Пример #1
0
        private async void CertificateRequestTimer_Tick(object sender, EventArgs e)
        {
            try
            {
                NodeId requestId = NodeId.Parse(m_application.CertificateRequestId);

                byte[]   privateKey         = null;
                byte[][] issuerCertificates = null;

                byte[] certificate = m_gds.FinishRequest(
                    m_application.ApplicationId,
                    requestId,
                    out privateKey,
                    out issuerCertificates);

                if (certificate == null)
                {
                    return;
                }

                CertificateRequestTimer.Enabled = false;
                RequestProgressLabel.Visible    = false;

                if (m_application.RegistrationType != RegistrationType.ServerPush)
                {
                    // save public key.
                    if (!String.IsNullOrEmpty(m_application.CertificatePublicKeyPath))
                    {
                        string file = Utils.GetAbsoluteFilePath(m_application.CertificatePublicKeyPath, true, false, true);
                        File.WriteAllBytes(file, certificate);
                    }

                    // check if the private was re-used.
                    if (privateKey == null || privateKey.Length == 0)
                    {
                        if (!String.IsNullOrEmpty(m_application.CertificatePrivateKeyPath))
                        {
                            string path = Utils.GetAbsoluteFilePath(m_application.CertificatePrivateKeyPath, true, true, true);

                            if (path != null)
                            {
                                if (!m_application.CertificatePrivateKeyPath.EndsWith("PEM", StringComparison.OrdinalIgnoreCase))
                                {
                                    var x509   = new X509Certificate2(certificate);
                                    var oldPfx = new X509Certificate2(path, (string)null, X509KeyStorageFlags.Exportable);
                                    var newPfx = CertificateAuthority.Replace(x509, oldPfx);
                                    var bytes  = newPfx.Export(X509ContentType.Pfx);
                                    File.WriteAllBytes(path, bytes);
                                }
                            }
                        }
                        else
                        {
                            if (!String.IsNullOrEmpty(m_application.CertificateStorePath) && !String.IsNullOrEmpty(m_application.CertificateSubjectName))
                            {
                                var x509 = new X509Certificate2(certificate);

                                var cid = new CertificateIdentifier()
                                {
                                    StorePath   = m_application.CertificateStorePath,
                                    SubjectName = m_application.CertificateSubjectName.Replace("localhost", System.Net.Dns.GetHostName())
                                };

                                var oldPfx = await cid.Find(true);

                                if (oldPfx != null)
                                {
                                    var newPfx = CertificateAuthority.Replace(x509, oldPfx);

                                    using (var store = CertificateStoreIdentifier.OpenStore(m_application.CertificateStorePath))
                                    {
                                        await store.Delete(oldPfx.Thumbprint);

                                        await store.Add(newPfx);
                                    }
                                }
                            }
                        }
                    }

                    // save private key.
                    else
                    {
                        if (!String.IsNullOrEmpty(m_application.CertificatePrivateKeyPath))
                        {
                            string path = Utils.GetAbsoluteFilePath(m_application.CertificatePrivateKeyPath, true, true, true);

                            if (path != null)
                            {
                                File.WriteAllBytes(path, privateKey);
                            }
                        }
                        else
                        {
                            if (!String.IsNullOrEmpty(m_application.CertificateStorePath) && !String.IsNullOrEmpty(m_application.CertificateSubjectName))
                            {
                                var cid = new CertificateIdentifier()
                                {
                                    StorePath   = m_application.CertificateStorePath,
                                    SubjectName = m_application.CertificateSubjectName
                                };

                                var oldCertificate = await cid.Find();

                                using (var store = CertificateStoreIdentifier.OpenStore(m_application.CertificateStorePath))
                                {
                                    if (oldCertificate != null)
                                    {
                                        await store.Delete(oldCertificate.Thumbprint);
                                    }

                                    var x509 = new X509Certificate2(privateKey, new System.Security.SecureString(), X509KeyStorageFlags.Exportable);
                                    x509 = CertificateFactory.Load(x509, true);
                                    await store.Add(x509);
                                }
                            }
                        }
                    }

                    // update trust list.
                    if (!String.IsNullOrEmpty(m_application.TrustListStorePath))
                    {
                        using (ICertificateStore store = CertificateStoreIdentifier.OpenStore(m_application.TrustListStorePath))
                        {
                            foreach (var issuerCertificate in issuerCertificates)
                            {
                                var x509 = new X509Certificate2(issuerCertificate);

                                if (store.FindByThumbprint(x509.Thumbprint) == null)
                                {
                                    await store.Add(new X509Certificate2(issuerCertificate));
                                }
                            }
                        }
                    }
                }
                else
                {
                    if (privateKey != null && privateKey.Length > 0)
                    {
                        var x509 = new X509Certificate2(privateKey, m_certificatePassword, X509KeyStorageFlags.Exportable);
                        privateKey = x509.Export(X509ContentType.Pfx);
                    }

                    bool applyChanges = m_server.UpdateCertificate(null, null, certificate, GetPrivateKeyFormat(), privateKey, issuerCertificates);

                    if (applyChanges)
                    {
                        MessageBox.Show(
                            Parent,
                            "The certificate was updated, however, the apply changes command must be sent before the server will use the new certificate.",
                            Parent.Text,
                            MessageBoxButtons.OK,
                            MessageBoxIcon.Information);

                        ApplyChangesButton.Enabled = true;
                    }
                }

                m_certificate = new X509Certificate2(certificate);
                CertificateControl.ShowValue(null, "Application Certificate", new CertificateWrapper()
                {
                    Certificate = m_certificate
                }, true);
            }
            catch (Exception exception)
            {
                var sre = exception as ServiceResultException;

                if (sre != null && sre.StatusCode == StatusCodes.BadNothingToDo)
                {
                    return;
                }

                MessageBox.Show(Parent.Text + ": " + exception.Message);
                CertificateRequestTimer.Enabled = false;
            }
        }