static void Add(ObjectType type, X509Store store, string file, string password, bool verbose) { switch (type) { case ObjectType.Certificate: X509CertificateCollection coll = LoadCertificates(file, password, verbose); foreach (X509Certificate x509 in coll) { store.Import(x509); } Console.WriteLine("{0} certificate(s) added to store {1}.", coll.Count, store.Name); break; case ObjectType.CRL: ArrayList list = LoadCRLs(file); foreach (X509Crl crl in list) { store.Import(crl); } Console.WriteLine("{0} CRL(s) added to store {1}.", list.Count, store.Name); break; default: throw new NotSupportedException(type.ToString()); } }
static void Download(string url, X509Store store) { if (verbose) { Console.WriteLine("Downloading: {0}", url); } WebClient wc = new WebClient(); string error = "download"; try { byte [] data = wc.DownloadData(url); error = "decode"; X509Crl crl = new X509Crl(data); error = "import"; store.Import(crl); } catch (Exception e) { Console.WriteLine("ERROR: could not {0}: {1}", error, url); if (verbose) { Console.WriteLine(e); Console.WriteLine(); } } }
public static bool LdapSSLHandler(System.Security.Cryptography.X509Certificates.X509Certificate certificate, int[] certificateErrors) { #if !MONO X509Store store = null; X509Stores stores = X509StoreManager.LocalMachine; store = stores.TrustedRoot; X509Certificate x509 = null; byte[] data = certificate.GetRawCertData(); if (data != null) { x509 = new X509Certificate(data); } if (x509 != null) { //coll.Add(x509); if (!store.Certificates.Contains(x509)) { store.Import(x509); } } #endif return(true); }
ImportResult ImportToStore(CertStoreId storeId, X509CertificateCollection roots, X509Store store) { var addedResult = new List <X509Certificate>(); var removedResult = new List <X509Certificate>(); var trusted = store.Certificates; Log("I already trust {0}, your new list has {1}", trusted.Count, roots.Count); foreach (var root in roots) { if (!trusted.Contains(root)) { try { store.Import(root); Log("Certificate added: {0}", root.SubjectName); addedResult.Add(root); } catch (Exception e) { Log("Warning: Could not import {0}", root.SubjectName); Log(e.ToString()); } } } if (addedResult.Count > 0) { Log("{0} new root certificates were added to your trust store.", addedResult.Count); } var removed = new X509CertificateCollection(); foreach (var trust in trusted) { if (!roots.Contains(trust)) { removed.Add(trust); removedResult.Add(trust); } } if (removed.Count > 0) { Log("{0} previously trusted certificates were removed.", removed.Count); foreach (var old in removed) { store.Remove(old); Log("Certificate removed: {0}", old.SubjectName); } } Log("Import process completed."); return(new ImportResult(storeId, addedResult, removedResult)); }
static void ImportToStore(X509CertificateCollection roots, X509Store store) { X509CertificateCollection trusted = store.Certificates; int additions = 0; WriteLine("I already trust {0}, your new list has {1}", trusted.Count, roots.Count); foreach (X509Certificate root in roots) { if (!trusted.Contains(root)) { try { store.Import(root); WriteLine("Certificate added: {0}", root.SubjectName); additions++; } catch (Exception e) { WriteLine("Warning: Could not import {0}", root.SubjectName); WriteLine(e.ToString()); } } } if (additions > 0) { WriteLine("{0} new root certificates were added to your trust store.", additions); } X509CertificateCollection removed = new X509CertificateCollection(); foreach (X509Certificate trust in trusted) { if (!roots.Contains(trust)) { removed.Add(trust); } } if (removed.Count > 0) { WriteLine("{0} previously trusted certificates were removed.", removed.Count); foreach (X509Certificate old in removed) { store.Remove(old); WriteLine("Certificate removed: {0}", old.SubjectName); } } WriteLine("Import process completed."); }
static void Download(string url, X509Store store) { if (verbose) { Console.WriteLine("Downloading: {0}", url); } WebClient wc = new WebClient(); string error = "download"; try { byte [] data = wc.DownloadData(url); error = "decode"; X509Crl crl = new X509Crl(data); error = "import"; // warn if CRL is not current - but still allow it to be imported if (!crl.IsCurrent && verbose) { Console.WriteLine("WARNING: CRL is not current: {0}", url); } // only import the CRL if its signature is valid and coming from a trusted root if (VerifyCrl(crl)) { store.Import(crl); } else { Console.WriteLine("ERROR: could not validate CRL: {0}", url); } } catch (Exception e) { Console.WriteLine("ERROR: could not {0}: {1}", error, url); if (verbose) { Console.WriteLine(e); Console.WriteLine(); } } }
static int Process() { X509CertificateCollection roots = DecodeCollection(); if (roots == null) { return(1); } else if (roots.Count == 0) { WriteLine("No certificates were found."); return(0); } X509Stores stores; if (userStore) { stores = btlsStore ? X509StoreManager.NewCurrentUser : X509StoreManager.CurrentUser; } else { stores = btlsStore ? X509StoreManager.NewLocalMachine : X509StoreManager.LocalMachine; } X509Store store = stores.TrustedRoot; X509CertificateCollection trusted = store.Certificates; int additions = 0; WriteLine("I already trust {0}, your new list has {1}", trusted.Count, roots.Count); foreach (X509Certificate root in roots) { if (!trusted.Contains(root)) { try { store.Import(root); WriteLine("Certificate added: {0}", root.SubjectName); additions++; } catch (Exception e) { WriteLine("Warning: Could not import {0}", root.SubjectName); WriteLine(e.ToString()); } } } if (additions > 0) { WriteLine("{0} new root certificates were added to your trust store.", additions); } X509CertificateCollection removed = new X509CertificateCollection(); foreach (X509Certificate trust in trusted) { if (!roots.Contains(trust)) { removed.Add(trust); } } if (removed.Count > 0) { WriteLine("{0} previously trusted certificates were removed.", removed.Count); foreach (X509Certificate old in removed) { store.Remove(old); WriteLine("Certificate removed: {0}", old.SubjectName); } } WriteLine("Import process completed."); return(0); }
public static bool MySSLHandler(Syscert.X509Certificate certificate, int[] certificateErrors) { X509Store store = null; X509Stores stores = X509StoreManager.CurrentUser; String input; store = stores.TrustedRoot; //Import the details of the certificate from the server. X509Certificate x509 = null; X509CertificateCollection coll = new X509CertificateCollection(); byte[] data = certificate.GetRawCertData(); if (data != null) { x509 = new X509Certificate(data); } //List the details of the Server //check for ceritficate in store X509CertificateCollection check = store.Certificates; if (!check.Contains(x509)) { if (bindCount == 1) { Console.WriteLine(" \n\nCERTIFICATE DETAILS: \n"); Console.WriteLine(" {0}X.509 v{1} Certificate", (x509.IsSelfSigned ? "Self-signed " : String.Empty), x509.Version); Console.WriteLine(" Serial Number: {0}", CryptoConvert.ToHex(x509.SerialNumber)); Console.WriteLine(" Issuer Name: {0}", x509.IssuerName); Console.WriteLine(" Subject Name: {0}", x509.SubjectName); Console.WriteLine(" Valid From: {0}", x509.ValidFrom); Console.WriteLine(" Valid Until: {0}", x509.ValidUntil); Console.WriteLine(" Unique Hash: {0}", CryptoConvert.ToHex(x509.Hash)); Console.WriteLine(); } //Get the response from the Client do { Console.WriteLine("\nDo you want to proceed with the connection (y/n)?"); input = Console.ReadLine(); if (input == "y" || input == "Y") { bHowToProceed = true; } if (input == "n" || input == "N") { bHowToProceed = false; } } while (input != "y" && input != "Y" && input != "n" && input != "N"); } else { if (bHowToProceed == true) { //Add the certificate to the store. if (x509 != null) { coll.Add(x509); } store.Import(x509); if (bindCount == 1) { removeFlag = true; } } } if (bHowToProceed == false) { //Remove the certificate added from the store. if (removeFlag == true && bindCount > 1) { foreach (X509Certificate xt509 in store.Certificates) { if (CryptoConvert.ToHex(xt509.Hash) == CryptoConvert.ToHex(x509.Hash)) { store.Remove(x509); } } } Console.WriteLine("SSL Bind Failed."); } return(bHowToProceed); }
private string ServerCertValidate() { string errorMessage = String.Empty; X509Store store = WorkContext.IsMono ? X509StoreManager.CurrentUser.TrustedRoot : X509StoreManager.LocalMachine.TrustedRoot; try { var storage = StorageFactory.GetStorage("-1", "certs"); // Import the details of the certificate from the server. lock (rootSync) { X509Certificate x509 = null; if (certificate != null) { byte[] data = certificate.GetRawCertData(); if (data != null) { x509 = new X509Certificate(data); } else { errorMessage = "certificate.GetRawCertData is null"; log.Error(errorMessage); return(errorMessage); } // Check for ceritficate in store. if (!store.Certificates.Contains(x509)) { if (storage.IsFile("ldap/ldap.cer")) { var storageData = GetCertificateFromStorage(storage); var storageX509 = new X509Certificate(storageData); if (CompareHash(storageX509.Hash, x509.Hash)) { // Add the certificate to the store. store.Import(storageX509); store.Certificates.Add(storageX509); return(String.Empty); } } errorMessage = String.Format("LDAP TlsHandler. Certificate not found in certificate store. {0}.", x509.IssuerName); log.Error(errorMessage); return(errorMessage); } log.DebugFormat("LDAP TlsHandler. Certificate found in certificate store. {0}.", x509.IssuerName); } else { // for AD if (storage.IsFile("ldap/ldap.cer")) { var storageData = GetCertificateFromStorage(storage); var storageX509 = new X509Certificate(storageData); // Add the certificate to the store. store.Import(storageX509); store.Certificates.Add(storageX509); return(String.Empty); } else { errorMessage = "LDAP TlsHandler. Certificate not found in certificate store."; log.Error(errorMessage); return(errorMessage); } } } return(String.Empty); } catch (Exception ex) { errorMessage = String.Format("LDAP TlsHandler. Error: {0}. {1}.", ex.ToString(), ex.InnerException != null ? ex.InnerException.ToString() : string.Empty); log.Error(errorMessage); return(errorMessage); } }
static void Ssl(string host, bool machine, bool verbose) { if (verbose) { Console.WriteLine("Importing certificates from '{0}' into the {1} stores.", host, machine ? "machine" : "user"); } int n = 0; X509CertificateCollection coll = GetCertificatesFromSslSession(host); if (coll != null) { X509Store store = null; // start by the end (root) so we can stop adding them anytime afterward for (int i = coll.Count - 1; i >= 0; i--) { X509Certificate x509 = coll [i]; bool selfsign = false; bool failed = false; try { selfsign = x509.IsSelfSigned; } catch { // sadly it's hard to interpret old certificates with MD2 // without manually changing the machine.config file failed = true; } if (selfsign) { // this is a root store = GetStoreFromName(X509Stores.Names.TrustedRoot, machine); } else if (i == 0) { // server certificate isn't (generally) an intermediate CA store = GetStoreFromName(X509Stores.Names.OtherPeople, machine); } else { // all other certificates should be intermediate CA store = GetStoreFromName(X509Stores.Names.IntermediateCA, machine); } Console.WriteLine("{0}{1}X.509 Certificate v{2}", Environment.NewLine, selfsign ? "Self-signed " : String.Empty, x509.Version); Console.WriteLine(" Issued from: {0}", x509.IssuerName); Console.WriteLine(" Issued to: {0}", x509.SubjectName); Console.WriteLine(" Valid from: {0}", x509.ValidFrom); Console.WriteLine(" Valid until: {0}", x509.ValidUntil); if (!x509.IsCurrent) { Console.WriteLine(" *** WARNING: Certificate isn't current ***"); } if ((i > 0) && !selfsign) { X509Certificate signer = coll [i - 1]; bool signed = false; try { if (signer.RSA != null) { signed = x509.VerifySignature(signer.RSA); } else if (signer.DSA != null) { signed = x509.VerifySignature(signer.DSA); } else { Console.WriteLine(" *** WARNING: Couldn't not find who signed this certificate ***"); signed = true; // skip next warning } if (!signed) { Console.WriteLine(" *** WARNING: Certificate signature is INVALID ***"); } } catch { failed = true; } } if (failed) { Console.WriteLine(" *** ERROR: Couldn't decode certificate properly ***"); Console.WriteLine(" *** try 'man certmgr' for additional help or report to bugzilla.novell.com ***"); break; } if (store.Certificates.Contains(x509)) { Console.WriteLine("This certificate is already in the {0} store.", store.Name); } else { Console.Write("Import this certificate into the {0} store ?", store.Name); string answer = Console.ReadLine().ToUpper(); if ((answer == "YES") || (answer == "Y")) { store.Import(x509); n++; } else { if (verbose) { Console.WriteLine("Certificate not imported into store {0}.", store.Name); } break; } } } } Console.WriteLine(); if (n == 0) { Console.WriteLine("No certificate were added to the stores."); } else { Console.WriteLine("{0} certificate{1} added to the stores.", n, (n == 1) ? String.Empty : "s"); } }
private string ServerCertValidate() { string errorMessage = String.Empty; X509Store store = WorkContext.IsMono ? X509StoreManager.CurrentUser.TrustedRoot : X509StoreManager.LocalMachine.TrustedRoot; var storage = StorageFactory.GetStorage("-1", "certs"); try { CoreContext.TenantManager.SetCurrentTenant(currentTenantID); // Import the details of the certificate from the server. lock (rootSync) { var certificate = cache.Get <Syscert.X509Certificate>("ldapCertificate"); if (certificate != null) { byte[] data = certificate.GetRawCertData(); var x509 = new X509Certificate(data); // Check for ceritficate in store. if (!store.Certificates.Contains(x509)) { if (storage.IsFile("ldap/ldap.cer")) { var storageData = GetCertificateFromStorage(storage); var storageX509 = new X509Certificate(storageData); if (CompareHash(storageX509.Hash, x509.Hash)) { // Add the certificate to the store. store.Import(storageX509); store.Certificates.Add(storageX509); return(String.Empty); } } if (certificateConfirmRequest.Approved) { AddCertificateToStorage(storage, x509); // Add the certificate to the store. store.Import(x509); store.Certificates.Add(x509); return(String.Empty); } if (!certificateConfirmRequest.Requested) { certificateConfirmRequest.SerialNumber = CryptoConvert.ToHex(x509.SerialNumber); certificateConfirmRequest.IssuerName = x509.IssuerName; certificateConfirmRequest.SubjectName = x509.SubjectName; certificateConfirmRequest.ValidFrom = x509.ValidFrom; certificateConfirmRequest.ValidUntil = x509.ValidUntil; certificateConfirmRequest.Hash = CryptoConvert.ToHex(x509.Hash); var certificateErrors = cache.Get <int[]>("ldapCertificateErrors"); certificateConfirmRequest.CertificateErrors = certificateErrors.ToArray(); certificateConfirmRequest.Requested = true; } } } else { // for AD if (storage.IsFile("ldap/ldap.cer")) { var storageData = GetCertificateFromStorage(storage); var storageX509 = new X509Certificate(storageData); // Add the certificate to the store. store.Import(storageX509); store.Certificates.Add(storageX509); return(String.Empty); } else { errorMessage = "LDAP TlsHandler. Certificate not found in certificate store."; log.Error(errorMessage); return(errorMessage); } } } } catch (Exception ex) { errorMessage = String.Format("LDAP TlsHandler error: {0}. {1}. store path = {2}", ex.ToString(), ex.InnerException != null ? ex.InnerException.ToString() : string.Empty, store.Name); log.ErrorFormat(errorMessage); } return(errorMessage); }