public DifiGatewaySettings CreateGatewaySettings() { var service = new System.Security.Cryptography.X509Certificates.X509Certificate2("Certificates\\idporten-ver2.difi.no-v2.crt", "changeit"); var client = new System.Security.Cryptography.X509Certificates.X509Certificate2("Certificates\\WcfClient.pfx", "changeit"); var settings = new DifiGatewaySettings(client, service); return settings; }
static void Main(string[] args) { System.Security.Cryptography.X509Certificates.X509Certificate2 cert = null; if (System.IO.File.Exists("cert.pfx") && System.IO.File.Exists("pw.txt")) cert = new System.Security.Cryptography.X509Certificates.X509Certificate2("cert.pfx", System.IO.File.ReadAllText("pw.txt")); //serv = new vProto.BaseServer(5665, cert); if (cert == null) serv = new vProto.Protocols.TCP.Server(5665); else serv = new vProto.Protocols.TCP.SSL.Server(5665, cert); serv.ClientConnected += serv_ClientConnected; serv.ClientConnectionFailed += serv_ClientConnectionFailed; serv.ClientDisconnected += serv_ClientDisconnected; serv.Start(); var updater = new Timer(new TimerCallback(delegate(object state) { var peers = serv.ListAllClientIDs(); string peerStr = string.Empty; if (peers == null) { peerStr = "No clients!?"; } else { peerStr = "#" + peers.Count; if (peers.Count < 15) for (int i = 0; i < peers.Count; i++) if (i == 0) peerStr += ": " + peers[i]; else peerStr += ", " + peers[i]; } Console.Title = string.Format("Speed: In {0}; Out {1}; Clients: {2}", serv.IncommingSpeed, serv.OutgoingSpeed, peerStr); //for (int i = 0; i < peers.Count; i++) // serv[i].SendData(Encoding.UTF8.GetBytes(Console.Title)); }), null, 1000, 1000); Console.ReadLine(); serv.Dispose(); updater.Dispose(); }
private string GetSelloFromPFX(string cadenaOriginal) { System.Security.Cryptography.SHA1CryptoServiceProvider sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider(); System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(this.PFXArchivo, this.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet); System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey; System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding(); byte[] binData = encoder.GetBytes(cadenaOriginal); byte[] binSignature = rsaCryptoIPT.SignData(binData, sha1); string sello = Convert.ToBase64String(binSignature); return sello; }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { loggerFactory.AddConsole(Configuration.GetSection("Logging")); loggerFactory.AddDebug(); var certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2("MyCertificate.pfx", "CertPass"); app.UseKestrelHttps(certificate); app.UseIISPlatformHandler(); app.UseStaticFiles(); app.UseMvc(); }
private static HttpWebRequest CreateRequest(string url, string managementCertificate) { var cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(Convert.FromBase64String(managementCertificate)); var request = (HttpWebRequest)HttpWebRequest.CreateDefault(new Uri(url)); request.Headers.Add("x-ms-version", "2013-11-01"); request.Method = "GET"; request.ContentType = "application/xml"; // Attach the certificate to the request. request.ClientCertificates.Add(cert); return request; }
static void Main(string[] args) { var pk = PassKit.Parse(System.IO.Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "costco.pkpass")); Console.WriteLine(pk.Barcode.Message); var cert = new System.Security.Cryptography.X509Certificates.X509Certificate2( Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testpass.p12"), "password"); var outFile = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "testoutput.pkpass"); try { File.Delete(outFile); } catch { } pk.Write(outFile, cert); Console.WriteLine("OK"); }
public static bool IsSignedBy(this X509Certificate thisCertificate, X509Certificate signerCertificate) { X509Certificate2 c = new X509Certificate2(thisCertificate.GetTbsCertificate()); X509Certificate2 i = new X509Certificate2(signerCertificate.GetTbsCertificate()); X509Certificate2 c2 = new X509Certificate2(@"c:\temp\der.cer"); X509Certificate2 i2 = new X509Certificate2(@"c:\temp\cader.cer"); /*byte[] pvSubject = thisCertificate.GetTbsCertificate(); byte[] pvIssuer = signerCertificate.GetTbsCertificate(); */ System.Text.Encoding.ASCII.GetString(c.RawData); IntPtr pvSubject = c.Handle; IntPtr pvIssuer = i.Handle; int res = SspiProvider.CryptVerifyCertificateSignatureEx(IntPtr.Zero, X509_ASN_ENCODING, CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, pvSubject, CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, pvIssuer, 0, IntPtr.Zero); Marshal.GetLastWin32Error(); CmsSigner signer = new CmsSigner(i); SignedCms signedMessage = new SignedCms(); // deserialize PKCS #7 byte array signedMessage.Decode(thisCertificate.GetTbsCertificate()); Log.Write("Veryfy old"); Log.Write("EndVeryfy old"); Log.Write("Get signer's public key"); var publicKey = signerCertificate.GetPublicKey(); Log.Write("Got signer's public key"); try { Log.Write("Veryfy signature"); //TODO: log errors thisCertificate.Verify(publicKey); Log.Write("Verified"); } catch (CertificateException) { return false; } catch (InvalidKeyException) { return false; } return true; }
public string Format(string format, object arg, System.IFormatProvider formatProvider) { var str = string.Empty; System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate = null; var flag = false; if (arg is System.Security.Cryptography.X509Certificates.X509Certificate2) x509Certificate = arg as System.Security.Cryptography.X509Certificates.X509Certificate2; else if (arg is System.Security.Cryptography.X509Certificates.X509Certificate) { try { x509Certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2((System.Security.Cryptography.X509Certificates.X509Certificate) arg); } catch (System.Security.Cryptography.CryptographicException ex) { flag = true; str = string.Format("Error formatting certificate: {0}", ex.Message); } } if (x509Certificate != null) str = ExFormatProvider.FormatX509Certificate(x509Certificate, format, defaultFormatProvider); else if (!flag) str = !(arg is System.IFormattable) ? (arg == null ? string.Empty : arg.ToString()) : ((System.IFormattable) arg).ToString(format, defaultFormatProvider); return str; }
// https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/20151102 // set by? // Z:\jsc.svn\core\ScriptCoreLib.Ultra.Library\ScriptCoreLib.Ultra.Library\Extensions\TcpListenerExtensions.cs public static void Invoke(InternalGlobal g) { // did we ask the user for PIN ? var path = new FileInfo("ClientCertificate.crt"); if (path.Exists) { try { Console.WriteLine("enter InternalCassiniClientCertificateLoader " + new { path.FullName } //+ new { Environment.CurrentDirectory, typeof(InternalCassiniClientCertificateLoader).Assembly.Location } ); // 'System.Security.Cryptography.X509Certificates.X509Certificate' to type 'System.Security.Cryptography.X509Certificates.X509Certificate2'. var crt = new System.Security.Cryptography.X509Certificates.X509Certificate2(); crt.Import(File.ReadAllBytes(path.FullName)); g.ClientCertificate = crt; } catch (Exception err) { Console.WriteLine(new { err }); throw; } finally { File.Delete(path.FullName); } } }
public static Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions UseHttps(this Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions listenOptions, System.Security.Cryptography.X509Certificates.X509Certificate2 serverCertificate, System.Action <Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionAdapterOptions> configureOptions) { throw null; }
/// <summary> /// /// </summary> /// <remarks>Based on <see cref="http://www.fkollmann.de/v2/post/Creating-certificates-using-BouncyCastle.aspx"/></remarks> /// <param name="subjectName"></param> /// <returns></returns> public static void z_dep_GenerateCertificate(string subjectName, long serialNumber, DateTime expireOn, System.Security.Cryptography.X509Certificates.X509Certificate2 issuingCertificate, out string thumbprint, out string pemPrivateKey, out string pemPublicCert, out byte[] publicCert, out byte[] pkcs12Data, out string password) { AsymmetricKeyParameter caPrivateKey; var caCert = ReadCertificateFromX509Certificate2(issuingCertificate, out caPrivateKey); //var caAuth = new AuthorityKeyIdentifierStructure(caCert); //var authKeyId = new AuthorityKeyIdentifier(caAuth.GetKeyIdentifier()); // --------------------------- // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var gen = new X509V3CertificateGenerator(); // var certName = new X509Name("CN=" + subjectName); var list = new Dictionary<string, string>(); AddItems(list, "CN", subjectName); AddItems(list, "O", "CompliaShield"); AddItems(list, "OU", "CompliaShield"); //var simpleCertName = GetItemString(list); //var certNameLight = new X509Name(simpleCertName); list.Add("L", "Boulder"); list.Add("ST", "Colorado"); list.Add("C", "US"); var subjectFull = GetItemString(list); var certName = new X509Name(subjectFull); BigInteger serialNo; if (serialNumber == 0) { serialNo = BigInteger.ProbablePrime(120, random); } else { serialNo = BigInteger.ValueOf(serialNumber); } gen.SetSerialNumber(serialNo); gen.SetSubjectDN(certName); gen.SetIssuerDN(caCert.IssuerDN); var issuerPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(caCert.GetPublicKey()); var issuerGeneralNames = new GeneralNames(new GeneralName(caCert.IssuerDN)); var issuerSerialNumber = caCert.SerialNumber; var authorityKeyIdentifier = new AuthorityKeyIdentifier(issuerPublicKeyInfo, issuerGeneralNames, issuerSerialNumber); gen.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, true, authorityKeyIdentifier); // gen.SetIssuerUniqueID(caCert.IssuerUniqueID.GetBytes()) gen.SetNotAfter(expireOn); gen.SetNotBefore(DateTime.Now.AddHours(-2)); gen.SetSignatureAlgorithm("SHA256WithRSA"); //("MD5WithRSA"); var kpgen = new RsaKeyPairGenerator(); kpgen.Init(new KeyGenerationParameters(random, 2048)); // new SecureRandom(new CryptoApiRandomGenerator()), 2048)); var subjectKeyPair = kpgen.GenerateKeyPair(); gen.SetPublicKey(subjectKeyPair.Public); gen.AddExtension( X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPClientAuth, KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPCodeSigning })); //1.3.6.1.5.5.7.3.1 = server authentication //1.3.6.1.5.5.7.3.2 = client authentication //1.3.6.1.5.5.7.3.3 = code signing var certificate = gen.Generate(caPrivateKey); PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); // merge into X509Certificate2 var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded()); if (seq.Count != 9) { throw new PemException("Malformed sequence in RSA private key."); } var rsa = new RsaPrivateKeyStructure(seq); RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); //------------- //RsaPrivateCrtKeyParameters rsaparams = (RsaPrivateCrtKeyParameters)subjectKeyPair.Private; RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters(rsaparams); CspParameters cspParameters = new CspParameters(); cspParameters.KeyContainerName = Guid.NewGuid().ToString(); // "MyKeyContainer"; RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(2048, cspParameters); rsaKey.ImportParameters(rsaParameters); // ------------ x509.PrivateKey = rsaKey; // DotNetUtilities.ToRSA(rsaparams); // Generating Random Numbers var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-()#$%^&@+=!{}[]*.,"; var rnd = new Random(); password = new string( Enumerable.Repeat(chars, 32) .Select(s => s[rnd.Next(s.Length)]) .ToArray()); thumbprint = x509.Thumbprint.ToLower(); publicCert = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert); var privateKeyPem = new StringBuilder(); var privateKeyPemWriter = new PemWriter(new StringWriter(privateKeyPem)); privateKeyPemWriter.WriteObject(certificate); privateKeyPemWriter.WriteObject(subjectKeyPair.Private); privateKeyPemWriter.Writer.Flush(); pemPrivateKey = privateKeyPem.ToString(); var publicKeyPem = new StringBuilder(); var utf8WithoutBom = new System.Text.UTF8Encoding(false); var publicKeyPemWriter = new PemWriter(new StringWriterWithEncoding(publicKeyPem, utf8WithoutBom)); publicKeyPemWriter.WriteObject(certificate); publicKeyPemWriter.Writer.Flush(); pemPublicCert = publicKeyPem.ToString(); pemPublicCert = pemPublicCert.Replace(Environment.NewLine, "\n"); //only use newline and not returns pkcs12Data = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pfx, password); }
// Only the ctor should be calling with isAuthority = true // if isAuthority, value for isMachineCert doesn't matter private X509CertificateContainer CreateCertificate(bool isAuthority, bool isMachineCert, X509Certificate signingCertificate, CertificateCreationSettings certificateCreationSettings) { if (certificateCreationSettings == null) { if (isAuthority) { certificateCreationSettings = new CertificateCreationSettings(); } else { throw new Exception("Parameter certificateCreationSettings cannot be null when isAuthority is false"); } } // Set to default cert creation settings if not set if (certificateCreationSettings.ValidityNotBefore == default(DateTime)) { certificateCreationSettings.ValidityNotBefore = _defaultValidityNotBefore; } if (certificateCreationSettings.ValidityNotAfter == default(DateTime)) { certificateCreationSettings.ValidityNotAfter = _defaultValidityNotAfter; } string[] subjects = certificateCreationSettings.Subjects; if (!isAuthority ^ (signingCertificate != null)) { throw new ArgumentException("Either isAuthority == true or signingCertificate is not null"); } if (!isAuthority && (subjects == null || subjects.Length == 0)) { throw new ArgumentException("If not creating an authority, must specify at least one Subject", "subjects"); } if (!isAuthority && string.IsNullOrWhiteSpace(subjects[0])) { throw new ArgumentException("Certificate Subject must not be an empty string or only whitespace", "creationSettings.Subjects"); } EnsureInitialized(); _certGenerator.Reset(); _certGenerator.SetSignatureAlgorithm(_signatureAlthorithm); X509Name authorityX509Name = CreateX509Name(_authorityCanonicalName); var keyPair = isAuthority ? _authorityKeyPair : _keyPairGenerator.GenerateKeyPair(); if (isAuthority) { _certGenerator.SetIssuerDN(authorityX509Name); _certGenerator.SetSubjectDN(authorityX509Name); var authorityKeyIdentifier = new AuthorityKeyIdentifier( SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(_authorityKeyPair.Public), new GeneralNames(new GeneralName(authorityX509Name)), new BigInteger(7, _random).Abs()); _certGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, true, authorityKeyIdentifier); _certGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(X509KeyUsage.DigitalSignature | X509KeyUsage.KeyAgreement | X509KeyUsage.KeyCertSign | X509KeyUsage.KeyEncipherment | X509KeyUsage.CrlSign)); } else { X509Name subjectName = CreateX509Name(subjects[0]); _certGenerator.SetIssuerDN(PrincipalUtilities.GetSubjectX509Principal(signingCertificate)); _certGenerator.SetSubjectDN(subjectName); _certGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, true, new AuthorityKeyIdentifierStructure(_authorityKeyPair.Public)); _certGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(X509KeyUsage.DigitalSignature | X509KeyUsage.KeyAgreement | X509KeyUsage.KeyEncipherment)); } _certGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.Public)); _certGenerator.SetSerialNumber(new BigInteger(64 /*sizeInBits*/, _random).Abs()); _certGenerator.SetNotBefore(certificateCreationSettings.ValidityNotBefore); _certGenerator.SetNotAfter(certificateCreationSettings.ValidityNotAfter); _certGenerator.SetPublicKey(keyPair.Public); _certGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(isAuthority)); _certGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth)); if (!isAuthority) { if (isMachineCert) { List<Asn1Encodable> subjectAlternativeNames = new List<Asn1Encodable>(); // All endpoints should also be in the Subject Alt Names for (int i = 0; i < subjects.Length; i++) { if (!string.IsNullOrWhiteSpace(subjects[i])) { // Machine certs can have additional DNS names subjectAlternativeNames.Add(new GeneralName(GeneralName.DnsName, subjects[i])); } } _certGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new DerSequence(subjectAlternativeNames.ToArray())); } else { if (subjects.Length > 1) { var subjectAlternativeNames = new Asn1EncodableVector(); // Only add a SAN for the user if there are any for (int i = 1; i < subjects.Length; i++) { if (!string.IsNullOrWhiteSpace(subjects[i])) { Asn1EncodableVector otherNames = new Asn1EncodableVector(); otherNames.Add(new DerObjectIdentifier(_upnObjectId)); otherNames.Add(new DerTaggedObject(true, 0, new DerUtf8String(subjects[i]))); Asn1Object genName = new DerTaggedObject(false, 0, new DerSequence(otherNames)); subjectAlternativeNames.Add(genName); } } _certGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new DerSequence(subjectAlternativeNames)); } } } var crlDistributionPoints = new DistributionPoint[1] { new DistributionPoint(new DistributionPointName( new GeneralNames(new GeneralName(GeneralName.UniformResourceIdentifier, _crlUri))), null, new GeneralNames(new GeneralName(authorityX509Name))) }; var revocationListExtension = new CrlDistPoint(crlDistributionPoints); _certGenerator.AddExtension(X509Extensions.CrlDistributionPoints, false, revocationListExtension); X509Certificate cert = _certGenerator.Generate(_authorityKeyPair.Private, _random); if (certificateCreationSettings.IsValidCert) { EnsureCertificateValidity(cert); } // For now, given that we don't know what format to return it in, preserve the formats so we have // the flexibility to do what we need to X509CertificateContainer container = new X509CertificateContainer(); X509CertificateEntry[] chain = new X509CertificateEntry[1]; chain[0] = new X509CertificateEntry(cert); Pkcs12Store store = new Pkcs12StoreBuilder().Build(); store.SetKeyEntry("", new AsymmetricKeyEntry(keyPair.Private), chain); using (MemoryStream stream = new MemoryStream()) { store.Save(stream, _password.ToCharArray(), _random); container.Pfx = stream.ToArray(); } X509Certificate2 outputCert; if (isAuthority) { // don't hand out the private key for the cert when it's the authority outputCert = new X509Certificate2(cert.GetEncoded()); } else { // Otherwise, allow encode with the private key. note that X509Certificate2.RawData will not provide the private key // you will have to re-export this cert if needed outputCert = new X509Certificate2(container.Pfx, _password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet); } container.Subject = subjects[0]; container.InternalCertificate = cert; container.Certificate = outputCert; container.Thumbprint = outputCert.Thumbprint; Trace.WriteLine("[CertificateGenerator] generated a certificate:"); Trace.WriteLine(string.Format(" {0} = {1}", "isAuthority", isAuthority)); if (!isAuthority) { Trace.WriteLine(string.Format(" {0} = {1}", "Signed by", signingCertificate.SubjectDN)); Trace.WriteLine(string.Format(" {0} = {1}", "Subject (CN) ", subjects[0])); Trace.WriteLine(string.Format(" {0} = {1}", "Alt names ", string.Join(", ", subjects))); } Trace.WriteLine(string.Format(" {0} = {1}", "HasPrivateKey:", outputCert.HasPrivateKey)); Trace.WriteLine(string.Format(" {0} = {1}", "Thumbprint", outputCert.Thumbprint)); return container; }
public void Setup() { _serverCert = Test.Common.Configuration.Certificates.GetServerCertificate(); _listener = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); _listener.Bind(new IPEndPoint(IPAddress.Loopback, 0)); _listener.Listen(int.MaxValue); string responseText = "HTTP/1.1 200 OK\r\n" + (chunkedResponse ? $"Transfer-Encoding: chunked\r\n\r\n{responseLength.ToString("X")}\r\n{new string('a', responseLength)}\r\n0\r\n\r\n" : $"Content-Length: {responseLength}\r\n\r\n{new string('a', responseLength)}"); ReadOnlyMemory <byte> responseBytes = Encoding.UTF8.GetBytes(responseText); _serverTask = Task.Run(async() => { try { while (true) { using (Socket s = await _listener.AcceptAsync()) { try { Stream stream = new NetworkStream(s); if (ssl) { var sslStream = new SslStream(stream, false, delegate { return(true); }); await sslStream.AuthenticateAsServerAsync(_serverCert, false, SslProtocols.None, false); stream = sslStream; } using (var reader = new StreamReader(stream, Encoding.ASCII, detectEncodingFromByteOrderMarks: false, bufferSize: 100)) { while (true) { while (!string.IsNullOrEmpty(await reader.ReadLineAsync())) { ; } await stream.WriteAsync(responseBytes); } } } catch (SocketException e) when(e.SocketErrorCode == SocketError.ConnectionAborted) { } } } } catch { } }); var ep = (IPEndPoint)_listener.LocalEndPoint; var uri = new Uri($"http{(ssl ? "s" : "")}://{ep.Address}:{ep.Port}/"); _handler = new SocketsHttpHandler(); _invoker = new HttpMessageInvoker(_handler); if (ssl) { _handler.SslOptions.RemoteCertificateValidationCallback = delegate { return(true); }; } _request = new HttpRequestMessage(HttpMethod.Get, uri); }
public void reload_attach_inbound(ReloadMessage recmsg) { try { AttachReqAns req_answ = (AttachReqAns)recmsg.reload_message_body; NodeId OriginatorID = recmsg.OriginatorID; if (req_answ != null && req_answ.ice_candidates != null) { //if (ReloadGlobals.UseNoIce || m_ReloadConfig.IsBootstrap) //{ //Node attacher = new Node(recmsg.OriginatorID, req_answ.ice_candidates); // markus, moved down //bool isFinger = m_topology.routing_table.isFinger(attacher.Id); //m_topology.routing_table.AddNode(attacher); //m_topology.routing_table.SetNodeState(recmsg.OriginatorID, NodeState.attached); //} // incoming ATTACH REQUEST, so localnode is controlled agent if (recmsg.IsRequest()) { m_ReloadConfig.Logger(ReloadGlobals.TRACEFLAGS.T_RELOAD, String.Format("{0} ==> {1} TransId={2:x16}", RELOAD_MessageCode.Attach_Answer.ToString().PadRight(16, ' '), OriginatorID, recmsg.TransactionID)); ReloadMessage sendmsg = create_attach_answ( new Destination(OriginatorID), recmsg.TransactionID); // log output m_ReloadConfig.Logger(ReloadGlobals.TRACEFLAGS.T_INFO, String.Format("Attach Request: Transaction ID: {0:x}", recmsg.TransactionID)); foreach (IceCandidate cand in ((AttachReqAns)sendmsg.reload_message_body).ice_candidates) m_ReloadConfig.Logger(ReloadGlobals.TRACEFLAGS.T_INFO, String.Format("Attach Request: Gathered local candidate for Answer: {0}:{1} (TransId: {2:x})", cand.addr_port.ipaddr.ToString(), cand.addr_port.port, sendmsg.TransactionID)); foreach (IceCandidate cand in req_answ.ice_candidates) m_ReloadConfig.Logger(ReloadGlobals.TRACEFLAGS.T_INFO, String.Format("Attach Request: Received remote candidate: {0}:{1} (TransId: {2:x})", cand.addr_port.ipaddr.ToString(), cand.addr_port.port, recmsg.TransactionID)); recmsg.PutViaListToDestination(sendmsg); //sendmsg.addOverlayForwardingOptions(recmsg); //Proprietary //--Joscha if (m_machine is GWMachine) { //workaround in case date is stored at the gateway node responsible to route the message back into the interconnectionoverlay if (sendmsg.forwarding_header.destination_list[0].destination_data.node_id == ((GWMachine)m_machine).GateWay.interDomainPeer.Topology.LocalNode.Id) { sendmsg.reload_message_body.RELOAD_MsgCode = RELOAD_MessageCode.Fetch_Answer; ((GWMachine)m_machine).GateWay.interDomainPeer.Transport.receive_message(sendmsg); } else send(sendmsg, m_topology.routing_table.GetNode(recmsg.LastHopNodeId)); } else { send(sendmsg, m_topology.routing_table.GetNode(recmsg.LastHopNodeId)); } // markus if (!ReloadGlobals.UseNoIce) // using ICE { // we only need ICE processing if localnode is a peer (in case of bootstrap we need no checks) if (!m_ReloadConfig.IsBootstrap) { #region ICE TODO // localnode is Peer => ICE processing (this is controlled node) AttachReqAns attachAnswer = (AttachReqAns)sendmsg.reload_message_body; // deep copy of local and remote ice candidates List<IceCandidate> localIceCandidatesCopy = new List<IceCandidate>(); List<IceCandidate> remoteIceCandidatesCopy = new List<IceCandidate>(); // local candidates foreach (IceCandidate cand in attachAnswer.ice_candidates) { IceCandidate deepCopy = (IceCandidate)cand.Clone(); localIceCandidatesCopy.Add(deepCopy); } // remote candidates foreach (IceCandidate cand in req_answ.ice_candidates) { IceCandidate deepCopy = (IceCandidate)cand.Clone(); remoteIceCandidatesCopy.Add(deepCopy); } // now form check list //CheckList checkList = ICE.FormCheckList(attachAnswer.ice_candidates, req_answ.ice_candidates, false); CheckList checkList = ICE.FormCheckList(localIceCandidatesCopy, remoteIceCandidatesCopy, false); ICE.PrintCandidatePairList(checkList.candidatePairs); Console.WriteLine("ThreadId: {0}, send_params einfügen: checkList count {1}", Thread.CurrentThread.ManagedThreadId, checkList.candidatePairs.Count); // Add to connection queue for (int i = 0; i < checkList.candidatePairs.Count; i++) { ReloadSendParameters send_params = new ReloadSendParameters() { connectionTableEntry = null, destinationAddress = checkList.candidatePairs[i].remoteCandidate.addr_port.ipaddr, port = checkList.candidatePairs[i].remoteCandidate.addr_port.port, buffer = null, frame = false, done = new Port<bool>(), // markus connectionSocket = null, }; // if key already exists => skip if (!GetForwardingAndLinkManagementLayer().GetConnectionQueue().ContainsKey(checkList.candidatePairs[i].remoteCandidate)) GetForwardingAndLinkManagementLayer().GetConnectionQueue().Add(checkList.candidatePairs[i].remoteCandidate, send_params); } ICE.ScheduleChecks(checkList, m_ReloadConfig.Logger); // Wait for signals of all succeded candidate pairs. Only one of the succeded candidate pairs is nominated #region signaling // wait for nomination signal List<Thread> waitingThreads = new List<Thread>(); foreach (CandidatePair candPair in checkList.candidatePairs) { if (candPair.state == CandidatePairState.Succeeded) { switch (candPair.localCandidate.tcpType) { case TcpType.Active: { if (candPair.localCandidate.activeConnectingSocket != null) { Thread waitThread = new Thread(() => { candPair.nominated = ICE.WaitForSignal(candPair.localCandidate.activeConnectingSocket); }); waitingThreads.Add(waitThread); waitThread.Start(); } } break; case TcpType.Passive: { if (candPair.localCandidate.passiveAcceptedSocket != null) { Thread waitThread = new Thread(() => { candPair.nominated = ICE.WaitForSignal(candPair.localCandidate.passiveAcceptedSocket); }); waitingThreads.Add(waitThread); waitThread.Start(); } } break; case TcpType.SO: { if (candPair.localCandidate.soAcceptedSocket != null) { Thread waitThread = new Thread(() => { candPair.nominated = ICE.WaitForSignal(candPair.localCandidate.soAcceptedSocket); }); waitingThreads.Add(waitThread); waitThread.Start(); } else if (candPair.localCandidate.soConnectingSocket != null) { Thread waitThread = new Thread(() => { candPair.nominated = ICE.WaitForSignal(candPair.localCandidate.soConnectingSocket); }); waitingThreads.Add(waitThread); waitThread.Start(); } } break; } // switch } // if } // foreach // wait for all threads foreach (Thread waitingThread in waitingThreads) { waitingThread.Join(); } #endregion // choose pair CandidatePair choosenPair = null; // any nominated pair? if (checkList.candidatePairs.Any(item => item.nominated == true)) { choosenPair = checkList.candidatePairs.First(item => item.nominated == true); } // Close all sockets of all candidate pairs not nominated //for (int i = 0; i < checkList.candidatePairs.Count; i++) // if ((!checkList.candidatePairs[i].nominated) || (checkList.candidatePairs[i].state != CandidatePairState.Succeeded)) // ICE.CloseAllCandidateSockets(checkList.candidatePairs[i].localCandidate); // add node with chosen remote candidate if (choosenPair != null) { // save connection //GetForwardingAndLinkManagementLayer().SaveConnection(choosenPair); // get connection Socket socket = GetForwardingAndLinkManagementLayer().GetConnection(choosenPair); // Get IPAdress and Port of the attacher from attachers certificate cn System.Security.Cryptography.X509Certificates.X509Certificate2 tempcert = new System.Security.Cryptography.X509Certificates.X509Certificate2(recmsg.security_block.Certificates[0].Certificate); IPEndPoint attacherEndpoint = new IPEndPoint(IPAddress.Parse(tempcert.SubjectName.Name.ToString().Split(':')[1]), Convert.ToInt32( tempcert.SubjectName.Name.ToString().Split(':')[2])); // StartReloadTLSClient GetForwardingAndLinkManagementLayer().StartReloadTLSClient(OriginatorID, socket, attacherEndpoint); // for all candidates send_params.done = true for (int i = 0; i < checkList.candidatePairs.Count; i++) { ReloadSendParameters send_params; GetForwardingAndLinkManagementLayer().GetConnectionQueue().TryGetValue(checkList.candidatePairs[i].remoteCandidate, out send_params); if (send_params != null) { send_params.done.Post(true); // remove from connection queue GetForwardingAndLinkManagementLayer().GetConnectionQueue().Remove(checkList.candidatePairs[i].remoteCandidate); } } List<IceCandidate> choosenRemoteCandidates = new List<IceCandidate>(); choosenRemoteCandidates.Add(choosenPair.remoteCandidate); Node attacher = new Node(recmsg.OriginatorID, choosenRemoteCandidates); bool isFinger = m_topology.routing_table.isFinger(attacher.Id); m_topology.routing_table.AddNode(attacher); m_topology.routing_table.SetNodeState(recmsg.OriginatorID, NodeState.attached); } // free all port mappings created by UPnP foreach (IceCandidate cand in attachAnswer.ice_candidates) { if (cand.cand_type == CandType.tcp_nat) { UPnP upnp = new UPnP(); bool discovered = upnp.Discover(cand.rel_addr_port.ipaddr); if (discovered) upnp.DeletePortMapping(cand.addr_port.port, ProtocolType.Tcp); } } #endregion } else { // localnode is bootstrap => no ICE processing Node attacher = new Node(recmsg.OriginatorID, req_answ.ice_candidates); bool isFinger = m_topology.routing_table.isFinger(attacher.Id); m_topology.routing_table.AddNode(attacher); m_topology.routing_table.SetNodeState(recmsg.OriginatorID, NodeState.attached); } } // using NO ICE else { Node attacher = new Node(recmsg.OriginatorID, req_answ.ice_candidates); bool isFinger = m_topology.routing_table.isFinger(attacher.Id); m_topology.routing_table.AddNode(attacher); m_topology.routing_table.SetNodeState(recmsg.OriginatorID, NodeState.attached); } // markus end if (req_answ.SendUpdate) Arbiter.Activate(m_DispatcherQueue, new IterativeTask<Node, Node>( m_topology.routing_table.GetNode(OriginatorID), m_topology.routing_table.GetNode(recmsg.LastHopNodeId), SendUpdate)); } // incoming ATTACH ANSWER, so localnode is controlling agent // and localnode must be a peer, because bootstraps dont create attach requests and because of this cant receive an attach answer else { // using NOICE if (ReloadGlobals.UseNoIce) // markus: added if/else statement { m_ReloadConfig.Logger(ReloadGlobals.TRACEFLAGS.T_ERROR, String.Format("{0} <== {1} (not handled!!)", req_answ.RELOAD_MsgCode.ToString().PadRight(16, ' '), OriginatorID)); } // using ICE else { // get local candidates from request List<IceCandidate> localCandidates = null; bool gotLocalCandidate = m_attachRequestCandidates.TryGetValue(recmsg.TransactionID, out localCandidates); // log output m_ReloadConfig.Logger(ReloadGlobals.TRACEFLAGS.T_INFO, String.Format("Attach Answer: Transaction ID: {0:x}", recmsg.TransactionID)); foreach (IceCandidate cand in localCandidates) m_ReloadConfig.Logger(ReloadGlobals.TRACEFLAGS.T_INFO, String.Format("Attach Answer: Got local candidate: {0}:{1} (TransId: {2:x})", cand.addr_port.ipaddr.ToString(), cand.addr_port.port, recmsg.TransactionID)); foreach (IceCandidate cand in req_answ.ice_candidates) m_ReloadConfig.Logger(ReloadGlobals.TRACEFLAGS.T_INFO, String.Format("Attach Answer: Received remote candidate: {0}:{1} (TransId: {2:x})", cand.addr_port.ipaddr.ToString(), cand.addr_port.port, recmsg.TransactionID)); if (req_answ.ice_candidates != null) { // we need ice, except the answering peer is a bootstrap bool needIce = true; //// bootstrap responses with only one candidate //if (req_answ.ice_candidates.Count == 1) //{ // is it really a bootstrap? if (req_answ.ice_candidates[0].cand_type == CandType.tcp_bootstrap) { // attached to a bootstrap, so we have to do nothing here, no ice processing needed needIce = false; } //} if (needIce) { #region ICE TODO // ICE processing (this is controlling node) if (gotLocalCandidate) { // deep copy of remote ice candidates List<IceCandidate> remoteIceCandidatesCopy = new List<IceCandidate>(); // remote candidates foreach (IceCandidate cand in req_answ.ice_candidates) { IceCandidate deepCopy = (IceCandidate)cand.Clone(); remoteIceCandidatesCopy.Add(deepCopy); } //CheckList checkList = ICE.FormCheckList(localCandidates, req_answ.ice_candidates, true); CheckList checkList = ICE.FormCheckList(localCandidates, remoteIceCandidatesCopy, true); ICE.PrintCandidatePairList(checkList.candidatePairs); ICE.ScheduleChecks(checkList, m_ReloadConfig.Logger); m_attachRequestCandidates.Remove(recmsg.TransactionID); #region signaling // any succeeded pair? if (checkList.candidatePairs.Any(item => item.state == CandidatePairState.Succeeded)) { // get all succeeded pairs List<CandidatePair> succeededPairs = checkList.candidatePairs.Where(item => item.state == CandidatePairState.Succeeded).ToList(); // send nomination signal to peer bool sentSuccessfull = false; bool nominated; int counter = 0; foreach (CandidatePair pair in succeededPairs) { // simply nominate the first succeeded pair if (counter == 0) nominated = true; else nominated = false; switch (pair.localCandidate.tcpType) { case TcpType.Active: { if (pair.localCandidate.activeConnectingSocket != null) { sentSuccessfull = ICE.SendSignal(pair.localCandidate.activeConnectingSocket, nominated); pair.nominated = nominated; } } break; case TcpType.Passive: { if (pair.localCandidate.passiveAcceptedSocket != null) { sentSuccessfull = ICE.SendSignal(pair.localCandidate.passiveAcceptedSocket, nominated); pair.nominated = nominated; } } break; case TcpType.SO: { if (pair.localCandidate.soAcceptedSocket != null) { sentSuccessfull = ICE.SendSignal(pair.localCandidate.soAcceptedSocket, nominated); pair.nominated = nominated; } else if (pair.localCandidate.soConnectingSocket != null) { sentSuccessfull = ICE.SendSignal(pair.localCandidate.soConnectingSocket, nominated); pair.nominated = nominated; } } break; } // switch counter++; } // foreach if (sentSuccessfull) { } #endregion // signaling // Start Server here, if a nominated pair exists if (checkList.candidatePairs.Any(item => item.nominated)) { CandidatePair choosenPair = checkList.candidatePairs.First(item => item.nominated); // save connection here too? //GetForwardingAndLinkManagementLayer().SaveConnection(choosenPair); // get connection Socket socket = GetForwardingAndLinkManagementLayer().GetConnection(choosenPair); // StartReloadTLSServer GetForwardingAndLinkManagementLayer().StartReloadTLSServer(socket); } // if (any nominated) } // if (any succeeded pair) // Close all sockets of all candidate pairs not nominated //for (int i = 0; i < checkList.candidatePairs.Count; i++) // if ((!checkList.candidatePairs[i].nominated) || (checkList.candidatePairs[i].state != CandidatePairState.Succeeded)) // ICE.CloseAllCandidateSockets(checkList.candidatePairs[i].localCandidate); } #endregion // ICE } // existing nat candidates to free? if (localCandidates != null) { // free all port mappings created by UPnP foreach (IceCandidate cand in localCandidates) { if (cand.cand_type == CandType.tcp_nat) { UPnP upnp = new UPnP(); bool discovered = upnp.Discover(cand.rel_addr_port.ipaddr); if (discovered) upnp.DeletePortMapping(cand.addr_port.port, ProtocolType.Tcp); } } } } } } } } catch (Exception e) { throw; } }
public static X509Certificate ReadCertificateFromBytes(byte[] certificate, string password, out AsymmetricKeyParameter privateKey) { var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate, password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable); privateKey = TransformRSAPrivateKey(x509.PrivateKey); var cert = DotNetUtilities.FromX509Certificate(x509); return cert; }
public CmsRecipient(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate, System.Security.Cryptography.RSAEncryptionPadding rsaEncryptionPadding) { }
public CmsSigner(System.Security.Cryptography.Pkcs.SubjectIdentifierType signerIdentifierType, System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { }
public bool MatchesCertificate(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { throw null; }
public CmsRecipient(System.Security.Cryptography.Pkcs.SubjectIdentifierType recipientIdentifierType, System.Security.Cryptography.X509Certificates.X509Certificate2 certificate, System.Security.Cryptography.RSAEncryptionPadding rsaEncryptionPadding) { }
public X509CertificateEndpointIdentity(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { }
public ClientCertificateCredential(string tenantId, string clientId, System.Security.Cryptography.X509Certificates.X509Certificate2 clientCertificate, Azure.Identity.TokenCredentialOptions options) { }
public ClientCertificateCredential(string tenantId, string clientId, System.Security.Cryptography.X509Certificates.X509Certificate2 clientCertificate) { }
/// <summary> /// /// </summary> /// <remarks>Based on <see cref="http://www.fkollmann.de/v2/post/Creating-certificates-using-BouncyCastle.aspx"/></remarks> /// <param name="subjectName"></param> /// <returns></returns> public static byte[] GenerateCertificate(string subjectName, byte[] issuingCertificate, string issuingCertificatePassword, out string password) { AsymmetricKeyParameter caPrivateKey; var caCert = ReadCertificateFromBytes(issuingCertificate, issuingCertificatePassword, out caPrivateKey); var caAuth = new AuthorityKeyIdentifierStructure(caCert); var authKeyId = new AuthorityKeyIdentifier(caAuth.GetKeyIdentifier()); // --------------------------- // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-()#$%^&@+=!"; var rnd = new Random(); var result = new string( Enumerable.Repeat(chars, 15) .Select(s => s[rnd.Next(s.Length)]) .ToArray()); password = result; var gen = new X509V3CertificateGenerator(); var certName = new X509Name("CN=" + subjectName); var serialNo = BigInteger.ProbablePrime(120, random); gen.SetSerialNumber(serialNo); gen.SetSubjectDN(certName); gen.SetIssuerDN(caCert.IssuerDN); // gen.SetIssuerUniqueID(caCert.IssuerUniqueID.GetBytes()) gen.SetNotAfter(DateTime.Now.AddYears(100)); gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0))); gen.SetSignatureAlgorithm("SHA256WithRSA"); //("MD5WithRSA"); var kpgen = new RsaKeyPairGenerator(); kpgen.Init(new KeyGenerationParameters(random, 2048)); // new SecureRandom(new CryptoApiRandomGenerator()), 2048)); var subjectKeyPair = kpgen.GenerateKeyPair(); gen.SetPublicKey(subjectKeyPair.Public); //gen.AddExtension( // X509Extensions.AuthorityKeyIdentifier, // false, // authKeyId); //gen.AddExtension( // X509Extensions.SubjectKeyIdentifier, // false, // new SubjectKeyIdentifierStructure(kp.Public) // ); //gen.AddExtension( // X509Extensions.AuthorityKeyIdentifier.Id, // false, // new AuthorityKeyIdentifier( // SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public), // new GeneralNames(new GeneralName(certName)), // serialNo)); gen.AddExtension( X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPClientAuth, KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPCodeSigning })); //1.3.6.1.5.5.7.3.1 = server authentication //1.3.6.1.5.5.7.3.2 = client authentication //1.3.6.1.5.5.7.3.3 = code signing var certificate = gen.Generate(caPrivateKey); PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); // merge into X509Certificate2 var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded()); if (seq.Count != 9) { throw new PemException("malformed sequence in RSA private key"); } var rsa = new RsaPrivateKeyStructure(seq); RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); //------------- //RsaPrivateCrtKeyParameters rsaparams = (RsaPrivateCrtKeyParameters)subjectKeyPair.Private; RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters(rsaparams); CspParameters cspParameters = new CspParameters(); cspParameters.KeyContainerName = Guid.NewGuid().ToString(); // "MyKeyContainer"; RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(2048, cspParameters); rsaKey.ImportParameters(rsaParameters); // ------------ x509.PrivateKey = rsaKey; // DotNetUtilities.ToRSA(rsaparams); //var certBytes = DotNetUtilities.ToX509Certificate(certificate).Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pfx, password); //var x5092 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certBytes, password); //var rsaPriv = DotNetUtilities.ToRSA(subjectKeyPair.Private as RsaPrivateCrtKeyParameters); //x509.PrivateKey = rsaPriv; var x509Bytes = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert); System.IO.File.WriteAllBytes(@"C:\mycertx509x.cer", x509Bytes); var x509Bytes2 = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs12, password); System.IO.File.WriteAllBytes(@"C:\mycertx509x.pfx", x509Bytes2); System.IO.File.WriteAllText(@"C:\mycertx509x_pass.txt", password); //Utility.AddCertToStore(x509, System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine); return x509Bytes2; }
public CmsSigner(System.Security.Cryptography.Pkcs.SubjectIdentifierType signerIdentifierType, System.Security.Cryptography.X509Certificates.X509Certificate2 certificate, System.Security.Cryptography.AsymmetricAlgorithm privateKey) { }
public static X509Certificate ReadCertificateFromBytes(byte[] certificate, string password, out AsymmetricKeyParameter privateKey) { var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate, password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable); //var reader = new PemReader(new StringReader(pemValue)); //Object obj = reader.ReadObject(); //if (obj is AsymmetricCipherKeyPair) //{ // privateKey = (RsaPrivateCrtKeyParameters)((AsymmetricCipherKeyPair)obj).Private; //} //else //{ // throw new InvalidOperationException("certificate did not have private key."); //} privateKey = TransformRSAPrivateKey(x509.PrivateKey); var cert = DotNetUtilities.FromX509Certificate(x509); return cert; }
public CmsSigner(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { }
static void verify(string file) { digidoc.digidoc.initialize(); try { Console.WriteLine("Opening file: " + file); WDoc b = new WDoc(file); Console.WriteLine("Files:"); for (uint i = 0; i < b.documentCount(); ++i) { Document d = b.getDocument(i); Console.WriteLine(" {0} - {1}", i, d.getFileName()); } Console.WriteLine(); Console.WriteLine("Signatures:"); for (uint i = 0; i < b.signatureCount(); ++i) { Signature s = b.getSignature(i); SignatureProductionPlace p = s.getProductionPlace(); Console.WriteLine("Address: {0} {1} {2} {3}", p.city, p.countryName, p.stateOrProvince, p.postalCode); SignerRole r = s.getSignerRole(); Console.Write("Role:"); for (int j = 0; j < r.claimedRoles.Count; ++j) Console.Write(" " + r.claimedRoles[j]); Console.WriteLine(); Console.WriteLine("Time: " + s.getSigningTime()); System.Security.Cryptography.X509Certificates.X509Certificate2 c = new System.Security.Cryptography.X509Certificates.X509Certificate2(s.getSigningCert()); Console.WriteLine("Cert: " + c.Subject); try { s.validateOffline(); Console.WriteLine("Signature is valid"); } catch (DigidocSignatureException e) { Console.WriteLine("Signature is invalid"); Console.WriteLine(e.Message); } } } catch (DigidocBDocException e) { Console.WriteLine(e.Message); } catch (DigidocIOException e) { Console.WriteLine(e.Message); } catch (DigidocSignException e) { Console.WriteLine(e.Message); } catch (DigidocSignatureException e) { Console.WriteLine(e.Message); } catch (DigidocException e) { Console.WriteLine(e.Message); } catch (Exception e) { Console.WriteLine(e.Message); } digidoc.digidoc.terminate(); }
public System.Security.Cryptography.Pkcs.Pkcs12CertBag AddCertificate(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { throw null; }
/// <summary> /// Initializes a new instance of the <see cref="MimeKit.Cryptography.CmsRecipient"/> class. /// </summary> /// <remarks> /// <para>The initial value of the <see cref="EncryptionAlgorithms"/> property will be set to /// the Triple-DES encryption algorithm, which should be safe to assume for all modern /// S/MIME v3.x client implementations.</para> /// <para>The <see cref="RecipientIdentifierType"/> will be initialized to /// <see cref="SubjectIdentifierType.IssuerAndSerialNumber"/>.</para> /// </remarks> /// <param name="certificate">The recipient's certificate.</param> /// <exception cref="System.ArgumentNullException"> /// <paramref name="certificate"/> is <c>null</c>. /// </exception> public CmsRecipient (X509Certificate2 certificate) { if (certificate == null) throw new ArgumentNullException ("certificate"); EncryptionAlgorithms = new EncryptionAlgorithm[] { EncryptionAlgorithm.TripleDes }; RecipientIdentifierType = SubjectIdentifierType.IssuerAndSerialNumber; Certificate = DotNetUtilities.FromX509Certificate (certificate); }
public static System.Security.Cryptography.ECDsa GetECDsaPrivateKey(this System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { throw null; }
public static System.Security.Cryptography.RSA GetRSAPublicKey(this System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { return(default(System.Security.Cryptography.RSA)); }
public System.Security.Cryptography.X509Certificates.X509Certificate2 Create(System.Security.Cryptography.X509Certificates.X509Certificate2 issuerCertificate, System.DateTimeOffset notBefore, System.DateTimeOffset notAfter, byte[] serialNumber) { throw null; }
static X509Certificate GetBouncyCastleCertificate(X509Certificate2 certificate) { var rawData = certificate.GetRawCertData(); return(new X509CertificateParser().ReadCertificate(rawData)); }
public X509Certificate2Collection(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { }
public static void GenerateRootCertificate(string subjectName, long serialNumber, DateTime expireOn, bool isCertificateAuthority, out string thumbprint, out string pemPrivateKey, out string pemPublicCert, out byte[] publicCert, out byte[] pkcs12Data, out string password) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var kpgen = new RsaKeyPairGenerator(); kpgen.Init(new KeyGenerationParameters(random, 2048)); //new SecureRandom(new CryptoApiRandomGenerator()), 2048)); var subjectKeyPair = kpgen.GenerateKeyPair(); var gen = new X509V3CertificateGenerator(); var certName = new X509Name("CN=" + subjectName); BigInteger serialNo; if (serialNumber == 0) { serialNo = BigInteger.ProbablePrime(120, random); } else { serialNo = BigInteger.ValueOf(serialNumber); } gen.SetSerialNumber(serialNo); gen.SetSubjectDN(certName); gen.SetIssuerDN(certName); gen.SetNotAfter(expireOn); gen.SetNotBefore(DateTime.Now.Date); gen.SetSignatureAlgorithm("SHA256WithRSA"); //("MD5WithRSA"); gen.SetPublicKey(subjectKeyPair.Public); gen.AddExtension( X509Extensions.BasicConstraints.Id, true, new BasicConstraints(isCertificateAuthority)); //// NOT WORKING... NOT PASSING CERTIFICATE ISSUING ALLOWED //if (isCertificateAuthority) //{ // gen.AddExtension( // X509Extensions.BasicConstraints., // true, // new BasicConstraints(isCertificateAuthority)); //} var certificate = gen.Generate(subjectKeyPair.Private, random); PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded()); if (seq.Count != 9) { throw new PemException("Malformed sequence in RSA private key."); } var rsa = new RsaPrivateKeyStructure(seq); RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters(rsaparams); CspParameters cspParameters = new CspParameters(); cspParameters.KeyContainerName = Guid.NewGuid().ToString(); // "MyKeyContainer"; RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(2048, cspParameters); rsaKey.ImportParameters(rsaParameters); x509.PrivateKey = rsaKey; // DotNetUtilities.ToRSA(rsaparams); // Generating Random Numbers var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-()#$%^&@+=!"; var rnd = new Random(); password = new string( Enumerable.Repeat(chars, 32) .Select(s => s[rnd.Next(s.Length)]) .ToArray()); thumbprint = x509.Thumbprint.ToLower(); publicCert = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert); var privateKeyPem = new StringBuilder(); var privateKeyPemWriter = new PemWriter(new StringWriter(privateKeyPem)); privateKeyPemWriter.WriteObject(certificate); privateKeyPemWriter.WriteObject(subjectKeyPair.Private); privateKeyPemWriter.Writer.Flush(); pemPrivateKey = privateKeyPem.ToString(); var publicKeyPem = new StringBuilder(); var utf8WithoutBom = new System.Text.UTF8Encoding(false); var publicKeyPemWriter = new PemWriter(new StringWriterWithEncoding(publicKeyPem, utf8WithoutBom)); publicKeyPemWriter.WriteObject(certificate); publicKeyPemWriter.Writer.Flush(); pemPublicCert = publicKeyPem.ToString(); pemPublicCert = pemPublicCert.Replace(Environment.NewLine, "\n"); //only use newline and not returns pkcs12Data = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pfx, password); }
public void Insert(int index, System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { }
private void StartHTTP() { try { m_log.Info("[HTTPD]: Spawned main thread OK"); //m_httpListener = new HttpListener(); NotSocketErrors = 0; if (!m_ssl) { //m_httpListener.Prefixes.Add("http://+:" + m_port + "/"); //m_httpListener.Prefixes.Add("http://10.1.1.5:" + m_port + "/"); m_httpListener2 = new CoolHTTPListener(m_listenIPAddress, (int)m_port); m_httpListener2.ExceptionThrown += httpServerException; m_httpListener2.LogWriter = httpserverlog; // Uncomment this line in addition to those in HttpServerLogWriter // if you want more detailed trace information from the HttpServer //m_httpListener2.UseTraceLogs = true; m_httpListener2.DisconnectHandler = httpServerDisconnectMonitor; } else { //m_httpListener.Prefixes.Add("https://+:" + (m_sslport) + "/"); //m_httpListener.Prefixes.Add("http://+:" + m_port + "/"); System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2("SineWaveCert.pfx", "123"); m_httpListener2 = new CoolHTTPListener(IPAddress.Any, (int)m_port, cert); m_httpListener2.ExceptionThrown += httpServerException; m_httpListener2.LogWriter = httpserverlog; m_httpListener2.DisconnectHandler = httpServerDisconnectMonitor; } m_httpListener2.RequestHandler += OnHandleRequestIOThread; //m_httpListener.Start(); m_httpListener2.Start(64); HTTPDRunning = true; //HttpListenerContext context; //while (true) //{ // context = m_httpListener.GetContext(); // ThreadPool.QueueUserWorkItem(new WaitCallback(HandleRequest), context); // } } catch (Exception e) { m_log.Error("[HTTPD]: Error - " + e.Message); m_log.Error("[HTTPD]: Tip: Do you have permission to listen on port " + m_port + ", " + m_sslport + "?"); // We want this exception to halt the entire server since in current configurations we aren't too // useful without inbound HTTP. throw e; } }
public void Remove(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { }
/// <summary> /// Are we capable of generating, saving, loading and removing a cert. A test of a host system's compatibility /// with our cert stuff /// </summary> public static void GenerateSaveAndReload() { //USING BOUNCY CASTLE // create bouncy castle cert and save it AsymmetricCipherKeyPair kp; var x509 = CertificateGenerator.GenerateCertificate("Subject", out kp); string FilePath = "cert.pfx"; string Alias = "foo"; string Pwd = "bar"; // save it CertificateGenerator.SaveToFile(x509, kp, FilePath, Alias, Pwd); //USING NATIVE.NET TO CONSUME BOUNCY // open the store as X509Certificate2 var x5092 = new System.Security.Cryptography.X509Certificates.X509Certificate2(FilePath, Pwd); Console.WriteLine(x5092.SubjectName); Console.WriteLine(x5092.Thumbprint); Console.WriteLine(x5092.PrivateKey.SignatureAlgorithm); //clean it up File.Delete(FilePath); }
public static System.Security.Cryptography.X509Certificates.X509Certificate2 CopyWithPrivateKey(this System.Security.Cryptography.X509Certificates.X509Certificate2 certificate, System.Security.Cryptography.DSA privateKey) { throw null; }
public static byte[] GenerateRootCertificate(string subjectName, string password, out string pemValue) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var kpgen = new RsaKeyPairGenerator(); kpgen.Init(new KeyGenerationParameters(random, 2048)); //new SecureRandom(new CryptoApiRandomGenerator()), 2048)); var subjectKeyPair = kpgen.GenerateKeyPair(); var gen = new X509V3CertificateGenerator(); var certName = new X509Name("CN=" + subjectName); BigInteger serialNo = BigInteger.ValueOf(4); //BigInteger.ProbablePrime(120, random); gen.SetSerialNumber(serialNo); gen.SetSubjectDN(certName); gen.SetIssuerDN(certName); gen.SetNotAfter(DateTime.Now.AddYears(100)); gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0))); gen.SetSignatureAlgorithm("SHA256WithRSA"); //("MD5WithRSA"); gen.SetPublicKey(subjectKeyPair.Public); //gen.AddExtension( // X509Extensions.SubjectKeyIdentifier, // false, // new SubjectKeyIdentifierStructure(kp.Public) // ); //gen.AddExtension( // X509Extensions.AuthorityKeyIdentifier.Id, // false, // new AuthorityKeyIdentifier( // SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public), // new GeneralNames(new GeneralName(certName)), // serialNo)); var certificate = gen.Generate(subjectKeyPair.Private, random); var privateKeyPem = new StringBuilder(); var privateKeyPemWriter = new PemWriter(new StringWriter(privateKeyPem)); privateKeyPemWriter.WriteObject(certificate); privateKeyPemWriter.WriteObject(subjectKeyPair.Private); privateKeyPemWriter.Writer.Flush(); pemValue = privateKeyPem.ToString(); System.IO.File.WriteAllText(@"C:\_rootCa.pem", pemValue); //var certBytes = DotNetUtilities.ToX509Certificate(certificate).Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs12, password); //var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); //RSA rsaPriv = DotNetUtilities.ToRSA(subjectKeyPair.Private as RsaPrivateCrtKeyParameters); // PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded()); if (seq.Count != 9) { throw new PemException("malformed sequence in RSA private key"); } var rsa = new RsaPrivateKeyStructure(seq); RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); //------------- //RsaPrivateCrtKeyParameters rsaparams = (RsaPrivateCrtKeyParameters)subjectKeyPair.Private; RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters(rsaparams); CspParameters cspParameters = new CspParameters(); cspParameters.KeyContainerName = Guid.NewGuid().ToString(); // "MyKeyContainer"; RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(2048, cspParameters); rsaKey.ImportParameters(rsaParameters); // ------------ x509.PrivateKey = rsaKey; // DotNetUtilities.ToRSA(rsaparams); // var x509Bytes = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert, password); System.IO.File.WriteAllBytes(@"C:\_rootCa.cer", x509Bytes); var x509Bytes2 = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pfx, password); System.IO.File.WriteAllBytes(@"C:\_rootCa.pfx", x509Bytes2); return x509Bytes; }
public bool Build(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { throw null; }
// This reads a certificate from a file. // Thanks to: http://blog.softwarecodehelp.com/2009/06/23/CodeForRetrievePublicKeyFromCertificateAndEncryptUsingCertificatePublicKeyForBothJavaC.aspx public static X509Certificate ReadCertFromFile(string certificatePath, string password, out AsymmetricKeyParameter privateKey) { var x5092 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificatePath, password); var cert = DotNetUtilities.FromX509Certificate(x5092); privateKey = TransformRSAPrivateKey(x5092.PrivateKey); return cert; //try //{ // // Create file stream object to read certificate // var keyStream = new FileStream(strCertificatePath, FileMode.Open, FileAccess.Read); // // Read certificate using BouncyCastle component // var inputKeyStore = new Pkcs12Store(); // inputKeyStore.Load(keyStream, strCertificatePassword.ToCharArray()); // //Close File stream // keyStream.Close(); // var keyAlias = inputKeyStore.Aliases.Cast<string>().FirstOrDefault(n => inputKeyStore.IsKeyEntry(n)); // // Read Key from Alieases // if (keyAlias == null) // throw new NotImplementedException("Alias"); // //Read certificate into 509 format // return (X509Certificate)inputKeyStore.GetCertificate(keyAlias).Certificate; //} //catch (Exception ex) //{ // throw ex; //} }
public static System.Security.Cryptography.DSA GetDSAPublicKey(this System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { throw null; }
public static Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions UseHttps(this Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions listenOptions, System.Security.Cryptography.X509Certificates.X509Certificate2 serverCertificate) { throw null; }
public ActionResult Details(string id) { Guid publicKey; if (!Guid.TryParse(id, out publicKey)) return new HttpStatusCodeResult(System.Net.HttpStatusCode.BadRequest); var certificado = DBContext.Certificados.Where(e => e.PublicKey == publicKey).SingleOrDefault(); if (certificado == null) return HttpNotFound(); System.Security.Cryptography.SHA1CryptoServiceProvider sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider(); //System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo, // certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet); //// System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey; System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo, certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet); System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey; //System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding(); //byte[] binData = encoder.GetBytes(cadenaOriginal); //byte[] binSignature = rsaCryptoIPT.SignData(binData, sha1); //string sello = Convert.ToBase64String(binSignature); //return sello; var model = new CertificadoDetailsViewModel(certificado); //model.Issuer = cert.Issuer; model.Issuer = cert.IssuerName.Name; model.Subject = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false); model.Issuer = cert.GetEffectiveDateString(); model.Issuer = cert.GetExpirationDateString(); model.Issuer = cert.Subject; model.Issuer = certificado.GetNumeroSerie(); // cert.SerialNumber; // cert.GetSerialNumberString(); model.Issuer = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, true); //model.Issuer = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false); return View(model); }
public KeyMaterial() { SigningCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2("client.pfx", "abc!123"); }
private void Secure(Action success, Action<Exception> error) { var networkStream = new NetworkStream(_client); _clientSslStream = new SslStream(networkStream, false, RemoteCertificateValidationCallback); var clientAuthentication = _clientSslStream.BeginAuthenticateAsClient("localhost", null, null); var cert = new System.Security.Cryptography.X509Certificates.X509Certificate2("local.pfx", "local"); _wrapper.Authenticate(cert, RemoteCertificateValidationCallback, success, error); }
// This reads a certificate from a file. // Thanks to: http://blog.softwarecodehelp.com/2009/06/23/CodeForRetrievePublicKeyFromCertificateAndEncryptUsingCertificatePublicKeyForBothJavaC.aspx public static X509Certificate ReadCertFromFile(string certificatePath, string password, out AsymmetricKeyParameter privateKey) { var x5092 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificatePath, password); var cert = DotNetUtilities.FromX509Certificate(x5092); privateKey = TransformRSAPrivateKey(x5092.PrivateKey); return cert; }
public DtlsSrtpClient(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) : this(DtlsUtils.LoadCertificateChain(certificate), DtlsUtils.LoadPrivateKeyResource(certificate)) { }
private void StartHTTP() { try { //m_httpListener = new HttpListener(); NotSocketErrors = 0; if (!m_ssl) { //m_httpListener.Prefixes.Add("http://+:" + m_port + "/"); //m_httpListener.Prefixes.Add("http://10.1.1.5:" + m_port + "/"); m_httpListener = HttpListener.Create (m_listenIPAddress, (int)m_port/*, httpserverlog*/); m_httpListener.ExceptionThrown += httpServerException; m_httpListener.LogWriter = httpserverlog; // Uncomment this line in addition to those in HttpServerLogWriter // if you want more detailed trace information from the HttpServer //m_httpListener2.UseTraceLogs = true; //m_httpListener2.DisconnectHandler = httpServerDisconnectMonitor; } else { //m_httpListener.Prefixes.Add("https://+:" + (m_sslport) + "/"); //m_httpListener.Prefixes.Add("http://+:" + m_port + "/"); System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2("SineWaveCert.pfx", "123"); m_httpListener = HttpListener.Create (IPAddress.Any, (int)m_port, cert/*, httpserverlog*/); m_httpListener.ExceptionThrown += httpServerException; m_httpListener.LogWriter = httpserverlog; } m_httpListener.RequestReceived += OnRequest; m_httpListener.Start(64); // Long Poll Service Manager with 3 worker threads a 25 second timeout for no events m_PollServiceManager = new PollServiceRequestManager(this, 3, 25000); HTTPDRunning = true; } catch (Exception e) { m_log.Error("[BASE HTTP SERVER]: Error - " + e.Message); m_log.Error("[BASE HTTP SERVER]: Tip: Do you have permission to listen on port " + m_port + "?"); // We want this exception to halt the entire server since in current configurations we aren't too // useful without inbound HTTP. throw e; } }
public CmsRecipient(System.Security.Cryptography.Pkcs.SubjectIdentifierType recipientIdentifierType, System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { }
/// <summary> /// Initializes a new instance of the <see cref="MimeKit.Cryptography.CmsRecipient"/> class. /// </summary> /// <remarks> /// The initial value of the <see cref="EncryptionAlgorithms"/> property will be set to /// the Triple-DES encryption algorithm, which should be safe to assume for all modern /// S/MIME v3.x client implementations. /// </remarks> /// <param name="certificate">The recipient's certificate.</param> /// <param name="recipientIdentifierType">The recipient identifier type.</param> /// <exception cref="System.ArgumentNullException"> /// <paramref name="certificate"/> is <c>null</c>. /// </exception> public CmsRecipient (X509Certificate2 certificate, SubjectIdentifierType recipientIdentifierType = SubjectIdentifierType.IssuerAndSerialNumber) { if (certificate == null) throw new ArgumentNullException (nameof (certificate)); if (recipientIdentifierType == SubjectIdentifierType.IssuerAndSerialNumber) RecipientIdentifierType = SubjectIdentifierType.IssuerAndSerialNumber; else RecipientIdentifierType = SubjectIdentifierType.SubjectKeyIdentifier; EncryptionAlgorithms = new EncryptionAlgorithm[] { EncryptionAlgorithm.TripleDes }; Certificate = DotNetUtilities.FromX509Certificate (certificate); }
public CmsRecipient(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { }
public bool VerifySignatureForData(System.ReadOnlySpan <byte> data, out System.Security.Cryptography.X509Certificates.X509Certificate2 signerCertificate, System.Security.Cryptography.X509Certificates.X509Certificate2Collection extraCandidates = null) { throw null; }
public X509CertificateEndpointIdentity(System.Security.Cryptography.X509Certificates.X509Certificate2 primaryCertificate, System.Security.Cryptography.X509Certificates.X509Certificate2Collection supportingCertificates) { }
public ActionResult Create(CertificadoCreateViewModel model) { //var model = new CertificadoCreateViewModel(); if (ModelState.IsValid) { if (model.CertificadoArchivo == null || model.CertificadoArchivo.ContentLength == 0) { return View(); } try { // var user = UserManager.FindById(this.GetUserId()); Guid publicKey = Guid.NewGuid(); Certificado certificado = new Certificado(); //certificado.NumSerie = model.NumSerie; //certificado.RFC = model.RFC; //certificado.Inicia = model.Inicia; // DateTime.Parse(post["inicia"].ToString(), new System.Globalization.CultureInfo("es-MX")); //certificado.Finaliza = model.Finaliza; ////certificado.CertificadoBase64 = model.CertificadoArchivo; ////certificado.PFXArchivo = model.PFXArchivo; certificado.PFXContrasena = model.PFXContrasena; certificado.Estado = model.Estado; if (model.CertificadoArchivo != null) { MemoryStream target = new MemoryStream(); model.CertificadoArchivo.InputStream.CopyTo(target); Byte[] data = target.ToArray(); certificado.CertificadoDER = data; //certificado.PFXArchivo = data; certificado.CertificadoBase64 = Convert.ToBase64String(data); System.Security.Cryptography.SHA1CryptoServiceProvider sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider(); //System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(data, certificado.PFXContrasena); System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(data); // cert.FriendlyName.ToString(); certificado.NumSerie = Certificado.GetSerialNumberString(cert); //certificado.RFC = cert.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false); string[] subject = cert.Subject.Split(','); foreach (string strVal in subject) { string value = strVal.Trim(); if (value.StartsWith("OID.2.5.4.45=")) { string value2 = value.Replace("OID.2.5.4.45=", ""); certificado.RFC = value2.Substring(0, value2.IndexOf('/') >= 0 ? value2.IndexOf('/') : value2.Length).Trim(); } } certificado.Inicia = DateTime.Parse(cert.GetEffectiveDateString()); certificado.Finaliza = DateTime.Parse(cert.GetExpirationDateString()); //certificado.CertificadoBase64 = model.CertificadoArchivo; //certificado.PFXArchivo = model.PFXArchivo; } if (model.PFXArchivo != null) { MemoryStream target2 = new MemoryStream(); model.PFXArchivo.InputStream.CopyTo(target2); Byte[] dataPFX = target2.ToArray(); certificado.PFXArchivo = dataPFX; // MemoryStream target3 = new MemoryStream(); // model.CertificadoArchivo.InputStream.Position = 0; // model.CertificadoArchivo.InputStream.CopyTo(target3); // Byte[] data3 = target3.ToArray(); // //string certificadoBase64 = Convert.ToBase64String(data); // //System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo, // // certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet); // //System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey; } //else { // MemoryStream target3 = new MemoryStream(); // model.CertificadoArchivo.InputStream.CopyTo(target3); // Byte[] data3 = target3.ToArray(); // //string certificadoBase64 = Convert.ToBase64String(data); // System.Security.Cryptography.SHA1CryptoServiceProvider sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider(); // System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(data3, certificado.PFXContrasena); // cert.FriendlyName.ToString(); // //System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificado.PFXArchivo, // // certificado.PFXContrasena, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet); // System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoIPT = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey; //} if (model.PrivateKeyDER != null) { MemoryStream ms = new MemoryStream(); model.PrivateKeyDER.InputStream.CopyTo(ms); Byte[] dataDER = ms.ToArray(); certificado.PrivateKeyDER = dataDER; } certificado.PrivateKeyContrasena = model.PrivateKeyContrasena; this.DBContext.Certificados.Add(certificado); this.DBContext.SaveChanges(); } catch (Exception ex) { //log.Error(ex, "Error upload photo blob to storage"); ex.ToString(); } } return RedirectToAction("Index", "Home"); }
public bool VerifySignatureForHash(System.ReadOnlySpan <byte> hash, System.Security.Cryptography.Oid hashAlgorithmId, out System.Security.Cryptography.X509Certificates.X509Certificate2 signerCertificate, System.Security.Cryptography.X509Certificates.X509Certificate2Collection extraCandidates = null) { throw null; }
/// <summary> /// Initializes a new instance of the <see cref="MimeKit.Cryptography.CmsSigner"/> class. /// </summary> /// <remarks> /// <para>The initial value of the <see cref="MimeKit.Cryptography.DigestAlgorithm"/> will /// be set to <see cref="MimeKit.Cryptography.DigestAlgorithm.Sha1"/> and both the /// <see cref="SignedAttributes"/> and <see cref="UnsignedAttributes"/> properties will be /// initialized to empty tables.</para> /// </remarks> /// <param name="certificate">The signer's certificate.</param> /// <exception cref="System.ArgumentNullException"> /// <paramref name="certificate"/> is <c>null</c>. /// </exception> /// <exception cref="System.ArgumentException"> /// <paramref name="certificate"/> cannot be used for signing. /// </exception> public CmsSigner (X509Certificate2 certificate) : this () { if (certificate == null) throw new ArgumentNullException (nameof (certificate)); if (!certificate.HasPrivateKey) throw new ArgumentException ("The certificate does not contain a private key.", nameof (certificate)); var cert = DotNetUtilities.FromX509Certificate (certificate); var key = DotNetUtilities.GetKeyPair (certificate.PrivateKey); CheckCertificateCanBeUsedForSigning (cert); CertificateChain = new X509CertificateChain (); CertificateChain.Add (cert); Certificate = cert; PrivateKey = key.Private; }
public bool VerifySignatureForSignerInfo(System.Security.Cryptography.Pkcs.SignerInfo signerInfo, out System.Security.Cryptography.X509Certificates.X509Certificate2 signerCertificate, System.Security.Cryptography.X509Certificates.X509Certificate2Collection extraCandidates = null) { throw null; }