public void OcspFromSelfSignedCertificate() { var caCertificate = CertificateProvider.GenerateCertificateAuthorityCertificate("Certificate Authority - Graham Miller"); var leafCertificate = CertificateProvider.GenerateSignedCertificateWithOcsp("Graham Miller", caCertificate); WriteCertificateExtensions(leafCertificate); }
public static IssuedCertificate RequestCertificate(AcmeClient client, CertificateProvider certProvider, string hostName, List <string> alternativeNames = null) { if (alternativeNames == null) { alternativeNames = new List <string>(); } PrivateKey pk; var csr = GenerateCSR(certProvider, hostName, alternativeNames, out pk); var certRequest = client.RequestCertificate(JwsHelper.Base64UrlEncode(csr)); if (certRequest.StatusCode != HttpStatusCode.Created) { throw new CertificateApplicationException(certRequest, hostName, alternativeNames.ToArray()); } Crt crt; using (var ms = new MemoryStream()) { certRequest.SaveCertificate(ms); ms.Seek(0, SeekOrigin.Begin); crt = certProvider.ImportCertificate(EncodingFormat.DER, ms); } var caCrt = GetCACertificate(certProvider, certRequest); return(new IssuedCertificate { PublicKey = crt, PrivateKey = pk, CAPublicKey = caCrt }); }
public void SignAndVerifyData() { // create the certificates var pfx = CertificateProvider.GenerateSelfSignedCertificate("Graham Miller"); Assert.That(pfx.HasPrivateKey, Is.True); var cer = new X509Certificate2(pfx.Export(X509ContentType.Cert)); Assert.That(cer.HasPrivateKey, Is.False); // sign data var signer = (RSA)pfx.PrivateKey; var signature = signer.SignData(Constants.PlainBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); // verify data var verifier = (RSA)cer.PublicKey.Key; var isVerified = verifier.VerifyData(Constants.PlainBytes, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); Assert.That(isVerified, Is.True); // don't verify tampered with data isVerified = verifier.VerifyData(Constants.DifferentPlainBytes, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); Assert.That(isVerified, Is.False); }
public void Test() { var provider = new CertificateProvider(@"C:\Program Files (x86)\Fiddler2\makecert.exe"); provider.EnsureRootCertificate(); var certificate = provider.GetCertificateForHost("www.test3.com"); }
static Crt GetCACertificate(CertificateProvider cp, CertificateRequest certRequest) { var links = new LinkCollection(certRequest.Links); var upLink = links.GetFirstOrDefault("up"); var temporaryFileName = Path.GetTempFileName(); try { var uri = new Uri(new Uri(Program.GlobalConfiguration.AcmeServerBaseUri), upLink.Uri); TheWebClient.DownloadFile(uri, temporaryFileName); var cacert = new X509Certificate2(temporaryFileName); var serverSN = cacert.GetSerialNumberString(); using (Stream source = new FileStream(temporaryFileName, FileMode.Open)) { return(cp.ImportCertificate(EncodingFormat.DER, source)); } } finally { if (File.Exists(temporaryFileName)) { File.Delete(temporaryFileName); } } }
public void TestExportArchive() { using (var cp = CertificateProvider.GetProvider()) { var testPk = "CertificateProviderTests.key.json"; var testCert = "CertificateProviderTests-Certificate.pem"; var testIcaCert = "CertificateProviderTests-ICA-Certificate.pem"; PrivateKey pk; using (var s = new FileStream(testPk, FileMode.Open)) { pk = cp.LoadPrivateKey(s); } Crt cert; using (var s = new FileStream(testCert, FileMode.Open)) { cert = cp.ImportCertificate(EncodingFormat.PEM, s); } Crt icaCert; using (var s = new FileStream(testIcaCert, FileMode.Open)) { icaCert = cp.ImportCertificate(EncodingFormat.PEM, s); } using (var s = new MemoryStream()) { var certs = new[] { cert, icaCert }; cp.ExportArchive(pk, certs, ArchiveFormat.PKCS12, s); } } }
async public static Task <ProxySslRequest> For(ProxyRequest wrapperRequest, IRequestInspector wrapperRequestInspector) { if (_certProvider == null) { _certProvider = new CertificateProvider(MakeCertPath); _certProvider.EnsureRootCertificate(); } var sslRequest = new ProxySslRequest { WrapperRequest = wrapperRequest, ClientPid = wrapperRequest.ClientPid, ClientSocket = wrapperRequest.ClientSocket, ClientStream = wrapperRequest.ClientStream }; if (wrapperRequestInspector != null) { wrapperRequestInspector.OnTransferredToSecureRequest(sslRequest); } var hostName = sslRequest.GetHostName(); sslRequest._hostCert = _certProvider.GetCertificateForHost(hostName); var clientSsslStream = new SslStream(wrapperRequest.ClientStream, true, RemoteCertificateValidator, sslRequest.LocalCertificateSelector); await clientSsslStream.AuthenticateAsServerAsync(sslRequest._hostCert); sslRequest.SecureClientStream = clientSsslStream; sslRequest.ReadPrologue(); return(sslRequest); }
static void RetrieveCertificates(AcmeClient client, string api, string domain, string certificatesFolder, int certBits) { var cp = CertificateProvider.GetProvider(); var rsaPkp = new RsaPrivateKeyParams() { NumBits = certBits }; var rsaKeys = cp.GeneratePrivateKey(rsaPkp); var csrParams = new CsrParams { Details = new CsrDetails { CommonName = domain } }; var derRaw = default(byte[]); var csr = cp.GenerateCsr(csrParams, rsaKeys, Crt.MessageDigest.SHA256); using (var bs = new MemoryStream()) { cp.ExportCsr(csr, EncodingFormat.DER, bs); derRaw = bs.ToArray(); } var derB64U = JwsHelper.Base64UrlEncode(derRaw); var certRequ = client.RequestCertificate(derB64U); if (certRequ.StatusCode == HttpStatusCode.Created) { GenerateCertFiles(cp, rsaKeys, csr, certRequ, certificatesFolder, domain); } }
public void TestInitialize() { this.env = new Mock <IAppPathProvider>(); this.env.SetupGet(t => t.AppPath).Returns(Environment.CurrentDirectory); this.directory = new ActiveDirectory(); provider = new CertificateProvider(Mock.Of <ILogger <CertificateProvider> >(), directory, env.Object); }
private static CertificateProvider GetCP() { CertificateProvider.RegisterProvider <ACMESharp.PKI.Providers.OpenSslCliProvider>(); //CertificateProvider.RegisterProvider<ACMESharp.PKI.Providers.CertEnrollProvider>(); return(CertificateProvider.GetProvider()); }
public void Should_use_assigned_certificate() { var provider = new CertificateProvider(ClientCert); provider.Certificate.ShouldNotBeNull(); provider.Certificate.Thumbprint.ShouldBe(ClientCertThumbprint, StringCompareShould.IgnoreCase); }
public void Ocsp() { var caCertificate = CertificateProvider.GenerateCertificateAuthorityCertificate("Certificate Authority - Graham Miller"); var leafCertificate = CertificateProvider.GenerateSignedCertificateWithOcsp("Graham Miller", caCertificate); Verify(leafCertificate); }
static byte[] GenerateCSR(CertificateProvider provider, string hostName, List <string> alternativeNames, out PrivateKey privateKey) { var csrDetails = new CsrDetails { CommonName = hostName }; if (alternativeNames.Count > 0) { csrDetails.AlternativeNames = alternativeNames; } privateKey = provider.GeneratePrivateKey(new RsaPrivateKeyParams() { NumBits = Program.GlobalConfiguration.RSAKeyBits }); var csr = provider.GenerateCsr(new CsrParams { Details = csrDetails, }, privateKey, Crt.MessageDigest.SHA256); byte[] derRaw; using (var bs = new MemoryStream()) { provider.ExportCsr(csr, EncodingFormat.DER, bs); bs.Seek(0, SeekOrigin.Begin); derRaw = bs.ToArray(); } return(derRaw); }
public string GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp) { var linksEnum = certificate.Links; if (linksEnum != null) { var links = new LinkCollection(linksEnum); var upLink = links.GetFirstOrDefault("up"); if (upLink != null) { var tmp = Path.GetTempFileName(); try { using (var web = new WebClient()) { var uri = new Uri(new Uri(this.baseURI), upLink.Uri); web.DownloadFile(uri, tmp); } var cacert = new X509Certificate2(tmp); var sernum = cacert.GetSerialNumberString(); var tprint = cacert.Thumbprint; var sigalg = cacert.SignatureAlgorithm?.FriendlyName; var sigval = cacert.GetCertHashString(); var cacertDerFile = Path.Combine(configPath, $"ca-{sernum}-crt.der"); var cacertPemFile = Path.Combine(configPath, $"ca-{sernum}-crt.pem"); if (!File.Exists(cacertDerFile)) { File.Copy(tmp, cacertDerFile, true); } Console.WriteLine($" Saving Issuer Certificate to {cacertPemFile}"); Trace.TraceInformation("Saving Issuer Certificate to {0}", cacertPemFile); if (!File.Exists(cacertPemFile)) { using (FileStream source = new FileStream(cacertDerFile, FileMode.Open), target = new FileStream(cacertPemFile, FileMode.Create)) { var caCrt = cp.ImportCertificate(EncodingFormat.DER, source); cp.ExportCertificate(caCrt, EncodingFormat.PEM, target); } } return(cacertPemFile); } finally { if (File.Exists(tmp)) { File.Delete(tmp); } } } } return(null); }
static void ExportPem(CertificateProvider certProvider, IssuedCertificate certificate, string filePath) { using (var fileStream = File.Create(filePath)) { certProvider.ExportCertificate(certificate.PublicKey, EncodingFormat.PEM, fileStream); certProvider.ExportPrivateKey(certificate.PrivateKey, EncodingFormat.PEM, fileStream); } }
static string DownloadIssuerCertificate(CertificateProvider provider, CertificateRequest request, string api, string certificatesFolder) { var linksEnum = request.Links; var isuPemFile = string.Empty; if (linksEnum != null) { var links = new LinkCollection(linksEnum); var upLink = links.GetFirstOrDefault(SERVER_UP_STRING); if (upLink != null) { var temporaryFileName = Path.GetTempFileName(); try { using (var web = new WebClient()) { var apiUri = new Uri(new Uri(api), upLink.Uri); web.DownloadFile(apiUri, temporaryFileName); } var cacert = new X509Certificate2(temporaryFileName); var sernum = cacert.GetSerialNumberString(); var cacertDerFile = Path.Combine(certificatesFolder, $"ca-{sernum}-crt.der"); var cacertPemFile = Path.Combine(certificatesFolder, $"ca-{sernum}-crt.pem"); if (!File.Exists(cacertDerFile)) { File.Copy(temporaryFileName, cacertDerFile, true); } if (!File.Exists(cacertPemFile)) { using (FileStream source = new FileStream(cacertDerFile, FileMode.Open), target = new FileStream(cacertPemFile, FileMode.Create)) { var caCrt = provider.ImportCertificate(EncodingFormat.DER, source); provider.ExportCertificate(caCrt, EncodingFormat.PEM, target); } } isuPemFile = cacertPemFile; } finally { if (File.Exists(temporaryFileName)) { File.Delete(temporaryFileName); } } } } return(isuPemFile); }
/// <summary> /// Creates a new instance of an object. /// </summary> /// <param name="previous">Previous connection filter to apply.</param> public TlsFilter(IConnectionFilter previous = null) { if (previous == null) { previous = new NoOpConnectionFilter(); } this.Options = Service.Providers.Resolve <CertificateProvider>(); this.Previous = previous; }
private void TestImportCertificate(EncodingFormat fmt, string filePath) { using (var cp = CertificateProvider.GetProvider()) { using (var source = new FileStream(filePath, FileMode.Open)) { var crt = cp.ImportCertificate(fmt, source); } } }
private string GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp) { var linksEnum = certificate.Links; if (linksEnum != null) { var links = new LinkCollection(linksEnum); var upLink = links.GetFirstOrDefault("up"); if (upLink != null) { var tmp = Path.GetTempFileName(); try { using (var web = new WebClient()) { var uri = new Uri(new Uri(acmeUri), upLink.Uri); web.DownloadFile(uri, tmp); } var cacert = new X509Certificate2(tmp); var sernum = cacert.GetSerialNumberString(); var cacertDerFile = Path.Combine(certificatePath, $"ca-{sernum}-crt.der"); var cacertPemFile = Path.Combine(certificatePath, $"ca-{sernum}-crt.pem"); if (!File.Exists(cacertDerFile)) { File.Copy(tmp, cacertDerFile, true); } logger.Debug($"Saving Issuer Certificate to {cacertPemFile}"); if (!File.Exists(cacertPemFile)) { using (FileStream source = new FileStream(cacertDerFile, FileMode.Open), target = new FileStream(cacertPemFile, FileMode.Create)) { var caCrt = cp.ImportCertificate(EncodingFormat.DER, source); cp.ExportCertificate(caCrt, EncodingFormat.PEM, target); } } return(cacertPemFile); } finally { if (File.Exists(tmp)) { File.Delete(tmp); } } } } return(null); }
public static void GetCertificateUseCSR(CertificateGeneratorParam param) { if (param == null) { log.Info($" {nameof(param)} is null"); return; } var dnsIdentifier = DateTime.Now.ToString("yyyyMMddHHmmss"); var cp = CertificateProvider.GetProvider(); MemoryStream ms = new MemoryStream(Encoding.UTF8.GetBytes(param.csr)); var csr = cp.ImportCsr(EncodingFormat.PEM, ms); ms.Dispose(); byte[] derRaw; using (var bs = new MemoryStream()) { cp.ExportCsr(csr, EncodingFormat.DER, bs); derRaw = bs.ToArray(); } var derB64u = JwsHelper.Base64UrlEncode(derRaw); log.Info($"\nRequesting Certificate"); var certRequ = param.client.RequestCertificate(derB64u); log.Info($" Request Status: {certRequ.StatusCode}"); if (certRequ.StatusCode == System.Net.HttpStatusCode.Created) { var csrPemFile = Path.Combine(param.path, $"{dnsIdentifier}-csr.pem"); var crtDerFile = Path.Combine(param.path, $"{dnsIdentifier}-crt.der"); var crtPemFile = Path.Combine(param.path, $"{dnsIdentifier}-crt.pem"); using (var fs = new FileStream(csrPemFile, FileMode.Create)) cp.ExportCsr(csr, EncodingFormat.PEM, fs); log.Info($" Saving Certificate to {crtDerFile}"); using (var file = File.Create(crtDerFile)) certRequ.SaveCertificate(file); Crt crt; using (FileStream source = new FileStream(crtDerFile, FileMode.Open), target = new FileStream(crtPemFile, FileMode.Create)) { crt = cp.ImportCertificate(EncodingFormat.DER, source); cp.ExportCertificate(crt, EncodingFormat.PEM, target); } cp.Dispose(); return; } throw new Exception($"Request status = {certRequ.StatusCode}"); }
static void ExportPfx(CertificateProvider certProvider, IssuedCertificate certificate, string filePath) { using (var fileStream = File.Create(filePath)) { certProvider.ExportArchive( certificate.PrivateKey, new[] { certificate.PublicKey, certificate.CAPublicKey }, ArchiveFormat.PKCS12, fileStream); } }
private string GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp) { var linksEnum = certificate.Links; if (linksEnum == null) { return(null); } LinkCollection links = new LinkCollection(linksEnum); Link upLink = links.GetFirstOrDefault("up"); if (upLink == null) { return(null); } string temporaryFileName = Path.GetTempFileName(); try { using (WebClient web = new WebClient()) { Uri uri = new Uri(new Uri(_options.BaseUri), upLink.Uri); web.DownloadFile(uri, temporaryFileName); } X509Certificate2 cacert = new X509Certificate2(temporaryFileName); string sernum = cacert.GetSerialNumberString(); string cacertDerFile = Path.Combine(_options.CertificateFolder, $"ca-{sernum}-crt.der"); string cacertPemFile = Path.Combine(_options.CertificateFolder, $"ca-{sernum}-crt.pem"); File.Copy(temporaryFileName, cacertDerFile, true); Log.Information($"Saving Issuer Certificate to {cacertPemFile}"); using (FileStream source = new FileStream(cacertDerFile, FileMode.Open), target = new FileStream(cacertPemFile, FileMode.Create)) { Crt caCrt = cp.ImportCertificate(EncodingFormat.DER, source); cp.ExportCertificate(caCrt, EncodingFormat.PEM, target); } return(cacertPemFile); } finally { if (File.Exists(temporaryFileName)) { File.Delete(temporaryFileName); } } }
/// <summary> /// Get the certificate signing request /// </summary> /// <param name="cp"></param> /// <param name="target"></param> /// <param name="identifiers"></param> /// <param name="rsaPk"></param> /// <returns></returns> private Csr GetCsr(CertificateProvider cp, List <string> identifiers, PrivateKey rsaPk) { var csr = cp.GenerateCsr(new CsrParams { Details = new CsrDetails() { CommonName = identifiers.FirstOrDefault(), AlternativeNames = identifiers } }, rsaPk, Crt.MessageDigest.SHA256); return(csr); }
public static void Export(CertificateProvider certProvider, IssuedCertificate certificate, CertOutputType outType, string filePath) { switch (outType) { case CertOutputType.Pfx: ExportPfx(certProvider, certificate, filePath); break; case CertOutputType.Pem: ExportPem(certProvider, certificate, filePath); break; } }
public IRestClient AddClientAuthentication(IRestClient client) { if (client.ClientCertificates == null) { client.ClientCertificates = new X509CertificateCollection(); } var clientCertificate = CertificateProvider.GetCertificate(_certificate, _privateKey, _password); client.ClientCertificates.Add(clientCertificate); return(client); }
private void RegisterDependencies(IServiceCollection services) { services.AddSimpleIdentityServerWebSite(opt => { opt.IsHttpsAuthentication = true; opt.IsCertificateSelfSigned = true; opt.Certificate = CertificateProvider.Get(); opt.DockerApiUri = new Uri(_simpleIdentityServerOptions.DockerApiUrl); }); var endPointConfiguration = new EndPointConfiguration(_simpleIdentityServerOptions.InstancePatternUrl); services.AddInstance <IEndPointConfiguration>(endPointConfiguration); services.AddSimpleIdentityServerEf(_simpleIdentityServerOptions.ConnectionString); }
internal static X509Certificate2Collection GetClientCertificates(ConnectionParameters parameters) { if (parameters.ClientCertificate == null) { return(null); } var clientCertificateCollection = new X509Certificate2Collection(); var certificate = (X509Certificate2)CertificateProvider.GetCertificate(parameters.ClientCertificate); clientCertificateCollection.Add(certificate); return(clientCertificateCollection); }
private void TestExportCertificate(EncodingFormat fmt, string filePath) { using (var cp = CertificateProvider.GetProvider()) { using (var source = new FileStream(filePath, FileMode.Open)) { var crt = cp.ImportCertificate(fmt, source); using (var target = new MemoryStream()) { cp.ExportCertificate(crt, fmt, target); } } } }
protected override void Initialize() { var endpoint = GetEndPoint(); if (!IPAddress.IsLoopback(endpoint.Address) && endpoint.Address != IPAddress.Any) { throw new InvalidOperationException(); } string password; var data = CertificateProvider.GetRawCertificateData(Certificate, out password); openssl.SetCertificate(data, password); openssl.Bind(endpoint); }
/// <summary> /// Get the certificate signing request /// </summary> /// <param name="cp"></param> /// <param name="target"></param> /// <param name="identifiers"></param> /// <param name="rsaPk"></param> /// <returns></returns> private Csr GetCsr(CertificateProvider cp, List<string> identifiers, PrivateKey rsaPk, string commonName = null) { if (commonName != null && !identifiers.Contains(commonName, StringComparer.InvariantCultureIgnoreCase)) { _log.Warning($"{nameof(commonName)} '{commonName}' provided for CSR generation is invalid. It has to be part of the {nameof(identifiers)}."); commonName = null; } var csr = cp.GenerateCsr(new CsrParams { Details = new CsrDetails() { CommonName = commonName ?? identifiers.FirstOrDefault(), AlternativeNames = identifiers } }, rsaPk, Crt.MessageDigest.SHA256); return csr; }
public static string GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp) { var linksEnum = certificate.Links; if (linksEnum != null) { var links = new LinkCollection(linksEnum); var upLink = links.GetFirstOrDefault("up"); if (upLink != null) { var tmp = Path.GetTempFileName(); try { using (var web = new WebClient()) { var uri = new Uri(new Uri(BaseURI), upLink.Uri); web.DownloadFile(uri, tmp); } var cacert = new X509Certificate2(tmp); var sernum = cacert.GetSerialNumberString(); var tprint = cacert.Thumbprint; var sigalg = cacert.SignatureAlgorithm?.FriendlyName; var sigval = cacert.GetCertHashString(); var cacertDerFile = Path.Combine(certificatePath, $"ca-{sernum}-crt.der"); var cacertPemFile = Path.Combine(certificatePath, $"ca-{sernum}-crt.pem"); if (!File.Exists(cacertDerFile)) File.Copy(tmp, cacertDerFile, true); Console.WriteLine($" Saving Issuer Certificate to {cacertPemFile}"); Log.Information("Saving Issuer Certificate to {cacertPemFile}", cacertPemFile); if (!File.Exists(cacertPemFile)) using (FileStream source = new FileStream(cacertDerFile, FileMode.Open), target = new FileStream(cacertPemFile, FileMode.Create)) { var caCrt = cp.ImportCertificate(EncodingFormat.DER, source); cp.ExportCertificate(caCrt, EncodingFormat.PEM, target); } return cacertPemFile; } finally { if (File.Exists(tmp)) File.Delete(tmp); } } } return null; }
private static void HandleSslConnect(ConnectToRemoteState state) { var connectStreamWriter = new StreamWriter(state.ClientStream); connectStreamWriter.WriteLine("HTTP/1.0 200 Connection established"); connectStreamWriter.WriteLine("Timestamp: {0}", DateTime.Now); connectStreamWriter.WriteLine("Proxy-agent: GOS Proxy Service"); connectStreamWriter.WriteLine(); connectStreamWriter.Flush(); var sslStream = new SslStream(state.ClientStream, false); try { var certProvider = new CertificateProvider(); bool created; var certificate = certProvider.LoadOrCreateCertificate(state.RemoteHost, out created); sslStream.AuthenticateAsServer(certificate, false, SslProtocols.Tls | SslProtocols.Ssl3 | SslProtocols.Ssl2, true); } catch (Exception ex) { WriteLog(state.Session, 0, "ERR", ex.Message); sslStream.Close(); state.ClientStream.Close(); connectStreamWriter.Close(); return; } var nstate = new ClientConnectionState { Session = state.Session, Client = state.Client, ClientStream = sslStream, ClientStreamBase = (NetworkStream)state.ClientStream, Buffer = new byte[Globals.BufferSize], MessageStream = new MemoryStream(), IsSsl = true, }; try { sslStream.BeginRead(nstate.Buffer, 0, nstate.Buffer.Length, ReadFromClient.Run, nstate); } catch (Exception ex) { WriteLog(state.Session, 0, "ERR", ex.Message); sslStream.Close(); state.ClientStream.Close(); } }