static void Add(ObjectType type, X509Store store, string file, string password, bool verbose)
{
switch (type)
{
case ObjectType.Certificate:
X509CertificateCollection coll = LoadCertificates(file, password, verbose);
foreach (X509Certificate x509 in coll)
{
store.Import(x509);
}
Console.WriteLine("{0} certificate(s) added to store {1}.",
coll.Count, store.Name);
break;
case ObjectType.CRL:
ArrayList list = LoadCRLs(file);
foreach (X509Crl crl in list)
{
store.Import(crl);
}
Console.WriteLine("{0} CRL(s) added to store {1}.",
list.Count, store.Name);
break;
default:
throw new NotSupportedException(type.ToString());
}
}
static void Download(string url, X509Store store)
{
if (verbose)
{
Console.WriteLine("Downloading: {0}", url);
}
WebClient wc = new WebClient();
string error = "download";
try {
byte [] data = wc.DownloadData(url);
error = "decode";
X509Crl crl = new X509Crl(data);
error = "import";
store.Import(crl);
}
catch (Exception e) {
Console.WriteLine("ERROR: could not {0}: {1}", error, url);
if (verbose)
{
Console.WriteLine(e);
Console.WriteLine();
}
}
}
public static bool LdapSSLHandler(System.Security.Cryptography.X509Certificates.X509Certificate certificate, int[] certificateErrors)
{
#if !MONO
X509Store store = null;
X509Stores stores = X509StoreManager.LocalMachine;
store = stores.TrustedRoot;
X509Certificate x509 = null;
byte[] data = certificate.GetRawCertData();
if (data != null)
{
x509 = new X509Certificate(data);
}
if (x509 != null)
{
//coll.Add(x509);
if (!store.Certificates.Contains(x509))
{
store.Import(x509);
}
}
#endif
return(true);
}
ImportResult ImportToStore(CertStoreId storeId, X509CertificateCollection roots, X509Store store)
{
var addedResult = new List <X509Certificate>();
var removedResult = new List <X509Certificate>();
var trusted = store.Certificates;
Log("I already trust {0}, your new list has {1}", trusted.Count, roots.Count);
foreach (var root in roots)
{
if (!trusted.Contains(root))
{
try
{
store.Import(root);
Log("Certificate added: {0}", root.SubjectName);
addedResult.Add(root);
}
catch (Exception e)
{
Log("Warning: Could not import {0}", root.SubjectName);
Log(e.ToString());
}
}
}
if (addedResult.Count > 0)
{
Log("{0} new root certificates were added to your trust store.", addedResult.Count);
}
var removed = new X509CertificateCollection();
foreach (var trust in trusted)
{
if (!roots.Contains(trust))
{
removed.Add(trust);
removedResult.Add(trust);
}
}
if (removed.Count > 0)
{
Log("{0} previously trusted certificates were removed.", removed.Count);
foreach (var old in removed)
{
store.Remove(old);
Log("Certificate removed: {0}", old.SubjectName);
}
}
Log("Import process completed.");
return(new ImportResult(storeId, addedResult, removedResult));
}
static void ImportToStore(X509CertificateCollection roots, X509Store store)
{
X509CertificateCollection trusted = store.Certificates;
int additions = 0;
WriteLine("I already trust {0}, your new list has {1}", trusted.Count, roots.Count);
foreach (X509Certificate root in roots)
{
if (!trusted.Contains(root))
{
try {
store.Import(root);
WriteLine("Certificate added: {0}", root.SubjectName);
additions++;
} catch (Exception e) {
WriteLine("Warning: Could not import {0}", root.SubjectName);
WriteLine(e.ToString());
}
}
}
if (additions > 0)
{
WriteLine("{0} new root certificates were added to your trust store.", additions);
}
X509CertificateCollection removed = new X509CertificateCollection();
foreach (X509Certificate trust in trusted)
{
if (!roots.Contains(trust))
{
removed.Add(trust);
}
}
if (removed.Count > 0)
{
WriteLine("{0} previously trusted certificates were removed.", removed.Count);
foreach (X509Certificate old in removed)
{
store.Remove(old);
WriteLine("Certificate removed: {0}", old.SubjectName);
}
}
WriteLine("Import process completed.");
}
static void Download(string url, X509Store store)
{
if (verbose)
{
Console.WriteLine("Downloading: {0}", url);
}
WebClient wc = new WebClient();
string error = "download";
try {
byte [] data = wc.DownloadData(url);
error = "decode";
X509Crl crl = new X509Crl(data);
error = "import";
// warn if CRL is not current - but still allow it to be imported
if (!crl.IsCurrent && verbose)
{
Console.WriteLine("WARNING: CRL is not current: {0}", url);
}
// only import the CRL if its signature is valid and coming from a trusted root
if (VerifyCrl(crl))
{
store.Import(crl);
}
else
{
Console.WriteLine("ERROR: could not validate CRL: {0}", url);
}
}
catch (Exception e) {
Console.WriteLine("ERROR: could not {0}: {1}", error, url);
if (verbose)
{
Console.WriteLine(e);
Console.WriteLine();
}
}
}
static int Process()
{
X509CertificateCollection roots = DecodeCollection();
if (roots == null)
{
return(1);
}
else if (roots.Count == 0)
{
WriteLine("No certificates were found.");
return(0);
}
X509Stores stores;
if (userStore)
{
stores = btlsStore ? X509StoreManager.NewCurrentUser : X509StoreManager.CurrentUser;
}
else
{
stores = btlsStore ? X509StoreManager.NewLocalMachine : X509StoreManager.LocalMachine;
}
X509Store store = stores.TrustedRoot;
X509CertificateCollection trusted = store.Certificates;
int additions = 0;
WriteLine("I already trust {0}, your new list has {1}", trusted.Count, roots.Count);
foreach (X509Certificate root in roots)
{
if (!trusted.Contains(root))
{
try {
store.Import(root);
WriteLine("Certificate added: {0}", root.SubjectName);
additions++;
} catch (Exception e) {
WriteLine("Warning: Could not import {0}", root.SubjectName);
WriteLine(e.ToString());
}
}
}
if (additions > 0)
{
WriteLine("{0} new root certificates were added to your trust store.", additions);
}
X509CertificateCollection removed = new X509CertificateCollection();
foreach (X509Certificate trust in trusted)
{
if (!roots.Contains(trust))
{
removed.Add(trust);
}
}
if (removed.Count > 0)
{
WriteLine("{0} previously trusted certificates were removed.", removed.Count);
foreach (X509Certificate old in removed)
{
store.Remove(old);
WriteLine("Certificate removed: {0}", old.SubjectName);
}
}
WriteLine("Import process completed.");
return(0);
}
public static bool MySSLHandler(Syscert.X509Certificate certificate,
int[] certificateErrors)
{
X509Store store = null;
X509Stores stores = X509StoreManager.CurrentUser;
String input;
store = stores.TrustedRoot;
//Import the details of the certificate from the server.
X509Certificate x509 = null;
X509CertificateCollection coll = new X509CertificateCollection();
byte[] data = certificate.GetRawCertData();
if (data != null)
{
x509 = new X509Certificate(data);
}
//List the details of the Server
//check for ceritficate in store
X509CertificateCollection check = store.Certificates;
if (!check.Contains(x509))
{
if (bindCount == 1)
{
Console.WriteLine(" \n\nCERTIFICATE DETAILS: \n");
Console.WriteLine(" {0}X.509 v{1} Certificate", (x509.IsSelfSigned ? "Self-signed " : String.Empty), x509.Version);
Console.WriteLine(" Serial Number: {0}", CryptoConvert.ToHex(x509.SerialNumber));
Console.WriteLine(" Issuer Name: {0}", x509.IssuerName);
Console.WriteLine(" Subject Name: {0}", x509.SubjectName);
Console.WriteLine(" Valid From: {0}", x509.ValidFrom);
Console.WriteLine(" Valid Until: {0}", x509.ValidUntil);
Console.WriteLine(" Unique Hash: {0}", CryptoConvert.ToHex(x509.Hash));
Console.WriteLine();
}
//Get the response from the Client
do
{
Console.WriteLine("\nDo you want to proceed with the connection (y/n)?");
input = Console.ReadLine();
if (input == "y" || input == "Y")
{
bHowToProceed = true;
}
if (input == "n" || input == "N")
{
bHowToProceed = false;
}
} while (input != "y" && input != "Y" && input != "n" && input != "N");
}
else
{
if (bHowToProceed == true)
{
//Add the certificate to the store.
if (x509 != null)
{
coll.Add(x509);
}
store.Import(x509);
if (bindCount == 1)
{
removeFlag = true;
}
}
}
if (bHowToProceed == false)
{
//Remove the certificate added from the store.
if (removeFlag == true && bindCount > 1)
{
foreach (X509Certificate xt509 in store.Certificates)
{
if (CryptoConvert.ToHex(xt509.Hash) == CryptoConvert.ToHex(x509.Hash))
{
store.Remove(x509);
}
}
}
Console.WriteLine("SSL Bind Failed.");
}
return(bHowToProceed);
}
private string ServerCertValidate()
{
string errorMessage = String.Empty;
X509Store store = WorkContext.IsMono ? X509StoreManager.CurrentUser.TrustedRoot :
X509StoreManager.LocalMachine.TrustedRoot;
try
{
var storage = StorageFactory.GetStorage("-1", "certs");
// Import the details of the certificate from the server.
lock (rootSync)
{
X509Certificate x509 = null;
if (certificate != null)
{
byte[] data = certificate.GetRawCertData();
if (data != null)
{
x509 = new X509Certificate(data);
}
else
{
errorMessage = "certificate.GetRawCertData is null";
log.Error(errorMessage);
return(errorMessage);
}
// Check for ceritficate in store.
if (!store.Certificates.Contains(x509))
{
if (storage.IsFile("ldap/ldap.cer"))
{
var storageData = GetCertificateFromStorage(storage);
var storageX509 = new X509Certificate(storageData);
if (CompareHash(storageX509.Hash, x509.Hash))
{
// Add the certificate to the store.
store.Import(storageX509);
store.Certificates.Add(storageX509);
return(String.Empty);
}
}
errorMessage = String.Format("LDAP TlsHandler. Certificate not found in certificate store. {0}.", x509.IssuerName);
log.Error(errorMessage);
return(errorMessage);
}
log.DebugFormat("LDAP TlsHandler. Certificate found in certificate store. {0}.", x509.IssuerName);
}
else
{
// for AD
if (storage.IsFile("ldap/ldap.cer"))
{
var storageData = GetCertificateFromStorage(storage);
var storageX509 = new X509Certificate(storageData);
// Add the certificate to the store.
store.Import(storageX509);
store.Certificates.Add(storageX509);
return(String.Empty);
}
else
{
errorMessage = "LDAP TlsHandler. Certificate not found in certificate store.";
log.Error(errorMessage);
return(errorMessage);
}
}
}
return(String.Empty);
}
catch (Exception ex)
{
errorMessage = String.Format("LDAP TlsHandler. Error: {0}. {1}.",
ex.ToString(), ex.InnerException != null ? ex.InnerException.ToString() : string.Empty);
log.Error(errorMessage);
return(errorMessage);
}
}
static void Ssl(string host, bool machine, bool verbose)
{
if (verbose)
{
Console.WriteLine("Importing certificates from '{0}' into the {1} stores.",
host, machine ? "machine" : "user");
}
int n = 0;
X509CertificateCollection coll = GetCertificatesFromSslSession(host);
if (coll != null)
{
X509Store store = null;
// start by the end (root) so we can stop adding them anytime afterward
for (int i = coll.Count - 1; i >= 0; i--)
{
X509Certificate x509 = coll [i];
bool selfsign = false;
bool failed = false;
try {
selfsign = x509.IsSelfSigned;
}
catch {
// sadly it's hard to interpret old certificates with MD2
// without manually changing the machine.config file
failed = true;
}
if (selfsign)
{
// this is a root
store = GetStoreFromName(X509Stores.Names.TrustedRoot, machine);
}
else if (i == 0)
{
// server certificate isn't (generally) an intermediate CA
store = GetStoreFromName(X509Stores.Names.OtherPeople, machine);
}
else
{
// all other certificates should be intermediate CA
store = GetStoreFromName(X509Stores.Names.IntermediateCA, machine);
}
Console.WriteLine("{0}{1}X.509 Certificate v{2}",
Environment.NewLine,
selfsign ? "Self-signed " : String.Empty,
x509.Version);
Console.WriteLine(" Issued from: {0}", x509.IssuerName);
Console.WriteLine(" Issued to: {0}", x509.SubjectName);
Console.WriteLine(" Valid from: {0}", x509.ValidFrom);
Console.WriteLine(" Valid until: {0}", x509.ValidUntil);
if (!x509.IsCurrent)
{
Console.WriteLine(" *** WARNING: Certificate isn't current ***");
}
if ((i > 0) && !selfsign)
{
X509Certificate signer = coll [i - 1];
bool signed = false;
try {
if (signer.RSA != null)
{
signed = x509.VerifySignature(signer.RSA);
}
else if (signer.DSA != null)
{
signed = x509.VerifySignature(signer.DSA);
}
else
{
Console.WriteLine(" *** WARNING: Couldn't not find who signed this certificate ***");
signed = true; // skip next warning
}
if (!signed)
{
Console.WriteLine(" *** WARNING: Certificate signature is INVALID ***");
}
}
catch {
failed = true;
}
}
if (failed)
{
Console.WriteLine(" *** ERROR: Couldn't decode certificate properly ***");
Console.WriteLine(" *** try 'man certmgr' for additional help or report to bugzilla.novell.com ***");
break;
}
if (store.Certificates.Contains(x509))
{
Console.WriteLine("This certificate is already in the {0} store.", store.Name);
}
else
{
Console.Write("Import this certificate into the {0} store ?", store.Name);
string answer = Console.ReadLine().ToUpper();
if ((answer == "YES") || (answer == "Y"))
{
store.Import(x509);
n++;
}
else
{
if (verbose)
{
Console.WriteLine("Certificate not imported into store {0}.",
store.Name);
}
break;
}
}
}
}
Console.WriteLine();
if (n == 0)
{
Console.WriteLine("No certificate were added to the stores.");
}
else
{
Console.WriteLine("{0} certificate{1} added to the stores.",
n, (n == 1) ? String.Empty : "s");
}
}
private string ServerCertValidate()
{
string errorMessage = String.Empty;
X509Store store = WorkContext.IsMono ? X509StoreManager.CurrentUser.TrustedRoot :
X509StoreManager.LocalMachine.TrustedRoot;
var storage = StorageFactory.GetStorage("-1", "certs");
try
{
CoreContext.TenantManager.SetCurrentTenant(currentTenantID);
// Import the details of the certificate from the server.
lock (rootSync)
{
var certificate = cache.Get <Syscert.X509Certificate>("ldapCertificate");
if (certificate != null)
{
byte[] data = certificate.GetRawCertData();
var x509 = new X509Certificate(data);
// Check for ceritficate in store.
if (!store.Certificates.Contains(x509))
{
if (storage.IsFile("ldap/ldap.cer"))
{
var storageData = GetCertificateFromStorage(storage);
var storageX509 = new X509Certificate(storageData);
if (CompareHash(storageX509.Hash, x509.Hash))
{
// Add the certificate to the store.
store.Import(storageX509);
store.Certificates.Add(storageX509);
return(String.Empty);
}
}
if (certificateConfirmRequest.Approved)
{
AddCertificateToStorage(storage, x509);
// Add the certificate to the store.
store.Import(x509);
store.Certificates.Add(x509);
return(String.Empty);
}
if (!certificateConfirmRequest.Requested)
{
certificateConfirmRequest.SerialNumber = CryptoConvert.ToHex(x509.SerialNumber);
certificateConfirmRequest.IssuerName = x509.IssuerName;
certificateConfirmRequest.SubjectName = x509.SubjectName;
certificateConfirmRequest.ValidFrom = x509.ValidFrom;
certificateConfirmRequest.ValidUntil = x509.ValidUntil;
certificateConfirmRequest.Hash = CryptoConvert.ToHex(x509.Hash);
var certificateErrors = cache.Get <int[]>("ldapCertificateErrors");
certificateConfirmRequest.CertificateErrors = certificateErrors.ToArray();
certificateConfirmRequest.Requested = true;
}
}
}
else
{
// for AD
if (storage.IsFile("ldap/ldap.cer"))
{
var storageData = GetCertificateFromStorage(storage);
var storageX509 = new X509Certificate(storageData);
// Add the certificate to the store.
store.Import(storageX509);
store.Certificates.Add(storageX509);
return(String.Empty);
}
else
{
errorMessage = "LDAP TlsHandler. Certificate not found in certificate store.";
log.Error(errorMessage);
return(errorMessage);
}
}
}
}
catch (Exception ex)
{
errorMessage = String.Format("LDAP TlsHandler error: {0}. {1}. store path = {2}",
ex.ToString(), ex.InnerException != null ? ex.InnerException.ToString() : string.Empty, store.Name);
log.ErrorFormat(errorMessage);
}
return(errorMessage);
}
