public async Task<X509Certificate2Collection> GetCertificates() { X509Certificate2Collection collection = new X509Certificate2Collection(); CertificateStoreIdentifier id = new CertificateStoreIdentifier(); id.StoreType = this.StoreType; id.StorePath = this.StorePath; if (!String.IsNullOrEmpty(id.StorePath)) { try { ICertificateStore store = id.OpenStore(); try { collection = await store.Enumerate(); } finally { store.Close(); } } catch (Exception) { Utils.Trace("Could not load certificates from store: {0}.", this.StorePath); } } foreach (CertificateIdentifier trustedCertificate in TrustedCertificates) { X509Certificate2 certificate = await trustedCertificate.Find(); if (certificate != null) { collection.Add(certificate); } } return collection; }
/// <summary> /// Returns the certificate information for a trusted issuer certificate. /// </summary> private CertificateIdentifier GetIssuer( X509Certificate2 certificate, CertificateIdentifierCollection explicitList, CertificateStoreIdentifier certificateStore, bool checkRecovationStatus) { string subjectName = certificate.IssuerName.Name; string keyId = null; string serialNumber = null; // find the authority key identifier. X509AuthorityKeyIdentifierExtension authority = FindAuthorityKeyIdentifier(certificate); if (authority != null) { keyId = authority.KeyId; serialNumber = authority.SerialNumber; } // check in explicit list. if (explicitList != null) { for (int ii = 0; ii < explicitList.Count; ii++) { X509Certificate2 issuer = explicitList[ii].Find(false); if (issuer != null) { if (!IsIssuerAllowed(issuer)) { continue; } if (Match(issuer, subjectName, serialNumber, keyId)) { // can't check revocation. return new CertificateIdentifier(issuer, CertificateValidationOptions.SuppressRevocationStatusUnknown); } } } } // check in certificate store. if (certificateStore != null) { ICertificateStore store = certificateStore.OpenStore(); try { X509Certificate2Collection certificates = store.Enumerate(); for (int ii = 0; ii < certificates.Count; ii++) { X509Certificate2 issuer = certificates[ii]; if (issuer != null) { if (!IsIssuerAllowed(issuer)) { continue; } if (Match(issuer, subjectName, serialNumber, keyId)) { CertificateValidationOptions options = certificateStore.ValidationOptions; // already checked revocation for file based stores. windows based stores always suppress. options |= CertificateValidationOptions.SuppressRevocationStatusUnknown; if (checkRecovationStatus) { StatusCode status = store.IsRevoked(issuer, certificate); if (StatusCode.IsBad(status)) { if (status != StatusCodes.BadNotSupported && status != StatusCodes.BadCertificateRevocationUnknown) { throw new ServiceResultException(status); } } } return new CertificateIdentifier(certificates[ii], options); } } } } finally { store.Close(); } } // not a trusted issuer. return null; }
/// <summary> /// Adds an application certificate to a store. /// </summary> private static void AddApplicationCertificateToStore( CertificateStoreIdentifier csid, X509Certificate2 certificate, string oldThumbprint) { ICertificateStore store = csid.OpenStore(); try { // delete the old certificate. if (oldThumbprint != null) { store.Delete(oldThumbprint); } // delete certificates with the same application uri. if (store.FindByThumbprint(certificate.Thumbprint) == null) { string applicationUri = Utils.GetApplicationUriFromCertficate(certificate); // delete any existing certificates. foreach (X509Certificate2 target in store.Enumerate()) { if (Utils.CompareDistinguishedName(target.Subject, certificate.Subject)) { if (Utils.GetApplicationUriFromCertficate(target) == applicationUri) { store.Delete(target.Thumbprint); } } } // add new certificate. store.Add(new X509Certificate2(certificate.RawData)); } } finally { store.Close(); } }
/// <summary> /// Adds an application certificate to a store. /// </summary> private static void AddIssuerCertificatesToStore(CertificateStoreIdentifier csid, IList<X509Certificate2> issuers) { ICertificateStore store = csid.OpenStore(); try { foreach (X509Certificate2 issuer in issuers) { if (store.FindByThumbprint(issuer.Thumbprint) == null) { store.Add(issuer); } } } finally { store.Close(); } }
/// <summary> /// Returns the certificate information for a trusted issuer certificate. /// </summary> private async Task <CertificateIdentifier> GetIssuer( X509Certificate2 certificate, CertificateIdentifierCollection explicitList, CertificateStoreIdentifier certificateStore, bool checkRecovationStatus) { string subjectName = certificate.IssuerName.Name; string keyId = null; string serialNumber = null; // find the authority key identifier. X509AuthorityKeyIdentifierExtension authority = FindAuthorityKeyIdentifier(certificate); if (authority != null) { keyId = authority.KeyId; serialNumber = authority.SerialNumber; } // check in explicit list. if (explicitList != null) { for (int ii = 0; ii < explicitList.Count; ii++) { X509Certificate2 issuer = await explicitList[ii].Find(false); if (issuer != null) { if (!IsIssuerAllowed(issuer)) { continue; } if (Match(issuer, subjectName, serialNumber, keyId)) { // can't check revocation. return(new CertificateIdentifier(issuer, CertificateValidationOptions.SuppressRevocationStatusUnknown)); } } } } // check in certificate store. if (certificateStore != null) { ICertificateStore store = certificateStore.OpenStore(); try { X509Certificate2Collection certificates = await store.Enumerate(); for (int ii = 0; ii < certificates.Count; ii++) { X509Certificate2 issuer = certificates[ii]; if (issuer != null) { if (!IsIssuerAllowed(issuer)) { continue; } if (Match(issuer, subjectName, serialNumber, keyId)) { CertificateValidationOptions options = certificateStore.ValidationOptions; // already checked revocation for file based stores. windows based stores always suppress. options |= CertificateValidationOptions.SuppressRevocationStatusUnknown; if (checkRecovationStatus) { StatusCode status = store.IsRevoked(issuer, certificate); if (StatusCode.IsBad(status)) { if (status != StatusCodes.BadNotSupported && status != StatusCodes.BadCertificateRevocationUnknown) { throw new ServiceResultException(status); } } } return(new CertificateIdentifier(certificates[ii], options)); } } } } finally { store.Close(); } } // not a trusted issuer. return(null); }