public async Task CertificateCache_JWK_RS256(string certificateLocation)
{
var certCache = new CertificateCache();
var certificates = await certCache.GetCertificatesAsync(certificateLocation, FromKeyToRsa, false, default);
Assert.NotEmpty(certificates);
}
public CertificateResolverFacts()
{
m_resolver = CreateResolver(true, 60, false); // enable caching, ttl=60secs, disable negative caching
m_cache = m_resolver.Cache;
ClearCache();
}
public void Dispose()
{
Host.MainWindow.FileOpened -= OnDatabaseOpened;
CertificateCache.Dispose();
GC.SuppressFinalize(this);
}
public async Task CertificateCache_NonJWK_Error()
{
var certCache = new CertificateCache();
var exception = await Assert.ThrowsAsync <ArgumentException>(() => certCache.GetCertificatesAsync(
"https://www.googleapis.com/service_accounts/v1/metadata/x509/[email protected]", json => RSA.Create(), false, default));
Assert.Contains("Only JWK formatted keys are currently supported", exception.Message);
}
public async Task CertificateCache()
{
var certCache = new CertificateCache();
// We don't care about cert transformation here, that'll be tested when verifying.
var certificates = await certCache.GetCertificatesAsync(GoogleAuthConsts.JsonWebKeySetUrl, json => RSA.Create(), false, default);
Assert.NotEmpty(certificates);
}
public void CachingVerifyDisabledNullCacheSettings()
{
using (SystemX509Store store = SystemX509Store.OpenExternal())
{
m_resolver = new CertificateResolver(store, null);
m_cache = m_resolver.Cache;
string domain = DomainIncubator;
X509Certificate2Collection source = m_resolver.GetCertificatesForDomain(domain);
Assert.Null(m_resolver.Cache);
Assert.True(source.Count > 0);
}
}
private X509Certificate2 GetCertificateFromCache(string databasePath)
{
try
{
var thumbprint = CertificateCache.GetCachedValue(databasePath);
if (thumbprint != null)
{
return(UserCertificates.SingleOrDefault(c => c.Thumbprint.Equals(thumbprint)));
}
}
catch (Exception ex)
{
MessageService.ShowWarning($"Selected certificate can't be used!\nReason: {ex.Message}.");
}
return(null);
}
public override byte[] GetKey(KeyProviderQueryContext keyProviderQueryContext)
{
X509Certificate2 certificate = null;
if (!keyProviderQueryContext.CreatingNewKey)
{
certificate = GetCertificateFromCache(keyProviderQueryContext.DatabasePath);
}
if (certificate == null)
{
var title = "Available certificates";
var message = "Select certificate to use it for encryption on your KeePass database.";
var x509Certificates = X509Certificate2UI.SelectFromCollection(new X509Certificate2Collection(UserCertificates), title, message, X509SelectionFlag.SingleSelection)
.Cast <X509Certificate2>();
certificate = x509Certificates.FirstOrDefault();
}
if (certificate == null)
{
MessageService.ShowInfo("No valid certificate selected!");
}
else
{
try
{
if (certificate.PrivateKey is RSA rsa)
{
CertificateCache.StoreCachedValue(keyProviderQueryContext.DatabasePath, certificate.Thumbprint);
// Using HashAlgorithmName.SHA1 for backward compatibility
return(rsa.SignData(DataToSign, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1)); // DO NOT CHANGE THIS!!!!;
}
}
catch (Exception ex)
{
MessageService.ShowWarning($"Selected certificate can't be used!\nReason: {ex.Message}.");
}
}
return(null);
}
private void OnDatabaseOpened(object sender, FileOpenedEventArgs args)
{
var path = args.Database.IOConnectionInfo.Path;
CertificateCache.SetCachedItemAsValid(path);
}
