lvfengfree/serverRoom
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
serverRoom/amt-sdk-20-0-0-1/HLAPI_Module/Src/HLAPI_Samples/CertificateManagementSample/CertificateManagementFunctionality.cs

286 lines
11 KiB
C#
Raw Blame History

//----------------------------------------------------------------------------
//
// Copyright (c) Intel Corporation, 2012 - 2013 All Rights Reserved.
//
// File: CertificateManagementFunctionality.cs
//
// Contents: Example that shows how to use CertificateManagement High Level API
//
//----------------------------------------------------------------------------
using System;
using System.Collections.Generic;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using Intel.Manageability;
using Intel.Manageability.Exceptions;
namespace CertificateManagementSample
{
class CertificateManagementFunctionality
{
private const string LEAF_CERT = @"..\..\LeafCert.p12";
private const string ROOT_CA = @"..\..\rootCA.cer";
private const string ROOT_CERT = @"..\..\RootCert.cer";
public static void AddCertificate(IAMTInstance amt)
{
try
{
Console.WriteLine("\nAdd a certificate to Intel AMT:");
Console.WriteLine("===============================\n");
// Read certificate with X509Certificate2 from .p12 file. The given property X509KeyStorageFlags.Exportable
// gives the X509Certificate2 object the instruction to export also the private key.
using (X509Certificate2 certificate = new X509Certificate2(LEAF_CERT, "q", X509KeyStorageFlags.Exportable))
{
amt.Config.CertificateManagement.AddCertificate(certificate);
}
Console.WriteLine("A certificate including a private key added successfully.");
}
catch (CertificateManagementManageabilityException ex)
{
Console.WriteLine(ex.Message);
}
catch(CryptographicException ex)
{
Console.WriteLine(ex.Message);
}
}
public static void AddTrustedRootCertificate(IAMTInstance amt)
{
try
{
Console.WriteLine("\nAdd a trusted root certificate to Intel AMT:");
Console.WriteLine("============================================\n");
// Read trusted root certificate with X509Certificate2 from .cer file.
using (X509Certificate2 certificate = new X509Certificate2(ROOT_CA))
{
amt.Config.CertificateManagement.AddCertificate(certificate);
}
Console.WriteLine("A trusted root certificate added successfully");
}
catch (CertificateManagementManageabilityException ex)
{
Console.WriteLine(ex.Message);
}
catch (CryptographicException ex)
{
Console.WriteLine(ex.Message);
}
}
public static void AddCertificateChain(IAMTInstance amt)
{
try
{
Console.WriteLine("\nAdd a certificate chain to Intel AMT:");
Console.WriteLine("=====================================\n");
using (X509Certificate2 rootCertificate = new X509Certificate2(ROOT_CERT))
{
using (X509Certificate2 leafCertificate = new X509Certificate2(LEAF_CERT, "q", X509KeyStorageFlags.Exportable)) //*****
{
// Create X509Chain object.
using (X509Chain trustedChain = new X509Chain())
{
// Set to the X509Chain object an additional certificates store from which the chain will be built.
trustedChain.ChainPolicy.ExtraStore.Add(rootCertificate);
// Ignore when determining certificate verification invalid certificates like:
// expired certificates, certificate with invalid policy, etc.
// Set this policy to AllFlags is necessary to the attached certificates in this sample only (The
// attached certificates are not valid).
trustedChain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;
// Build certificates chain.
trustedChain.Build(leafCertificate);
// Add the chain elements to the certificate store in the Intel AMT.
amt.Config.CertificateManagement.AddCertificate(trustedChain);
}
}
}
Console.WriteLine("Certificate chain added successfully.");
}
catch (CertificateManagementManageabilityException ex)
{
Console.WriteLine(ex.Message);
}
catch (CryptographicException ex)
{
Console.WriteLine(ex.Message);
}
}
public static void GetAllCertificates(IAMTInstance amt)
{
try
{
Console.WriteLine("\nGet all certificates:");
Console.WriteLine("=====================\n");
List<X509Certificate2> certificates = amt.Config.CertificateManagement.GetAllCertificates();
foreach (X509Certificate2 certificate in certificates)
{
PrintCertificate(certificate);
}
Console.WriteLine("Get all certificates completed successfully.");
}
catch (CertificateManagementManageabilityException ex)
{
Console.WriteLine(ex.Message);
}
}
public static void GetTrustedRootCertificates(IAMTInstance amt)
{
try
{
Console.WriteLine("\nGet all trusted root certificates:");
Console.WriteLine("==================================\n");
List<X509Certificate2> certificates = amt.Config.CertificateManagement.GetTrustedRootCertificates();
foreach (X509Certificate2 certificate in certificates)
{
PrintCertificate(certificate);
}
Console.WriteLine("Get all trusted root certificates completed successfully.");
}
catch (CertificateManagementManageabilityException ex)
{
Console.WriteLine(ex.Message);
}
}
public static void GetNonTrustedRootCertificates(IAMTInstance amt)
{
try
{
Console.WriteLine("\nGet all non trusted root certificates:");
Console.WriteLine("======================================\n");
List<X509Certificate2> certificates = amt.Config.CertificateManagement.GetNonTrustedRootCertificates();
foreach (X509Certificate2 certificate in certificates)
{
PrintCertificate(certificate);
}
Console.WriteLine("Get all non trusted root certificates completed successfully.");
}
catch (CertificateManagementManageabilityException ex)
{
Console.WriteLine(ex.Message);
}
}
public static void GetCertificateChain(IAMTInstance amt)
{
try
{
Console.WriteLine("\nGet certificates chain:");
Console.WriteLine("=======================\n");
// Get certificates chain of certificate leaf.
using (X509Certificate2 leaf = new X509Certificate2(LEAF_CERT, "q", X509KeyStorageFlags.Exportable))
{
X509Chain chain = amt.Config.CertificateManagement.GetChain(leaf);
foreach (X509ChainElement x509ChainElement in chain.ChainElements)
{
PrintCertificate(x509ChainElement.Certificate);
}
}
Console.WriteLine("Get certificates chain completed successfully.");
}
catch (CertificateManagementManageabilityException ex)
{
Console.WriteLine(ex.Message);
}
catch (CryptographicException ex)
{
Console.WriteLine(ex.Message);
}
}
public static void RemoveCertificate(IAMTInstance amt)
{
try
{
Console.WriteLine("\nRemove certificate:");
Console.WriteLine("===================\n");
// Remove certificate including its private key.
using (X509Certificate2 certificate = new X509Certificate2(LEAF_CERT, "q", X509KeyStorageFlags.Exportable))
{
amt.Config.CertificateManagement.RemoveCertificate(certificate);
}
Console.WriteLine("Remove certificate including its private key completed successfully.");
}
catch (CertificateManagementManageabilityException ex)
{
Console.WriteLine(ex.Message);
}
catch (CryptographicException ex)
{
Console.WriteLine(ex.Message);
}
}
public static void RemoveNonTrustedRootCertificates(IAMTInstance amt)
{
try
{
Console.WriteLine("\nRemove non trusted root certificates:");
Console.WriteLine("=====================================\n");
// Delete non trusted roots certificates including their private keys.
amt.Config.CertificateManagement.RemoveNonTrustedRootCertificates(true);
Console.WriteLine("Remove non trusted root certificates completed successfully.");
}
catch (CertificateManagementManageabilityException ex)
{
Console.WriteLine(ex.Message);
}
}
public static void RemoveTrustedRootCertificates(IAMTInstance amt)
{
try
{
Console.WriteLine("\nRemove trusted root certificates:");
Console.WriteLine("=================================\n");
amt.Config.CertificateManagement.RemoveTrustedRootCertificates();
Console.WriteLine("Remove trusted root certificates completed successfully.");
}
catch (CertificateManagementManageabilityException ex)
{
Console.WriteLine(ex.Message);
}
}
private static void PrintCertificate(X509Certificate2 certificate)
{
Console.WriteLine("Name : {0}", certificate.FriendlyName);
Console.WriteLine("Issuer : {0}", certificate.Issuer);
Console.WriteLine("Subject : {0}", certificate.Subject);
Console.WriteLine("Has Private Key : {0}", certificate.HasPrivateKey);
Console.WriteLine("=================================================\n");
}
}
}
Reference in New Issue View Git Blame Copy Permalink