2 // cert-sync.cs: Import the root certificates from a certificate store into Mono
5 // Sebastien Pouliot <sebastien@ximian.com>
6 // Jo Shields <jo.shields@xamarin.com>
8 // Copyright (C) 2005 Novell, Inc (http://www.novell.com)
9 // Copyright (C) 2014 Xamarin, Inc (http://www.xamarin.com)
11 // Permission is hereby granted, free of charge, to any person obtaining
12 // a copy of this software and associated documentation files (the
13 // "Software"), to deal in the Software without restriction, including
14 // without limitation the rights to use, copy, modify, merge, publish,
15 // distribute, sublicense, and/or sell copies of the Software, and to
16 // permit persons to whom the Software is furnished to do so, subject to
17 // the following conditions:
19 // The above copyright notice and this permission notice shall be
20 // included in all copies or substantial portions of the Software.
22 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
23 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
24 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
25 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
26 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
27 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 using System.Collections;
35 using System.Reflection;
36 using System.Security.Cryptography;
39 using Mono.Security.X509;
41 [assembly: AssemblyTitle ("Mono Certificate Store Sync")]
42 [assembly: AssemblyDescription ("Populate Mono certificate store from a concatenated list of certificates.")]
50 static string inputFile;
52 static bool userStore;
54 static X509Certificate DecodeCertificate (string s)
56 byte[] rawdata = Convert.FromBase64String (s);
57 return new X509Certificate (rawdata);
60 static Stream GetFile ()
63 if (inputFile != null) {
64 return File.OpenRead (inputFile);
73 static X509CertificateCollection DecodeCollection ()
75 X509CertificateCollection roots = new X509CertificateCollection ();
76 StringBuilder sb = new StringBuilder ();
77 bool processing = false;
79 using (Stream s = GetFile ()) {
81 WriteLine ("Couldn't retrieve the file using the supplied information.");
85 StreamReader sr = new StreamReader (s);
87 string line = sr.ReadLine ();
92 if (line.StartsWith ("-----END CERTIFICATE-----")) {
94 X509Certificate root = DecodeCertificate (sb.ToString ());
97 sb = new StringBuilder ();
102 processing = line.StartsWith ("-----BEGIN CERTIFICATE-----");
109 static int Process ()
111 X509CertificateCollection roots = DecodeCollection ();
114 } else if (roots.Count == 0) {
115 WriteLine ("No certificates were found.");
120 WriteLine ("Importing into legacy user store:");
121 ImportToStore (roots, X509StoreManager.CurrentUser.TrustedRoot);
122 if (Mono.Security.Interface.MonoTlsProviderFactory.IsProviderSupported ("btls")) {
124 WriteLine ("Importing into BTLS user store:");
125 ImportToStore (roots, X509StoreManager.NewCurrentUser.TrustedRoot);
128 WriteLine ("Importing into legacy system store:");
129 ImportToStore (roots, X509StoreManager.LocalMachine.TrustedRoot);
130 if (Mono.Security.Interface.MonoTlsProviderFactory.IsProviderSupported ("btls")) {
132 WriteLine ("Importing into BTLS system store:");
133 ImportToStore (roots, X509StoreManager.NewLocalMachine.TrustedRoot);
140 static void ImportToStore (X509CertificateCollection roots, X509Store store)
142 X509CertificateCollection trusted = store.Certificates;
144 WriteLine ("I already trust {0}, your new list has {1}", trusted.Count, roots.Count);
145 foreach (X509Certificate root in roots) {
146 if (!trusted.Contains (root)) {
149 WriteLine ("Certificate added: {0}", root.SubjectName);
151 } catch (Exception e) {
152 WriteLine ("Warning: Could not import {0}", root.SubjectName);
153 WriteLine (e.ToString ());
158 WriteLine ("{0} new root certificates were added to your trust store.", additions);
160 X509CertificateCollection removed = new X509CertificateCollection ();
161 foreach (X509Certificate trust in trusted) {
162 if (!roots.Contains (trust)) {
166 if (removed.Count > 0) {
167 WriteLine ("{0} previously trusted certificates were removed.", removed.Count);
169 foreach (X509Certificate old in removed) {
171 WriteLine ("Certificate removed: {0}", old.SubjectName);
174 WriteLine ("Import process completed.");
177 static string Thumbprint (string algorithm, X509Certificate certificate)
179 HashAlgorithm hash = HashAlgorithm.Create (algorithm);
180 byte[] digest = hash.ComputeHash (certificate.RawData);
181 return BitConverter.ToString (digest);
184 static bool ParseOptions (string[] args)
189 for (int i = 0; i < args.Length - 1; i++) {
197 case "--btls": // we always import to the btls store too now, keep for compat
200 WriteLine ("Unknown option '{0}'.", args[i]);
204 inputFile = args [args.Length - 1];
205 if (!File.Exists (inputFile)) {
206 WriteLine ("Unknown option or file not found '{0}'.", inputFile);
212 static void Header ()
214 Console.WriteLine (new AssemblyInfo ().ToString ());
219 Console.WriteLine ("Usage: cert-sync [--quiet] [--user] system-ca-bundle.crt");
220 Console.WriteLine ("Where system-ca-bundle.crt is in PEM format");
223 static void WriteLine (string str)
226 Console.WriteLine (str);
229 static void WriteLine (string format, params object[] args)
232 Console.WriteLine (format, args);
235 static int Main (string[] args)
238 if (!ParseOptions (args)) {
247 } catch (Exception e) {
248 // ignore quiet on exception
249 Console.WriteLine ("Error: {0}", e);