The Certificate POCO below is my own invention. Don't read too much into it. I'm just keeping X509Store from bleeding out of the infrastructure layer.
using System;
using System.Collections.Generic;
using RefreshCerts.Core.ExternalDependencies;
using System.Security.Cryptography.X509Certificates;
using RefreshCerts.Core.Objects;
namespace RefreshCerts.Infrastructure.ExternalDependencies
{
public class CertificateAuditing : ICertificateAuditing
{
private Dictionary<string, StoreName> storeNames = new Dictionary<string,
StoreName>()
{
{ "AddressBook", StoreName.AddressBook },
{ "AuthRoot", StoreName.AuthRoot },
{ "CertificateAuthority", StoreName.CertificateAuthority },
{ "Disallowed", StoreName.Disallowed },
{ "My", StoreName.My },
{ "Root", StoreName.Root },
{ "TrustedPeople", StoreName.TrustedPeople },
{ "TrustedPublisher", StoreName.TrustedPublisher }
};
public List<Certificate> Audit(int days, ITimekeeping timekeeping)
{
List<Certificate> certificates = new List<Certificate>();
DateTime future = timekeeping.GetDate().AddDays(days);
foreach (KeyValuePair<string, StoreName> storeName in storeNames)
{
X509Store store = new X509Store(storeName.Value,
StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
foreach (X509Certificate2 certificate in store.Certificates)
{
if (certificate.NotAfter < future)
{
certificates.Add(new Certificate()
{
Locale = storeName.Key,
Name = certificate.FriendlyName,
SerialNumber = certificate.SerialNumber,
TimeToDie = certificate.NotAfter
});
}
}
}
return certificates;
}
}
}
No comments:
Post a Comment