public static byte[] HybridDecrypt ( X509Certificate2 decryptorPrivateKeyPfx , Secret data ) { X509Certificate2 encryptorPublicKeyCer = null; try { RSACryptoServiceProvider decryptorPrivateKeyPfxProvider = decryptorPrivateKeyPfx.PrivateKey as RSACryptoServiceProvider; encryptorPublicKeyCer = new X509Certificate2(data.EncryptorPublicKeyCerRawData); RSACryptoServiceProvider encryptorPublicKeyCerProvider = encryptorPublicKeyCer.PublicKey.Key as RSACryptoServiceProvider; return HybridDecrypt ( decryptorPrivateKeyPfxProvider , encryptorPublicKeyCerProvider , data ); } catch { return null; } finally { if (encryptorPublicKeyCer != null) { encryptorPublicKeyCer.Reset(); } } }
public static X509Certificate2 BuscaNome(string Nome) { X509Certificate2 _X509Cert = new X509Certificate2(); try { X509Store store = new X509Store("MY", StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates; X509Certificate2Collection collection1 = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid, HLP.GeraXml.dao.daoUtil.GetDateServidor(), false); X509Certificate2Collection collection2 = (X509Certificate2Collection)collection.Find(X509FindType.FindByKeyUsage, X509KeyUsageFlags.DigitalSignature, false); if (Nome == "") { X509Certificate2Collection scollection = X509Certificate2UI.SelectFromCollection(collection2, "Certificado(s) Digital(is) disponível(is)", "Selecione o Certificado Digital para uso no aplicativo", X509SelectionFlag.SingleSelection); if (scollection.Count == 0) { _X509Cert.Reset(); Console.WriteLine("Nenhum certificado escolhido", "Atenção"); } else { _X509Cert = scollection[0]; } } else { X509Certificate2Collection scollection = (X509Certificate2Collection)collection2.Find(X509FindType.FindBySubjectDistinguishedName, Nome, false); if (scollection.Count == 0) { Console.WriteLine("Nenhum certificado válido foi encontrado com o nome informado: " + Nome, "Atenção"); _X509Cert.Reset(); } else { _X509Cert = scollection[0]; } } store.Close(); return _X509Cert; } catch (System.Exception ex) { Console.WriteLine(ex.Message); return _X509Cert; } }
public X509Certificate2 BuscaNroSerie(string NroSerie) { X509Certificate2 _X509Cert = new X509Certificate2(); try { X509Store store = new X509Store("MY", StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates; X509Certificate2Collection collection1 = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid, DateTime.Now, true); X509Certificate2Collection collection2 = (X509Certificate2Collection)collection1.Find(X509FindType.FindByKeyUsage, X509KeyUsageFlags.DigitalSignature, true); if (NroSerie == "") { X509Certificate2Collection scollection = X509Certificate2UI.SelectFromCollection(collection2, "Certificados Digitais", "Selecione o Certificado Digital para uso no aplicativo", X509SelectionFlag.SingleSelection); if (scollection.Count == 0) { _X509Cert.Reset(); Console.WriteLine("Nenhum certificado válido foi encontrado com o número de série informado: " + NroSerie, "Atenção"); } else { _X509Cert = scollection[0]; } } else { X509Certificate2Collection scollection = (X509Certificate2Collection)collection2.Find(X509FindType.FindBySerialNumber, NroSerie, true); if (scollection.Count == 0) { _X509Cert.Reset(); Console.WriteLine("Nenhum certificado válido foi encontrado com o número de série informado: " + NroSerie, "Atenção"); } else { _X509Cert = scollection[0]; } } store.Close(); return _X509Cert; } catch (System.Exception ex) { Console.WriteLine(ex.Message); return _X509Cert; } }
private bool TryGetMatchingX509Certificate(IntPtr certContext, X509FindType findType, uint dwFindType, object findValue, bool validOnly, out X509Certificate2 cert) { cert = new X509Certificate2(certContext); if (dwFindType == 0) { switch (findType) { case X509FindType.FindBySubjectDistinguishedName: if (string.Compare((string) findValue, cert.SubjectName.Name, StringComparison.OrdinalIgnoreCase) == 0) { break; } cert.Reset(); cert = null; return false; case X509FindType.FindByIssuerDistinguishedName: if (string.Compare((string) findValue, cert.IssuerName.Name, StringComparison.OrdinalIgnoreCase) == 0) { break; } cert.Reset(); cert = null; return false; case X509FindType.FindBySerialNumber: if (this.BinaryMatches((byte[]) findValue, cert.GetSerialNumber())) { break; } cert.Reset(); cert = null; return false; case X509FindType.FindBySubjectKeyIdentifier: { X509SubjectKeyIdentifierExtension extension = cert.Extensions["2.5.29.14"] as X509SubjectKeyIdentifierExtension; if ((extension == null) || !this.BinaryMatches((byte[]) findValue, extension.RawData)) { cert.Reset(); cert = null; return false; } break; } } } if (validOnly && !new X509Chain(false) { ChainPolicy = { RevocationMode = X509RevocationMode.NoCheck, RevocationFlag = X509RevocationFlag.ExcludeRoot } }.Build(cert)) { cert.Reset(); cert = null; return false; } return (cert != null); }
public static Secret HybridEncrypt ( string encryptorPrivateKeyPfxFileName , string encryptorPublicKeyCerFileName , string decryptorPublicKeyCerFileName , HashSignatureMode hashSignatureMode , bool DoOAEPadding , byte[] data ) { X509Certificate2 encryptorPrivateKeyPfx = null; X509Certificate2 encryptorPublicKeyCer = null; X509Certificate2 decryptorPublicKeyCer = null; try { encryptorPrivateKeyPfx = new X509Certificate2(encryptorPrivateKeyPfxFileName); encryptorPublicKeyCer = new X509Certificate2(encryptorPublicKeyCerFileName); decryptorPublicKeyCer = new X509Certificate2(decryptorPublicKeyCerFileName); return HybridEncrypt ( encryptorPrivateKeyPfx , encryptorPublicKeyCer , decryptorPublicKeyCer , hashSignatureMode , DoOAEPadding , data ); } catch { return null; } finally { if (encryptorPrivateKeyPfx != null) { encryptorPrivateKeyPfx.Reset(); } if (encryptorPublicKeyCer != null) { encryptorPublicKeyCer.Reset(); } if (decryptorPublicKeyCer != null) { decryptorPublicKeyCer.Reset(); } } }
///////////////////////////////////////////////////// // // // InstallClientCertificateToKeystore() // // // ///////////////////////////////////////////////////// //Description: Takes a public or private key file and // adds it to the local user's key store //Returns: the key data as a string ///////////////////////////////////////////////////// internal static bool InstallClientCertificateToKeystore(X509Certificate2 certificate) { //try to open local machine's crypto store X509Store store; try { //open the user's certificate store store = new X509Store("MY", StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite | OpenFlags.OpenExistingOnly); } catch (Exception ex) { throw new Exception("Failed to open MY store: " + ex.Message); } //add the new X509 cert to the opened store store.Add(certificate); //close store store.Close(); certificate.Reset(); return true; }
/// <summary> /// Busca certificados instalado se informado uma serie /// se não abre caixa de dialogos de certificados. /// </summary> /// <param name="cerSerie">Serie do certificado.</param> /// <returns>X509Certificate2.</returns> /// <exception cref="System.Exception"> /// Nenhum certificado digital foi selecionado ou o certificado selecionado está com problemas. /// or /// Certificado digital não encontrado /// or /// </exception> public static X509Certificate2 SelecionarCertificado(string cerSerie) { var certificate = new X509Certificate2(); try { X509Certificate2Collection certificatesSel = null; var store = new X509Store("MY", StoreLocation.CurrentUser); store.Open(OpenFlags.OpenExistingOnly); var certificates = store.Certificates.Find(X509FindType.FindByTimeValid, DateTime.Now, true) .Find(X509FindType.FindByKeyUsage, X509KeyUsageFlags.DigitalSignature, true); if ((string.IsNullOrEmpty(cerSerie))) { certificatesSel = X509Certificate2UI.SelectFromCollection(certificates, "Certificados Digitais", "Selecione o Certificado Digital para uso no aplicativo", X509SelectionFlag.SingleSelection); if ((certificatesSel.Count == 0)) { certificate.Reset(); throw new Exception("Nenhum certificado digital foi selecionado ou o certificado selecionado está com problemas."); } certificate = certificatesSel[0]; } else { certificatesSel = certificates.Find(X509FindType.FindBySerialNumber, cerSerie, true); if ((certificatesSel.Count == 0)) { certificate.Reset(); throw new Exception("Certificado digital não encontrado"); } certificate = certificatesSel[0]; } store.Close(); return certificate; } catch (Exception exception) { throw new Exception(exception.Message); } }
bool TryGetMatchingX509Certificate(IntPtr certContext, X509FindType findType, uint dwFindType, object findValue, bool validOnly, out X509Certificate2 cert) { cert = new X509Certificate2(certContext); if (dwFindType == CAPI.CERT_FIND_ANY) { switch (findType) { case X509FindType.FindBySubjectDistinguishedName: if (0 != String.Compare((string)findValue, cert.SubjectName.Name, StringComparison.OrdinalIgnoreCase)) { cert.Reset(); cert = null; return false; } break; case X509FindType.FindByIssuerDistinguishedName: if (0 != String.Compare((string)findValue, cert.IssuerName.Name, StringComparison.OrdinalIgnoreCase)) { cert.Reset(); cert = null; return false; } break; case X509FindType.FindBySerialNumber: if (!BinaryMatches((byte[])findValue, cert.GetSerialNumber())) { cert.Reset(); cert = null; return false; } break; case X509FindType.FindBySubjectKeyIdentifier: X509SubjectKeyIdentifierExtension skiExtension = cert.Extensions[CAPI.SubjectKeyIdentifierOid] as X509SubjectKeyIdentifierExtension; if (skiExtension == null || !BinaryMatches((byte[])findValue, skiExtension.RawData)) { cert.Reset(); cert = null; return false; } break; default: DiagnosticUtility.DebugAssert(findType + " is not supported!"); break; } } if (validOnly) { X509Chain chain = new X509Chain(false); chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; chain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot; if (!chain.Build(cert)) { cert.Reset(); cert = null; return false; } } return cert != null; }