sign2

/// <summary>
  /// this method is for login action, display the personal certificates replace of capicom(string split by ^)
  /// </summary>
  /// <returns>string</returns>
  internal static string SignInNew()
  {
   try
   {
    X509Certificate2 myCert = GetCertificate();
    //generate the serialnumber
    string sCertSerNum = "";
    byte[] iCertSerNum = myCert.GetSerialNumber();
    string s = myCert.GetSerialNumberString();
    for (int i = iCertSerNum.Length - 1; i >= 0; i--)
    {
     string str1 = iCertSerNum[i].ToString("X").PadLeft(2, '0');
     sCertSerNum = sCertSerNum + str1;
    }
    string sPublicKey = myCert.GetPublicKeyString();
    string sCertNames = myCert.Subject;
    Regex r;
    Match m;
    r = new Regex("\\\".*,.*\\\"");
    m = r.Match(sCertNames);
    if (m.Length > 0)
    { sCertNames = getNewCertName(sCertNames); }
    else
    { sCertNames = sCertNames.Replace(",","^"); }

    string sEffectiveDate = myCert.GetEffectiveDateString();
    string sExpirationDate = myCert.GetExpirationDateString();
    string sRawCertData = Convert.ToBase64String(myCert.GetRawCertData());
    string sIssuer = myCert.GetNameInfo(X509NameType.SimpleName, true);

    //fixed the signdata string
    string sSignDataStr = sCertNames + "^ Publisher=" + sIssuer + "^ SN=" + sCertSerNum + "^ EffectiveDate=" + sEffectiveDate
     + "^ ExpirationDate=" + sExpirationDate + "^ RawCertData=" + sRawCertData;
    //return the value
    return sSignDataStr;
   }
   catch (Exception ex)
   {
    throw ex;
   }
  }
  /// <summary>
  /// change CertMain
  /// </summary>
  /// <param name="sCertNames">old CertName</param>
  /// <returns>new CertName</returns>
  public static string getNewCertName(string sCertNames)
  {
   try
   {
    Regex r;
    Match m;
    string pattern = "(OU=\\\".*\\\")|(O=\\\".*\\\")";
    r = new Regex(pattern);
    m = r.Match(sCertNames);
    string newCertMain = m.Value.Replace(", OU=", "^ OU=").Replace(", O=", "^ O=").Replace("\"", "").Replace("\\", "");
    string newCertMainTemp = sCertNames.Replace(m.Value, "###");
    newCertMainTemp = newCertMainTemp.Replace(",", "^");
    string newCertName = newCertMainTemp.Replace("###", newCertMain);
    return newCertName;
   }
   catch (Exception ex)
   {
    throw ex;
   }
  }

  /// <summary>
  ///
  /// </summary>
  /// <param name="certName"></param>
  /// <param name="email"></param>
  /// <param name="certFilter"></param>
  /// <returns></returns>
  public static X509Certificate2 GetCertificate(string certName, string email, string certFilter)
  {
   X509Certificate2 cert = null;
   if (!String.IsNullOrEmpty(certName))
    cert = GetCertificate(certName);
   else
    cert = GetCertificate();

   //用戶按下取消,未選擇證書
   if (cert == null)
   {
    throw new Exception("請選擇您的證書. Please select your certificate.\n");
    return null;
   }

   //取得證書人用戶名
   string certUserName = cert.GetNameInfo(X509NameType.SimpleName, false).ToUpper();

   DateTime now = DateTime.Now;
   //DateTime after3mon = cert.NotAfter.AddMonths(3);  //邏輯錯誤
   DateTime after1mon = DateTime.Now.AddMonths(1);     //修改至提前一個月提示

   //如果證書過期
   if (cert.NotAfter < now)                 
   {
    throw new Exception("您的證書已過期無法使用, 請聯繫Organization CA處理,謝謝!\nYour certificated is expired. Please contact with Organization CA for help, Thanks!\n");
    return null;
   }
    //else if (after3mon < now)     //邏輯錯誤
   else if (cert.NotAfter < after1mon)      //修改至提前一個月提示
   {
    CertState += "您的證書有效期少於一個月, 請及時聯繫Organization CA處理,謝謝!\nYour certificated will be expired less than 3 months. Please contact with Organization CA for help in time, Thanks!\n";
   }

   //驗證證書資訊與certName,email,certFilter參數是否匹配
   if (!String.IsNullOrEmpty(certName))
    if (certName.ToUpper() != certUserName)  //如果不是指定用戶
    {
     throw new Exception("用戶名不正確, 請重新選擇!\nUser name uncorrect. Please select again!\n");
     return null;
    }
   if (!String.IsNullOrEmpty(email))
    if (email.ToUpper() != cert.GetNameInfo(X509NameType.EmailName, false).ToUpper())       //不是指定的郵件地址
    {
     throw new Exception("信箱不正確, 請重新選擇!\nE-mail uncorrect. Please select again!\n");
     return null;
    }
   if (!String.IsNullOrEmpty(certFilter))
    if (certFilter.ToUpper() != cert.GetNameInfo(X509NameType.SimpleName, true).ToUpper()) //如果不等於所指定的發行者(Issuer Name)
    {
     throw new Exception("您所選擇的並非Organization CA所核發之證書, 請重新選擇!\nYour certificate is not issued by Organization CA. Please select again!\n");
     return null;
    }

   ////取證書序號
   //string certSerNum = "";
   //byte[] iCertSerNum = cert.GetSerialNumber();
   //for (int i = iCertSerNum.Length - 1; i >= 0; i--)
   //{
   //    string str1 = iCertSerNum[i].ToString("X");
   //    if (str1.Length < 2)
   //        str1 = "0" + str1;
   //    certSerNum = certSerNum + str1;
   //}

   //if (!Authenticate(certUserName, certSerNum))
   //{
   //    CertState += "Authenticate error. " + certUserName + ":" + certSerNum;
   //    return null;
   //}

   return cert;
  }