Ejemplo n.º 1
0
        public object SerializeSignedObject()
        {
            object token = null;

            if (Payload == null)
            {
                throw new ArgumentException("Payload must be set before the token can be created and signed.");
            }

            JWK    jwk = null;
            string kid = null;

            if (string.IsNullOrEmpty(_kid))
            {
                //Create the JWK
                jwk = new JWK()
                {
                    e   = Base64Tool.Encode(_rsaParameters.Exponent),
                    kty = "RSA",
                    n   = Base64Tool.Encode(_rsaParameters.Modulus)
                };
            }
            else
            {
                kid = _kid;
            }

            //Create the Protected Header
            PROTECTED @protected = new PROTECTED()
            {
                alg   = "RS256",
                jwk   = jwk,
                kid   = kid,
                nonce = _nonce,
                url   = _directory
            };

            //Encode jwk and payload
            string encodedProtected = Base64Tool.Encode(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(@protected, Formatting.None)));
            string encodedPayload   = Base64Tool.Encode(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(Payload, Formatting.None)));

            //Sign Token
            string sigBase = $"{encodedProtected}.{encodedPayload}";

            byte[] sigBytes    = Encoding.ASCII.GetBytes(sigBase);
            byte[] signedBytes = _cryptoProvider.SignData(sigBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
            string signature   = Base64Tool.Encode(signedBytes);

            token = new
            {
                @protected = encodedProtected,
                payload    = encodedPayload,
                signature  = signature
            };

            return(token);
        }
Ejemplo n.º 2
0
        private string GenerateCSR(AcmeAccount account, params string[] domainNames)
        {
            HashAlgorithmName hashName = HashAlgorithmName.SHA256;

            var builder = new SubjectAlternativeNameBuilder();

            foreach (var name in domainNames)
            {
                builder.AddDnsName(name);
            }

            RSA rsa = RSA.Create(4096);
            //rsa.ImportParameters(account.SecurityInfo);

            var dn  = new X500DistinguishedName($"CN={domainNames.First()}");
            var csr = new CertificateRequest(dn, rsa, hashName, RSASignaturePadding.Pkcs1);

            csr.CertificateExtensions.Add(builder.Build());

            return(Base64Tool.Encode(csr.CreateSigningRequest()));
        }
Ejemplo n.º 3
0
        public static string CreateAuthorizationKey(AcmeAccount account, string challengeToken)
        {
            string jwkThumbprint = string.Empty;

            //Compute the JWK Thumbprint
            var jwk = new
            {
                e   = Base64Tool.Encode(account.SecurityInfo.Exponent),
                kty = "RSA",
                n   = Base64Tool.Encode(account.SecurityInfo.Modulus)
            };

            string sjwk = JsonConvert.SerializeObject(jwk, Formatting.None);

            using (HashAlgorithm sha = SHA256.Create())
            {
                byte[] bjwk = Encoding.UTF8.GetBytes(sjwk);
                jwkThumbprint = Base64Tool.Encode(sha.ComputeHash(bjwk));
            }

            return($"{challengeToken}.{jwkThumbprint}");
        }
Ejemplo n.º 4
0
        protected void Page_Load(object sender, EventArgs e)
        {
            var message = Request.Params["Message"];
            //message = "227 1111111";
            var str      = message.ToString().Split(' ');
            var codeUser = str[0];
            var content  = str[1];

            Bitmap       bmp    = null;
            MemoryStream stream = null;

            try
            {
                if (message == null)
                {
                    Json = "参数Message不能为null!";
                    return;
                }

                //数据加密编码
                string strBase64Content = Base64Tool.Base64Code(content);
                //生成二维码Bitmap
                QRCodeEncoder qrCode = new QRCodeEncoder();
                qrCode.QRCodeEncodeMode   = QRCodeEncoder.ENCODE_MODE.BYTE;
                qrCode.QRCodeScale        = 6;
                qrCode.QRCodeVersion      = 7;
                qrCode.QRCodeErrorCorrect = QRCodeEncoder.ERROR_CORRECTION.M;
                bmp = qrCode.Encode(strBase64Content);
                //Bitmap转换成MemoryStream
                stream = new System.IO.MemoryStream();
                bmp.Save(stream, ImageFormat.Jpeg);
                //内存流MemoryStream转成bytes
                byte[] bt = stream.ToArray();
                stream.Write(bt, 0, bt.Length);
                //获取上传地址
                string strQRCodePicPath = FileTool.GetWebConfigKey("QRCodePicUploadPath");
                string strQRCodePicName = codeUser + ".jpg";

                if (!FileTool.UploadFile(strQRCodePicPath, strQRCodePicName, bt))
                {
                    Json = "False";
                }

                Json = JsonConvert.SerializeObject(strQRCodePicName);
            }
            catch (Exception ex)
            {
                LogTool.WriteLog(typeof(QRCode), ex);
                Json = "Error";
            }
            finally
            {
                if (stream != null)
                {
                    stream.Close();
                }
                if (bmp != null)
                {
                    bmp.Dispose();
                }
            }
        }
Ejemplo n.º 5
0
        /// <summary>
        /// Changes and updates the account security info for an existing account.
        /// </summary>
        /// <param name="directory">Directory object.</param>
        /// <param name="nonce">Nonce</param>
        /// <param name="account">Must be existing account.</param>
        /// <returns>Return api response with status.</returns>
        /// <remarks>Will update the security info on the passed in account, so you will need to reserialize and update your existing account object to update the security info.</remarks>
        public async Task <AcmeApiResponse> RollOverAccountKeyAsync(AcmeDirectory directory, string nonce, AcmeAccount account)
        {
            if (directory == null)
            {
                throw new ArgumentNullException("directory");
            }
            if (string.IsNullOrEmpty(directory.NewAccount))
            {
                throw new ArgumentException("directory is missing Account url.");
            }
            if (string.IsNullOrEmpty(nonce))
            {
                throw new ArgumentNullException("nonce");
            }
            if (account == null)
            {
                throw new ArgumentNullException("account");
            }

            RSACryptoServiceProvider cryptoProvider = new RSACryptoServiceProvider(2048);
            RSAParameters            rsaPrams       = cryptoProvider.ExportParameters(true);

            JwsContainer <ACCKEY> innerJwsObject = new JwsContainer <ACCKEY>(
                rsaPrams,
                nonce,
                directory.KeyChange,
                new ACCKEY()
            {
                account = account.KID,
                newKey  = new JWK()
                {
                    e   = Base64Tool.Encode(rsaPrams.Exponent),
                    kty = "RSA",
                    n   = Base64Tool.Encode(rsaPrams.Modulus)
                }
            });

            object signedInnerJwsObject = innerJwsObject.SerializeSignedObject();

            JwsContainer <object> outerJwsObject = new JwsContainer <object>(account.SecurityInfo, nonce, directory.KeyChange, account.KID, signedInnerJwsObject);

            string jwsToken = outerJwsObject.SerializeSignedToken();

            var apiResp = await SendPostData(
                url : directory.KeyChange,
                data : jwsToken);

            string apiRespString = await apiResp.Content?.ReadAsStringAsync();

            if (apiResp.StatusCode != HttpStatusCode.OK)
            {
                return(ErrorResponse(apiRespString));
            }

            if (!apiResp.Headers.TryGetValues(ProtoacmeContants.HEADER_NONCE, out IEnumerable <string> nonces))
            {
                return(ErrorResponse <AcmeAccount>("Missing Replay-Nonce Header on RolloverKey Response."));
            }

            account.SecurityInfo = rsaPrams;

            return(new AcmeApiResponse()
            {
                Status = AcmeApiResponseStatus.Success,
                Nonce = nonces.FirstOrDefault()
            });
        }