public DtoActionResult UpdateCertificate(EntityCertificate certificate)
{
var u = GetCertificate(certificate.Id);
if (u == null)
{
return new DtoActionResult {
ErrorMessage = "Certificate Not Found", Id = 0
}
}
;
var validationResult = ValidateCertificateEntity(certificate, false);
var actionResult = new DtoActionResult();
if (validationResult.Success)
{
_uow.CertificateRepository.Update(certificate, certificate.Id);
_uow.Save();
actionResult.Success = true;
actionResult.Id = certificate.Id;
}
else
{
actionResult.ErrorMessage = validationResult.ErrorMessage;
}
return(actionResult);
}
private DtoValidationResult ValidateCertificateEntity(EntityCertificate certificate, bool isNew)
{
var validationResult = new DtoValidationResult {
Success = true
};
return(validationResult);
//todo: add validation
}
private byte[] GenerateDeviceCert(string symmKey, EntityComputer computer)
{
var iCert = new ServiceCertificate().GetIntermediate();
byte[] symmetricKey;
using (RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)iCert.PrivateKey)
{
var encryptedKey = Convert.FromBase64String(symmKey);
symmetricKey = rsa.Decrypt(encryptedKey, true);
}
var intermediateEntity = new ServiceCertificate().GetIntermediateEntity();
var pass = new EncryptionServices().DecryptText(intermediateEntity.Password);
var intermediateCert = new X509Certificate2(intermediateEntity.PfxBlob, pass, X509KeyStorageFlags.Exportable);
var certRequest = new CertificateRequest();
var organization = ServiceSetting.GetSettingValue(SettingStrings.CertificateOrganization);
certRequest.SubjectName = string.Format("O={0},CN={1}", organization, computer.Guid);
certRequest.NotBefore = DateTime.UtcNow;
certRequest.NotAfter = certRequest.NotBefore.AddYears(10);
var certificate = new ServiceGenerateCertificate(certRequest).IssueCertificate(intermediateCert, false, false);
var c = new EntityCertificate();
c.NotAfter = certificate.NotAfter;
c.NotBefore = certificate.NotBefore;
c.Serial = certificate.SerialNumber;
var pfxPass = Membership.GeneratePassword(10, 0);
c.Password = new EncryptionServices().EncryptText(pfxPass);
c.PfxBlob = certificate.Export(X509ContentType.Pfx, pfxPass);
c.SubjectName = certificate.Subject;
c.Type = EnumCertificate.CertificateType.Device;
var base64DeviceCert = Convert.ToBase64String(certificate.RawData);
var encryptedCert = new ServiceSymmetricEncryption().EncryptData(symmetricKey, base64DeviceCert);
new ServiceCertificate().AddCertificate(c);
computer.CertificateId = c.Id;
computer.ProvisionStatus = EnumProvisionStatus.Status.PendingConfirmation;
computer.SymmKeyEncrypted = new EncryptionServices().EncryptText(Convert.ToBase64String(symmetricKey));
return(encryptedCert);
}
public DtoActionResult AddCertificate(EntityCertificate certificate)
{
var validationResult = ValidateCertificateEntity(certificate, true);
var actionResult = new DtoActionResult();
if (validationResult.Success)
{
_uow.CertificateRepository.Insert(certificate);
_uow.Save();
actionResult.Success = true;
actionResult.Id = certificate.Id;
}
else
{
actionResult.ErrorMessage = validationResult.ErrorMessage;
}
return(actionResult);
}
public bool GenerateCAandInt()
{
var isAllowed = ConfigurationManager.AppSettings["AllowCAGen"];
if (!isAllowed.ToLower().Equals("true"))
{
Logger.Debug("Certificates cannot be generated without updating the web.config key AllowCAGen");
return(false);
}
var certRequest = new CertificateRequest();
var organization = new ServiceSetting().GetSetting(SettingStrings.CertificateOrganization);
if (organization == null)
{
return(false);
}
if (string.IsNullOrEmpty(organization.Value))
{
return(false);
}
certRequest.SubjectName = string.Format("O={0},CN=Toems CA", organization.Value);
certRequest.NotBefore = DateTime.UtcNow;
certRequest.NotAfter = certRequest.NotBefore.AddYears(20);
var authCertificate = new ServiceGenerateCertificate(certRequest).CreateCertificateAuthorityCertificate();
var c = new EntityCertificate();
c.NotAfter = authCertificate.NotAfter;
c.NotBefore = authCertificate.NotBefore;
c.Serial = authCertificate.SerialNumber;
var pfxPass = Membership.GeneratePassword(10, 0);
c.Password = new EncryptionServices().EncryptText(pfxPass);
c.PfxBlob = authCertificate.Export(X509ContentType.Pfx, pfxPass);
c.SubjectName = authCertificate.Subject;
c.Type = EnumCertificate.CertificateType.Authority;
var existingCA =
_uow.CertificateRepository.GetFirstOrDefault(x => x.Type == EnumCertificate.CertificateType.Authority);
if (existingCA != null)
{
_uow.CertificateRepository.Delete(existingCA.Id);
}
_uow.CertificateRepository.Insert(c);
//intermediate
var intRequest = new CertificateRequest();
intRequest.SubjectName = string.Format("O={0},CN=Toems Intermediate", organization.Value);
intRequest.NotBefore = DateTime.UtcNow;
intRequest.NotAfter = intRequest.NotBefore.AddYears(20);
var intCertificate = new ServiceGenerateCertificate(intRequest).IssueCertificate(authCertificate, true, false);
var ce = new EntityCertificate();
ce.NotAfter = intCertificate.NotAfter;
ce.NotBefore = intCertificate.NotBefore;
ce.Serial = intCertificate.SerialNumber;
var pfxPassInt = Membership.GeneratePassword(10, 0);
ce.Password = new EncryptionServices().EncryptText(pfxPassInt);
ce.PfxBlob = intCertificate.Export(X509ContentType.Pfx, pfxPassInt);
ce.SubjectName = intCertificate.Subject;
ce.Type = EnumCertificate.CertificateType.Intermediate;
var existingInt =
_uow.CertificateRepository.GetFirstOrDefault(x => x.Type == EnumCertificate.CertificateType.Intermediate);
if (existingInt != null)
{
_uow.CertificateRepository.Delete(existingInt.Id);
}
_uow.CertificateRepository.Insert(ce);
_uow.Save();
return(true);
}
