private static void ObtainLatestBankCertificates() { /* * This obtains the latest certificates used by the bank. * They have a finite lifecycle, so they must be renewed a regular interval * - Root certifiate: 10 years * - Signing certificate: 2 years * - Encryption certificate: 2 years */ Console.WriteLine("Requesting bank certificates ..."); // Obtain bank certificate var res = PKIClient.GetBankCertificate(); if (!CheckForError(res)) { exitProgram(Int32.Parse(res.Error.ReturnCode)); return; } Console.WriteLine(" Retrieved new certificates from bank."); Console.WriteLine("Saving bank certificates ..."); // Save the bank certificates CertStore.SetCertificate(CertStore.Certificiates.BankRoot, res.Response.GetBankCertificateResponse.BankRootCert); CertStore.SetCertificate(CertStore.Certificiates.BankEncryption, res.Response.GetBankCertificateResponse.BankEncryptionCert); CertStore.SetCertificate(CertStore.Certificiates.BankSigning, res.Response.GetBankCertificateResponse.BankSigningCert); Console.WriteLine(" Bank certificates successfully saved."); // Instruct the PKIClient to use the new certificates PKIClient.BankRootCertificate = CertStore.GetCertificate(CertStore.Certificiates.BankRoot); PKIClient.SetBankCertificates(CertStore.GetCertificate(CertStore.Certificiates.BankEncryption), CertStore.GetCertificate(CertStore.Certificiates.BankSigning)); Console.WriteLine(" Using new bank certificates."); }
static void Main(string[] args) { var client = new PKIClient(Customer_Id); /* * Create a software based XML signing strategy * A custom implementation backed by a hardware security module could be used here instead */ SoftwareBasedXmlSigningService xmlSigningStrategy = new SoftwareBasedXmlSigningService(); client.SetXmlSigningService(xmlSigningStrategy); // Create a utility class for accessing the windows certificate store var store = new CertStore(); X509Certificate2 rootCert = store.GetCertificate(CertStore.Certificiates.BankRoot); if (rootCert == null) { Console.WriteLine("Bank root certificate was not set in certificate store."); Console.WriteLine("Please set the correct bank root certificate in the \"DanskeBank.PKIFactory\" store using the friendlyname \"" + CertStore.Certificiates.BankRoot.ToString() + "\"."); Console.ReadLine(); return; } // Tell the client proxy to use the loaded root certificate client.SetBankRootCertificate(rootCert); #region Obtain bank certificates /* * This obtains the latest certificates used by the bank. * They have a finite lifecycle, so they must be renewed a regular interval * - Root certifiate: 10 years * - Signing certificate: 2 years * - Encryption certificate: 2 years */ Console.WriteLine("Requesting bank certificates ..."); // Obtain bank certificate var res = ObtainLatestBankCertificates(client); if (res.IsSuccessful) { Console.WriteLine(" Retrieved new certificates from bank."); // Save the bank certificates Console.WriteLine(" Saving bank certificates ..."); SaveBankCertificates(res.Response, store); } // Instruct the client to use the new certificates client.SetBankCertificates(store.GetCertificate(CertStore.Certificiates.BankEncryption), store.GetCertificate(CertStore.Certificiates.BankSigning)); #endregion // Determine whether we have already been issued certificates from the bank by querying the key store bool mustRequestCertificates = store.GetCertificate(CertStore.Certificiates.ClientIssuedSigning) == null || store.GetCertificate(CertStore.Certificiates.ClientIssuedEncryption) == null; if (mustRequestCertificates) { if (store.GetCertificate(CertStore.Certificiates.ClientGeneratedEncryption) == null || store.GetCertificate(CertStore.Certificiates.ClientGeneratedEncryption) == null) { Console.WriteLine("Client generated certificates and private keys were not set in certificate store."); Console.WriteLine("Please set the encryption and signing certificates in the \"DanskeBank.PKIFactory\" store using the friendlyname names:"); Console.WriteLine(" Signing: \"" + CertStore.Certificiates.ClientGeneratedSigning.ToString() + "\"."); Console.WriteLine(" Encryption: \"" + CertStore.Certificiates.ClientGeneratedEncryption.ToString() + "\"."); Console.ReadLine(); return; } Console.WriteLine("Sending certificate signing requests for own certificates ..."); var createCertRes = CreateCertificates(client, Customer_PIN, store); SaveClientCertificates(createCertRes.Response, store); } // Use the (potentially newly) issued certificates Console.WriteLine("Using certificates issued to client ..."); xmlSigningStrategy.SetClientCertificate(store.GetCertificate(CertStore.Certificiates.ClientIssuedSigning), (RSACryptoServiceProvider)store.GetCertificate(CertStore.Certificiates.ClientGeneratedSigning).PrivateKey); // Check status of the certificates we're using Console.WriteLine("Checking status of own certificates ..."); CertificateStatus(client, store.GetCertificate(CertStore.Certificiates.ClientIssuedSigning)); CertificateStatus(client, store.GetCertificate(CertStore.Certificiates.ClientIssuedEncryption)); /* * Console.WriteLine("Getting all our own certificates"); * GetOwnCertificiateList(client); */ Console.WriteLine("Renewing own certificates"); var renewedCerts = RenewCertificates(client, store); Console.WriteLine("Using certificates issued to client ..."); xmlSigningStrategy.SetClientCertificate(new X509Certificate2(renewedCerts.SigningCert), (RSACryptoServiceProvider)store.GetCertificate(CertStore.Certificiates.ClientGeneratedSigning).PrivateKey); // Revoke the newly renew'ed certificates // Note: Revoking this certificate will force you to request new certificates based on the locally generated ones // client.RevokeCertificates(KeyGeneratorTypeType.software, new[] { HexToDec(new X509Certificate2(renewedCerts.EncryptionCert).SerialNumber) }); /* * // Revoke all certificates except our initial ones. * client.RevokeAllCertificates(KeyGeneratorTypeType.software, new[] { * new X509Certificate2(ownInitialEncryptionCert).SerialNumber, * new X509Certificate2(ownInitialigningCert).SerialNumber, * }); */ Console.WriteLine("Press enter to close."); Console.ReadLine(); }