示例#1
0
        static void Add(ObjectType type, X509Store store, string file, string password, bool verbose)
        {
            switch (type)
            {
            case ObjectType.Certificate:
                X509CertificateCollection coll = LoadCertificates(file, password, verbose);
                foreach (X509Certificate x509 in coll)
                {
                    store.Import(x509);
                }
                Console.WriteLine("{0} certificate(s) added to store {1}.",
                                  coll.Count, store.Name);
                break;

            case ObjectType.CRL:
                ArrayList list = LoadCRLs(file);
                foreach (X509Crl crl in list)
                {
                    store.Import(crl);
                }
                Console.WriteLine("{0} CRL(s) added to store {1}.",
                                  list.Count, store.Name);
                break;

            default:
                throw new NotSupportedException(type.ToString());
            }
        }
示例#2
0
        static void Download(string url, X509Store store)
        {
            if (verbose)
            {
                Console.WriteLine("Downloading: {0}", url);
            }

            WebClient wc    = new WebClient();
            string    error = "download";

            try {
                byte [] data = wc.DownloadData(url);
                error = "decode";
                X509Crl crl = new X509Crl(data);
                error = "import";
                store.Import(crl);
            }
            catch (Exception e) {
                Console.WriteLine("ERROR: could not {0}: {1}", error, url);
                if (verbose)
                {
                    Console.WriteLine(e);
                    Console.WriteLine();
                }
            }
        }
示例#3
0
        public static bool LdapSSLHandler(System.Security.Cryptography.X509Certificates.X509Certificate certificate, int[] certificateErrors)
        {
#if !MONO
            X509Store  store  = null;
            X509Stores stores = X509StoreManager.LocalMachine;
            store = stores.TrustedRoot;
            X509Certificate x509 = null;

            byte[] data = certificate.GetRawCertData();
            if (data != null)
            {
                x509 = new X509Certificate(data);
            }

            if (x509 != null)
            {
                //coll.Add(x509);
                if (!store.Certificates.Contains(x509))
                {
                    store.Import(x509);
                }
            }
#endif

            return(true);
        }
示例#4
0
    ImportResult ImportToStore(CertStoreId storeId, X509CertificateCollection roots, X509Store store)
    {
        var addedResult   = new List <X509Certificate>();
        var removedResult = new List <X509Certificate>();

        var trusted = store.Certificates;

        Log("I already trust {0}, your new list has {1}", trusted.Count, roots.Count);
        foreach (var root in roots)
        {
            if (!trusted.Contains(root))
            {
                try
                {
                    store.Import(root);
                    Log("Certificate added: {0}", root.SubjectName);
                    addedResult.Add(root);
                }
                catch (Exception e)
                {
                    Log("Warning: Could not import {0}", root.SubjectName);
                    Log(e.ToString());
                }
            }
        }
        if (addedResult.Count > 0)
        {
            Log("{0} new root certificates were added to your trust store.", addedResult.Count);
        }

        var removed = new X509CertificateCollection();

        foreach (var trust in trusted)
        {
            if (!roots.Contains(trust))
            {
                removed.Add(trust);
                removedResult.Add(trust);
            }
        }
        if (removed.Count > 0)
        {
            Log("{0} previously trusted certificates were removed.", removed.Count);

            foreach (var old in removed)
            {
                store.Remove(old);
                Log("Certificate removed: {0}", old.SubjectName);
            }
        }
        Log("Import process completed.");

        return(new ImportResult(storeId, addedResult, removedResult));
    }
示例#5
0
文件: cert-sync.cs 项目: tekkies/mono
        static void ImportToStore(X509CertificateCollection roots, X509Store store)
        {
            X509CertificateCollection trusted = store.Certificates;
            int additions = 0;

            WriteLine("I already trust {0}, your new list has {1}", trusted.Count, roots.Count);
            foreach (X509Certificate root in roots)
            {
                if (!trusted.Contains(root))
                {
                    try {
                        store.Import(root);
                        WriteLine("Certificate added: {0}", root.SubjectName);
                        additions++;
                    } catch (Exception e) {
                        WriteLine("Warning: Could not import {0}", root.SubjectName);
                        WriteLine(e.ToString());
                    }
                }
            }
            if (additions > 0)
            {
                WriteLine("{0} new root certificates were added to your trust store.", additions);
            }

            X509CertificateCollection removed = new X509CertificateCollection();

            foreach (X509Certificate trust in trusted)
            {
                if (!roots.Contains(trust))
                {
                    removed.Add(trust);
                }
            }
            if (removed.Count > 0)
            {
                WriteLine("{0} previously trusted certificates were removed.", removed.Count);

                foreach (X509Certificate old in removed)
                {
                    store.Remove(old);
                    WriteLine("Certificate removed: {0}", old.SubjectName);
                }
            }
            WriteLine("Import process completed.");
        }
示例#6
0
        static void Download(string url, X509Store store)
        {
            if (verbose)
            {
                Console.WriteLine("Downloading: {0}", url);
            }

            WebClient wc    = new WebClient();
            string    error = "download";

            try {
                byte [] data = wc.DownloadData(url);
                error = "decode";
                X509Crl crl = new X509Crl(data);
                error = "import";
                // warn if CRL is not current - but still allow it to be imported
                if (!crl.IsCurrent && verbose)
                {
                    Console.WriteLine("WARNING: CRL is not current: {0}", url);
                }

                // only import the CRL if its signature is valid and coming from a trusted root
                if (VerifyCrl(crl))
                {
                    store.Import(crl);
                }
                else
                {
                    Console.WriteLine("ERROR: could not validate CRL: {0}", url);
                }
            }
            catch (Exception e) {
                Console.WriteLine("ERROR: could not {0}: {1}", error, url);
                if (verbose)
                {
                    Console.WriteLine(e);
                    Console.WriteLine();
                }
            }
        }
示例#7
0
        static int Process()
        {
            X509CertificateCollection roots = DecodeCollection();

            if (roots == null)
            {
                return(1);
            }
            else if (roots.Count == 0)
            {
                WriteLine("No certificates were found.");
                return(0);
            }

            X509Stores stores;

            if (userStore)
            {
                stores = btlsStore ? X509StoreManager.NewCurrentUser : X509StoreManager.CurrentUser;
            }
            else
            {
                stores = btlsStore ? X509StoreManager.NewLocalMachine : X509StoreManager.LocalMachine;
            }
            X509Store store = stores.TrustedRoot;
            X509CertificateCollection trusted = store.Certificates;
            int additions = 0;

            WriteLine("I already trust {0}, your new list has {1}", trusted.Count, roots.Count);
            foreach (X509Certificate root in roots)
            {
                if (!trusted.Contains(root))
                {
                    try {
                        store.Import(root);
                        WriteLine("Certificate added: {0}", root.SubjectName);
                        additions++;
                    } catch (Exception e) {
                        WriteLine("Warning: Could not import {0}", root.SubjectName);
                        WriteLine(e.ToString());
                    }
                }
            }
            if (additions > 0)
            {
                WriteLine("{0} new root certificates were added to your trust store.", additions);
            }

            X509CertificateCollection removed = new X509CertificateCollection();

            foreach (X509Certificate trust in trusted)
            {
                if (!roots.Contains(trust))
                {
                    removed.Add(trust);
                }
            }
            if (removed.Count > 0)
            {
                WriteLine("{0} previously trusted certificates were removed.", removed.Count);

                foreach (X509Certificate old in removed)
                {
                    store.Remove(old);
                    WriteLine("Certificate removed: {0}", old.SubjectName);
                }
            }
            WriteLine("Import process completed.");
            return(0);
        }
示例#8
0
        public static bool MySSLHandler(Syscert.X509Certificate certificate,
                                        int[] certificateErrors)
        {
            X509Store  store  = null;
            X509Stores stores = X509StoreManager.CurrentUser;
            String     input;

            store = stores.TrustedRoot;


            //Import the details of the certificate from the server.

            X509Certificate           x509 = null;
            X509CertificateCollection coll = new X509CertificateCollection();

            byte[] data = certificate.GetRawCertData();
            if (data != null)
            {
                x509 = new X509Certificate(data);
            }

            //List the details of the Server

            //check for ceritficate in store
            X509CertificateCollection check = store.Certificates;

            if (!check.Contains(x509))
            {
                if (bindCount == 1)
                {
                    Console.WriteLine(" \n\nCERTIFICATE DETAILS: \n");
                    Console.WriteLine(" {0}X.509 v{1} Certificate", (x509.IsSelfSigned ? "Self-signed " : String.Empty), x509.Version);
                    Console.WriteLine("  Serial Number: {0}", CryptoConvert.ToHex(x509.SerialNumber));
                    Console.WriteLine("  Issuer Name:   {0}", x509.IssuerName);
                    Console.WriteLine("  Subject Name:  {0}", x509.SubjectName);
                    Console.WriteLine("  Valid From:    {0}", x509.ValidFrom);
                    Console.WriteLine("  Valid Until:   {0}", x509.ValidUntil);
                    Console.WriteLine("  Unique Hash:   {0}", CryptoConvert.ToHex(x509.Hash));
                    Console.WriteLine();
                }

                //Get the response from the Client
                do
                {
                    Console.WriteLine("\nDo you want to proceed with the connection (y/n)?");
                    input = Console.ReadLine();
                    if (input == "y" || input == "Y")
                    {
                        bHowToProceed = true;
                    }
                    if (input == "n" || input == "N")
                    {
                        bHowToProceed = false;
                    }
                } while (input != "y" && input != "Y" && input != "n" && input != "N");
            }
            else
            {
                if (bHowToProceed == true)
                {
                    //Add the certificate to the store.

                    if (x509 != null)
                    {
                        coll.Add(x509);
                    }
                    store.Import(x509);
                    if (bindCount == 1)
                    {
                        removeFlag = true;
                    }
                }
            }
            if (bHowToProceed == false)
            {
                //Remove the certificate added from the store.

                if (removeFlag == true && bindCount > 1)
                {
                    foreach (X509Certificate xt509 in store.Certificates)
                    {
                        if (CryptoConvert.ToHex(xt509.Hash) == CryptoConvert.ToHex(x509.Hash))
                        {
                            store.Remove(x509);
                        }
                    }
                }
                Console.WriteLine("SSL Bind Failed.");
            }
            return(bHowToProceed);
        }
        private string ServerCertValidate()
        {
            string    errorMessage = String.Empty;
            X509Store store        = WorkContext.IsMono ? X509StoreManager.CurrentUser.TrustedRoot :
                                     X509StoreManager.LocalMachine.TrustedRoot;

            try
            {
                var storage = StorageFactory.GetStorage("-1", "certs");
                // Import the details of the certificate from the server.
                lock (rootSync)
                {
                    X509Certificate x509 = null;
                    if (certificate != null)
                    {
                        byte[] data = certificate.GetRawCertData();
                        if (data != null)
                        {
                            x509 = new X509Certificate(data);
                        }
                        else
                        {
                            errorMessage = "certificate.GetRawCertData is null";
                            log.Error(errorMessage);
                            return(errorMessage);
                        }
                        // Check for ceritficate in store.
                        if (!store.Certificates.Contains(x509))
                        {
                            if (storage.IsFile("ldap/ldap.cer"))
                            {
                                var storageData = GetCertificateFromStorage(storage);
                                var storageX509 = new X509Certificate(storageData);
                                if (CompareHash(storageX509.Hash, x509.Hash))
                                {
                                    // Add the certificate to the store.
                                    store.Import(storageX509);
                                    store.Certificates.Add(storageX509);
                                    return(String.Empty);
                                }
                            }
                            errorMessage = String.Format("LDAP TlsHandler. Certificate not found in certificate store. {0}.", x509.IssuerName);
                            log.Error(errorMessage);
                            return(errorMessage);
                        }
                        log.DebugFormat("LDAP TlsHandler. Certificate found in certificate store. {0}.", x509.IssuerName);
                    }
                    else
                    {
                        // for AD
                        if (storage.IsFile("ldap/ldap.cer"))
                        {
                            var storageData = GetCertificateFromStorage(storage);
                            var storageX509 = new X509Certificate(storageData);
                            // Add the certificate to the store.
                            store.Import(storageX509);
                            store.Certificates.Add(storageX509);
                            return(String.Empty);
                        }
                        else
                        {
                            errorMessage = "LDAP TlsHandler. Certificate not found in certificate store.";
                            log.Error(errorMessage);
                            return(errorMessage);
                        }
                    }
                }
                return(String.Empty);
            }
            catch (Exception ex)
            {
                errorMessage = String.Format("LDAP TlsHandler. Error: {0}. {1}.",
                                             ex.ToString(), ex.InnerException != null ? ex.InnerException.ToString() : string.Empty);
                log.Error(errorMessage);
                return(errorMessage);
            }
        }
示例#10
0
        static void Ssl(string host, bool machine, bool verbose)
        {
            if (verbose)
            {
                Console.WriteLine("Importing certificates from '{0}' into the {1} stores.",
                                  host, machine ? "machine" : "user");
            }
            int n = 0;

            X509CertificateCollection coll = GetCertificatesFromSslSession(host);

            if (coll != null)
            {
                X509Store store = null;
                // start by the end (root) so we can stop adding them anytime afterward
                for (int i = coll.Count - 1; i >= 0; i--)
                {
                    X509Certificate x509     = coll [i];
                    bool            selfsign = false;
                    bool            failed   = false;
                    try {
                        selfsign = x509.IsSelfSigned;
                    }
                    catch {
                        // sadly it's hard to interpret old certificates with MD2
                        // without manually changing the machine.config file
                        failed = true;
                    }

                    if (selfsign)
                    {
                        // this is a root
                        store = GetStoreFromName(X509Stores.Names.TrustedRoot, machine);
                    }
                    else if (i == 0)
                    {
                        // server certificate isn't (generally) an intermediate CA
                        store = GetStoreFromName(X509Stores.Names.OtherPeople, machine);
                    }
                    else
                    {
                        // all other certificates should be intermediate CA
                        store = GetStoreFromName(X509Stores.Names.IntermediateCA, machine);
                    }

                    Console.WriteLine("{0}{1}X.509 Certificate v{2}",
                                      Environment.NewLine,
                                      selfsign ? "Self-signed " : String.Empty,
                                      x509.Version);
                    Console.WriteLine("   Issued from: {0}", x509.IssuerName);
                    Console.WriteLine("   Issued to:   {0}", x509.SubjectName);
                    Console.WriteLine("   Valid from:  {0}", x509.ValidFrom);
                    Console.WriteLine("   Valid until: {0}", x509.ValidUntil);

                    if (!x509.IsCurrent)
                    {
                        Console.WriteLine("   *** WARNING: Certificate isn't current ***");
                    }
                    if ((i > 0) && !selfsign)
                    {
                        X509Certificate signer = coll [i - 1];
                        bool            signed = false;
                        try {
                            if (signer.RSA != null)
                            {
                                signed = x509.VerifySignature(signer.RSA);
                            }
                            else if (signer.DSA != null)
                            {
                                signed = x509.VerifySignature(signer.DSA);
                            }
                            else
                            {
                                Console.WriteLine("   *** WARNING: Couldn't not find who signed this certificate ***");
                                signed = true;                                 // skip next warning
                            }

                            if (!signed)
                            {
                                Console.WriteLine("   *** WARNING: Certificate signature is INVALID ***");
                            }
                        }
                        catch {
                            failed = true;
                        }
                    }
                    if (failed)
                    {
                        Console.WriteLine("   *** ERROR: Couldn't decode certificate properly ***");
                        Console.WriteLine("   *** try 'man certmgr' for additional help or report to bugzilla.novell.com ***");
                        break;
                    }

                    if (store.Certificates.Contains(x509))
                    {
                        Console.WriteLine("This certificate is already in the {0} store.", store.Name);
                    }
                    else
                    {
                        Console.Write("Import this certificate into the {0} store ?", store.Name);
                        string answer = Console.ReadLine().ToUpper();
                        if ((answer == "YES") || (answer == "Y"))
                        {
                            store.Import(x509);
                            n++;
                        }
                        else
                        {
                            if (verbose)
                            {
                                Console.WriteLine("Certificate not imported into store {0}.",
                                                  store.Name);
                            }
                            break;
                        }
                    }
                }
            }

            Console.WriteLine();
            if (n == 0)
            {
                Console.WriteLine("No certificate were added to the stores.");
            }
            else
            {
                Console.WriteLine("{0} certificate{1} added to the stores.",
                                  n, (n == 1) ? String.Empty : "s");
            }
        }
        private string ServerCertValidate()
        {
            string    errorMessage = String.Empty;
            X509Store store        = WorkContext.IsMono ? X509StoreManager.CurrentUser.TrustedRoot :
                                     X509StoreManager.LocalMachine.TrustedRoot;
            var storage = StorageFactory.GetStorage("-1", "certs");

            try
            {
                CoreContext.TenantManager.SetCurrentTenant(currentTenantID);

                // Import the details of the certificate from the server.
                lock (rootSync)
                {
                    var certificate = cache.Get <Syscert.X509Certificate>("ldapCertificate");
                    if (certificate != null)
                    {
                        byte[] data = certificate.GetRawCertData();
                        var    x509 = new X509Certificate(data);
                        // Check for ceritficate in store.
                        if (!store.Certificates.Contains(x509))
                        {
                            if (storage.IsFile("ldap/ldap.cer"))
                            {
                                var storageData = GetCertificateFromStorage(storage);
                                var storageX509 = new X509Certificate(storageData);
                                if (CompareHash(storageX509.Hash, x509.Hash))
                                {
                                    // Add the certificate to the store.
                                    store.Import(storageX509);
                                    store.Certificates.Add(storageX509);
                                    return(String.Empty);
                                }
                            }
                            if (certificateConfirmRequest.Approved)
                            {
                                AddCertificateToStorage(storage, x509);
                                // Add the certificate to the store.
                                store.Import(x509);
                                store.Certificates.Add(x509);
                                return(String.Empty);
                            }
                            if (!certificateConfirmRequest.Requested)
                            {
                                certificateConfirmRequest.SerialNumber = CryptoConvert.ToHex(x509.SerialNumber);
                                certificateConfirmRequest.IssuerName   = x509.IssuerName;
                                certificateConfirmRequest.SubjectName  = x509.SubjectName;
                                certificateConfirmRequest.ValidFrom    = x509.ValidFrom;
                                certificateConfirmRequest.ValidUntil   = x509.ValidUntil;
                                certificateConfirmRequest.Hash         = CryptoConvert.ToHex(x509.Hash);
                                var certificateErrors = cache.Get <int[]>("ldapCertificateErrors");
                                certificateConfirmRequest.CertificateErrors = certificateErrors.ToArray();
                                certificateConfirmRequest.Requested         = true;
                            }
                        }
                    }
                    else
                    {
                        // for AD
                        if (storage.IsFile("ldap/ldap.cer"))
                        {
                            var storageData = GetCertificateFromStorage(storage);
                            var storageX509 = new X509Certificate(storageData);
                            // Add the certificate to the store.
                            store.Import(storageX509);
                            store.Certificates.Add(storageX509);
                            return(String.Empty);
                        }
                        else
                        {
                            errorMessage = "LDAP TlsHandler. Certificate not found in certificate store.";
                            log.Error(errorMessage);
                            return(errorMessage);
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                errorMessage = String.Format("LDAP TlsHandler error: {0}. {1}. store path = {2}",
                                             ex.ToString(), ex.InnerException != null ? ex.InnerException.ToString() : string.Empty, store.Name);
                log.ErrorFormat(errorMessage);
            }
            return(errorMessage);
        }