public static object GetPrivateKeyRSA()
{
const string pem = @"-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDRmT9Jpctyw/sS
n6eWcZ58vUq25kLyM/dUm4Z7cs+4WzHX7bTMyiW6HqUAG/wun1MKhqcwxxniyjPS
5uqY8TuuQApy49RNqFy+tDsgXY5vqdHaVBgKNSHOrdZLNm4nsxg7OZMJC//P4/Ma
fjXFBfoqMxNRPL5oPKgIQpN8L1RBScq4Cj2Hc2/ptVnrD7kJgjCbX0pafimq+fdO
9NdsGUDT9mHEEiU88JbPlqod73u5NW5NOUPuW29dAnjuTtC7c+G/pYytRDF5KKwY
Yul6uoM/6bOBiQhi0Exm+wloeeI1QOmXtgB4KaKiKd9hItY70Gv4FLvTbMq+BIg6
yQc6K/XjAgMBAAECggEBALAv8+VCuvxkBb+n+UYbiDAvJokMkiXqzPOQMMHAxx+f
eQybwqmLG5+SdvzaiWffgfyNKCl2lCnx8xJMDdQ2pAZbyuy82w/UgPHFqxYPztXK
mJ7ApdyewSZtNn/O51Xz1GCkixbFwWnNoeMZSLWvypSCjrBxMVWJ923KGRQA7QBb
Mq9mQTh1PzbtYGqaFpQvP3DFMveCDT1ZciLWrr/m+dkygoCw3c8DKXBCCJqaLzE1
p8yr1Gl1CAbLT0+yRtjQYG4wjdlOIR2xQAGLmRJs+HNo/nPMEimZYNUBUBpa0UoF
79JuGyBWo+HDBgxM+C8c0TsG6RlDLoMYplUq+7LfodECgYEA+nD6iN832VejSw4L
blZvO87/6s902WQcyM7kZW9SZ7IyyXL2raa50DGgSAWzrwEIjxpE32EP3bG/b673
dx6g5NH4Dd/+sZOPqB0zVYvTbEePDkE6TMWXpzaPICiWlxPI12/U870cBfJhmAVB
FVblnNnLJHv5FDvt9maZh4aQQI0CgYEA1kAytn55Ij9e7knTw1Byu0AiWc41NIJs
4HLrPAY/nTHgwrW+kCtumiOjiJPikfA9yDRXVve0FMTxpiuCjgZoAncHBeq+E5PW
dXSvxlo4DdBbFT0iyqTVyMOsUmbvvVlBJ3JEhjMc1ZwcvhBDGGoQ5zCwTnxuWfVY
coTDYQqvjC8CgYBpPZjKc6LwfldsbtZ243OS2oXIkq0zvVIrQGXSClnCoaud4+Wt
S2bCClika2D6paCHIi7W/96+9rbPo+Lx97j87w8iJYLN9IhlyP+Nb1jFI70F7Hsn
T9FOvyqeBPBjRDkd7yy50Do6dYR1cZ/L69xJcWxgRIiC7DwvUyYpQW7U8QKBgQCc
wLmZ1aywxuagtvktZFWc9I5tYDaDJY2dJdc/wl6WlyCXtLso5e307nA+g9x34+p/
6POh2Hcz3ufiKOFLIhrE+urzhEzvK/HzW50jJWzvhmqtfl5PHwye57LTUybCRWQr
BSpneUv2aVKKKIG+ghO94lyL//QI8z10A/iirlvD1wKBgQDKu9kSKdUKTMGHayy3
jmk+6SooiveHMju/7WdLzDED9rLtOWw6VjeyADXRN+Tr0v7z7KCV95E84jz+LEn/
Y1ix5gt5ITIV5WIjU04+wqBusefwjSG/SnXHwN5/nRx1QTZFO76c2dQ6HackjWuO
HN4fDc3LWGBjogQ1lTB5Yg6ebA==
-----END PRIVATE KEY-----
";
return(PemHelper.FromPem(pem));
}
private static void BuildCAUnit(out AsymmetricKeyParameter caPrivateKey, out X509Certificate caCert)
{
AsymmetricCipherKeyPair keyPair = AsymmetricAlgorithmHelper.ECDSA.GenerateKeyPair();
caPrivateKey = keyPair.Private;
Tuple <X509NameLabel, string>[] names = new Tuple <X509NameLabel, string>[]
{
new Tuple <X509NameLabel, string>(X509NameLabel.C, "CN"),
new Tuple <X509NameLabel, string>(X509NameLabel.CN, "LH.Net.Sockets TEST Root CA")
};
X509Name dn = X509Helper.GenerateX509Name(names);
Tuple <X509ExtensionLabel, bool, Asn1Encodable>[] exts = new Tuple <X509ExtensionLabel, bool, Asn1Encodable>[]
{
new Tuple <X509ExtensionLabel, bool, Asn1Encodable>(X509ExtensionLabel.BasicConstraints, true, new BasicConstraints(false)),
new Tuple <X509ExtensionLabel, bool, Asn1Encodable>(X509ExtensionLabel.KeyUsage, true, new KeyUsage(KeyUsage.KeyCertSign | KeyUsage.CrlSign))
};
X509Extensions extensions = X509Helper.GenerateX509Extensions(exts);
caCert = X509Helper.GenerateIssuerCert("SHA224withECDSA",
keyPair,
dn,
extensions,
DateTime.UtcNow.AddDays(-1),
365);
_ = PemHelper.KeyToPem(keyPair.Private, PemHelper.DEKAlgorithmNames.RC2_64_CBC, "abc123");
_ = PemHelper.KeyToPem(keyPair.Public);
_ = PemHelper.CertToPem(caCert);
}
public static object GetRootCertRSA()
{
const string pem = @"-----BEGIN CERTIFICATE-----
MIID0TCCArmgAwIBAgIUNvcnxnnREbsVa2vgo71WJgV81WowDQYJKoZIhvcNAQEL
BQAweDELMAkGA1UEBhMCUlUxDzANBgNVBAgMBlJ1c3NpYTEPMA0GA1UEBwwGTW9z
Y293MRcwFQYDVQQKDA5aQU8gQWt0aXYtU29mdDEQMA4GA1UECwwHUnV0b2tlbjEc
MBoGA1UEAwwTUnV0b2tlbiBURVNUIENBIFJTQTAeFw0yMDA4MDEwMjEyNTNaFw0z
MDA3MzAwMjEyNTNaMHgxCzAJBgNVBAYTAlJVMQ8wDQYDVQQIDAZSdXNzaWExDzAN
BgNVBAcMBk1vc2NvdzEXMBUGA1UECgwOWkFPIEFrdGl2LVNvZnQxEDAOBgNVBAsM
B1J1dG9rZW4xHDAaBgNVBAMME1J1dG9rZW4gVEVTVCBDQSBSU0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRmT9Jpctyw/sSn6eWcZ58vUq25kLyM/dU
m4Z7cs+4WzHX7bTMyiW6HqUAG/wun1MKhqcwxxniyjPS5uqY8TuuQApy49RNqFy+
tDsgXY5vqdHaVBgKNSHOrdZLNm4nsxg7OZMJC//P4/MafjXFBfoqMxNRPL5oPKgI
QpN8L1RBScq4Cj2Hc2/ptVnrD7kJgjCbX0pafimq+fdO9NdsGUDT9mHEEiU88JbP
lqod73u5NW5NOUPuW29dAnjuTtC7c+G/pYytRDF5KKwYYul6uoM/6bOBiQhi0Exm
+wloeeI1QOmXtgB4KaKiKd9hItY70Gv4FLvTbMq+BIg6yQc6K/XjAgMBAAGjUzBR
MB0GA1UdDgQWBBTvXsKasDT6V4sKwVqUcaWeLdSA9DAfBgNVHSMEGDAWgBTvXsKa
sDT6V4sKwVqUcaWeLdSA9DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
A4IBAQApdsqcJKEU3hSCLIw68dJM9BO4Z8++Op0LIuJ0xxFJwlkK/MHix6lvk9NK
YOP1w0aZYNPTHaaA6EH4QuR4EVEemt6da9Y63GKH31e46B7DjJTfsuUYMIJwEshQ
2ng+xl+Q1rLPw7OSQ7gyZsNVcKDJdXUsIgaWnx3dZysFblH2bS5TEcj6+e0hsdsj
CTpzdaH+Ln2jAEVnIJPZ3ldewB6MYeOXW/bZEySGZdATKU9yvPkZq+jjE7Z8uck4
4dgRFjzcqlYe/m8XXpIljwJ2M0/eofwpE36kLESXJmxifGl4upi339dcgBGIgf4F
E/k9yPm9hL1oy7HvBNi1bzWZs61m
-----END CERTIFICATE-----
";
return(PemHelper.FromPem(pem));
}
/// <summary>
/// Build and send the deep linking response.
/// </summary>
/// <returns></returns>
public async Task <IActionResult> OnPostAssignActivities()
{
var handler = new JwtSecurityTokenHandler();
Token = handler.ReadJwtToken(IdToken);
LtiRequest = new LtiDeepLinkingRequest(Token.Payload);
var response = new LtiDeepLinkingResponse
{
Data = LtiRequest.DeepLinkingSettings.Data,
DeploymentId = LtiRequest.DeploymentId
};
var contentItems = new List <ContentItem>();
var customParameters = LtiRequest.Custom;
foreach (var activity in Activities)
{
if (activity.Selected)
{
var contentItem = new LtiLinkItem
{
Title = activity.Title,
Text = activity.Description,
Url = Url.Page("./Tool", null, null, Request.Scheme),
Custom = new Dictionary <string, string>
{
{ "activity_id", activity.Id.ToString() }
}
};
if (customParameters != null)
{
foreach (var keyValue in LtiRequest.Custom)
{
contentItem.Custom.TryAdd(keyValue.Key, keyValue.Value);
}
}
contentItems.Add(contentItem);
}
}
response.ContentItems = contentItems.ToArray();
response.AddClaim(new Claim(JwtRegisteredClaimNames.Iss, LtiRequest.Aud[0]));
response.AddClaim(new Claim(JwtRegisteredClaimNames.Aud, LtiRequest.Iss));
response.AddClaim(new Claim(JwtRegisteredClaimNames.Sub, LtiRequest.Sub));
response.AddClaim(new Claim(JwtRegisteredClaimNames.Iat, EpochTime.GetIntDate(DateTime.UtcNow).ToString()));
response.AddClaim(new Claim(JwtRegisteredClaimNames.Nbf, EpochTime.GetIntDate(DateTime.UtcNow.AddSeconds(-5)).ToString()));
response.AddClaim(new Claim(JwtRegisteredClaimNames.Exp, EpochTime.GetIntDate(DateTime.UtcNow.AddMinutes(5)).ToString()));
response.AddClaim(new Claim(JwtRegisteredClaimNames.Nonce, IdentityModel.CryptoRandom.CreateRandomKeyString(8)));
var platform = await _context.GetPlatformByIssuerAsync(LtiRequest.Iss);
var credentials = PemHelper.SigningCredentialsFromPemString(platform.PrivateKey);
var jwt = handler.WriteToken(new JwtSecurityToken(new JwtHeader(credentials), response));
return(Post("id_token", jwt, LtiRequest.DeepLinkingSettings.DeepLinkReturnUrl));
}
public IActionResult Register([FromBody] CmsRequest loginRequest)
{
var cert = PkiProvider.IssueCertificate(loginRequest.Cms);
var pem = PemHelper.ToPem("CERTIFICATE", cert.GetEncoded());
return(Ok(pem));
}
public IActionResult Register([FromBody] CmsRequest loginRequest)
{
var cert = _pkiManager.IssueCertificate(loginRequest.Cms, new DemoBankExtensionBuilder());
var pem = PemHelper.ToPem("CERTIFICATE", cert.GetEncoded());
return(Ok(pem));
}
public IActionResult Register([FromBody] CmsRequest req)
{
var cert = _pkiManager.IssueCertificate(req.Cms, new AllReqExtensionBuilder(req.CrlLink, req.RootCertLink));
var pem = PemHelper.ToPem("CERTIFICATE", cert.GetEncoded());
return(Ok(pem));
}
/// <summary>
/// Verifies the bytes of both the signature and data bytes.
/// This method mostly exists for testing purposes.
/// </summary>
/// <param name="signatureBytes">The signature bytes to verify.</param>
/// <param name="signedDataBytes">The data bytes to verify.</param>
/// <param name="verifySignatureOnly">If we should verify the signature only. Useful for testing only.</param>
internal static void VerifyDetached(byte[] signatureBytes, byte[] signedDataBytes, bool verifySignatureOnly = false)
{
var contentInfo = new ContentInfo(signedDataBytes);
// Create a new, detached SignedCms message.
var signedCms = new SignedCms(contentInfo, true);
PemHelper.TryDecode(signatureBytes, out var signatureBody);
VerifySignedData(signedCms, signatureBody, verifySignatureOnly);
}
public static object GetPrivateKeyGOST()
{
const string pem = @"-----BEGIN PRIVATE KEY-----
MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgOtkebj4d
FvhP2ZHG90xrlcAvqINRpr0tKULljeoJacg=
-----END PRIVATE KEY-----
";
return(PemHelper.FromPem(pem));
}
public static object GetPrivateKeyGOST()
{
var pem = @"-----BEGIN PRIVATE KEY-----
MIGVAgEAMBQGByqGSM49AgEGCSqFAwcBAgEBAQR6MHgCAQEEIAIrJgzELS7HsCQ5
D1iUFbxe6lBfzJ7uuMK8qX6FOx8GoAsGCSqFAwcBAgEBAaFEA0IABKmbTdTXfI0c
kTW472CmfmP9BFP9mLd5gIATUcb8sDhyxGC5aUI2jNrPQmmg5LEVvHY7YnDVs9WQ
xHIY7kcvTlI=
-----END PRIVATE KEY-----
";
return(PemHelper.FromPem(pem));
}
public void PemGenerate()
{
RSACng rsaCng = new RSACng();
RSAParameters rsaParams = new RSAParameters();
rsaParams.Modulus = modulus;
rsaParams.Exponent = exponent;
rsaCng.ImportParameters(rsaParams);
string pemDocument = PemHelper.ExportToPem(rsaCng.Key);
Assert.AreEqual(pemFile, pemDocument);
}
public static object GetRootCertGOST()
{
var pem = @"-----BEGIN CERTIFICATE-----
MIIBIjCBzwIESZYC0jALBgkqhQMHAQIBAQEwHjEcMBoGA1UEAwwTVGVzdCBDQSBD
ZXJ0aWZpY2F0ZTAeFw0xOTA5MjUxMTQ0NDZaFw0xOTA5MjUxMTQ0NDZaMB4xHDAa
BgNVBAMME1Rlc3QgQ0EgQ2VydGlmaWNhdGUwWjAUBgcqhkjOPQIBBgkqhQMHAQIB
AQEDQgAEqZtN1Nd8jRyRNbjvYKZ+Y/0EU/2Yt3mAgBNRxvywOHLEYLlpQjaM2s9C
aaDksRW8djticNWz1ZDEchjuRy9OUjALBgkqhQMHAQIBAQEDQQAsFZ2cAYXgO7F4
vDxv4DVeeta+3+B2/HAi8nwWvVkDKxaiVHPmiCs0MLKJgr5taEsfKmS7dmREuMca
4j4+ylpS
-----END CERTIFICATE-----
";
return(PemHelper.FromPem(pem));
}
public void PemDecode()
{
string tempKeyTestPath = Path.Combine(Path.GetTempPath(), "tempkeyTest.pem");
File.WriteAllText(tempKeyTestPath, pemFile);
CngKey key = PemHelper.ImportFromPem(tempKeyTestPath);
RSACng rsaCng = new RSACng(key);
RSAParameters parameters = rsaCng.ExportParameters(false);
Assert.IsTrue(exponent.SequenceEqual(parameters.Exponent));
Assert.IsTrue(modulus.SequenceEqual(parameters.Modulus));
File.Delete(tempKeyTestPath);
}
public static object GetRootCertGOST()
{
const string pem = @"-----BEGIN CERTIFICATE-----
MIICUTCCAfygAwIBAgIUdaYiYYvOegPnAkThLbRhErcLF54wDAYIKoUDBwEBAwIF
ADB5MQswCQYDVQQGEwJSVTEPMA0GA1UECAwGUnVzc2lhMQ8wDQYDVQQHDAZNb3Nj
b3cxFzAVBgNVBAoMDlpBTyBBa3Rpdi1Tb2Z0MRAwDgYDVQQLDAdSdXRva2VuMR0w
GwYDVQQDDBRSdXRva2VuIFRFU1QgQ0EgR09TVDAeFw0yMDA4MDEwMjEyMDFaFw0z
MDA3MzAwMjEyMDFaMHkxCzAJBgNVBAYTAlJVMQ8wDQYDVQQIDAZSdXNzaWExDzAN
BgNVBAcMBk1vc2NvdzEXMBUGA1UECgwOWkFPIEFrdGl2LVNvZnQxEDAOBgNVBAsM
B1J1dG9rZW4xHTAbBgNVBAMMFFJ1dG9rZW4gVEVTVCBDQSBHT1NUMGYwHwYIKoUD
BwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIDQwAEQMvFyYQYLQUAUOjT8XLogafY
JHvyovfMXTcBz9NZ2+5j8ERZZAlVX/ue7g8I5/V7UyAYyZXAfO+dZDWLno3VJfGj
UzBRMB0GA1UdDgQWBBTcn9JWJKMkNN5QGUYajDqHXWkQqDAfBgNVHSMEGDAWgBTc
n9JWJKMkNN5QGUYajDqHXWkQqDAPBgNVHRMBAf8EBTADAQH/MAwGCCqFAwcBAQMC
BQADQQDNZDltHh/vvus3D+wMoTWlmBurnLz5ZvNRsHJttsXnnVyPWQ71AnKt3Ro1
gMJjz6o15lbQUXx8ESkFMcpEtldV
-----END CERTIFICATE-----
";
return(PemHelper.FromPem(pem));
}
/// <summary>
/// Verify the bytes. This exists mostly for testing.
/// </summary>
/// <param name="bytes">The bytes to verify.</param>
internal static void VerifyAttached(byte[] bytes)
{
PemHelper.TryDecode(bytes, out var body);
VerifySignedData(new SignedCms(), body);
}
