public void UpdateRootCertificates(IFirebaseAppPlatform app)
{
if (!InstallRootCerts.InstallationRequired)
{
return;
}
object sync = InstallRootCerts.Sync;
lock (sync)
{
if (!InstallRootCerts._attemptedWebDownload)
{
InstallRootCerts._attemptedWebDownload = true;
X509CertificateCollection x509CertificateCollection = null;
try
{
x509CertificateCollection = InstallRootCerts.DecodeWebRootCollection(app);
}
catch (Exception ex)
{
Services.Logging.LogMessage(PlatformLogLevel.Error, ex.ToString());
}
if (x509CertificateCollection != null && x509CertificateCollection.Count != 0)
{
X509Store x509Store = new X509Store(InstallRootCerts.TrustedRoot);
x509Store.Open(OpenFlags.ReadWrite);
X509CertificateCollection certificates = x509Store.Certificates;
X509CertificateCollection.X509CertificateEnumerator enumerator = x509CertificateCollection.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
X509Certificate current = enumerator.Current;
if (!certificates.Contains(current))
{
try
{
x509Store.Add((X509Certificate2)current);
}
catch (Exception ex2)
{
Services.Logging.LogMessage(PlatformLogLevel.Error, ex2.ToString());
}
}
}
}
finally
{
IDisposable disposable;
if ((disposable = (enumerator as IDisposable)) != null)
{
disposable.Dispose();
}
}
x509Store.Close();
this.HackRefreshMonoRootStore();
}
}
}
}
public void Contains()
{
X509CertificateCollection c = new X509CertificateCollection();
Assert.IsTrue(!c.Contains(x509a), "Empty-A");
Assert.IsTrue(!c.Contains(null), "Empty-Null");
c.Add(x509a);
Assert.IsTrue(c.Contains(x509a), "A-A");
Assert.IsTrue(!c.Contains(x509b), "A-B");
// works by value not by object reference
X509Certificate x = new X509Certificate(cert_a);
Assert.IsTrue(c.Contains(x), "A-x");
}
static int Process()
{
X509CertificateCollection roots = DecodeCollection();
if (roots == null)
{
return(1);
}
else if (roots.Count == 0)
{
WriteLine("No certificates were found.");
return(0);
}
X509Stores stores = userStore ? X509StoreManager.CurrentUser : X509StoreManager.LocalMachine;
X509CertificateCollection trusted = stores.TrustedRoot.Certificates;
int additions = 0;
WriteLine("I already trust {0}, your new list has {1}", trusted.Count, roots.Count);
foreach (X509Certificate root in roots)
{
if (!trusted.Contains(root))
{
try {
stores.TrustedRoot.Import(root);
WriteLine("Certificate added: {0}", root.SubjectName);
additions++;
} catch (Exception e) {
WriteLine("Warning: Could not import {0}", root.SubjectName);
WriteLine(e.ToString());
}
}
}
if (additions > 0)
{
WriteLine("{0} new root certificates were added to your trust store.", additions);
}
X509CertificateCollection removed = new X509CertificateCollection();
foreach (X509Certificate trust in trusted)
{
if (!roots.Contains(trust))
{
removed.Add(trust);
}
}
if (removed.Count > 0)
{
WriteLine("{0} previously trusted certificates were removed.", removed.Count);
foreach (X509Certificate old in removed)
{
stores.TrustedRoot.Remove(old);
WriteLine("Certificate removed: {0}", old.SubjectName);
}
}
WriteLine("Import process completed.");
return(0);
}
public static bool IsInstalled(StoreName storeName, StoreLocation storeLocation, X509Certificate2 certificate)
{
X509Store localMachineMyStore = new X509Store(storeName, storeLocation);
localMachineMyStore.Open(OpenFlags.ReadOnly);
X509CertificateCollection collection = localMachineMyStore.Certificates;
localMachineMyStore.Close();
return(collection.Contains(certificate));
}
private static bool ServerCertificateValidate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509CertificateCollection collection = store.Certificates;
bool result = collection.Contains(certificate);
store.Close();
return(result);
}
ImportResult ImportToStore(CertStoreId storeId, X509CertificateCollection roots, X509Store store)
{
var addedResult = new List <X509Certificate>();
var removedResult = new List <X509Certificate>();
var trusted = store.Certificates;
Log("I already trust {0}, your new list has {1}", trusted.Count, roots.Count);
foreach (var root in roots)
{
if (!trusted.Contains(root))
{
try
{
store.Import(root);
Log("Certificate added: {0}", root.SubjectName);
addedResult.Add(root);
}
catch (Exception e)
{
Log("Warning: Could not import {0}", root.SubjectName);
Log(e.ToString());
}
}
}
if (addedResult.Count > 0)
{
Log("{0} new root certificates were added to your trust store.", addedResult.Count);
}
var removed = new X509CertificateCollection();
foreach (var trust in trusted)
{
if (!roots.Contains(trust))
{
removed.Add(trust);
removedResult.Add(trust);
}
}
if (removed.Count > 0)
{
Log("{0} previously trusted certificates were removed.", removed.Count);
foreach (var old in removed)
{
store.Remove(old);
Log("Certificate removed: {0}", old.SubjectName);
}
}
Log("Import process completed.");
return(new ImportResult(storeId, addedResult, removedResult));
}
static void ImportToStore(X509CertificateCollection roots, X509Store store)
{
X509CertificateCollection trusted = store.Certificates;
int additions = 0;
WriteLine("I already trust {0}, your new list has {1}", trusted.Count, roots.Count);
foreach (X509Certificate root in roots)
{
if (!trusted.Contains(root))
{
try {
store.Import(root);
WriteLine("Certificate added: {0}", root.SubjectName);
additions++;
} catch (Exception e) {
WriteLine("Warning: Could not import {0}", root.SubjectName);
WriteLine(e.ToString());
}
}
}
if (additions > 0)
{
WriteLine("{0} new root certificates were added to your trust store.", additions);
}
X509CertificateCollection removed = new X509CertificateCollection();
foreach (X509Certificate trust in trusted)
{
if (!roots.Contains(trust))
{
removed.Add(trust);
}
}
if (removed.Count > 0)
{
WriteLine("{0} previously trusted certificates were removed.", removed.Count);
foreach (X509Certificate old in removed)
{
store.Remove(old);
WriteLine("Certificate removed: {0}", old.SubjectName);
}
}
WriteLine("Import process completed.");
}
public static void X509CertificateCollectionContains()
{
using (X509Certificate c1 = new X509Certificate())
using (X509Certificate c2 = new X509Certificate())
using (X509Certificate c3 = new X509Certificate())
{
X509CertificateCollection collection = new X509CertificateCollection(new X509Certificate[] { c1, c2, c3 });
Assert.True(collection.Contains(c1));
Assert.True(collection.Contains(c2));
Assert.True(collection.Contains(c3));
Assert.False(collection.Contains(null));
IList ilist = (IList)collection;
Assert.True(ilist.Contains(c1));
Assert.True(ilist.Contains(c2));
Assert.True(ilist.Contains(c3));
Assert.False(ilist.Contains(null));
Assert.False(ilist.Contains("Bogus"));
}
}
public static bool MySSLHandler(Syscert.X509Certificate certificate,
int[] certificateErrors)
{
X509Store store = null;
X509Stores stores = X509StoreManager.CurrentUser;
String input;
store = stores.TrustedRoot;
//Import the details of the certificate from the server.
X509Certificate x509 = null;
X509CertificateCollection coll = new X509CertificateCollection();
byte[] data = certificate.GetRawCertData();
if (data != null)
{
x509 = new X509Certificate(data);
}
//List the details of the Server
//check for ceritficate in store
X509CertificateCollection check = store.Certificates;
if (!check.Contains(x509))
{
if (bindCount == 1)
{
Console.WriteLine(" \n\nCERTIFICATE DETAILS: \n");
Console.WriteLine(" {0}X.509 v{1} Certificate", (x509.IsSelfSigned ? "Self-signed " : String.Empty), x509.Version);
Console.WriteLine(" Serial Number: {0}", CryptoConvert.ToHex(x509.SerialNumber));
Console.WriteLine(" Issuer Name: {0}", x509.IssuerName);
Console.WriteLine(" Subject Name: {0}", x509.SubjectName);
Console.WriteLine(" Valid From: {0}", x509.ValidFrom);
Console.WriteLine(" Valid Until: {0}", x509.ValidUntil);
Console.WriteLine(" Unique Hash: {0}", CryptoConvert.ToHex(x509.Hash));
Console.WriteLine();
}
//Get the response from the Client
do
{
Console.WriteLine("\nDo you want to proceed with the connection (y/n)?");
input = Console.ReadLine();
if (input == "y" || input == "Y")
{
bHowToProceed = true;
}
if (input == "n" || input == "N")
{
bHowToProceed = false;
}
} while (input != "y" && input != "Y" && input != "n" && input != "N");
}
else
{
if (bHowToProceed == true)
{
//Add the certificate to the store.
if (x509 != null)
{
coll.Add(x509);
}
store.Import(x509);
if (bindCount == 1)
{
removeFlag = true;
}
}
}
if (bHowToProceed == false)
{
//Remove the certificate added from the store.
if (removeFlag == true && bindCount > 1)
{
foreach (X509Certificate xt509 in store.Certificates)
{
if (CryptoConvert.ToHex(xt509.Hash) == CryptoConvert.ToHex(x509.Hash))
{
store.Remove(x509);
}
}
}
Console.WriteLine("SSL Bind Failed.");
}
return(bHowToProceed);
}
public X509CertificateCollection Install(IFirebaseAppPlatform app)
{
if (!InstallRootCerts.InstallationRequired)
{
return(null);
}
object sync = InstallRootCerts.Sync;
X509CertificateCollection result;
lock (sync)
{
X509CertificateCollection x509CertificateCollection;
if (InstallRootCerts._installedRoots.TryGetValue(app, out x509CertificateCollection))
{
result = x509CertificateCollection;
}
else
{
x509CertificateCollection = new X509CertificateCollection();
string text = Path.Combine(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), ".mono"), "certs");
bool flag = false;
try
{
flag = (Directory.Exists(text) || Directory.CreateDirectory(text) != null);
}
catch (Exception)
{
}
if (!flag)
{
string writeablePath = Services.AppConfig.GetWriteablePath(app);
if (!string.IsNullOrEmpty(writeablePath))
{
Services.Logging.LogMessage(PlatformLogLevel.Debug, string.Format("Saving root certs in {0} ({1} is not writable)", writeablePath, text));
Environment.SetEnvironmentVariable("XDG_CONFIG_HOME", writeablePath);
text = writeablePath;
this.HackRefreshMonoRootStore();
}
}
X509CertificateCollection value = InstallRootCerts.DecodeDefaultCollection();
X509CertificateCollection x509CertificateCollection2 = InstallRootCerts.DecodeCollection(app);
if (string.Equals(app.Name, FirebaseHandler.AppUtils.GetDefaultInstanceName()))
{
x509CertificateCollection2.AddRange(value);
x509CertificateCollection = x509CertificateCollection2;
}
else
{
x509CertificateCollection.AddRange(value);
}
InstallRootCerts._installedRoots[app] = x509CertificateCollection2;
if (x509CertificateCollection.Count == 0)
{
result = x509CertificateCollection;
}
else
{
InstallRootCerts.InstallDefaultCRLs("Firebase.Platform.cacrl_pem.txt", Path.Combine(text, InstallRootCerts.TrustedRoot));
InstallRootCerts.InstallDefaultCRLs("Firebase.Platform.caintermediatecrl_pem.txt", Path.Combine(text, InstallRootCerts.IntermediateCA));
Services.Logging.LogMessage(PlatformLogLevel.Debug, string.Format("Installing {0} certs", x509CertificateCollection2.Count));
X509Store x509Store = new X509Store(InstallRootCerts.TrustedRoot);
x509Store.Open(OpenFlags.ReadWrite);
X509CertificateCollection certificates = x509Store.Certificates;
X509CertificateCollection.X509CertificateEnumerator enumerator = x509CertificateCollection.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
X509Certificate current = enumerator.Current;
if (!certificates.Contains(current))
{
try
{
x509Store.Add((X509Certificate2)current);
}
catch (Exception ex)
{
Services.Logging.LogMessage(PlatformLogLevel.Error, ex.ToString());
}
}
}
}
finally
{
IDisposable disposable;
if ((disposable = (enumerator as IDisposable)) != null)
{
disposable.Dispose();
}
}
x509Store.Close();
result = x509CertificateCollection;
}
}
}
return(result);
}
static int Process()
{
X509CertificateCollection roots = DecodeCollection();
if (roots == null)
{
return(1);
}
else if (roots.Count == 0)
{
WriteLine("No certificates were found.");
return(0);
}
if (pkcs7filename != null)
{
SoftwarePublisherCertificate pkcs7 = new SoftwarePublisherCertificate();
pkcs7.Certificates.AddRange(roots);
WriteLine("Saving root certificates into '{0}' file...", pkcs7filename);
using (FileStream fs = File.OpenWrite(pkcs7filename)) {
byte[] data = pkcs7.GetBytes();
fs.Write(data, 0, data.Length);
fs.Close();
}
}
if (import)
{
WriteLine("Importing certificates into {0} store...",
machine ? "machine" : "user");
X509Stores stores = (machine ? X509StoreManager.LocalMachine : X509StoreManager.CurrentUser);
X509CertificateCollection trusted = stores.TrustedRoot.Certificates;
int additions = 0;
foreach (X509Certificate root in roots)
{
if (!trusted.Contains(root))
{
if (!confirmAddition || AskConfirmation("add", root))
{
stores.TrustedRoot.Import(root);
if (confirmAddition)
{
WriteLine("Certificate added.{0}", Environment.NewLine);
}
additions++;
}
}
}
if (additions > 0)
{
WriteLine("{0} new root certificates were added to your trust store.", additions);
}
X509CertificateCollection removed = new X509CertificateCollection();
foreach (X509Certificate trust in trusted)
{
if (!roots.Contains(trust))
{
removed.Add(trust);
}
}
if (removed.Count > 0)
{
if (confirmRemoval)
{
WriteLine("{0} previously trusted certificates were not part of the update.", removed.Count);
}
else
{
WriteLine("{0} previously trusted certificates were removed.", removed.Count);
}
foreach (X509Certificate old in removed)
{
if (!confirmRemoval || AskConfirmation("remove", old))
{
stores.TrustedRoot.Remove(old);
if (confirmRemoval)
{
WriteLine("Certificate removed.{0}", Environment.NewLine);
}
}
}
}
WriteLine("Import process completed.{0}", Environment.NewLine);
}
return(0);
}
static int Process()
{
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => {
if (sslPolicyErrors != System.Net.Security.SslPolicyErrors.None)
{
Console.WriteLine("WARNING: Downloading the trusted certificate list couldn't be done securely (error: {0}), continuing anyway. If you're using mozroots to bootstrap Mono's trust store on a clean system this might be OK, otherwise it could indicate a network intrusion. Please ensure you're using a trusted network or move to cert-sync.", sslPolicyErrors);
}
// this is very bad, but on a clean system without an existing trust store we don't really have a better option
return(true);
};
X509CertificateCollection roots = DecodeCollection();
if (roots == null)
{
return(1);
}
else if (roots.Count == 0)
{
WriteLine("No certificates were found.");
return(0);
}
if (pkcs7filename != null)
{
SoftwarePublisherCertificate pkcs7 = new SoftwarePublisherCertificate();
pkcs7.Certificates.AddRange(roots);
WriteLine("Saving root certificates into '{0}' file...", pkcs7filename);
using (FileStream fs = File.OpenWrite(pkcs7filename)) {
byte[] data = pkcs7.GetBytes();
fs.Write(data, 0, data.Length);
fs.Close();
}
}
if (import)
{
WriteLine("Importing certificates into {0} store...",
machine ? "machine" : "user");
X509Stores stores = (machine ? X509StoreManager.LocalMachine : X509StoreManager.CurrentUser);
X509CertificateCollection trusted = stores.TrustedRoot.Certificates;
int additions = 0;
foreach (X509Certificate root in roots)
{
if (!trusted.Contains(root))
{
if (!confirmAddition || AskConfirmation("add", root))
{
stores.TrustedRoot.Import(root);
if (confirmAddition)
{
WriteLine("Certificate added.{0}", Environment.NewLine);
}
additions++;
}
}
}
if (additions > 0)
{
WriteLine("{0} new root certificates were added to your trust store.", additions);
}
X509CertificateCollection removed = new X509CertificateCollection();
foreach (X509Certificate trust in trusted)
{
if (!roots.Contains(trust))
{
removed.Add(trust);
}
}
if (removed.Count > 0)
{
if (confirmRemoval)
{
WriteLine("{0} previously trusted certificates were not part of the update.", removed.Count);
}
else
{
WriteLine("{0} previously trusted certificates were removed.", removed.Count);
}
foreach (X509Certificate old in removed)
{
if (!confirmRemoval || AskConfirmation("remove", old))
{
stores.TrustedRoot.Remove(old);
if (confirmRemoval)
{
WriteLine("Certificate removed.{0}", Environment.NewLine);
}
}
}
}
WriteLine("Import process completed.{0}", Environment.NewLine);
}
return(0);
}