public void TestImport()
{
PrivateKeyManager pkm = new PrivateKeyManager();
bool loaded = pkm.FromBase64(base64string);
True(loaded, pkm);
}
public virtual void SetUp()
{
cert = new CertificateX509();
key = new PrivateKeyManager();
options = new JWTOptions();
claims = new PrivateClaims();
du = new DateUtil();
jwt = new JWTCreator();
cert.Load(BASE_PATH + "dummycerts\\RSA_sha256_1024\\sha256_cert.crt");
options.SetCertificate(cert);
key.Load(BASE_PATH + "dummycerts\\RSA_sha256_1024\\sha256d_key.pem");
options.SetPrivateKey(key);
//
// carga de privateClaim (es parte del Payload)
claims.setClaim("GeneXus", "Viglia");
// Carga de Registered Claims
options.AddRegisteredClaim("iss", "Martin");
options.AddRegisteredClaim("sub", "Martin1");
options.AddRegisteredClaim("aud", "martivigliadoocebbooyo.docebosaas.com");
options.AddCustomTimeValidationClaim("iat", du.GetCurrentDate(), "20");
options.AddCustomTimeValidationClaim("exp", du.CurrentPlusSeconds(3600), "20");
options.AddPublicClaim("client_id", "Martin");
token = jwt.DoCreate("RS256", claims, options);
expected = "{\"alg\":\"RS256\",\"typ\":\"JWT\"}";
}
private string doSignPKCS12(string xmlInput, PrivateKeyManager key, CertificateX509 certificate, string dSigType, string canonicalizationType, string keyInfoType, string xmlSchemaPath)
{
if (TransformsWrapperUtils.getTransformsWrapper(dSigType, this.error) != TransformsWrapper.ENVELOPED)
{
error.setError("DS019", "Not implemented DSigType");
return("");
}
if (!certificate.Inicialized)
{
this.error.setError("DS0220", "Certificate not loaded");
return("");
}
if (SecurityUtils.compareStrings(certificate.getPublicKeyAlgorithm(), "ECDSA"))
{
this.error.setError("DS004", "XML signature with ECDSA keys is not implemented on Net Framework");
return("");
}
XmlDocument xmlDoc = SignatureUtils.documentFromString(xmlInput, xmlSchemaPath, this.error);
if (this.HasError())
{
return("");
}
return(Sign(xmlDoc, key, certificate, dSigType, canonicalizationType, keyInfoType, "", ""));
}
private void bulkTest(PrivateKeyManager privateKey, CertificateX509 cert, string hashAlgorithm)
{
string enc = Global.GLOBAL_ENCODING;
if (SecurityUtils.compareStrings(enc, "UTF_32") || SecurityUtils.compareStrings(enc, "UTF_32BE") ||
SecurityUtils.compareStrings(enc, "UTF_32LE"))
{
plainText = eu.getString(eu.getBytes(plainText32));
}
else
{
plainText = eu.getString(eu.getBytes(plainText16));
}
for (int p = 0; p < arrayPaddings.Length; p++)
{
AsymmetricCipher asymCipher = new AsymmetricCipher();
// AsymmetricCipher asymCipherD = new AsymmetricCipher();
string encrypted1 = asymCipher.DoEncrypt_WithPrivateKey(hashAlgorithm, arrayPaddings[p], privateKey,
plainText);
string decrypted1 = asymCipher.DoDecrypt_WithPublicKey(hashAlgorithm, arrayPaddings[p], cert, encrypted1);
Assert.AreEqual(decrypted1, plainText);
True(SecurityUtils.compareStrings(decrypted1, plainText), asymCipher);
string encrypted2 = asymCipher.DoEncrypt_WithPublicKey(hashAlgorithm, arrayPaddings[p], cert, plainText);
string decrypted2 = asymCipher.DoDecrypt_WithPrivateKey(hashAlgorithm, arrayPaddings[p], privateKey,
encrypted2);
Assert.IsTrue(SecurityUtils.compareStrings(decrypted2, plainText));
True(SecurityUtils.compareStrings(decrypted2, plainText), asymCipher);
}
}
public virtual void SetUp()
{
options1 = new JWTOptions();
options2 = new JWTOptions();
jwt = new JWTCreator();
claims = new PrivateClaims();
claims.setClaim("hola1", "hola1");
path_RSA_sha256_1024 = Path.Combine(BASE_PATH, "dummycerts", "RSA_sha256_1024");
String pathKey = Path.Combine(path_RSA_sha256_1024, "sha256d_key.pem");
String pathCert = Path.Combine(path_RSA_sha256_1024, "sha256_cert.crt");
PrivateKeyManager key = new PrivateKeyManager();
CertificateX509 cert = new CertificateX509();
key.Load(pathKey);
cert.Load(pathCert);
options1.SetCertificate(cert);
options1.SetPrivateKey(key);
options1.AddRegisteredClaim("iss", "GXSA");
options1.AddRegisteredClaim("sub", "subject1");
options1.AddRegisteredClaim("aud", "audience1");
options2.AddRegisteredClaim("iss", "GXSA");
options2.AddRegisteredClaim("sub", "subject1");
options2.AddRegisteredClaim("aud", "audience1");
options2.SetCertificate(cert);
token = jwt.DoCreate("RS256", claims, options1);
}
public void TestWrongBase64()
{
PrivateKeyManager pkm = new PrivateKeyManager();
pkm.FromBase64(base64Wrong);
Assert.IsTrue(pkm.HasError());
}
public String DoSignFile(PrivateKeyManager key, string hashAlgorithm, string path)
{
/******** INPUT VERIFICATION - BEGIN ********/
if (key == null)
{
error.setError("AE005", "Private key cannot be null");
return("");
}
if (hashAlgorithm == null || hashAlgorithm.Length == 0 || SecurityUtils.compareStrings("", hashAlgorithm))
{
error.setError("AE006", "HashAlgorithm cannot be empty value; use HashAlgorithm domain");
return("");
}
if (path == null || path.Length == 0 || SecurityUtils.compareStrings("", path))
{
error.setError("AE007", "The path value of the file to sign cannot be empty");
return("");
}
/******** INPUT VERIFICATION - END ********/
string result = "";
using (Stream input = SecurityUtils.getFileStream(path, this.error))
{
if (this.HasError())
{
return("");
}
result = Sign(key, hashAlgorithm, input);
}
return(result);
}
private void bulkTest_shouldntWork(PrivateKeyManager key, CertificateX509 cert, string alg, string curve)
{
options.SetPrivateKey(key);
options.SetCertificate(cert);
string token = jwt.DoCreate(alg, claims, options);
Assert.IsTrue(jwt.HasError());
}
private void runTestWithEncoding(PrivateKeyManager key, CertificateX509 cert, string hash)
{
for (int i = 0; i < encodings.Length; i++)
{
eu.setEncoding(encodings[i]);
bulkTest(key, cert, hash);
}
}
private static void ImportPrivateCert(string sPrivateCertPath, string sFilePassword, string m_sThumb, bool m_bIsExportable)
{
Hashtable hs = new Hashtable();
if (m_sIdentityUser == null)
{
ManagementObjectSearcher m_mgMISearcher = new ManagementObjectSearcher(new WqlObjectQuery("SELECT * FROM MSBTS_HostSetting"));
m_mgMISearcher.Scope = new ManagementScope("root\\MicrosoftBizTalkServer");
m_mgMISearcher.Options.ReturnImmediately = true;
ManagementBaseObject[] m_moHostInstances = new ManagementBaseObject[m_mgMISearcher.Get().Count];
m_mgMISearcher.Get().CopyTo(m_moHostInstances, 0);
foreach (ManagementObject oHost in m_moHostInstances)
{
try
{
hs.Add(oHost.GetPropertyValue("LastUsedLogon").ToString().ToUpper(CultureInfo.InvariantCulture), null);
}
catch { }
}
}
else
{
hs.Add(m_sIdentityUser, m_sIdentityPassword);
}
foreach (string sUser in hs.Keys)
{
string sPassword = null;
if (hs[sUser] == null)
{
Console.Write("\r\nEnter password for identity " + sUser + ": ");
sPassword = PwdConsole.ReadLine(); //Console.ReadLine();
}
else
{
sPassword = hs[sUser].ToString();
}
try
{
PrivateKeyManager.ImpersonateUser(sUser, sPassword);
PrivateKeyManager.Import(sPrivateCertPath,
sFilePassword,
m_sThumb,
PrivateKeyManager.CertificateStores.CERT_SYSTEM_STORE_CURRENT_USER, "MY", m_bIsExportable);
Console.WriteLine("Completed importing private certificate to user identity " + sUser + ".");
PrivateKeyManager.UndoImpersonation();
}
catch
{
Console.WriteLine("Failed importing private key to user [" + sUser + "].\n\rCheck that you have entered a valid password.");
}
}
}
private static string PromptForCertificate(string m_sCertFile, string m_sFilePassword, KeyType m_KeyType)
{
Hashtable hCertificates = null;
Hashtable hEnumHash = new Hashtable();
if (m_KeyType == KeyType.PRIVATE)
{
hCertificates = PrivateKeyManager.EnumerateCerts(m_sCertFile, m_sFilePassword);
}
else if (m_KeyType == KeyType.ROOT || m_KeyType == KeyType.PUBLIC || m_KeyType == KeyType.INTER)
{
hCertificates = PrivateKeyManager.EnumeratePublicCerts(m_sCertFile);
}
if (hCertificates.Keys.Count == 1)
{
Console.WriteLine("The available certificate is:\r\n");
}
else
{
Console.WriteLine("Select the certificate to import from the list below:\r\n");
}
int iCounter = 1;
foreach (string sHashID in hCertificates.Keys)
{
Console.WriteLine(iCounter + "- " + hCertificates[sHashID].ToString() + "\r\nThumbprint: " + sHashID + "\r\n");
hEnumHash.Add(iCounter++, sHashID);
}
int iChoice = 1;
if (hCertificates.Keys.Count > 1)
{
Console.Write("\r\nEnter certificate number 1-" + (iCounter - 1) + " (default 1): ");
string sChoice = Console.ReadLine();
if (string.IsNullOrEmpty(sChoice))
{
sChoice = "1";
}
try
{
iChoice = System.Convert.ToInt16(sChoice, CultureInfo.InvariantCulture);
}
catch
{
iChoice = 1;
}
if (iChoice < 1 || iChoice > iCounter - 1)
{
iChoice = 1;
}
}
return(hEnumHash[iChoice].ToString());
}
private void bulkTestFile(PrivateKeyManager key, CertificateX509 cert, string hashAlgorithm)
{
AsymmetricSigner asymSig = new AsymmetricSigner();
string signature = asymSig.DoSign(key, hashAlgorithm, pathFile);
bool result = asymSig.DoVerify(cert, pathFile, signature);
Assert.IsTrue(result);
True(result, asymSig);
}
public virtual void SetUp()
{
path_RSA_sha1_1024 = Path.Combine(BASE_PATH, "dummycerts", "RSA_sha1_1024");
plainText = "Lorem ipsum";
pathKey = Path.Combine(path_RSA_sha1_1024, "sha1d_key.pem");
pathCert = Path.Combine(path_RSA_sha1_1024, "sha1_cert.crt");
key = new PrivateKeyManager();
cert = new CertificateX509();
asymCipher = new AsymmetricCipher();
}
/*[Test]
* public void Test_sha256_EC()
* {
* string pathKey = Path.Combine(path_EC, "key.pem");
* string pathCert = Path.Combine(path_EC, "cert_sha256.pem");
* PrivateKeyManager key = new PrivateKeyManager();
* CertificateX509 cert = new CertificateX509();
* key.Load(pathKey);
* cert.Load(pathCert);
* string alg = "ES256";
* bulkTest(key, cert, alg);
* }
*
* [Test]
* public void Test_sha384_EC()
* {
* string pathKey = Path.Combine(path_EC, "key.pem");
* string pathCert = Path.Combine(path_EC, "cert_sha384.pem");
* PrivateKeyManager key = new PrivateKeyManager();
* CertificateX509 cert = new CertificateX509();
* key.Load(pathKey);
* cert.Load(pathCert);
* string alg = "ES384";
* bulkTest(key, cert, alg);
* }
*
* [Test]
* public void Test_sha512_EC()
* {
* string pathKey = Path.Combine(path_EC, "key.pem");
* string pathCert = Path.Combine(path_EC, "cert_sha512.pem");
* PrivateKeyManager key = new PrivateKeyManager();
* CertificateX509 cert = new CertificateX509();
* key.Load(pathKey);
* cert.Load(pathCert);
* string alg = "ES512";
* bulkTest(key, cert, alg);
* }*/
private void bulkTest(PrivateKeyManager key, CertificateX509 cert, string alg)
{
options.SetPrivateKey(key);
options.SetCertificate(cert);
string token = jwt.DoCreate(alg, claims, options);
Assert.IsFalse(jwt.HasError());
//bool verification = jwt.DoVerify(token, alg, claims, options);
//True(verification, jwt);
}
private void runTestWithEncoding(PrivateKeyManager key, CertificateX509 cert, string hash)
{
//{ "UTF_8", "UTF_16", "UTF_16BE", "UTF_16LE", "UTF_32", "UTF_32BE", "UTF_32LE", "SJIS",
//"GB2312" };
for (int i = 0; i < encodings.Length; i++)
{
eu.setEncoding(encodings[i]);
bulkTest(key, cert, hash);
}
}
public void TestExport()
{
PrivateKeyManager pkm = new PrivateKeyManager();
pkm.Load(path);
string base64res = pkm.ToBase64();
Assert.IsTrue(SecurityUtils.compareStrings(base64res, base64string));
Assert.IsFalse(pkm.HasError());
}
public void Test_ecdsa_sha256_PEM()
{
string pathKey = Path.Combine(path_ecdsa_sha256, "sha256_key.pem");
string pathCert = Path.Combine(path_ecdsa_sha256, "sha256_cert.pem");
PrivateKeyManager key = new PrivateKeyManager();
key.Load(pathKey);
CertificateX509 cert = new CertificateX509();
cert.Load(pathCert);
runTestWithEncoding(key, cert, "SHA256");
}
public void Test_sha256_1024_DER()
{
string pathKey = Path.Combine(path_RSA_sha256_1024, "sha256d_key.pem");
string pathCert = Path.Combine(path_RSA_sha256_1024, "sha256_cert.crt");
PrivateKeyManager key = new PrivateKeyManager();
key.Load(pathKey);
CertificateX509 cert = new CertificateX509();
cert.Load(pathCert);
runTestWithEncoding(key, cert, "SHA256");
}
public void Test_sha512_2048_PEM_Encrypted()
{
string pathKey = Path.Combine(path_RSA_sha512_2048, "sha512_key.pem");
string pathCert = Path.Combine(path_RSA_sha512_2048, "sha512_cert.pem");
PrivateKeyManager key = new PrivateKeyManager();
key.LoadEncrypted(pathKey, password);
CertificateX509 cert = new CertificateX509();
cert.Load(pathCert);
runTestWithEncoding(key, cert, "SHA512");
}
public void Test_sha1_1024_PKCS12()
{
string pathKey = Path.Combine(path_RSA_sha1_1024, "sha1_cert.p12");
string pathCert = Path.Combine(path_RSA_sha1_1024, "sha1_cert.p12");
PrivateKeyManager key = new PrivateKeyManager();
key.LoadPKCS12(pathKey, alias, password);
CertificateX509 cert = new CertificateX509();
cert.LoadPKCS12(pathCert, alias, password);
runTestWithEncoding(key, cert, "SHA1");
}
public void Test_base64()
{
string base64stringCert = "MIIC/DCCAmWgAwIBAgIJAPmCVmfcc0IXMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYDVQQGEwJVWTETMBEGA1UECAwKTW9udGV2aWRlbzETMBEGA1UEBwwKTW9udGV2aWRlbzEQMA4GA1UECgwHR2VuZVh1czERMA8GA1UECwwIU2VjdXJpdHkxEjAQBgNVBAMMCXNncmFtcG9uZTEkMCIGCSqGSIb3DQEJARYVc2dyYW1wb25lQGdlbmV4dXMuY29tMB4XDTIwMDcwODE4NDkxNVoXDTI1MDcwNzE4NDkxNVowgZYxCzAJBgNVBAYTAlVZMRMwEQYDVQQIDApNb250ZXZpZGVvMRMwEQYDVQQHDApNb250ZXZpZGVvMRAwDgYDVQQKDAdHZW5lWHVzMREwDwYDVQQLDAhTZWN1cml0eTESMBAGA1UEAwwJc2dyYW1wb25lMSQwIgYJKoZIhvcNAQkBFhVzZ3JhbXBvbmVAZ2VuZXh1cy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMZ8m4ftIhfrdugi5kEszRZr5IRuqGDLTex+CfVnhnBYXyQgJXeCI0eyRYUAbNzw/9MPdFN//pV26AXeH/ajORVu1JVoOACZdNOIPFnwXXh8oBxNxLAYlqoK2rAL+/tns8rKqqS4p8HSat9tj07TUXnsYJmmbXJM/eB94Ex66D1ZAgMBAAGjUDBOMB0GA1UdDgQWBBTfXY8eOfDONCZpFE0V34mJJeCYtTAfBgNVHSMEGDAWgBTfXY8eOfDONCZpFE0V34mJJeCYtTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAAPv7AFlCSpJ32c/VYowlbk6UBhOKmVWBQlrAtvVQYtCKO/y9CEB8ikG19c8lHM9axnsbZR+G7g04Rfuiea3T7VPkSmUXPpz5fl6Zyk4LZg5Oji7MMMXGmr+7cpYWRhifCVwoxSgZEXt3d962IZ1Wei0LMO+4w4gnzPxqr8wVHnT";
string base64stringKey = "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMZ8m4ftIhfrdugi5kEszRZr5IRuqGDLTex+CfVnhnBYXyQgJXeCI0eyRYUAbNzw/9MPdFN//pV26AXeH/ajORVu1JVoOACZdNOIPFnwXXh8oBxNxLAYlqoK2rAL+/tns8rKqqS4p8HSat9tj07TUXnsYJmmbXJM/eB94Ex66D1ZAgMBAAECgYA1xrTs0taV3HnO0wXHSrgWBw1WxBRihTKLjGpuTqoh7g943izIgD3GwwoKyt6zzafCK0G9DcSQAjNCw7etPvPL3FxwhDl+AHSv9JcChk/auICtMWwjurG4npto+s3byj/N00Idpz1xuOgKd8k9sdoPBGKa8l+LL+adSXzoivLG8QJBAPDvbOLSs9petB2iM6w5/DiC8EoxqDaBc7I1JFCvPOfB7i1GFFxkQ7hlgxpvaPX3NHXjAZpgdOW68P/SjU0izKsCQQDS5bjrNo3xn/MbYKojzwprR/Bo8Kvbi4/2M9NE3GwHegVmx5I+df+J0aObrbBNPLs/rhrFtt12OtgxJaac+FYLAkEA8DUUbvO4wj7m/iBnug65irHo1V+6oFThv0tCIHsFkt4DEvoqdI62AZKbafCnSYqjr+CaCYqfIScG/Vay77OBLwJBAI8EYAmKPmn7+SW4wMh1z+/+ogbYJwNEOoVQkdXh0JSlZ+JSNleLN5ajhtq8x5EpPSYrEFbB8p8JurBhgwJx2g8CQQDrp9scoK8eKBJ2p/63xqLGYSN6OZQo/4Lkq3983rmHoDCAp3Bz1zUyxQB3UVyrOj4U44C7RtDNiMSZuCwvjYAI";
PrivateKeyManager key = new PrivateKeyManager();
key.FromBase64(base64stringKey);
CertificateX509 cert = new CertificateX509();
cert.FromBase64(base64stringCert);
runTestWithEncoding(key, cert, "SHA256");
}
public void Test_sha512_2048_DER()
{
string pathKey = Path.Combine(path_RSA_sha512_2048, "sha512d_key.pem");
string pathCert = Path.Combine(path_RSA_sha512_2048, "sha512_cert.crt");
PrivateKeyManager key = new PrivateKeyManager();
CertificateX509 cert = new CertificateX509();
key.Load(pathKey);
cert.Load(pathCert);
string alg = "RS512";
bulkTest(key, cert, alg);
}
public static void ImportIntermediateCert(string privateCertificatePath, string thumbprint)
{
try
{
PrivateKeyManager.ImportPublicCert(privateCertificatePath,
thumbprint,
PrivateKeyManager.CertificateStores.CERT_SYSTEM_STORE_LOCAL_MACHINE, "CA");
}
catch
{
Console.WriteLine("Failed importing public key to the Other People certificate store");
}
}
private static void ImportPublicCert(string sPrivateCertPath, string m_sThumb)
{
try
{
PrivateKeyManager.ImportPublicCert(sPrivateCertPath,
m_sThumb,
PrivateKeyManager.CertificateStores.CERT_SYSTEM_STORE_LOCAL_MACHINE, "AddressBook");
}
catch
{
Console.WriteLine("Failed importing public key to the Other People certificate store");
}
}
private bool inicializeInstanceVariables(PrivateKeyManager key, CertificateX509 certificate)
{
this.privateKey = key.getPrivateKeyForXML();
if (this.privateKey == null)
{
this.error = key.GetError();
return(false);
}
this.publicKey = certificate.getPublicKeyXML();
this.digest = certificate.getPublicKeyHash();
this.asymAlgorithm = certificate.getPublicKeyAlgorithm();
return(true);
}
public void Test_sha256_1024_PEM()
{
String pathKey = Path.Combine(path_RSA_sha256_1024, "sha256d_key.pem");
PrivateKeyManager key = new PrivateKeyManager();
key.Load(pathKey);
options.SetPrivateKey(key);
String alg = "RS256";
String token = jwt.DoCreate(alg, claims, options);
Assert.IsFalse(SecurityUtils.compareStrings("", token));
Assert.IsFalse(jwt.HasError());
}
private static void ImportPublicRootCert(string sPrivateCertPath)
{
try
{
PrivateKeyManager.ImportPublicCert(sPrivateCertPath,
null,
PrivateKeyManager.CertificateStores.CERT_SYSTEM_STORE_LOCAL_MACHINE, "Root");
}
catch
{
Console.WriteLine("Failed importing root public key to the Trusted Root Certification Authorities certificate store");
}
}
public void Test_sha256_1024_PKCS12()
{
string pathKey = Path.Combine(path_RSA_sha256_1024, "sha256_cert.p12");
string pathCert = Path.Combine(path_RSA_sha256_1024, "sha256_cert.p12");
PrivateKeyManager key = new PrivateKeyManager();
CertificateX509 cert = new CertificateX509();
key.LoadPKCS12(pathKey, alias, password);
cert.LoadPKCS12(pathCert, alias, password);
string alg = "RS256";
bulkTest(key, cert, alg);
}
public void Test_sha256_1024_PEM()
{
string pathKey = Path.Combine(path_RSA_sha256_1024, "sha256d_key.pem");
string pathCert = Path.Combine(path_RSA_sha256_1024, "sha256_cert.pem");
PrivateKeyManager key = new PrivateKeyManager();
CertificateX509 cert = new CertificateX509();
key.Load(pathKey);
cert.Load(pathCert);
string alg = "RS256";
bulkTest(key, cert, alg);
}
public void Test_sha256_2048_PEM_Encrypted()
{
string pathKey = Path.Combine(path_RSA_sha256_2048, "sha256_key.pem");
string pathCert = Path.Combine(path_RSA_sha256_2048, "sha256_cert.pem");
PrivateKeyManager key = new PrivateKeyManager();
CertificateX509 cert = new CertificateX509();
key.LoadEncrypted(pathKey, password);
cert.Load(pathCert);
string alg = "RS256";
bulkTest(key, cert, alg);
}
