public static X509Certificate GetX509CertFromPKCS12(Byte[] PKCS12Data, String password)
{
BIO pkcs12BIO = BIO.MemoryBuffer();
pkcs12BIO.Write(PKCS12Data);
X509Certificate cert1 = X509Certificate.FromPKCS12(pkcs12BIO, password);
using (MemoryStream ms = new MemoryStream())
{
using (BinaryWriter bw = new BinaryWriter(ms))
using (BIO bio = BIO.MemoryBuffer())
{
cert1.Write(bio);
Byte[] certData = bio.ReadBytes((Int32)bio.NumberWritten).Array;
bw.Write(certData);
bw.Close();
}
BIO certBio = BIO.MemoryBuffer();
certBio.Write(ms.ToArray());
return(new X509Certificate(certBio));
}
}
public void LoadCA(String PKCS12Filename)
{
FileInfo caPkcs12 = new FileInfo(PKCS12Filename);
if (caPkcs12.Exists)
{
try
{
Byte[] bPKCS12 = File.ReadAllBytes(caPkcs12.FullName);
// You need to write the CSR string to a BIO object as shown below.
BIO pkcs12BIO = BIO.MemoryBuffer();
pkcs12BIO.Write(bPKCS12);
X509Certificate cert = X509Certificate.FromPKCS12(pkcs12BIO, this.caPassword);
if (RootCA != null)
{
RootCA.Dispose();
}
RootCA = new X509CertificateAuthority(cert, cert.PrivateKey, new SimpleSerialNumber(1), cfg);
}
catch (Exception ex)
{
RootCA = null;
}
}
}
private void Read_User_PKI()
{
try
{
BIO bio = BIO.MemoryBuffer();
var keys = File.ReadAllLines(KMS_Client_UC.Private_key_file);
if (keys.Length > 25)
{
byte[] bytes;
for (int i = 0; i < 28; i++)
{
if (i == 0)
{
User = keys[i];
}
else
{
string temp = keys[i] + "\n";
bytes = Encoding.ASCII.GetBytes(temp);
bio.Write(bytes, bytes.Length);
}
}
user_priv_key = RSA.FromPrivateKey(bio);
}
}
catch (Exception ex)
{ }
}
public override PrivateKey ImportPrivateKey <PK>(EncodingFormat fmt, Stream source)
{
if (typeof(PK) == typeof(RsaPrivateKey))
{
using (BIO keyBio = BIO.MemoryBuffer())
{
using (var ms = new MemoryStream())
{
source.CopyTo(ms);
keyBio.Write(ms.ToArray());
}
using (var key = CryptoKey.FromPrivateKey(keyBio, null))
{
var rsa = key.GetRSA();
return(new RsaPrivateKey(rsa.Size,
rsa.PrivateExponent.ToHexString(),
rsa.PrivateKeyAsPEM));
}
}
}
else
{
throw new NotSupportedException("unsupported private key type");
}
}
public void Bug2993305()
{
BIO mb = BIO.MemoryBuffer();
mb.Write("Some junk");
ArraySegment <byte> result = mb.ReadBytes(0);
Assert.AreEqual(0, result.Count);
}
override protected bool HandleIncoming(MemBlock data, out MemBlock app_data)
{
app_data = null;
int count = 0;
lock (_buffer_sync) {
if (data != null)
{
data.CopyTo(_buffer, 0);
_read.Write(_buffer, data.Length);
}
count = _ssl.Read(_buffer, _buffer.Length);
if (count > 0)
{
app_data = MemBlock.Copy(_buffer, 0, count);
}
}
if (app_data != null)
{
// If the read was successful, Dtls has received an incoming data
// message and decrypted it
return(true);
}
else
{
SslError error = _ssl.GetError(count);
if (error == SslError.SSL_ERROR_WANT_READ)
{
if (SslState == SslState.OK)
{
UpdateState(States.Active);
// In the SslCtx verify, there's no way to get the underlying Sender
_ch.Verify(RemoteCertificate, Sender);
}
HandleWouldBlock();
}
else if (error == SslError.SSL_ERROR_SSL)
{
var ose = new OpenSslException();
Close("Received unrecoverable error: " + ose.ToString());
throw ose;
}
else if (error == SslError.SSL_ERROR_ZERO_RETURN)
{
Close("Received clean close notification");
}
else
{
ProtocolLog.WriteIf(ProtocolLog.SecurityExceptions,
"Receive other: " + error);
}
}
return(false);
}
public static X509Certificate LoadCert(Byte[] X509Data)
{
BIO x509BIO = BIO.MemoryBuffer();
x509BIO.Write(X509Data);
X509Certificate cert = new X509Certificate(x509BIO);
return(cert);
}
public static ox509.X509Certificate MonoX509ToOpenSsl(mx509.X509Certificate cert)
{
BIO bio = BIO.MemoryBuffer(true);
bio.Write(cert.RawData);
var ocert = ox509.X509Certificate.FromDER(bio);
bio.Dispose();
return(ocert);
}
public static X509Certificate LoadCert(Byte[] PKCS12Data, String password)
{
BIO pkcs12BIO = BIO.MemoryBuffer();
pkcs12BIO.Write(PKCS12Data);
X509Certificate cert = X509Certificate.FromPKCS12(pkcs12BIO, password);
return(cert);
}
/// <summary>
/// Converts a certificate and private key to a PKCS#12 (.PFX) file.
/// </summary>
public static void ConvertToPfx(Stream keyPemSource, Stream crtPemSource, Stream isrPemSource, Stream pfxTarget)
{
using (BIO keyBio = BIO.MemoryBuffer(),
crtBio = BIO.MemoryBuffer(),
isrBio = BIO.MemoryBuffer())
{
using (var ms = new MemoryStream())
{
keyPemSource.CopyTo(ms);
keyBio.Write(ms.ToArray());
}
using (var ms = new MemoryStream())
{
crtPemSource.CopyTo(ms);
crtBio.Write(ms.ToArray());
}
using (var ms = new MemoryStream())
{
isrPemSource.CopyTo(ms);
isrBio.Write(ms.ToArray());
}
using (var key = CryptoKey.FromPrivateKey(keyBio, null))
{
using (var crt = new X509Certificate(crtBio))
{
using (var isr = new X509Certificate(isrBio))
{
var isrStack = new OpenSSL.Core.Stack <X509Certificate>();
isrStack.Add(isr);
using (var pfx = new PKCS12(null, key, crt, isrStack))
{
using (var pfxBio = BIO.MemoryBuffer())
{
pfx.Write(pfxBio);
var arr = pfxBio.ReadBytes((int)pfxBio.BytesPending);
pfxTarget.Write(arr.Array, arr.Offset, arr.Count);
}
}
}
}
}
}
}
public static X509Certificate LoadCert(String X509Filename)
{
FileInfo certFile = new FileInfo(X509Filename);
if (certFile.Exists)
{
Byte[] bX509 = File.ReadAllBytes(certFile.FullName);
BIO x509BIO = BIO.MemoryBuffer();
x509BIO.Write(bX509);
X509Certificate cert = X509Certificate.FromDER(x509BIO);
return(cert);
}
else
{
return(null);
}
}
private void Check_PKI()
{
BIO bio = BIO.MemoryBuffer();
var keys = File.ReadAllLines(Private_Keys);
byte[] bytes;
for (int i = 1; i < 28; i++)
{
string temp = keys[i] + "\n";
bytes = Encoding.ASCII.GetBytes(temp);
bio.Write(bytes, bytes.Length);
}
var rsa = RSA.FromPrivateKey(bio);
bytes = Encoding.ASCII.GetBytes("Hello");
byte[] ctext = rsa.PublicEncrypt(bytes, RSA.Padding.PKCS1);
byte[] ptext = rsa.PrivateDecrypt(ctext, RSA.Padding.PKCS1);
}
private void Read_Users_PKI()
{
if (Users_PKI == null)
{
Users_PKI = new Dictionary <string, RSA>();
}
else
{
Users_PKI.Clear();
}
var keys = File.ReadAllLines(KMS_Client_UC.Public_key_file);
if (keys.Length >= 99)
{
byte[] bytes;
for (int i = 0; i < 10; i++)
{
BIO bio = BIO.MemoryBuffer();
string user = "", temp;
for (int j = i * 10; j < (i + 1) * 10; j++)
{
if (j == i * 10)
{
user = keys[j];
}
else
{
temp = keys[j] + "\n";
bytes = Encoding.ASCII.GetBytes(temp);
bio.Write(bytes, bytes.Length);
}
}
Users_PKI.Add(user, RSA.FromPublicKey(bio));
}
}
}
/// <summary>
/// Support exporting certificates to <see cref="EncodingFormat.PEM">PEM</see>
/// and <see cref="EncodingFormat.DER">DER</see> formats.
/// </summary>
public override void ExportCertificate(Crt cert, EncodingFormat fmt, Stream target)
{
if (fmt == EncodingFormat.PEM)
{
var bytes = Encoding.UTF8.GetBytes(cert.Pem);
target.Write(bytes, 0, bytes.Length);
}
else if (fmt == EncodingFormat.DER)
{
using (BIO bioPem = BIO.MemoryBuffer())
{
bioPem.Write(cert.Pem);
using (var x509 = new X509Certificate(bioPem))
{
var bytes = x509.DER;
target.Write(bytes, 0, bytes.Length);
}
}
}
else
{
throw new NotSupportedException("unsupported encoding format");
}
}
/// <summary>
/// Returns the cipher's LongName
/// </summary>
/// <param name="bio"></param>
public override void Print(BIO bio)
{
bio.Write("CipherContext: " + cipher.LongName);
}
/// <summary>
/// Prints the LongName of this cipher.
/// </summary>
/// <param name="bio"></param>
public override void Print(BIO bio)
{
bio.Write(LongName);
}
public void LoadOrCreateCA(String PKCS12Filename, X509Name Name, subjectAltName altNames)
{
FileInfo caPkcs12 = new FileInfo(PKCS12Filename);
if (caPkcs12.Exists)
{
try
{
Byte[] bPKCS12 = File.ReadAllBytes(caPkcs12.FullName);
// You need to write the CSR string to a BIO object as shown below.
BIO pkcs12BIO = BIO.MemoryBuffer();
pkcs12BIO.Write(bPKCS12);
X509Certificate cert = X509Certificate.FromPKCS12(pkcs12BIO, this.caPassword);
if (RootCA != null)
{
RootCA.Dispose();
}
RootCA = new X509CertificateAuthority(cert, cert.PrivateKey, new SimpleSerialNumber(1), cfg);
}
catch
{
RootCA = null;
}
}
if (RootCA == null)
{
X509V3ExtensionList ext = new X509V3ExtensionList();
ext.Add(new X509V3ExtensionValue("nsComment", true, "SafeID - IAM Generated Certificate"));
ext.Add(new X509V3ExtensionValue("basicConstraints", true, "CA:true"));
//ext.Add(new X509V3ExtensionValue("keyUsage", true, "critical, cRLSign, keyCertSign, digitalSignature"));
ext.Add(new X509V3ExtensionValue("subjectKeyIdentifier", true, "hash"));
ext.Add(new X509V3ExtensionValue("authorityKeyIdentifier", true, "keyid,issuer:always"));
if (altNames != null)
{
foreach (Uri u in altNames.Uri)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "URI:" + u.AbsoluteUri.ToLower()));
}
foreach (String m in altNames.Mail)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "email:" + m));
}
foreach (String s in altNames.Dns)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "DNS:" + s));
}
foreach (String s in altNames.Text)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "otherName:1.2.3.4;UTF8:" + s));
}
}
RootCA = X509CertificateAuthority.SelfSigned(new SimpleSerialNumber(), CreateNewRSAKey(2048), MessageDigest.SHA1, Name, DateTime.Now.AddHours(-24), (DateTime.Now.AddYears(10) - DateTime.Now), ext);
BuildPKCS12AndSave(caPkcs12.FullName, this.caPassword, RootCA.Key, RootCA.Certificate);
}
}
/// <summary>
/// Prints the long name
/// </summary>
/// <param name="bio"></param>
public override void Print(BIO bio)
{
bio.Write("MessageDigestContext: " + this.md.LongName);
}
private void InternalReadCallback(IAsyncResult asyncResult)
{
InternalAsyncResult internalAsyncResult = (InternalAsyncResult)asyncResult.AsyncState;
bool haveDataToReturn = false;
try
{
int bytesRead = 0;
try
{
bytesRead = innerStream.EndRead(asyncResult);
}
catch (Exception ex)
{
// Set the exception into the internal async result
internalAsyncResult.SetComplete(ex);
}
if (bytesRead <= 0)
{
// Zero byte read most likely indicates connection closed (if it's a network stream)
internalAsyncResult.SetComplete(0);
return;
}
else
{
// Copy encrypted data into the SSL read_bio
read_bio.Write(read_buffer, bytesRead);
if (handShakeState == HandshakeState.InProcess ||
handShakeState == HandshakeState.RenegotiateInProcess)
{
// We are in the handshake, complete the async operation to fire the async
// handshake callback for processing
internalAsyncResult.SetComplete(bytesRead);
return;
}
uint nBytesPending = read_bio.BytesPending;
byte[] decrypted_buf = new byte[SSL3_RT_MAX_PACKET_SIZE];
while (nBytesPending > 0)
{
int decryptedBytesRead = ssl.Read(decrypted_buf, decrypted_buf.Length);
if (decryptedBytesRead <= 0)
{
SslError lastError = ssl.GetError(decryptedBytesRead);
if (lastError == SslError.SSL_ERROR_WANT_READ)
{
// if we have bytes pending in the write bio.
// the client has requested a renegotiation
if (write_bio.BytesPending > 0)
{
// Start the renegotiation by writing the write_bio data, and use the RenegotiationWriteCallback
// to handle the rest of the renegotiation
ArraySegment <byte> buf = write_bio.ReadBytes((int)write_bio.BytesPending);
innerStream.BeginWrite(buf.Array, 0, buf.Count, new AsyncCallback(RenegotiationWriteCallback), internalAsyncResult);
return;
}
// no data in the out bio, we just need more data to complete the record
//break;
}
else if (lastError == SslError.SSL_ERROR_WANT_WRITE)
{
// unexpected error!
//!!TODO debug log
}
else if (lastError == SslError.SSL_ERROR_ZERO_RETURN)
{
// Shutdown alert
SendShutdownAlert();
break;
}
else
{
throw new OpenSslException();
}
}
if (decryptedBytesRead > 0)
{
// Write decrypted data to memory stream
long pos = decrypted_data_stream.Position;
decrypted_data_stream.Seek(0, SeekOrigin.End);
decrypted_data_stream.Write(decrypted_buf, 0, decryptedBytesRead);
decrypted_data_stream.Seek(pos, SeekOrigin.Begin);
haveDataToReturn = true;
}
// See if we have more data to process
nBytesPending = read_bio.BytesPending;
}
// Check to see if we have data to return, if not, fire the async read again
if (!haveDataToReturn)
{
innerStream.BeginRead(read_buffer, 0, read_buffer.Length, new AsyncCallback(InternalReadCallback), internalAsyncResult);
}
else
{
int bytesReadIntoUserBuffer = 0;
// Read the data into the buffer provided by the user (now hosted in the InternalAsyncResult)
bytesReadIntoUserBuffer = decrypted_data_stream.Read(internalAsyncResult.Buffer, internalAsyncResult.Offset, internalAsyncResult.Count);
internalAsyncResult.SetComplete(bytesReadIntoUserBuffer);
}
}
}
catch (Exception ex)
{
internalAsyncResult.SetComplete(ex);
}
}
/// <summary>
/// Prints MessageDigest
/// </summary>
/// <param name="bio"></param>
public override void Print(BIO bio)
{
bio.Write("MessageDigest");
}
