/// <summary>
/// user cert application
/// </summary>
/// <param name="config">basic information</param>
/// <param name="reqBody">user cert requests</param>
/// <returns></returns>
public Tuple <bool, string> EnrollUser(EnrollUserReqBody reqBody)
{
try
{
NodeApiReqBody <EnrollUserReqBody> req = new NodeApiReqBody <EnrollUserReqBody>()
{
body = new EnrollUserReqBody()
{
name = reqBody.name,
secret = reqBody.secret
},
header = new ReqHeader()
{
appCode = config.appInfo.AppCode,
userCode = config.userCode
}
};
////get csr
var resCsr = config.appInfo.AlgorithmType == EmAlgorithmType.SM2 ?
CsrHelper.GetSMCsr(string.Format("{0}@{1}", reqBody.name, config.appInfo.AppCode))
: CsrHelper.GetCsr(string.Format("{0}@{1}", reqBody.name, config.appInfo.AppCode));
req.body.csrPem = resCsr.Item1.Replace("\r", "");
// assemble the original string to sign
var data = ReqMacExtends.GetEnrollUserReqMac(req);
req.mac = sign.Sign(data);
var res = SendHelper.SendPost <NodeApiResBody <EnrollUserResBody> >(config.reqUrl + EnrollUserUrl, JsonConvert.SerializeObject(req), config.httpsCert);
if (res != null)
{
//check the status codes in turn
if (res.header.code != 0)
{
return(new Tuple <bool, string>(false, res.header.msg));
}
//assemble the original string to sign
var datares = ResMacExtends.GetEnrollUserResMac(res);
//verify data
if (sign.Verify(res.mac, datares))
{
//save the private key and cert
if (!string.IsNullOrEmpty(res.body.cert))
{
CertStore.SaveCert(res.body.cert, Path.Combine(config.mspDir, string.Format("{0}@{1}_cert.pem", reqBody.name, config.appInfo.AppCode)));
ECDSAStore.SavePriKey(resCsr.Item2, Path.Combine(config.mspDir, string.Format("{0}@{1}_sk.pem", reqBody.name, config.appInfo.AppCode)));
}
return(new Tuple <bool, string>(true, "cert registration successful"));
}
else
{
return(new Tuple <bool, string>(false, "failed to verify the signature"));
}
}
}
catch (Exception ex)
{
throw ex;
}
return(new Tuple <bool, string>(false, "failed to verify the cert"));
}
protected override void ProcessRecord()
{
using (var vp = InitializeVault.GetVaultProvider(VaultProfile))
{
vp.OpenStorage();
var v = vp.LoadVault();
if (v.Registrations == null || v.Registrations.Count < 1)
{
throw new InvalidOperationException("No registrations found");
}
var ri = v.Registrations[0];
var r = ri.Registration;
if (v.Certificates == null || v.Certificates.Count < 1)
{
throw new InvalidOperationException("No certificates found");
}
var ci = v.Certificates.GetByRef(Ref);
if (ci == null)
{
throw new Exception("Unable to find a Certificate for the given reference");
}
if (!string.IsNullOrEmpty(ci.GenerateDetailsFile))
{
// Generate a private key and CSR:
// Key: RSA 2048-bit
// MD: SHA 256
// CSR: Details pulled from CSR Details JSON file
CsrHelper.CsrDetails csrDetails;
var csrDetailsAsset = vp.GetAsset(VaultAssetType.CsrDetails, ci.GenerateDetailsFile);
using (var s = vp.LoadAsset(csrDetailsAsset))
{
csrDetails = JsonHelper.Load <CsrHelper.CsrDetails>(s);
}
var keyGenFile = $"{ci.Id}-gen-key.json";
var keyPemFile = $"{ci.Id}-key.pem";
var csrGenFile = $"{ci.Id}-gen-csr.json";
var csrPemFile = $"{ci.Id}-csr.pem";
var keyGenAsset = vp.CreateAsset(VaultAssetType.KeyGen, keyGenFile);
var keyPemAsset = vp.CreateAsset(VaultAssetType.KeyPem, keyPemFile);
var csrGenAsset = vp.CreateAsset(VaultAssetType.CsrGen, csrGenFile);
var csrPemAsset = vp.CreateAsset(VaultAssetType.CsrPem, csrPemFile);
var genKey = CsrHelper.GenerateRsaPrivateKey();
using (var s = vp.SaveAsset(keyGenAsset))
{
genKey.Save(s);
}
using (var w = new StreamWriter(vp.SaveAsset(keyPemAsset)))
{
w.Write(genKey.Pem);
}
var genCsr = CsrHelper.GenerateCsr(csrDetails, genKey);
using (var s = vp.SaveAsset(csrGenAsset))
{
genCsr.Save(s);
}
using (var w = new StreamWriter(vp.SaveAsset(csrPemAsset)))
{
w.Write(genCsr.Pem);
}
ci.KeyPemFile = keyPemFile;
ci.CsrPemFile = csrPemFile;
}
var asset = vp.GetAsset(VaultAssetType.CsrPem, ci.CsrPemFile);
byte[] derRaw;
using (var s = vp.LoadAsset(asset))
{
using (var ms = new MemoryStream())
{
CsrHelper.Csr.ConvertPemToDer(s, ms);
derRaw = ms.ToArray();
}
}
var derB64u = JwsHelper.Base64UrlEncode(derRaw);
using (var c = ClientHelper.GetClient(v, ri))
{
c.Init();
c.GetDirectory(true);
ci.CertificateRequest = c.RequestCertificate(derB64u);
}
if (!string.IsNullOrEmpty(ci.CertificateRequest.CertificateContent))
{
var crtDerFile = $"{ci.Id}-crt.der";
var crtPemFile = $"{ci.Id}-crt.pem";
var crtDerAsset = vp.CreateAsset(VaultAssetType.CrtDer, crtDerFile);
var crtPemAsset = vp.CreateAsset(VaultAssetType.CrtPem, crtPemFile);
using (var s = vp.SaveAsset(crtDerAsset))
{
ci.CertificateRequest.SaveCertificate(s);
ci.CrtDerFile = crtDerFile;
}
using (Stream source = vp.LoadAsset(crtDerAsset), target = vp.SaveAsset(crtPemAsset))
{
CsrHelper.Crt.ConvertDerToPem(source, target);
ci.CrtPemFile = crtPemFile;
}
var crt = new X509Certificate2(ci.CertificateRequest.GetCertificateContent());
ci.SerialNumber = crt.SerialNumber;
ci.Thumbprint = crt.Thumbprint;
ci.SignatureAlgorithm = crt.SignatureAlgorithm?.FriendlyName;
ci.Signature = crt.GetCertHashString();
}
vp.SaveVault(v);
WriteObject(ci);
}
}
protected override void ProcessRecord()
{
using (var vp = InitializeVault.GetVaultProvider())
{
vp.OpenStorage();
var v = vp.LoadVault();
if (v.Registrations == null || v.Registrations.Count < 1)
{
throw new InvalidOperationException("No registrations found");
}
var ri = v.Registrations[0];
var r = ri.Registration;
if (v.Certificates == null || v.Certificates.Count < 1)
{
throw new InvalidOperationException("No certificates found");
}
var ci = v.Certificates.GetByRef(Ref);
if (ci == null)
{
throw new Exception("Unable to find a Certificate for the given reference");
}
if (!string.IsNullOrEmpty(ci.GenerateDetailsFile))
{
// Generate a private key and CSR:
// Key: RSA 2048-bit
// MD: SHA 256
// CSR: Details pulled from CSR Details JSON file
CsrHelper.CsrDetails csrDetails;
using (var fs = new FileStream(Path.GetFullPath(ci.GenerateDetailsFile),
FileMode.Open))
{
csrDetails = JsonHelper.Load <CsrHelper.CsrDetails>(fs);
}
var keyGenFile = $"{ci.Id}-gen-key.json";
var keyPemFile = $"{ci.Id}-key.pem";
var csrGenFile = $"{ci.Id}-gen-csr.json";
var csrPemFile = $"{ci.Id}-csr.pem";
var genKey = CsrHelper.GenerateRsaPrivateKey();
using (var fs = new FileStream(keyGenFile, FileMode.CreateNew))
{
genKey.Save(fs);
File.WriteAllText(keyPemFile, genKey.Pem);
}
var genCsr = CsrHelper.GenerateCsr(csrDetails, genKey);
using (var fs = new FileStream(csrGenFile, FileMode.CreateNew))
{
genCsr.Save(fs);
File.WriteAllText(csrPemFile, genCsr.Pem);
}
ci.KeyPemFile = keyPemFile;
ci.CsrPemFile = csrPemFile;
}
byte[] derRaw;
using (var fs = new FileStream(ci.CsrPemFile, FileMode.Open))
{
using (var ms = new MemoryStream())
{
CsrHelper.Csr.ConvertPemToDer(fs, ms);
derRaw = ms.ToArray();
}
}
var derB64u = JwsHelper.Base64UrlEncode(derRaw);
using (var c = ClientHelper.GetClient(v, ri))
{
c.Init();
c.GetDirectory(true);
ci.CertificateRequest = c.RequestCertificate(derB64u);
}
if (!string.IsNullOrEmpty(ci.CertificateRequest.CertificateContent))
{
var crtDerFile = $"{ci.Id}-crt.der";
var crtPemFile = $"{ci.Id}-crt.pem";
using (var fs = new FileStream(crtDerFile, FileMode.CreateNew))
{
ci.CertificateRequest.SaveCertificate(fs);
ci.CrtDerFile = crtDerFile;
}
using (FileStream source = new FileStream(crtDerFile, FileMode.Open),
target = new FileStream(crtPemFile, FileMode.CreateNew))
{
CsrHelper.Crt.ConvertDerToPem(source, target);
ci.CrtPemFile = crtPemFile;
}
}
vp.SaveVault(v);
WriteObject(ci);
}
}
public void Test0170_GenCsrAndRequestCertificate()
{
var rsaKeys = CsrHelper.GenerateRsaPrivateKey();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestGenCsr-rsaKeys.txt", FileMode.Create))
{
rsaKeys.Save(fs);
}
var csrDetails = new CsrHelper.CsrDetails
{
CommonName = TEST_CN1
};
var csr = CsrHelper.GenerateCsr(csrDetails, rsaKeys);
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestGenCsr-csrDetails.txt", FileMode.Create))
{
csrDetails.Save(fs);
}
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestGenCsr-csr.txt", FileMode.Create))
{
csr.Save(fs);
}
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
byte[] derRaw;
using (var bs = new MemoryStream())
{
csr.ExportAsDer(bs);
derRaw = bs.ToArray();
}
var derB64u = JwsHelper.Base64UrlEncode(derRaw);
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
var certRequ = client.RequestCertificate(derB64u);
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestCertRequ.acmeCertRequ", FileMode.Create))
{
certRequ.Save(fs);
}
}
}
}
