/*
* installs certificate and key into windows registry
*/
private static void InstallIntoRegistry(sys.X509Certificate2 windowsCertificate)
{
sys.X509Store store = new sys.X509Store();
store.Open(sys.OpenFlags.ReadWrite);
try
{
store.Add(windowsCertificate);
}
finally
{
store.Close();
}
}
/****************************************************************************/
public bool ServerCertificateValidation(
Syscert.X509Certificate certificate,
int[] certificateErrors)
{
bool retFlag=false;
if (certificateErrors != null &&
certificateErrors.Length > 0)
{
if( certificateErrors.Length==1 && certificateErrors[0] == -2146762481)
{
retFlag = true;
}
else
{
Console.WriteLine("Detected errors in the Server Certificate:");
for (int i = 0; i < certificateErrors.Length; i++)
{
Console.WriteLine(certificateErrors[i]);
}
retFlag = false;
}
}
else
{
retFlag = true;
}
// Skip the server cert errors.
return retFlag;
}
public static X509Certificate FromX509Certificate(
SystemX509.X509Certificate x509Cert)
{
return new X509CertificateParser().ReadCertificate(x509Cert.GetRawCertData());
}
static bool CertificateValidation (SSCX.X509Certificate certificate, int[] certificateErrors)
{
// the main reason to download it is that it's not trusted
return true;
// OTOH we ask user confirmation before adding certificates into the stores
}
public void SetCertificate (SSCX.X509Certificate certificate, AsymmetricAlgorithm privateKey)
{
var monoCert = new MX.X509Certificate (certificate.GetRawCertData ());
Configuration.SetCertificate (monoCert, privateKey);
}
public bool DefaultCertificateValidationHandler(
Syscert.X509Certificate certificate,
int[] certificateErrors)
{
bool retFlag=false;
if (certificateErrors != null &&
certificateErrors.Length > 0)
{
if( certificateErrors.Length==1 && certificateErrors[0] == -2146762481)
{
retFlag = true;
}
else
{
Console.WriteLine("Detected errors in the Server Certificate:");
for (int i = 0; i < certificateErrors.Length; i++)
{
handshakeProblemsEncountered.Add((CertificateProblem)((uint)certificateErrors[i]));
Console.WriteLine(certificateErrors[i]);
}
retFlag = false;
}
}
else
{
retFlag = true;
}
// Skip the server cert errors.
return retFlag;
}
/// <summary>
/// Create a new certificate
/// </summary>
/// <param name="issuer">Issuer certificate, if null then self-sign</param>
/// <param name="subjectName">Subject name</param>
/// <param name="serialNumber">Serial number of certificate, if null then will generate a new one</param>
/// <param name="signature">If true create an AT_SIGNATURE key, otherwise AT_EXCHANGE</param>
/// <param name="keySize">Size of RSA key</param>
/// <param name="notBefore">Start date of certificate</param>
/// <param name="notAfter">End date of certificate</param>
/// <param name="extensions">Array of extensions, if null then no extensions</param>
/// <param name="hashAlgorithm">Specify the signature hash algorithm</param>
/// <returns>The created X509 certificate</returns>
public SystemX509.X509Certificate2 CreateCert(SystemX509.X509Certificate2 issuer, SystemX509.X500DistinguishedName subjectName,
byte[] serialNumber, bool signature, int keySize, CertificateHashAlgorithm hashAlgorithm, DateTime notBefore,
DateTime notAfter, SystemX509.X509ExtensionCollection extensions)
{
X509V3CertificateGenerator builder = new X509V3CertificateGenerator();
AsymmetricAlgorithm subjectKey = CreateRSAKey(keySize, signature);
AsymmetricAlgorithm signKey = issuer == null ? subjectKey : issuer.PrivateKey;
if (signKey == null)
{
throw new ArgumentException(Properties.Resources.CreateCert_NoPrivateKey);
}
AsymmetricCipherKeyPair bcSubjectKey = GetRsaKeyPair((RSACryptoServiceProvider)subjectKey);
AsymmetricCipherKeyPair bcSignKey = GetRsaKeyPair((RSACryptoServiceProvider)signKey);
X509Name issuerNameObj = issuer == null ? X509Name.GetInstance(Asn1Object.FromByteArray(subjectName.RawData))
: X509Name.GetInstance(Asn1Object.FromByteArray(issuer.SubjectName.RawData));
X509Name subjectNameObj = X509Name.GetInstance(Asn1Object.FromByteArray(subjectName.RawData));
BigInteger subjectSerial = new BigInteger(1, serialNumber != null ? serialNumber : Guid.NewGuid().ToByteArray());
BigInteger issuerSerial = issuer == null ? subjectSerial : new BigInteger(1, issuer.GetSerialNumber());
builder.SetIssuerDN(issuerNameObj);
builder.SetSubjectDN(subjectNameObj);
builder.SetSerialNumber(subjectSerial);
builder.SetSignatureAlgorithm(HashAlgorithmToName(hashAlgorithm));
builder.SetNotBefore(notBefore.ToUniversalTime());
builder.SetNotAfter(notAfter.ToUniversalTime());
builder.SetPublicKey(bcSubjectKey.Public);
SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(bcSignKey.Public);
AuthorityKeyIdentifier authKeyId = new AuthorityKeyIdentifier(info, new GeneralNames(new GeneralName(issuerNameObj)), issuerSerial);
SubjectKeyIdentifier subjectKeyid = new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(bcSubjectKey.Public));
builder.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, true, authKeyId);
builder.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, true, subjectKeyid);
if (extensions != null)
{
foreach (SystemX509.X509Extension ext in extensions)
{
if (!ext.Oid.Value.Equals(X509Extensions.AuthorityKeyIdentifier.Id)
&& !ext.Oid.Value.Equals(X509Extensions.SubjectKeyIdentifier.Id)
&& !ext.Oid.Value.Equals(szOID_AUTHORITY_KEY_IDENTIFIER2))
{
Asn1InputStream istm = new Org.BouncyCastle.Asn1.Asn1InputStream(ext.RawData);
Asn1Object obj = istm.ReadObject();
builder.AddExtension(ext.Oid.Value, ext.Critical, obj);
}
}
}
X509Certificate cert = builder.Generate(bcSignKey.Private);
SystemX509.X509Certificate2 ret = new SystemX509.X509Certificate2(cert.GetEncoded(), (string)null, SystemX509.X509KeyStorageFlags.Exportable);
ret.PrivateKey = subjectKey;
return ret;
}
/****************************************************************************/
public bool ServerCertificateValidation(
Syscert.X509Certificate certificate,
int[] certificateErrors)
{
if (null != OnCertificateValidation)
{
return OnCertificateValidation(certificate, certificateErrors);
}
return DefaultCertificateValidationHandler(certificate, certificateErrors);
}
private void StoreCertificate(string name, byte[] raw, RSA key, MSX509.StoreName storeName, MSX509.StoreLocation location)
{
PKCS12 p12 = BuildPkcs12(raw, key);
MSX509.X509Certificate2 certificate = new MSX509.X509Certificate2(p12.GetBytes(), "advtools", MSX509.X509KeyStorageFlags.PersistKeySet | MSX509.X509KeyStorageFlags.MachineKeySet | MSX509.X509KeyStorageFlags.Exportable);
MSX509.X509Store store = new MSX509.X509Store(storeName, location);
store.Open(MSX509.OpenFlags.ReadWrite);
store.Add(certificate);
store.Close();
certificates_[name] = certificate;
}
/*private void WriteCertificate(string name, byte[] raw)
{
using(FileStream stream = new FileStream(GetCertificateFilePath(name), FileMode.Create, FileAccess.Write))
stream.Write(raw, 0, raw.Length);
}*/
private MSX509.X509Certificate2 LoadCertificate(string name, MSX509.StoreName storeName, MSX509.StoreLocation location)
{
if(certificates_.ContainsKey(name))
return certificates_[name];
MSX509.X509Store store = new MSX509.X509Store(storeName, location);
store.Open(MSX509.OpenFlags.ReadOnly);
var certificates = store.Certificates.Find(MSX509.X509FindType.FindBySubjectName, name, true);
store.Close();
if(certificates.Count <= 0)
return null;
state_.Logger.Information("X509v3 '{0}' loaded from store", name);
MSX509.X509Certificate2 certificate = certificates[0];
certificates_[name] = certificate;
return certificate;
}
private MSX509.X509Certificate2 CreateCertificate(string name, List<X509Extension> extensions, MSX509.X509Certificate2 issuerCertificate, string issuer, MSX509.StoreName storeName, int validity)
{
MSX509.X509Certificate2 certificate = LoadCertificate(name, storeName, location_);
if(certificate != null)
return certificate;
state_.Logger.Information("Create X509.v3 certificate for '{0}'", name);
PrivateKey key = new PrivateKey();
key.RSA = RSA.Create();
X509CertificateBuilder builder = new X509CertificateBuilder(3);
builder.SerialNumber = GenerateSerial();
builder.IssuerName = "CN=" + issuer;
builder.SubjectName = "CN=" + name;
builder.SubjectPublicKey = key.RSA;
builder.NotBefore = DateTime.Now;
builder.NotAfter = builder.NotBefore.AddDays(validity);
builder.Hash = "SHA1";
foreach(X509Extension extension in extensions)
builder.Extensions.Add(extension);
var signator = issuerCertificate == null ? key.RSA : issuerCertificate.PrivateKey;
byte[] raw = builder.Sign(signator);
StoreCertificate(name, raw, key.RSA, storeName, location_);
certificate = new MSX509.X509Certificate2(raw);
certificate.PrivateKey = key.RSA;
return certificate;
}
public SSCX.X509Certificate GetRemoteCertificate (out PSSCX.X509CertificateCollection remoteCertificateStore)
{
MX.X509CertificateCollection monoCollection;
var remoteCert = Context.GetRemoteCertificate (out monoCollection);
if (remoteCert == null) {
remoteCertificateStore = null;
return null;
}
remoteCertificateStore = new PSSCX.X509CertificateCollection ();
foreach (var cert in monoCollection) {
remoteCertificateStore.Add (new PSSCX.X509Certificate2 (cert.RawData));
}
return new PSSCX.X509Certificate2 (remoteCert.RawData);
}
