public void LoadCertificatePemOverridesCer() { using X509Certificate2 certificate = PemReader.LoadCertificate(PEM.AsSpan(), Encoding.UTF8.GetBytes("This is not a certificate")); Assert.AreEqual("CN=Azure SDK", certificate.Subject); Assert.IsTrue(certificate.HasPrivateKey); Assert.AreEqual(2048, certificate.PrivateKey.KeySize); }
public void LoadCertificate() { using X509Certificate2 certificate = PemReader.LoadCertificate(PEM.AsSpan()); Assert.AreEqual("CN=Azure SDK", certificate.Subject); Assert.IsTrue(certificate.HasPrivateKey); Assert.AreEqual(2048, certificate.PrivateKey.KeySize); }
public void ExportPublicKeyTest() { var json = File.ReadAllText(@"Resources/DkimConfig.json"); var jss = new JavaScriptSerializer(); var config = jss.Deserialize<DkimConfig>(json); var pubKey = PEM.ExportPublicKey(config.PrivateKey); Assert.AreEqual(expected, pubKey); }
public static X509Certificate2 GetCertificateFromDualPEM(string data) { byte[] certBuffer = Helpers.GetBytesFromPEM(data, PemStringType.Certificate); byte[] keyBuffer = Helpers.GetBytesFromPEM(data, PemStringType.RsaPrivateKey); X509Certificate2 certificate = new X509Certificate2(certBuffer, "", X509KeyStorageFlags.Exportable); RSACryptoServiceProvider prov = PEM.DecodeRsaPrivateKey(keyBuffer); certificate.PrivateKey = prov; return(certificate); }
public void LoadedCertificateNotDisposed() { using X509Certificate2 certificate = PemReader.LoadCertificate(PEM.AsSpan()); using RSA publicKey = certificate.GetRSAPublicKey(); using RSA privateKey = certificate.GetRSAPrivateKey(); byte[] plaintext = Encoding.UTF8.GetBytes("test"); byte[] ciphertext = publicKey.Encrypt(plaintext, RSAEncryptionPadding.Pkcs1); byte[] decrypted = privateKey.Decrypt(ciphertext, RSAEncryptionPadding.Pkcs1); Assert.AreEqual(plaintext, decrypted); }
public void ReadCertificateWithPrivateKey() { ReadOnlySpan <char> data = PEM.AsSpan(); // Expect to find the private key first. Assert.IsTrue(PemReader.TryRead(data, out PemReader.PemField field)); Assert.AreEqual("PRIVATE KEY", field.Label.ToString()); Assert.AreEqual(PrivateKeyBytes, field.FromBase64Data()); // Expect to find the certificate second. data = data.Slice(field.Start + field.Length); Assert.IsTrue(PemReader.TryRead(data, out field)); Assert.AreEqual("CERTIFICATE", field.Label.ToString()); Assert.AreEqual(CertificateBytes, field.FromBase64Data()); }
// This function supports both PKCS#1 & PKCS#8 encodings public RSAPrivateKey ParsePem(Stream input) { var der = PEM.Decode(input, PEM.PrivateKey); using (var derStream = new MemoryStream(der)) { // TODO add more validation, ensure that the algorithm used is RSA var asn1 = (Sequence)parser.Parse(derStream).First(); var octet = (OctetString)asn1.Children.Last(); using (var octetStream = new MemoryStream(octet.UnencodedValue)) { var rsaParser = new RSAPrivateKeyParser(parser); return(rsaParser.ParseDer(octetStream)); } } }
public string ToPemString() { return(PEM.Encode(this.ToDerBytes(), PEM.RSAPrivateKey)); }
void Run(Arguments args) { ILogReceiver console = null; if (args.IsOptionPresent("debug")) { if (console == null) { console = LogConsole.Create(); } console.Level = LogLevel.Debug; } if (args.IsOptionPresent("verbose")) { if (console == null) { console = LogConsole.Create(); } console.Level = LogLevel.Verbose; } LoadConfig(); List <XT> results = new List <XT>(); foreach (string dir in Directory.GetDirectories(Path.Combine(LetsEncryptPath, "live"))) { string domainName = Path.GetFileName(dir); var conf = Path.Combine(LetsEncryptPath, "renewal", domainName + ".conf"); if (!File.Exists(conf)) { continue; } if (domainName.Split('.').Length != 2) { continue; } if (!domains.TryGetStruct(nameof(Domain.Name), domainName, out Domain domain)) { var x = XT.Format("<red>Error: <default>Domain <red>{0}<default> removed from imscp!", domainName); results.Add(x); SystemConsole.WriteLine(x); File.Delete(conf); continue; } string certText = File.ReadAllText(Path.Combine(dir, "cert.pem")).GetValidChars(ASCII.Strings.Printable + '\n') + "\n"; string keyText = File.ReadAllText(Path.Combine(dir, "privkey.pem")).GetValidChars(ASCII.Strings.Printable + '\n') + "\n"; string chainText = File.ReadAllText(Path.Combine(dir, "chain.pem")).GetValidChars(ASCII.Strings.Printable + '\n') + "\n"; var sslCerts = ssl_certs.GetStructs(nameof(SslCerts.DomainID), domain.ID); if (sslCerts.Count > 1) { var x = XT.Format("<red>Error: <default>Multiple ssl certs for domain {0}!", domain); results.Add(x); SystemConsole.WriteLine(x); continue; } var newCert = PEM.ReadCert(certText.SplitNewLine()); if (sslCerts.Count == 1) { //already got one, check for update var sslCert = sslCerts[0]; var oldCert = PEM.ReadCert(sslCert.Certificate.SplitNewLine()); if (newCert.Equals(oldCert)) { this.LogInfo("Domain <green>{0}<default> valid till <green>{1}", domainName, oldCert.GetExpirationDateString()); //no change continue; } if (!oldCert.Issuer.Contains("O=Let's Encrypt")) { //do not override users own certs continue; } sslCert.Certificate = certText; sslCert.PrivateKey = keyText; sslCert.CaBundle = chainText; sslCert.Status = "tochange"; ssl_certs.Update(sslCert); } else { var sslCert = new SslCerts() { AllowHsts = "off", CaBundle = chainText, Certificate = certText, DomainID = (int)domain.ID, DomainType = "dmn", HstsIncludeSubdomains = "off", HstsMaxAge = 31536000, PrivateKey = keyText, Status = "tochange", }; ssl_certs.Insert(sslCert); } domain.Status = "tochange"; domains.Update(domain); { var x = XT.Format("<green>Certificate: <default>Domain {0} new certificate {1} valid till {2}!", domain, newCert.Subject, newCert.GetExpirationDateString()); results.Add(x); SystemConsole.WriteLine(x); } } this.LogInfo("Completed."); if (results.Count > 0) { MailMessage msg = new MailMessage(mailSender, "*****@*****.**") { Subject = "CaveSystems LetsEncrypt", IsBodyHtml = true, Body = results.ToHtml() }; smtpClient.Send(msg); } Logger.Flush(); Logger.CloseAll(); console?.Dispose(); }
private static byte[] DecodePem(Stream input) { return(PEM.Decode(input, PEM.RSAPrivateKey)); }