/// <summary>
/// Gets the hash code
/// </summary>
/// <returns>Hash code</returns>
public override int GetHashCode()
{
unchecked // Overflow is fine, just wrap
{
var hashCode = 41;
// Suitable nullity checks etc, of course :)
if (Subject != null)
{
hashCode = hashCode * 59 + Subject.GetHashCode();
}
if (Issuer != null)
{
hashCode = hashCode * 59 + Issuer.GetHashCode();
}
if (NotBefore != null)
{
hashCode = hashCode * 59 + NotBefore.GetHashCode();
}
if (NotAfter != null)
{
hashCode = hashCode * 59 + NotAfter.GetHashCode();
}
if (SerialNumber != null)
{
hashCode = hashCode * 59 + SerialNumber.GetHashCode();
}
return(hashCode);
}
}
/// <summary>
/// Set all mandatory fields.
/// </summary>
/// <param name="cg">The cert generator</param>
private void CreateMandatoryFields(X509V3CertificateGenerator cg)
{
m_subjectDN = new CertificateFactoryX509Name(SubjectName.Name);
// subject and issuer DN, issuer of issuer for AKI
m_issuerDN = null;
m_issuerIssuerAKI = null;
if (IssuerCAKeyCert != null)
{
m_issuerDN = new CertificateFactoryX509Name(IssuerCAKeyCert.Subject);
m_issuerIssuerAKI = new CertificateFactoryX509Name(IssuerCAKeyCert.Issuer);
}
else
{
// self signed
m_issuerDN = m_subjectDN;
m_issuerIssuerAKI = m_subjectDN;
}
cg.SetIssuerDN(m_issuerDN);
cg.SetSubjectDN(m_subjectDN);
// valid for
cg.SetNotBefore(NotBefore.ToUniversalTime());
cg.SetNotAfter(NotAfter.ToUniversalTime());
// serial number
cg.SetSerialNumber(new BigInteger(1, m_serialNumber.Reverse().ToArray()));
}
public virtual void WriteXml(XmlDictionaryWriter writer,
SamlSerializer samlSerializer,
SecurityTokenSerializer keyInfoSerializer)
{
if (writer == null)
{
throw new ArgumentNullException("writer");
}
if (samlSerializer == null)
{
throw new ArgumentNullException("samlSerializer");
}
writer.WriteStartElement("saml", "Conditions", SamlConstants.Namespace);
CultureInfo invariant = CultureInfo.InvariantCulture;
if (has_not_before)
{
writer.WriteAttributeString("NotBefore", NotBefore.ToString(SamlConstants.DateFormat, invariant));
}
if (has_not_on_after)
{
writer.WriteAttributeString("NotOnOrAfter", NotOnOrAfter.ToString(SamlConstants.DateFormat, invariant));
}
foreach (SamlCondition cond in Conditions)
{
cond.WriteXml(writer, samlSerializer, keyInfoSerializer);
}
writer.WriteEndElement();
}
public X509Certificate2 CreateCertificate(string subjectName, string alternateName, X509Certificate2 authority)
{
var rsa = authority == null
? new RSACryptoServiceProvider(KeyLength)
: new RSACryptoServiceProvider(KeyLength, new CspParameters(1, "Microsoft Base Cryptographic Provider v1.0", Guid.NewGuid().ToString()));
if (authority == null)
{
var authorityCertificateRequest = new CertificateRequest(subjectName, rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
authorityCertificateRequest.CertificateExtensions.Add(new X509BasicConstraintsExtension(true, false, 0, true));
authorityCertificateRequest.CertificateExtensions.Add(new X509SubjectKeyIdentifierExtension(authorityCertificateRequest.PublicKey, false));
authority = authorityCertificateRequest.CreateSelfSigned(NotBefore.ToUniversalTime(), NotAfter.ToUniversalTime());
return(new X509Certificate2(authority.Export(X509ContentType.Pfx, string.Empty), string.Empty, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet));
}
else
{
var sanBuilder = new SubjectAlternativeNameBuilder();
sanBuilder.AddDnsName(alternateName);
var certificateRequest = new CertificateRequest(subjectName, rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
certificateRequest.CertificateExtensions.Add(sanBuilder.Build());
certificateRequest.CertificateExtensions.Add(new X509BasicConstraintsExtension(false, false, 0, false));
certificateRequest.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyEncipherment, true));
certificateRequest.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(new OidCollection {
new Oid("1.3.6.1.5.5.7.3.1")
}, true));
certificateRequest.CertificateExtensions.Add(new X509SubjectKeyIdentifierExtension(certificateRequest.PublicKey, false));
X509Certificate2 certificate = certificateRequest.Create(authority, authority.NotBefore.ToUniversalTime(), authority.NotAfter.ToUniversalTime(), Guid.NewGuid().ToByteArray());
certificate = certificate.CopyWithPrivateKey(rsa);
return(new X509Certificate2(certificate.Export(X509ContentType.Pfx, string.Empty), string.Empty, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet));
}
}
public CertRequestDTO()
{
Country = "US";
NotBefore = DateTime.UtcNow;
NotAfter = NotBefore.AddYears(10);
PrivateKey = new PrivateKeyDTO();
}
public string GetEag()
{
var t = this.Id + this.Roles + NotBefore.ToString() + expires.ToString();
var s = SecurityHelper.Sign(t);
return(s);
}
public CertRequestDTO()
{
Country = "US";
Name = "<Certificate Name>";
NotBefore = DateTime.Now;
NotAfter = NotBefore.AddYears(10);
PrivateKey = new PrivateKeyDTO();
}
/// <summary>
/// Default constructor.
/// </summary>
protected virtual void Initialize()
{
m_notBefore = DateTime.UtcNow.AddDays(-1).Date;
m_notAfter = NotBefore.AddMonths(X509Defaults.LifeTime);
m_hashAlgorithmName = X509Defaults.HashAlgorithmName;
m_serialNumberLength = X509Defaults.SerialNumberLengthMin;
m_extensions = new X509ExtensionCollection();
}
/// <inheritdoc/>
public override int GetHashCode()
{
unchecked
{
int result = base.GetHashCode();
result = (result * 397) ^ NotBefore?.GetHashCode() ?? 0;
result = (result * 397) ^ Before?.GetHashCode() ?? 0;
return(result);
}
}
public override int GetHashCode()
{
unchecked
{
int hashCode = NotBefore.GetHashCode();
hashCode = (hashCode * 397) ^ Expires.GetHashCode();
hashCode = (hashCode * 397) ^ Admin.GetHashCode();
hashCode = (hashCode * 397) ^ Debug.GetHashCode();
return(hashCode);
}
}
public override int GetHashCode()
{
unchecked
{
var hashCode = Subject?.GetHashCode() ?? 0;
hashCode = (hashCode * 397) ^ (IssuedBy?.GetHashCode() ?? 0);
hashCode = (hashCode * 397) ^ NotBefore.GetHashCode();
hashCode = (hashCode * 397) ^ NotAfter.GetHashCode();
hashCode = (hashCode * 397) ^ (Thumbprint?.GetHashCode() ?? 0);
return(hashCode);
}
}
public CertificateManager(string issuer, string certificateAuthorityName, StoreLocation location)
{
_myStore = new X509Store(StoreName.My, location);
_rootStore = new X509Store(StoreName.Root, location);
_certificateCache = new Dictionary <string, X509Certificate2>();
NotBefore = DateTime.Now;
NotAfter = NotBefore.AddMonths(1);
Issuer = issuer;
CertificateAuthorityName = certificateAuthorityName;
}
public IssueCertificateOptions(AsymmetricKeyParameter publicKey)
{
if (publicKey == null)
{
throw new ArgumentNullException(nameof(publicKey));
}
NotBefore = DateTimeOffset.UtcNow;
NotAfter = NotBefore.AddHours(2);
PublicKey = publicKey;
var id = Guid.NewGuid().ToString();
SubjectName = new X509Name($"C=US,ST=WA,L=Redmond,O=NuGet,CN=NuGet Test Root Certificate Authority ({id})");
}
public IDictionary <string, object> ToDictionary()
{
return((AdditionalClaims ?? new Dictionary <string, object>()).Concat(
new Dictionary <string, object>
{
["iss"] = Issuer,
["sub"] = Subject,
["aud"] = Audience,
["exp"] = Expiration?.ToString(_iso8601Format, CultureInfo.InvariantCulture),
["nbf"] = NotBefore?.ToString(_iso8601Format, CultureInfo.InvariantCulture),
["iat"] = IssuedAt?.ToString(_iso8601Format, CultureInfo.InvariantCulture),
["jti"] = TokenIdentifier,
}
).Where(x => x.Value != null).ToDictionary(x => x.Key, x => x.Value));
}
/// <summary>
/// Returns true if TruststoreItems instances are equal
/// </summary>
/// <param name="other">Instance of TruststoreItems to be compared</param>
/// <returns>Boolean</returns>
public bool Equals(TruststoreItems other)
{
if (other is null)
{
return(false);
}
if (ReferenceEquals(this, other))
{
return(true);
}
return
((
Alias == other.Alias ||
Alias != null &&
Alias.Equals(other.Alias)
) &&
(
EntryType == other.EntryType ||
EntryType != null &&
EntryType.Equals(other.EntryType)
) &&
(
Subject == other.Subject ||
Subject != null &&
Subject.Equals(other.Subject)
) &&
(
Issuer == other.Issuer ||
Issuer != null &&
Issuer.Equals(other.Issuer)
) &&
(
NotBefore == other.NotBefore ||
NotBefore != null &&
NotBefore.Equals(other.NotBefore)
) &&
(
NotAfter == other.NotAfter ||
NotAfter != null &&
NotAfter.Equals(other.NotAfter)
) &&
(
SerialNumber == other.SerialNumber ||
SerialNumber != null &&
SerialNumber.Equals(other.SerialNumber)
));
}
private void CreateConditions(XElement assertion)
{
var conditions = XmlUtil.CreateElement(SamlTags.Conditions);
conditions.Add(new XAttribute(SamlAttributes.NotBefore, NotBefore.FormatDateTimeXml()));
conditions.Add(new XAttribute(SamlAttributes.NotOnOrAfter, NotOnOrAfter.FormatDateTimeXml()));
var audienceRestriction = XmlUtil.CreateElement(SamlTags.AudienceRestriction);
var audience = XmlUtil.CreateElement(SamlTags.Audience);
audience.Value = AudienceRestriction;
audienceRestriction.Add(audience);
conditions.Add(audienceRestriction);
assertion.Add(conditions);
}
/// <inheritdoc/>
public override int GetHashCode()
{
unchecked
{
int result = base.GetHashCode();
if (NotBefore != null)
{
result = (result * 397) ^ NotBefore.GetHashCode();
}
if (Before != null)
{
result = (result * 397) ^ Before.GetHashCode();
}
return(result);
}
}
public void ValidateTimestamp(long allowedDriftInSeconds)
{
if (allowedDriftInSeconds < 0)
{
throw new ArgumentException("'allowedDriftInSeconds' must not be negative!");
}
var now = DateTimeEx.UtcNowRound;
if (now.AddSeconds(allowedDriftInSeconds) < NotBefore)
{
throw new ModelException("OIOSAML token is not valid yet - now: " + now.FormatDateTimeXml() +
". OIOSAML token validity start: " + NotBefore.FormatDateTimeXml() + ". Allowed clock drift: " + allowedDriftInSeconds + " seconds");
}
if (now.AddSeconds(-allowedDriftInSeconds) > NotOnOrAfter)
{
throw new ModelException("OIOSAML token no longer valid - now: " + now.FormatDateTimeXml() +
". OIOSAML token validity end: " + NotOnOrAfter.FormatDateTimeXml() + ". Allowed clock drift: " + allowedDriftInSeconds + " seconds");
}
}
private CertificateBuilder(X509Certificate2 issuer, bool certificateAuthority, int pathLenConstraint = 0)
: base(issuer)
{
// Initialize key strength
KeyStrength = certificateAuthority ? DefaultCertificateAuthorityKeyStrength : DefaultCertificateKeyStrength;
// Initialize serial number; can be changed.
SerialNumber = BigInteger.ProbablePrime(120, SecureRandom);
// Decide what kind of certificate will be issued.
BasicConstraints = certificateAuthority
? new BasicConstraints(pathLenConstraint)
: new BasicConstraints(false);
// Validity period.
NotBefore = DateTime.UtcNow;
NotAfter = NotBefore.AddMonths(DefaultValidityPeriodInMonths);
// Certificate policies; see DirectTrustCertificatePolicies
Policies = new List <string>();
}
void validateDates(X509Certificate2 signer)
{
if (signer == null)
{
if (NotAfter <= NotBefore)
{
NotAfter = NotBefore.AddYears(1);
}
}
else
{
if (NotBefore < signer.NotBefore)
{
NotBefore = signer.NotBefore;
}
if (NotAfter > signer.NotAfter)
{
NotAfter = signer.NotAfter;
}
}
}
/// <summary>
/// Returns true if KeystoreChainItems instances are equal
/// </summary>
/// <param name="other">Instance of KeystoreChainItems to be compared</param>
/// <returns>Boolean</returns>
public bool Equals(KeystoreChainItems other)
{
if (other is null)
{
return(false);
}
if (ReferenceEquals(this, other))
{
return(true);
}
return
((
Subject == other.Subject ||
Subject != null &&
Subject.Equals(other.Subject)
) &&
(
Issuer == other.Issuer ||
Issuer != null &&
Issuer.Equals(other.Issuer)
) &&
(
NotBefore == other.NotBefore ||
NotBefore != null &&
NotBefore.Equals(other.NotBefore)
) &&
(
NotAfter == other.NotAfter ||
NotAfter != null &&
NotAfter.Equals(other.NotAfter)
) &&
(
SerialNumber == other.SerialNumber ||
SerialNumber != null &&
SerialNumber.Equals(other.SerialNumber)
));
}
public XElement Serialize()
{
return(new XElement(Constants.XMLNamespaces.SAML + "Conditions",
new XAttribute("NotBefore", NotBefore.ToUTCString()),
new XAttribute("NotOnOrAfter", NotOnOrAfter.ToUTCString())));
}
protected bool Equals(CertificateInfo other)
{
return(string.Equals(Subject, other.Subject) && string.Equals(IssuedBy, other.IssuedBy) && NotBefore.Equals(other.NotBefore) && NotAfter.Equals(other.NotAfter) && string.Equals(Thumbprint, other.Thumbprint));
}
public WindowsCertificateEngine()
{
NotBefore = DateTime.Now;
NotAfter = NotBefore.AddMonths(1);
}
public IssueCertificateOptions()
{
NotBefore = DateTimeOffset.UtcNow;
NotAfter = NotBefore.AddHours(2);
SignatureAlgorithmName = "SHA256WITHRSA";
}
public X509Certificate2 CreateCertificate(string subjectName, string alternateName)
{
using (var rsa = Authority == null
? new RSACryptoServiceProvider(KeyLength)
: new RSACryptoServiceProvider(KeyLength, new CspParameters(1, "Microsoft Base Cryptographic Provider v1.0", Guid.NewGuid().ToString())))
{
var certificateRequest = new CertificateRequest(subjectName, rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
if (Authority == null)
{
certificateRequest.CertificateExtensions.Add(new X509BasicConstraintsExtension(true, false, 0, true));
certificateRequest.CertificateExtensions.Add(new X509SubjectKeyIdentifierExtension(certificateRequest.PublicKey, false));
using (X509Certificate2 certificate = certificateRequest.CreateSelfSigned(NotBefore.ToUniversalTime(), NotAfter.ToUniversalTime()))
{
certificate.FriendlyName = alternateName;
return(new X509Certificate2(certificate.Export(X509ContentType.Pfx, string.Empty), string.Empty, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet));
}
}
else
{
var sanBuilder = new SubjectAlternativeNameBuilder();
sanBuilder.AddDnsName(alternateName);
certificateRequest.CertificateExtensions.Add(sanBuilder.Build());
certificateRequest.CertificateExtensions.Add(new X509BasicConstraintsExtension(false, false, 0, false));
certificateRequest.CertificateExtensions.Add(new X509SubjectKeyIdentifierExtension(certificateRequest.PublicKey, false));
using (X509Certificate2 certificate = certificateRequest.Create(Authority, Authority.NotBefore, Authority.NotAfter, Guid.NewGuid().ToByteArray()))
using (X509Certificate2 certificateWithPrivateKey = certificate.CopyWithPrivateKey(rsa))
{
certificateWithPrivateKey.FriendlyName = alternateName;
return(new X509Certificate2(certificateWithPrivateKey.Export(X509ContentType.Pfx, string.Empty), string.Empty, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet));
}
}
}
}
void ReleaseDesignerOutlets()
{
if (CountryPopUpButton != null)
{
CountryPopUpButton.Dispose();
CountryPopUpButton = null;
}
if (CancelButton != null)
{
CancelButton.Dispose();
CancelButton = null;
}
if (Country != null)
{
Country.Dispose();
Country = null;
}
if (CreateButton != null)
{
CreateButton.Dispose();
CreateButton = null;
}
if (DNSName != null)
{
DNSName.Dispose();
DNSName = null;
}
if (Email != null)
{
Email.Dispose();
Email = null;
}
if (IPAddress != null)
{
IPAddress.Dispose();
IPAddress = null;
}
if (KeyUSageContraints != null)
{
KeyUSageContraints.Dispose();
KeyUSageContraints = null;
}
if (Locality != null)
{
Locality.Dispose();
Locality = null;
}
if (Name != null)
{
Name.Dispose();
Name = null;
}
if (NotAfter != null)
{
NotAfter.Dispose();
NotAfter = null;
}
if (NotBefore != null)
{
NotBefore.Dispose();
NotBefore = null;
}
if (Organization != null)
{
Organization.Dispose();
Organization = null;
}
if (OU != null)
{
OU.Dispose();
OU = null;
}
if (PrivateKey != null)
{
PrivateKey.Dispose();
PrivateKey = null;
}
if (SelectPriKey != null)
{
SelectPriKey.Dispose();
SelectPriKey = null;
}
if (State != null)
{
State.Dispose();
State = null;
}
if (URIName != null)
{
URIName.Dispose();
URIName = null;
}
}
public IssueCertificateOptions()
{
NotBefore = DateTimeOffset.UtcNow;
NotAfter = NotBefore.AddHours(2);
}
public bool Equals(TokenOptions other)
{
return(NotBefore.Equals(other.NotBefore) && Expires.Equals(other.Expires) && Admin == other.Admin &&
Debug == other.Debug);
}
public virtual string GetEffectiveDateString()
{
return(NotBefore.ToString());
}