public static X509Certificate2 GetCertificateWithPrivateKey(X509Certificate bcCertificate, AsymmetricCipherKeyPair keyPair)
        {
            Assert.IsType <RsaPrivateCrtKeyParameters>(keyPair.Private);

            var privateKeyParameters = (RsaPrivateCrtKeyParameters)keyPair.Private;

#if IS_DESKTOP
            RSA privateKey = DotNetUtilities.ToRSA(privateKeyParameters);

            var certificate = new X509Certificate2(bcCertificate.GetEncoded());

            certificate.PrivateKey = privateKey;
#else
            RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters(privateKeyParameters);

            var privateKey = new RSACryptoServiceProvider();

            privateKey.ImportParameters(rsaParameters);

            X509Certificate2 certificate;

            using (var certificateTmp = new X509Certificate2(bcCertificate.GetEncoded()))
            {
                certificate = RSACertificateExtensions.CopyWithPrivateKey(certificateTmp, privateKey);
            }
#endif
            return(certificate);
        }
        /// <summary>
        /// Validates the public key requirements for a certificate
        /// </summary>
        /// <param name="certificate">Certificate to validate</param>
        /// <returns>True if the certificate's public key is valid within NuGet signature requirements</returns>
        public static bool IsCertificatePublicKeyValid(X509Certificate2 certificate)
        {
            // Check if the public key is RSA with a valid keysize
            var RSAPublicKey = RSACertificateExtensions.GetRSAPublicKey(certificate);

            if (RSAPublicKey != null)
            {
                return(RSAPublicKey.KeySize >= SigningSpecifications.V1.RSAPublicKeyMinLength);
            }

            return(false);
        }
        /// <summary>
        /// Validates the public key requirements for a certificate
        /// </summary>
        /// <param name="certificate">Certificate to validate</param>
        /// <returns>True if the certificate's public key is valid within NuGet signature requirements</returns>
        public static bool IsCertificatePublicKeyValid(X509Certificate2 certificate)
        {
            // Check if the public key is RSA with a valid keysize
#if NET45
            System.Security.Cryptography.RSA RSAPublicKey = certificate.PublicKey.Key as System.Security.Cryptography.RSA;
#else
            System.Security.Cryptography.RSA RSAPublicKey = RSACertificateExtensions.GetRSAPublicKey(certificate);
#endif

            if (RSAPublicKey != null)
            {
                return(RSAPublicKey.KeySize >= SigningSpecifications.V1.RSAPublicKeyMinLength);
            }

            return(false);
        }
Beispiel #4
0
        private (X509Certificate2 deviceCertificate, X509Certificate2Collection collectionCertificates) LoadCertificateFromPfx(byte[] certificateRaw, string password)
        {
            var certificateCollection = new X509Certificate2Collection();

            certificateCollection.Import(
                certificateRaw,
                password,
                X509KeyStorageFlags.Exportable | X509KeyStorageFlags.UserKeySet | X509KeyStorageFlags.PersistKeySet);

            X509Certificate2 certificate = null;
            var outcollection            = new X509Certificate2Collection();

            foreach (X509Certificate2 element in certificateCollection)
            {
                DebugHelper.LogVerbose($"Found certificate: {element?.Thumbprint} " +
                                       $"{element?.Subject}; PrivateKey: {element?.HasPrivateKey}");
                if (certificate == null && element.HasPrivateKey)
                {
                    certificate = element;
                }
                else if (certificate == null && !((X509BasicConstraintsExtension)element.Extensions["Basic Constraints"]).CertificateAuthority)
                {
                    using (RSA key = SimulatedDevice.GetPrivateKey())
                    {
                        certificate = new X509Certificate2(RSACertificateExtensions.CopyWithPrivateKey(element, key)
                                                           .Export(X509ContentType.Pkcs12, SecretManager.CertificatePasskey), SecretManager.CertificatePasskey, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.UserKeySet | X509KeyStorageFlags.PersistKeySet);
                    }
                }
                else
                {
                    outcollection.Add(element);
                }
            }

            if (certificate == null)
            {
                DebugHelper.LogError($"ERROR: the certificate did not " +
                                     $"contain any certificate with a private key.");
                return(null, null);
            }
            else
            {
                DebugHelper.LogVerbose($"Using certificate {certificate.Thumbprint} " +
                                       $"{certificate.Subject}");
                return(certificate, outcollection);
            }
        }
Beispiel #5
0
        private void button_Auth_Click(object sender, EventArgs e)
        {
            X509Certificate2 cert = new X509Certificate2("MPS_APK_AUTH.pfx", "Zqmh1234");
            RSA        key        = RSACertificateExtensions.GetRSAPrivateKey(cert);
            FileStream fs         = new FileStream(textBox_APK.Text, FileMode.Open);

            byte[] hash = HashAlgorithm.Create("SHA1").ComputeHash(fs);
            fs.Close();

            string signData         = new ByteArray(hash).ToHexString();
            string authExpireString = dateTimePicker_AuthExpire.Checked ? dateTimePicker_AuthExpire.Value.ToString("yyyyMMdd") : "00000000";

            signData += authExpireString;

            byte[] data  = new ByteArray(signData, ByteArray.StringEncodingTypeEnum.ASCII).Data;
            byte[] value = key.SignData(data, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);

            //  Test verify
            if (!key.VerifyData(data, value, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1) || !RSACertificateExtensions.GetRSAPublicKey(cert).VerifyData(data, value, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1))
            {
                MessageBox.Show("私钥证书验证签名失败", "错误", MessageBoxButtons.OK, MessageBoxIcon.Error);
                return;
            }
            X509Certificate2 cert2 = new X509Certificate2("MPS_APK_AUTH.cer");

            if (!RSACertificateExtensions.GetRSAPublicKey(cert2).VerifyData(data, value, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1))
            {
                MessageBox.Show("私钥证书验证签名失败", "错误", MessageBoxButtons.OK, MessageBoxIcon.Error);
                return;
            }

            //wirte to file
            string       signFileName = textBox_APK.Text + ".sign";
            StreamWriter sw           = new StreamWriter(signFileName);

            sw.WriteLine("Expire: " + authExpireString);
            sw.WriteLine("Signature: " + Convert.ToBase64String(value));
            //sw.WriteLine(new ByteArray(value).ToHexString());
            sw.Close();

            MessageBox.Show($"授权文件-{signFileName}-生成成功", "信息", MessageBoxButtons.OK, MessageBoxIcon.Information);
        }
Beispiel #6
0
        private X509Certificate2 OpenCertificateStore(Stream stream)
        {
            Pkcs12Store store = new Pkcs12Store();

            store.Load(stream, new char[] { });

            var keyAlias = store.Aliases.Cast <string>().SingleOrDefault(a => store.IsKeyEntry(a));

            var key = (RsaPrivateCrtKeyParameters)store.GetKey(keyAlias).Key;
            var bouncyCertificate = store.GetCertificate(keyAlias).Certificate;

            var certificate = new X509Certificate2(DotNetUtilities.ToX509Certificate(bouncyCertificate));
            var parameters  = DotNetUtilities.ToRSAParameters(key);

            RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();

            rsa.ImportParameters(parameters);

            certificate = RSACertificateExtensions.CopyWithPrivateKey(certificate, rsa);

            return(certificate);
        }
Beispiel #7
0
        public string GenerateToken(User user)
        {
            var            tokenHandler = new JwtSecurityTokenHandler();
            RsaSecurityKey securityKey  = new RsaSecurityKey(RSACertificateExtensions.GetRSAPrivateKey(_certificate));

            securityKey.KeyId = _tenantData.KeyID;
            var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.RsaSha256);

            var tokenDescriptor = new SecurityTokenDescriptor
            {
                Subject = new ClaimsIdentity(new Claim[]
                {
                    new Claim("sub", user.Subject),
                    new Claim("subType", "user"),
                    new Claim("name", user.DisplayName),
                    new Claim("email", user.Email),
                    new Claim("email_verified", "true", ClaimValueTypes.Boolean)
                }),
                Expires            = DateTime.UtcNow.AddHours(3),
                Issuer             = _tenantData.Issuer,
                Audience           = "qlik.api/login/jwt-session",
                SigningCredentials = signingCredentials
            };

            if (user.HasImageURL())
            {
                tokenDescriptor.Subject.AddClaim(new Claim("picture", user.ImageURL));
            }
            for (int i = 0; i < user.Groups.Length; i++)
            {
                tokenDescriptor.Subject.AddClaim(new Claim("groups", user.Groups[i]));
            }

            var    token    = tokenHandler.CreateToken(tokenDescriptor);
            string jwtToken = tokenHandler.WriteToken(token);

            return(jwtToken);
        }
Beispiel #8
0
        static void Main(string[] args)
        {
            // openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out crt.pem
            string certificateText = File.ReadAllText("crt.pem");
            string privateKeyText  = File.ReadAllText("key.pem");

            ServicePointManager.Expect100Continue      = true;
            ServicePointManager.SecurityProtocol       = (SecurityProtocolType)3072;
            ServicePointManager.DefaultConnectionLimit = 9999;

            // Ignore Server Certificate validation
            ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;

            HttpWebRequest req = (HttpWebRequest)WebRequest.Create(@"https://server.cryptomix.com/secure/");

            req.PreAuthenticate = true;

            ICertificateProvider provider = new CertificateFromFileProvider(certificateText, privateKeyText, true);

#if NETCOREAPP2_0
            // https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.rsacertificateextensions.copywithprivatekey?redirectedfrom=MSDN&view=netcore-2.0#System_Security_Cryptography_X509Certificates_RSACertificateExtensions_CopyWithPrivateKey_System_Security_Cryptography_X509Certificates_X509Certificate2_System_Security_Cryptography_RSA_
            X509Certificate2 certificate = RSACertificateExtensions.CopyWithPrivateKey(provider.Certificate, provider.PrivateKey);
#else
            X509Certificate2 certificate = provider.Certificate;
#endif
            req.ClientCertificates.Add(certificate);

            HttpWebResponse response = (HttpWebResponse)req.GetResponse();

            var encoding = Encoding.ASCII;
            using (var reader = new StreamReader(response.GetResponseStream(), encoding))
            {
                string responseText = reader.ReadToEnd();
                Console.WriteLine(responseText);
            }
        }