public void SubTest() { X509Certificate2 x509 = new X509Certificate2(@"C:\Users\bxu.CHINA\Desktop\HYD-801\1234\cert\ABCFR_ABCFRALMMACC1.crt"); //X509Certificate2 x509 = new X509Certificate2(@"..\..\..\ApacheQpidClient\certificates\LiquidCapital\LCMLO_ABCFRALMMACC1.crt"); byte[] rawdata = x509.RawData; Console.WriteLine("Content Type: {0}{1}", X509Certificate2.GetCertContentType(rawdata), Environment.NewLine); Console.WriteLine("Friendly Name: {0}{1}", x509.FriendlyName, Environment.NewLine); Console.WriteLine("Certificate Verified?: {0}{1}", x509.Verify(), Environment.NewLine); Console.WriteLine("Simple Name: {0}{1}", x509.GetNameInfo(X509NameType.SimpleName, true), Environment.NewLine); Console.WriteLine("Signature Algorithm: {0}{1}", x509.SignatureAlgorithm.FriendlyName, Environment.NewLine); // Console.WriteLine("Private Key: {0}{1}", x509.PrivateKey.ToXmlString(false), Environment.NewLine); // cer里面并没有私钥信息 Console.WriteLine("Public Key: {0}{1}", x509.PublicKey.Key.ToXmlString(false), Environment.NewLine); Console.WriteLine("Certificate Archived?: {0}{1}", x509.Archived, Environment.NewLine); Console.WriteLine("Length of Raw Data: {0}{1}", x509.RawData.Length, Environment.NewLine); Console.WriteLine("SubjectName: {0}{1}", x509.SubjectName, Environment.NewLine); Console.WriteLine("Subject: {0}{1}", x509.Subject, Environment.NewLine); }
internal static bool IsValid(string filePath, string certPassword) { Logger.EnteringMethod(); System.Security.Cryptography.X509Certificates.X509Certificate2 certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(filePath, certPassword); return(certificate.Verify()); }
/// <summary> /// Check if a .NET assembly can be loaded and has a valid certificate /// </summary> /// <param name="assemblyPath">Path of the assembly file</param> /// <returns></returns> public static bool CheckAssemblyForValidCertificate(string assemblyPath) { //Verify the assembly exists if (!File.Exists(assemblyPath)) { throw new Exception(String.Format( "A dll file was not found at {0}. No certificate was able to be verified.", assemblyPath)); } //Verify that you can load the assembly into a Reflection only context Assembly asm; try { asm = Assembly.ReflectionOnlyLoadFrom(assemblyPath); } catch { throw new Exception(String.Format( "A dll file found at {0} could not be loaded.", assemblyPath)); } //Verify the node library has a verified signed certificate X509Certificate cert; try { cert = X509Certificate.CreateFromSignedFile(assemblyPath); } catch { throw new Exception(String.Format( "A dll file found at {0} did not have a certificate attached.", assemblyPath)); } if (cert != null) { var cert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(cert); if (cert2.Verify()) { return(true); } } throw new Exception(String.Format( "A dll file found at {0} did not have a signed certificate.", assemblyPath)); }
static int Test (string site) { #if NET_2_0 string certFile = Path.Combine (AppDomain.CurrentDomain.BaseDirectory, "www.microsoft.com.crt"); SSCX.X509Certificate2 cer = new SSCX.X509Certificate2 (certFile); Assert.IsTrue (cer.Verify (), "#1"); SSCX.X509Chain chain = new SSCX.X509Chain (); Assert.IsTrue (chain.Build (cer), "#2"); #endif HttpWebRequest request = (HttpWebRequest) WebRequest.Create (site); request.Method = "GET"; try { HttpWebResponse response = (HttpWebResponse) request.GetResponse (); using (StreamReader sr = new StreamReader (response.GetResponseStream (), Encoding.UTF8, true)) { string result = sr.ReadToEnd (); if (result.IndexOf ("<title>Microsoft Corporation</title>") == -1) { Console.WriteLine (result); return 1; } } response.Close (); } catch (WebException ex) { if (ex.Response != null) { StreamReader sr = new StreamReader (ex.Response.GetResponseStream ()); Console.WriteLine (sr.ReadToEnd ()); } else { Console.WriteLine (ex.ToString ()); } return 2; } return 0; }
private void VerifyCertificate(Domain domain) { try { _Certificate = HttpGet.GetCertificate(domain.Server); BtnCertificateStatus.Cursor = Cursors.Hand; if (_Certificate.Verify() == true) { _CertificateStatus = Resources.CertificateStatusValid; BtnCertificateStatus.BackgroundImage = Resources.certificate_valid; } else { throw new Exception(Resources.CertificateStatusInvalid); } } catch (Exception ex) { _CertificateStatus = ex.Message; BtnCertificateStatus.BackgroundImage = Resources.certificate_invalid; } }
/// <summary> /// Gets the certificate corresponding to the specified URL from the cache of certificates. If the cache doesn't contain the certificate, it is downloaded and verified. /// </summary> /// <param name="certUrl">The URL pointing to the certificate.</param> /// <returns>An <see cref="System.Security.Cryptography.X509Certificates.X509Certificate2"/> object containing the details of the certificate.</returns> /// <exception cref="PayPal.PayPalException">Thrown if the downloaded certificate cannot be verified.</exception> public X509Certificate2Collection GetCertificatesFromUrl(string certUrl) { // If we haven't already cached this URL, then download, verify, and cache it. if(!certificates.ContainsKey(certUrl)) { // Download the certificate. string certData; using (var webClient = new WebClient()) { certData = webClient.DownloadString(certUrl); } // Load all the certificates. // NOTE: The X509Certificate2Collection.Import() method only // imports the first certifcate, even if a stream contains // multiple certificates. For this reason, we'll load the // certificates one-by-one, verifying as we go. var results = certData.Split(new string[] { "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----" }, StringSplitOptions.RemoveEmptyEntries); var collection = new X509Certificate2Collection(); foreach (var result in results) { var trimmed = result.Trim(); if (!string.IsNullOrEmpty(trimmed)) { var certificate = new X509Certificate2(System.Text.Encoding.UTF8.GetBytes(trimmed)); // Verify the certificate before adding it to the collection. if(certificate.Verify()) { collection.Add(certificate); } else { throw new PayPalException("Unable to verify the certificate(s) found at " + certUrl); } } } certificates[certUrl] = collection; } return certificates[certUrl]; }
/// <summary> /// Generate a random init value. /// </summary> /// <param name="internetSource">Use random.org for random source</param> /// <returns>Byte array IV</returns> private byte[] generateValidIV(bool internetSource) { byte[] result = new byte[16]; if (!internetSource) { RandomNumberGenerator rng = new RNGCryptoServiceProvider(); rng.GetBytes(result); } else { if (checkRandomORGQuota()) { HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://www.random.org/integers/?num=16&min=0&max=255&col=1&base=10&format=plain&rnd=new"); HttpWebResponse response = (HttpWebResponse)request.GetResponse(); Stream receiveStream = response.GetResponseStream(); Encoding encode = System.Text.Encoding.GetEncoding("utf-8"); StreamReader readStream = new StreamReader(receiveStream, encode); string[] randomNumbers = (readStream.ReadToEnd()).Trim().Split('\n'); for (int i = 0; i < 16; i++) { result[i] = Convert.ToByte(randomNumbers[i]); } response.Close(); X509Certificate cert = request.ServicePoint.Certificate; X509Certificate2 cert2 = new X509Certificate2(cert); if (isConsole) { util.writeFullWidth("Random.org Certificate Information:", ConsoleColor.White, ConsoleColor.DarkBlue); Console.WriteLine("\n" + cert2.SubjectName.Decode(X500DistinguishedNameFlags.UseNewLines) + "\n"); } if (cert2.Verify()) { if (isConsole) Console.WriteLine("OK!"); } else throw new Exception("Certificate Chain Cannot Be Verified!"); } else throw new Exception("Exceeded Random.Org Quota"); } return result; }
private static X509Certificate2 LoadCertificate(string certificateType, string certifcateLocation, string certKeyPassword) { try { if (certificateType == "file") { X509Certificate2 serverCertificate = new X509Certificate2(certifcateLocation, certKeyPassword); //DisplayCertificateChain(m_serverCertificate); bool verifyCert = serverCertificate.Verify(); logger.Debug("Server Certificate loaded from file, Subject=" + serverCertificate.Subject + ", valid=" + verifyCert + "."); return serverCertificate; } else { StoreLocation store = (certificateType == "machinestore") ? StoreLocation.LocalMachine : StoreLocation.CurrentUser; return AppState.LoadCertificate(store, certifcateLocation, true); } } catch (Exception excp) { logger.Error("Exception LoadCertificate. " + excp.Message); return null; } }
public bool IsAuthenticated(HttpClientCertificate httpClientCertificate) { var certificate = new X509Certificate2(httpClientCertificate.Certificate); return !certificate.Archived && certificate.Verify(); }
private bool VerifyInAllStores(X509Certificate2 certificate2) { try { X509Chain chain = new X509Chain(true); return chain.Build(certificate2) || certificate2.Verify(); } catch (CryptographicException) { return false; } }
internal static CertificateStatusResult GetCertificateStatus(string certFilePath, bool ignoreCertificateErrors) { CertificateStatusResult result = new CertificateStatusResult(); System.Security.Cryptography.X509Certificates.X509Certificate2 certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certFilePath); DateTime expirationDate = certificate.NotAfter; DateTime effectiveDate = certificate.NotBefore; Logger.Write("EffectiveDate : " + effectiveDate.ToString() + " / ExpirationDate : " + expirationDate.ToString()); bool valid = certificate.Verify(); result.ExpirationDate = expirationDate; System.IO.File.Delete(certFilePath); if (!valid) { if (DateTime.Compare(DateTime.Now, expirationDate) == 1) { Logger.Write("Expired ! "); if (ignoreCertificateErrors) { Logger.Write("Will ignore Code-Signing Certificate Errors !!!"); result.Status = CertificateStatus.Valid; return(result); } else { result.Status = CertificateStatus.Expired; return(result); } } if (DateTime.Compare(DateTime.Now, effectiveDate) == -1) { Logger.Write("Not Yet Valid ! "); if (ignoreCertificateErrors) { Logger.Write("Will ignore Code-Signing Certificate Errors !!!"); result.Status = CertificateStatus.Valid; return(result); } else { result.Status = CertificateStatus.NotYetValid; return(result); } } Logger.Write("Invalid !"); if (ignoreCertificateErrors) { Logger.Write("Will ignore Code-Signing Certificate Errors !!!"); result.Status = CertificateStatus.Valid; return(result); } else { result.Status = CertificateStatus.Invalid; return(result); } } if (expirationDate.Subtract(DateTime.Now).Days < 30) { Logger.Write("Near Expiration"); result.Status = CertificateStatus.NearExpiration; return(result); } Logger.Write("Valid"); result.Status = CertificateStatus.Valid; return(result); }
static void Main(string[] args) { Console.Error.WriteLine("ShowAdCerts v1.0, (c) 2012 Zetetic LLC"); if (args.Length == 1 && args[0].EndsWith("?")) { Console.Error.WriteLine(@"Switches (all are optional): -h host or domain name (default = default logon server) -f ldap filter (default = userCertificate=* ) -b search base (default = domain root NC ) -v (turn on cert validation of non-expired certs ) -r (dump raw cert data ) "); System.Environment.ExitCode = 1; return; } string searchbase = null, filter = "(&(userCertificate=*))", host = ""; bool validate = false, raw = false; try { for (int i = 0; i < args.Length; i++) { switch (args[i]) { case "-h": host = args[++i]; break; case "-r": raw = true; break; case "-f": filter = args[++i]; switch (filter.ToLowerInvariant()) { case "computer": filter = "(&(userCertificate=*)(objectCategory=computer))"; break; case "user": case "person": filter = "(&(userCertificate=*)(objectCategory=person))"; break; } break; case "-b": searchbase = args[++i]; break; case "-v": validate = true; break; default: Console.Error.WriteLine("Unknown argument {0}", args[i]); break; } } using (var conn = new LdapConnection(host)) { conn.SessionOptions.ProtocolVersion = 3; if (string.IsNullOrEmpty(searchbase)) { var e = ((SearchResponse)conn.SendRequest(new SearchRequest( "", "(&(objectClass=*))", SearchScope.Base, "defaultNamingContext"))).Entries[0]; searchbase = e.Attributes["defaultNamingContext"][0].ToString(); } var srch = new SearchRequest(searchbase, filter, SearchScope.Subtree, "userCertificate"); var pager = new PageResultRequestControl(); srch.Controls.Add(pager); int count = 0; while (true) { var resp = (SearchResponse)conn.SendRequest(srch); foreach (SearchResultEntry se in resp.Entries) { if (!se.Attributes.Contains("userCertificate")) { continue; } Console.WriteLine("# {0}", ++count); Console.WriteLine("dn: {0}", se.DistinguishedName); foreach (var o in se.Attributes["userCertificate"].GetValues(typeof(byte[]))) { byte[] bytes = (byte[])o; try { X509Certificate2 cert = new X509Certificate2(bytes); Console.WriteLine("subject: {0}", string.IsNullOrEmpty(cert.Subject) ? cert.SubjectName.Name : cert.Subject); Console.WriteLine("issuer: {0}", cert.Issuer); Console.WriteLine("thumbprint: {0}", cert.Thumbprint); Console.WriteLine("serial: {0}", cert.SerialNumber); var estr = cert.GetExpirationDateString(); var expired = false; if (!string.IsNullOrEmpty(estr)) { Console.WriteLine("exp: {0}", estr); DateTime dt; if (DateTime.TryParse(estr, out dt) && dt < DateTime.Now) { Console.WriteLine("expired: TRUE"); expired = true; } } if (validate && !expired) { Console.WriteLine("valid: {0}", cert.Verify().ToString().ToUpperInvariant()); } } catch (Exception e) { Console.WriteLine("exception: {0}, {1}", e.GetType(), e.Message); } if (raw) { var s = Convert.ToBase64String(bytes); Console.WriteLine("-----BEGIN CERTIFICATE-----"); for (int i = 0; i < s.Length; i += 78) { Console.WriteLine(s.Substring(i, Math.Min(78, s.Length - i))); } Console.WriteLine("-----END CERTIFICATE-----"); } Console.WriteLine("-"); } Console.WriteLine(""); } var rc = resp.Controls.SingleOrDefault(t => t is PageResultResponseControl) as PageResultResponseControl; if (rc == null || rc.Cookie == null || rc.Cookie.Length == 0) break; pager.Cookie = rc.Cookie; } } } catch (Exception e) { Console.Error.WriteLine("Error type = {0}, message = {1}, stack = {2}", e.GetType(), e.Message, e.StackTrace); System.Environment.ExitCode = 2; } }
/// <summary> /// Read CA private key file from .key or pfx file /// Read data from certificate request file .csr /// Generate signed certificate request file .cer /// </summary> /// <param name="signedCERFile"></param> /// <param name="privateKeyFile"></param> /// <param name="v"></param> /// <param name="password"></param> private async void GenerateCerFile(string certRequestFile, string privateKeyFile, string generateSignedCertificateFile, string password, string friendlyName, DateTime startDate, DateTime endDate) { #region LoadCertificate // read public & private key from file AsymmetricKeyParameter privateKey = null; AsymmetricKeyParameter publicKey = null; System.Security.Cryptography.X509Certificates.X509Certificate2 issuerCertificate = null; Org.BouncyCastle.X509.X509Certificate issuerCertificateX509 = null; // Ovo NE radi //issuerCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2( // privateKeyFile, // password // ); // Ovo RADI issuerCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2( privateKeyFile, password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable ); // This doesn't work for selfsign certificate //bool isOK = issuerCertificate.Verify(); bool isHasPrivateKey = issuerCertificate.HasPrivateKey; DateTime noAfter = issuerCertificate.NotAfter; DateTime noBefore = issuerCertificate.NotBefore; X509ExtensionCollection x509extensions = issuerCertificate.Extensions; int errorNum = 0; X509CertificateParser parser = new X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate bouncyCertificate = parser.ReadCertificate(issuerCertificate.RawData); BasicConstraints basicConstraints = null; bool isCa = false; Asn1OctetString str = bouncyCertificate.GetExtensionValue(new DerObjectIdentifier("2.5.29.19")); if (str != null) { basicConstraints = BasicConstraints.GetInstance( X509ExtensionUtilities.FromExtensionValue(str)); if (basicConstraints != null) { isCa = basicConstraints.IsCA(); } } if (!isCa) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "Loaded CA file: " + privateKeyFile + " IS NOT CA authority certificate file!" + "\n"; tbOutputMessageBox.Foreground = bckForeground; } // This doesn't work for selfsign certificate //if (!isOK) //{ // errorNum++; // Brush bckForeground = tbOutputMessageBox.Foreground; // tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); // tbOutputMessageBox.Text += "File with CA certificate NOT valid." + "\n"; // tbOutputMessageBox.Foreground = bckForeground; //} if (!isHasPrivateKey) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "File with CA certificate DOES NOT have a private key." + "\n"; tbOutputMessageBox.Foreground = bckForeground; } if (noBefore > startDate) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "File with CA certificate start date: " + startDate.ToLocalTime() + " DOES NOT valid value. Certificate start date is: " + noBefore.ToLocalTime() + "\n"; tbOutputMessageBox.Foreground = bckForeground; } if (noAfter < endDate) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "File with CA certificate end date: " + endDate.ToLocalTime() + " DOES NOT valid value. Certificate end date is: " + noAfter.ToLocalTime() + "\n"; tbOutputMessageBox.Foreground = bckForeground; } if (errorNum > 0) { Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "File with CA certificate has error!!!" + "\n"; tbOutputMessageBox.Foreground = bckForeground; return; } bool isOk = issuerCertificate.Verify(); AsymmetricCipherKeyPair issuerKeyPairTmp = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey); privateKey = issuerKeyPairTmp.Private; publicKey = issuerKeyPairTmp.Public; issuerCertificateX509 = new Org.BouncyCastle.X509.X509CertificateParser().ReadCertificate(issuerCertificate.GetRawCertData()); issuerCertificateX509.Verify(publicKey); Org.BouncyCastle.X509.X509Certificate x509 = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(issuerCertificate); x509.Verify(publicKey); x509.CheckValidity(startDate); #endregion // Read certificate request .csr file Pkcs10CertificationRequest cerRequest = null; try { String input_data = File.ReadAllText(certRequestFile); StringReader sr = new StringReader(input_data); PemReader pr = new PemReader(sr); cerRequest = (Pkcs10CertificationRequest)pr.ReadObject(); tbOutputMessageBox.Text += "Verify file with certificate request : " + certRequestFile + "\n"; bool requestIsOK = cerRequest.Verify(); if (requestIsOK) { tbOutputMessageBox.Text += "File with certificate request : " + certRequestFile + " is OK." + "\n"; } else { tbOutputMessageBox.Text += "File with certificate request : " + certRequestFile + " NOT valid." + "\n"; return; } } catch (Exception ex) { var metroWindow = (Application.Current.MainWindow as MetroWindow); await metroWindow.ShowMessageAsync("Info Warning", "ERROR reading certificate request file (.csr)" + "\n" + "Error: " + ex.Source + " " + ex.Message, MessageDialogStyle.Affirmative); return; } Org.BouncyCastle.X509.X509Certificate genCert = GenerateSignedCertificate( cerRequest, x509, issuerKeyPairTmp, startDate, endDate); try { File.WriteAllBytes(System.IO.Path.ChangeExtension(generateSignedCertificateFile, ".cer"), genCert.GetEncoded()); tbOutputMessageBox.Text += "Certificate file: " + generateSignedCertificateFile + " sucessfully saved." + "\n"; signedRequestFileNamePath = generateSignedCertificateFile; btnContinue.IsEnabled = true; } catch (Exception) { tbOutputMessageBox.Text += "Certificate file sucessfully generated." + "\n"; } #region Public Key //try //{ // var store = new Pkcs12Store(); // string friendlyName1 = issuerCertificateX509.SubjectDN.ToString(); // var certificateEntry = new X509CertificateEntry(issuerCertificateX509); // store.SetCertificateEntry(friendlyName1, certificateEntry); // store.SetKeyEntry(friendlyName1, new AsymmetricKeyEntry(privateKey), new[] { certificateEntry }); // var stream = new MemoryStream(); // var random1 = GetSecureRandom(); // store.Save(stream, "password".ToCharArray(), random1); // //Verify that the certificate is valid. // var convertedCertificate = new X509Certificate2(stream.ToArray(), "password", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); // //Write the file. // File.WriteAllBytes(generateSignedCertificateFile, stream.ToArray()); // File.WriteAllBytes(System.IO.Path.ChangeExtension(generateSignedCertificateFile, ".cer"), genCert.GetEncoded()); // //using (TextWriter tw = new StreamWriter(outputPublicKeyName)) // //{ // // PemWriter pw = new PemWriter(tw); // // pw.WriteObject(subjectKeyPair.Public); // // tw.Flush(); // //} // tbOutputMessageBox.Text += "File with private key: " + generateSignedCertificateFile + " sucessfully generated." + "\n"; //} //catch (Exception ex) //{ // var metroWindow = (Application.Current.MainWindow as MetroWindow); // await metroWindow.ShowMessageAsync("Info Warning", // "ERROR creating certificate private key file (.key)" + "\n" + // "Error: " + ex.Source + " " + ex.Message, // MessageDialogStyle.Affirmative); // return; //} //StringBuilder publicKeyStrBuilder = new StringBuilder(); //PemWriter publicKeyPemWriter = new PemWriter(new StringWriter(publicKeyStrBuilder)); //publicKeyPemWriter.WriteObject(genCert.GetPublicKey()); //publicKeyPemWriter.Writer.Flush(); //string publicKey = publicKeyStrBuilder.ToString(); //try //{ // using (TextWriter tw = new StreamWriter(generateSignedCertificateFile)) // { // PemWriter pw = new PemWriter(tw); // pw.WriteObject(genCert.GetPublicKey()); // tw.Flush(); // } // tbOutputMessageBox.Text += "File with private key: " + generateSignedCertificateFile + " sucessfully generated." + "\n"; //} //catch (Exception ex) //{ // var metroWindow = (Application.Current.MainWindow as MetroWindow); // await metroWindow.ShowMessageAsync("Info Warning", // "ERROR creating certificate private key file (.key)" + "\n" + // "Error: " + ex.Source + " " + ex.Message, // MessageDialogStyle.Affirmative); // return; //} #endregion Public Key }
private void OutputCertificate(X509Certificate2 x509Certificate) { System.Diagnostics.Debug.WriteLine(""); System.Diagnostics.Debug.WriteLine("Certificate Data: ******************************************************************"); System.Diagnostics.Debug.WriteLine(""); System.Diagnostics.Debug.WriteLine("Basic Certificate Information"); //System.Diagnostics.Debug.WriteLine("\t Content Type: " + X509Certificate2.GetCertContentType(x509Certificate.RawData)); System.Diagnostics.Debug.WriteLine("\t Format: " + x509Certificate.GetFormat()); System.Diagnostics.Debug.WriteLine("\t Version: " + x509Certificate.Version.ToString()); System.Diagnostics.Debug.WriteLine("\t Hash String: " + x509Certificate.GetCertHashString()); System.Diagnostics.Debug.WriteLine("\t Issuer Name: " + x509Certificate.IssuerName.Name); System.Diagnostics.Debug.WriteLine("\t Issuer Name OID: " + x509Certificate.IssuerName.Oid.Value); System.Diagnostics.Debug.WriteLine("\t Subject Name: " + x509Certificate.SubjectName.Name); System.Diagnostics.Debug.WriteLine("\t Serial Number: " + x509Certificate.GetSerialNumberString()); System.Diagnostics.Debug.WriteLine("\t Thumb Print: " + x509Certificate.Thumbprint); System.Diagnostics.Debug.WriteLine("\t Friendly Name: " + x509Certificate.FriendlyName); System.Diagnostics.Debug.WriteLine("\t Signature Algorithm: " + x509Certificate.SignatureAlgorithm.FriendlyName); if (null != x509Certificate.PrivateKey) System.Diagnostics.Debug.WriteLine("\t Signature Key Exchange Algorithm: " + x509Certificate.PrivateKey.KeyExchangeAlgorithm); else System.Diagnostics.Debug.WriteLine("\t Signature Key Exchange Algorithm: "); System.Diagnostics.Debug.WriteLine("\t Key Algorithm Parameters: " + x509Certificate.GetKeyAlgorithmParametersString()); System.Diagnostics.Debug.WriteLine("\t Not Valid Before: " + x509Certificate.NotBefore.ToString()); System.Diagnostics.Debug.WriteLine("\t Not Valid After: " + x509Certificate.NotAfter.ToString()); System.Diagnostics.Debug.WriteLine("\t Can Be Verified: " + x509Certificate.Verify()); System.Diagnostics.Debug.WriteLine("\t Is Archived: " + x509Certificate.Archived); System.Diagnostics.Debug.WriteLine(""); System.Diagnostics.Debug.WriteLine("X509 Name Elements"); System.Diagnostics.Debug.WriteLine("\t X509 Simple Name: " + x509Certificate.GetNameInfo(X509NameType.SimpleName, false)); System.Diagnostics.Debug.WriteLine("\t X509 DNS From Alternative Name: " + x509Certificate.GetNameInfo(X509NameType.DnsFromAlternativeName, false)); System.Diagnostics.Debug.WriteLine("\t X509 DNS Name: " + x509Certificate.GetNameInfo(X509NameType.DnsName, false)); System.Diagnostics.Debug.WriteLine("\t X509 Email Name: " + x509Certificate.GetNameInfo(X509NameType.EmailName, false)); System.Diagnostics.Debug.WriteLine("\t X509 UPN Name: " + x509Certificate.GetNameInfo(X509NameType.UpnName, false)); System.Diagnostics.Debug.WriteLine("\t X509 URL Name: " + x509Certificate.GetNameInfo(X509NameType.UrlName, false)); System.Diagnostics.Debug.WriteLine(""); System.Diagnostics.Debug.WriteLine("X509 Name Elements for Issuer"); System.Diagnostics.Debug.WriteLine("\t X509 Simple Name: " + x509Certificate.GetNameInfo(X509NameType.SimpleName, true)); System.Diagnostics.Debug.WriteLine("\t X509 DNS From Alternative Name: " + x509Certificate.GetNameInfo(X509NameType.DnsFromAlternativeName, true)); System.Diagnostics.Debug.WriteLine("\t X509 DNS Name: " + x509Certificate.GetNameInfo(X509NameType.DnsName, true)); System.Diagnostics.Debug.WriteLine("\t X509 Email Name: " + x509Certificate.GetNameInfo(X509NameType.EmailName, true)); System.Diagnostics.Debug.WriteLine("\t X509 UPN Name: " + x509Certificate.GetNameInfo(X509NameType.UpnName, true)); System.Diagnostics.Debug.WriteLine("\t X509 URL Name: " + x509Certificate.GetNameInfo(X509NameType.UrlName, true)); System.Diagnostics.Debug.WriteLine(""); System.Diagnostics.Debug.WriteLine("Keys"); System.Diagnostics.Debug.WriteLine("\t Public Key: " + x509Certificate.PublicKey.Key.ToXmlString(false)); if (null != x509Certificate.PrivateKey) System.Diagnostics.Debug.WriteLine("\t Private Key: " + x509Certificate.PrivateKey.ToXmlString(false)); else System.Diagnostics.Debug.WriteLine("\t Private Key: "); System.Diagnostics.Debug.WriteLine(""); System.Diagnostics.Debug.WriteLine("Raw Cert"); System.Diagnostics.Debug.WriteLine("\t " + x509Certificate.GetRawCertDataString()); System.Diagnostics.Debug.WriteLine(""); System.Diagnostics.Debug.WriteLine("************************************************************************************"); System.Diagnostics.Debug.WriteLine(""); }
public bool VerifySignature(string msiFileName) { try { X509Certificate basicSigner = X509Certificate.CreateFromSignedFile(msiFileName); X509Certificate2 cert = new X509Certificate2(basicSigner); System.Console.WriteLine("issuer:" + cert.Issuer); System.Console.WriteLine("serial:" + cert.SerialNumber); System.Console.WriteLine("expiration date:" + cert.NotAfter.ToString()); System.Console.WriteLine("subject:" + cert.Subject); System.Console.WriteLine("verified:" + (cert.Verify() ? "true" : "false")); if (DateTime.Now > cert.NotAfter) { System.Console.WriteLine("cert has expired: " + cert.NotAfter.ToString()); return false; } if (DateTime.Now < cert.NotBefore) { System.Console.WriteLine("cert not yet active: " + cert.NotBefore.ToString()); return false; } string serial = cert.SerialNumber; string issuer = cert.Issuer; string company = cert.Subject; foreach (CertStrings o in mCertStrings) { if (o.Matches(serial, issuer, company)) { return true; } } System.Console.WriteLine("creds not found >> serial: " + serial + " issuer: " + issuer + " company: " + company); } catch (SystemException e) { System.Console.WriteLine("could not extract cert from file: " + msiFileName + " (" + e + ")"); } return false; }
public X509Certificate2Collection Find(X509FindType findType, object findValue, bool validOnly) { if (findValue == null) { throw new ArgumentNullException("findValue"); } string text = string.Empty; string text2 = string.Empty; X509KeyUsageFlags x509KeyUsageFlags = X509KeyUsageFlags.None; DateTime t = DateTime.MinValue; switch (findType) { case X509FindType.FindByThumbprint: case X509FindType.FindBySubjectName: case X509FindType.FindBySubjectDistinguishedName: case X509FindType.FindByIssuerName: case X509FindType.FindByIssuerDistinguishedName: case X509FindType.FindBySerialNumber: case X509FindType.FindByTemplateName: case X509FindType.FindBySubjectKeyIdentifier: try { text = (string)findValue; } catch (Exception inner) { string text3 = Locale.GetText("Invalid find value type '{0}', expected '{1}'.", new object[] { findValue.GetType(), "string" }); throw new CryptographicException(text3, inner); } break; case X509FindType.FindByTimeValid: case X509FindType.FindByTimeNotYetValid: case X509FindType.FindByTimeExpired: try { t = (DateTime)findValue; } catch (Exception inner2) { string text4 = Locale.GetText("Invalid find value type '{0}', expected '{1}'.", new object[] { findValue.GetType(), "X509DateTime" }); throw new CryptographicException(text4, inner2); } break; case X509FindType.FindByApplicationPolicy: case X509FindType.FindByCertificatePolicy: case X509FindType.FindByExtension: try { text2 = (string)findValue; } catch (Exception inner3) { string text5 = Locale.GetText("Invalid find value type '{0}', expected '{1}'.", new object[] { findValue.GetType(), "X509KeyUsageFlags" }); throw new CryptographicException(text5, inner3); } try { CryptoConfig.EncodeOID(text2); } catch (CryptographicUnexpectedOperationException) { string text6 = Locale.GetText("Invalid OID value '{0}'.", new object[] { text2 }); throw new ArgumentException("findValue", text6); } break; case X509FindType.FindByKeyUsage: try { x509KeyUsageFlags = (X509KeyUsageFlags)((int)findValue); } catch (Exception inner4) { string text7 = Locale.GetText("Invalid find value type '{0}', expected '{1}'.", new object[] { findValue.GetType(), "X509KeyUsageFlags" }); throw new CryptographicException(text7, inner4); } break; default: { string text8 = Locale.GetText("Invalid find type '{0}'.", new object[] { findType }); throw new CryptographicException(text8); } } CultureInfo invariantCulture = CultureInfo.InvariantCulture; X509Certificate2Collection x509Certificate2Collection = new X509Certificate2Collection(); foreach (object obj in base.InnerList) { X509Certificate2 x509Certificate = (X509Certificate2)obj; bool flag = false; switch (findType) { case X509FindType.FindByThumbprint: flag = (string.Compare(text, x509Certificate.Thumbprint, true, invariantCulture) == 0 || string.Compare(text, x509Certificate.GetCertHashString(), true, invariantCulture) == 0); break; case X509FindType.FindBySubjectName: { string nameInfo = x509Certificate.GetNameInfo(X509NameType.SimpleName, false); flag = (nameInfo.IndexOf(text, StringComparison.InvariantCultureIgnoreCase) >= 0); break; } case X509FindType.FindBySubjectDistinguishedName: flag = (string.Compare(text, x509Certificate.Subject, true, invariantCulture) == 0); break; case X509FindType.FindByIssuerName: { string nameInfo2 = x509Certificate.GetNameInfo(X509NameType.SimpleName, true); flag = (nameInfo2.IndexOf(text, StringComparison.InvariantCultureIgnoreCase) >= 0); break; } case X509FindType.FindByIssuerDistinguishedName: flag = (string.Compare(text, x509Certificate.Issuer, true, invariantCulture) == 0); break; case X509FindType.FindBySerialNumber: flag = (string.Compare(text, x509Certificate.SerialNumber, true, invariantCulture) == 0); break; case X509FindType.FindByTimeValid: flag = (t >= x509Certificate.NotBefore && t <= x509Certificate.NotAfter); break; case X509FindType.FindByTimeNotYetValid: flag = (t < x509Certificate.NotBefore); break; case X509FindType.FindByTimeExpired: flag = (t > x509Certificate.NotAfter); break; case X509FindType.FindByApplicationPolicy: flag = (x509Certificate.Extensions.Count == 0); break; case X509FindType.FindByExtension: flag = (x509Certificate.Extensions[text2] != null); break; case X509FindType.FindByKeyUsage: { X509KeyUsageExtension x509KeyUsageExtension = x509Certificate.Extensions["2.5.29.15"] as X509KeyUsageExtension; flag = (x509KeyUsageExtension == null || (x509KeyUsageExtension.KeyUsages & x509KeyUsageFlags) == x509KeyUsageFlags); break; } case X509FindType.FindBySubjectKeyIdentifier: { X509SubjectKeyIdentifierExtension x509SubjectKeyIdentifierExtension = x509Certificate.Extensions["2.5.29.14"] as X509SubjectKeyIdentifierExtension; if (x509SubjectKeyIdentifierExtension != null) { flag = (string.Compare(text, x509SubjectKeyIdentifierExtension.SubjectKeyIdentifier, true, invariantCulture) == 0); } break; } } if (flag) { if (validOnly) { try { if (x509Certificate.Verify()) { x509Certificate2Collection.Add(x509Certificate); } } catch { } } else { x509Certificate2Collection.Add(x509Certificate); } } } return(x509Certificate2Collection); }
public static void GetSignatureInformation(string filename) { if (HasValidSignature(filename)) { var cert = new X509Certificate2(filename); Console.WriteLine("Cert: {0}", cert.Subject); var ch = new X509Chain(); ch.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot; ch.ChainPolicy.RevocationMode = X509RevocationMode.Online; ch.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 0); ch.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags; ch.Build(cert); ch.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags; ch.ChainPolicy.RevocationMode = X509RevocationMode.Online; Console.WriteLine("Chain Information"); Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag); Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode); Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags); Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime); Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length); Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count); Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine); //Output chain element information. Console.WriteLine("Chain Element Information"); Console.WriteLine("Number of chain elements: {0}", ch.ChainElements.Count); foreach (var element in ch.ChainElements) { Console.WriteLine("Element issuer name: {0}", element.Certificate.Issuer); Console.WriteLine("Element certificate valid until: {0}", element.Certificate.NotAfter); Console.WriteLine("Element certificate is valid: {0}", element.Certificate.Verify()); Console.WriteLine("Element error status length: {0}", element.ChainElementStatus.Length); Console.WriteLine("Element information: {0}", element.Information); Console.WriteLine("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine); } if (ch.ChainStatus.Length > 0) { for (int index = 0; index < ch.ChainStatus.Length; index++) { Console.WriteLine(ch.ChainStatus[index].Status); Console.WriteLine(ch.ChainStatus[index].StatusInformation); } } Console.WriteLine("Cert Valid?: {0}", cert.Verify()); } }
public void RootTest() { // 验证根证书签名 X509Certificate2 x509Root = new X509Certificate2(@"..\..\..\ApacheQpidClient\certificates\LiquidCapital\LCMLO_LIQSPALBB.crt"); Console.WriteLine("Root Certificate Verified?: {0}{1}", x509Root.Verify(), Environment.NewLine); // 根证书是自签名,所以可以通过。 }