public Certificate(X509Certificate Cert)
{
_x509 = Cert;
_issuer = new DistinguishedName(Cert.IssuerName);
_subject = new DistinguishedName(Cert.SubjectName);
_signature = Cert.Signature;
_serial_number = Cert.SerialNumber;
_public_key = (RSACryptoServiceProvider) Cert.RSA;
SubjectAltNameExtension sane = new SubjectAltNameExtension(Cert.Extensions[0]);
_node_address = sane.UniformResourceIdentifiers[0];
}
public Certificate(DistinguishedName Issuer, DistinguishedName Subject,
byte[] Signature, byte[] SerialNumber, string NodeAddress,
RSACryptoServiceProvider PublicKey)
{
_issuer = Issuer;
_subject = Subject;
_signature = Signature;
_serial_number = SerialNumber;
_node_address = NodeAddress;
_public_key = PublicKey;
}
public CertificateMaker(byte[] RawData) {
_unsigned_data = RawData;
Hashtable ht = (Hashtable) AdrConverter.Deserialize(MemBlock.Reference(RawData));
_subject = new DistinguishedName((string) ht["Country"],
(string) ht["Organization"], (string) ht["OrganizationalUnit"],
(string) ht["Name"], (string) ht["Email"]);
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportCspBlob((byte[]) ht["PublicKey"]);
_public_key = rsa;
_node_address = (string) ht["NodeAddress"];
}
public CertificateMaker(X509Certificate x509)
{
_subject = new DistinguishedName(x509.SubjectName);
_public_key = (RSACryptoServiceProvider) x509.RSA;
SubjectAltNameExtension sane = new SubjectAltNameExtension(x509.Extensions[0]);
_node_address = sane.UniformResourceIdentifiers[0];
}
public UserDescriptor GetUser(DistinguishedName distinguishedName)
{
if (distinguishedName == null) throw new ArgumentNullException("distinguishedName");
using (DirectoryEntry entry = new DirectoryEntry(String.Format("LDAP://{0}", distinguishedName)))
{
using (DirectorySearcher directorySearcher = new DirectorySearcher(entry))
{
var results = directorySearcher.FindAll();
if (!results.Any())
{
throw new UserNotFoundException(distinguishedName.Name, String.Format("Specified User '{0}' was not found in Active Directory.", distinguishedName));
}
UserDescriptor user = UserDescriptor.Initialize(results.First());
return user;
}
}
}
public CertificateMaker(string Country, string Organization,
string OrganizationalUnit, string Name, string Email,
RSACryptoServiceProvider PublicKey, string NodeAddress)
{
_subject = new DistinguishedName(Country, Organization,
OrganizationalUnit, Name, Email);
_public_key = PublicKey;
_node_address = NodeAddress;
}
public void DistinguishedName_UnescapedSpecialCharacter()
{
var dn = new DistinguishedName(@"CN=Winkin, Blinkin, and Nod,OU=Employees,DC=adatum,DC=com");
}
public void DistinguishedName_QuotesSingle()
{
var dn = new DistinguishedName(@"OU=""John is cool""");
Assert.AreEqual(dn.ToString(), "OU=John is cool");
}
public void DistinguishedName_SpacesAtBeginningAndEnd()
{
var dn = new DistinguishedName(@"CN=\ John \ ");
Assert.AreEqual(dn.ToString(), @"CN=\ John \ ");
}
public void DistinguishedName_HexEscapeNonSpecialCharacter()
{
var dn = new DistinguishedName(@"CN=John\20Doe,OU=Employees,DC=adatum,DC=com");
Assert.AreEqual(dn.ToString(), @"CN=John Doe,OU=Employees,DC=adatum,DC=com");
}
public void DistinguishedName_RDNComponentCount()
{
var dn = new DistinguishedName("CN=John,OU=Employees,DC=adatum,DC=com");
Assert.AreEqual(dn.Components.Count, 4);
}
/// <summary>
/// Initializes a new instance of the <see cref="Contact"/> class.
/// </summary>
/// <param name="distinguishedName">DistinguishedName object of the distinguished name.</param>
public Contact(DistinguishedName distinguishedName)
: base(distinguishedName)
{
CheckType();
}
public string GetDomainPrefix() => DistinguishedName
.Split(',')
.FirstOrDefault(x => x.ToLower().Contains("dc"))
.Split('=')
.LastOrDefault()
.ToUpper();
internal byte[] CreatePKCS10CSRTest(ParametersValidation validationRequest, out StepType stepType, out SoapException exc, out int timeout, DistinguishedName Subject, string KeyID, CSRAttribute[] CSRAttribute, AlgorithmIdentifier SignatureAlgorithm)
{
int special;
VoidCommand("CreatePKCS10CSR", CreatePKCS10CSR, validationRequest, true, out stepType, out exc, out timeout, out special);
byte[] result;
switch (special)
{
case 1:
//Correct response
var subject = "";
if (null != Subject)
{
var r = new StringBuilder();
if (null != Subject.CommonName)
{
r.Append(string.Format("CN={0},", Subject.CommonName));
}
if (null != Subject.Country)
{
r.Append(string.Format("C={0},", Subject.Country));
}
if (null != Subject.Locality)
{
r.Append(string.Format("L={0},", Subject.Locality));
}
if (null != Subject.Organization)
{
r.Append(string.Format("O={0},", Subject.Organization));
}
if (null != Subject.OrganizationalUnit)
{
r.Append(string.Format("OU={0},", Subject.OrganizationalUnit));
}
if (null != Subject.StateOrProvinceName)
{
r.Append(string.Format("ST={0},", Subject.StateOrProvinceName));
}
subject = r.ToString().TrimEnd(',');
}
var generator = new RsaKeyPairGenerator();
generator.Init(new KeyGenerationParameters(new SecureRandom(), 1024));
var keyPair = generator.GenerateKeyPair();
var signatureAlg = "SHA1WithRSAEncryption";
if (null != SignatureAlgorithm && !string.IsNullOrEmpty(SignatureAlgorithm.algorithm))
{
signatureAlg = SignatureAlgorithm.algorithm;
}
var csr = new Pkcs10CertificationRequest(signatureAlg, new X509Name(subject), keyPair.Public, null, keyPair.Private);
TestCommon.writeToLogInfo("Public Key: " + csr.GetCertificationRequestInfo().SubjectPublicKeyInfo.PublicKeyData.ToString());
TestCommon.writeToLogInfo("Signature: " + csr.Signature.ToString());
TestCommon.writeToLogInfo("SignatureAlgorithm: " + csr.SignatureAlgorithm.ObjectID.ToString());
TestCommon.writeToLogInfo("Subject: " + csr.GetCertificationRequestInfo().Subject.ToString());
result = csr.GetEncoded();
break;
case 2:
//with sign error, sign lenght 1024
result = TestCommon.ReadBinary(TestCommon.PCS10Binary3Uri);
break;
case 3:
//without error, sign lenght 3072
result = new byte[1];
break;
case 4:
//without error, sign lenght 3072
result = new byte[0];
break;
case 5:
//without sign error, sign lenght 1024, with wrong subject
result = TestCommon.ReadBinary(TestCommon.PCS10Binary2Uri);
break;
default:
result = null;
break;
}
return(result);
}
private void verifyLevel3Authentication(SecureSocket socket,
Certificate cert,
CertificateChain chain,
VerifyEventArgs e
)
{
try
{
// Verify level 2 first
verifyLevel2Authentication(socket, cert, chain, e);
if (!e.Valid)
{
return;
}
// Verify that the host name or IP matches the subject on the certificate
// ( Level3 authentication )
// First, get the "CN=" name from the certificate
string commonName = null;
DistinguishedName certificateName = cert.GetDistinguishedName();
for (int a = 0; a < certificateName.Count; a++)
{
NameAttribute part = certificateName[a];
if (part.ObjectID == OID_CN)
{
commonName = part.Value;
break;
}
}
if (commonName == null)
{
if ((Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0)
{
log.Warn
("Client Certificate fails SIF Level 3 Authentication: common name attribute not found.");
}
e.Valid = false;
return;
}
if (String.Compare(commonName, "localhost", true) == 0)
{
commonName = "127.0.0.1";
}
// Does it match the IP Address?
IPEndPoint remoteEndPoint = (IPEndPoint)socket.RemoteEndPoint;
if (remoteEndPoint.Address.ToString() == commonName)
{
e.Valid = true;
return;
}
// Does it match the common name of the client machine?
IPHostEntry entry = GetHostByAddress(remoteEndPoint.Address);
if (entry == null)
{
if ((Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0)
{
log.Warn
("Client Certificate fails SIF Level 3 Authentication: Host Name not found for Address " +
remoteEndPoint.Address.ToString());
}
e.Valid = false;
return;
}
if (string.Compare(commonName, entry.HostName, true) == 0)
{
e.Valid = true;
return;
}
// No match was found
e.Valid = false;
if ((Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0)
{
log.Warn
("Client Certificate fails SIF Level 3 Authentication: Certificate Common Name=" +
commonName + ". Does not match client IP / Host: " +
remoteEndPoint.Address.ToString() + " / " + socket.CommonName);
}
}
catch (Exception ex)
{
if ((Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0)
{
log.Warn
("Client Certificate fails SIF Level 3 Authentication: " + ex.Message, ex);
}
e.Valid = false;
}
}
