/// <summary> /// Create a JWT token with specified parameters. Documentation: https://github.com/CommunityHiQ/Frends.Community.JWT.CreateToken /// </summary> /// <param name="parameters">Parameters for the token creation</param> /// <returns>string</returns> public static string CreateJwtToken(CreateJwtTokenParameters parameters) { var handler = new JwtSecurityTokenHandler(); using (var stream = new MemoryStream(Encoding.UTF8.GetBytes(parameters.PrivateKey))) using (var reader = new PemReader(stream)) { var rsaParameters = reader.ReadRsaKey(); var key = new RsaSecurityKey(rsaParameters); var signingCredentials = new SigningCredentials(key, SecurityAlgorithms.RsaSha256); var claims = new ClaimsIdentity(); if (parameters.Claims != null) { foreach (var claim in parameters.Claims) { claims.AddClaim(new Claim(claim.ClaimKey, claim.ClaimValue)); } } // Create JWT var token = handler.CreateJwtSecurityToken(new SecurityTokenDescriptor { Issuer = parameters.Issuer, Audience = parameters.Audience, Expires = parameters.Expires, NotBefore = parameters.NotBefore, Subject = claims, SigningCredentials = signingCredentials, }); return(handler.WriteToken(token)); } }
static async Task Main(string[] args) { IdentityModelEventSource.ShowPII = true; var handler = new HttpClientHandler { ServerCertificateCustomValidationCallback = delegate { return(true); } }; using var authClient = new HttpClient(handler) { BaseAddress = new Uri("https://*****:*****@"C:\Users\canale\.ssh\id_rsa")); _authKey = new RsaSecurityKey(pemReader.ReadRsaKey()); _listener = new HttpListener(); _listener.Prefixes.Add("http://localhost:7002/"); _listener.Start(); var listenerThread = new Thread(ListenProcedure); listenerThread.Start(); Console.ReadLine(); _listener.Close(); }
private RSA GetProveedorRSA() { var rsa = RSA.Create(); if (claveRSA.Equals(new RSAParameters())) { try { using (var ficheroClave = File.OpenRead(fichero)) { using (var pem = new PemReader(ficheroClave)) { claveRSA = pem.ReadRsaKey(); } } } catch (Exception ex) { log.Error($"ERR SERVICIOSEGURIDAD (GetProveedorRSA) - {ex.Message}"); } } rsa.ImportParameters(claveRSA); return(rsa); }
private static void ConfigureJwtBearer(IServiceCollection services, JwtBearerOptions config, IdentityConfig identityConfig) { config.RequireHttpsMetadata = false; config.SaveToken = false; config.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateIssuerSigningKey = true, ValidateLifetime = true, ValidateActor = true, ValidateAudience = true, ValidIssuer = identityConfig.Issuer, ValidAudiences = identityConfig.Audiences.ToArray(), ClockSkew = TimeSpan.Zero, IssuerSigningKeyResolver = (token, securityToken, kid, parameters) => { // todo: I know this .Result is a very bad idea (converting from async to sync) // however there's no other way to do this, signing key resolver doesn't have a // async version of this method, they are looking into it though // https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/468 var key = services.BuildServiceProvider().GetRequiredService <IKeyResolver>() .ResolveKey(kid).Result; var pemReader = new PemReader(new MemoryStream(Encoding.UTF8.GetBytes(key))); var publicKeyParameters = pemReader.ReadRsaKey(); return(new[] { new RsaSecurityKey(publicKeyParameters) }); } }; }
private void GetP() { System.IO.Stream stream = null; using (var reader = new PemReader(stream)) { var rsaParameters = reader.ReadRsaKey(); } }
public static RSAParameters ReadRSA(string name) { using (var stream = ReadStream(name)) { using (var reader = new PemReader(stream)) { return(reader.ReadRsaKey()); } } }
public void LoadRSA(bool privateKey) { using (var fs = File.OpenRead(privateKey ? _privateFileName : _publicFileName)) { using (var pem = new PemReader(fs)) _rsa = RSA.Create(pem.ReadRsaKey()); } }
/// <summary> /// Export the private key to a PEM format string /// </summary> /// <param name="pem">the RSA key</param> /// <returns>the RSA key</returns> public static RSAParameters ReadAsRSAKey(this string pem) { var key = default(RSAParameters); using (var stream = new MemoryStream(Encoding.UTF8.GetBytes(pem))) using (var reader = new PemReader(stream)) { key = reader.ReadRsaKey(); } return(key); }
public static RSAParameters GetParameters() { HttpWebRequest request = HttpWebRequest.CreateHttp(SERVER_PUBLIC_KEY_URL); request.Method = WebRequestMethods.Http.Get; using (Stream str = request.GetResponse().GetResponseStream()) using (PemReader reader = new PemReader(str)) return(reader.ReadRsaKey()); }
public void ReadRsaKey_PrivateKey_WithLinuxLineEndings() { var pem = "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIEpAIBAAKCAQEAzw2rOycv+DqPhxJ/XZDsALH0WIn/Yyk97TGKhYME6CuybqlJ\n" + "BVTbpd2th2Fw/bDTwIHXr2wYJubX9b4G0gfVIwemq1rZyyJu2SxoOEK4BQg5s8po\n" + "Qh0Uq5KadP5DVvxk0AkIUySBCvNU+AHxRFJtJ6UZTjtUVYv2Yie+3YWhN3uDZ5ki\n" + "mjB7VSZqgdgnMpfx8kDTtGFHpA1oQNt71z3nyXPRTxZXGlYZlgGNEmv+cd3wYuuQ\n" + "0LnqZf3thXZfXYd0ASWhfdq0BxGT8WbThk8y6y9/aHsEtaf4QSpc8idVXPu0BwR8\n" + "P4p5lGzY11a5YERPOCl5BiaHYPgUJxzPnkFipwIDAQABAoIBAA26MUUNtw91CnkB\n" + "D/KrHgp5weJw276+SD3GkBGD+zpNU1ok3RN+acWYad3U5wHazF8x/JPDzeIeYekH\n" + "/TnFjSryYelwb4oZMVIysIIyYjLrNbAm1jyz4t/xK05gYSSOPTzRrHyeqfOI6HQ8\n" + "5LsL3/LF7mSSaGf3jJE7Y1sadfLQneSUhLMjDksl+o914P/WrV/LGcZ7O6noZ3Vg\n" + "e8zPGlPciPVOBqHqtWzxyTxbtycIUPW7GKbZjaWMwRwLnI5U+hcoGQgHsRUUJMcw\n" + "iGubcScdlOHCnorxM79sgjnko4RD+DUZGU/if/oNRS6dhIvaWCIrt+4lHhpHhZGI\n" + "d16tLCECgYEA+uOWmE91jbACXylQ+GSAchUfAmeqtf2e23TlXzScleEay/elSbf6\n" + "/HgUhUiUXCa2r+3d6kbEhoKy4Hed1Jm19rYBBIMSLZR0R3Il987x6WAnx+xrkfSW\n" + "I3Z8fHJoCtTfS/hXA+W/Snr0WlFUMgwaEZzd3FEIU62ZizKgjO1c67ECgYEA00V5\n" + "L2a7FGa684RWXxNmFX0ROmAn3Dt9urT8lRsfsRARF52dPqSthS/iLchBIGTBUtZD\n" + "5EnX5ttu88o5XkjxOLRrPsMBBW4fk1stUgQVifeDrlUG4yMf7lNLrkbmJy+0cl0y\n" + "me9l+HMhOPKdLfyebadSy1HlkR8nKSaQW3y3wdcCgYEA8vIL1DWtmaSEx22U0NNR\n" + "Zid5vbRxJIYRnGVX75dcwe4XKsgGMJqN2ojVJjOgJpP+d+IY8FHS4IYTfTWXilXG\n" + "VL7twVbC9Yw6BS1OAudMbjcEjp4rlEyKTpDf/woyIbr89+3lJQsG77KciBEVPNln\n" + "LQL/++Yj8BO9CYPe4FjBkCECgYEAmkKj1YSBHMhVwPDjz8/uPcpwBdunvxqBFw6H\n" + "TqfbYAGHOWMQKWk8eX8Y+qy5QNnQfpeMQufYCOw3+zGw6bMAzpKNq+nemQRrccCl\n" + "OrlYsMBVGbljqf0/l1iibcG+0uX2L3r1M4ilP99wZpBfS/CkDRSbU3Gc2XWRtm4+\n" + "AU7zLUkCgYBFVjQVyvkjNdnpKmFn3NCP5ELDj13dovK/ma75Paw+U9J1+4bIf+0O\n" + "hulF6wVUOJKlef7v7S7q4EM7WrbPXpI/Cqyn7B4Q/C0oWL0VCbceUgtvG6qTy8pd\n" + "AUxk9W0PnYDK7Sw+jv8iN0zNNr1SqZc37YLy2R1eD0R+3+RQHkl63Q==\n" + "-----END RSA PRIVATE KEY-----\n"; // Expected data has been derived from https://superdry.apphb.com/tools/online-rsa-key-converter var expectedModulus = Convert.FromBase64String("zw2rOycv+DqPhxJ/XZDsALH0WIn/Yyk97TGKhYME6CuybqlJBVTbpd2th2Fw/bDTwIHXr2wYJubX9b4G0gfVIwemq1rZyyJu2SxoOEK4BQg5s8poQh0Uq5KadP5DVvxk0AkIUySBCvNU+AHxRFJtJ6UZTjtUVYv2Yie+3YWhN3uDZ5kimjB7VSZqgdgnMpfx8kDTtGFHpA1oQNt71z3nyXPRTxZXGlYZlgGNEmv+cd3wYuuQ0LnqZf3thXZfXYd0ASWhfdq0BxGT8WbThk8y6y9/aHsEtaf4QSpc8idVXPu0BwR8P4p5lGzY11a5YERPOCl5BiaHYPgUJxzPnkFipw=="); var expectedExponent = Convert.FromBase64String("AQAB"); var expectedD = Convert.FromBase64String("DboxRQ23D3UKeQEP8qseCnnB4nDbvr5IPcaQEYP7Ok1TWiTdE35pxZhp3dTnAdrMXzH8k8PN4h5h6Qf9OcWNKvJh6XBvihkxUjKwgjJiMus1sCbWPLPi3/ErTmBhJI49PNGsfJ6p84jodDzkuwvf8sXuZJJoZ/eMkTtjWxp18tCd5JSEsyMOSyX6j3Xg/9atX8sZxns7qehndWB7zM8aU9yI9U4Goeq1bPHJPFu3JwhQ9bsYptmNpYzBHAucjlT6FygZCAexFRQkxzCIa5txJx2U4cKeivEzv2yCOeSjhEP4NRkZT+J/+g1FLp2Ei9pYIiu37iUeGkeFkYh3Xq0sIQ=="); var expectedP = Convert.FromBase64String("+uOWmE91jbACXylQ+GSAchUfAmeqtf2e23TlXzScleEay/elSbf6/HgUhUiUXCa2r+3d6kbEhoKy4Hed1Jm19rYBBIMSLZR0R3Il987x6WAnx+xrkfSWI3Z8fHJoCtTfS/hXA+W/Snr0WlFUMgwaEZzd3FEIU62ZizKgjO1c67E="); var expectedQ = Convert.FromBase64String("00V5L2a7FGa684RWXxNmFX0ROmAn3Dt9urT8lRsfsRARF52dPqSthS/iLchBIGTBUtZD5EnX5ttu88o5XkjxOLRrPsMBBW4fk1stUgQVifeDrlUG4yMf7lNLrkbmJy+0cl0yme9l+HMhOPKdLfyebadSy1HlkR8nKSaQW3y3wdc="); var expectedDP = Convert.FromBase64String("8vIL1DWtmaSEx22U0NNRZid5vbRxJIYRnGVX75dcwe4XKsgGMJqN2ojVJjOgJpP+d+IY8FHS4IYTfTWXilXGVL7twVbC9Yw6BS1OAudMbjcEjp4rlEyKTpDf/woyIbr89+3lJQsG77KciBEVPNlnLQL/++Yj8BO9CYPe4FjBkCE="); var expectedDQ = Convert.FromBase64String("mkKj1YSBHMhVwPDjz8/uPcpwBdunvxqBFw6HTqfbYAGHOWMQKWk8eX8Y+qy5QNnQfpeMQufYCOw3+zGw6bMAzpKNq+nemQRrccClOrlYsMBVGbljqf0/l1iibcG+0uX2L3r1M4ilP99wZpBfS/CkDRSbU3Gc2XWRtm4+AU7zLUk="); var expectedInverseQ = Convert.FromBase64String("RVY0Fcr5IzXZ6SphZ9zQj+RCw49d3aLyv5mu+T2sPlPSdfuGyH/tDobpResFVDiSpXn+7+0u6uBDO1q2z16SPwqsp+weEPwtKFi9FQm3HlILbxuqk8vKXQFMZPVtD52Ayu0sPo7/IjdMzTa9UqmXN+2C8tkdXg9Eft/kUB5Jet0="); using (var stream = new MemoryStream(Encoding.UTF8.GetBytes(pem))) using (var reader = new PemReader(stream)) { var key = reader.ReadRsaKey(); Assert.That(key.Modulus, Is.EqualTo(expectedModulus)); Assert.That(key.Exponent, Is.EqualTo(expectedExponent)); Assert.That(key.D, Is.EqualTo(expectedD)); Assert.That(key.P, Is.EqualTo(expectedP)); Assert.That(key.Q, Is.EqualTo(expectedQ)); Assert.That(key.DP, Is.EqualTo(expectedDP)); Assert.That(key.DQ, Is.EqualTo(expectedDQ)); Assert.That(key.InverseQ, Is.EqualTo(expectedInverseQ)); } }
public byte[] DecryptRsa(string filePath, byte[] data) { RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); using (var stream = File.OpenRead(filePath)) using (var reader = new PemReader(stream)) { var rsaParameters = reader.ReadRsaKey(); rsa.ImportParameters(rsaParameters); } return(rsa.Decrypt(data, false)); }
private static RSA ReadPublicKey(string pemFile) { using (var stream = File.OpenRead(pemFile)) { using (var reader = new PemReader(stream)) { var rsaParameters = reader.ReadRsaKey(); var rsa = RSA.Create(); rsa.ImportParameters(rsaParameters); return(rsa); } } }
/// <summary> /// Read a RSA key from the given PEM file. /// </summary> /// <param name="pemFile">Path to the PEM file.</param> /// <returns>The RSA key read from the PEM file.</returns> /// <exception cref="ArgumentNullException"><paramref name="pemFile"/> is null.</exception> public static RSA ReadRsaKey(string pemFile) { Contract.NotNull(pemFile, nameof(pemFile)); RSAParameters rsaParams; using (var pemReader = new PemReader(File.OpenRead(pemFile))) { rsaParams = pemReader.ReadRsaKey(); } return(RSA.Create(rsaParams)); }
public void Initialize(Stream keyStream, string issuer) { using var reader = new PemReader(keyStream); var key = reader.ReadRsaKey(); var algorithm = new RS256Algorithm(RSA.Create(key), RSA.Create(key)); var serializer = new JsonNetSerializer(); var urlEncoder = new JwtBase64UrlEncoder(); _encoder = new JwtEncoder(algorithm, serializer, urlEncoder); _issuer = issuer; _initialized = true; }
private RSA ReadRSA(string filePath = _rsaPrivateKeyFileName) { _validationHelpers.ThrowIfNull(filePath, nameof(filePath)); RSA rsa = null; string fileDir = Path.Combine(_commonHelpers.DefaultFileProvider.BaseDirectory, filePath); if ((SingletonDictionary <string, RSA> .Instance).ContainsKey(filePath)) { rsa = (SingletonDictionary <string, RSA> .Instance)[filePath]; } else { if (_commonHelpers.DefaultFileProvider.FileExists(fileDir)) { using (var stream = File.OpenRead(fileDir)) { using (var reader = new PemReader(stream)) { var rsaParameters = reader.ReadRsaKey(); rsa = RSA.Create(rsaParameters); } } (SingletonDictionary <string, RSA> .Instance).Add(filePath, rsa); } else { rsa = RSA.Create(); (SingletonDictionary <string, RSA> .Instance).Add(filePath, rsa); using (var stream = File.OpenWrite(fileDir)) { using (var writer = new PemWriter(stream)) { writer.WritePrivateKey(rsa); } } using (var stream = File.OpenWrite(Path.Combine(_commonHelpers.DefaultFileProvider.GetParentDirectory(fileDir), _rsaPublicKeyFileName))) { using (var writer = new PemWriter(stream)) { writer.WritePublicKey(rsa); } } } } return(rsa); }
public async Task ReadKeyFromPemFile() { try { _logger.LogInformation($"PEM Approach."); var kvUri = "https://devkvpmtengineshared.vault.azure.net/keys/encryption-key/dc190f1de6604bdab494f50d0ce98bb7"; var azureServiceTokenProvider = new AzureServiceTokenProvider(); var kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); RSAParameters rsaParameter; var stream = new MemoryStream(); var writer = new StreamWriter(stream); var s = GetPEMString(); writer.Write(s.ToString()); writer.Flush(); stream.Position = 0; using (var reader = new PemReader(stream)) { rsaParameter = reader.ReadRsaKey(); } var plainTextData = "Hello World"; _logger.LogInformation($"PEM Encrypting data using RSA parameters."); var provider = new RSACryptoServiceProvider(); provider.ImportParameters(rsaParameter); var bytesPlainTextData = System.Text.Encoding.Unicode.GetBytes(plainTextData); var edata = provider.Encrypt(bytesPlainTextData, true); _logger.LogInformation($"PEM Decrpyting....... {edata.Length}"); var decryptedData = await kvClient.DecryptAsync(kvUri, JsonWebKeyEncryptionAlgorithm.RSAOAEP, edata); var decryptedText = Encoding.Unicode.GetString(decryptedData.Result); _logger.LogInformation($"PEM Decrpyted data:{decryptedText}"); _logger.LogInformation("PEM Done!"); } catch (Exception ex) { _logger.LogInformation(ex.Message); } }
private static TokenValidationParameters CreateTokenValidationParameters(ISignatureKeyResolver keyResolver, KeyStoreConfig keyStoreConfig) { if (keyStoreConfig.Bypass) { Log.Fatal("!!!!!! Bypassing security signature, THIS CANNOT RUN ON PRODUCTION"); // This allows us to reproduce production scenarios and step into the code using a legit JWT without // exposing the key service publicly return(new TokenValidationParameters { ValidateIssuer = false, ValidIssuer = "GenericCompany", ValidateAudience = false, ValidAudiences = new [] { "GenericCompany" }, ValidateIssuerSigningKey = false, SignatureValidator = (token, parameters) => new JwtSecurityToken(token), RequireExpirationTime = true, ValidateLifetime = true, ClockSkew = TimeSpan.Zero, RequireSignedTokens = false }); } return(new TokenValidationParameters { ValidateIssuer = true, ValidateIssuerSigningKey = true, ValidateLifetime = true, ValidateActor = true, ValidateAudience = true, ValidIssuer = "GenericCompany", ValidAudiences = new[] { "GenericCompany" }, ClockSkew = TimeSpan.Zero, IssuerSigningKeyResolver = (token, securityToken, kid, parameters) => { // todo: I know this .Result is a very bad idea (converting from async to sync) // however there's no other way to do this, signing key resolver doesn't have a // async version of this method, they are looking into it though // https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/468 var key = keyResolver.ResolveKey(kid).Result; var pemReader = new PemReader(new MemoryStream(Encoding.UTF8.GetBytes(key))); var publicKeyParameters = pemReader.ReadRsaKey(); return new[] { new RsaSecurityKey(publicKeyParameters) }; } }); }
static Crypto() { if (!File.Exists("Private Key.pem")) { Console.WriteLine("No \"Private Key.pem\" file not found. Press any key to exit."); Console.ReadKey(true); Environment.Exit(-1); } using (var fs = new FileStream("Private Key.pem", FileMode.Open)) { using (var reader = new PemReader(fs)) { _rsaService = new RSACryptoServiceProvider(); _rsaService.ImportParameters(reader.ReadRsaKey()); } } }
/// <summary> /// Importa chave de arquivos PEM /// </summary> /// <param name="filePath">Caminho do arquivo</param> /// <returns>Instância de <see cref="RSACryptoServiceProvider"/></returns> RSACryptoServiceProvider ImportFromPEM(string filePath = null) { if (string.IsNullOrEmpty(filePath)) { filePath = Path.Combine(_pathBase, "key-private.pem"); } var rsa = new RSACryptoServiceProvider(); using (var stream = File.OpenRead(filePath)) using (var reader = new PemReader(stream)) { var rsaParameters = reader.ReadRsaKey(); rsa.ImportParameters(rsaParameters); } return(rsa); }
public static RSAParameters ParamsFromPem(string filePath) { try { using (var stream = File.OpenRead(filePath)) using (var reader = new PemReader(stream)) { var rsaParameters = reader.ReadRsaKey(); return(rsaParameters); } } catch (Exception ex) { UiMessages.Error(ex.ToString()); } //default return(new RSAParameters()); }
public static RSAParameters GetPem(string pemKey) { RSAParameters key; using (MemoryStream memoryStream = new MemoryStream()) { using (StreamWriter streamWriter = new StreamWriter(memoryStream)) { streamWriter.Write(pemKey); streamWriter.Flush(); memoryStream.Position = 0; using (PemReader reader = new PemReader(memoryStream)) { key = reader.ReadRsaKey(); } } } return(key); }
//[Obsolete] public RSA GetRSACryptoProvider(string version, bool isPulicKey) { var rsa = RSA.Create(); try { var directory = Path.Combine(_env.ContentRootPath, _configuration.GetSection("RSA:KeyLocation").Value, version, isPulicKey? @"publickey.pem": @"privatekey.pem"); using (var privateKey = File.OpenRead(directory)) { using (var pem = new PemReader(privateKey)) { var rsaParameters = pem.ReadRsaKey(); rsa.ImportParameters(rsaParameters); } } return(rsa); } catch (Exception ex) { Console.WriteLine($"Exception in GetRSACryptoProvider(): {ex}"); return(null); } }
private static void ConfigureJwtBearer(IServiceCollection services, JwtBearerOptions options, Config config) { options.RequireHttpsMetadata = false; options.SaveToken = false; options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = config.ValidateIssuer, ValidateIssuerSigningKey = config.ValidateIssuerSigningKey, ValidateLifetime = config.ValidateLifetime, ValidateActor = config.ValidateActor, ValidateAudience = config.ValidateAudience, ValidIssuer = config.ValidIssuer, ValidAudiences = config.ValidAudiences, ClockSkew = config.ClockSkew, IssuerSigningKeyResolver = (token, secToken, kid, parameters) => { var key = services.BuildServiceProvider().GetRequiredService <IKeyResolver>() .ResolveKey(kid).Result; var pemReader = new PemReader(new MemoryStream(System.Text.Encoding.UTF8.GetBytes(key))); var publicKeyParameters = pemReader.ReadRsaKey(); return(new [] { new RsaSecurityKey(publicKeyParameters) }); } }; }
public void ReadRsaKey_PublicKey_WithWindowsLineEndings() { var pem = "-----BEGIN PUBLIC KEY-----\r\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiLoIxmXaZAFRBKtHYZh\r\n" + "iF8m+pYR+xGIpupvsdDEvKO92D6fIccgVLIW6p6sSNkoXx5J6KDSMbA/chy5M6pR\r\n" + "vJkaCXCI4zlCPMYvPhI8OxN3RYPfdQTLpgPywrlfdn2CAum7o4D8nR4NJacB3NfP\r\n" + "nS9tsJ2L3p5iHviuTB4xm03IKmPPqsaJy+nXUFC1XS9E/PseVHRuNvKa7WmlwSZn\r\n" + "gQzKAVSIwqpgCc+oP1pKEeJ0M3LHFo8ao5SuzhfXUIGrPnkUKEE3m7B0b8xXZfP1\r\n" + "N6ELoonWDK+RMgYIBaZdgBhPfHxF8KfTHvSzcUzWZojuR+ynaFL9AJK+8RiXnB4C\r\n" + "JwIDAQAB\r\n" + "-----END PUBLIC KEY-----\r\n"; using (var stream = new MemoryStream(Encoding.UTF8.GetBytes(pem))) using (var reader = new PemReader(stream)) { var key = reader.ReadRsaKey(); var modulus = Convert.FromBase64String("siLoIxmXaZAFRBKtHYZhiF8m+pYR+xGIpupvsdDEvKO92D6fIccgVLIW6p6sSNkoXx5J6KDSMbA/chy5M6pRvJkaCXCI4zlCPMYvPhI8OxN3RYPfdQTLpgPywrlfdn2CAum7o4D8nR4NJacB3NfPnS9tsJ2L3p5iHviuTB4xm03IKmPPqsaJy+nXUFC1XS9E/PseVHRuNvKa7WmlwSZngQzKAVSIwqpgCc+oP1pKEeJ0M3LHFo8ao5SuzhfXUIGrPnkUKEE3m7B0b8xXZfP1N6ELoonWDK+RMgYIBaZdgBhPfHxF8KfTHvSzcUzWZojuR+ynaFL9AJK+8RiXnB4CJw=="); Assert.That(key.Modulus, Is.EquivalentTo(modulus)); var exponent = Convert.FromBase64String("AQAB"); Assert.That(key.Exponent, Is.EquivalentTo(exponent)); } }
public async Task <int> Run(SignOptions options, string httpMessage) { ISignatureAlgorithm signatureAlgorithm; if (string.IsNullOrEmpty(options.KeyType) || options.KeyType.Equals("RSA", StringComparison.OrdinalIgnoreCase)) { RSAParameters rsaPrivateKey; using (var stream = File.OpenRead(options.PrivateKey)) { using (var reader = new PemReader(stream)) { rsaPrivateKey = reader.ReadRsaKey(); } } signatureAlgorithm = RSASignatureAlgorithm.CreateForSigning(HashAlgorithmName.SHA512, rsaPrivateKey); } else if (options.KeyType.Equals("P256", StringComparison.OrdinalIgnoreCase) || options.KeyType.Equals("ECDSA", StringComparison.OrdinalIgnoreCase)) { ECParameters ecPrivateKey; using (var stream = File.OpenRead(options.PrivateKey)) { using (var reader = new StreamReader(stream)) { var fileContents = reader.ReadToEnd(); var lines = fileContents.Split(new[] { '\n', '\r' }, StringSplitOptions.RemoveEmptyEntries); lines = lines.Skip(1).Take(lines.Length - 2).ToArray(); var pem = string.Join("", lines); var ecdsa = ECDsa.Create(); var derArray = Convert.FromBase64String(pem); ecdsa.ImportPkcs8PrivateKey(derArray, out _); ecPrivateKey = ecdsa.ExportParameters(true); } } signatureAlgorithm = ECDsaSignatureAlgorithm.CreateForSigning(HashAlgorithmName.SHA512, ecPrivateKey); } else if (options.KeyType.Equals("HMAC", StringComparison.OrdinalIgnoreCase)) { signatureAlgorithm = SignatureAlgorithm.CreateForSigning(options.PrivateKey, HashAlgorithmName.SHA512); } else { throw new NotSupportedException("The specified key type is not supported."); } if (!string.IsNullOrEmpty(options.Algorithm) && !options.Algorithm.StartsWith("rsa", StringComparison.OrdinalIgnoreCase) && !options.Algorithm.StartsWith("hmac", StringComparison.OrdinalIgnoreCase) && !options.Algorithm.StartsWith("ecdsa", StringComparison.OrdinalIgnoreCase)) { signatureAlgorithm = new CustomSignatureAlgorithm(options.Algorithm); } var signingSettings = new SigningSettings { SignatureAlgorithm = signatureAlgorithm, EnableNonce = false, DigestHashAlgorithm = HashAlgorithmName.SHA256, AutomaticallyAddRecommendedHeaders = false, Headers = options.Headers ?.Split(new[] { ' ', ',' }, StringSplitOptions.RemoveEmptyEntries) .Select(h => new HeaderName(h)) .ToArray() }; var signer = _requestSignerFactory.Create( new KeyId("test"), signingSettings); var request = HttpRequestMessageParser.Parse(httpMessage); var created = DateTimeOffset.UtcNow; if (!string.IsNullOrEmpty(options.Created)) { var createdUnix = int.Parse(options.Created); created = DateTimeOffset.FromUnixTimeSeconds(createdUnix); } var expires = signingSettings.Expires; if (!string.IsNullOrEmpty(options.Expires)) { var expiresUnix = int.Parse(options.Expires); var expiresAbsolute = DateTimeOffset.FromUnixTimeSeconds(expiresUnix); expires = expiresAbsolute - created; } await signer.Sign(request, created, expires); var httpMessageLines = new List <string>(httpMessage.Split('\n').Select(l => l.Trim())); httpMessageLines.Insert(1, "Authorization: " + request.Headers.Authorization.Scheme + " " + request.Headers.Authorization.Parameter); var fullMessage = string.Join('\n', httpMessageLines); Log.Information(fullMessage); Console.Out.Flush(); return(0); }
public async Task <int> Run(VerifyOptions options, string httpMessage) { ISignatureAlgorithm signatureAlgorithmForVerification; if (string.IsNullOrEmpty(options.KeyType) || options.KeyType.Equals("RSA", StringComparison.OrdinalIgnoreCase)) { RSAParameters rsaPublicKey; using (var stream = File.OpenRead(options.PublicKey)) { using (var reader = new PemReader(stream)) { rsaPublicKey = reader.ReadRsaKey(); } } signatureAlgorithmForVerification = RSASignatureAlgorithm.CreateForVerification(HashAlgorithmName.SHA512, rsaPublicKey); } else if (options.KeyType.Equals("P256", StringComparison.OrdinalIgnoreCase) || options.KeyType.Equals("ECDSA", StringComparison.OrdinalIgnoreCase)) { ECParameters ecPublicKey; using (var stream = File.OpenRead(options.PublicKey)) { using (var reader = new StreamReader(stream)) { var fileContents = reader.ReadToEnd(); var lines = fileContents.Split(new[] { '\n', '\r' }, StringSplitOptions.RemoveEmptyEntries); lines = lines.Skip(1).Take(lines.Length - 2).ToArray(); var pem = string.Join("", lines); var ecdsa = ECDsa.Create(); var derArray = Convert.FromBase64String(pem); ecdsa.ImportSubjectPublicKeyInfo(derArray, out _); ecPublicKey = ecdsa.ExportParameters(false); } } signatureAlgorithmForVerification = ECDsaSignatureAlgorithm.CreateForVerification(HashAlgorithmName.SHA512, ecPublicKey); } else if (options.KeyType.Equals("HMAC", StringComparison.OrdinalIgnoreCase)) { signatureAlgorithmForVerification = SignatureAlgorithm.CreateForVerification(options.PublicKey, HashAlgorithmName.SHA512); } else { throw new NotSupportedException("The specified key type is not supported."); } var serviceProvider = new ServiceCollection() .AddHttpMessageSignatureVerification(provider => { var clientStore = new InMemoryClientStore(); clientStore.Register(new Client( new KeyId("test"), "ConformanceClient", signatureAlgorithmForVerification, TimeSpan.FromSeconds(30), TimeSpan.FromMinutes(1))); return(clientStore); }) .BuildServiceProvider(); var verifier = serviceProvider.GetRequiredService <IRequestSignatureVerifier>(); var clientRequest = HttpRequestMessageParser.Parse(httpMessage); var requestToVerify = await clientRequest.ToServerSideHttpRequest(); var verificationResult = await verifier.VerifySignature(requestToVerify, new SignedRequestAuthenticationOptions { OnSignatureParsed = (request, signature) => { if (!string.IsNullOrEmpty(options.Algorithm)) { signature.Algorithm = options.Algorithm; } return(Task.CompletedTask); } }); return(verificationResult is RequestSignatureVerificationResultSuccess ? 0 : 1); }