static void Ssl (string host, bool machine, bool verbose)
{
if (verbose) {
Console.WriteLine ("Importing certificates from '{0}' into the {1} stores.",
host, machine ? "machine" : "user");
}
int n=0;
X509CertificateCollection coll = GetCertificatesFromSslSession (host);
if (coll != null) {
X509Store store = null;
// start by the end (root) so we can stop adding them anytime afterward
for (int i = coll.Count - 1; i >= 0; i--) {
X509Certificate x509 = coll [i];
bool selfsign = false;
bool failed = false;
try {
selfsign = x509.IsSelfSigned;
}
catch {
// sadly it's hard to interpret old certificates with MD2
// without manually changing the machine.config file
failed = true;
}
if (selfsign) {
// this is a root
store = GetStoreFromName (X509Stores.Names.TrustedRoot, machine);
} else if (i == 0) {
// server certificate isn't (generally) an intermediate CA
store = GetStoreFromName (X509Stores.Names.OtherPeople, machine);
} else {
// all other certificates should be intermediate CA
store = GetStoreFromName (X509Stores.Names.IntermediateCA, machine);
}
Console.WriteLine ("{0}{1}X.509 Certificate v{2}",
Environment.NewLine,
selfsign ? "Self-signed " : String.Empty,
x509.Version);
Console.WriteLine (" Issued from: {0}", x509.IssuerName);
Console.WriteLine (" Issued to: {0}", x509.SubjectName);
Console.WriteLine (" Valid from: {0}", x509.ValidFrom);
Console.WriteLine (" Valid until: {0}", x509.ValidUntil);
if (!x509.IsCurrent)
Console.WriteLine (" *** WARNING: Certificate isn't current ***");
if ((i > 0) && !selfsign) {
X509Certificate signer = coll [i-1];
bool signed = false;
try {
if (signer.RSA != null) {
signed = x509.VerifySignature (signer.RSA);
} else if (signer.DSA != null) {
signed = x509.VerifySignature (signer.DSA);
} else {
Console.WriteLine (" *** WARNING: Couldn't not find who signed this certificate ***");
signed = true; // skip next warning
}
if (!signed)
Console.WriteLine (" *** WARNING: Certificate signature is INVALID ***");
}
catch {
failed = true;
}
}
if (failed) {
Console.WriteLine (" *** ERROR: Couldn't decode certificate properly ***");
Console.WriteLine (" *** try 'man certmgr' for additional help or report to bugzilla.novell.com ***");
break;
}
if (store.Certificates.Contains (x509)) {
Console.WriteLine ("This certificate is already in the {0} store.", store.Name);
} else {
Console.Write ("Import this certificate into the {0} store ?", store.Name);
string answer = Console.ReadLine ().ToUpper ();
if ((answer == "YES") || (answer == "Y")) {
store.Import (x509);
n++;
} else {
if (verbose) {
Console.WriteLine ("Certificate not imported into store {0}.",
store.Name);
}
break;
}
}
}
}
Console.WriteLine ();
if (n == 0) {
Console.WriteLine ("No certificate were added to the stores.");
} else {
Console.WriteLine ("{0} certificate{1} added to the stores.",
n, (n == 1) ? String.Empty : "s");
}
}