本文整理汇总了C#中System.Security.Cryptography.X509Certificates.X509Certificate2.GetCertHashString方法的典型用法代码示例。如果您正苦于以下问题:C# X509Certificate2.GetCertHashString方法的具体用法?C# X509Certificate2.GetCertHashString怎么用?C# X509Certificate2.GetCertHashString使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类System.Security.Cryptography.X509Certificates.X509Certificate2的用法示例。
在下文中一共展示了X509Certificate2.GetCertHashString方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: AddCertificateToStore
public static bool AddCertificateToStore(uint httpsPort)
{
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
try {
store.Open(OpenFlags.ReadWrite);
} catch {
Out.Error(AuthenticationNeeded);
return false;
}
var cert = new X509Certificate2(
CreateSelfSignCertificatePfx(X509SubjectName, DateTime.Now.AddDays(-1), DateTime.Now.AddYears(1), CertificatePassword),
CertificatePassword,
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);
cert.FriendlyName = "Stubby4net Certificate";
var existingCerts = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, cert.Subject, false);
if(existingCerts.Count == 0)
store.Add(cert);
else
cert = existingCerts[0];
store.Close();
var netshArgs = String.Format(NetshArgs, httpsPort, cert.GetCertHashString(), "{" + Stubby.Guid + "}");
var netsh = new ProcessStartInfo("netsh", netshArgs)
{
Verb = "runas",
CreateNoWindow = true,
WindowStyle = ProcessWindowStyle.Hidden,
UseShellExecute = true
};
try {
var process = Process.Start(netsh);
process.WaitForExit();
Console.Out.WriteLine(process.ExitCode);
if(process.ExitCode == 0)
return true;
} catch {
}
var httpcfgArgs = String.Format(HttpcfgArgs, httpsPort, cert.GetCertHashString());
var httpcfg = new ProcessStartInfo("httpcfg", httpcfgArgs)
{
Verb = "runas",
CreateNoWindow = true,
WindowStyle = ProcessWindowStyle.Hidden,
UseShellExecute = true
};
try {
var process = Process.Start(httpcfg);
process.WaitForExit();
return process.ExitCode == 0;
} catch {
return false;
}
}示例2: InstallCertificateWithPrivateKey
public byte[] InstallCertificateWithPrivateKey(string certificatePath, string certificateStoreName, RSAParameters privateKey)
{
var certificateBytes = File.ReadAllBytes(certificatePath);
var x509 = new X509Certificate2(certificateBytes, (string)null, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);
var csp = new CspParameters { KeyContainerName = x509.GetCertHashString(), Flags = CspProviderFlags.UseMachineKeyStore };
var rsa = new RSACryptoServiceProvider(csp);
rsa.ImportParameters(privateKey);
x509.PrivateKey = rsa;
Info($"Installing certificate private key to localmachine\\{certificateStoreName}, container name {csp.KeyContainerName}");
InstallCertificateToStore(x509, certificateStoreName);
return x509.GetCertHash();
}示例3: TlsServerSession
public TlsServerSession (X509Certificate2 cert, bool mutual)
{
this.mutual = mutual;
stream = new MemoryStream ();
ssl = new SslServerStream (stream, cert, mutual, true, SecurityProtocolType.Tls);
ssl.PrivateKeyCertSelectionDelegate = delegate (X509Certificate c, string host) {
if (c.GetCertHashString () == cert.GetCertHashString ())
return cert.PrivateKey;
return null;
};
ssl.ClientCertValidationDelegate = delegate (X509Certificate certificate, int[] certificateErrors) {
// FIXME: use X509CertificateValidator
return true;
};
}示例4: Should_install_a_x509_certificate_and_update_bindings
public void Should_install_a_x509_certificate_and_update_bindings()
{
// Arrange
var x509 = new X509Certificate2(Encoding.ASCII.GetBytes(TestCertificate), (string)null, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);
var sut = new IISServerConfigurationProvider();
var asn1Parser = new Asn1Parser();
var rsaParser = new PrivateKeyParser(asn1Parser);
var privateKey = rsaParser.ParsePem(TestPrivateKey).Key;
var csp = new CspParameters { KeyContainerName = x509.GetCertHashString(), Flags = CspProviderFlags.UseMachineKeyStore };
var rsa2 = new RSACryptoServiceProvider(csp);
rsa2.ImportParameters(privateKey);
x509.PrivateKey = rsa2;
// Act
sut.ConfigureServer("test.startliste.info", x509.GetCertHash(), "my", null, null);
}示例5: EnsurePrivateKey
//
// SECURITY: we open a private key container on behalf of the caller
// and we require the caller to have permission associated with that operation.
// After discussing with X509Certificate2 owners decided to demand KeyContainerPermission (Open)
// At the same time we assert StorePermission on the caller frame since for consistency
// we cannot predict when it will be demanded (SSL session reuse feature)
//
X509Certificate2 EnsurePrivateKey(X509Certificate certificate)
{
if (certificate == null)
return null;
if (Logging.On) Logging.PrintInfo(Logging.Web, this, SR.GetString(SR.net_log_locating_private_key_for_certificate, certificate.ToString(true)));
try {
X509Certificate2 certEx = certificate as X509Certificate2;
Type t = certificate.GetType();
string certHash = null;
// Protecting from X509Certificate2 derived classes
if (t != typeof(X509Certificate2) && t != typeof(X509Certificate))
{
if (certificate.Handle != IntPtr.Zero)
{
certEx = new X509Certificate2(certificate);
certHash = certEx.GetCertHashString();
}
}
else
{
certHash = certificate.GetCertHashString();
}
if (certEx != null)
{
if (certEx.HasPrivateKey)
{
if (Logging.On) Logging.PrintInfo(Logging.Web, this, SR.GetString(SR.net_log_cert_is_of_type_2));
return certEx;
}
if ((object)certificate != (object) certEx)
certEx.Reset();
}
//
// The certificate doesn't have a private key, so we need
// to open the store and search for it there. Demand the
// KeyContainerPermission with Open access before opening
// the store. If store.Open() or store.Cert.Find()
// demand the same permissions, then we should remove our
// demand here.
//
#if FEATURE_MONO_CAS
ExceptionHelper.KeyContainerPermissionOpen.Demand();
#endif
X509Certificate2Collection collectionEx;
// ELSE Try MY user and machine stores for private key check
// For server side mode MY machine store takes priority
X509Store store = EnsureStoreOpened(m_ServerMode);
if (store != null)
{
collectionEx = store.Certificates.Find(X509FindType.FindByThumbprint, certHash, false);
if (collectionEx.Count > 0 && collectionEx[0].HasPrivateKey)
{
if (Logging.On) Logging.PrintInfo(Logging.Web, this, SR.GetString(SR.net_log_found_cert_in_store, (m_ServerMode ? "LocalMachine" : "CurrentUser")));
return collectionEx[0];
}
}
store = EnsureStoreOpened(!m_ServerMode);
if (store != null)
{
collectionEx = store.Certificates.Find(X509FindType.FindByThumbprint, certHash, false);
if (collectionEx.Count > 0 && collectionEx[0].HasPrivateKey)
{
if (Logging.On) Logging.PrintInfo(Logging.Web, this, SR.GetString(SR.net_log_found_cert_in_store, (m_ServerMode ? "CurrentUser" : "LocalMachine")));
return collectionEx[0];
}
}
}
catch (CryptographicException) {
}
if (Logging.On) Logging.PrintInfo(Logging.Web, this, SR.GetString(SR.net_log_did_not_find_cert_in_store));
return null;
}示例6: ProcessRecord
//.........这里部分代码省略.........
var keyGenAsset = vp.CreateAsset(VaultAssetType.KeyGen, keyGenFile);
var keyPemAsset = vp.CreateAsset(VaultAssetType.KeyPem, keyPemFile);
var csrGenAsset = vp.CreateAsset(VaultAssetType.CsrGen, csrGenFile);
var csrPemAsset = vp.CreateAsset(VaultAssetType.CsrPem, csrPemFile);
var genKeyParams = new RsaPrivateKeyParams();
var genKey = cp.GeneratePrivateKey(genKeyParams);
using (var s = vp.SaveAsset(keyGenAsset))
{
cp.SavePrivateKey(genKey, s);
}
using (var s = vp.SaveAsset(keyPemAsset))
{
cp.ExportPrivateKey(genKey, EncodingFormat.PEM, s);
}
// TODO: need to surface details of the CSR params up higher
var csrParams = new CsrParams
{
Details = csrDetails
};
var genCsr = cp.GenerateCsr(csrParams, genKey, Crt.MessageDigest.SHA256);
using (var s = vp.SaveAsset(csrGenAsset))
{
cp.SaveCsr(genCsr, s);
}
using (var s = vp.SaveAsset(csrPemAsset))
{
cp.ExportCsr(genCsr, EncodingFormat.PEM, s);
}
ci.KeyPemFile = keyPemFile;
ci.CsrPemFile = csrPemFile;
}
byte[] derRaw;
var asset = vp.GetAsset(VaultAssetType.CsrPem, ci.CsrPemFile);
// Convert the stored CSR in PEM format to DER
using (var source = vp.LoadAsset(asset))
{
var csr = cp.ImportCsr(EncodingFormat.PEM, source);
using (var target = new MemoryStream())
{
cp.ExportCsr(csr, EncodingFormat.DER, target);
derRaw = target.ToArray();
}
}
var derB64u = JwsHelper.Base64UrlEncode(derRaw);
using (var c = ClientHelper.GetClient(v, ri))
{
c.Init();
c.GetDirectory(true);
ci.CertificateRequest = c.RequestCertificate(derB64u);
}
if (!string.IsNullOrEmpty(ci.CertificateRequest.CertificateContent))
{
var crtDerFile = $"{ci.Id}-crt.der";
var crtPemFile = $"{ci.Id}-crt.pem";
var crtDerBytes = ci.CertificateRequest.GetCertificateContent();
var crtDerAsset = vp.CreateAsset(VaultAssetType.CrtDer, crtDerFile);
var crtPemAsset = vp.CreateAsset(VaultAssetType.CrtPem, crtPemFile);
using (Stream source = new MemoryStream(crtDerBytes),
derTarget = vp.SaveAsset(crtDerAsset),
pemTarget = vp.SaveAsset(crtPemAsset))
{
var crt = cp.ImportCertificate(EncodingFormat.DER, source);
cp.ExportCertificate(crt, EncodingFormat.DER, derTarget);
ci.CrtDerFile = crtDerFile;
cp.ExportCertificate(crt, EncodingFormat.PEM, pemTarget);
ci.CrtPemFile = crtPemFile;
}
// Extract a few pieces of info from the issued
// cert that we like to have quick access to
var x509 = new X509Certificate2(ci.CertificateRequest.GetCertificateContent());
ci.SerialNumber = x509.SerialNumber;
ci.Thumbprint = x509.Thumbprint;
ci.SignatureAlgorithm = x509.SignatureAlgorithm?.FriendlyName;
ci.Signature = x509.GetCertHashString();
}
}
vp.SaveVault(v);
WriteObject(ci);
}
}示例7: ProcessRecord
protected override void ProcessRecord()
{
using (var vlt = Util.VaultHelper.GetVault(VaultProfile))
{
vlt.OpenStorage();
var v = vlt.LoadVault();
if (v.Registrations == null || v.Registrations.Count < 1)
throw new InvalidOperationException("No registrations found");
var ri = v.Registrations[0];
var r = ri.Registration;
if (v.Certificates == null || v.Certificates.Count < 1)
throw new InvalidOperationException("No certificates found");
var ci = v.Certificates.GetByRef(CertificateRef, throwOnMissing: false);
if (ci == null)
throw new Exception("Unable to find a Certificate for the given reference");
// If we're renaming the Alias, do that
// first in case there are any problems
if (NewAlias != null)
{
v.Certificates.Rename(CertificateRef, NewAlias);
ci.Alias = NewAlias == "" ? null : NewAlias;
}
if (!LocalOnly)
{
if (ci.CertificateRequest == null)
throw new Exception("Certificate has not been submitted yet; cannot update status");
using (var c = ClientHelper.GetClient(v, ri))
{
c.Init();
c.GetDirectory(true);
c.RefreshCertificateRequest(ci.CertificateRequest, UseBaseUri);
}
if ((Repeat || string.IsNullOrEmpty(ci.CrtPemFile))
&& !string.IsNullOrEmpty(ci.CertificateRequest.CertificateContent))
{
var crtDerFile = $"{ci.Id}-crt.der";
var crtPemFile = $"{ci.Id}-crt.pem";
var crtDerAsset = vlt.ListAssets(crtDerFile, VaultAssetType.CrtDer).FirstOrDefault();
var crtPemAsset = vlt.ListAssets(crtPemFile, VaultAssetType.CrtPem).FirstOrDefault();
if (crtDerAsset == null)
crtDerAsset = vlt.CreateAsset(VaultAssetType.CrtDer, crtDerFile);
if (crtPemAsset == null)
crtPemAsset = vlt.CreateAsset(VaultAssetType.CrtPem, crtPemFile);
using (var cp = PkiHelper.GetPkiTool(
StringHelper.IfNullOrEmpty(PkiTool, v.PkiTool)))
{
var bytes = ci.CertificateRequest.GetCertificateContent();
using (Stream source = new MemoryStream(bytes),
derTarget = vlt.SaveAsset(crtDerAsset),
pemTarget = vlt.SaveAsset(crtPemAsset))
{
var crt = cp.ImportCertificate(EncodingFormat.DER, source);
// We're saving the DER format cert "through"
// the CP in order to validate its content
cp.ExportCertificate(crt, EncodingFormat.DER, derTarget);
ci.CrtDerFile = crtDerFile;
cp.ExportCertificate(crt, EncodingFormat.PEM, pemTarget);
ci.CrtPemFile = crtPemFile;
}
}
var x509 = new X509Certificate2(ci.CertificateRequest.GetCertificateContent());
ci.SerialNumber = x509.SerialNumber;
ci.Thumbprint = x509.Thumbprint;
ci.SignatureAlgorithm = x509.SignatureAlgorithm?.FriendlyName;
ci.Signature = x509.GetCertHashString();
}
if (Repeat || string.IsNullOrEmpty(ci.IssuerSerialNumber))
{
var linksEnum = ci.CertificateRequest.Links;
if (linksEnum != null)
{
var links = new LinkCollection(linksEnum);
var upLink = links.GetFirstOrDefault("up");
if (upLink != null)
{
// We need to save the ICA certificate to a local
// temp file so that we can read it in and store
// it properly as a vault asset through a stream
var tmp = Path.GetTempFileName();
try
{
using (var web = new WebClient())
{
//.........这里部分代码省略.........
示例8: AssignSession
public override void AssignSession(Session oS)
{
base.AssignSession(oS);
var dataItems = new List<DataItem>();
dataItems.Add(new DataItem("Is Https", oS.isHTTPS));
if (oS.isHTTPS && oS.oFlags.ContainsKey(CertificateStorage.CeritificateRequestPropertyName))
{
try
{
var thumbprint = oS.oFlags[CertificateStorage.CeritificateRequestPropertyName];
FiddlerApplication.Log.LogString(thumbprint);
if (CertificateStorage.Certificates.ContainsKey(thumbprint))
{
var certificate = CertificateStorage.Certificates[thumbprint];
var cert = new X509Certificate2(certificate);
_informationTab.Certificate = cert;
//most commonly desired information up top.
dataItems.InsertRange(0, new[] { new DataItem("FriendlyName", cert.FriendlyName),
new DataItem("Subject", cert.Subject),
new DataItem("Issuer", cert.Issuer),
new DataItem("Effective Date", cert.GetEffectiveDateString()),
new DataItem("Expiration Date", cert.GetExpirationDateString()),
new DataItem("Thumbprint", cert.Thumbprint),
new DataItem("------------------------", "------------------------")});
//alphabatized data properties below
dataItems.Add(new DataItem("Archived", cert.Archived));
dataItems.Add(new DataItem("FriendlyName", cert.FriendlyName));
dataItems.Add(new DataItem("Certficate Hash", cert.GetCertHashString()));
dataItems.Add(new DataItem("Certificate Format", cert.GetFormat()));
dataItems.Add(new DataItem("Effective Date", cert.GetEffectiveDateString()));
dataItems.Add(new DataItem("Expiration Date", cert.GetExpirationDateString()));
dataItems.Add(new DataItem("Full Issuer Name", cert.IssuerName.Format(true)));
dataItems.Add(new DataItem("Full Subject Name", cert.SubjectName.Format(true)));
dataItems.Add(new DataItem("Has Private Key", cert.HasPrivateKey));
dataItems.Add(new DataItem("Issuer", cert.Issuer));
dataItems.Add(new DataItem("Key Algorithm", cert.GetKeyAlgorithm()));
dataItems.Add(new DataItem("Key Algorithm Parameters", cert.GetKeyAlgorithmParametersString()));
dataItems.Add(new DataItem("Public Key", cert.GetPublicKeyString()));
dataItems.Add(new DataItem("Raw Certificate Data", cert.GetRawCertDataString()));
dataItems.Add(new DataItem("SerialNumberString", cert.GetSerialNumberString()));
dataItems.Add(new DataItem("Subject", cert.Subject));
dataItems.Add(new DataItem("Thumbprint", cert.Thumbprint));
dataItems.Add(new DataItem("Version", cert.Version));
dataItems.Add(new DataItem("------------------------", "------------------------"));
dataItems.Add(new DataItem("Extensions", string.Empty));
dataItems.Add(new DataItem("------------------------", "------------------------"));
foreach (var extension in cert.Extensions)
{
dataItems.Add(new DataItem(extension.Oid.FriendlyName, extension.Format(true)));
}
}
}
catch (Exception ex)
{
FiddlerApplication.Log.LogString("Unexpected error loading the assigned certificate." + ex.Message);
}
}
_informationTab.DataGrid.DataSource = dataItems;
}示例9: AddCertificateToAzureStore
/// <summary>
/// Adds a certificate to the Azure certificate store
/// </summary>
private IAsyncAzureOperation AddCertificateToAzureStore(X509Certificate2 certificate, string password)
{
AzureManagementClient client = new AzureManagementClient(this.certificate, this.subscriptionId);
AzureManagementResponse response;
IEnumerable<X509Certificate2> currentCerts = this.EnumerateServiceCertificates(CertificateLocation.AzureManagement);
foreach (X509Certificate2 existingCert in currentCerts)
{
if (existingCert.Thumbprint == certificate.Thumbprint &&
existingCert.Thumbprint != null &&
existingCert.GetCertHashString() == certificate.GetCertHashString())
{
return new AsyncAzureOperation(this, string.Empty, true);
}
// If the certificate does not match, but has a matching name we should delete it
if (string.Equals(existingCert.SubjectName.Name, certificate.SubjectName.Name))
{
// Delete the certificate using Azure APIs
response = client.SubmitRequest(
RequestType.DELETE,
"2009-10-01",
"services/hostedservices/{0}/certificates/SHA1-{1}",
this.serviceName,
existingCert.Thumbprint
);
IAsyncAzureOperation op = new AsyncAzureOperation(this, response.OperationId, false);
op.WaitForCompletion(TimeSpan.FromSeconds(30));
}
}
string request =
"<?xml version=\"1.0\" encoding=\"utf-8\"?>" +
"<CertificateFile xmlns=\"http://schemas.microsoft.com/windowsazure\">" +
"<Data>{0}</Data>" +
"<CertificateFormat>pfx</CertificateFormat>" +
"<Password>{1}</Password>" +
"</CertificateFile>";
byte[] content = certificate.Export(X509ContentType.Pfx, password);
request = string.Format(request, Convert.ToBase64String(content), System.Security.SecurityElement.Escape(password));
response = client.SubmitRequestWithBody(
RequestType.POST,
request,
"2009-10-01",
"services/hostedservices/{0}/certificates",
this.serviceName
);
return new AsyncAzureOperation(this, response.OperationId, false);
}示例10: EnsurePrivateKey
private X509Certificate2 EnsurePrivateKey(X509Certificate certificate)
{
if (certificate != null)
{
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_locating_private_key_for_certificate", new object[] { certificate.ToString(true) }));
}
try
{
X509Certificate2Collection certificates;
X509Certificate2 certificate2 = certificate as X509Certificate2;
Type type = certificate.GetType();
string findValue = null;
if ((type != typeof(X509Certificate2)) && (type != typeof(X509Certificate)))
{
if (certificate.Handle != IntPtr.Zero)
{
certificate2 = new X509Certificate2(certificate);
findValue = certificate2.GetCertHashString();
}
}
else
{
findValue = certificate.GetCertHashString();
}
if (certificate2 != null)
{
if (certificate2.HasPrivateKey)
{
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_cert_is_of_type_2"));
}
return certificate2;
}
if (certificate != certificate2)
{
certificate2.Reset();
}
}
ExceptionHelper.KeyContainerPermissionOpen.Demand();
X509Store store = EnsureStoreOpened(this.m_ServerMode);
if (store != null)
{
certificates = store.Certificates.Find(X509FindType.FindByThumbprint, findValue, false);
if ((certificates.Count > 0) && (certificates[0].PrivateKey != null))
{
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_found_cert_in_store", new object[] { this.m_ServerMode ? "LocalMachine" : "CurrentUser" }));
}
return certificates[0];
}
}
store = EnsureStoreOpened(!this.m_ServerMode);
if (store != null)
{
certificates = store.Certificates.Find(X509FindType.FindByThumbprint, findValue, false);
if ((certificates.Count > 0) && (certificates[0].PrivateKey != null))
{
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_found_cert_in_store", new object[] { this.m_ServerMode ? "CurrentUser" : "LocalMachine" }));
}
return certificates[0];
}
}
}
catch (CryptographicException)
{
}
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, this, SR.GetString("net_log_did_not_find_cert_in_store"));
}
}
return null;
}示例11: OutputCertificate
private void OutputCertificate(X509Certificate2 x509Certificate)
{
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("Certificate Data: ******************************************************************");
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("Basic Certificate Information");
//System.Diagnostics.Debug.WriteLine("\t Content Type: " + X509Certificate2.GetCertContentType(x509Certificate.RawData));
System.Diagnostics.Debug.WriteLine("\t Format: " + x509Certificate.GetFormat());
System.Diagnostics.Debug.WriteLine("\t Version: " + x509Certificate.Version.ToString());
System.Diagnostics.Debug.WriteLine("\t Hash String: " + x509Certificate.GetCertHashString());
System.Diagnostics.Debug.WriteLine("\t Issuer Name: " + x509Certificate.IssuerName.Name);
System.Diagnostics.Debug.WriteLine("\t Issuer Name OID: " + x509Certificate.IssuerName.Oid.Value);
System.Diagnostics.Debug.WriteLine("\t Subject Name: " + x509Certificate.SubjectName.Name);
System.Diagnostics.Debug.WriteLine("\t Serial Number: " + x509Certificate.GetSerialNumberString());
System.Diagnostics.Debug.WriteLine("\t Thumb Print: " + x509Certificate.Thumbprint);
System.Diagnostics.Debug.WriteLine("\t Friendly Name: " + x509Certificate.FriendlyName);
System.Diagnostics.Debug.WriteLine("\t Signature Algorithm: " + x509Certificate.SignatureAlgorithm.FriendlyName);
if (null != x509Certificate.PrivateKey)
System.Diagnostics.Debug.WriteLine("\t Signature Key Exchange Algorithm: " + x509Certificate.PrivateKey.KeyExchangeAlgorithm);
else
System.Diagnostics.Debug.WriteLine("\t Signature Key Exchange Algorithm: ");
System.Diagnostics.Debug.WriteLine("\t Key Algorithm Parameters: " + x509Certificate.GetKeyAlgorithmParametersString());
System.Diagnostics.Debug.WriteLine("\t Not Valid Before: " + x509Certificate.NotBefore.ToString());
System.Diagnostics.Debug.WriteLine("\t Not Valid After: " + x509Certificate.NotAfter.ToString());
System.Diagnostics.Debug.WriteLine("\t Can Be Verified: " + x509Certificate.Verify());
System.Diagnostics.Debug.WriteLine("\t Is Archived: " + x509Certificate.Archived);
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("X509 Name Elements");
System.Diagnostics.Debug.WriteLine("\t X509 Simple Name: " + x509Certificate.GetNameInfo(X509NameType.SimpleName, false));
System.Diagnostics.Debug.WriteLine("\t X509 DNS From Alternative Name: " + x509Certificate.GetNameInfo(X509NameType.DnsFromAlternativeName, false));
System.Diagnostics.Debug.WriteLine("\t X509 DNS Name: " + x509Certificate.GetNameInfo(X509NameType.DnsName, false));
System.Diagnostics.Debug.WriteLine("\t X509 Email Name: " + x509Certificate.GetNameInfo(X509NameType.EmailName, false));
System.Diagnostics.Debug.WriteLine("\t X509 UPN Name: " + x509Certificate.GetNameInfo(X509NameType.UpnName, false));
System.Diagnostics.Debug.WriteLine("\t X509 URL Name: " + x509Certificate.GetNameInfo(X509NameType.UrlName, false));
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("X509 Name Elements for Issuer");
System.Diagnostics.Debug.WriteLine("\t X509 Simple Name: " + x509Certificate.GetNameInfo(X509NameType.SimpleName, true));
System.Diagnostics.Debug.WriteLine("\t X509 DNS From Alternative Name: " + x509Certificate.GetNameInfo(X509NameType.DnsFromAlternativeName, true));
System.Diagnostics.Debug.WriteLine("\t X509 DNS Name: " + x509Certificate.GetNameInfo(X509NameType.DnsName, true));
System.Diagnostics.Debug.WriteLine("\t X509 Email Name: " + x509Certificate.GetNameInfo(X509NameType.EmailName, true));
System.Diagnostics.Debug.WriteLine("\t X509 UPN Name: " + x509Certificate.GetNameInfo(X509NameType.UpnName, true));
System.Diagnostics.Debug.WriteLine("\t X509 URL Name: " + x509Certificate.GetNameInfo(X509NameType.UrlName, true));
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("Keys");
System.Diagnostics.Debug.WriteLine("\t Public Key: " + x509Certificate.PublicKey.Key.ToXmlString(false));
if (null != x509Certificate.PrivateKey)
System.Diagnostics.Debug.WriteLine("\t Private Key: " + x509Certificate.PrivateKey.ToXmlString(false));
else
System.Diagnostics.Debug.WriteLine("\t Private Key: ");
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("Raw Cert");
System.Diagnostics.Debug.WriteLine("\t " + x509Certificate.GetRawCertDataString());
System.Diagnostics.Debug.WriteLine("");
System.Diagnostics.Debug.WriteLine("************************************************************************************");
System.Diagnostics.Debug.WriteLine("");
}示例12: ProcessRecord
//.........这里部分代码省略.........
// Generate a private key and CSR:
// Key: RSA 2048-bit
// MD: SHA 256
// CSR: Details pulled from CSR Details JSON file
CsrHelper.CsrDetails csrDetails;
var csrDetailsAsset = vp.GetAsset(VaultAssetType.CsrDetails, ci.GenerateDetailsFile);
using (var s = vp.LoadAsset(csrDetailsAsset))
{
csrDetails = JsonHelper.Load<CsrHelper.CsrDetails>(s);
}
var keyGenFile = $"{ci.Id}-gen-key.json";
var keyPemFile = $"{ci.Id}-key.pem";
var csrGenFile = $"{ci.Id}-gen-csr.json";
var csrPemFile = $"{ci.Id}-csr.pem";
var keyGenAsset = vp.CreateAsset(VaultAssetType.KeyGen, keyGenFile);
var keyPemAsset = vp.CreateAsset(VaultAssetType.KeyPem, keyPemFile);
var csrGenAsset = vp.CreateAsset(VaultAssetType.CsrGen, csrGenFile);
var csrPemAsset = vp.CreateAsset(VaultAssetType.CsrPem, csrPemFile);
var genKey = CsrHelper.GenerateRsaPrivateKey();
using (var s = vp.SaveAsset(keyGenAsset))
{
genKey.Save(s);
}
using (var w = new StreamWriter(vp.SaveAsset(keyPemAsset)))
{
w.Write(genKey.Pem);
}
var genCsr = CsrHelper.GenerateCsr(csrDetails, genKey);
using (var s = vp.SaveAsset(csrGenAsset))
{
genCsr.Save(s);
}
using (var w = new StreamWriter(vp.SaveAsset(csrPemAsset)))
{
w.Write(genCsr.Pem);
}
ci.KeyPemFile = keyPemFile;
ci.CsrPemFile = csrPemFile;
}
var asset = vp.GetAsset(VaultAssetType.CsrPem, ci.CsrPemFile);
byte[] derRaw;
using (var s = vp.LoadAsset(asset))
{
using (var ms = new MemoryStream())
{
CsrHelper.Csr.ConvertPemToDer(s, ms);
derRaw = ms.ToArray();
}
}
var derB64u = JwsHelper.Base64UrlEncode(derRaw);
using (var c = ClientHelper.GetClient(v, ri))
{
c.Init();
c.GetDirectory(true);
ci.CertificateRequest = c.RequestCertificate(derB64u);
}
if (!string.IsNullOrEmpty(ci.CertificateRequest.CertificateContent))
{
var crtDerFile = $"{ci.Id}-crt.der";
var crtPemFile = $"{ci.Id}-crt.pem";
var crtDerAsset = vp.CreateAsset(VaultAssetType.CrtDer, crtDerFile);
var crtPemAsset = vp.CreateAsset(VaultAssetType.CrtPem, crtPemFile);
using (var s = vp.SaveAsset(crtDerAsset))
{
ci.CertificateRequest.SaveCertificate(s);
ci.CrtDerFile = crtDerFile;
}
using (Stream source = vp.LoadAsset(crtDerAsset), target = vp.SaveAsset(crtPemAsset))
{
CsrHelper.Crt.ConvertDerToPem(source, target);
ci.CrtPemFile = crtPemFile;
}
var crt = new X509Certificate2(ci.CertificateRequest.GetCertificateContent());
ci.SerialNumber = crt.SerialNumber;
ci.Thumbprint = crt.Thumbprint;
ci.SignatureAlgorithm = crt.SignatureAlgorithm?.FriendlyName;
ci.Signature = crt.GetCertHashString();
}
vp.SaveVault(v);
WriteObject(ci);
}
}示例13: SetupSecureEnvironment
private static void SetupSecureEnvironment(X509Certificate2 certificate, string port)
{
SecurityHelper.PrepareEnvironment("serverCert.pfx", port, WindowsIdentity.GetCurrent().Name, "security");
ServicePointManager.ServerCertificateValidationCallback +=
(sender, cert, chan, sslPolicyErrors) => cert.GetCertHashString() == certificate.GetCertHashString();
}示例14: Validate
public override void Validate(X509Certificate2 certificate)
{
if(!_certs.ContainsKey(certificate.GetCertHashString()))
{
throw new SecurityTokenException("invalid certificate");
}
}示例15: GetIssuerCertificate
static string GetIssuerCertificate(CertificateRequest certificate)
{
var linksEnum = certificate.Links;
if (linksEnum != null)
{
var links = new LinkCollection(linksEnum);
var upLink = links.GetFirstOrDefault("up");
if (upLink != null)
{
var tmp = Path.GetTempFileName();
try
{
using (var web = new WebClient())
{
//if (v.Proxy != null)
// web.Proxy = v.Proxy.GetWebProxy();
var uri = new Uri(new Uri(BaseURI), upLink.Uri);
web.DownloadFile(uri, tmp);
}
var cacert = new X509Certificate2(tmp);
var sernum = cacert.GetSerialNumberString();
var tprint = cacert.Thumbprint;
var sigalg = cacert.SignatureAlgorithm?.FriendlyName;
var sigval = cacert.GetCertHashString();
var cacertDerFile = Path.Combine(configPath, $"ca-{sernum}-crt.der");
var cacertPemFile = Path.Combine(configPath, $"ca-{sernum}-crt.pem");
if (!File.Exists(cacertDerFile))
File.Copy(tmp, cacertDerFile, true);
Console.WriteLine($" Saving Issuer Certificate to {cacertPemFile}");
if (!File.Exists(cacertPemFile))
CsrHelper.Crt.ConvertDerToPem(cacertDerFile, cacertPemFile);
return cacertPemFile;
}
finally
{
if (File.Exists(tmp))
File.Delete(tmp);
}
}
}
return null;
}