Check that a certificate with the given thumbprint exists when the user clicks the 'Change' button. This prevents the user from setting the ISE to attempt to use a nonexistent certificate

alstab · alstab · commit 9af5f8e1c484 · 2015-08-25T16:35:14.000-07:00
diff --git a/AutomationISE/AutomationISEControl.xaml.cs b/AutomationISE/AutomationISEControl.xaml.cs
@@ -1056,13 +1056,15 @@ private void certificateButton_Click(object sender, RoutedEventArgs e)
             {
                 /* Strip bad character that appears when you copy/paste from certmgr */
                 String cleanedString = certificateTextBox.Text.Trim(new char[] { '\u200E' });
+                /* Throw exception if the given thumbprint is not a valid certificate */
+                AutomationSelfSignedCertificate.GetCertificateWithThumbprint(cleanedString);
                 AutomationSelfSignedCertificate.SetCertificateInConfigFile(cleanedString);
                 certificateThumbprint = cleanedString;
                 UpdateStatusBox(configurationStatusTextBox, "Updated thumbprint of certificate used to encrypt local assets: " + certificateThumbprint);
             }
             catch (Exception ex)
             {
-                MessageBox.Show("The thumbprint could not be updated " + ex.Message, "Error");
+                MessageBox.Show("The thumbprint could not be updated:\r\n" + ex.Message + ".", "Error", MessageBoxButton.OK, MessageBoxImage.Error);
             }
         }
 
diff --git a/AutomationISE/Model/AutomationSelfSignedCertificate.cs b/AutomationISE/Model/AutomationSelfSignedCertificate.cs
@@ -17,6 +17,8 @@
 using System.Diagnostics;
 using System.IO;
 using System.Web.Script.Serialization;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
 
 namespace AutomationISE.Model
 {
@@ -148,6 +150,29 @@ private static String GetConfigPath()
             string configFilePath = System.IO.Path.Combine(modulePath, PSModuleConfiguration.ModuleData.ConfigFileName);
 
             return configFilePath;
+        }
+
+        public static X509Certificate2 GetCertificateWithThumbprint(string thumbprint)
+        {
+            X509Store CertStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
+            try
+            {
+                CertStore.Open(OpenFlags.ReadOnly);
+            }
+            catch (Exception ex)
+            {
+                throw new Exception("Error reading certificate store", ex);
+            }
+
+            var CertCollection = CertStore.Certificates;
+            var EncryptCert = CertCollection.Find(X509FindType.FindByThumbprint, thumbprint, false);
+            CertStore.Close();
+
+            if (EncryptCert.Count == 0)
+            {
+                throw new Exception("Certificate with thumbprint " + thumbprint + " does not exist in HKLM\\My");
+            }
+            return EncryptCert[0];
         }
     }
 }
diff --git a/AutomationISE/Model/LocalAssetsStore.cs b/AutomationISE/Model/LocalAssetsStore.cs
@@ -219,27 +219,9 @@ public static String Encrypt(Object Value, String Thumbprint)
                     return null;
                 }
                 else
-                {
-                    X509Store CertStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
-                    try
-                    {
-                        CertStore.Open(OpenFlags.ReadOnly);
-                    }
-                    catch (Exception ex)
-                    {
-                        throw new Exception("Error reading certificate store", ex);
-                    }
-
-                    var CertCollection = CertStore.Certificates;
-                    var EncryptCert = CertCollection.Find(X509FindType.FindByThumbprint, Thumbprint, false);
-                    CertStore.Close();
-
-                    if (EncryptCert.Count == 0)
-                    {
-                        throw new Exception("Certificate:" + Thumbprint + " does not exist in HKLM\\Root");
-                    }
-
-                    RSACryptoServiceProvider rsaEncryptor = (RSACryptoServiceProvider)EncryptCert[0].PublicKey.Key;
+                {
+                    X509Certificate2 EncryptCert = AutomationSelfSignedCertificate.GetCertificateWithThumbprint(Thumbprint);
+                    RSACryptoServiceProvider rsaEncryptor = (RSACryptoServiceProvider)EncryptCert.PublicKey.Key;
                     var valueJson = JsonConvert.SerializeObject(Value);
                     var EncryptedBytes = System.Text.Encoding.Default.GetBytes(valueJson);
                     byte[] EncryptedData = rsaEncryptor.Encrypt(EncryptedBytes, true);
@@ -258,28 +240,10 @@ public static Object Decrypt(Object EncryptedValue, String Thumbprint)
                     throw new Exception("Cannot decrypt value. Value to decrypt was not a string.");
                 }
                 else
-                {
-                    X509Store CertStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
-                    try
-                    {
-                        CertStore.Open(OpenFlags.ReadOnly);
-                    }
-                    catch (Exception ex)
-                    {
-                        throw new Exception("Error reading certificate store", ex);
-                    }
-
-                    var CertCollection = CertStore.Certificates;
-                    var EncryptCert = CertCollection.Find(X509FindType.FindByThumbprint, Thumbprint, false);
-                    CertStore.Close();
-
-                    if (EncryptCert.Count == 0)
-                    {
-                        throw new Exception("Certificate:" + Thumbprint + " does not exist in HKLM\\My");
-                    }
-
+                {
+                    X509Certificate2 EncryptCert = AutomationSelfSignedCertificate.GetCertificateWithThumbprint(Thumbprint);
                     Byte[] EncryptedString = Convert.FromBase64String((string)EncryptedValue);
-                    RSACryptoServiceProvider rsaEncryptor = (RSACryptoServiceProvider)EncryptCert[0].PrivateKey;
+                    RSACryptoServiceProvider rsaEncryptor = (RSACryptoServiceProvider)EncryptCert.PrivateKey;
                     byte[] EncryptedData = rsaEncryptor.Decrypt(EncryptedString, true);
                     var valueJson = System.Text.Encoding.Default.GetString(EncryptedData);
                     return JsonConvert.DeserializeObject(valueJson);

Original file line number	Diff line number	Diff line change
`@@ -1056,13 +1056,15 @@ private void certificateButton_Click(object sender, RoutedEventArgs e)`
`1056`	`1056`	`{`
`1057`	`1057`	`/* Strip bad character that appears when you copy/paste from certmgr */`
`1058`	`1058`	`String cleanedString = certificateTextBox.Text.Trim(new char[] { '\u200E' });`
	`1059`	`+ /* Throw exception if the given thumbprint is not a valid certificate */`
	`1060`	`+ AutomationSelfSignedCertificate.GetCertificateWithThumbprint(cleanedString);`
`1059`	`1061`	`AutomationSelfSignedCertificate.SetCertificateInConfigFile(cleanedString);`
`1060`	`1062`	`certificateThumbprint = cleanedString;`
`1061`	`1063`	`UpdateStatusBox(configurationStatusTextBox, "Updated thumbprint of certificate used to encrypt local assets: " + certificateThumbprint);`
`1062`	`1064`	`}`
`1063`	`1065`	`catch (Exception ex)`
`1064`	`1066`	`{`
`1065`		`- MessageBox.Show("The thumbprint could not be updated " + ex.Message, "Error");`
	`1067`	`+ MessageBox.Show("The thumbprint could not be updated:\r\n" + ex.Message + ".", "Error", MessageBoxButton.OK, MessageBoxImage.Error);`
`1066`	`1068`	`}`
`1067`	`1069`	`}`
`1068`	`1070`