| public RemoveRange ( System certificates ) : void | ||
| certificates | System | |
| Результат | void | |
public bool ClearCertificateCache(bool bClearRoot)
{
_rwl.AcquireWriterLock(LOCK_TIMEOUT);
_certificateCache.Clear();
if (bClearRoot)
{
_root = null;
var store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
try
{
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
var roots = store.Certificates.Find(X509FindType.FindBySubjectName, FIDDLER_ROOT_COMMON_NAME, true);
store.RemoveRange(roots);
}
catch
{
return false;
}
finally
{
store.Close();
}
}
_rwl.ReleaseWriterLock();
return true;
}
private static void Main(string[] args)
{
Task.Run(async () =>
{
Console.WriteLine("Enter PIN: ");
string pin = Console.ReadLine();
WebRequestHandler handler = new WebRequestHandler();
handler.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate);
using (HttpClient client = new HttpClient(handler, true))
{
client.BaseAddress = new Uri(string.Format(@"https://{0}:{1}", MachineName, RemotePort));
X509Store store = null;
try
{
var response = await client.GetAsync("certs/" + pin);
response.EnsureSuccessStatusCode();
byte[] rawCert = await response.Content.ReadAsByteArrayAsync();
X509Certificate2Collection certs = new X509Certificate2Collection();
certs.Import(rawCert, "", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.UserKeySet);
store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
X509Certificate2Collection oldCerts = new X509Certificate2Collection();
foreach (var cert in certs)
{
oldCerts.AddRange(store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, cert.Subject, false));
}
store.RemoveRange(certs);
store.AddRange(certs);
store.Close();
Console.WriteLine("Success");
}
catch (HttpRequestException e)
{
Console.WriteLine("Error communicating with vcremote. Make sure that vcremote is running in secure mode and that a new client cert has been generated.");
}
finally
{
if (store != null)
{
store.Close();
}
}
}
}).Wait();
}
protected virtual bool DestroyCertificate(X509Store store, string certificateName)
{
lock (store)
{
X509Certificate2Collection certificates = null;
try
{
store.Open(OpenFlags.ReadWrite);
string certificateSubject = string.Format("CN={0}, O={1}", certificateName, Issuer);
certificates = FindCertificates(store, certificateSubject);
if (certificates != null)
{
store.RemoveRange(certificates);
certificates = FindCertificates(store, certificateSubject);
}
return certificates == null;
}
catch (CryptographicException) { /* Certificate removal failed. */ return false; }
finally
{
store.Close();
if (certificates == null &&
_certificateCache.ContainsKey(certificateName))
{
_certificateCache.Remove(certificateName);
}
}
}
}
/*
* removes all certificates matching subjectName from database
*/
internal static void RemoveCertificates(string subjectName)
{
foreach (sys.StoreLocation idxStore in new sys.StoreLocation[] { sys.StoreLocation.CurrentUser })
{
sys.X509Store store = new sys.X509Store(idxStore);
store.Open(sys.OpenFlags.ReadOnly);
try
{
sys.X509Certificate2Collection coll = store.Certificates.Find(sys.X509FindType.FindBySubjectName, subjectName, false);
if (coll.Count > 0)
store.RemoveRange(coll);
}
finally
{
store.Close();
}
}
}
private void RemoveEntityCertificatesCore(X509Certificate2Collection certs, StoreName storeName, StoreLocation storeLocation)
{
X509Store x509Store = null;
x509Store = new X509Store(storeName, storeLocation);
x509Store.Open(OpenFlags.ReadWrite | OpenFlags.MaxAllowed);
x509Store.RemoveRange(certs);
x509Store.Close();
}
public bool ClearCertificateCache(bool bClearRoot)
{
_certificateCache.Clear();
if (bClearRoot)
{
_root = null;
var store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
try
{
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
var roots = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, FIDDLER_ROOT_DN, true);
store.RemoveRange(roots);
}
catch
{
return false;
}
finally
{
store.Close();
}
}
return true;
}
public bool ClearCertificateCache(bool bRemoveRoot)
{
bool flag = true;
try
{
X509Certificate2Collection certificates;
this.GetWriterLock();
this.certServerCache.Clear();
this.certRoot = null;
string sFullSubject = string.Format("CN={0}{1}", CONFIG.sMakeCertRootCN, CONFIG.sMakeCertSubjectO);
if (bRemoveRoot)
{
certificates = FindCertsBySubject(StoreName.Root, StoreLocation.CurrentUser, sFullSubject);
if (certificates.Count > 0)
{
X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
try
{
store.RemoveRange(certificates);
}
catch
{
flag = false;
}
store.Close();
}
}
certificates = FindCertsByIssuer(StoreName.My, sFullSubject);
if (certificates.Count <= 0)
{
return flag;
}
if (!bRemoveRoot)
{
X509Certificate2 rootCertificate = this.GetRootCertificate();
if (rootCertificate != null)
{
certificates.Remove(rootCertificate);
if (certificates.Count < 1)
{
return true;
}
}
}
X509Store store2 = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store2.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
try
{
store2.RemoveRange(certificates);
}
catch
{
flag = false;
}
store2.Close();
}
finally
{
this.FreeWriterLock();
}
return flag;
}
private static void UninstallAllCertificatesByIssuer(StoreName storeName,
StoreLocation storeLocation,
Dictionary<string, CertificateCacheEntry> cache,
string issuerDistinguishedName)
{
lock (s_certificateLock)
{
X509Store store = null;
try
{
// We assume Bridge is running elevated
store = new X509Store(storeName, storeLocation);
store.Open(OpenFlags.ReadWrite);
var collection = store.Certificates.Find(X509FindType.FindByIssuerDistinguishedName, issuerDistinguishedName, false);
Trace.WriteLine(string.Format("[CertificateManager] Forcibly removing {0} certificates from store where:", collection.Count));
Trace.WriteLine(string.Format(" {0} = {1}", "StoreName", storeName));
Trace.WriteLine(string.Format(" {0} = {1}", "StoreLocation", storeLocation));
Trace.WriteLine(string.Format(" {0} = {1}", "IssuedBy", issuerDistinguishedName));
foreach (var cert in collection)
{
Trace.WriteLine(string.Format(" {0} = {1}", "CN", cert.SubjectName.Name));
Trace.WriteLine(string.Format(" {0} = {1}", "Thumbpint", cert.Thumbprint));
}
store.RemoveRange(collection);
}
finally
{
cache.Clear();
if (store != null)
{
store.Close();
}
}
}
}
public void RemoveRange_Empty_Certificate ()
{
X509Store xs = new X509Store ("ReadWriteStore");
xs.Open (OpenFlags.ReadWrite);
// note: impossible to add cert_empty, so we add something else
// to be sure we'll follow the complete code path (loop) of removal
xs.AddRange (coll);
xs.RemoveRange (new X509Certificate2Collection (cert_empty));
}
public void RemoveRange_OpenReadOnly_Existing ()
{
X509Store xs = new X509Store ("ReadWriteStore");
xs.Open (OpenFlags.ReadWrite);
xs.AddRange (coll);
xs.Close ();
xs.Open (OpenFlags.ReadOnly);
xs.RemoveRange (coll);
}
public void RemoveRange_OpenReadOnly_Unexisting ()
{
X509Store xs = new X509Store ("ReadOnlyStore");
xs.Open (OpenFlags.ReadOnly);
// note: cert1 wasn't present, RemoveRange "succeed"
xs.RemoveRange (coll);
}
public void RemoveRange_Empty ()
{
X509Store xs = new X509Store ();
xs.RemoveRange (coll_empty);
}
public override IResult Execute(IResult previousResults)
{
X509Store store = null;
try
{
var certificate = GetCertificateFromWrapper();
if (certificate == null)
{
Log.Warn("Certificate does not exist in settings store; cannot remove similiar certificates");
return new NextResult();
}
var authorityKey = CertificateUtilities.GetAuthorityKeyFromCertificate(certificate);
if (string.IsNullOrWhiteSpace(authorityKey))
{
Log.WarnFormat("Cannot retrieve authority key from certificate; cannot remove similiar certificates");
return new NextResult();
}
var subjectKey = CertificateUtilities.GetSubjectKeyFromCertificate(certificate);
if (string.IsNullOrWhiteSpace(subjectKey))
{
Log.WarnFormat("Cannot retrieve subject key from certificate; cannot remove similiar certificates");
return new NextResult();
}
store = new X509Store(StoreName, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
var instances = new X509Certificate2Collection();
foreach (var instance in store.Certificates)
{
// shouldn't remove new cert
if (instance.Equals(certificate))
continue;
if (!authorityKey.Equals(
CertificateUtilities.GetAuthorityKeyFromCertificate(instance),
StringComparison.InvariantCultureIgnoreCase))
continue;
if (!subjectKey.Equals(
CertificateUtilities.GetSubjectKeyFromCertificate(instance),
StringComparison.InvariantCultureIgnoreCase))
Log.InfoFormat("Similar certificate found: serial number {0}; subject name {1}", instance.SerialNumber, instance.SubjectName.Name);
instances.Add(instance);
}
if (instances.Count == 0)
return new NextResult();
Log.InfoFormat("Removing {0} similar certificates", instances.Count);
store.RemoveRange(instances);
var notRemoved = new X509Certificate2Collection();
foreach (var instance in instances.Cast<X509Certificate2>().Where(instance => store.Certificates.Contains(instance)))
{
notRemoved.Add(instance);
}
if (notRemoved.Count == 0)
Log.InfoFormat("{0} similiar certificates removed", instances.Count);
else
{
foreach (var instance in notRemoved)
Log.WarnFormat("Certificate with serial number {0} not removed", instance.SerialNumber);
}
return new NextResult();
}
catch (Exception e)
{
return new ExceptionOccurred(e);
}
finally
{
if (store != null)
store.Close();
}
}
