//----------------------------------------------------------------------------
//
// Copyright (c) Intel Corporation, 2012 - 2013  All Rights Reserved.
//
//  File:       CertificateManagementFunctionality.cs 
//
//  Contents:   Example that shows how to use CertificateManagement High Level API
//
//----------------------------------------------------------------------------

using System;
using System.Collections.Generic;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using Intel.Manageability;
using Intel.Manageability.Exceptions;

namespace CertificateManagementSample
{
    class CertificateManagementFunctionality
    {
        private const string LEAF_CERT = @"..\..\LeafCert.p12";
        private const string ROOT_CA = @"..\..\rootCA.cer";
        private const string ROOT_CERT = @"..\..\RootCert.cer";

        public static void AddCertificate(IAMTInstance amt)
        {
            try
            {
                Console.WriteLine("\nAdd a certificate to Intel AMT:");
                Console.WriteLine("===============================\n");

                // Read certificate with X509Certificate2 from .p12 file. The given property X509KeyStorageFlags.Exportable 
                // gives the X509Certificate2 object the instruction to export also the private key.
                using (X509Certificate2 certificate = new X509Certificate2(LEAF_CERT, "q", X509KeyStorageFlags.Exportable))
                {
                    amt.Config.CertificateManagement.AddCertificate(certificate);
                } 
                Console.WriteLine("A certificate including a private key added successfully.");
            }
            catch (CertificateManagementManageabilityException ex)
            {
                Console.WriteLine(ex.Message);
            }
            catch(CryptographicException ex)
            {
                Console.WriteLine(ex.Message);
            }

        }

        public static void AddTrustedRootCertificate(IAMTInstance amt)
        {
            try
            {
                Console.WriteLine("\nAdd a trusted root certificate to Intel AMT:");
                Console.WriteLine("============================================\n");
                // Read trusted root certificate with X509Certificate2 from .cer file.
                using (X509Certificate2 certificate = new X509Certificate2(ROOT_CA))
                {
                    amt.Config.CertificateManagement.AddCertificate(certificate);
                }
                Console.WriteLine("A trusted root certificate added successfully");
            }
            catch (CertificateManagementManageabilityException ex)
            {
                Console.WriteLine(ex.Message);
            }
            catch (CryptographicException ex)
            {
                Console.WriteLine(ex.Message);
            }

        }

        public static void AddCertificateChain(IAMTInstance amt)
        {
            try
            {
                Console.WriteLine("\nAdd a certificate chain to Intel AMT:");
                Console.WriteLine("=====================================\n");

                using (X509Certificate2 rootCertificate = new X509Certificate2(ROOT_CERT))
                {
                    using (X509Certificate2 leafCertificate = new X509Certificate2(LEAF_CERT, "q", X509KeyStorageFlags.Exportable)) //*****
                    {
                        // Create X509Chain object.
                        using (X509Chain trustedChain = new X509Chain())
                        {
                            // Set to the X509Chain object an additional certificates store from which the chain will be built.
                            trustedChain.ChainPolicy.ExtraStore.Add(rootCertificate);
                            // Ignore when determining certificate verification invalid certificates like:
                            // expired certificates, certificate with invalid policy, etc.
                            // Set this policy to AllFlags is necessary to the attached certificates in this sample only (The 
                            // attached certificates are not valid).
                            trustedChain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;
                            // Build certificates chain.
                            trustedChain.Build(leafCertificate);
                            // Add the chain elements to the certificate store in the Intel AMT.
                            amt.Config.CertificateManagement.AddCertificate(trustedChain);
                        }
                    }
                }
                Console.WriteLine("Certificate chain added successfully.");
            }
            catch (CertificateManagementManageabilityException ex)
            {
                Console.WriteLine(ex.Message);
            }
            catch (CryptographicException ex)
            {
                Console.WriteLine(ex.Message);
            }

        }

        public static void GetAllCertificates(IAMTInstance amt)
        {
            try
            {
                Console.WriteLine("\nGet all certificates:");
                Console.WriteLine("=====================\n");

                List<X509Certificate2> certificates = amt.Config.CertificateManagement.GetAllCertificates();
                foreach (X509Certificate2 certificate in certificates)
                {
                    PrintCertificate(certificate);
                }

                Console.WriteLine("Get all certificates completed successfully.");
            }
            catch (CertificateManagementManageabilityException ex)
            {
                Console.WriteLine(ex.Message);
            }

        }

        public static void GetTrustedRootCertificates(IAMTInstance amt)
        {
            try
            {
                Console.WriteLine("\nGet all trusted root certificates:");
                Console.WriteLine("==================================\n");

                List<X509Certificate2> certificates = amt.Config.CertificateManagement.GetTrustedRootCertificates();
                foreach (X509Certificate2 certificate in certificates)
                {
                    PrintCertificate(certificate);
                }
                Console.WriteLine("Get all trusted root certificates completed successfully.");
            }
            catch (CertificateManagementManageabilityException ex)
            {
                Console.WriteLine(ex.Message);
            }

        }

        public static void GetNonTrustedRootCertificates(IAMTInstance amt)
        {
            try
            {
                Console.WriteLine("\nGet all non trusted root certificates:");
                Console.WriteLine("======================================\n");

                List<X509Certificate2> certificates = amt.Config.CertificateManagement.GetNonTrustedRootCertificates();
                foreach (X509Certificate2 certificate in certificates)
                {
                    PrintCertificate(certificate);
                }

                Console.WriteLine("Get all non trusted root certificates completed successfully.");
            }
            catch (CertificateManagementManageabilityException ex)
            {
                Console.WriteLine(ex.Message);
            }

        }

        public static void GetCertificateChain(IAMTInstance amt)
        {
            try
            {
                Console.WriteLine("\nGet certificates chain:");
                Console.WriteLine("=======================\n");

                // Get certificates chain of certificate leaf.
                using (X509Certificate2 leaf = new X509Certificate2(LEAF_CERT, "q", X509KeyStorageFlags.Exportable))
                { 
                    X509Chain chain = amt.Config.CertificateManagement.GetChain(leaf);
                    foreach (X509ChainElement x509ChainElement in chain.ChainElements)
                    {
                        PrintCertificate(x509ChainElement.Certificate);
                    }
                }
                Console.WriteLine("Get certificates chain completed successfully.");
            }
            catch (CertificateManagementManageabilityException ex)
            {
                Console.WriteLine(ex.Message);
            }
            catch (CryptographicException ex)
            {
                Console.WriteLine(ex.Message);
            }


        }

        public static void RemoveCertificate(IAMTInstance amt)
        {
            try
            {
                Console.WriteLine("\nRemove certificate:");
                Console.WriteLine("===================\n");

                // Remove certificate including its private key.
                using (X509Certificate2 certificate = new X509Certificate2(LEAF_CERT, "q", X509KeyStorageFlags.Exportable))
                {
                    amt.Config.CertificateManagement.RemoveCertificate(certificate);
                }
                Console.WriteLine("Remove certificate including its private key completed successfully.");

            }
            catch (CertificateManagementManageabilityException ex)
            {
                Console.WriteLine(ex.Message);
            }
            catch (CryptographicException ex)
            {
                Console.WriteLine(ex.Message);
            }

        }

        public static void RemoveNonTrustedRootCertificates(IAMTInstance amt)
        {
            try
            {
                Console.WriteLine("\nRemove non trusted root certificates:");
                Console.WriteLine("=====================================\n");

                // Delete non trusted roots certificates including their private keys.
                amt.Config.CertificateManagement.RemoveNonTrustedRootCertificates(true);

                Console.WriteLine("Remove non trusted root certificates completed successfully.");

            }
            catch (CertificateManagementManageabilityException ex)
            {
                Console.WriteLine(ex.Message);
            }

        }

        public static void RemoveTrustedRootCertificates(IAMTInstance amt)
        {
            try
            {
                Console.WriteLine("\nRemove trusted root certificates:");
                Console.WriteLine("=================================\n");

                amt.Config.CertificateManagement.RemoveTrustedRootCertificates();

                Console.WriteLine("Remove trusted root certificates completed successfully.");
            }
            catch (CertificateManagementManageabilityException ex)
            {
                Console.WriteLine(ex.Message);
            }

        }

        private static void PrintCertificate(X509Certificate2 certificate)
        {
            Console.WriteLine("Name : {0}", certificate.FriendlyName);
            Console.WriteLine("Issuer : {0}", certificate.Issuer);
            Console.WriteLine("Subject : {0}", certificate.Subject);
            Console.WriteLine("Has Private Key : {0}", certificate.HasPrivateKey);
            Console.WriteLine("=================================================\n");
        }
    }
}