public object SerializeSignedObject() { object token = null; if (Payload == null) { throw new ArgumentException("Payload must be set before the token can be created and signed."); } JWK jwk = null; string kid = null; if (string.IsNullOrEmpty(_kid)) { //Create the JWK jwk = new JWK() { e = Base64Tool.Encode(_rsaParameters.Exponent), kty = "RSA", n = Base64Tool.Encode(_rsaParameters.Modulus) }; } else { kid = _kid; } //Create the Protected Header PROTECTED @protected = new PROTECTED() { alg = "RS256", jwk = jwk, kid = kid, nonce = _nonce, url = _directory }; //Encode jwk and payload string encodedProtected = Base64Tool.Encode(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(@protected, Formatting.None))); string encodedPayload = Base64Tool.Encode(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(Payload, Formatting.None))); //Sign Token string sigBase = $"{encodedProtected}.{encodedPayload}"; byte[] sigBytes = Encoding.ASCII.GetBytes(sigBase); byte[] signedBytes = _cryptoProvider.SignData(sigBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); string signature = Base64Tool.Encode(signedBytes); token = new { @protected = encodedProtected, payload = encodedPayload, signature = signature }; return(token); }
private string GenerateCSR(AcmeAccount account, params string[] domainNames) { HashAlgorithmName hashName = HashAlgorithmName.SHA256; var builder = new SubjectAlternativeNameBuilder(); foreach (var name in domainNames) { builder.AddDnsName(name); } RSA rsa = RSA.Create(4096); //rsa.ImportParameters(account.SecurityInfo); var dn = new X500DistinguishedName($"CN={domainNames.First()}"); var csr = new CertificateRequest(dn, rsa, hashName, RSASignaturePadding.Pkcs1); csr.CertificateExtensions.Add(builder.Build()); return(Base64Tool.Encode(csr.CreateSigningRequest())); }
public static string CreateAuthorizationKey(AcmeAccount account, string challengeToken) { string jwkThumbprint = string.Empty; //Compute the JWK Thumbprint var jwk = new { e = Base64Tool.Encode(account.SecurityInfo.Exponent), kty = "RSA", n = Base64Tool.Encode(account.SecurityInfo.Modulus) }; string sjwk = JsonConvert.SerializeObject(jwk, Formatting.None); using (HashAlgorithm sha = SHA256.Create()) { byte[] bjwk = Encoding.UTF8.GetBytes(sjwk); jwkThumbprint = Base64Tool.Encode(sha.ComputeHash(bjwk)); } return($"{challengeToken}.{jwkThumbprint}"); }
protected void Page_Load(object sender, EventArgs e) { var message = Request.Params["Message"]; //message = "227 1111111"; var str = message.ToString().Split(' '); var codeUser = str[0]; var content = str[1]; Bitmap bmp = null; MemoryStream stream = null; try { if (message == null) { Json = "参数Message不能为null!"; return; } //数据加密编码 string strBase64Content = Base64Tool.Base64Code(content); //生成二维码Bitmap QRCodeEncoder qrCode = new QRCodeEncoder(); qrCode.QRCodeEncodeMode = QRCodeEncoder.ENCODE_MODE.BYTE; qrCode.QRCodeScale = 6; qrCode.QRCodeVersion = 7; qrCode.QRCodeErrorCorrect = QRCodeEncoder.ERROR_CORRECTION.M; bmp = qrCode.Encode(strBase64Content); //Bitmap转换成MemoryStream stream = new System.IO.MemoryStream(); bmp.Save(stream, ImageFormat.Jpeg); //内存流MemoryStream转成bytes byte[] bt = stream.ToArray(); stream.Write(bt, 0, bt.Length); //获取上传地址 string strQRCodePicPath = FileTool.GetWebConfigKey("QRCodePicUploadPath"); string strQRCodePicName = codeUser + ".jpg"; if (!FileTool.UploadFile(strQRCodePicPath, strQRCodePicName, bt)) { Json = "False"; } Json = JsonConvert.SerializeObject(strQRCodePicName); } catch (Exception ex) { LogTool.WriteLog(typeof(QRCode), ex); Json = "Error"; } finally { if (stream != null) { stream.Close(); } if (bmp != null) { bmp.Dispose(); } } }
/// <summary> /// Changes and updates the account security info for an existing account. /// </summary> /// <param name="directory">Directory object.</param> /// <param name="nonce">Nonce</param> /// <param name="account">Must be existing account.</param> /// <returns>Return api response with status.</returns> /// <remarks>Will update the security info on the passed in account, so you will need to reserialize and update your existing account object to update the security info.</remarks> public async Task <AcmeApiResponse> RollOverAccountKeyAsync(AcmeDirectory directory, string nonce, AcmeAccount account) { if (directory == null) { throw new ArgumentNullException("directory"); } if (string.IsNullOrEmpty(directory.NewAccount)) { throw new ArgumentException("directory is missing Account url."); } if (string.IsNullOrEmpty(nonce)) { throw new ArgumentNullException("nonce"); } if (account == null) { throw new ArgumentNullException("account"); } RSACryptoServiceProvider cryptoProvider = new RSACryptoServiceProvider(2048); RSAParameters rsaPrams = cryptoProvider.ExportParameters(true); JwsContainer <ACCKEY> innerJwsObject = new JwsContainer <ACCKEY>( rsaPrams, nonce, directory.KeyChange, new ACCKEY() { account = account.KID, newKey = new JWK() { e = Base64Tool.Encode(rsaPrams.Exponent), kty = "RSA", n = Base64Tool.Encode(rsaPrams.Modulus) } }); object signedInnerJwsObject = innerJwsObject.SerializeSignedObject(); JwsContainer <object> outerJwsObject = new JwsContainer <object>(account.SecurityInfo, nonce, directory.KeyChange, account.KID, signedInnerJwsObject); string jwsToken = outerJwsObject.SerializeSignedToken(); var apiResp = await SendPostData( url : directory.KeyChange, data : jwsToken); string apiRespString = await apiResp.Content?.ReadAsStringAsync(); if (apiResp.StatusCode != HttpStatusCode.OK) { return(ErrorResponse(apiRespString)); } if (!apiResp.Headers.TryGetValues(ProtoacmeContants.HEADER_NONCE, out IEnumerable <string> nonces)) { return(ErrorResponse <AcmeAccount>("Missing Replay-Nonce Header on RolloverKey Response.")); } account.SecurityInfo = rsaPrams; return(new AcmeApiResponse() { Status = AcmeApiResponseStatus.Success, Nonce = nonces.FirstOrDefault() }); }