/// <summary> /// user cert application /// </summary> /// <param name="config">basic information</param> /// <param name="reqBody">user cert requests</param> /// <returns></returns> public Tuple <bool, string> EnrollUser(EnrollUserReqBody reqBody) { try { NodeApiReqBody <EnrollUserReqBody> req = new NodeApiReqBody <EnrollUserReqBody>() { body = new EnrollUserReqBody() { name = reqBody.name, secret = reqBody.secret }, header = new ReqHeader() { appCode = config.appInfo.AppCode, userCode = config.userCode } }; ////get csr var resCsr = config.appInfo.AlgorithmType == EmAlgorithmType.SM2 ? CsrHelper.GetSMCsr(string.Format("{0}@{1}", reqBody.name, config.appInfo.AppCode)) : CsrHelper.GetCsr(string.Format("{0}@{1}", reqBody.name, config.appInfo.AppCode)); req.body.csrPem = resCsr.Item1.Replace("\r", ""); // assemble the original string to sign var data = ReqMacExtends.GetEnrollUserReqMac(req); req.mac = sign.Sign(data); var res = SendHelper.SendPost <NodeApiResBody <EnrollUserResBody> >(config.reqUrl + EnrollUserUrl, JsonConvert.SerializeObject(req), config.httpsCert); if (res != null) { //check the status codes in turn if (res.header.code != 0) { return(new Tuple <bool, string>(false, res.header.msg)); } //assemble the original string to sign var datares = ResMacExtends.GetEnrollUserResMac(res); //verify data if (sign.Verify(res.mac, datares)) { //save the private key and cert if (!string.IsNullOrEmpty(res.body.cert)) { CertStore.SaveCert(res.body.cert, Path.Combine(config.mspDir, string.Format("{0}@{1}_cert.pem", reqBody.name, config.appInfo.AppCode))); ECDSAStore.SavePriKey(resCsr.Item2, Path.Combine(config.mspDir, string.Format("{0}@{1}_sk.pem", reqBody.name, config.appInfo.AppCode))); } return(new Tuple <bool, string>(true, "cert registration successful")); } else { return(new Tuple <bool, string>(false, "failed to verify the signature")); } } } catch (Exception ex) { throw ex; } return(new Tuple <bool, string>(false, "failed to verify the cert")); }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider(VaultProfile)) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; if (v.Certificates == null || v.Certificates.Count < 1) { throw new InvalidOperationException("No certificates found"); } var ci = v.Certificates.GetByRef(Ref); if (ci == null) { throw new Exception("Unable to find a Certificate for the given reference"); } if (!string.IsNullOrEmpty(ci.GenerateDetailsFile)) { // Generate a private key and CSR: // Key: RSA 2048-bit // MD: SHA 256 // CSR: Details pulled from CSR Details JSON file CsrHelper.CsrDetails csrDetails; var csrDetailsAsset = vp.GetAsset(VaultAssetType.CsrDetails, ci.GenerateDetailsFile); using (var s = vp.LoadAsset(csrDetailsAsset)) { csrDetails = JsonHelper.Load <CsrHelper.CsrDetails>(s); } var keyGenFile = $"{ci.Id}-gen-key.json"; var keyPemFile = $"{ci.Id}-key.pem"; var csrGenFile = $"{ci.Id}-gen-csr.json"; var csrPemFile = $"{ci.Id}-csr.pem"; var keyGenAsset = vp.CreateAsset(VaultAssetType.KeyGen, keyGenFile); var keyPemAsset = vp.CreateAsset(VaultAssetType.KeyPem, keyPemFile); var csrGenAsset = vp.CreateAsset(VaultAssetType.CsrGen, csrGenFile); var csrPemAsset = vp.CreateAsset(VaultAssetType.CsrPem, csrPemFile); var genKey = CsrHelper.GenerateRsaPrivateKey(); using (var s = vp.SaveAsset(keyGenAsset)) { genKey.Save(s); } using (var w = new StreamWriter(vp.SaveAsset(keyPemAsset))) { w.Write(genKey.Pem); } var genCsr = CsrHelper.GenerateCsr(csrDetails, genKey); using (var s = vp.SaveAsset(csrGenAsset)) { genCsr.Save(s); } using (var w = new StreamWriter(vp.SaveAsset(csrPemAsset))) { w.Write(genCsr.Pem); } ci.KeyPemFile = keyPemFile; ci.CsrPemFile = csrPemFile; } var asset = vp.GetAsset(VaultAssetType.CsrPem, ci.CsrPemFile); byte[] derRaw; using (var s = vp.LoadAsset(asset)) { using (var ms = new MemoryStream()) { CsrHelper.Csr.ConvertPemToDer(s, ms); derRaw = ms.ToArray(); } } var derB64u = JwsHelper.Base64UrlEncode(derRaw); using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); ci.CertificateRequest = c.RequestCertificate(derB64u); } if (!string.IsNullOrEmpty(ci.CertificateRequest.CertificateContent)) { var crtDerFile = $"{ci.Id}-crt.der"; var crtPemFile = $"{ci.Id}-crt.pem"; var crtDerAsset = vp.CreateAsset(VaultAssetType.CrtDer, crtDerFile); var crtPemAsset = vp.CreateAsset(VaultAssetType.CrtPem, crtPemFile); using (var s = vp.SaveAsset(crtDerAsset)) { ci.CertificateRequest.SaveCertificate(s); ci.CrtDerFile = crtDerFile; } using (Stream source = vp.LoadAsset(crtDerAsset), target = vp.SaveAsset(crtPemAsset)) { CsrHelper.Crt.ConvertDerToPem(source, target); ci.CrtPemFile = crtPemFile; } var crt = new X509Certificate2(ci.CertificateRequest.GetCertificateContent()); ci.SerialNumber = crt.SerialNumber; ci.Thumbprint = crt.Thumbprint; ci.SignatureAlgorithm = crt.SignatureAlgorithm?.FriendlyName; ci.Signature = crt.GetCertHashString(); } vp.SaveVault(v); WriteObject(ci); } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider()) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; if (v.Certificates == null || v.Certificates.Count < 1) { throw new InvalidOperationException("No certificates found"); } var ci = v.Certificates.GetByRef(Ref); if (ci == null) { throw new Exception("Unable to find a Certificate for the given reference"); } if (!string.IsNullOrEmpty(ci.GenerateDetailsFile)) { // Generate a private key and CSR: // Key: RSA 2048-bit // MD: SHA 256 // CSR: Details pulled from CSR Details JSON file CsrHelper.CsrDetails csrDetails; using (var fs = new FileStream(Path.GetFullPath(ci.GenerateDetailsFile), FileMode.Open)) { csrDetails = JsonHelper.Load <CsrHelper.CsrDetails>(fs); } var keyGenFile = $"{ci.Id}-gen-key.json"; var keyPemFile = $"{ci.Id}-key.pem"; var csrGenFile = $"{ci.Id}-gen-csr.json"; var csrPemFile = $"{ci.Id}-csr.pem"; var genKey = CsrHelper.GenerateRsaPrivateKey(); using (var fs = new FileStream(keyGenFile, FileMode.CreateNew)) { genKey.Save(fs); File.WriteAllText(keyPemFile, genKey.Pem); } var genCsr = CsrHelper.GenerateCsr(csrDetails, genKey); using (var fs = new FileStream(csrGenFile, FileMode.CreateNew)) { genCsr.Save(fs); File.WriteAllText(csrPemFile, genCsr.Pem); } ci.KeyPemFile = keyPemFile; ci.CsrPemFile = csrPemFile; } byte[] derRaw; using (var fs = new FileStream(ci.CsrPemFile, FileMode.Open)) { using (var ms = new MemoryStream()) { CsrHelper.Csr.ConvertPemToDer(fs, ms); derRaw = ms.ToArray(); } } var derB64u = JwsHelper.Base64UrlEncode(derRaw); using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); ci.CertificateRequest = c.RequestCertificate(derB64u); } if (!string.IsNullOrEmpty(ci.CertificateRequest.CertificateContent)) { var crtDerFile = $"{ci.Id}-crt.der"; var crtPemFile = $"{ci.Id}-crt.pem"; using (var fs = new FileStream(crtDerFile, FileMode.CreateNew)) { ci.CertificateRequest.SaveCertificate(fs); ci.CrtDerFile = crtDerFile; } using (FileStream source = new FileStream(crtDerFile, FileMode.Open), target = new FileStream(crtPemFile, FileMode.CreateNew)) { CsrHelper.Crt.ConvertDerToPem(source, target); ci.CrtPemFile = crtPemFile; } } vp.SaveVault(v); WriteObject(ci); } }
public void Test0170_GenCsrAndRequestCertificate() { var rsaKeys = CsrHelper.GenerateRsaPrivateKey(); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestGenCsr-rsaKeys.txt", FileMode.Create)) { rsaKeys.Save(fs); } var csrDetails = new CsrHelper.CsrDetails { CommonName = TEST_CN1 }; var csr = CsrHelper.GenerateCsr(csrDetails, rsaKeys); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestGenCsr-csrDetails.txt", FileMode.Create)) { csrDetails.Save(fs); } using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestGenCsr-csr.txt", FileMode.Create)) { csr.Save(fs); } using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open)) { reg = AcmeRegistration.Load(fs); } byte[] derRaw; using (var bs = new MemoryStream()) { csr.ExportAsDer(bs); derRaw = bs.ToArray(); } var derB64u = JwsHelper.Base64UrlEncode(derRaw); using (var client = BuildClient()) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); var certRequ = client.RequestCertificate(derB64u); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestCertRequ.acmeCertRequ", FileMode.Create)) { certRequ.Save(fs); } } } }