Skip to content

Commit

Permalink
完善证书相关操作。
Browse files Browse the repository at this point in the history
  • Loading branch information
@Mossimos
Mossimos committed Apr 3, 2022
1 parent a7306d7 commit f6f38ea
Show file tree
Hide file tree
Showing 3 changed files with 101 additions and 33 deletions.
99 changes: 71 additions & 28 deletions src/ST.Client.Desktop.Mac/Services/Implementation/MacPlatformServiceImpl.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,34 +52,11 @@ string[] IPlatformService.GetMacNetworkSetup()
var ret = p.StandardOutput.ReadToEnd().Replace("An asterisk (*) denotes that a network service is disabled.", "");
p.Kill();
return ret.Split("\n");
}
}
internal static bool IsCertificateInstalled(X509Certificate2 certificate2)
{
//bool result = false;
//using var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
//store.Open(OpenFlags.ReadOnly);
//foreach (var item in store.Certificates.Find(X509FindType.FindByIssuerName, "SteamTools Certificate", false))
//{
// var itemCertificate = new SecRecord((SecKind)2);
// if (item.GetCertHashString() == certificate2.GetCertHashString())
// {
// using (var policy = SecPolicy.CreateSslPolicy(true, null))
// using (var trust = new SecTrust(item, null))
// {
// Console.WriteLine(trust.Evaluate());
// }
// break;
// }
// else
// {
// //var rcode = SecKeyChain.Remove(cers);
// //if (rcode != SecStatusCode.Success)
// // await RunShellAsync($"security delete-certificate -Z {item.GetCertHashString()}", true);
// //result = false;
// }

//}
//return result;
#if MONO_MAC
using var p = new Process();
p.StartInfo.FileName = "security";
p.StartInfo.Arguments = $" verify-cert -c \"{IHttpProxyService.Instance.GetCerFilePathGeneratedWhenNoFileExists()}\"";
Expand All @@ -88,12 +65,78 @@ internal static bool IsCertificateInstalled(X509Certificate2 certificate2)
p.Start();
var returnStr = p.StandardOutput.ReadToEnd().TrimEnd();
p.Kill();
return returnStr == "...certificate verification successful.";
return returnStr.Contains("...certificate verification successful.", StringComparison.OrdinalIgnoreCase);
#elif XAMARIN_MAC
bool result = false;
var scer = new SecCertificate(cer);
var addCertificate = new SecRecord(scer);
var cerTrust = SecKeyChain.QueryAsRecord(addCertificate, out var t2code);
if (cerTrust != SecStatusCode.ItemNotFound)
{
using (var trust = new SecTrust(cerTrust, null))
{
trust.SetPolicy(policy);
trust.SetAnchorCertificates(fcollection);
result=trust.Evaluate(out var error);
Toast.Show(error.Description);
}
}
return result;
#endif

}
bool IPlatformService.IsCertificateInstalled(X509Certificate2 certificate2) => IsCertificateInstalled(certificate2);

ValueTask IPlatformService.RunShellAsync(string script, bool admin) => RunShellAsync(script,admin);

ValueTask IPlatformService.RunShellAsync(string script, bool admin) => RunShellAsync(script, admin);
/// <summary>
/// 尝试删除证书
/// </summary>
/// <param name="certificate2">要删除的证书</param>
async void IPlatformService.RemoveCertificate(X509Certificate2 certificate2)
{
#if MONO_MAC
using var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
try
{
store.Open(OpenFlags.ReadWrite);
store.Remove(certificate2);
}
catch
{
//出现错误尝试命令删除
await RunShellAsync($"security delete-certificate -Z {certificate2.GetCertHashString()}", true);
}
#elif XAMARIN_MAC
var itemCertificate = new SecRecord(new SecCertificate(certificate2));
var cers = SecKeyChain.QueryAsRecord(itemCertificate, out SecStatusCode code);
if (code != SecStatusCode.ItemNotFound)
{
var rcode = SecKeyChain.Remove(cers);
if (rcode != SecStatusCode.Success && rcode != SecStatusCode.ItemNotFound)
{
await RunShellAsync($"security delete-certificate -Z {certificate2.GetCertHashString()}", true);
}
}
//using var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
//store.Open(OpenFlags.ReadOnly);
//var lisrts = store.Certificates.Find(X509FindType.FindByIssuerName, IHttpProxyService.RootCertificateName, false);
//foreach (var item in lisrts)
//{
// var ces2 = new SecCertificate(item);
// var itemCertificate = new SecRecord(ces2);
// var cers = SecKeyChain.QueryAsRecord(itemCertificate, out SecStatusCode code);
// if (code != SecStatusCode.ItemNotFound)
// {
// var rcode = SecKeyChain.Remove(cers);
// if (rcode != SecStatusCode.Success && rcode != SecStatusCode.ItemNotFound)
// {
// await RunShellAsync($"security delete-certificate -Z {item.GetCertHashString()}", true);
// }
// }
//}
#endif

}

static async ValueTask RunShellAsync(string script, bool admin)
{
Expand Down
9 changes: 9 additions & 0 deletions src/ST.Client/Services/IPlatformService.Certificate.cs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
using System.Collections.Generic;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;

namespace System.Application.Services
{
Expand All @@ -10,5 +11,13 @@ bool IsCertificateInstalled(X509Certificate2 certificate2)
{
return true;
}

/// <summary>
/// 删除证书
/// </summary>
void RemoveCertificate(X509Certificate2 certificate2)
{
throw new NotImplementedException();
}
}
}
26 changes: 21 additions & 5 deletions src/ST.Client/Services/Implementation/HttpProxyServiceImpl.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -496,7 +496,10 @@ public bool SetupCertificate()
}
return IsCertificateInstalled(proxyServer.CertificateManager.RootCertificate);
}
public void DeleteCer()
/// <summary>
/// 删除全部Steam++证书 如失败尝试 命令删除
/// </summary>
public async void DeleteCer()
{
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
Expand All @@ -505,12 +508,22 @@ public void DeleteCer()
foreach (var item in collection)
{
if (item != null)
IPlatformService.Instance.RunShell($"security delete-certificate -Z {item.GetCertHashString()}", true);
{
try
{
store.Open(OpenFlags.ReadWrite);
store.Remove(item);
}
catch
{
await IPlatformService.Instance.RunShellAsync($"security delete-certificate -Z \\\"{item.GetCertHashString()}\\\"", true);
}
}
}
}

}
public bool DeleteCertificate()
public bool DeleteCertificate()
{
if (ProxyRunning)
return false;
Expand All @@ -533,7 +546,10 @@ public bool DeleteCertificate()
{
DeleteCer();
}
proxyServer.CertificateManager.RemoveTrustedRootCertificate();
else
{
proxyServer.CertificateManager.RemoveTrustedRootCertificate();
}
if (IsCertificateInstalled(proxyServer.CertificateManager.RootCertificate) == false)
{
proxyServer.CertificateManager.RootCertificate = null;
Expand Down Expand Up @@ -855,7 +871,7 @@ public bool IsCertificateInstalled(X509Certificate2? certificate2, bool usePlatf
}
else
{
using var store = new X509Store(OperatingSystem2.IsMacOS? StoreName .My: StoreName.Root, StoreLocation.CurrentUser);
using var store = new X509Store(OperatingSystem2.IsMacOS ? StoreName.My : StoreName.Root, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
result = store.Certificates.Contains(certificate2);
}
Expand Down

0 comments on commit f6f38ea

Please sign in to comment.