private string ServerCertValidate()
{
var errorMessage = String.Empty;
var store = WorkContext.IsMono
? X509StoreManager.CurrentUser.TrustedRoot
: X509StoreManager.LocalMachine.TrustedRoot;
var storage = StorageFactory.GetStorage("-1", "certs");
try
{
CoreContext.TenantManager.SetCurrentTenant(_currentTenantId);
// Import the details of the certificate from the server.
lock (RootSync)
{
var certificate = Cache.Get <Syscert.X509Certificate>("ldapCertificate");
if (certificate != null)
{
var data = certificate.GetRawCertData();
var x509 = new X509Certificate(data);
// Check for ceritficate in store.
if (!store.Certificates.Contains(x509))
{
if (storage.IsFile("ldap/ldap.cer"))
{
var storageData = GetCertificateFromStorage(storage);
var storageX509 = new X509Certificate(storageData);
if (CompareHash(storageX509.Hash, x509.Hash))
{
// Add the certificate to the store.
store.Import(storageX509);
store.Certificates.Add(storageX509);
return(String.Empty);
}
}
if (_certificateConfirmRequest.Approved)
{
AddCertificateToStorage(storage, x509);
// Add the certificate to the store.
store.Import(x509);
store.Certificates.Add(x509);
return(String.Empty);
}
if (!_certificateConfirmRequest.Requested)
{
_certificateConfirmRequest.SerialNumber = CryptoConvert.ToHex(x509.SerialNumber);
_certificateConfirmRequest.IssuerName = x509.IssuerName;
_certificateConfirmRequest.SubjectName = x509.SubjectName;
_certificateConfirmRequest.ValidFrom = x509.ValidFrom;
_certificateConfirmRequest.ValidUntil = x509.ValidUntil;
_certificateConfirmRequest.Hash = CryptoConvert.ToHex(x509.Hash);
var certificateErrors = Cache.Get <int[]>("ldapCertificateErrors");
_certificateConfirmRequest.CertificateErrors = certificateErrors.ToArray();
_certificateConfirmRequest.Requested = true;
}
}
}
else
{
// for AD
if (storage.IsFile("ldap/ldap.cer"))
{
var storageData = GetCertificateFromStorage(storage);
var storageX509 = new X509Certificate(storageData);
// Add the certificate to the store.
store.Import(storageX509);
store.Certificates.Add(storageX509);
return(String.Empty);
}
errorMessage = "LDAP TlsHandler. Certificate not found in certificate store.";
_log.Error(errorMessage);
return(errorMessage);
}
}
}
catch (Exception ex)
{
errorMessage = String.Format("LDAP TlsHandler error: {0}. {1}. store path = {2}",
ex, ex.InnerException != null ? ex.InnerException.ToString() : string.Empty,
store.Name);
_log.ErrorFormat(errorMessage);
}
return(errorMessage);
}
public void FromCapiKeyBlob_UnknownBlob()
{
byte[] blob = new byte [160];
RSA rsa = CryptoConvert.FromCapiKeyBlob(blob, 12);
}
private void SetKeyPair(AssemblyName aname)
{
#if ONLY_1_1
switch (delaysign)
{
case DelaySign.Yes:
AddCattr(typeof(AssemblyDelaySignAttribute),
typeof(bool), true);
break;
case DelaySign.No:
AddCattr(typeof(AssemblyDelaySignAttribute),
typeof(bool), false);
break;
}
#endif
if (keyfile != null)
{
if (!File.Exists(keyfile))
{
Report(1044, String.Format("Couldn't open '{0}' key file.", keyfile));
}
#if ONLY_1_1
AddCattr(typeof(AssemblyKeyFileAttribute),
keyfile);
#endif
using (FileStream fs = File.OpenRead(keyfile)) {
byte[] data = new byte [fs.Length];
try {
fs.Read(data, 0, data.Length);
if (delaysign == DelaySign.Yes)
{
SetPublicKey(aname, data);
}
else
{
CryptoConvert.FromCapiPrivateKeyBlob(data);
aname.KeyPair = new StrongNameKeyPair(data);
}
}
catch (CryptographicException) {
if (delaysign != DelaySign.Yes)
{
if (data.Length == 16)
{
// error # is different for ECMA key
Report(1019, "Could not strongname the assembly. " +
"ECMA key can only be used to delay-sign assemblies");
}
else
{
Report(1028, String.Format("Key file {0}' is missing it's private key " +
"or couldn't be decoded.", keyfile));
}
}
else
{
Report(1044, String.Format("Couldn't decode '{0}' key file.", keyfile));
}
}
fs.Close();
}
}
else if (keyname != null)
{
#if ONLY_1_1
AddCattr(typeof(AssemblyKeyNameAttribute),
keyname);
#endif
// delay-sign doesn't apply to key containers
aname.KeyPair = new StrongNameKeyPair(keyname);
}
}
public byte[] GetBytes() => CryptoConvert.ToCapiPrivateKeyBlob(this.RSA);
public void FromHex_NonHexChars()
{
CryptoConvert.FromHex("abcdefgh");
}
public void ToHex()
{
AssertNull("FromHex(null)", CryptoConvert.FromHex(null));
byte[] data = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
AssertEquals("0123456789abcdef", "0123456789ABCDEF", CryptoConvert.ToHex(data));
}
public void FromCapiPublicKeyBlob_Invalid()
{
RSA rsa = CryptoConvert.FromCapiPublicKeyBlob(strongName, 0);
}
public void FromCapiPublicKeyBlobDSA_Invalid()
{
byte[] blob = new byte[400];
DSA dsa = CryptoConvert.FromCapiPublicKeyBlobDSA(blob, 0);
}
public void FromCapiPublicKeyBlob_Null()
{
RSA rsa = CryptoConvert.FromCapiPublicKeyBlob(null);
}
public void FromCapiPublicKeyBlob_InvalidOffset()
{
RSA rsa = CryptoConvert.FromCapiPublicKeyBlob(new byte [0], 0);
}
public void FromCapiPublicKeyBlob()
{
RSA rsa = CryptoConvert.FromCapiPublicKeyBlob(strongNamePublicKey, 12);
AssertEquals("PublicKey", strongNamePublicKeyString, rsa.ToXmlString(false));
}
public void FromCapiPrivateKeyBlob_Invalid()
{
RSA rsa = CryptoConvert.FromCapiPrivateKeyBlob(strongNamePublicKey, 12);
}
public void FromCapiPrivateKeyBlob()
{
RSA rsa = CryptoConvert.FromCapiPrivateKeyBlob(strongName, 0);
AssertEquals("KeyPair", strongNameString, rsa.ToXmlString(true));
}
public void FromCapiPublicKeyBlobDSA_Null()
{
DSA dsa = CryptoConvert.FromCapiPublicKeyBlobDSA(null);
}
public void ToCapiKeyBlob_AsymmetricAlgorithm()
{
AsymmetricAlgorithm rsa = RSA.Create();
rsa.FromXmlString(strongNameString);
byte[] keypair = CryptoConvert.ToCapiKeyBlob(rsa, true);
AssertEquals("RSA-KeyPair", strongName, keypair);
byte[] publicKey = CryptoConvert.ToCapiKeyBlob(rsa, false);
AssertEquals("RSA-PublicKey", BitConverter.ToString(strongNamePublicKey, 12), BitConverter.ToString(publicKey));
AsymmetricAlgorithm dsa = DSA.Create();
dsa.FromXmlString(dsaKeyPairString);
AssertEquals("DSA-KeyPair", dsaPrivBlob, CryptoConvert.ToCapiKeyBlob(dsa, true));
AssertEquals("DSA-PublicKey", BitConverter.ToString(dsaPubBlob), BitConverter.ToString(CryptoConvert.ToCapiKeyBlob(dsa, false)));
}
public void FromCapiPublicKeyBlobDSA_InvalidOffset()
{
DSA dsa = CryptoConvert.FromCapiPublicKeyBlobDSA(new byte[0], 0);
}
public void ToCapiKeyBlob_AsymmetricNull()
{
AsymmetricAlgorithm aa = null;
CryptoConvert.ToCapiKeyBlob(aa, false);
}
public void ToCapiKeyBlob_DSANull()
{
DSA dsa = null;
CryptoConvert.ToCapiKeyBlob(dsa, false);
}
public void ToCapiKeyBlob_RSANull()
{
RSA rsa = null;
CryptoConvert.ToCapiKeyBlob(rsa, false);
}
public void FromHex_NonMultipleOf2()
{
CryptoConvert.FromHex("abc");
}
public void FromCapiKeyBlobDSA_UnknownBlob()
{
byte[] blob = new byte [334];
DSA dsa = CryptoConvert.FromCapiKeyBlobDSA(blob, 0);
}
static int Process(string[] args)
{
int i = 0;
string param = args [i];
bool quiet = ((param == "-quiet") || (param == "-q"));
if (quiet)
{
i++;
}
else
{
Header();
}
LoadConfig(quiet);
StrongName sn = null;
AssemblyName an = null;
RSACryptoServiceProvider rsa = null;
CspParameters csp = new CspParameters();
csp.ProviderName = defaultCSP;
switch (args [i++])
{
case "-c":
// Change global CSP provider options
defaultCSP = args [i];
return(SaveConfig());
case "-d":
// Delete specified key container
csp.KeyContainerName = args [i];
rsa = new RSACryptoServiceProvider(csp);
rsa.PersistKeyInCsp = false;
if (!quiet)
{
Console.WriteLine("Keypair in container {0} has been deleted", args [i]);
}
break;
case "-D":
StrongName a1 = new StrongName();
byte[] h1 = a1.Hash(args [i++]);
StrongName a2 = new StrongName();
byte[] h2 = a2.Hash(args [i++]);
if (Compare(h1, h2))
{
Console.WriteLine("Both assembly are identical (same digest for metadata)");
// TODO: if equals then compare signatures
}
else
{
Console.WriteLine("Assemblies are not identical (different digest for metadata)");
}
break;
case "-e":
// Export public key from assembly
an = AssemblyName.GetAssemblyName(args [i++]);
WriteToFile(args[i], an.GetPublicKey());
if (!quiet)
{
Console.WriteLine("Public Key extracted to file {0}", args [i]);
}
break;
case "-i":
// import keypair from SNK to container
sn = new StrongName(ReadFromFile(args [i++]));
csp.KeyContainerName = args [i];
rsa = new RSACryptoServiceProvider(csp);
rsa.ImportParameters(sn.RSA.ExportParameters(true));
break;
case "-k":
// Create a new strong name key pair
// (a new RSA keypair automagically if none is present)
int size = 1024;
if (i < args.Length + 2)
{
try {
size = Int32.Parse(args[i++]);
}
catch {
// oops, that wasn't a valid key size (assume 1024 bits)
i--;
}
}
sn = new StrongName(size);
WriteToFile(args[i], CryptoConvert.ToCapiKeyBlob(sn.RSA, true));
if (!quiet)
{
Console.WriteLine("A new {0} bits strong name keypair has been generated in file '{1}'.", size, args [i]);
}
break;
case "-m":
Console.WriteLine("Unimplemented option");
break;
case "-o":
byte[] infileD = ReadFromFile(args [i++]);
WriteCSVToFile(args [i], infileD, "D");
if (!quiet)
{
Console.WriteLine("Output CSV file is {0} (decimal format)", args [i]);
}
break;
case "-oh":
byte[] infileX2 = ReadFromFile(args [i++]);
WriteCSVToFile(args [i], infileX2, "X2");
if (!quiet)
{
Console.WriteLine("Output CVS file is {0} (hexadecimal format)", args [i]);
}
break;
case "-p":
// Extract public key from SNK or PKCS#12/PFX file
sn = new StrongName(GetKeyFromFile(args [i++]));
WriteToFile(args[i], sn.PublicKey);
if (!quiet)
{
Console.WriteLine("Public Key extracted to file {0}", args [i]);
}
break;
case "-pc":
// Extract public key from container
csp.KeyContainerName = args [i++];
rsa = new RSACryptoServiceProvider(csp);
sn = new StrongName(rsa);
WriteToFile(args[i], sn.PublicKey);
if (!quiet)
{
Console.WriteLine("Public Key extracted to file {0}", args [i]);
}
break;
case "-R":
string filename = args [i++];
if (!ReSign(filename, GetKeyFromFile(args [i]), quiet))
{
return(1);
}
break;
case "-Rc":
filename = args [i++];
csp.KeyContainerName = args [i];
rsa = new RSACryptoServiceProvider(csp);
if (!ReSign(filename, rsa, quiet))
{
return(1);
}
break;
case "-t":
// Show public key token from file
sn = new StrongName(ReadFromFile(args [i]));
// note: ignore quiet
Console.WriteLine("Public Key Token: " + ToString(sn.PublicKeyToken), Environment.NewLine);
break;
case "-tp":
// Show public key and public key token from assembly
sn = new StrongName(ReadFromFile(args [i]));
// note: ignore quiet
Console.WriteLine("Public Key:" + ToString(sn.PublicKey));
Console.WriteLine("{0}Public Key Token: " + ToString(sn.PublicKeyToken), Environment.NewLine);
break;
case "-T":
// Show public key token from assembly
an = AssemblyName.GetAssemblyName(args [i++]);
// note: ignore quiet
byte [] pkt = an.GetPublicKeyToken();
if (pkt == null)
{
Console.WriteLine("{0} does not represent a strongly named assembly.", args [i - 1]);
}
else
{
Console.WriteLine("Public Key Token: " + ToString(pkt));
}
break;
case "-Tp":
// Show public key and public key token from assembly
an = AssemblyName.GetAssemblyName(args [i++]);
byte [] token = an.GetPublicKeyToken();
if (token == null)
{
Console.WriteLine("{0} does not represent a strongly named assembly.", args [i - 1]);
}
else
{
Console.WriteLine("Public Key:" + ToString(an.GetPublicKey()));
Console.WriteLine("{0}Public Key Token: " + ToString(token), Environment.NewLine);
}
break;
case "-v":
filename = args [i++];
return(Verify(filename, false, quiet));
case "-vf":
filename = args [i++];
return(Verify(filename, true, quiet)); // force verification
case "-Vl":
Console.WriteLine(new StrongNameManager().ToString());
break;
case "-Vr":
Console.WriteLine("Unimplemented option");
break;
case "-Vu":
Console.WriteLine("Unimplemented option");
break;
case "-Vx":
// we must remove <verificationSettings> from each config files
Console.WriteLine("Unimplemented option");
break;
case "-?":
case "-h":
Help((i < args.Length) ? args [i] : null);
break;
default:
if (!quiet)
{
Console.WriteLine("Unknown option {0}", args [i - 1]);
}
return(1);
}
return(0);
}
public void FromCapiPrivateKeyBlobDSA()
{
DSA dsa = CryptoConvert.FromCapiPrivateKeyBlobDSA(dsaPrivBlob, 0);
AssertEquals("KeyPair", dsaKeyPairString, dsa.ToXmlString(true));
}
public void FromXml(SecurityElement element)
{
#if DISABLE_SECURITY
throw new PlatformNotSupportedException();
#else
if (element == null)
{
throw new ArgumentNullException("element");
}
if (element.Tag != "ApplicationTrust")
{
throw new ArgumentException("element");
}
string s = element.Attribute("FullName");
if (s != null)
{
_appid = new ApplicationIdentity(s);
}
else
{
_appid = null;
}
_defaultPolicy = null;
SecurityElement defaultGrant = element.SearchForChildByTag("DefaultGrant");
if (defaultGrant != null)
{
for (int i = 0; i < defaultGrant.Children.Count; i++)
{
SecurityElement se = (defaultGrant.Children [i] as SecurityElement);
if (se.Tag == "PolicyStatement")
{
DefaultGrantSet.FromXml(se, null);
break;
}
}
}
if (!Boolean.TryParse(element.Attribute("TrustedToRun"), out _trustrun))
{
_trustrun = false;
}
if (!Boolean.TryParse(element.Attribute("Persist"), out _persist))
{
_persist = false;
}
_xtranfo = null;
SecurityElement xtra = element.SearchForChildByTag("ExtraInfo");
if (xtra != null)
{
s = xtra.Attribute("Data");
if (s != null)
{
byte[] data = CryptoConvert.FromHex(s);
using (MemoryStream ms = new MemoryStream(data)) {
BinaryFormatter bf = new BinaryFormatter();
_xtranfo = bf.Deserialize(ms);
}
}
}
#endif
}
public void FromCapiPrivateKeyBlobDSA_Invalid()
{
byte[] blob = new byte[334];
DSA dsa = CryptoConvert.FromCapiPrivateKeyBlobDSA(blob, 0);
}
public static bool MySSLHandler(Syscert.X509Certificate certificate,
int[] certificateErrors)
{
X509Store store = null;
X509Stores stores = X509StoreManager.CurrentUser;
String input;
store = stores.TrustedRoot;
//Import the details of the certificate from the server.
X509Certificate x509 = null;
X509CertificateCollection coll = new X509CertificateCollection();
byte[] data = certificate.GetRawCertData();
if (data != null)
{
x509 = new X509Certificate(data);
}
//List the details of the Server
//check for ceritficate in store
X509CertificateCollection check = store.Certificates;
if (!check.Contains(x509))
{
if (bindCount == 1)
{
Console.WriteLine(" \n\nCERTIFICATE DETAILS: \n");
Console.WriteLine(" {0}X.509 v{1} Certificate", (x509.IsSelfSigned ? "Self-signed " : String.Empty), x509.Version);
Console.WriteLine(" Serial Number: {0}", CryptoConvert.ToHex(x509.SerialNumber));
Console.WriteLine(" Issuer Name: {0}", x509.IssuerName);
Console.WriteLine(" Subject Name: {0}", x509.SubjectName);
Console.WriteLine(" Valid From: {0}", x509.ValidFrom);
Console.WriteLine(" Valid Until: {0}", x509.ValidUntil);
Console.WriteLine(" Unique Hash: {0}", CryptoConvert.ToHex(x509.Hash));
Console.WriteLine();
}
//Get the response from the Client
do
{
Console.WriteLine("\nDo you want to proceed with the connection (y/n)?");
input = Console.ReadLine();
if (input == "y" || input == "Y")
{
bHowToProceed = true;
}
if (input == "n" || input == "N")
{
bHowToProceed = false;
}
}while(input != "y" && input != "Y" && input != "n" && input != "N");
}
else
{
if (bHowToProceed == true)
{
//Add the certificate to the store.
if (x509 != null)
{
coll.Add(x509);
}
store.Import(x509);
if (bindCount == 1)
{
removeFlag = true;
}
}
}
if (bHowToProceed == false)
{
//Remove the certificate added from the store.
if (removeFlag == true && bindCount > 1)
{
foreach (X509Certificate xt509 in store.Certificates)
{
if (CryptoConvert.ToHex(xt509.Hash) == CryptoConvert.ToHex(x509.Hash))
{
store.Remove(x509);
}
}
}
Console.WriteLine("SSL Bind Failed.");
}
return(bHowToProceed);
}
public void FromCapiPublicKeyBlobDSA()
{
DSA dsa = CryptoConvert.FromCapiPublicKeyBlobDSA(dsaPubBlob, 0);
AssertEquals("PublicKey", dsaPubKeyString, dsa.ToXmlString(false));
}
public void Save(string filename, string password)
{
if (filename == null)
{
throw new ArgumentNullException("filename");
}
byte[] array = null;
FileStream fileStream = File.Open(filename, FileMode.Create, FileAccess.Write);
try
{
byte[] array2 = new byte[4];
byte[] bytes = BitConverterLE.GetBytes(2964713758u);
fileStream.Write(bytes, 0, 4);
fileStream.Write(array2, 0, 4);
bytes = BitConverterLE.GetBytes(this.keyType);
fileStream.Write(bytes, 0, 4);
this.encrypted = (password != null);
array = CryptoConvert.ToCapiPrivateKeyBlob(this.rsa);
if (this.encrypted)
{
bytes = BitConverterLE.GetBytes(1);
fileStream.Write(bytes, 0, 4);
bytes = BitConverterLE.GetBytes(16);
fileStream.Write(bytes, 0, 4);
bytes = BitConverterLE.GetBytes(array.Length);
fileStream.Write(bytes, 0, 4);
byte[] array3 = new byte[16];
RC4 rc = RC4.Create();
byte[] array4 = null;
try
{
RandomNumberGenerator randomNumberGenerator = RandomNumberGenerator.Create();
randomNumberGenerator.GetBytes(array3);
fileStream.Write(array3, 0, array3.Length);
array4 = this.DeriveKey(array3, password);
if (this.Weak)
{
Array.Clear(array4, 5, 11);
}
ICryptoTransform cryptoTransform = rc.CreateEncryptor(array4, null);
cryptoTransform.TransformBlock(array, 8, array.Length - 8, array, 8);
}
finally
{
Array.Clear(array3, 0, array3.Length);
Array.Clear(array4, 0, array4.Length);
rc.Clear();
}
}
else
{
fileStream.Write(array2, 0, 4);
fileStream.Write(array2, 0, 4);
bytes = BitConverterLE.GetBytes(array.Length);
fileStream.Write(bytes, 0, 4);
}
fileStream.Write(array, 0, array.Length);
}
finally
{
Array.Clear(array, 0, array.Length);
fileStream.Close();
}
}
public void Save(string filename, string password)
{
if (filename == null)
{
throw new ArgumentNullException("filename");
}
byte[] blob = null;
FileStream fs = File.Open(filename, FileMode.Create, FileAccess.Write);
try {
// header
byte[] empty = new byte [4];
byte[] data = BitConverterLE.GetBytes(magic);
fs.Write(data, 0, 4); // magic
fs.Write(empty, 0, 4); // reserved
data = BitConverterLE.GetBytes(keyType);
fs.Write(data, 0, 4); // key type
encrypted = (password != null);
blob = CryptoConvert.ToCapiPrivateKeyBlob(rsa);
if (encrypted)
{
data = BitConverterLE.GetBytes(1);
fs.Write(data, 0, 4); // encrypted
data = BitConverterLE.GetBytes(16);
fs.Write(data, 0, 4); // saltlen
data = BitConverterLE.GetBytes(blob.Length);
fs.Write(data, 0, 4); // keylen
byte[] salt = new byte [16];
RC4 rc4 = RC4.Create();
byte[] key = null;
try {
// generate new salt (16 bytes)
RandomNumberGenerator rng = RandomNumberGenerator.Create();
rng.GetBytes(salt);
fs.Write(salt, 0, salt.Length);
key = DeriveKey(salt, password);
if (Weak)
{
Array.Clear(key, 5, 11);
}
ICryptoTransform enc = rc4.CreateEncryptor(key, null);
// we don't encrypt the header part of the BLOB
enc.TransformBlock(blob, 8, blob.Length - 8, blob, 8);
}
finally {
Array.Clear(salt, 0, salt.Length);
Array.Clear(key, 0, key.Length);
rc4.Clear();
}
}
else
{
fs.Write(empty, 0, 4); // encrypted
fs.Write(empty, 0, 4); // saltlen
data = BitConverterLE.GetBytes(blob.Length);
fs.Write(data, 0, 4); // keylen
}
fs.Write(blob, 0, blob.Length);
}
finally {
// BLOB may include an uncrypted keypair
Array.Clear(blob, 0, blob.Length);
fs.Close();
}
}
