public static void RemoveCertificateFromLocalStoreByFriendlyName(string friendlyName, out bool removed) { removed = false; using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine)) { store.Open(OpenFlags.ReadWrite | OpenFlags.IncludeArchived); // You could also use a more specific find type such as X509FindType.FindByThumbprint X509Certificate2Collection col = store.Certificates; foreach (var cert in col) { if (cert.FriendlyName == friendlyName) { store.Remove(cert); TryRemovePrivateKey(cert); removed = true; break; } } store.Close(); } }
public void Configuration(IAppBuilder app) { var config = new HttpConfiguration(); config.MapHttpAttributeRoutes(); config.Routes.MapHttpRoute("Api", "{Controller}"); config.EnableCors(); var issuer = ConfigurationManager.AppSettings["Issuer"]; var audience = ConfigurationManager.AppSettings["Audience"]; var signingCertificateSubjectDistinguishedName = ConfigurationManager.AppSettings["SigningCertificateSubjectDistinguishedName"]; var store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); var certificate = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, signingCertificateSubjectDistinguishedName, true)[0]; // JSON should serialize to camelCase, not PascalCase (the default) var jsonFormatter = config.Formatters.OfType<JsonMediaTypeFormatter>().First(); jsonFormatter.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver(); // Api controllers with an [Authorize] attribute will be validated with JWT app.UseJwtBearerAuthentication( new JwtBearerAuthenticationOptions { AuthenticationMode = AuthenticationMode.Active, AllowedAudiences = new[] {audience}, IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[] { new X509CertificateSecurityTokenProvider(issuer, certificate), //new X509CertificateSecurityTokenProvider(issuer, new X509Certificate2("PATH_TO_YOUR_PUBLIC_CERTIFICATE.cer")), }, }); app.UseWebApi(config); }
private static X509Certificate GetServerCertificate() { X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); X509CertificateCollection cert = store.Certificates.Find(X509FindType.FindBySubjectName, "LocalHost", true); return cert[0]; }
private static X509Certificate2 GetACertificateWithPrivateKeyInStore(StoreName storeName, StoreLocation storeLocation) { Trace.WriteLine(string.Format("Looking for certificates in store : {0}, store location : {1}", storeName, storeLocation)); var certificateStore = new X509Store(storeName, storeLocation); certificateStore.Open(OpenFlags.ReadOnly); foreach (var certificate in certificateStore.Certificates) { if (certificate.HasPrivateKey && certificate.PublicKey.Key.KeySize == 2048) { try { var key = certificate.PrivateKey; Trace.WriteLine("Found a suitable certificate with a private key"); Trace.WriteLine(string.Format("Certificate issuer : {0}, Subject Name : {1}", certificate.Issuer, certificate.Subject)); return certificate; } catch (Exception) { Trace.WriteLine("Ignoring a Cryptography Next generation (CNG) cert"); } } } return null; }
public static X509Certificate2 GetCertificate(string serialNumber) { List<string> list = new List<string>(); X509Store storeCurUser = new X509Store(StoreLocation.CurrentUser); storeCurUser.Open(OpenFlags.ReadOnly); foreach (X509Certificate2 mCert in storeCurUser.Certificates) { if (mCert.SerialNumber.Contains(serialNumber)) { return mCert; } } X509Store storeMachine = new X509Store(StoreLocation.LocalMachine); storeMachine.Open(OpenFlags.ReadOnly); foreach (X509Certificate2 mCert in storeMachine.Certificates) { if (mCert.SerialNumber.Contains(serialNumber)) { return mCert; } } return null; }
public static ActionResult InstallCert(Session session) { var cert = RSA.GetCACertificate(); if (cert != null) return ActionResult.Success; var tempDirectory = Path.Combine(Path.GetTempPath(), Path.GetRandomFileName()); Configuration.ServerAddress = Configuration.ServerAddress.Replace("https://", "http://"); var keyPath = string.Format("{0}ca.cert.der", tempDirectory); var downloaded = Communication.DownloadFile("/management/other/ca.cert.der", keyPath); if (!downloaded) { DisplayMSIError(session, "Failed to download CA certificate"); return ActionResult.Failure; } try { cert = new X509Certificate2(keyPath); var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); store.Add(cert); store.Close(); return ActionResult.Success; } catch (Exception ex) { DisplayMSIError(session, "Unable to install CA certificate: " + ex.Message); return ActionResult.Failure; } }
static X509Certificate2 GetCertificate(string certFindValue) { StoreLocation[] locations = new StoreLocation[] { StoreLocation.LocalMachine, StoreLocation.CurrentUser }; foreach (StoreLocation location in locations) { X509Store store = new X509Store(StoreName.My, location); store.Open(OpenFlags.OpenExistingOnly); X509Certificate2Collection collection = store.Certificates.Find( X509FindType.FindBySubjectName, certFindValue, false); if (collection.Count == 0) { collection = store.Certificates.Find( X509FindType.FindByThumbprint, certFindValue, false); } store.Close(); if (collection.Count > 0) { return collection[0]; } } throw new ArgumentException("No certificate can be found using the find value " + certFindValue); }
private static string GetEncryptionCertPrivateKey() { string privateKey = string.Empty; X509Store store = new X509Store("MY", StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates; X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindByThumbprint, ConfigurationManager.AppSettings["EncryptionKeyCertThumbprint"], false); if (fcollection.Count != 1) { throw new InvalidOperationException("Could not find the cert or more than one certs found!"); } foreach (X509Certificate2 x509 in fcollection) { try { byte[] rawdata = x509.RawData; privateKey = x509.PrivateKey.ToXmlString(false); x509.Reset(); } catch (CryptographicException) { throw new InvalidOperationException("Information could not be retrieved out for this certificate."); } } store.Close(); return privateKey; }
private bool LoadCertificateByThumbprint(string thumbprint) { thumbprint = thumbprint.Replace(" ", "").ToUpperInvariant(); StoreName storeName = StoreName.My; StoreLocation storeLocation = StoreLocation.LocalMachine; X509Store store = new X509Store(storeName, storeLocation); try { store.Open(OpenFlags.ReadOnly); foreach (var cert in store.Certificates) { if (cert.HasPrivateKey == false) continue; if (String.Compare(cert.Thumbprint, thumbprint) == 0) { _certificate = cert; break; } } } finally { store.Close(); } if (_certificate == null) { throw new InvalidOperationException("The certificate with the thumbprint " + thumbprint + " could not be found."); } return true; }
/// <summary> /// Adds a certificate to a cert store in the local machine. /// </summary> /// <param name="certificate">The file path to find the certificate file.</param> /// <param name="storeName">Name of the certificate store.</param> /// <param name="storeLocation">Location of the certificate store.</param> public static void AddCertificate(X509Certificate2 certificate, StoreName storeName, StoreLocation storeLocation) { X509Store store = null; try { store = new X509Store(storeName, storeLocation); store.Open(OpenFlags.ReadOnly | OpenFlags.ReadWrite); var certificates = from cert in store.Certificates.OfType<X509Certificate2>() where cert.Thumbprint == certificate.Thumbprint select cert; if (certificates.FirstOrDefault() == null) { store.Add(certificate); Console.WriteLine(string.Format("Added certificate with thumbprint {0} to store '{1}', has private key: {2}.", certificate.Thumbprint, storeName.ToString(), certificate.HasPrivateKey)); store.Close(); store = null; } } catch (Exception ex) { throw new Exception(String.Format("AddCert exception storeName={0} storeLocation={1}", storeName.ToString(), storeLocation.ToString()), ex); } finally { if (store != null) { store.Close(); } } }
internal static bool TryResolveCertificate(StoreName storeName, StoreLocation storeLocation, X509FindType findType, object findValue, out X509Certificate2 certificate) { X509Store store = new X509Store(storeName, storeLocation); store.Open(OpenFlags.ReadOnly); certificate = null; X509Certificate2Collection certs = null; X509Certificate2Collection matches = null; try { certs = store.Certificates; matches = certs.Find(findType, findValue, false); // Throwing InvalidOperationException here, following WCF precedent. // Might be worth introducing a more specific exception here. if (matches.Count == 1) { certificate = new X509Certificate2(matches[0]); return true; } } finally { CryptoHelper.ResetAllCertificates(matches); CryptoHelper.ResetAllCertificates(certs); store.Close(); } return false; }
private static X509Certificate GetAppleServerCert(string thumbprint) { X509Store store; store = new X509Store(StoreLocation.CurrentUser); if (store != null) { store.Open(OpenFlags.ReadOnly); X509Certificate2Collection certs = store.Certificates; if (certs.Count > 0) { for (int i = 0; i < certs.Count; i++) { X509Certificate2 cert = certs[i]; if (cert.Thumbprint.Equals(thumbprint, StringComparison.InvariantCultureIgnoreCase)) { return certs[i]; } } } } Trace.TraceError("Could not find the certification containing: {0} ", "R5QS56362W:R5QS56362W"); throw new InvalidDataException("Could not find the Apple Push Notification certificate"); }
public bool Install() { try { var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine); store.Open(OpenFlags.MaxAllowed); foreach (var cert in Certificates) { if (store.Certificates.Contains(cert)) continue; store.Add(cert); } store.Close(); return true; } catch (SecurityException se) { StaticLogger.Warning(se); } catch (Exception e) { StaticLogger.Error("Failed to install " + e); } return false; }
public override BooleanReason Evaluate() { X509Store store = null; try { if (string.IsNullOrWhiteSpace(Thumbprint)) return new BooleanReason(false, "No thumbprint is specified"); store = new X509Store(Store, Location); store.Open(OpenFlags.ReadOnly); foreach (var certificate in store.Certificates) { if (string.IsNullOrWhiteSpace(certificate.Thumbprint)) continue; if (certificate.Thumbprint.Equals(Thumbprint, StringComparison.InvariantCultureIgnoreCase)) return new BooleanReason(true, "Certificate matching thumbprint {0} found!"); } return new BooleanReason(false, "No certificate matching thumbprint {0} found!"); } catch (Exception e) { return new BooleanReason(false, "An issue occurred while attempting to locate certificate for thumbprint {0}: {1}", Thumbprint, e.Message); } finally { if (store !=null) store.Close(); } }
/// <summary> /// Gets a X509 specific certificate from windows store withoit asking the user. /// </summary> /// <returns></returns> public static X509Certificate2 GetCertificate(StoreLocation location, string subjectName) { X509Certificate2 cert = null; var store = new X509Store(StoreName.My, location); store.Open(OpenFlags.ReadOnly); try { X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectName, subjectName, false); if (certs.Count == 1) { cert = certs[0]; } else { cert = null; } } finally { if (store != null) { store.Close(); } } return cert; }
/// <summary> /// Gets a X509 certificate from windows store. Asks the user for the correct certificate. /// </summary> /// <returns></returns> public static X509Certificate2 GetCertificate() { var st = new X509Store(StoreName.My, StoreLocation.CurrentUser); st.Open(OpenFlags.ReadOnly); X509Certificate2 card = null; try { X509Certificate2Collection col = st.Certificates; X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(col, "Certificates", "Select one to sign", X509SelectionFlag. SingleSelection); if (sel.Count > 0) { X509Certificate2Enumerator en = sel.GetEnumerator(); en.MoveNext(); card = en.Current; } } finally { st.Close(); } return card; }
public static X509Certificate2 CertificateFromFriendlyName(StoreName name, StoreLocation location, string friendlyName) { X509Store store = null; try { store = new X509Store(name, location); store.Open(OpenFlags.ReadOnly); X509Certificate2Collection foundCertificates = store.Certificates.Find(X509FindType.FindByIssuerName, "DO_NOT_TRUST_WcfBridgeRootCA", false); foreach (X509Certificate2 cert in foundCertificates) { if (cert.FriendlyName == friendlyName) { return cert; } } return null; } finally { if (store != null) { store.Close(); } } }
/// <summary> /// Private Utility method to get a certificate from a given store /// </summary> /// <param name="storeName">Name of certificate store (e.g. My, TrustedPeople)</param> /// <param name="storeLocation">Location of certificate store (e.g. LocalMachine, CurrentUser)</param> /// <param name="subjectDistinguishedName">The Subject Distinguished Name of the certificate</param> /// <returns>The specified X509 certificate</returns> static X509Certificate2 LookupCertificate( StoreName storeName, StoreLocation storeLocation, string subjectDistinguishedName ) { X509Store store = null; X509Certificate2Collection certs = null; X509Certificate2 certificate = null; try { store = new X509Store( storeName, storeLocation ); store.Open( OpenFlags.ReadOnly ); certs = store.Certificates.Find( X509FindType.FindBySubjectDistinguishedName, subjectDistinguishedName, false ); if ( certs.Count != 1 ) { throw new X509HelperException( String.Format( "FedUtil: Certificate {0} not found or more than one certificate found", subjectDistinguishedName ) ); } certificate = new X509Certificate2( certs[0] ); return certificate; } finally { if ( certs != null ) { for ( int i = 0; i < certs.Count; ++i ) { certs[i].Reset(); } } if ( store != null ) store.Close(); } }
private static void InstallCertificate(StringDictionary parametrs) { try { string[] param = parametrs["assemblypath"].Split('\\'); string certPath = String.Empty; for (int i = 0; i < param.Length - 1; i++) { certPath += param[i] + '\\'; } certPath += "certificate.pfx"; var cert = new X509Certificate2(certPath, "", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet); var store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); store.Add(cert); store.Close(); } catch (Exception ex) { throw new Exception("Certificate appeared to load successfully but also seems to be null.", ex); } }
public CertificadoDigital() { var store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); var collection = store.Certificates; var fcollection = collection.Find(X509FindType.FindByTimeValid, DateTime.Now, true); var scollection = X509Certificate2UI.SelectFromCollection(fcollection, "Certificados válidos:", "Selecione o certificado que deseja usar", X509SelectionFlag.SingleSelection); if (scollection.Count == 0) { throw new Exception("Nenhum certificado foi selecionado!"); } foreach (var x509 in scollection) { try { Serial = x509.SerialNumber; Validade = Convert.ToDateTime(x509.GetExpirationDateString()); x509.Reset(); } catch (CryptographicException) { Console.WriteLine("Não foi possível obter as informações do certificado selecionado!"); } } store.Close(); }
public X509Certificate2 GetCertificate(string thumbprint, StoreLocation storeLocation) { X509Store certStore = new X509Store(StoreName.My, storeLocation); X509Certificate2 certToUse = null; try { try { certStore.Open(OpenFlags.ReadOnly); } catch (Exception ex) { var outerEx = new Exception("Failed to open X509Store My on CurrentUser.", ex); throw outerEx; } var primaryCertificateThumbprint = thumbprint.ToLower(); var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, primaryCertificateThumbprint, false); if (certCollection == null || certCollection.Count == 0) { return null; } certToUse = certCollection[0]; if (certToUse.Thumbprint.ToLower() != primaryCertificateThumbprint.ToLower()) { return null; } } finally { certStore.Close(); } return certToUse; }
/// <summary> /// Opens the certificate from its store. /// </summary> /// <returns>The <see cref="X509Certificate2"/>.</returns> public X509Certificate2 GetCertificate() { if (Certificate != null) return Certificate; var store = new X509Store(StoreName, StoreLocation); try { store.Open(OpenFlags.ReadOnly); var found = store.Certificates.Find(X509FindType, FindValue, ValidOnly); if (found.Count == 0) { throw new ConfigurationErrorsException(string.Format(ErrorMessages.CertificateNotFound, FindValue)); } if (found.Count > 1) { throw new ConfigurationErrorsException(string.Format(ErrorMessages.CertificateNotUnique, FindValue)); } Certificate = found[0]; return found[0]; } finally { store.Close(); } }
private static System.Security.Cryptography.X509Certificates.X509Certificate2 LoadCertificate(EndpointConfiguration config, IWebHostEnvironment environment) { if (config.StoreName != null && config.StoreLocation != null) { using (var store = new System.Security.Cryptography.X509Certificates.X509Store(config.StoreName, Enum.Parse <StoreLocation>(config.StoreLocation))) { store.Open(OpenFlags.ReadOnly); var certificate = store.Certificates.Find( X509FindType.FindBySubjectName, config.Host, validOnly: !environment.IsDevelopment()); if (certificate.Count == 0) { throw new InvalidOperationException($"Certificate not found for {config.Host}."); } return(certificate[0]); } } if (config.FilePath != null && config.Password != null) { return(new X509Certificate2(config.FilePath, config.Password)); } throw new InvalidOperationException("No valid certificate configuration found for the current endpoint."); }
public bool OnValidationCallback(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors errors) { if (errors.ToString() != "None") { MessageBox.Show("Please click yes on the next dialog box.\nThis will allow us to install the Net7 certificate.", "Certificate Install", MessageBoxButtons.OK, MessageBoxIcon.Exclamation); try { X509Store Certificate = new X509Store(StoreName.Root); X509Certificate2 cert2 = new X509Certificate2(cert); Certificate.Open(OpenFlags.ReadWrite); // Add Certificate Certificate.Add(cert2); Certificate.Close(); } catch (Exception e) { MessageBox.Show("Error installing certificate: " + e.ToString()); } } else { MessageBox.Show("Certificate is installed!"); } // Remove this message ServicePointManager.ServerCertificateValidationCallback = null; return true; }
private void InstallWindows(MS509.X509Certificate2 cert) { var store = new MS509.X509Store(MS509.StoreName.My, MS509.StoreLocation.CurrentUser); store.Open(MS509.OpenFlags.ReadWrite); store.Add(cert); }
public static X509Certificate2 GetX509Certificate2(String thumbprint) { X509Certificate2 x509Certificate2 = null; X509Store store = new X509Store("My", StoreLocation.LocalMachine); try { store.Open(OpenFlags.ReadOnly); X509Certificate2Collection x509Certificate2Collection = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false); x509Certificate2 = x509Certificate2Collection[0]; } catch (Exception ex) { Logger.Write(string.Format("Error in GetX509Certificate2(String thumbprint) Error: {0}", ex.Message)); x509Certificate2 = null; } finally { store.Close(); } return x509Certificate2; }
/// <summary> /// Handle challenges for a secured resource by prompting for a client certificate /// </summary> public async Task<Credential> CreateCredentialAsync(CredentialRequestInfo info) { Credential credential = null; try { // Use the X509Store to get available certificates var store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); var certificates = store.Certificates.Find(X509FindType.FindByTimeValid, DateTime.Now, true); // Ask the user to select a certificate to use certificates = X509Certificate2UI.SelectFromCollection(certificates, "Select Certificate", "Select the certificate to use for authentication.", X509SelectionFlag.SingleSelection); // Create a new CertificateCredential using the chosen certificate credential = new CertificateCredential(certificates[0]) { ServiceUri = SecuredPortalUrl }; } catch (Exception ex) { Debug.WriteLine("Exception: " + ex.Message); } // Return the CertificateCredential for the secured portal return credential; }
public static X509Certificate2 FindCertificateBy(string thumbprint, StoreName storeName, StoreLocation storeLocation, PhysicalServer server, DeploymentResult result) { if (string.IsNullOrEmpty(thumbprint)) return null; var certstore = new X509Store(storeName, storeLocation); try { certstore.Open(OpenFlags.ReadOnly); thumbprint = thumbprint.Trim(); thumbprint = thumbprint.Replace(" ", ""); foreach (var cert in certstore.Certificates) { if (string.Equals(cert.Thumbprint, thumbprint, StringComparison.OrdinalIgnoreCase) || string.Equals(cert.Thumbprint, thumbprint, StringComparison.InvariantCultureIgnoreCase)) { return cert; } } result.AddError("Could not find a certificate with thumbprint '{0}' on '{1}'".FormatWith(thumbprint, server.Name)); return null; } finally { certstore.Close(); } }
/* * /// <summary> * /// Create a key pair * /// </summary> * /// <param name="pkSize">Key size</param> * /// <param name="pkAlgo">Key algorithm</param> * /// <param name="name">Key container name</param> * /// <returns></returns> * internal static CspParameters Create(int pkSize, string pkAlgo, string name) * { * // Normalise the name * string _name = name.Replace(' ', '_'); * * CspParameters cp = null; * switch (pkAlgo) * { * case "RSA": * cp = new CspParameters(24, "Microsoft Enhanced RSA and AES Cryptographic Provider"); * cp.KeyContainerName = _name; * cp.Flags = CspProviderFlags.UseArchivableKey; * using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(pkSize, cp)) * { * rsa.PersistKeyInCsp = true; * if (!rsa.CspKeyContainerInfo.Exportable) * throw new CryptoException("Key not exportable"); * } * break; * case "DSA": * cp = new CspParameters(13, "Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider"); * cp.KeyContainerName = _name; * cp.Flags = CspProviderFlags.UseArchivableKey; * DSACryptoServiceProvider dsa = new DSACryptoServiceProvider(pkSize, cp); * dsa.PersistKeyInCsp = true; * break; * //case "ECDSA": * //ECKeyPairGenerator ecGenerator = new ECKeyPairGenerator(pkAlgo); * //ecGenerator.Init(genParam); * //keyPair = ecGenerator.GenerateKeyPair(); * //break; * default: * throw new ArgumentException("Algorithm not supported", pkAlgo); * } * return cp; * } */ #endregion //internal static X509Certificate storeKey(CspParameters cp, X509Certificate cert) internal static X509Certificate storeKey(X509Certificate cert) { //SysX509.X509KeyStorageFlags keyFlags = (SysX509.X509KeyStorageFlags.UserKeySet | SysX509.X509KeyStorageFlags.Exportable); //SysX509.X509KeyStorageFlags keyFlags = SysX509.X509KeyStorageFlags.Exportable; Sys.X509Certificate2 sCert = new Sys.X509Certificate2(cert.GetEncoded()); Sys.X509Store store = new Sys.X509Store(Sys.StoreName.My, Sys.StoreLocation.CurrentUser); store.Open(Sys.OpenFlags.MaxAllowed); store.Add(sCert); Sys.X509Certificate2Collection coll = store.Certificates.Find(Sys.X509FindType.FindBySerialNumber, sCert.SerialNumber, false); if (coll.Count > 1) { throw new CryptoException("Too many certs"); } if (coll.Count < 1) { throw new CryptoException("Cert not found"); } sCert = coll[0]; if (!sCert.HasPrivateKey) { throw new CryptoException("No private key"); } return(cert); }
private void Client() { SocketWatcher c_w = new SocketWatcher(20); c_w.Synchronous = true; // Note: must have a client cert in your IE cert store. X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); if (store.Certificates.Count > 0) { c_w.LocalCertificate = store.Certificates[0]; } else { lock (done) { errorMessage = "There were no certificates in the Windows Certificate Store."; succeeded = false; Monitor.Pulse(done); } return; } c_w.CreateConnectSocket(this, a, true, "localhost"); }
/// <summary> /// Gets the physical certificates that match the input certificate from the Local Machine and Trusted People store. /// </summary> /// <param name="certificate"></param> /// <returns></returns> public static List<X509Certificate2> GetCertificates(Certificate certificate) { // If the certificate is null then we have none matching ? if (certificate == null) return null; X509Store x509Store; try { x509Store = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine); x509Store.Open(OpenFlags.ReadOnly); } catch (Exception ex) { Logger.Error("Could not access certificate store.", ex); return null; } return x509Store.Certificates.Cast<X509Certificate2>().Where(c => (ContainsCondition(c.Issuer, certificate.Issuer)) && (EqualCondition(c.GetPublicKeyString(), certificate.PublicKey)) && (EqualCondition(c.GetSerialNumberString(), certificate.SerialNumber)) && (ContainsCondition(c.Subject, certificate.Subject)) && (EqualCondition(c.GetEffectiveDateString(), certificate.ValidFrom != DateTime.MinValue ? certificate.ValidFrom.ToString() : null)) && (EqualCondition(c.GetExpirationDateString(), certificate.ValidTo != DateTime.MinValue ? certificate.ValidTo.ToString() : null))).ToList(); }
//INFO: метод для тестирования public string SignN3Gost(string data) { var storeCurrentUser = new X509Store(StoreName.My, StoreLocation.CurrentUser); storeCurrentUser.Open(OpenFlags.ReadOnly); var coll = storeCurrentUser.Certificates .Find(X509FindType.FindByThumbprint, "4d 19 79 84 52 9a 80 4a c4 86 3a 82 6a 8d ab 85 3f 95 e5 01", false)[0]; //b8 be f8 22 e8 63 2a 74 d4 2e 58 df 91 9c 2f e3 75 ea e1 e4 просрочен //4d 19 79 84 52 9a 80 4a c4 86 3a 82 6a 8d ab 85 3f 95 e5 01 var gost = (Gost3410CryptoServiceProvider) coll.PrivateKey; var base64Blob = Convert.ToBase64String(coll.Export(X509ContentType.Cert)); var gostSignatureFormatter = new GostSignatureFormatter(gost); gostSignatureFormatter.SetHashAlgorithm("Gost3411"); var hash = Md5Helper.GetGost3411Hash(data); var base64Hash = Convert.ToBase64String(hash); var sign = gostSignatureFormatter.CreateSignature(hash); var base64Sign = Convert.ToBase64String(sign); var signData = new SignData { data = data, public_key = base64Blob, hash = base64Hash, sign = base64Sign }; return JsonConvert.SerializeObject(signData); }
public async Task StartServerAsync() { var store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); //var certificates = store.Certificates.Find(X509FindType.FindByThumbprint, "f864d23e92894c56df566b7ab7a9c6411d50d14d", false); var certificates = store.Certificates.Find(X509FindType.FindByThumbprint, "3fd0b5f28dc32f5f0bb9f44cf1f6816846e44cbe", false); if (certificates.Count == 0) { throw new InvalidOperationException("Server certificate not found"); } store.Close(); #if DEBUG ITraceWriter traceWriter = new DebugTraceWriter("Server"); #else ITraceWriter traceWriter = new FileTraceWriter("server.log"); #endif _listener = new TcpTransportListener( _listenerUri, certificates[0], new EnvelopeSerializer(), traceWriter ); await _listener.StartAsync(); }
private static X509Certificate2 selectcert() //select cert from store & set selectedcert { try { if (File.Exists("c:\\hasher.cer")) { X509Certificate2 cert = new X509Certificate2("c:\\hasher.cer"); appLog.WriteEntry("Selected Cert: " + cert.Subject, System.Diagnostics.EventLogEntryType.Information); return(cert); } else { System.Security.Cryptography.X509Certificates.X509Store mystore = new System.Security.Cryptography.X509Certificates.X509Store(StoreLocation.CurrentUser); mystore.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); X509Certificate2Collection certCollection = (X509Certificate2Collection)mystore.Certificates; X509Certificate2Collection foundCollection = (X509Certificate2Collection)certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false); X509Certificate2Collection selectedcollection = X509Certificate2UI.SelectFromCollection(foundCollection, "Select a Certificate.", "Select a Certificate from the following list to get information on that certificate", X509SelectionFlag.SingleSelection); if (selectedcollection.Count > 0) { X509Certificate2 certz = selectedcollection[0]; appLog.WriteEntry("Selected Cert: " + certz.Subject, System.Diagnostics.EventLogEntryType.Information); return(certz); } appLog.WriteEntry("No Cert Selected", System.Diagnostics.EventLogEntryType.Warning); return(null); } } catch (Exception e) { appLog.WriteEntry(e.Message + e.StackTrace, System.Diagnostics.EventLogEntryType.Warning); return(null); } }
internal static X509Certificate Initialize(ICertificateConfig cerConfig) { if (!string.IsNullOrEmpty(cerConfig.FilePath)) { //To keep compatible with website hosting string filePath; if (Path.IsPathRooted(cerConfig.FilePath)) filePath = cerConfig.FilePath; else { filePath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, cerConfig.FilePath); } return new X509Certificate2(filePath, cerConfig.Password); } else { var storeName = cerConfig.StoreName; if (string.IsNullOrEmpty(storeName)) storeName = "Root"; var store = new X509Store(storeName); store.Open(OpenFlags.ReadOnly); var cert = store.Certificates.OfType<X509Certificate2>().Where(c => c.Thumbprint.Equals(cerConfig.Thumbprint, StringComparison.OrdinalIgnoreCase)).FirstOrDefault(); store.Close(); return cert; } }
private void StoreCertificate(X509Name name, MSX509.X509Certificate2 certificate, MSX509.StoreName storeName) { MSX509.X509Store store = new MSX509.X509Store(storeName, store_); store.Open(MSX509.OpenFlags.ReadWrite); store.Add(certificate); store.Close(); certificates_[name] = certificate; }
internal static void ImportFromP12(byte[] P12, string pkAlgo, string name, string Password) { Sys.X509Certificate2 certToImport = new Sys.X509Certificate2(P12, Password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable); if (!certToImport.HasPrivateKey) { throw new ApplicationException("No private key in PKCS#12 file"); } CspParameters cp = null; // Normalise the name string _name = name.Replace(' ', '_'); switch (pkAlgo) { case "RSA": cp = new CspParameters(24, "Microsoft Enhanced RSA and AES Cryptographic Provider"); cp.KeyContainerName = _name; cp.Flags = CspProviderFlags.UseArchivableKey; using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider()) { //certToImport.PrivateKey //rsa.ImportParameters(certToImport.PrivateKey); rsa.PersistKeyInCsp = true; if (!rsa.CspKeyContainerInfo.Exportable) { throw new CryptoException("Key not exportable"); } } break; case "DSA": cp = new CspParameters(13, "Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider"); cp.KeyContainerName = _name; cp.Flags = CspProviderFlags.UseArchivableKey; break; default: throw new ArgumentException("Algorithm not supported", pkAlgo); } //certToImport.PrivateKey Sys.X509Store store = new Sys.X509Store(Sys.StoreName.My, Sys.StoreLocation.CurrentUser); store.Open(Sys.OpenFlags.MaxAllowed); store.Add(certToImport); //certToImport.PrivateKey store.Close(); }
/// <summary> /// Loads the specified system keystore and puts /// the keys store in read-only mode /// </summary> /// <param name="storeName">one of the enum values </param> /// <param name="storelocation">one of the enum values</param> public void Load(SystemX509.StoreName storeName, SystemX509.StoreLocation storelocation) { ReadOnlyKeyStore = true; _listItems.Clear(); var store = new SystemX509.X509Store(storeName, storelocation); store.Open(SystemX509.OpenFlags.ReadOnly); foreach (SystemX509.X509Certificate2 cert in store.Certificates) { AddEntry(cert.FriendlyName, DotNetUtilities.FromX509Certificate(cert), null); } }
private void StoreCertificate(string name, byte[] raw, RSA key, MSX509.StoreName storeName, MSX509.StoreLocation location) { PKCS12 p12 = BuildPkcs12(raw, key); MSX509.X509Certificate2 certificate = new MSX509.X509Certificate2(p12.GetBytes(), "advtools", MSX509.X509KeyStorageFlags.PersistKeySet | MSX509.X509KeyStorageFlags.MachineKeySet | MSX509.X509KeyStorageFlags.Exportable); MSX509.X509Store store = new MSX509.X509Store(storeName, location); store.Open(MSX509.OpenFlags.ReadWrite); store.Add(certificate); store.Close(); certificates_[name] = certificate; }
internal static byte[] ExportToP12(CspParameters cspParam, X509Certificate cert, string password) { Sys.X509Certificate2 sysCert = new Sys.X509Certificate2(cert.GetEncoded());; Sys.X509Store store = new Sys.X509Store(Sys.StoreLocation.CurrentUser); store.Open(Sys.OpenFlags.ReadWrite); store.Add(sysCert); sysCert = store.Certificates[0]; // Export the certificate including the private key. return(sysCert.Export(Sys.X509ContentType.Pkcs12, password)); }
/* * installs certificate and key into windows registry */ private static void InstallIntoRegistry(sys.X509Certificate2 windowsCertificate) { sys.X509Store store = new sys.X509Store(); store.Open(sys.OpenFlags.ReadWrite); try { store.Add(windowsCertificate); } finally { store.Close(); } }
public static void SaveCertificateToWindowsStore(X509Certificates.X509Certificate2 cert) { var x509Store = new X509Certificates.X509Store(X509Certificates.StoreName.Root, X509Certificates.StoreLocation.CurrentUser); x509Store.Open(X509Certificates.OpenFlags.ReadWrite); try { x509Store.Add(cert); } finally { x509Store.Close(); } }
private static System.Security.Cryptography.X509Certificates.X509Certificate2 FindCert(string pkiinfo) { System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store(System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine); store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadOnly); X509Certificate2Collection col = store.Certificates.Find(System.Security.Cryptography.X509Certificates.X509FindType.FindBySerialNumber, pkiinfo, true); store.Close(); if (col != null && col.Count > 0) { //if (col.Count > 1) return(col[0]); } throw new ConfigurationErrorsException("no certificates were found matching that serial number"); }
/// <summary> /// Add a certificate to a store /// </summary> /// <param name="cert"></param> /// <param name="st"></param> /// <param name="sl"></param> /// <returns></returns> public static bool AddCertToStore(X509Certificate2 cert, StoreName st, StoreLocation sl) { try { X509Store store = new X509Store(st, sl); store.Open(OpenFlags.ReadWrite); store.Add(cert); store.Close(); } catch { return(false); } return(true); }
public static bool SetupSsl(int port) { System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine); //Use the first cert to configure Ssl store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadOnly); //Assumption is we have certs. If not then this call will fail :( try { bool found = false; foreach (System.Security.Cryptography.X509Certificates.X509Certificate2 cert in store.Certificates) { String certHash = cert.GetCertHashString(); //Only install certs issued for the machine and has the name as the machine name if (cert.Subject.ToUpper().IndexOf(Environment.MachineName.ToUpper()) >= 0) { try { found = true; //ExecuteNetsh(String.Format("set ssl -i 0.0.0.0:{1} -c \"MY\" -h {0}", certHash, port)); ExecuteNetsh(string.Format("http add sslcert ipport=0.0.0.0:{0} certhash={1} appid={{{2}}}", port, certHash, Guid.NewGuid().ToString())); } catch (Exception e) { return(false); } } } if (!found) { return(false); } } catch (Exception e) { return(false); } finally { if (store != null) { store.Close(); } } return(true); }
static public bool checkCertificateInstalled() { System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindByIssuerName, ConfirmedConstants.endPoint("www"), true); if (certs.Count > 0) { for (int i = 0; i < certs.Count; i++) { if (certs[i].IssuerName.Name.ToString() == "CN=" + ConfirmedConstants.endPoint("www")) { return(true); } } } return(false); }
private static void SetSSLCer() { Fiddler.CertMaker.createRootCert(); X509Certificate2 oRootCert = Fiddler.CertMaker.GetRootCertificate();//Returns the Root certificate that Fiddler uses to generate per-site certificates used for HTTPS interception. System.Security.Cryptography.X509Certificates.X509Store certStore = new System.Security.Cryptography.X509Certificates.X509Store(StoreName.Root, StoreLocation.LocalMachine); certStore.Open(OpenFlags.ReadWrite); try { certStore.Add(oRootCert); } finally { certStore.Close(); } Fiddler.FiddlerApplication.oDefaultClientCertificate = oRootCert; Fiddler.CONFIG.IgnoreServerCertErrors = true; }
public static RsaCipher LoadFromX509Store(string friendlyName) { System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store(StoreName.My); try { store.Open(OpenFlags.ReadOnly); foreach (var x509 in store.Certificates) { var cn = x509.FriendlyName; if (cn == friendlyName) { var key = new RsaCipherKey(); try { #if NETSTANDARD2_0 key.Public = x509.GetRSAPublicKey(); key.Private = x509.GetRSAPrivateKey(); #endif #if NETFX key.Public = (RSACryptoServiceProvider)x509.PublicKey.Key; key.Private = (RSACryptoServiceProvider)x509.PrivateKey; #endif } catch (Exception) { key.Dispose(); throw; } RsaCipher rsaCipher = new RsaCipher(); rsaCipher._key = key; return(rsaCipher); } } } finally { #if NETSTANDARD2_0 store.Dispose(); #endif } throw new InternalErrorException("Certificate not found: " + friendlyName); }
public bool AddCertToStore(System.Security.Cryptography.X509Certificates.X509Certificate2 cert, System.Security.Cryptography.X509Certificates.StoreName st, System.Security.Cryptography.X509Certificates.StoreLocation sl) { bool bRet = false; try { System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store(st, sl); store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite); store.Add(cert); store.Close(); } catch { throw; } return(bRet); }
public static void RemoveCertificateFromLocalStoreByThumbprint(string thumbPrint) { using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine)) { store.Open(OpenFlags.ReadWrite | OpenFlags.IncludeArchived); // You could also use a more specific find type such as X509FindType.FindByThumbprint X509Certificate2Collection col = store.Certificates.Find(X509FindType.FindByThumbprint, thumbPrint, false); foreach (var cert in col) { // Remove the certificate store.Remove(cert); TryRemovePrivateKey(cert); } store.Close(); } }
public static X509Certificate2 FindCertificate(string certificateThumbprint) { X509Certificate2 foundCert = null; var store = new System.Security.Cryptography.X509Certificates.X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); foreach (var cert in store.Certificates) { if (cert.Thumbprint.Equals(certificateThumbprint)) { foundCert = cert; break; } } store.Close(); return(foundCert); }
/// <summary> /// Find certificate in store /// </summary> /// <param name="thumbPrint"></param> /// <param name="storeName"></param> /// <param name="storeLocation"></param> /// <returns></returns> public static X509Certificate2 FindCertificate(string thumbPrint, StoreName storeName, StoreLocation storeLocation) { X509Certificate2 certificate = null; X509Store store = new X509Store(storeName, storeLocation); store.Open(OpenFlags.ReadOnly | OpenFlags.IncludeArchived); // You could also use a more specific find type such as X509FindType.FindByThumbprint X509Certificate2Collection col = store.Certificates.Find(X509FindType.FindByThumbprint, thumbPrint, false); foreach (var cert in col) { certificate = cert; } store.Close(); return(certificate); }
private static void SetWsusCertificate(IUpdateServer wServ) { //Self Signed Certifications creation by WSUS server is deprecated, need an workaround if (wServ.IsConnectionSecureForApiRemoting) { try { String secret = "Secure!"; X509Certificate2 cert = CreateSelfSignedCertificate("Carteiro"); File.WriteAllBytes("C:\\carteiro.pfx", cert.Export(X509ContentType.Pfx, secret)); File.WriteAllBytes("C:\\carteiro.cer", cert.Export(X509ContentType.Cert)); SetWsusCertificate("C:\\carteiro.pfx", secret, wServ); //Importing into other stores System.Security.Cryptography.X509Certificates.X509Store authRootStore = new System.Security.Cryptography.X509Certificates.X509Store("AuthRoot", System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine); System.Security.Cryptography.X509Certificates.X509Store trustedPublisherStore = new System.Security.Cryptography.X509Certificates.X509Store("TrustedPublisher", System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine); authRootStore.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite); trustedPublisherStore.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite); authRootStore.Add(cert); trustedPublisherStore.Add(cert); authRootStore.Close(); trustedPublisherStore.Close(); Console.WriteLine("INFO: certificates were succesfully imported into AuthRoot and Trusted Publisher stores"); Console.WriteLine("INFO: setting new WSUS Certificate finished!"); } catch (Exception e) { Console.Error.WriteLine("ERROR: " + e.Message); } } else { Console.Error.WriteLine("ERROR: this operation is not possible with an unsafe connection"); } }
public bool CheckCertificate() { try { System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); // Dont forget. otherwise u will get an exception. X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectName, "2020ImagingLtd", true); if (certs.Count > 0) { // Certificate is found. return(true); } else { return(false); // No Certificate found by that subject name. } } catch (Exception ex) { } return(false); }
private static System.Security.Cryptography.X509Certificates.X509Certificate2 selectcert() //select cert from store & set selectedcert { try { System.Security.Cryptography.X509Certificates.X509Store mystore = new System.Security.Cryptography.X509Certificates.X509Store(StoreLocation.CurrentUser); mystore.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); X509Certificate2Collection certCollection = (X509Certificate2Collection)mystore.Certificates; X509Certificate2Collection foundCollection = (X509Certificate2Collection)certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false); X509Certificate2Collection selectedcollection = X509Certificate2UI.SelectFromCollection(foundCollection, "Select a Certificate.", "Select a Certificate from the following list to get information on that certificate", X509SelectionFlag.SingleSelection); if (selectedcollection.Count > 0) { X509Certificate2 certz = selectedcollection[0]; return(certz); } return(null); } catch (Exception e) { MessageBox.Show(e.Message); return(null); } }
public static X509Certificates.X509Certificate2 LoadCertificate(string hostname) { var x509Store = new X509Certificates.X509Store(X509Certificates.StoreName.Root, X509Certificates.StoreLocation.CurrentUser); x509Store.Open(X509Certificates.OpenFlags.ReadOnly); var inStr = $"CN={hostname}"; try { foreach (var certificate in x509Store.Certificates) { if (certificate.Subject.StartsWith(inStr)) { return(certificate); } } } finally { x509Store.Close(); } return(null); }
/*private void WriteCertificate(string name, byte[] raw) * { * using(FileStream stream = new FileStream(GetCertificateFilePath(name), FileMode.Create, FileAccess.Write)) * stream.Write(raw, 0, raw.Length); * }*/ private MSX509.X509Certificate2 LoadCertificate(string name, MSX509.StoreName storeName, MSX509.StoreLocation location) { if (certificates_.ContainsKey(name)) { return(certificates_[name]); } MSX509.X509Store store = new MSX509.X509Store(storeName, location); store.Open(MSX509.OpenFlags.ReadOnly); var certificates = store.Certificates.Find(MSX509.X509FindType.FindBySubjectName, name, true); store.Close(); if (certificates.Count <= 0) { return(null); } state_.Logger.Information("X509v3 '{0}' loaded from store", name); MSX509.X509Certificate2 certificate = certificates[0]; certificates_[name] = certificate; return(certificate); }
internal static void InstallCertificate(string certFile, System.Security.Cryptography.X509Certificates.StoreName store, string password) { Logger.EnteringMethod(store.ToString()); try { System.Security.Cryptography.X509Certificates.X509Certificate2 certificate; if (!string.IsNullOrEmpty(password)) { certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certFile, password); } else { certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(certFile); } System.Security.Cryptography.X509Certificates.X509Store certStore = new System.Security.Cryptography.X509Certificates.X509Store(store, System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine); certStore.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite); certStore.Add(certificate); certStore.Close(); Logger.Write("Successfuly imported in " + store.ToString()); } catch (Exception ex) { Logger.Write("**** " + ex.Message); } }
private MSX509.X509Certificate2 LoadCertificate(X509Name name, MSX509.StoreName storeName, MSX509.StoreLocation location) { if (certificates_.ContainsKey(name)) { return(certificates_[name]); } string dn = name.ToString(); MSX509.X509Store store = new MSX509.X509Store(storeName, location); store.Open(MSX509.OpenFlags.ReadOnly); var certificates = store.Certificates.Find(MSX509.X509FindType.FindBySubjectDistinguishedName, dn, true); store.Close(); if (certificates.Count <= 0) { return(null); } MSX509.X509Certificate2 certificate = certificates[0]; certificates_[name] = certificate; return(certificate); }
/// <summary> /// Establishes the SSL certificate we will use for communication with /// RPC clients and starts a seperate thread to listen for connections /// </summary> /// <param name="port">port to listen on</param> /// <param name="service">The KeePassRPCService the server should interact with.</param> public KeePassRPCServer(int port, KeePassRPCService service, KeePassRPCExt keePassRPCPlugin, bool useSSL) { _useSSL = useSSL; if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Starting KPRPCServer"); } Service = service; KeePassRPCPlugin = keePassRPCPlugin; if (_useSSL) { // if (true) if (Type.GetType("Mono.Runtime") == null) { _store = new System.Security.Cryptography.X509Certificates.X509Store(); _store.Open(OpenFlags.ReadWrite); // Find any certificates in this user's certificate store and re-use // them rather than suffer the overhead of creating an entirly new // certificate. Our certificates are considered "invalid" by the // store (probably becuase they are self-signed) X509Certificate2Collection matchingCertificates = _store.Certificates .Find(X509FindType.FindBySubjectDistinguishedName, "CN=KeePassRPC certificate for " + Environment.MachineName, false); //foreach (X509Certificate2 temp in matchingCertificates) // _store.Remove(temp); //matchingCertificates = _store.Certificates // .Find(X509FindType.FindBySubjectDistinguishedName, // "CN=KeePassRPC TLS aaa for " + Environment.MachineName, false); if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Matching certificates from store: " + matchingCertificates.Count); } if (matchingCertificates.Count > 0) { _serverCertificate = matchingCertificates[0]; } else { //_serverCertificate = (X509Certificate2)X509Certificate2.CreateFromCertFile(Path.Combine(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "KeePassRPC"), "cert.p12")); if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Generating new certificate (MS)."); } // We can use the MakeCert feature from Mono to generate a new // certificate for use by this user on this machine. This means // that every KeePassRPC user will establish TLS connections // that are protected by a private key held on their own // system, rather than a key that is disclosed in this open // source code. NB: The local server is assumed to be secure! PKCS12 p12 = MakeCertKPRPC.Generate("KeePassRPC certificate for " + Environment.MachineName, "KeePassRPC Automated Self-Signed Key Generator", keePassRPCPlugin); byte[] cert = p12.GetBytes(); _serverCertificate = new X509Certificate2(cert, (string)null, X509KeyStorageFlags.PersistKeySet); _store.Add(_serverCertificate); } } else { /* * Problem 1: * For Linux/Mono, we cannot use the X509Store. It appears that only a .cer file is saved. That certificate does not include * the private key that we need for SSL. So we will need to save the key ourselves. * * Problem 2: * When using PKCS12 SaveToFile to save the key ourselves, it appears that it is not possible to save a private key that is not * password protected. * */ string certdir = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "KeePassRPC"); string certfile = Path.Combine(certdir, "cert.p12"); _serverCertificate = null; // Check if cert directory exists, if not, we need to create it if (!System.IO.Directory.Exists(certdir)) { if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Cert directory does not exist, creating " + certdir); } System.IO.Directory.CreateDirectory(certdir); if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Cert directory created"); } } else { // Attempt to load cert try { if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Looking for existing certificate (Mono)"); } _serverCertificate = new X509Certificate2(); _serverCertificate.Import(certfile, pkcs12_password, X509KeyStorageFlags.PersistKeySet); if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Existing certificate loaded(Mono) : " + certfile); } } catch (Exception ex) { _serverCertificate = null; } } // If we didn't load a cert, create one and save it if (_serverCertificate == null) { if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Generating new certificate (Mono)."); } PKCS12 p12 = MakeCertKPRPC.Generate("KeePassRPC certificate for " + Environment.MachineName, "KeePassRPC Automated Self-Signed Key Generator", pkcs12_password, keePassRPCPlugin); p12.SaveToFile(certfile); byte[] cert = p12.GetBytes(); _serverCertificate = new X509Certificate2(cert, pkcs12_password, X509KeyStorageFlags.PersistKeySet); if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Generated new certificate (Mono) : " + certfile); } } } } if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Server certificate has private key? " + _serverCertificate.HasPrivateKey); } try { this._tcpListener = new TcpListener(IPAddress.Loopback, port); this._listenThread = new Thread(new ThreadStart(ListenForClients)); this._listenThread.Start(); this._isListening = true; // just in case the main thread checks // for successful startup before the thread has got going. } catch (Exception e) { if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Failed to start TCP listener: " + e.ToString()); } } if (keePassRPCPlugin.logger != null) { keePassRPCPlugin.logger.WriteLine("Started KPRPCServer"); } }