/// <summary> /// user cert application /// </summary> /// <param name="config">basic information</param> /// <param name="reqBody">user cert requests</param> /// <returns></returns> public Tuple <bool, string> EnrollUser(EnrollUserReqBody reqBody) { try { NodeApiReqBody <EnrollUserReqBody> req = new NodeApiReqBody <EnrollUserReqBody>() { body = new EnrollUserReqBody() { name = reqBody.name, secret = reqBody.secret }, header = new ReqHeader() { appCode = config.appInfo.AppCode, userCode = config.userCode } }; ////get csr var resCsr = config.appInfo.AlgorithmType == EmAlgorithmType.SM2 ? CsrHelper.GetSMCsr(string.Format("{0}@{1}", reqBody.name, config.appInfo.AppCode)) : CsrHelper.GetCsr(string.Format("{0}@{1}", reqBody.name, config.appInfo.AppCode)); req.body.csrPem = resCsr.Item1.Replace("\r", ""); // assemble the original string to sign var data = ReqMacExtends.GetEnrollUserReqMac(req); req.mac = sign.Sign(data); var res = SendHelper.SendPost <NodeApiResBody <EnrollUserResBody> >(config.reqUrl + EnrollUserUrl, JsonConvert.SerializeObject(req), config.httpsCert); if (res != null) { //check the status codes in turn if (res.header.code != 0) { return(new Tuple <bool, string>(false, res.header.msg)); } //assemble the original string to sign var datares = ResMacExtends.GetEnrollUserResMac(res); //verify data if (sign.Verify(res.mac, datares)) { //save the private key and cert if (!string.IsNullOrEmpty(res.body.cert)) { CertStore.SaveCert(res.body.cert, Path.Combine(config.mspDir, string.Format("{0}@{1}_cert.pem", reqBody.name, config.appInfo.AppCode))); ECDSAStore.SavePriKey(resCsr.Item2, Path.Combine(config.mspDir, string.Format("{0}@{1}_sk.pem", reqBody.name, config.appInfo.AppCode))); } return(new Tuple <bool, string>(true, "cert registration successful")); } else { return(new Tuple <bool, string>(false, "failed to verify the signature")); } } } catch (Exception ex) { throw ex; } return(new Tuple <bool, string>(false, "failed to verify the cert")); }
public void ReadTest() { Dictionary <string, X509Certificate2> certs = new Dictionary <string, X509Certificate2>(); CertStore.Read(certs); //assume COMODO RSA Certification Authority root cert is on all windows machines Assert.IsTrue(certs.ContainsKey("AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4")); //assume COMODO RSA Certification Authority intermediate cert is on all windows machines Assert.IsTrue(certs.ContainsKey("B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47")); }
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: //ORIGINAL LINE: private javax.net.ssl.TrustManagerFactory createTrustManagerFactory(boolean trustAll, java.io.File trustedCertificatesDir, java.util.Collection<java.security.cert.X509CRL> crls, org.neo4j.ssl.ClientAuth clientAuth) throws Exception private TrustManagerFactory CreateTrustManagerFactory(bool trustAll, File trustedCertificatesDir, ICollection <X509CRL> crls, ClientAuth clientAuth) { if (trustAll) { return(InsecureTrustManagerFactory.INSTANCE); } KeyStore trustStore = KeyStore.getInstance(KeyStore.DefaultType); trustStore.load(null, null); File[] trustedCertFiles = trustedCertificatesDir.listFiles(); if (trustedCertFiles == null) { throw new Exception(format("Could not find or list files in trusted directory: %s", trustedCertificatesDir)); } else if (clientAuth == ClientAuth.REQUIRE && trustedCertFiles.Length == 0) { throw new Exception(format("Client auth is required but no trust anchors found in: %s", trustedCertificatesDir)); } int i = 0; foreach (File trustedCertFile in trustedCertFiles) { CertificateFactory certificateFactory = CertificateFactory.getInstance(PkiUtils.CERTIFICATE_TYPE); using (Stream input = Files.newInputStream(trustedCertFile.toPath())) { while (input.available() > 0) { try { X509Certificate cert = ( X509Certificate )certificateFactory.generateCertificate(input); trustStore.setCertificateEntry(Convert.ToString(i++), cert); } catch (Exception e) { throw new CertificateException("Error loading certificate file: " + trustedCertFile, e); } } } } TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.DefaultAlgorithm); if (crls.Count > 0) { PKIXBuilderParameters pkixParamsBuilder = new PKIXBuilderParameters(trustStore, new X509CertSelector()); pkixParamsBuilder.RevocationEnabled = true; pkixParamsBuilder.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls))); trustManagerFactory.init(new CertPathTrustManagerParameters(pkixParamsBuilder)); } else { trustManagerFactory.init(trustStore); } return(trustManagerFactory); }