/// <summary>
/// user cert application
/// </summary>
/// <param name="config">basic information</param>
/// <param name="reqBody">user cert requests</param>
/// <returns></returns>
public Tuple <bool, string> EnrollUser(EnrollUserReqBody reqBody)
{
try
{
NodeApiReqBody <EnrollUserReqBody> req = new NodeApiReqBody <EnrollUserReqBody>()
{
body = new EnrollUserReqBody()
{
name = reqBody.name,
secret = reqBody.secret
},
header = new ReqHeader()
{
appCode = config.appInfo.AppCode,
userCode = config.userCode
}
};
////get csr
var resCsr = config.appInfo.AlgorithmType == EmAlgorithmType.SM2 ?
CsrHelper.GetSMCsr(string.Format("{0}@{1}", reqBody.name, config.appInfo.AppCode))
: CsrHelper.GetCsr(string.Format("{0}@{1}", reqBody.name, config.appInfo.AppCode));
req.body.csrPem = resCsr.Item1.Replace("\r", "");
// assemble the original string to sign
var data = ReqMacExtends.GetEnrollUserReqMac(req);
req.mac = sign.Sign(data);
var res = SendHelper.SendPost <NodeApiResBody <EnrollUserResBody> >(config.reqUrl + EnrollUserUrl, JsonConvert.SerializeObject(req), config.httpsCert);
if (res != null)
{
//check the status codes in turn
if (res.header.code != 0)
{
return(new Tuple <bool, string>(false, res.header.msg));
}
//assemble the original string to sign
var datares = ResMacExtends.GetEnrollUserResMac(res);
//verify data
if (sign.Verify(res.mac, datares))
{
//save the private key and cert
if (!string.IsNullOrEmpty(res.body.cert))
{
CertStore.SaveCert(res.body.cert, Path.Combine(config.mspDir, string.Format("{0}@{1}_cert.pem", reqBody.name, config.appInfo.AppCode)));
ECDSAStore.SavePriKey(resCsr.Item2, Path.Combine(config.mspDir, string.Format("{0}@{1}_sk.pem", reqBody.name, config.appInfo.AppCode)));
}
return(new Tuple <bool, string>(true, "cert registration successful"));
}
else
{
return(new Tuple <bool, string>(false, "failed to verify the signature"));
}
}
}
catch (Exception ex)
{
throw ex;
}
return(new Tuple <bool, string>(false, "failed to verify the cert"));
}
public void ReadTest()
{
Dictionary <string, X509Certificate2> certs = new Dictionary <string, X509Certificate2>();
CertStore.Read(certs);
//assume COMODO RSA Certification Authority root cert is on all windows machines
Assert.IsTrue(certs.ContainsKey("AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4"));
//assume COMODO RSA Certification Authority intermediate cert is on all windows machines
Assert.IsTrue(certs.ContainsKey("B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47"));
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: private javax.net.ssl.TrustManagerFactory createTrustManagerFactory(boolean trustAll, java.io.File trustedCertificatesDir, java.util.Collection<java.security.cert.X509CRL> crls, org.neo4j.ssl.ClientAuth clientAuth) throws Exception
private TrustManagerFactory CreateTrustManagerFactory(bool trustAll, File trustedCertificatesDir, ICollection <X509CRL> crls, ClientAuth clientAuth)
{
if (trustAll)
{
return(InsecureTrustManagerFactory.INSTANCE);
}
KeyStore trustStore = KeyStore.getInstance(KeyStore.DefaultType);
trustStore.load(null, null);
File[] trustedCertFiles = trustedCertificatesDir.listFiles();
if (trustedCertFiles == null)
{
throw new Exception(format("Could not find or list files in trusted directory: %s", trustedCertificatesDir));
}
else if (clientAuth == ClientAuth.REQUIRE && trustedCertFiles.Length == 0)
{
throw new Exception(format("Client auth is required but no trust anchors found in: %s", trustedCertificatesDir));
}
int i = 0;
foreach (File trustedCertFile in trustedCertFiles)
{
CertificateFactory certificateFactory = CertificateFactory.getInstance(PkiUtils.CERTIFICATE_TYPE);
using (Stream input = Files.newInputStream(trustedCertFile.toPath()))
{
while (input.available() > 0)
{
try
{
X509Certificate cert = ( X509Certificate )certificateFactory.generateCertificate(input);
trustStore.setCertificateEntry(Convert.ToString(i++), cert);
}
catch (Exception e)
{
throw new CertificateException("Error loading certificate file: " + trustedCertFile, e);
}
}
}
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.DefaultAlgorithm);
if (crls.Count > 0)
{
PKIXBuilderParameters pkixParamsBuilder = new PKIXBuilderParameters(trustStore, new X509CertSelector());
pkixParamsBuilder.RevocationEnabled = true;
pkixParamsBuilder.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls)));
trustManagerFactory.init(new CertPathTrustManagerParameters(pkixParamsBuilder));
}
else
{
trustManagerFactory.init(trustStore);
}
return(trustManagerFactory);
}
