTempFileName(); try { using (var web = new WebClient()) { if (v.Proxy != null) web.Proxy = v.Proxy.GetWebProxy(); var uri = new Uri(new Uri(v.BaseURI), upLink.Uri); web.DownloadFile(uri, tmp); } var cacert = new X509Certificate2(tmp); var sernum = cacert.GetSerialNumberString(); var tprint = cacert.Thumbprint; var sigalg = cacert.SignatureAlgorithm?.FriendlyName; var sigval = cacert.GetCertHashString(); if (v.IssuerCertificates == null) v.IssuerCertificates = new OrderedNameMap<IssuerCertificateInfo>(); if (Repeat || !v.IssuerCertificates.ContainsKey(sernum)) { var cacertDerFile = $"ca-{sernum}-crt.der"; var cacertPemFile = $"ca-{sernum}-crt.pem"; var issuerDerAsset = vp.ListAssets(cacertDerFile, VaultAssetType.IssuerDer).FirstOrDefault(); var issuerPemAsset = vp.ListAssets(cacertPemFile, VaultAssetType.IssuerPem).FirstOrDefault(); if (Repeat || issuerDerAsset == null) { if (issuerDerAsset == null) issuerDerAsset = vp.CreateAsset(VaultAssetType.IssuerDer, cacertDerFile); using (Stream fs = new FileStream(tmp, FileMode.Open), s = vp.SaveAsset(issuerDerAsset)) { fs.CopyTo(s); } } if (Repeat || issuerPemAsset == null) { if (issuerPemAsset == null) issuerPemAsset = vp.CreateAsset(VaultAssetType.IssuerPem, cacertPemFile); using (Stream source = vp.LoadAsset(issuerDerAsset), target = vp.SaveAsset(issuerPemAsset)) { CsrHelper.Crt.ConvertDerToPem(source, target); } } v.IssuerCertificates[sernum] = new IssuerCertificateInfo { SerialNumber = sernum, Thumbprint = tprint, SignatureAlgorithm = sigalg, Signature = sigval, CrtDerFile = cacertDerFile, CrtPemFile = cacertPemFile, }; } ci.IssuerSerialNumber = sernum; } finally { if (File.Exists(tmp)) File.Delete(tmp); } } } } } v.Alias = StringHelper.IfNullOrEmpty(Alias); v.Label = StringHelper.IfNullOrEmpty(Label); v.Memo = StringHelper.IfNullOrEmpty(Memo); vp.SaveVault(v); WriteObject(ci); } }
public static string GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp) { var linksEnum = certificate.Links; if (linksEnum != null) { var links = new LinkCollection(linksEnum); var upLink = links.GetFirstOrDefault("up"); if (upLink != null) { var tmp = Path.GetTempFileName(); try { using (var web = new WebClient()) { var uri = new Uri(new Uri(BaseURI), upLink.Uri); web.DownloadFile(uri, tmp); } var cacert = new X509Certificate2(tmp); var sernum = cacert.GetSerialNumberString(); var tprint = cacert.Thumbprint; var sigalg = cacert.SignatureAlgorithm?.FriendlyName; var sigval = cacert.GetCertHashString(); var cacertDerFile = Path.Combine(certificatePath, $"ca-{sernum}-crt.der"); var cacertPemFile = Path.Combine(certificatePath, $"ca-{sernum}-crt.pem"); if (!File.Exists(cacertDerFile)) File.Copy(tmp, cacertDerFile, true); Console.WriteLine($" Saving Issuer Certificate to {cacertPemFile}"); Log.Information("Saving Issuer Certificate to {cacertPemFile}", cacertPemFile); if (!File.Exists(cacertPemFile)) using (FileStream source = new FileStream(cacertDerFile, FileMode.Open), target = new FileStream(cacertPemFile, FileMode.Create)) { var caCrt = cp.ImportCertificate(EncodingFormat.DER, source); cp.ExportCertificate(caCrt, EncodingFormat.PEM, target); } return cacertPemFile; } finally { if (File.Exists(tmp)) File.Delete(tmp); } } } return null; }
protected override void ProcessRecord() { using (var vlt = Util.VaultHelper.GetVault(VaultProfile)) { vlt.OpenStorage(); var v = vlt.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) throw new InvalidOperationException("No registrations found"); var ri = v.Registrations[0]; var r = ri.Registration; if (v.Certificates == null || v.Certificates.Count < 1) throw new InvalidOperationException("No certificates found"); var ci = v.Certificates.GetByRef(CertificateRef, throwOnMissing: false); if (ci == null) throw new Exception("Unable to find a Certificate for the given reference"); // If we're renaming the Alias, do that // first in case there are any problems if (NewAlias != null) { v.Certificates.Rename(CertificateRef, NewAlias); ci.Alias = NewAlias == "" ? null : NewAlias; } if (!LocalOnly) { if (ci.CertificateRequest == null) throw new Exception("Certificate has not been submitted yet; cannot update status"); using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); c.RefreshCertificateRequest(ci.CertificateRequest, UseBaseUri); } if ((Repeat || string.IsNullOrEmpty(ci.CrtPemFile)) && !string.IsNullOrEmpty(ci.CertificateRequest.CertificateContent)) { var crtDerFile = $"{ci.Id}-crt.der"; var crtPemFile = $"{ci.Id}-crt.pem"; var crtDerAsset = vlt.ListAssets(crtDerFile, VaultAssetType.CrtDer).FirstOrDefault(); var crtPemAsset = vlt.ListAssets(crtPemFile, VaultAssetType.CrtPem).FirstOrDefault(); if (crtDerAsset == null) crtDerAsset = vlt.CreateAsset(VaultAssetType.CrtDer, crtDerFile); if (crtPemAsset == null) crtPemAsset = vlt.CreateAsset(VaultAssetType.CrtPem, crtPemFile); using (var cp = PkiHelper.GetPkiTool( StringHelper.IfNullOrEmpty(PkiTool, v.PkiTool))) { var bytes = ci.CertificateRequest.GetCertificateContent(); using (Stream source = new MemoryStream(bytes), derTarget = vlt.SaveAsset(crtDerAsset), pemTarget = vlt.SaveAsset(crtPemAsset)) { var crt = cp.ImportCertificate(EncodingFormat.DER, source); // We're saving the DER format cert "through" // the CP in order to validate its content cp.ExportCertificate(crt, EncodingFormat.DER, derTarget); ci.CrtDerFile = crtDerFile; cp.ExportCertificate(crt, EncodingFormat.PEM, pemTarget); ci.CrtPemFile = crtPemFile; } } var x509 = new X509Certificate2(ci.CertificateRequest.GetCertificateContent()); ci.SerialNumber = x509.SerialNumber; ci.Thumbprint = x509.Thumbprint; ci.SignatureAlgorithm = x509.SignatureAlgorithm?.FriendlyName; ci.Signature = x509.GetCertHashString(); } if (Repeat || string.IsNullOrEmpty(ci.IssuerSerialNumber)) { var linksEnum = ci.CertificateRequest.Links; if (linksEnum != null) { var links = new LinkCollection(linksEnum); var upLink = links.GetFirstOrDefault("up"); if (upLink != null) { // We need to save the ICA certificate to a local // temp file so that we can read it in and store // it properly as a vault asset through a stream var tmp = Path.GetTempFileName(); try { using (var web = new WebClient()) { if (v.Proxy != null) web.Proxy = v.Proxy.GetWebProxy(); var uri = new Uri(new Uri(v.BaseUri), upLink.Uri); web.DownloadFile(uri, tmp); } var cacert = new X509Certificate2(tmp); var sernum = cacert.GetSerialNumberString(); var tprint = cacert.Thumbprint; var sigalg = cacert.SignatureAlgorithm?.FriendlyName; var sigval = cacert.GetCertHashString(); if (v.IssuerCertificates == null) v.IssuerCertificates = new OrderedNameMap<IssuerCertificateInfo>(); if (Repeat || !v.IssuerCertificates.ContainsKey(sernum)) { var cacertDerFile = $"ca-{sernum}-crt.der"; var cacertPemFile = $"ca-{sernum}-crt.pem"; var issuerDerAsset = vlt.ListAssets(cacertDerFile, VaultAssetType.IssuerDer).FirstOrDefault(); var issuerPemAsset = vlt.ListAssets(cacertPemFile, VaultAssetType.IssuerPem).FirstOrDefault(); if (Repeat || issuerDerAsset == null) { if (issuerDerAsset == null) issuerDerAsset = vlt.CreateAsset(VaultAssetType.IssuerDer, cacertDerFile); using (Stream fs = new FileStream(tmp, FileMode.Open), s = vlt.SaveAsset(issuerDerAsset)) { fs.CopyTo(s); } } if (Repeat || issuerPemAsset == null) { if (issuerPemAsset == null) issuerPemAsset = vlt.CreateAsset(VaultAssetType.IssuerPem, cacertPemFile); using (var cp = PkiHelper.GetPkiTool( StringHelper.IfNullOrEmpty(PkiTool, v.PkiTool))) { using (Stream source = vlt.LoadAsset(issuerDerAsset), target = vlt.SaveAsset(issuerPemAsset)) { var crt = cp.ImportCertificate(EncodingFormat.DER, source); cp.ExportCertificate(crt, EncodingFormat.PEM, target); } } } v.IssuerCertificates[sernum] = new IssuerCertificateInfo { SerialNumber = sernum, Thumbprint = tprint, SignatureAlgorithm = sigalg, Signature = sigval, CrtDerFile = cacertDerFile, CrtPemFile = cacertPemFile, }; } ci.IssuerSerialNumber = sernum; } finally { if (File.Exists(tmp)) File.Delete(tmp); } } } } } ci.Label = StringHelper.IfNullOrEmpty(Label); ci.Memo = StringHelper.IfNullOrEmpty(Memo); vlt.SaveVault(v); WriteObject(ci); } }
public override void AssignSession(Session oS) { base.AssignSession(oS); var dataItems = new List<DataItem>(); dataItems.Add(new DataItem("Is Https", oS.isHTTPS)); if (oS.isHTTPS && oS.oFlags.ContainsKey(CertificateStorage.CeritificateRequestPropertyName)) { try { var thumbprint = oS.oFlags[CertificateStorage.CeritificateRequestPropertyName]; FiddlerApplication.Log.LogString(thumbprint); if (CertificateStorage.Certificates.ContainsKey(thumbprint)) { var certificate = CertificateStorage.Certificates[thumbprint]; var cert = new X509Certificate2(certificate); _informationTab.Certificate = cert; //most commonly desired information up top. dataItems.InsertRange(0, new[] { new DataItem("FriendlyName", cert.FriendlyName), new DataItem("Subject", cert.Subject), new DataItem("Issuer", cert.Issuer), new DataItem("Effective Date", cert.GetEffectiveDateString()), new DataItem("Expiration Date", cert.GetExpirationDateString()), new DataItem("Thumbprint", cert.Thumbprint), new DataItem("------------------------", "------------------------")}); //alphabatized data properties below dataItems.Add(new DataItem("Archived", cert.Archived)); dataItems.Add(new DataItem("FriendlyName", cert.FriendlyName)); dataItems.Add(new DataItem("Certficate Hash", cert.GetCertHashString())); dataItems.Add(new DataItem("Certificate Format", cert.GetFormat())); dataItems.Add(new DataItem("Effective Date", cert.GetEffectiveDateString())); dataItems.Add(new DataItem("Expiration Date", cert.GetExpirationDateString())); dataItems.Add(new DataItem("Full Issuer Name", cert.IssuerName.Format(true))); dataItems.Add(new DataItem("Full Subject Name", cert.SubjectName.Format(true))); dataItems.Add(new DataItem("Has Private Key", cert.HasPrivateKey)); dataItems.Add(new DataItem("Issuer", cert.Issuer)); dataItems.Add(new DataItem("Key Algorithm", cert.GetKeyAlgorithm())); dataItems.Add(new DataItem("Key Algorithm Parameters", cert.GetKeyAlgorithmParametersString())); dataItems.Add(new DataItem("Public Key", cert.GetPublicKeyString())); dataItems.Add(new DataItem("Raw Certificate Data", cert.GetRawCertDataString())); dataItems.Add(new DataItem("SerialNumberString", cert.GetSerialNumberString())); dataItems.Add(new DataItem("Subject", cert.Subject)); dataItems.Add(new DataItem("Thumbprint", cert.Thumbprint)); dataItems.Add(new DataItem("Version", cert.Version)); dataItems.Add(new DataItem("------------------------", "------------------------")); dataItems.Add(new DataItem("Extensions", string.Empty)); dataItems.Add(new DataItem("------------------------", "------------------------")); foreach (var extension in cert.Extensions) { dataItems.Add(new DataItem(extension.Oid.FriendlyName, extension.Format(true))); } } } catch (Exception ex) { FiddlerApplication.Log.LogString("Unexpected error loading the assigned certificate." + ex.Message); } } _informationTab.DataGrid.DataSource = dataItems; }
private void OutputCertificate(X509Certificate2 x509Certificate) { System.Diagnostics.Debug.WriteLine(""); System.Diagnostics.Debug.WriteLine("Certificate Data: ******************************************************************"); System.Diagnostics.Debug.WriteLine(""); System.Diagnostics.Debug.WriteLine("Basic Certificate Information"); //System.Diagnostics.Debug.WriteLine("\t Content Type: " + X509Certificate2.GetCertContentType(x509Certificate.RawData)); System.Diagnostics.Debug.WriteLine("\t Format: " + x509Certificate.GetFormat()); System.Diagnostics.Debug.WriteLine("\t Version: " + x509Certificate.Version.ToString()); System.Diagnostics.Debug.WriteLine("\t Hash String: " + x509Certificate.GetCertHashString()); System.Diagnostics.Debug.WriteLine("\t Issuer Name: " + x509Certificate.IssuerName.Name); System.Diagnostics.Debug.WriteLine("\t Issuer Name OID: " + x509Certificate.IssuerName.Oid.Value); System.Diagnostics.Debug.WriteLine("\t Subject Name: " + x509Certificate.SubjectName.Name); System.Diagnostics.Debug.WriteLine("\t Serial Number: " + x509Certificate.GetSerialNumberString()); System.Diagnostics.Debug.WriteLine("\t Thumb Print: " + x509Certificate.Thumbprint); System.Diagnostics.Debug.WriteLine("\t Friendly Name: " + x509Certificate.FriendlyName); System.Diagnostics.Debug.WriteLine("\t Signature Algorithm: " + x509Certificate.SignatureAlgorithm.FriendlyName); if (null != x509Certificate.PrivateKey) System.Diagnostics.Debug.WriteLine("\t Signature Key Exchange Algorithm: " + x509Certificate.PrivateKey.KeyExchangeAlgorithm); else System.Diagnostics.Debug.WriteLine("\t Signature Key Exchange Algorithm: "); System.Diagnostics.Debug.WriteLine("\t Key Algorithm Parameters: " + x509Certificate.GetKeyAlgorithmParametersString()); System.Diagnostics.Debug.WriteLine("\t Not Valid Before: " + x509Certificate.NotBefore.ToString()); System.Diagnostics.Debug.WriteLine("\t Not Valid After: " + x509Certificate.NotAfter.ToString()); System.Diagnostics.Debug.WriteLine("\t Can Be Verified: " + x509Certificate.Verify()); System.Diagnostics.Debug.WriteLine("\t Is Archived: " + x509Certificate.Archived); System.Diagnostics.Debug.WriteLine(""); System.Diagnostics.Debug.WriteLine("X509 Name Elements"); System.Diagnostics.Debug.WriteLine("\t X509 Simple Name: " + x509Certificate.GetNameInfo(X509NameType.SimpleName, false)); System.Diagnostics.Debug.WriteLine("\t X509 DNS From Alternative Name: " + x509Certificate.GetNameInfo(X509NameType.DnsFromAlternativeName, false)); System.Diagnostics.Debug.WriteLine("\t X509 DNS Name: " + x509Certificate.GetNameInfo(X509NameType.DnsName, false)); System.Diagnostics.Debug.WriteLine("\t X509 Email Name: " + x509Certificate.GetNameInfo(X509NameType.EmailName, false)); System.Diagnostics.Debug.WriteLine("\t X509 UPN Name: " + x509Certificate.GetNameInfo(X509NameType.UpnName, false)); System.Diagnostics.Debug.WriteLine("\t X509 URL Name: " + x509Certificate.GetNameInfo(X509NameType.UrlName, false)); System.Diagnostics.Debug.WriteLine(""); System.Diagnostics.Debug.WriteLine("X509 Name Elements for Issuer"); System.Diagnostics.Debug.WriteLine("\t X509 Simple Name: " + x509Certificate.GetNameInfo(X509NameType.SimpleName, true)); System.Diagnostics.Debug.WriteLine("\t X509 DNS From Alternative Name: " + x509Certificate.GetNameInfo(X509NameType.DnsFromAlternativeName, true)); System.Diagnostics.Debug.WriteLine("\t X509 DNS Name: " + x509Certificate.GetNameInfo(X509NameType.DnsName, true)); System.Diagnostics.Debug.WriteLine("\t X509 Email Name: " + x509Certificate.GetNameInfo(X509NameType.EmailName, true)); System.Diagnostics.Debug.WriteLine("\t X509 UPN Name: " + x509Certificate.GetNameInfo(X509NameType.UpnName, true)); System.Diagnostics.Debug.WriteLine("\t X509 URL Name: " + x509Certificate.GetNameInfo(X509NameType.UrlName, true)); System.Diagnostics.Debug.WriteLine(""); System.Diagnostics.Debug.WriteLine("Keys"); System.Diagnostics.Debug.WriteLine("\t Public Key: " + x509Certificate.PublicKey.Key.ToXmlString(false)); if (null != x509Certificate.PrivateKey) System.Diagnostics.Debug.WriteLine("\t Private Key: " + x509Certificate.PrivateKey.ToXmlString(false)); else System.Diagnostics.Debug.WriteLine("\t Private Key: "); System.Diagnostics.Debug.WriteLine(""); System.Diagnostics.Debug.WriteLine("Raw Cert"); System.Diagnostics.Debug.WriteLine("\t " + x509Certificate.GetRawCertDataString()); System.Diagnostics.Debug.WriteLine(""); System.Diagnostics.Debug.WriteLine("************************************************************************************"); System.Diagnostics.Debug.WriteLine(""); }
/// <summary> /// Signs the SOAP document and adds a digital signature to it. /// /// Note a lot of optional settings are applied against /// key and certificate info to match the required XML document /// structure the server requests. /// </summary> /// <param name="xmlDoc"></param> /// <param name="certFriendlyName">Friendly Name of Cert installed in the Certificate Store under CurrentUser | Personal</param> /// <returns></returns> public XmlDocument SignSoapBody(XmlDocument xmlDoc, X509Certificate2 cert) { // *** Add search Namespaces references to ensure we can reliably work // *** against any SOAP docs regardless of tag naming XmlNamespaceManager ns = new XmlNamespaceManager(xmlDoc.NameTable); ns.AddNamespace("SOAP", STR_SOAP_NS); ns.AddNamespace("SOAP-SEC", STR_SOAPSEC_NS); // *** Grab the body element - this is what we create the signature from XmlElement body = xmlDoc.DocumentElement.SelectSingleNode(@"//SOAP:Body", ns) as XmlElement; if (body == null) throw new ApplicationException("No body tag found"); // *** We'll only encode the <SOAP:Body> - add id: Reference as #Body body.SetAttribute("id", "Body"); // *** Signed XML will create Xml Signature - Xml fragment SignedXml signedXml = new SignedXml(xmlDoc); // *** Create a KeyInfo structure KeyInfo keyInfo = new KeyInfo(); // *** The actual key for signing - MAKE SURE THIS ISN'T NULL! signedXml.SigningKey = cert.PrivateKey; // *** Specifically use the issuer and serial number for the data rather than the default KeyInfoX509Data keyInfoData = new KeyInfoX509Data(); keyInfoData.AddIssuerSerial(cert.Issuer, cert.GetSerialNumberString()); keyInfo.AddClause(keyInfoData); // *** provide the certficate info that gets embedded - note this is only // *** for specific formatting of the message to provide the cert info signedXml.KeyInfo = keyInfo; // *** Again unusual - meant to make the document match template signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; // *** Now create reference to sign: Point at the Body element Reference reference = new Reference(); reference.Uri = "#Body"; // reference id=body section in same doc reference.AddTransform(new XmlDsigExcC14NTransform()); // required to match doc signedXml.AddReference(reference); // *** Finally create the signature signedXml.ComputeSignature(); // *** Result is an XML node with the signature detail below it // *** Now let's add the sucker into the SOAP-HEADER XmlElement signedElement = signedXml.GetXml(); // *** Create SOAP-SEC:Signature element XmlElement soapSignature = xmlDoc.CreateElement("Signature", STR_SOAPSEC_NS); soapSignature.Prefix = "SOAP-SEC"; soapSignature.SetAttribute("MustUnderstand", "", "1"); // *** And add our signature as content soapSignature.AppendChild(signedElement); // *** Now add the signature header into the master header XmlElement soapHeader = xmlDoc.DocumentElement.SelectSingleNode("//SOAP:Header", ns) as XmlElement; if (soapHeader == null) { soapHeader = xmlDoc.CreateElement("Header", STR_SOAP_NS); soapHeader.Prefix = "SOAP"; xmlDoc.DocumentElement.InsertBefore(soapHeader, xmlDoc.DocumentElement.ChildNodes[0]); } soapHeader.AppendChild(soapSignature); return xmlDoc; }
static string GetIssuerCertificate(CertificateRequest certificate) { var linksEnum = certificate.Links; if (linksEnum != null) { var links = new LinkCollection(linksEnum); var upLink = links.GetFirstOrDefault("up"); if (upLink != null) { var tmp = Path.GetTempFileName(); try { using (var web = new WebClient()) { //if (v.Proxy != null) // web.Proxy = v.Proxy.GetWebProxy(); var uri = new Uri(new Uri(BaseURI), upLink.Uri); web.DownloadFile(uri, tmp); } var cacert = new X509Certificate2(tmp); var sernum = cacert.GetSerialNumberString(); var tprint = cacert.Thumbprint; var sigalg = cacert.SignatureAlgorithm?.FriendlyName; var sigval = cacert.GetCertHashString(); var cacertDerFile = Path.Combine(configPath, $"ca-{sernum}-crt.der"); var cacertPemFile = Path.Combine(configPath, $"ca-{sernum}-crt.pem"); if (!File.Exists(cacertDerFile)) File.Copy(tmp, cacertDerFile, true); Console.WriteLine($" Saving Issuer Certificate to {cacertPemFile}"); if (!File.Exists(cacertPemFile)) CsrHelper.Crt.ConvertDerToPem(cacertDerFile, cacertPemFile); return cacertPemFile; } finally { if (File.Exists(tmp)) File.Delete(tmp); } } } return null; }