public X509Certificate2 GetCertificateForHostPlain(string sHostname)
{
return(_certificateCache.GetOrAdd(sHostname, hostname =>
{
var signatureAlgorithm = CertificateConfiguration.EECertificateHashAlgorithm;
return _generator.GenerateCertificate(GetRootCertificate(), EEPrivateKey, new X500DistinguishedName(FIDDLER_EE_DN), new[] { hostname }, signatureAlgorithm: signatureAlgorithm);
}));
}
public static IWebHost BuildWebHost() =>
WebHost.CreateDefaultBuilder()
.UseKestrel(
options =>
{
#if DEBUG
options.Listen(IPAddress.Loopback, 5000);
backendServerPort = 5000;
#else
// Get free TCP port and write it to STDOUT where the Electron frontend can catch it.
backendServerPort = FindFreeTcpPort();
options.Listen(IPAddress.Loopback, backendServerPort, listenOptions =>
{
var httpsOptions =
new HttpsConnectionAdapterOptions
{
ServerCertificate =
CertificateGenerator
.GenerateCertificate(
$"CN={DigestUtils.GetDigestFromAssembly(typeof(Program).Assembly).ToLowerInvariant()}")
};
listenOptions.UseHttps(httpsOptions);
});
#endif
})
.UseStartup <Startup>()
.Build();
static public void CreateGroup(APIServer server, CertificateGenerator generator)
{
// Generate group Certificate
var groupKeys = generator.GenerateCertificate("C=DE,O=Organiztion", TimeSpan.FromDays(1), "cert.pfx", "Test.123");
Console.WriteLine("Group certificate was generated");
BlindSigner blindSigner = new BlindSigner(groupKeys);
GroupCreator groupCreator = new GroupCreator(server, blindSigner);
Console.WriteLine("Create group");
Console.WriteLine("Enter group name:");
string groupName = Console.ReadLine();
//string groupName = "Loazarii";
Group group = new Group();
group.Name = groupName;
Console.WriteLine("Enter owner email:");
string ownerEmail = Console.ReadLine();
//string ownerEmail = "*****@*****.**";
group.OwnerEmail = ownerEmail;
group.RsaPublicKey = (RsaKeyParameters)groupKeys.Public;
groupCreator.RegisterGroup(group);
Console.WriteLine("");
//Write keys to file
File.WriteAllText(group.Name + "PublicKey.txt", RsaKeyUtils.GetSerializedPublicKey((RsaKeyParameters)groupKeys.Public));
File.WriteAllText(group.Name + "PrivateKey.txt", RsaKeyUtils.GetSerializedPrivateKey((RsaKeyParameters)groupKeys.Private));
Console.WriteLine("You're group " + group.Name + " was registered!");
}
public X509Certificate2 GetCertificateForHostPlain(string sHostname)
{
_rwl.AcquireReaderLock(LOCK_TIMEOUT);
try
{
var certExists = _certificateCache.ContainsKey(sHostname);
if (certExists)
{
return(_certificateCache[sHostname]);
}
else
{
var signatureAlgorithm = CertificateConfiguration.EECertificateHashAlgorithm;
var cert = _generator.GenerateCertificate(GetRootCertificate(), EEPrivateKey, new X500DistinguishedName(FIDDLER_EE_DN), new[] { sHostname }, signatureAlgorithm: signatureAlgorithm);
var lockCookie = default(LockCookie);
try
{
lockCookie = _rwl.UpgradeToWriterLock(LOCK_TIMEOUT);
if (!_certificateCache.ContainsKey(sHostname))
{
_certificateCache.Add(sHostname, cert);
}
else
{
return(_certificateCache[sHostname]);
}
}
finally
{
_rwl.DowngradeFromWriterLock(ref lockCookie);
}
return(cert);
}
}
finally
{
_rwl.ReleaseReaderLock();
}
}
static public void RegisterParticipant(APIServer server, GroupRepository groupRepository, CertificateGenerator generator)
{
Console.WriteLine("Enter the group for which you want to register participants:");
string groupName = Console.ReadLine();
string pubKeyFile = groupName + "PublicKey.txt";
string privKeyFile = groupName + "PrivateKey.txt";
if (pubKeyFile != null && privKeyFile != null)
{
var groupCreator = GetGroupCreator(server, pubKeyFile, privKeyFile);
Console.WriteLine();
Console.WriteLine("Enter participant email to be confirmed:");
var participantEmail = Console.ReadLine();
var participant = groupCreator.GetParticipantToConfirm(groupName, participantEmail);
int invitationCode = participant.InvitationCode;
Guid groupId = (Guid)participant.GroupId;
string email = participant.Email;
Group user_group = groupCreator.GetGroup(participant.InvitationCode);
ClientParticipant clientParticipant = new ClientParticipant(server, groupRepository);
var groupPublicKey = clientParticipant.GetGroupDetails(invitationCode);
//Generate certificate
var participantKeys = generator.GenerateCertificate("C=RO,O=Qubiz", TimeSpan.FromDays(1), "certParticipant.pfx", "Test.123");
Console.WriteLine("Client certificate was generated");
//Write keys to file
File.WriteAllText(participantEmail.Substring(0, participantEmail.IndexOf("@")) + "PublicKey.txt", RsaKeyUtils.GetSerializedPublicKey((RsaKeyParameters)participantKeys.Public));
File.WriteAllText(participantEmail.Substring(0, participantEmail.IndexOf("@")) + "PrivateKey.txt", RsaKeyUtils.GetSerializedPrivateKey((RsaKeyParameters)participantKeys.Private));
Console.WriteLine("Participant keys were saved to file");
//Create GroupRegistration
var groupRegistration = clientParticipant.GetGroupRegistration(invitationCode, (RsaKeyParameters)participantKeys.Public);
Console.WriteLine("Blind factor was saved");
//Save blindedCertificate
clientParticipant.RegisterBlindCertificate(invitationCode, groupRegistration);
Console.WriteLine("Blind certificate was saved");
}
else
{
Console.WriteLine("Group creator Keys were not saved to file, please go to step 1");
}
}
private static void Certificate_Sample()
{
var algorithm = "RSA";
var keySize = 2048;
//颁发者DN
var issuer = new X509Name(new ArrayList
{
X509Name.C,
X509Name.O,
X509Name.OU,
X509Name.L,
X509Name.ST
}, new Hashtable
{
[X509Name.C] = "CN",
[X509Name.O] = "Fulu Newwork",
[X509Name.OU] = "Fulu RSA CA 2020",
[X509Name.L] = "Wuhan",
[X509Name.ST] = "Hubei",
});
//使用者DN
var subject = new X509Name(new ArrayList
{
X509Name.C,
X509Name.O,
X509Name.CN
}, new Hashtable
{
[X509Name.C] = "CN",
[X509Name.O] = "ICH",
[X509Name.CN] = "*.fulu.com"
});
CertificateGenerator.GenerateCertificate(new GenerateCertificateOptions {
Path = "mypfx.pfx", Issuer = issuer, Subject = subject
});
var password = "******"; //证书密码
var signatureAlgorithm = "SHA256WITHRSA"; //签名算法
//var keyP = RSAKeyGenerator.Pkcs1();
//var pK = AsymmetricKeyUtilities.GetAsymmetricKeyParameterFormPrivateKey(keyP.PrivateKey);
//CertificateGenerator.GenerateCertificate(new GenerateCertificateOptions{ Path = "mypfx.pfx", Issuer = issuer, Subject = subject });
//生成证书
// CertificateGenerator.X509V3(algorithm, keySize, password, signatureAlgorithm, DateTime.Now.AddDays(-1),DateTime.Now.AddDays(2), issuer, subject, "mycert.cert", "mypfx.pfx");
var pfx = new X509Certificate2("mypfx.pfx", password, X509KeyStorageFlags.Exportable);
var keyPair2 = DotNetUtilities.GetKeyPair(pfx.PrivateKey);
var subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair2.Public);
var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair2.Private);
var privateKey = Base64.ToBase64String(privateKeyInfo.ParsePrivateKey().GetEncoded());
var publicKey = Base64.ToBase64String(subjectPublicKeyInfo.GetEncoded());
//var cert = new X509Certificate2("mycert.cert", string.Empty, X509KeyStorageFlags.Exportable);
//var publicKey2 = Base64.ToBase64String(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(DotNetUtilities.FromX509Certificate(cert).GetPublicKey()).GetEncoded());
Console.ForegroundColor = ConsoleColor.DarkYellow;
Console.WriteLine("Pfx证书私钥:");
Console.WriteLine(privateKey);
Console.WriteLine("Pfx证书公钥:");
Console.WriteLine(publicKey);
//Console.WriteLine("Cert证书公钥:");
//Console.WriteLine(publicKey2);
var data = "hello rsa";
Console.WriteLine($"加密原文:{data}");
var pkcs1data = RSA.EncryptToBase64(data, AsymmetricKeyUtilities.GetAsymmetricKeyParameterFormPublicKey(publicKey), Algorithms.RSA_ECB_PKCS1Padding);
Console.WriteLine("加密结果:");
Console.WriteLine(pkcs1data);
//pkcs1data =
// "KGbgP3Ns6kFyjJ7tbepdZ3X8zssoHKWyVzVesghWg8fFP0ZMVumf+iXJ93LBu3xqKWE/5JTr1qFc5u0Cm3BUPnusMjBTgMrQk3zopVOELpChFbkeTR2YHsdDZdBzaJVN4SQQwHMkp2w8Pyb9x1NjsFoHHQEskBUNnOEuGkEFZdg=";
Console.WriteLine("解密结果:");
var datares = RSA.DecryptFromBase64(pkcs1data,
AsymmetricKeyUtilities.GetAsymmetricKeyParameterFormPrivateKey(privateKey), Algorithms.RSA_ECB_PKCS1Padding);
Console.WriteLine(datares);
}
static void Main(string[] args)
{
//Asta va fi inlocuit cu un API call
SignatureVerifier signatureVerifier = new SignatureVerifier();
RNGRandomGenerator rngGenerator = new RNGRandomGenerator();
EmailSender emailSender = new EmailSender();
BlindChatDbContext context = new BlindChatDbContext();
GroupRepository groupRepository = new GroupRepository(context);
APIServer server = new APIServer(groupRepository, emailSender, rngGenerator, signatureVerifier);
//Set participants
List <Participant> unconfirmedParticipants = server.GetParticipantsToConfirm("Loazarii");
foreach (var participant in unconfirmedParticipants)
{
int invitationCode = participant.InvitationCode;
Guid groupId = (Guid)participant.GroupId;
string email = participant.Email;
Group group = server.GetGroup(participant.InvitationCode);
ClientParticipant clientParticipant = new ClientParticipant(server, groupRepository);
var groupPublicKey = clientParticipant.GetGroupDetails(invitationCode);
//Generate certificate
CertificateGenerator generator = new CertificateGenerator();
var participantKeys = generator.GenerateCertificate("C=RO,O=Qubiz", TimeSpan.FromDays(1), "certParticipant.pfx", "Test.123");
//Serialize
var privateSerializedKey = RsaKeyUtils.GetSerializedPrivateKey(participantKeys.Private);
var publicSerializedKey = RsaKeyUtils.GetSerializedPublicKey(participantKeys.Public);
//Concatenante serialized key
var content = RsaKeyUtils.Combine(publicSerializedKey, privateSerializedKey);
//Generate blind content
ContentBlinder contentBlinder = new ContentBlinder((RsaKeyParameters)groupPublicKey, "Loazarii");
var blindedContent = contentBlinder.GetBlindedContent(content);
var groupRegistration = clientParticipant.GetGroupRegistration(invitationCode, (RsaKeyParameters)participantKeys.Public);
//Save blindedCertificate
clientParticipant.RegisterBlindCertificate(invitationCode, groupRegistration);
//Send for sign DONE
//Get blindSignature
var blindMessage = server.GetSignedMessage(groupId, email);
var signature = Convert.FromBase64CharArray(blindMessage.Signature.ToCharArray(), 0, blindMessage.Signature.Length);
//Unblind signature
var unblindedSignature = contentBlinder.GetUnblindedSignature(signature);
//Verify
var verifiedParticipant = clientParticipant.CheckVerifiedEntity(group, participant.Email, groupRegistration);
clientParticipant.AddClientCertificate(verifiedParticipant, group, email);
ParticipantMessage message = new ParticipantMessage();
message.Message = "Andreiu, ce nevoie faci?";
clientParticipant.AddMessage(groupId, message, verifiedParticipant);
}
Console.ReadKey();
}