private string Sign( SignatureType mode, GostFlavor gostFlavor, string certificateThumbprint, XmlDocument signThis, bool assignDs, string nodeToSign, bool ignoreExpiredCert = false, string stringToSign = null, byte[] bytesToSign = null, bool?isAddSigningTime = null) { ICertificateProcessor cp = new CertificateProcessor(); X509Certificate2 certificate = cp.SearchCertificateByThumbprint(certificateThumbprint); if (!certificate.HasPrivateKey) { throw ExceptionFactory.GetException(ExceptionType.PrivateKeyMissing, certificate.Subject); } if (!ignoreExpiredCert && cp.IsCertificateExpired(certificate)) { throw ExceptionFactory.GetException(ExceptionType.CertExpired, certificate.Thumbprint); } return(Sign(mode, gostFlavor, certificate, signThis, assignDs, nodeToSign, stringToSign, bytesToSign, isAddSigningTime)); }
public void CreateListener(Dictionary <String, X509Certificate2> prefixes) { var certProc = new CertificateProcessor(ServerComms); _listener = new System.Net.HttpListener(); foreach (string s in prefixes.Keys) { certProc.AddCertificateToHost(s, prefixes[s]); _listener.Prefixes.Add(s); } _listener.Start(); var result = _listener.BeginGetContext(new AsyncCallback(ListenerCallback), _listener); }
public async Task DelegateProcessor_Test() { IServiceCollection sc = new ServiceCollection(); HttpRequestMessage request = null; sc.AddHttpClient(CertificateProcessor.HTTP_CLIENT_NAME) .AddMockHttpMessageHandler() .AddMock("*", HttpMethod.Get, async(req, res) => { request = req; await res.WriteObjectAsync(new ClientCertificateToken() { access_token = "1", token_type = "1", expires_in = 60 }); }); var sp = sc.BuildServiceProvider(); IHttpClientFactory factory = sp.GetRequiredService <IHttpClientFactory>(); var processor = CertificateProcessor.CreateDelegateProcessor(async(ci, client) => { return(await client.GetAsync <ClientCertificateToken>("/cgi-bin/token", new NameValueCollection() { { "grant_type", "client_credential" }, { "appid", ci.ClientID }, { "secret", ci.ClientSecret } })); }); var token = await processor.GetToken(new ClientCertificateInfo() { ClientID = "1", ClientName = "1", ClientSecret = "1", AuthUrl = "https://auth.com" }, factory); string reqStr = request.RequestUri.AbsoluteUri; Assert.Equal("https://auth.com/cgi-bin/token?grant_type=client_credential&appid=1&secret=1", reqStr); }
public void CreateListener(Dictionary <String, X509Certificate2> prefixes) { var certProc = new CertificateProcessor(ServerComms); _listener = new System.Net.HttpListener(); foreach (string s in prefixes.Keys) { certProc.AddCertificateToHost(s, prefixes[s]); _listener.Prefixes.Add(s); } _listener.Start(); System.Threading.Tasks.Task.Factory.StartNew(() => { while (_listener.IsListening) { var result = _listener.BeginGetContext(new AsyncCallback(ListenerCallback), _listener); result.AsyncWaitHandle.WaitOne(); } }); }
public VerifierResponse VerifyXmlSignature( SignatureType mode, XmlDocument message, string certificateFilePath = null, string certificateThumb = null, string nodeId = null, bool isVerifyCertificateChain = false) { SignedXml signedXml = new SignedXml(message); Signer.Smev2SignedXml smev2SignedXml = null; X509Certificate2 cert = null; bool isCerFile; if ((isCerFile = !string.IsNullOrEmpty(certificateFilePath)) || !string.IsNullOrEmpty(certificateThumb)) { //means we are testing signature on external certificate if (isCerFile) { cert = new X509Certificate2(); try { cert.Import(certificateFilePath); } catch (Exception e) { throw ExceptionFactory.GetException( ExceptionType.CertificateImportException, certificateFilePath, e.Message); } } else { //throws if not found ICertificateProcessor cp = new CertificateProcessor(); cert = cp.SearchCertificateByThumbprint(certificateThumb); } } XmlNodeList signaturesInDoc = message.GetElementsByTagName( "Signature", SignedXml.XmlDsigNamespaceUrl ); var signatures = signaturesInDoc .Cast <XmlElement>() .ToDictionary( (elt) => { XNamespace ns = elt.GetXElement().Name.Namespace; return(elt.GetXElement().Descendants(ns + "Reference").First().Attributes("URI").First() .Value.Replace("#", "")); }, (elt => elt) ); if (!string.IsNullOrEmpty(nodeId) && !signatures.ContainsKey(nodeId)) { throw ExceptionFactory.GetException(ExceptionType.ReferencedSignatureNotFound, nodeId); } if (signaturesInDoc.Count == 0) { throw ExceptionFactory.GetException(ExceptionType.NoSignaturesFound); } switch (mode) { case SignatureType.Smev2BaseDetached: smev2SignedXml = new Signer.Smev2SignedXml(message); try { smev2SignedXml.LoadXml( !string.IsNullOrEmpty(nodeId) ? signatures[nodeId] : signatures["body"]); } catch (Exception e) { throw ExceptionFactory.GetException(ExceptionType.CertificateContentCorrupted, e.Message); } XmlNodeList referenceList = smev2SignedXml.KeyInfo .GetXml() .GetElementsByTagName("Reference", Signer.WsSecurityWsseNamespaceUrl); if (referenceList.Count == 0) { throw ExceptionFactory.GetException(ExceptionType.Smev2CertificateReferenceNotFound); } string binaryTokenReference = ((XmlElement)referenceList[0]).GetAttribute("URI"); if (string.IsNullOrEmpty(binaryTokenReference) || binaryTokenReference[0] != '#') { throw ExceptionFactory.GetException(ExceptionType.Smev2MalformedCertificateReference); } XmlElement binaryTokenElement = smev2SignedXml.GetIdElement( message, binaryTokenReference.Substring(1)); if (binaryTokenElement == null) { throw ExceptionFactory.GetException( ExceptionType.Smev2CertificateNotFound, binaryTokenReference.Substring(1)); } try { cert = new X509Certificate2(Convert.FromBase64String(binaryTokenElement.InnerText)); } catch (Exception e) { throw ExceptionFactory.GetException(ExceptionType.Smev2CertificateCorrupted, e.Message); } break; case SignatureType.Smev2ChargeEnveloped: if (signaturesInDoc.Count > 1) { throw ExceptionFactory.GetException( ExceptionType.ChargeTooManySignaturesFound, signaturesInDoc.Count); } if (!ChargeStructureOk(message)) { throw ExceptionFactory.GetException(ExceptionType.ChargeMalformedDocument); } try { signedXml.LoadXml(signatures.First().Value); } catch (Exception e) { throw ExceptionFactory.GetException(ExceptionType.CertificateContentCorrupted, e.Message); } break; case SignatureType.Smev2SidebysideDetached: case SignatureType.Smev3BaseDetached: case SignatureType.Smev3SidebysideDetached: try { XmlDsigSmevTransform smevTransform = new XmlDsigSmevTransform(); signedXml.SafeCanonicalizationMethods.Add(smevTransform.Algorithm); signedXml.LoadXml( !string.IsNullOrEmpty(nodeId) ? signatures[nodeId] : signatures.First().Value); } catch (Exception e) { throw ExceptionFactory.GetException(ExceptionType.CertificateContentCorrupted, e.Message); } break; case SignatureType.Pkcs7String: case SignatureType.Pkcs7StringAllCert: case SignatureType.Pkcs7StringNoCert: case SignatureType.SigDetached: case SignatureType.SigDetachedAllCert: case SignatureType.SigDetachedNoCert: throw new NotSupportedException( $"Detached signature verification is not supported by this method. Use {nameof(VerifyDetachedSignature)} method instead."); case SignatureType.Unknown: case SignatureType.Smev3Ack: case SignatureType.Rsa2048Sha256String: case SignatureType.RsaSha256String: throw ExceptionFactory.GetException(ExceptionType.UnsupportedSignatureType, mode); default: throw new ArgumentOutOfRangeException(nameof(mode), mode, null); } var isSignatureValid = smev2SignedXml?.CheckSignature(cert.PublicKey.Key) ?? (cert == null ? signedXml.CheckSignature() : signedXml.CheckSignature(cert, true) ); var isCertificateChainValid = cert?.Verify() ?? true; StringBuilder verificationMessage = new StringBuilder(); if (!isSignatureValid) { verificationMessage.AppendLine("Signature is invalid"); } if (!isCertificateChainValid) { verificationMessage.AppendLine("Certificate chain is invalid"); } var verifierResponse = new VerifierResponse() { IsCertificateChainValid = isCertificateChainValid, IsSignatureMathematicallyValid = isSignatureValid, IsSignatureSigningDateValid = true, // we do not check this for this type of signature Message = verificationMessage.ToString() }; return(verifierResponse); }
public X509CertificateSerializable CertificateToSerializable( CertificateSource source, string filePath, string nodeId) { switch (source) { case CertificateSource.Xml: ICertificateProcessor cp = new CertificateProcessor(); return(new X509CertificateSerializable( cp.ReadCertificateFromXmlDocument(XDocument.Load(filePath), nodeId))); case CertificateSource.Base64: try { return(new X509CertificateSerializable(new X509Certificate2(File.ReadAllBytes(filePath)))); } catch (Exception e) { throw ExceptionFactory.GetException(ExceptionType.CertificateFileCorrupted, e.Message); } case CertificateSource.Cer: try { X509Certificate2 cer = new X509Certificate2(); if (Path.GetExtension(filePath) == ".p7b") { X509Certificate2Collection collection = new X509Certificate2Collection(); collection.Import(filePath); if (collection.Count < 1) { throw ExceptionFactory.GetException(ExceptionType.NoCertificatesFound, filePath); } if (collection.Count == 1) { cer = collection[0]; } if (collection.Count > 1) { return(new X509CertificateSerializable(collection)); } } else { cer.Import(filePath); } return(new X509CertificateSerializable(cer)); } catch (Exception e) { throw ExceptionFactory.GetException(ExceptionType.CertificateFileCorrupted, e.Message); } default: throw ExceptionFactory.GetException(ExceptionType.UnknownCertificateSource); } }