public override void PerformTest()
{
string pseudonym = "pseudonym";
DirectoryString surname = new DirectoryString("surname");
Asn1Sequence givenName = new DerSequence(new DirectoryString("givenName"));
NameOrPseudonym id = new NameOrPseudonym(pseudonym);
checkConstruction(id, pseudonym, null, null);
id = new NameOrPseudonym(surname, givenName);
checkConstruction(id, null, surname, givenName);
id = NameOrPseudonym.GetInstance(null);
if (id != null)
{
Fail("null GetInstance() failed.");
}
try
{
NameOrPseudonym.GetInstance(new Object());
Fail("GetInstance() failed to detect bad object.");
}
catch (ArgumentException)
{
// expected
}
}
public override void PerformTest()
{
GeneralName name = new GeneralName(new X509Name("CN=hello world"));
Asn1Sequence admissions = new DerSequence(
new Admissions(name,
new NamingAuthority(new DerObjectIdentifier("1.2.3"), "url", new DirectoryString("fred")),
new ProfessionInfo[0]));
AdmissionSyntax syntax = new AdmissionSyntax(name, admissions);
checkConstruction(syntax, name, admissions);
syntax = AdmissionSyntax.GetInstance(null);
if (syntax != null)
{
Fail("null GetInstance() failed.");
}
try
{
AdmissionSyntax.GetInstance(new Object());
Fail("GetInstance() failed to detect bad object.");
}
catch (ArgumentException)
{
// expected
}
}
public TbsCertificateStructure GenerateTbsCertificate()
{
if ((serialNumber == null) || (signature == null)
|| (issuer == null) || (startDate == null) || (endDate == null)
|| (subject == null && !altNamePresentAndCritical)
|| (subjectPublicKeyInfo == null))
{
throw new InvalidOperationException("not all mandatory fields set in V3 TBScertificate generator");
}
DerSequence validity = new DerSequence(startDate, endDate); // before and after dates
Asn1EncodableVector v = new Asn1EncodableVector(
version, serialNumber, signature, issuer, validity);
if (subject != null)
{
v.Add(subject);
}
else
{
v.Add(DerSequence.Empty);
}
v.Add(subjectPublicKeyInfo);
if (issuerUniqueID != null)
{
v.Add(new DerTaggedObject(false, 1, issuerUniqueID));
}
if (subjectUniqueID != null)
{
v.Add(new DerTaggedObject(false, 2, subjectUniqueID));
}
if (extensions != null)
{
v.Add(new DerTaggedObject(3, extensions));
}
return new TbsCertificateStructure(new DerSequence(v));
}
public DeclarationOfMajority(
bool fullAge,
string country)
{
if (country.Length > 2)
throw new ArgumentException("country can only be 2 characters");
DerPrintableString countryString = new DerPrintableString(country, true);
DerSequence seq;
if (fullAge)
{
seq = new DerSequence(countryString);
}
else
{
seq = new DerSequence(DerBoolean.False, countryString);
}
this.declaration = new DerTaggedObject(false, 1, seq);
}
public void Save(
Stream stream,
char[] password,
SecureRandom random)
{
if (stream == null)
{
throw new ArgumentNullException("stream");
}
if (random == null)
{
throw new ArgumentNullException("random");
}
//
// handle the keys
//
Asn1EncodableVector keyBags = new Asn1EncodableVector();
foreach (string name in keys.Keys)
{
byte[] kSalt = new byte[SaltSize];
random.NextBytes(kSalt);
AsymmetricKeyEntry privKey = (AsymmetricKeyEntry)keys[name];
DerObjectIdentifier bagOid;
Asn1Encodable bagData;
if (password == null)
{
bagOid = PkcsObjectIdentifiers.KeyBag;
bagData = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privKey.Key);
}
else
{
bagOid = PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag;
bagData = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(
keyAlgorithm, password, kSalt, MinIterations, privKey.Key);
}
Asn1EncodableVector kName = new Asn1EncodableVector();
foreach (string oid in privKey.BagAttributeKeys)
{
Asn1Encodable entry = privKey[oid];
// NB: Ignore any existing FriendlyName
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id))
{
continue;
}
kName.Add(
new DerSequence(
new DerObjectIdentifier(oid),
new DerSet(entry)));
}
//
// make sure we are using the local alias on store
//
// NB: We always set the FriendlyName based on 'name'
//if (privKey[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null)
{
kName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtFriendlyName,
new DerSet(new DerBmpString(name))));
}
//
// make sure we have a local key-id
//
if (privKey[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null)
{
X509CertificateEntry ct = GetCertificate(name);
AsymmetricKeyParameter pubKey = ct.Certificate.GetPublicKey();
SubjectKeyIdentifier subjectKeyID = CreateSubjectKeyID(pubKey);
kName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtLocalKeyID,
new DerSet(subjectKeyID)));
}
keyBags.Add(new SafeBag(bagOid, bagData.ToAsn1Object(), new DerSet(kName)));
}
byte[] keyBagsEncoding = new DerSequence(keyBags).GetDerEncoded();
ContentInfo keysInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(keyBagsEncoding));
//
// certificate processing
//
byte[] cSalt = new byte[SaltSize];
random.NextBytes(cSalt);
Asn1EncodableVector certBags = new Asn1EncodableVector();
Pkcs12PbeParams cParams = new Pkcs12PbeParams(cSalt, MinIterations);
AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.ToAsn1Object());
ISet doneCerts = new HashSet();
foreach (string name in keys.Keys)
{
X509CertificateEntry certEntry = GetCertificate(name);
CertBag cBag = new CertBag(
PkcsObjectIdentifiers.X509Certificate,
new DerOctetString(certEntry.Certificate.GetEncoded()));
Asn1EncodableVector fName = new Asn1EncodableVector();
foreach (string oid in certEntry.BagAttributeKeys)
{
Asn1Encodable entry = certEntry[oid];
// NB: Ignore any existing FriendlyName
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id))
{
continue;
}
fName.Add(
new DerSequence(
new DerObjectIdentifier(oid),
new DerSet(entry)));
}
//
// make sure we are using the local alias on store
//
// NB: We always set the FriendlyName based on 'name'
//if (certEntry[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null)
{
fName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtFriendlyName,
new DerSet(new DerBmpString(name))));
}
//
// make sure we have a local key-id
//
if (certEntry[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null)
{
AsymmetricKeyParameter pubKey = certEntry.Certificate.GetPublicKey();
SubjectKeyIdentifier subjectKeyID = CreateSubjectKeyID(pubKey);
fName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtLocalKeyID,
new DerSet(subjectKeyID)));
}
certBags.Add(new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName)));
doneCerts.Add(certEntry.Certificate);
}
foreach (string certId in certs.Keys)
{
X509CertificateEntry cert = (X509CertificateEntry)certs[certId];
if (keys[certId] != null)
{
continue;
}
CertBag cBag = new CertBag(
PkcsObjectIdentifiers.X509Certificate,
new DerOctetString(cert.Certificate.GetEncoded()));
Asn1EncodableVector fName = new Asn1EncodableVector();
foreach (string oid in cert.BagAttributeKeys)
{
// a certificate not immediately linked to a key doesn't require
// a localKeyID and will confuse some PKCS12 implementations.
//
// If we find one, we'll prune it out.
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id))
{
continue;
}
Asn1Encodable entry = cert[oid];
// NB: Ignore any existing FriendlyName
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id))
{
continue;
}
fName.Add(
new DerSequence(
new DerObjectIdentifier(oid),
new DerSet(entry)));
}
//
// make sure we are using the local alias on store
//
// NB: We always set the FriendlyName based on 'certId'
//if (cert[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null)
{
fName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtFriendlyName,
new DerSet(new DerBmpString(certId))));
}
certBags.Add(new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName)));
doneCerts.Add(cert.Certificate);
}
foreach (CertId certId in chainCerts.Keys)
{
X509CertificateEntry cert = (X509CertificateEntry)chainCerts[certId];
if (doneCerts.Contains(cert.Certificate))
{
continue;
}
CertBag cBag = new CertBag(
PkcsObjectIdentifiers.X509Certificate,
new DerOctetString(cert.Certificate.GetEncoded()));
Asn1EncodableVector fName = new Asn1EncodableVector();
foreach (string oid in cert.BagAttributeKeys)
{
// a certificate not immediately linked to a key doesn't require
// a localKeyID and will confuse some PKCS12 implementations.
//
// If we find one, we'll prune it out.
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id))
{
continue;
}
fName.Add(
new DerSequence(
new DerObjectIdentifier(oid),
new DerSet(cert[oid])));
}
certBags.Add(new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName)));
}
byte[] certBagsEncoding = new DerSequence(certBags).GetDerEncoded();
ContentInfo certsInfo;
if (password == null)
{
certsInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(certBagsEncoding));
}
else
{
byte[] certBytes = CryptPbeData(true, cAlgId, password, false, certBagsEncoding);
EncryptedData cInfo = new EncryptedData(PkcsObjectIdentifiers.Data, cAlgId, new BerOctetString(certBytes));
certsInfo = new ContentInfo(PkcsObjectIdentifiers.EncryptedData, cInfo.ToAsn1Object());
}
ContentInfo[] info = new ContentInfo[] { keysInfo, certsInfo };
byte[] data = new AuthenticatedSafe(info).GetEncoded(
useDerEncoding ? Asn1Encodable.Der : Asn1Encodable.Ber);
ContentInfo mainInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(data));
//
// create the mac
//
MacData macData = null;
if (password != null)
{
byte[] mSalt = new byte[20];
random.NextBytes(mSalt);
byte[] mac = CalculatePbeMac(OiwObjectIdentifiers.IdSha1,
mSalt, MinIterations, password, false, data);
AlgorithmIdentifier algId = new AlgorithmIdentifier(
OiwObjectIdentifiers.IdSha1, DerNull.Instance);
DigestInfo dInfo = new DigestInfo(algId, mac);
macData = new MacData(dInfo, mSalt, MinIterations);
}
//
// output the Pfx
//
Pfx pfx = new Pfx(mainInfo, macData);
DerOutputStream derOut;
if (useDerEncoding)
{
derOut = new DerOutputStream(stream);
}
else
{
derOut = new BerOutputStream(stream);
}
derOut.WriteObject(pfx);
}
public static List <CertSimples> ListaCertificado(X509Certificate2Collection Certificados)
{
List <CertSimples> oLista = new List <CertSimples>();
for (int i = 0; i < Certificados.Count; i++)
{
X509Certificate2 oCertificado = Certificados[i];
CertSimples oCert = new CertSimples();
oCert.SerialNumber = oCertificado.SerialNumber;
oCert.Subject = oCertificado.Subject;
try
{
string[] DadosSubject = oCertificado.Subject.Split(',');
if (DadosSubject[0].IndexOf(":") > -1)
{
oCert.Nome = DadosSubject[0].Substring(3, DadosSubject[0].IndexOf(":") - 3);
}
else
{
oCert.Nome = DadosSubject[0].Substring(3);
}
}
catch (Exception ex)
{
oCert.Nome = oCert.Subject;
}
foreach (var obj in oCertificado.Extensions)
{
if (obj.Oid.Value == "2.5.29.17") //otherName
{
byte[] Dados = obj.RawData;
Stream sm = new MemoryStream(Dados);
// StreamReader oSr = new StreamReader(sm);
//string teste = System.Text.Encoding.ASCII.GetString(Dados);
DerSequence otherName = (DerSequence)Asn1Object.FromStream(sm);
var objCollection = otherName.GetEnumerator();
while (objCollection.MoveNext())
{
Org.BouncyCastle.Asn1.DerTaggedObject iSub = (Org.BouncyCastle.Asn1.DerTaggedObject)objCollection.Current;
Asn1Object derObject = iSub.GetObject();
if (derObject.GetType().Name.Contains("DerSequence"))
{
var objSubCollection = ((DerSequence)derObject).GetEnumerator();
byte count = 0;
string strOID = "";
DerOctetString strOctet;// = (DerOctetString)derObject;
string strTexto = "";
while (objSubCollection.MoveNext())
{
var Conteudo = objSubCollection.Current;
if (count == 0)
{
strOID = Conteudo.ToString();
}
else
{
Org.BouncyCastle.Asn1.DerTaggedObject subCampos = (Org.BouncyCastle.Asn1.DerTaggedObject)Conteudo;
Asn1Object derSub = subCampos.GetObject();
try
{
if (derSub.GetType().Name.Contains("DerOctetString"))
{
strOctet = (DerOctetString)derSub;
byte[] Texto = strOctet.GetOctets();
strTexto = System.Text.Encoding.ASCII.GetString(Texto);
}
else
{
DerPrintableString strPtrString = (DerPrintableString)derSub;
strTexto = strPtrString.GetString();
}
}
catch (Exception ex)
{
strTexto = derSub.ToString();
}
}
count++;
}
if (strOID == "2.16.76.1.3.1") //PESSOA FÍSICA
{
//i· OID = 2.16.76.1.3.1 e conteúdo = nas primeiras 8(oito) posições, a data de nascimento do titular, no formato ddmmaaaa; nas 11(onze) posições subseqüentes, o Cadastro de Pessoa Física(CPF) do titular; nas 11(onze) posições subseqüentes, o Número de Identificação Social – NIS(PIS, PASEP ou CI); nas 15(quinze) posições subseqüentes, o número do Registro Geral(RG) do titular; nas 10(dez) posições subseqüentes, as siglas do órgão expedidor do RG e respectiva unidade da federação;
try
{
oCert.DataNascimento = strTexto.Substring(0, 8);
oCert.CPF = strTexto.Substring(8, 11);
oCert.NIS = strTexto.Substring(19, 11);
oCert.RG = strTexto.Substring(30, 15);
oCert.OrgaoExpedidor = strTexto.Substring(45);
oCert.Tipo = "F";
}
catch (Exception ex)
{
throw new Exception("Erro na leitura da OID=2.16.76.1.3.1:" + ex.Message, ex);
}
}
else if (strOID == "2.16.76.1.3.6") //PESSOA FÍSICA
{
//ii· OID = 2.16.76.1.3.6 e conteúdo = nas 12 (doze) posições o número do Cadastro Específico do INSS (CEI) da pessoa física titular do certificado;
}
else if (strOID == "2.16.76.1.3.6") //PESSOA FÍSICA
{
try
{
//iii· OID = 2.16.76.1.3.5 e conteúdo nas primeiras 12(doze) posições, o número de inscrição do Título de Eleitor; nas 3(três) posições subseqüentes, a Zona Eleitoral; nas 4(quatro) posições seguintes, a Seção; nas 22(vinte e duas) posições subseqüentes, o município e a UF do Título de Eleitor.
oCert.TituloEleitor = strTexto.Substring(0, 12);
oCert.ZonaEleitoral = strTexto.Substring(12, 3);
oCert.SecaoEleitoral = strTexto.Substring(15, 4);
oCert.MunicipioEleitoral = strTexto.Substring(19, 22);
}
catch (Exception ex)
{
throw new Exception("Erro na leitura da OID=2.16.76.1.3.6:" + ex.Message, ex);
}
}
else if (strOID == "2.16.76.1.4.2.1.1")
{
try
{
oCert.OAB = strTexto;
}
catch (Exception ex)
{
throw new Exception("Erro na leitura da OID=2.16.76.1.4.2.1.1:" + ex.Message, ex);
}
}
else if (strOID == "2.16.76.1.3.4") //PESSOA JURÍDICA
{
try
{
oCert.Tipo = "J";
//i· OID = 2.16.76.1.3.4 e conteúdo = nas primeiras 8(oito) posições, a data de nascimento do responsável pelo certificado, no formato ddmmaaaa; nas 11(onze) posições subseqüentes, o Cadastro de Pessoa Física(CPF) do responsável; nas 11(onze) posições subseqüentes, o Número de Identificação Social – NIS(PIS, PASEP ou CI); nas 15(quinze) posições subseqüentes, o número do Registro Geral(RG) do responsável; nas 10(dez) posições subseqüentes, as siglas do órgão expedidor do RG e respectiva Unidade da Federação;
oCert.DataNascimento = strTexto.Substring(0, 8);
oCert.CPF = strTexto.Substring(8, 11);
try
{
oCert.NIS = strTexto.Substring(19, 11);
oCert.RG = strTexto.Substring(30, 15);
oCert.OrgaoExpedidor = strTexto.Substring(45, 10);
}
catch (Exception ex)
{ }
}
catch (Exception ex)
{
throw new Exception("Erro na leitura da OID=2.16.76.1.3.4:" + strTexto + "." + ex.Message, ex);
}
}
else if (strOID == "2.16.76.1.3.2") //PESSOA JURÍDICA
{
//ii· OID = 2.16.76.1.3.2 e conteúdo = nome do responsável pelo certificado;
try
{
oCert.NomeResponsavel = strTexto;
}
catch (Exception ex)
{
throw new Exception("Erro na leitura da OID=2.16.76.1.3.2:" + ex.Message, ex);
}
}
else if (strOID == "2.16.76.1.3.3") //PESSOA JURÍDICA
{
//iii· OID = 2.16.76.1.3.3 e conteúdo = nas 14(quatorze) posições o número do Cadastro Nacional de Pessoa Jurídica(CNPJ) da pessoa jurídica titular do certificado;
try
{
oCert.CNPJ = strTexto;
}
catch (Exception ex)
{
throw new Exception("Erro na leitura da OID=2.16.76.1.3.3:" + ex.Message, ex);
}
}
else if (strOID == "2.16.76.1.3.7") //PESSOA JURÍDICA
{
//iv. OID = 2.16.76.1.3.7 e conteúdo = nas 12 (doze) posições o número do Cadastro Específico do INSS (CEI) da pessoa jurídica titular do certificado.
}
count = 0;
}
else
{
//i. rfc822Name contendo o endereço e-mail do titular do certificado.
if (derObject.GetType().Name == "DerOctetString")
{
DerOctetString strOctet = (DerOctetString)derObject;
byte[] Texto = strOctet.GetOctets();
string strTexto = System.Text.Encoding.ASCII.GetString(Texto);
oCert.Email = strTexto;
}
else
{
string texto = derObject.GetType().Name;
}
}
}
sm.Close();
}
}
oCert.Certificado = oCertificado;
oLista.Add(oCert);
}
return(oLista);
}
internal static void PrepareNextCertB1(
int i,
IList[] policyNodes,
string id_p,
IDictionary m_idp,
X509Certificate cert)
{
bool idp_found = false;
IEnumerator nodes_i = policyNodes[i].GetEnumerator();
while (nodes_i.MoveNext())
{
PkixPolicyNode node = (PkixPolicyNode)nodes_i.Current;
if (node.ValidPolicy.Equals(id_p))
{
idp_found = true;
node.ExpectedPolicies = (ISet)m_idp[id_p];
break;
}
}
if (!idp_found)
{
nodes_i = policyNodes[i].GetEnumerator();
while (nodes_i.MoveNext())
{
PkixPolicyNode node = (PkixPolicyNode)nodes_i.Current;
if (ANY_POLICY.Equals(node.ValidPolicy))
{
ISet pq = null;
Asn1Sequence policies = null;
try
{
policies = DerSequence.GetInstance(GetExtensionValue(cert, X509Extensions.CertificatePolicies));
}
catch (Exception e)
{
throw new Exception("Certificate policies cannot be decoded.", e);
}
IEnumerator enm = policies.GetEnumerator();
while (enm.MoveNext())
{
PolicyInformation pinfo = null;
try
{
pinfo = PolicyInformation.GetInstance(enm.Current);
}
catch (Exception ex)
{
throw new Exception("Policy information cannot be decoded.", ex);
}
if (ANY_POLICY.Equals(pinfo.PolicyIdentifier.Id))
{
try
{
pq = GetQualifierSet(pinfo.PolicyQualifiers);
}
catch (PkixCertPathValidatorException ex)
{
throw new PkixCertPathValidatorException(
"Policy qualifier info set could not be built.", ex);
}
break;
}
}
bool ci = false;
ISet critExtOids = cert.GetCriticalExtensionOids();
if (critExtOids != null)
{
ci = critExtOids.Contains(X509Extensions.CertificatePolicies.Id);
}
PkixPolicyNode p_node = (PkixPolicyNode)node.Parent;
if (ANY_POLICY.Equals(p_node.ValidPolicy))
{
PkixPolicyNode c_node = new PkixPolicyNode(
BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateArrayList(), i,
(ISet)m_idp[id_p],
p_node, pq, id_p, ci);
p_node.AddChild(c_node);
policyNodes[i].Add(c_node);
}
break;
}
}
}
}
/// <summary>
/// Create a CSR and submit it to the Acme server for signing. Returns the certificate chain.
/// </summary>
/// <param name="domains">The list of domains that this certificate will be for. The first domain listed will be the CommonName.</param>
/// <param name="keyPair">The RSA key pair for signing the certificate request, this is the key that will be used in conjunction with the certificate.</param>
/// <returns>A tuple whose first value is the private key data and whose second value is a list of certificates. Everything is encoded in DER format, the first certificate is the signed certificate.</returns>
public Tuple <byte[], List <byte[]> > GetCertificate(ICollection <string> domains)
{
//
// Generate a new key for the certificate.
//
var generator = new RsaKeyPairGenerator();
generator.Init(new KeyGenerationParameters(new SecureRandom(), 2048));
var keyPair = generator.GenerateKeyPair();
var sig = new Asn1SignatureFactory("SHA256WITHRSA", keyPair.Private);
var commonName = new X509Name(new DerObjectIdentifier[] { X509Name.CN }, new string[] { domains.First() });
//
// Generate the list of subject alternative names.
//
List <GeneralName> names = new List <GeneralName>();
foreach (var domain in domains)
{
names.Add(new GeneralName(GeneralName.DnsName, domain));
}
var sanOctect = new DerOctetString(new GeneralNames(names.ToArray()));
var sanSequence = new DerSequence(X509Extensions.SubjectAlternativeName, sanOctect);
var extensionSet = new DerSet(new DerSequence(sanSequence));
var attributes = new DerSet(new DerSequence(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, extensionSet));
//
// Generate the CSR from all the data.
//
var csr = new Pkcs10CertificationRequest(sig, commonName, keyPair.Public, attributes, keyPair.Private);
var payload = new
{
resource = "new-cert",
csr = UrlBase64Encode(csr.GetDerEncoded())
};
var certificates = new List <X509Certificate>();
var certParser = new X509CertificateParser();
byte[] certData;
//
// Send the request and fetch the certificate data.
//
certData = SendMessage <byte[]>(Directory.NewCert, payload, GetNonce(), out WebHeaderCollection headers);
certificates.Add(certParser.ReadCertificate(certData));
//
// Fetch all the certificates in the chain.
//
foreach (var link in headers.GetValues("Link"))
{
var match = System.Text.RegularExpressions.Regex.Match(link, "\\<(.*)\\>;rel=\"(.*)\"");
if (match.Success && match.Groups[2].Value == "up")
{
certData = GetRequest <byte[]>(match.Groups[1].Value);
certificates.Add(certParser.ReadCertificate(certData));
}
}
var privateKeyData = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private).ToAsn1Object().GetDerEncoded();
var certificateData = certificates.Select(c => c.GetEncoded()).ToList();
return(new Tuple <byte[], List <byte[]> >(privateKeyData, certificateData));
}
/// <summary>
/// Generate a self signed certificate.
/// </summary>
/// <param name="subjectName"><see cref="Uri"/> object the subject name</param>
/// <param name="issuerName"> The name of the issuer </param>
/// <param name="issuerPrivKey"><see cref="AsymmetricKeyParameter"/> object of the issuer private key</param>
/// <param name="keyStrength">
/// The strength of thet key.
/// Default: 2048
/// </param>
/// <returns>
/// Returns a <see cref="X509Certificate2"/>instance of the certificate.
/// </returns>
private static X509Certificate2 GenerateSelfSignedCertificate(Uri subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey, int keyStrength = 2048)
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
const string signatureAlgorithm = "SHA256WithRSA";
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
// Issuer and Subject Name
var subjectDN = new X509Name($"CN=*.{subjectName.DnsSafeHost}, O={issuerName}, OU=Created by http://httplogger.net");
var issuerDN = new X509Name($"CN={issuerName}, O={issuerName}, OU=Created by http://httplogger.net");
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
var subjectAlternativeNames = new Asn1Encodable[]
{
new GeneralName(GeneralName.DnsName, $"{subjectName.DnsSafeHost}"),
new GeneralName(GeneralName.DnsName, $"*.{subjectName.DnsSafeHost}"),
};
var subjectAlternativeNamesExtension = new DerSequence(subjectAlternativeNames);
certificateGenerator.AddExtension(
X509Extensions.SubjectAlternativeName.Id, false, subjectAlternativeNamesExtension);
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
AsymmetricCipherKeyPair subjectKeyPair;
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Generating the Certificate
var issuerKeyPair = subjectKeyPair;
// selfsign certificate
var certificate = certificateGenerator.Generate(issuerPrivKey, random);
// correcponding private key
var info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
// merge into X509Certificate2
var x509 = new X509Certificate2(certificate.GetEncoded());
var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("malformed sequence in RSA private key");
}
var rsa = new RsaPrivateKeyStructure(seq);
var rsaparams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams);
AddCertificateToStore(x509, StoreName.My, StoreLocation.CurrentUser);
return(x509);
}
private BasicOcspResp GenerateResponse(
ISignatureFactory signatureCalculator,
X509Certificate[] chain,
DateTime producedAt)
{
AlgorithmIdentifier signingAlgID = (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails;
DerObjectIdentifier signingAlgorithm = signingAlgID.Algorithm;
Asn1EncodableVector responses = new Asn1EncodableVector();
foreach (ResponseObject respObj in list)
{
try
{
responses.Add(respObj.ToResponse());
}
catch (Exception e)
{
throw new OcspException("exception creating Request", e);
}
}
ResponseData tbsResp = new ResponseData(responderID.ToAsn1Object(), new DerGeneralizedTime(producedAt), new DerSequence(responses), responseExtensions);
DerBitString bitSig = null;
try
{
IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator();
byte[] encoded = tbsResp.GetDerEncoded();
streamCalculator.Stream.Write(encoded, 0, encoded.Length);
Platform.Dispose(streamCalculator.Stream);
bitSig = new DerBitString(((IBlockResult)streamCalculator.GetResult()).Collect());
}
catch (Exception e)
{
throw new OcspException("exception processing TBSRequest: " + e, e);
}
AlgorithmIdentifier sigAlgId = OcspUtilities.GetSigAlgID(signingAlgorithm);
DerSequence chainSeq = null;
if (chain != null && chain.Length > 0)
{
Asn1EncodableVector v = new Asn1EncodableVector();
try
{
for (int i = 0; i != chain.Length; i++)
{
v.Add(
X509CertificateStructure.GetInstance(
Asn1Object.FromByteArray(chain[i].GetEncoded())));
}
}
catch (IOException e)
{
throw new OcspException("error processing certs", e);
}
catch (CertificateEncodingException e)
{
throw new OcspException("error encoding certs", e);
}
chainSeq = new DerSequence(v);
}
return(new BasicOcspResp(new BasicOcspResponse(tbsResp, sigAlgId, bitSig, chainSeq)));
}
public void WriteObject(
object obj)
{
if (obj == null)
{
throw new ArgumentNullException("obj");
}
string type;
byte[] encoding;
if (obj is X509Certificate)
{
// TODO Should we prefer "X509 CERTIFICATE" here?
type = "CERTIFICATE";
try
{
encoding = ((X509Certificate)obj).GetEncoded();
}
catch (CertificateEncodingException e)
{
throw new IOException("Cannot Encode object: " + e.ToString());
}
}
else if (obj is X509Crl)
{
type = "X509 CRL";
try
{
encoding = ((X509Crl)obj).GetEncoded();
}
catch (CrlException e)
{
throw new IOException("Cannot Encode object: " + e.ToString());
}
}
else if (obj is AsymmetricCipherKeyPair)
{
WriteObject(((AsymmetricCipherKeyPair)obj).Private);
return;
}
else if (obj is AsymmetricKeyParameter)
{
AsymmetricKeyParameter akp = (AsymmetricKeyParameter)obj;
if (akp.IsPrivate)
{
PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(akp);
if (obj is RsaKeyParameters)
{
type = "RSA PRIVATE KEY";
encoding = info.PrivateKey.GetEncoded();
}
else if (obj is DsaPrivateKeyParameters)
{
type = "DSA PRIVATE KEY";
DsaParameter p = DsaParameter.GetInstance(info.AlgorithmID.Parameters);
BigInteger x = ((DsaPrivateKeyParameters)obj).X;
BigInteger y = p.G.ModPow(x, p.P);
// TODO Create an ASN1 object somewhere for this?
encoding = new DerSequence(
new DerInteger(0),
new DerInteger(p.P),
new DerInteger(p.Q),
new DerInteger(p.G),
new DerInteger(y),
new DerInteger(x)).GetEncoded();
}
else
{
throw new IOException("Cannot identify private key");
}
}
else
{
type = "PUBLIC KEY";
encoding = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(akp).GetDerEncoded();
}
}
else if (obj is IX509AttributeCertificate)
{
type = "ATTRIBUTE CERTIFICATE";
encoding = ((X509V2AttributeCertificate)obj).GetEncoded();
}
else if (obj is Pkcs10CertificationRequest)
{
type = "CERTIFICATE REQUEST";
encoding = ((Pkcs10CertificationRequest)obj).GetEncoded();
}
else if (obj is Asn1.Cms.ContentInfo)
{
type = "PKCS7";
encoding = ((Asn1.Cms.ContentInfo)obj).GetEncoded();
}
else
{
throw new ArgumentException("Object type not supported: " + obj.GetType().FullName, "obj");
}
WriteHeader(type);
WriteBase64Encoded(encoding);
WriteFooter(type);
}
internal RecipientInfo ToRecipientInfo(
KeyParameter key,
SecureRandom random)
{
byte[] keyBytes = key.GetKey();
if (pubKey != null)
{
IWrapper keyWrapper = Helper.CreateWrapper(keyEncAlg.ObjectID.Id);
keyWrapper.Init(true, new ParametersWithRandom(pubKey, random));
Asn1OctetString encKey = new DerOctetString(
keyWrapper.Wrap(keyBytes, 0, keyBytes.Length));
RecipientIdentifier recipId;
if (cert != null)
{
TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(cert.GetTbsCertificate()));
Asn1.Cms.IssuerAndSerialNumber encSid = new Asn1.Cms.IssuerAndSerialNumber(
tbs.Issuer, tbs.SerialNumber.Value);
recipId = new RecipientIdentifier(encSid);
}
else
{
recipId = new RecipientIdentifier(subKeyId);
}
return(new RecipientInfo(new KeyTransRecipientInfo(recipId, keyEncAlg, encKey)));
}
else if (originator != null)
{
IWrapper keyWrapper = Helper.CreateWrapper(
DerObjectIdentifier.GetInstance(
Asn1Sequence.GetInstance(keyEncAlg.Parameters)[0]).Id);
keyWrapper.Init(true, new ParametersWithRandom(secKey, random));
Asn1OctetString encKey = new DerOctetString(
keyWrapper.Wrap(keyBytes, 0, keyBytes.Length));
RecipientEncryptedKey rKey = new RecipientEncryptedKey(
new KeyAgreeRecipientIdentifier(
new Asn1.Cms.IssuerAndSerialNumber(
PrincipalUtilities.GetIssuerX509Principal(cert),
cert.SerialNumber)),
encKey);
return(new RecipientInfo(
new KeyAgreeRecipientInfo(originator, ukm, keyEncAlg, new DerSequence(rKey))));
}
else if (derivationAlg != null)
{
string rfc3211WrapperName = Helper.GetRfc3211WrapperName(secKeyAlgorithm);
IWrapper keyWrapper = Helper.CreateWrapper(rfc3211WrapperName);
// Note: In Java build, the IV is automatically generated in JCE layer
int ivLength = rfc3211WrapperName.StartsWith("DESEDE") ? 8 : 16;
byte[] iv = new byte[ivLength];
random.NextBytes(iv);
ICipherParameters parameters = new ParametersWithIV(secKey, iv);
keyWrapper.Init(true, new ParametersWithRandom(parameters, random));
Asn1OctetString encKey = new DerOctetString(
keyWrapper.Wrap(keyBytes, 0, keyBytes.Length));
// byte[] iv = keyWrapper.GetIV();
DerSequence seq = new DerSequence(
new DerObjectIdentifier(secKeyAlgorithm),
new DerOctetString(iv));
keyEncAlg = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdAlgPwriKek, seq);
return(new RecipientInfo(new PasswordRecipientInfo(derivationAlg, keyEncAlg, encKey)));
}
else
{
IWrapper keyWrapper = Helper.CreateWrapper(keyEncAlg.ObjectID.Id);
keyWrapper.Init(true, new ParametersWithRandom(secKey, random));
Asn1OctetString encKey = new DerOctetString(
keyWrapper.Wrap(keyBytes, 0, keyBytes.Length));
return(new RecipientInfo(new KekRecipientInfo(secKeyId, keyEncAlg, encKey)));
}
}
public X9Curve(
X9FieldID fieldID,
BigInteger order,
BigInteger cofactor,
Asn1Sequence seq)
{
if (fieldID == null)
{
throw new ArgumentNullException("fieldID");
}
if (seq == null)
{
throw new ArgumentNullException("seq");
}
this.fieldIdentifier = fieldID.Identifier;
if (fieldIdentifier.Equals(X9ObjectIdentifiers.PrimeField))
{
BigInteger p = ((DerInteger)fieldID.Parameters).Value;
BigInteger A = new BigInteger(1, Asn1OctetString.GetInstance(seq[0]).GetOctets());
BigInteger B = new BigInteger(1, Asn1OctetString.GetInstance(seq[1]).GetOctets());
curve = new FpCurve(p, A, B, order, cofactor);
}
else if (fieldIdentifier.Equals(X9ObjectIdentifiers.CharacteristicTwoField))
{
// Characteristic two field
DerSequence parameters = (DerSequence)fieldID.Parameters;
int m = ((DerInteger)parameters[0]).IntValueExact;
DerObjectIdentifier representation = (DerObjectIdentifier)parameters[1];
int k1 = 0;
int k2 = 0;
int k3 = 0;
if (representation.Equals(X9ObjectIdentifiers.TPBasis))
{
// Trinomial basis representation
k1 = ((DerInteger)parameters[2]).IntValueExact;
}
else
{
// Pentanomial basis representation
DerSequence pentanomial = (DerSequence)parameters[2];
k1 = ((DerInteger)pentanomial[0]).IntValueExact;
k2 = ((DerInteger)pentanomial[1]).IntValueExact;
k3 = ((DerInteger)pentanomial[2]).IntValueExact;
}
BigInteger A = new BigInteger(1, Asn1OctetString.GetInstance(seq[0]).GetOctets());
BigInteger B = new BigInteger(1, Asn1OctetString.GetInstance(seq[1]).GetOctets());
curve = new F2mCurve(m, k1, k2, k3, A, B, order, cofactor);
}
else
{
throw new ArgumentException("This type of ECCurve is not implemented");
}
if (seq.Count == 3)
{
seed = ((DerBitString)seq[2]).GetBytes();
}
}
public TbsCertificateStructure GenerateTbsCertificate()
{
if (this.serialNumber == null || this.signature == null || this.issuer == null || this.startDate == null || this.endDate == null || (this.subject == null && !this.altNamePresentAndCritical) || this.subjectPublicKeyInfo == null)
{
throw new InvalidOperationException("not all mandatory fields set in V3 TBScertificate generator");
}
DerSequence derSequence = new DerSequence(new Asn1Encodable[]
{
this.startDate,
this.endDate
});
Asn1EncodableVector asn1EncodableVector = new Asn1EncodableVector(new Asn1Encodable[]
{
this.version,
this.serialNumber,
this.signature,
this.issuer,
derSequence
});
if (this.subject != null)
{
asn1EncodableVector.Add(new Asn1Encodable[]
{
this.subject
});
}
else
{
asn1EncodableVector.Add(new Asn1Encodable[]
{
DerSequence.Empty
});
}
asn1EncodableVector.Add(new Asn1Encodable[]
{
this.subjectPublicKeyInfo
});
if (this.issuerUniqueID != null)
{
asn1EncodableVector.Add(new Asn1Encodable[]
{
new DerTaggedObject(false, 1, this.issuerUniqueID)
});
}
if (this.subjectUniqueID != null)
{
asn1EncodableVector.Add(new Asn1Encodable[]
{
new DerTaggedObject(false, 2, this.subjectUniqueID)
});
}
if (this.extensions != null)
{
asn1EncodableVector.Add(new Asn1Encodable[]
{
new DerTaggedObject(3, this.extensions)
});
}
return(new TbsCertificateStructure(new DerSequence(asn1EncodableVector)));
}
public override void PerformTest()
{
DerUtf8String countryName = new DerUtf8String("Australia");
SignerLocation sl = new SignerLocation(countryName, null, null);
CheckConstruction(sl, DirectoryString.GetInstance(countryName), null, null);
DerUtf8String localityName = new DerUtf8String("Melbourne");
sl = new SignerLocation(null, localityName, null);
CheckConstruction(sl, null, DirectoryString.GetInstance(localityName), null);
sl = new SignerLocation(countryName, localityName, null);
CheckConstruction(sl, DirectoryString.GetInstance(countryName), DirectoryString.GetInstance(localityName), null);
Asn1Sequence postalAddress = new DerSequence(
new DerUtf8String("line 1"),
new DerUtf8String("line 2"));
sl = new SignerLocation(null, null, postalAddress);
CheckConstruction(sl, null, null, postalAddress);
sl = new SignerLocation(countryName, null, postalAddress);
CheckConstruction(sl, DirectoryString.GetInstance(countryName), null, postalAddress);
sl = new SignerLocation(countryName, localityName, postalAddress);
CheckConstruction(sl, DirectoryString.GetInstance(countryName), DirectoryString.GetInstance(localityName), postalAddress);
sl = SignerLocation.GetInstance(null);
if (sl != null)
{
Fail("null GetInstance() failed.");
}
try
{
SignerLocation.GetInstance(new object());
Fail("GetInstance() failed to detect bad object.");
}
catch (ArgumentException)
{
// expected
}
//
// out of range postal address
//
postalAddress = new DerSequence(
new DerUtf8String("line 1"),
new DerUtf8String("line 2"),
new DerUtf8String("line 3"),
new DerUtf8String("line 4"),
new DerUtf8String("line 5"),
new DerUtf8String("line 6"),
new DerUtf8String("line 7"));
try
{
new SignerLocation(null, null, postalAddress);
Fail("constructor failed to detect bad postalAddress.");
}
catch (ArgumentException)
{
// expected
}
try
{
new SignerLocation(new DerSequence(new DerTaggedObject(2, postalAddress)));
Fail("sequence constructor failed to detect bad postalAddress.");
}
catch (ArgumentException)
{
// expected
}
try
{
new SignerLocation(new DerSequence(new DerTaggedObject(5, postalAddress)));
Fail("sequence constructor failed to detect bad tag.");
}
catch (ArgumentException)
{
// expected
}
}
public static MyPolicy getHashPolitica(string PolicyUriSource, string PolicyIdentifier = "2.16.76.1.7.1.2.2.3", string PolicyDigestAlgorithm = "SHA-256", string FileName = "LPA_CAdES.der")
{
MyPolicy Retorno = new MyPolicy();
Retorno.PolicyIdentifier = PolicyIdentifier;
Retorno.PolicyDigestAlgorithm = PolicyDigestAlgorithm;
Retorno.URLPolicy = PolicyUriSource;
Stream St;
try
{
St = Helper.FileHelper.MSReadFileURL(PolicyUriSource);
}
catch (Exception ex)
{
//FileStream File = Helper.FileHelper.FSReadFile(System.AppDomain.CurrentDomain.BaseDirectory + FileName);
//St = File;
St = new MemoryStream(Properties.Resources.LPA_CAdES);
}
DerSequence privKeyObj = (DerSequence)Asn1Object.FromStream(St);
var objCollection = privKeyObj.GetEnumerator();
objCollection.MoveNext();
Org.BouncyCastle.Asn1.Asn1Sequence objPrincipal = (Org.BouncyCastle.Asn1.Asn1Sequence)objCollection.Current;
var Politicas = objPrincipal.GetObjects();
while (Politicas.MoveNext())
{
Org.BouncyCastle.Asn1.Asn1Sequence Politica = (Org.BouncyCastle.Asn1.Asn1Sequence)Politicas.Current;
var Itens = Politica.GetObjects();
Itens.MoveNext();
string item1 = Itens.Current.ToString();
Itens.MoveNext();
string item2 = Itens.Current.ToString();
if (item2.Contains(PolicyIdentifier))
{
Itens.MoveNext();
string item3 = Itens.Current.ToString();
Retorno.SubURLPolicy = item3.Replace("[", "").Replace("]", "");
Itens.MoveNext();
Org.BouncyCastle.Asn1.Asn1Sequence item4 = (Org.BouncyCastle.Asn1.Asn1Sequence)Itens.Current;
var Item4d = item4.GetObjects();
Item4d.MoveNext();
Retorno.SubPolicyIdentifier = Item4d.Current.ToString().Replace("[", "").Replace("]", "");
Item4d.MoveNext();
Retorno.Hash = Item4d.Current.ToString();
}
}
St.Close();
return(Retorno);
}
public void Setup()
{
var sec1Key = keyProvider.GetPkcs8PrivateKeyAsSec1((IEcKey)keyPair.PrivateKey);
convertedKey = keyProvider.GetSec1PrivateKeyAsPkcs8(sec1Key.Content);
keySequence = (DerSequence)Asn1Object.FromByteArray(convertedKey.Content);
}
private BasicOcspResp GenerateResponse(
string signatureName,
AsymmetricKeyParameter privateKey,
X509Certificate[] chain,
DateTime producedAt,
SecureRandom random)
{
DerObjectIdentifier signingAlgorithm;
try
{
signingAlgorithm = OcspUtilities.GetAlgorithmOid(signatureName);
}
catch (Exception e)
{
throw new ArgumentException("unknown signing algorithm specified", e);
}
Asn1EncodableVector responses = new Asn1EncodableVector();
foreach (ResponseObject respObj in list)
{
try
{
responses.Add(respObj.ToResponse());
}
catch (Exception e)
{
throw new OcspException("exception creating Request", e);
}
}
ResponseData tbsResp = new ResponseData(responderID.ToAsn1Object(), new DerGeneralizedTime(producedAt), new DerSequence(responses), responseExtensions);
ISigner sig = null;
try
{
sig = SignerUtilities.GetSigner(signatureName);
if (random != null)
{
sig.Init(true, new ParametersWithRandom(privateKey, random));
}
else
{
sig.Init(true, privateKey);
}
}
catch (Exception e)
{
throw new OcspException("exception creating signature: " + e, e);
}
DerBitString bitSig = null;
try
{
byte[] encoded = tbsResp.GetDerEncoded();
sig.BlockUpdate(encoded, 0, encoded.Length);
bitSig = new DerBitString(sig.GenerateSignature());
}
catch (Exception e)
{
throw new OcspException("exception processing TBSRequest: " + e, e);
}
AlgorithmIdentifier sigAlgId = OcspUtilities.GetSigAlgID(signingAlgorithm);
DerSequence chainSeq = null;
if (chain != null && chain.Length > 0)
{
Asn1EncodableVector v = new Asn1EncodableVector();
try
{
for (int i = 0; i != chain.Length; i++)
{
v.Add(
X509CertificateStructure.GetInstance(
Asn1Object.FromByteArray(chain[i].GetEncoded())));
}
}
catch (IOException e)
{
throw new OcspException("error processing certs", e);
}
catch (CertificateEncodingException e)
{
throw new OcspException("error encoding certs", e);
}
chainSeq = new DerSequence(v);
}
return(new BasicOcspResp(new BasicOcspResponse(tbsResp, sigAlgId, bitSig, chainSeq)));
}
static internal RIoTDeviceInfo Decode(X509Certificate2 aliasCert)
{
AsnEncodedData altNames = null;
foreach (var ext in aliasCert.Extensions)
{
if (ext.Oid.Value != RIoTOid)
{
continue;
}
altNames = new AsnEncodedData(ext.Oid, ext.RawData);
}
// an AltName is mandatory
if (altNames == null)
{
Helpers.Notify("Certificate does not have an altName field", true);
return(null);
}
// parse the extension: this is a collection of nested thus -
/*
* DER Sequence
* ObjectIdentifier(1.2.3.4.5.6) <- RIoT Composite ID OID
* DER Sequence
* Integer(1) <- Version number
* DER Sequence <- DeviceID public key
* DER Sequence (same encoding as in DeviceID cert)
* ObjectIdentifier(1.2.840.10045.2.1) EC pubkey
* ObjectIdentifier(1.2.840.10045.3.1.7) prime256
* DER Bit String[65, 0] key value
* DER Sequence <- Encoded FWID
* ObjectIdentifier(2.16.840.1.101.3.4.2.1) sha256
* DER Octet String[32] FWID hash value
*
*
* */
try
{
DerSequence seq = (DerSequence)DerSequence.FromByteArray(altNames.RawData);
//DerTaggedObject obj = (DerTaggedObject)seq[0];
//DerSequence obj2 = (DerSequence)obj.GetObject();
//var oid = (DerObjectIdentifier)obj2[0];
//if (oid.Id != RIoTOid) return ParseError("Incorrect RIoT OID");
var versionNumber = (DerInteger)seq[0];
if (versionNumber.PositiveValue.IntValue != 1)
{
return(ParseError("Wrong version number"));
}
DerSequence obj4 = (DerSequence)seq[1];
DerSequence obj5 = (DerSequence)obj4[0];
var keyAlg1 = (DerObjectIdentifier)obj5[0];
var keyAlg2 = (DerObjectIdentifier)obj5[1];
if (keyAlg1.Id != ecPubKeyOID)
{
return(ParseError("Bad ECPubKey OID"));
}
if (keyAlg2.Id != prime256v1Oid)
{
return(ParseError("Bad curve OID"));
}
var key = (DerBitString)obj4[1];
var obj4b = (DerSequence)seq[2];
var hashAlg = (DerObjectIdentifier)obj4b[0];
if (hashAlg.Id != sha256Oid)
{
return(ParseError("Bad fwid hash OID"));
}
var hash = (DerOctetString)obj4b[1];
RIoTDeviceInfo deviceInfo = new RIoTDeviceInfo()
{
FirmwareID = hash.GetOctets(),
EncodedDeviceIDKey = key.GetBytes(),
Cert = aliasCert
};
return(deviceInfo);
}
catch (Exception e)
{
Debug.WriteLine(e.ToString());
return(null);
}
}
public static byte[] HandleKey(byte[] key, byte[] secretKey)
{
Asn1InputStream inputStream = new Asn1InputStream(key);
Asn1Object o1 = inputStream.ReadObject();
DerSequence seq = o1 as DerSequence;
DerInteger x = seq[2] as DerInteger;
DerInteger y = seq[3] as DerInteger;
X9ECParameters p = CustomNamedCurves.GetByName("secp521r1");
ECDomainParameters domainParameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPoint point = p.Curve.CreatePoint(x.Value, y.Value);
ECPublicKeyParameters publicKeyParameters = new ECPublicKeyParameters(point, domainParameters);
ECKeyPairGenerator generator = new ECKeyPairGenerator();
generator.Init(new ECKeyGenerationParameters(publicKeyParameters.Parameters, new SecureRandom()));
AsymmetricCipherKeyPair keyPair = generator.GenerateKeyPair();
ECDHBasicAgreement basicAgreement = new ECDHBasicAgreement();
basicAgreement.Init(keyPair.Private);
BigInteger agreement = basicAgreement.CalculateAgreement(publicKeyParameters);
byte[] agreementBytes = agreement.ToByteArray();
if (agreementBytes.Length == 65)
{
byte[] newAgreement = new byte[66];
Array.Copy(agreementBytes, 0, newAgreement, 1, 65);
agreementBytes = newAgreement;
}
Sha512Digest sha512 = new Sha512Digest();
byte[] hash = new byte[sha512.GetDigestSize()];
sha512.BlockUpdate(agreementBytes, 0, agreementBytes.Length);
sha512.DoFinal(hash, 0);
byte[] secret = new byte[secretKey.Length];
for (int i = 0; i < secret.Length; i++)
{
secret[i] = secretKey[i];
secret[i] ^= hash[i];
}
ECPublicKeyParameters publicKey = keyPair.Public as ECPublicKeyParameters;
MemoryStream keyStream = new MemoryStream();
DerSequenceGenerator gen2 = new DerSequenceGenerator(keyStream);
gen2.AddObject(new DerBitString(new byte[] { 0x00 }, 7));
gen2.AddObject(new DerInteger(new byte[] { 0x41 }));
gen2.AddObject(new DerInteger(publicKey.Q.XCoord.ToBigInteger()));
gen2.AddObject(new DerInteger(publicKey.Q.YCoord.ToBigInteger()));
gen2.Close();
MemoryStream memoryStream = new MemoryStream();
DerSequenceGenerator gen1 = new DerSequenceGenerator(memoryStream);
gen1.AddObject(new DerObjectIdentifier("2.16.840.1.101.3.4.2.3"));
gen1.AddObject(new DerOctetString(keyStream.ToArray()));
gen1.AddObject(new DerOctetString(secret));
gen1.Close();
byte[] result = memoryStream.ToArray();
memoryStream.Close();
keyStream.Close();
return(result);
}
private BasicOcspResp GenerateResponse(ISignatureFactory signatureCalculator, X509Certificate[] chain, global::System.DateTime producedAt)
{
//IL_016c: Expected O, but got Unknown
AlgorithmIdentifier algorithmIdentifier = (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails;
DerObjectIdentifier algorithm = algorithmIdentifier.Algorithm;
Asn1EncodableVector asn1EncodableVector = new Asn1EncodableVector();
global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)list).GetEnumerator();
try
{
while (enumerator.MoveNext())
{
ResponseObject responseObject = (ResponseObject)enumerator.get_Current();
try
{
asn1EncodableVector.Add(responseObject.ToResponse());
}
catch (global::System.Exception e)
{
throw new OcspException("exception creating Request", e);
}
}
}
finally
{
global::System.IDisposable disposable = enumerator as global::System.IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
ResponseData responseData = new ResponseData(responderID.ToAsn1Object(), new DerGeneralizedTime(producedAt), new DerSequence(asn1EncodableVector), responseExtensions);
DerBitString derBitString = null;
try
{
IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator();
byte[] derEncoded = responseData.GetDerEncoded();
streamCalculator.Stream.Write(derEncoded, 0, derEncoded.Length);
Platform.Dispose(streamCalculator.Stream);
derBitString = new DerBitString(((IBlockResult)streamCalculator.GetResult()).Collect());
}
catch (global::System.Exception ex)
{
throw new OcspException(string.Concat((object)"exception processing TBSRequest: ", (object)ex), ex);
}
AlgorithmIdentifier sigAlgID = OcspUtilities.GetSigAlgID(algorithm);
DerSequence certs = null;
if (chain != null && chain.Length > 0)
{
Asn1EncodableVector asn1EncodableVector2 = new Asn1EncodableVector();
try
{
for (int i = 0; i != chain.Length; i++)
{
asn1EncodableVector2.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(chain[i].GetEncoded())));
}
}
catch (IOException val)
{
IOException e2 = val;
throw new OcspException("error processing certs", (global::System.Exception)(object) e2);
}
catch (CertificateEncodingException e3)
{
throw new OcspException("error encoding certs", e3);
}
certs = new DerSequence(asn1EncodableVector2);
}
return(new BasicOcspResp(new BasicOcspResponse(responseData, sigAlgID, derBitString, certs)));
}
public override void PerformTest()
{
Asn1Sequence obj = (Asn1Sequence)Asn1Object.FromByteArray(pkcs12);
Pfx bag = new Pfx(obj);
ContentInfo info = bag.AuthSafe;
MacData mData = bag.MacData;
DigestInfo dInfo = mData.Mac;
AlgorithmIdentifier algId = dInfo.AlgorithmID;
byte[] salt = mData.GetSalt();
int itCount = mData.IterationCount.IntValue;
byte[] octets = ((Asn1OctetString)info.Content).GetOctets();
AuthenticatedSafe authSafe = new AuthenticatedSafe(
(Asn1Sequence)Asn1Object.FromByteArray(octets));
ContentInfo[] c = authSafe.GetContentInfo();
//
// private key section
//
if (!c[0].ContentType.Equals(PkcsObjectIdentifiers.Data))
{
Fail("Failed comparison data test");
}
octets = ((Asn1OctetString)c[0].Content).GetOctets();
Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(octets);
SafeBag b = new SafeBag((Asn1Sequence)seq[0]);
if (!b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag))
{
Fail("Failed comparison shroudedKeyBag test");
}
EncryptedPrivateKeyInfo encInfo = EncryptedPrivateKeyInfo.GetInstance(b.BagValue);
encInfo = new EncryptedPrivateKeyInfo(encInfo.EncryptionAlgorithm, encInfo.GetEncryptedData());
b = new SafeBag(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag, encInfo.ToAsn1Object(), b.BagAttributes);
byte[] encodedBytes = new DerSequence(b).GetEncoded();
c[0] = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(encodedBytes));
//
// certificates
//
if (!c[1].ContentType.Equals(PkcsObjectIdentifiers.EncryptedData))
{
Fail("Failed comparison encryptedData test");
}
EncryptedData eData = EncryptedData.GetInstance(c[1].Content);
c[1] = new ContentInfo(PkcsObjectIdentifiers.EncryptedData, eData);
//
// create an octet stream to represent the BER encoding of authSafe
//
authSafe = new AuthenticatedSafe(c);
info = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(authSafe.GetEncoded()));
mData = new MacData(new DigestInfo(algId, dInfo.GetDigest()), salt, itCount);
bag = new Pfx(info, mData);
//
// comparison test
//
if (!Arrays.AreEqual(bag.GetEncoded(), pkcs12))
{
Fail("Failed comparison test");
}
}
private static Asn1Sequence MakeGeneralInfoSeq(
InfoTypeAndValue[] generalInfos)
{
Asn1Sequence genInfoSeq = null;
if (generalInfos != null)
{
Asn1EncodableVector v = new Asn1EncodableVector();
for (int i = 0; i < generalInfos.Length; ++i)
{
v.Add(generalInfos[i]);
}
genInfoSeq = new DerSequence(v);
}
return genInfoSeq;
}
public async Task <bool> LoginSecurity(string id, string pw)
{
try
{
HttpResponseMessage response = await client.GetAsync(new Uri(Constants.Constants.Url_LoginSecurity));
if (response.IsSuccessStatusCode)
{
string res = await response.Content.ReadAsStringAsync();
string key = JObject.Parse(res)["publicKey"].ToString();
string value = Newtonsoft.Json.JsonConvert.SerializeObject(new { loginId = id,
loginPwd = pw, storeIdYn = "N" });
Asn1Object obj = Asn1Object.FromByteArray(Convert.FromBase64String(key));
DerSequence publicKeySequence = (DerSequence)obj;
DerBitString encodedPublicKey = (DerBitString)publicKeySequence[1];
DerSequence publicKey = (DerSequence)Asn1Object.FromByteArray(encodedPublicKey.GetBytes());
var modulus = publicKey[0];
var exponent = publicKey[1];
RsaKeyParameters keyParameters = new RsaKeyParameters(false, ((DerInteger)modulus).PositiveValue, ((DerInteger)exponent).PositiveValue);
RSAParameters parameters = DotNetUtilities.ToRSAParameters(keyParameters);
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(parameters);
//암호화할 문자열을 UFT8인코딩
byte[] inbuf = (new UTF8Encoding()).GetBytes(value);
//암호화
byte[] encbuf = rsa.Encrypt(inbuf, false);
//암호화된 문자열 Base64인코딩
string token = System.Convert.ToBase64String(encbuf);
string content = Newtonsoft.Json.JsonConvert.SerializeObject(new
{
loginToken = token,
redirectUrl = "",
redirectTabUrl = "",
});
HttpResponseMessage response2 = await client.PostAsync(new Uri(Constants.Constants.Url_LoginConfirm),
new StringContent(content, Encoding.UTF8, "application/json"));
try
{
if (response2.IsSuccessStatusCode)
{
string res2 = await response2.Content.ReadAsStringAsync();
if (JObject.Parse(res2)["errorCount"].ToString() == "0")
{
Uri uri = new Uri("https://klas.kw.ac.kr");
IEnumerable <Cookie> responseCookies = cookies.GetCookies(uri).Cast <Cookie>();
CookieContainer cookieContainer = new CookieContainer();
foreach (Cookie cookie in responseCookies)
{
Console.WriteLine(cookie.Name + ": " + cookie.Value);
cookieContainer.Add(cookie);
}
UserInfo.CookieContainer = cookieContainer;
return(true);
}
else
{
return(false);
}
}
}
catch (Exception e)
{
Debug.WriteLine(@"\tERROR {0}", e.Message);
return(false);
}
}
} catch (Exception e)
{
Debug.WriteLine(@"\tERROR {0}", e.Message);
return(false);
}
return(false);
}
/// <summary>
/// Generates the certificate.
/// </summary>
/// <param name="subjectName">Name of the subject.</param>
/// <param name="issuerName">Name of the issuer.</param>
/// <param name="validFrom">The valid from.</param>
/// <param name="validTo">The valid to.</param>
/// <param name="keyStrength">The key strength.</param>
/// <param name="signatureAlgorithm">The signature algorithm.</param>
/// <param name="issuerPrivateKey">The issuer private key.</param>
/// <param name="hostName">The host name</param>
/// <returns>X509Certificate2 instance.</returns>
/// <exception cref="PemException">Malformed sequence in RSA private key</exception>
private static X509Certificate2 GenerateCertificate(string hostName,
string subjectName,
string issuerName, DateTime validFrom,
DateTime validTo, int keyStrength = 2048,
string signatureAlgorithm = "SHA256WithRSA",
AsymmetricKeyParameter issuerPrivateKey = null)
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var secureRandom = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), secureRandom);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and Subject Name
var subjectDn = new X509Name(subjectName);
var issuerDn = new X509Name(issuerName);
certificateGenerator.SetIssuerDN(issuerDn);
certificateGenerator.SetSubjectDN(subjectDn);
certificateGenerator.SetNotBefore(validFrom);
certificateGenerator.SetNotAfter(validTo);
if (hostName != null)
{
//add subject alternative names
var subjectAlternativeNames = new Asn1Encodable[] { new GeneralName(GeneralName.DnsName, hostName), };
var subjectAlternativeNamesExtension = new DerSequence(subjectAlternativeNames);
certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName.Id, false, subjectAlternativeNamesExtension);
}
// Subject Public Key
var keyGenerationParameters = new KeyGenerationParameters(secureRandom, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Set certificate intended purposes to only Server Authentication
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth));
var signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, issuerPrivateKey ?? subjectKeyPair.Private, secureRandom);
// Self-sign the certificate
var certificate = certificateGenerator.Generate(signatureFactory);
// Corresponding private key
var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
var seq = (Asn1Sequence)Asn1Object.FromByteArray(privateKeyInfo.ParsePrivateKey().GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("Malformed sequence in RSA private key");
}
var rsa = RsaPrivateKeyStructure.GetInstance(seq);
var rsaparams = new RsaPrivateCrtKeyParameters(rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1,
rsa.Exponent2, rsa.Coefficient);
var x509Certificate = WithPrivateKey(certificate, rsaparams);
x509Certificate.FriendlyName = subjectName;
return(x509Certificate);
}
/// <summary>
/// Generates the certificate.
/// </summary>
/// <param name="subjectName">Name of the subject.</param>
/// <param name="issuerName">Name of the issuer.</param>
/// <param name="validFrom">The valid from.</param>
/// <param name="validTo">The valid to.</param>
/// <param name="keyStrength">The key strength.</param>
/// <param name="signatureAlgorithm">The signature algorithm.</param>
/// <param name="issuerPrivateKey">The issuer private key.</param>
/// <param name="hostName">The host name</param>
/// <returns>X509Certificate2 instance.</returns>
/// <exception cref="PemException">Malformed sequence in RSA private key</exception>
private static X509Certificate2 generateCertificate(string hostName,
string subjectName,
string issuerName, System.DateTime validFrom,
System.DateTime validTo, int keyStrength = 2048,
string signatureAlgorithm = "SHA256WithRSA",
AsymmetricKeyParameter issuerPrivateKey = null)
{
// Generating Random Numbers
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom secureRandom = new SecureRandom(randomGenerator);
// The Certificate Generator
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
BigInteger serialNumber =
BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), secureRandom);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and Subject Name
X509Name subjectDn = new X509Name(subjectName);
X509Name issuerDn = new X509Name(issuerName);
certificateGenerator.SetIssuerDN(issuerDn);
certificateGenerator.SetSubjectDN(subjectDn);
certificateGenerator.SetNotBefore(validFrom);
certificateGenerator.SetNotAfter(validTo);
if (hostName != null)
{
// add subject alternative names
Asn1Encodable[] subjectAlternativeNames = new Asn1Encodable[] { new GeneralName(GeneralName.DnsName, hostName) };
DerSequence subjectAlternativeNamesExtension = new DerSequence(subjectAlternativeNames);
certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName.Id, false,
subjectAlternativeNamesExtension);
}
// Subject Public Key
KeyGenerationParameters keyGenerationParameters = new KeyGenerationParameters(secureRandom, keyStrength);
RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
AsymmetricCipherKeyPair subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Set certificate intended purposes to only Server Authentication
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false,
new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth));
if (issuerPrivateKey == null)
{
certificateGenerator.AddExtension(X509Extensions.BasicConstraints.Id, true, new BasicConstraints(true));
}
Asn1SignatureFactory signatureFactory = new Asn1SignatureFactory(signatureAlgorithm,
issuerPrivateKey ?? subjectKeyPair.Private, secureRandom);
// Self-sign the certificate
X509Certificate certificate = certificateGenerator.Generate(signatureFactory);
// Corresponding private key
PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(privateKeyInfo.ParsePrivateKey().GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("Malformed sequence in RSA private key");
}
RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(seq);
RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters(rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent,
rsa.Prime1, rsa.Prime2, rsa.Exponent1,
rsa.Exponent2, rsa.Coefficient);
#if NET45
// Set private key onto certificate instance
X509Certificate2 x509Certificate = new X509Certificate2(certificate.GetEncoded());
x509Certificate.PrivateKey = DotNetUtilities.ToRSA(rsaparams);
#else
X509Certificate2 x509Certificate = withPrivateKey(certificate, rsaparams);
if (System.Runtime.InteropServices.RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
x509Certificate.FriendlyName = subjectName;
}
#endif
doNotSetFriendlyName = false;
if (!doNotSetFriendlyName)
{
try
{
x509Certificate.FriendlyName = ProxyConstants.CNRemoverRegex.Replace(subjectName, string.Empty);
}
catch (System.PlatformNotSupportedException)
{
doNotSetFriendlyName = true;
}
}
return(x509Certificate);
}
public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom random)
{
byte[] keyBytes = contentEncryptionKey.GetKey();
AsymmetricKeyParameter senderPublicKey = senderKeyPair.Public;
ICipherParameters senderPrivateParams = senderKeyPair.Private;
OriginatorIdentifierOrKey originator;
try
{
originator = new OriginatorIdentifierOrKey(
CreateOriginatorPublicKey(senderPublicKey));
}
catch (IOException e)
{
throw new InvalidKeyException("cannot extract originator public key: " + e);
}
Asn1OctetString ukm = null;
if (keyAgreementOID.Id.Equals(CmsEnvelopedGenerator.ECMqvSha1Kdf))
{
try
{
IAsymmetricCipherKeyPairGenerator ephemKPG =
GeneratorUtilities.GetKeyPairGenerator(keyAgreementOID);
ephemKPG.Init(
((ECPublicKeyParameters)senderPublicKey).CreateKeyGenerationParameters(random));
AsymmetricCipherKeyPair ephemKP = ephemKPG.GenerateKeyPair();
ukm = new DerOctetString(
new MQVuserKeyingMaterial(
CreateOriginatorPublicKey(ephemKP.Public), null));
senderPrivateParams = new MqvPrivateParameters(
(ECPrivateKeyParameters)senderPrivateParams,
(ECPrivateKeyParameters)ephemKP.Private,
(ECPublicKeyParameters)ephemKP.Public);
}
catch (IOException e)
{
throw new InvalidKeyException("cannot extract MQV ephemeral public key: " + e);
}
catch (SecurityUtilityException e)
{
throw new InvalidKeyException("cannot determine MQV ephemeral key pair parameters from public key: " + e);
}
}
DerSequence paramSeq = new DerSequence(
keyEncryptionOID,
DerNull.Instance);
AlgorithmIdentifier keyEncAlg = new AlgorithmIdentifier(keyAgreementOID, paramSeq);
Asn1EncodableVector recipientEncryptedKeys = new Asn1EncodableVector();
foreach (X509Certificate recipientCert in recipientCerts)
{
TbsCertificateStructure tbsCert;
try
{
tbsCert = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(recipientCert.GetTbsCertificate()));
}
catch (Exception)
{
throw new ArgumentException("can't extract TBS structure from certificate");
}
// TODO Should there be a SubjectKeyIdentifier-based alternative?
IssuerAndSerialNumber issuerSerial = new IssuerAndSerialNumber(
tbsCert.Issuer, tbsCert.SerialNumber.Value);
KeyAgreeRecipientIdentifier karid = new KeyAgreeRecipientIdentifier(issuerSerial);
ICipherParameters recipientPublicParams = recipientCert.GetPublicKey();
if (keyAgreementOID.Id.Equals(CmsEnvelopedGenerator.ECMqvSha1Kdf))
{
recipientPublicParams = new MqvPublicParameters(
(ECPublicKeyParameters)recipientPublicParams,
(ECPublicKeyParameters)recipientPublicParams);
}
// Use key agreement to choose a wrap key for this recipient
IBasicAgreement keyAgreement = AgreementUtilities.GetBasicAgreementWithKdf(
keyAgreementOID, keyEncryptionOID.Id);
keyAgreement.Init(new ParametersWithRandom(senderPrivateParams, random));
BigInteger agreedValue = keyAgreement.CalculateAgreement(recipientPublicParams);
int keyEncryptionKeySize = GeneratorUtilities.GetDefaultKeySize(keyEncryptionOID) / 8;
byte[] keyEncryptionKeyBytes = X9IntegerConverter.IntegerToBytes(agreedValue, keyEncryptionKeySize);
KeyParameter keyEncryptionKey = ParameterUtilities.CreateKeyParameter(
keyEncryptionOID, keyEncryptionKeyBytes);
// Wrap the content encryption key with the agreement key
IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionOID.Id);
keyWrapper.Init(true, new ParametersWithRandom(keyEncryptionKey, random));
byte[] encryptedKeyBytes = keyWrapper.Wrap(keyBytes, 0, keyBytes.Length);
Asn1OctetString encryptedKey = new DerOctetString(encryptedKeyBytes);
recipientEncryptedKeys.Add(new RecipientEncryptedKey(karid, encryptedKey));
}
return(new RecipientInfo(new KeyAgreeRecipientInfo(originator, ukm, keyEncAlg,
new DerSequence(recipientEncryptedKeys))));
}
public virtual int GenerateBytes(byte[] outBytes, int outOff, int len)
{
if ((outBytes.Length - len) < outOff)
{
throw new DataLengthException("output buffer too small");
}
long oBytes = len;
int outLen = digest.GetDigestSize();
//
// this is at odds with the standard implementation, the
// maximum value should be hBits * (2^32 - 1) where hBits
// is the digest output size in bits. We can't have an
// array with a long index at the moment...
//
if (oBytes > ((2L << 32) - 1))
{
throw new ArgumentException("Output length too large");
}
int cThreshold = (int)((oBytes + outLen - 1) / outLen);
byte[] dig = new byte[digest.GetDigestSize()];
uint counter = 1;
for (int i = 0; i < cThreshold; i++)
{
digest.BlockUpdate(z, 0, z.Length);
// KeySpecificInfo
DerSequence keyInfo = new DerSequence(
algorithm,
new DerOctetString(Pack.UInt32_To_BE(counter)));
// OtherInfo
Asn1EncodableVector v1 = new Asn1EncodableVector(keyInfo);
if (partyAInfo != null)
{
v1.Add(new DerTaggedObject(true, 0, new DerOctetString(partyAInfo)));
}
v1.Add(new DerTaggedObject(true, 2, new DerOctetString(Pack.UInt32_To_BE((uint)keySize))));
byte[] other = new DerSequence(v1).GetDerEncoded();
digest.BlockUpdate(other, 0, other.Length);
digest.DoFinal(dig, 0);
if (len > outLen)
{
Array.Copy(dig, 0, outBytes, outOff, outLen);
outOff += outLen;
len -= outLen;
}
else
{
Array.Copy(dig, 0, outBytes, outOff, len);
}
counter++;
}
digest.Reset();
return((int)oBytes);
}
/**
* Gets the bytes for the PKCS7SignedData object. Optionally the authenticatedAttributes
* in the signerInfo can also be set, OR a time-stamp-authority client
* may be provided.
* @param secondDigest the digest in the authenticatedAttributes
* @param signingTime the signing time in the authenticatedAttributes
* @param tsaClient TSAClient - null or an optional time stamp authority client
* @return byte[] the bytes for the PKCS7SignedData object
* @since 2.1.6
*/
public byte[] GetEncodedPKCS7(byte[] secondDigest, DateTime signingTime, ITSAClient tsaClient, byte[] ocsp, ICollection <byte[]> crlBytes, CryptoStandard sigtype)
{
if (externalDigest != null)
{
digest = externalDigest;
if (RSAdata != null)
{
RSAdata = externalRSAdata;
}
}
else if (externalRSAdata != null && RSAdata != null)
{
RSAdata = externalRSAdata;
sig.BlockUpdate(RSAdata, 0, RSAdata.Length);
digest = sig.GenerateSignature();
}
else
{
if (RSAdata != null)
{
RSAdata = new byte[messageDigest.GetDigestSize()];
messageDigest.DoFinal(RSAdata, 0);
sig.BlockUpdate(RSAdata, 0, RSAdata.Length);
}
digest = sig.GenerateSignature();
}
// Create the set of Hash algorithms
Asn1EncodableVector digestAlgorithms = new Asn1EncodableVector();
foreach (string dal in digestalgos.Keys)
{
Asn1EncodableVector algos = new Asn1EncodableVector();
algos.Add(new DerObjectIdentifier(dal));
algos.Add(DerNull.Instance);
digestAlgorithms.Add(new DerSequence(algos));
}
// Create the contentInfo.
Asn1EncodableVector v = new Asn1EncodableVector();
v.Add(new DerObjectIdentifier(SecurityIDs.ID_PKCS7_DATA));
if (RSAdata != null)
{
v.Add(new DerTaggedObject(0, new DerOctetString(RSAdata)));
}
DerSequence contentinfo = new DerSequence(v);
// Get all the certificates
//
v = new Asn1EncodableVector();
foreach (X509Certificate xcert in certs)
{
Asn1InputStream tempstream = new Asn1InputStream(new MemoryStream(xcert.GetEncoded()));
v.Add(tempstream.ReadObject());
}
DerSet dercertificates = new DerSet(v);
// Create signerinfo structure.
//
Asn1EncodableVector signerinfo = new Asn1EncodableVector();
// Add the signerInfo version
//
signerinfo.Add(new DerInteger(signerversion));
v = new Asn1EncodableVector();
v.Add(CertificateInfo.GetIssuer(signCert.GetTbsCertificate()));
v.Add(new DerInteger(signCert.SerialNumber));
signerinfo.Add(new DerSequence(v));
// Add the digestAlgorithm
v = new Asn1EncodableVector();
v.Add(new DerObjectIdentifier(digestAlgorithmOid));
v.Add(DerNull.Instance);
signerinfo.Add(new DerSequence(v));
// add the authenticated attribute if present
if (secondDigest != null /*&& signingTime != null*/)
{
signerinfo.Add(new DerTaggedObject(false, 0, GetAuthenticatedAttributeSet(secondDigest, signingTime, ocsp, crlBytes, sigtype)));
}
// Add the digestEncryptionAlgorithm
v = new Asn1EncodableVector();
v.Add(new DerObjectIdentifier(digestEncryptionAlgorithmOid));
v.Add(DerNull.Instance);
signerinfo.Add(new DerSequence(v));
// Add the digest
signerinfo.Add(new DerOctetString(digest));
// When requested, go get and add the timestamp. May throw an exception.
// Added by Martin Brunecky, 07/12/2007 folowing Aiken Sam, 2006-11-15
// Sam found Adobe expects time-stamped SHA1-1 of the encrypted digest
if (tsaClient != null)
{
byte[] tsImprint = DigestAlgorithms.Digest(tsaClient.GetMessageDigest(), digest);
byte[] tsToken = tsaClient.GetTimeStampToken(tsImprint);
if (tsToken != null)
{
Asn1EncodableVector unauthAttributes = BuildUnauthenticatedAttributes(tsToken);
if (unauthAttributes != null)
{
signerinfo.Add(new DerTaggedObject(false, 1, new DerSet(unauthAttributes)));
}
}
}
// Finally build the body out of all the components above
Asn1EncodableVector body = new Asn1EncodableVector();
body.Add(new DerInteger(version));
body.Add(new DerSet(digestAlgorithms));
body.Add(contentinfo);
body.Add(new DerTaggedObject(false, 0, dercertificates));
// Only allow one signerInfo
body.Add(new DerSet(new DerSequence(signerinfo)));
// Now we have the body, wrap it in it's PKCS7Signed shell
// and return it
//
Asn1EncodableVector whole = new Asn1EncodableVector();
whole.Add(new DerObjectIdentifier(SecurityIDs.ID_PKCS7_SIGNED_DATA));
whole.Add(new DerTaggedObject(0, new DerSequence(body)));
MemoryStream bOut = new MemoryStream();
Asn1OutputStream dout = new Asn1OutputStream(bOut);
dout.WriteObject(new DerSequence(whole));
dout.Close();
return(bOut.ToArray());
}
public void TestSignRequest()
{
var agentClient = new TestAgentClient();
var data = Encoding.UTF8.GetBytes("Data to be signed");
foreach (var key in allKeys)
{
agentClient.Agent.AddKey(key);
var signature = agentClient.SignRequest(key, data);
switch (key.Version)
{
case SshVersion.SSH1:
using (MD5 md5 = MD5.Create()) {
var md5Buffer = new byte[48];
data.CopyTo(md5Buffer, 0);
agentClient.SessionId.CopyTo(md5Buffer, 32);
var expctedSignature = md5.ComputeHash(md5Buffer);
Assert.That(signature, Is.EqualTo(expctedSignature));
}
break;
case SshVersion.SSH2:
BlobParser signatureParser = new BlobParser(signature);
var algorithm = signatureParser.ReadString();
Assert.That(algorithm, Is.EqualTo(key.Algorithm.GetIdentifierString()));
signature = signatureParser.ReadBlob();
if (key.Algorithm == PublicKeyAlgorithm.SSH_RSA)
{
Assert.That(signature.Length == key.Size / 8);
}
else if (key.Algorithm == PublicKeyAlgorithm.SSH_DSS)
{
Assert.That(signature.Length, Is.EqualTo(40));
var r = new BigInteger(1, signature, 0, 20);
var s = new BigInteger(1, signature, 20, 20);
var seq = new DerSequence(new DerInteger(r), new DerInteger(s));
signature = seq.GetDerEncoded();
}
else if (key.Algorithm == PublicKeyAlgorithm.ECDSA_SHA2_NISTP256 ||
key.Algorithm == PublicKeyAlgorithm.ECDSA_SHA2_NISTP384 ||
key.Algorithm == PublicKeyAlgorithm.ECDSA_SHA2_NISTP521)
{
Assert.That(signature.Length, Is.AtLeast(key.Size / 4 + 8));
Assert.That(signature.Length, Is.AtMost(key.Size / 4 + 10));
BlobParser parser = new BlobParser(signature);
var r = new BigInteger(parser.ReadBlob());
var s = new BigInteger(parser.ReadBlob());
var seq = new DerSequence(new DerInteger(r), new DerInteger(s));
signature = seq.GetDerEncoded();
}
var signer = key.GetSigner();
signer.Init(false, key.GetPublicKeyParameters());
signer.BlockUpdate(data, 0, data.Length);
var valid = signer.VerifySignature(signature);
Assert.That(valid, Is.True);
break;
default:
Assert.Fail("Unexpected Ssh Version");
break;
}
}
}
static void Main(string[] args)
{
PolicyInformation[] certPolicies = new PolicyInformation[2];
certPolicies[0] = new PolicyInformation(new DerObjectIdentifier("2.16.840.1.101.2.1.11.5"));
certPolicies[1] = new PolicyInformation(new DerObjectIdentifier("2.16.840.1.101.2.1.11.18"));
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
var certificateGenerator = new X509V3CertificateGenerator();
//serial
var serialNumber =
BigIntegers.CreateRandomInRange(
BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// sig alg
const string signatureAlgorithm = "SHA1WithRSA";
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
// Subjects
// Time x = new Time();
var subjectDN = new X509Name("CN=localhost, O=Arsslensoft, C=TN,surname=Idadi,givenname=Arsslen, uniqueidentifier=15002060,businesscategory=Production,initials=Hello, gender=male, placeofbirth=El Manar, pseudonym=Arsslinko, postaladdress=2076, countryofcitizenship=TN, countryofresidence=TN,telephonenumber=53299093");
var issuerDN = subjectDN;
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Validity
var notBefore = DateTime.UtcNow.Date.Subtract(new TimeSpan(5, 0, 0));
var notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// PKEY
const int strength = 512;
var keyGenerationParameters = new KeyGenerationParameters(random, strength);
// var x= new Al.Security.Crypto.Generators.DsaKeyPairGenerator();
// X9ECParameters ecP = NistNamedCurves.GetByName("B-571");
// ECDomainParameters ecSpec = new ECDomainParameters(ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed());
// ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator("ECDSA");
// //ECPA par = new DsaParametersGenerator();
// //par.Init(2048, 100, random);
// //ECKeyGenerationParameters pa = new ECKeyGenerationParameters(random, par.GenerateParameters());
//// var keyPairGenerator = new DHKeyPairGenerator();
// //DsaParametersGenerator par = new DsaParametersGenerator();
// //par.Init(2048, 100, random);
// //DsaKeyGenerationParameters pa = new DsaKeyGenerationParameters(random, par.GenerateParameters());
// // keyPairGenerator.Init(pa);
// keyPairGenerator.Init(new ECKeyGenerationParameters(ecSpec, new SecureRandom()));
//var keyPairGenerator = new DsaKeyPairGenerator();
//DsaParametersGenerator par = new DsaParametersGenerator();
//par.Init(1024, 100, random);
//DsaKeyGenerationParameters pa = new DsaKeyGenerationParameters(random, par.GenerateParameters());
//keyPairGenerator.Init(pa);
// KeyPair = keyPairGenerator.GenerateKeyPair();
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
StreamReader str = new StreamReader("D:\\test.key");
PemReader pem = new PemReader(str);
AsymmetricCipherKeyPair keypair = (AsymmetricCipherKeyPair)pem.ReadObject();
var subjectKeyPair = keypair;
str.Close();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// ext
X509Extensions
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false,
new SubjectKeyIdentifierStructure(subjectKeyPair.Public));
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(subjectKeyPair.Public));
certificateGenerator.AddExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(false));
// key usage
certificateGenerator.AddExtension(
X509Extensions.KeyUsage,
true,
new KeyUsage(KeyUsage.KeyAgreement | KeyUsage.DataEncipherment | KeyUsage.DigitalSignature));
// extended key usage
var usages = new[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth };
ExtendedKeyUsage extendedKeyUsage = new ExtendedKeyUsage(usages);
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, extendedKeyUsage);
// Test Policy
DerSequence seq = CreatePolicyInformationsSequence("http://www.arsslensoft.com", "Arsslensoft", "1.3.6.1.4.1.23823.1.1.1", "Test Notice");
// certificateGenerator.AddExtension(X509Extensions.CertificatePolicies, false, new DerSequence(certPolicies));
// Authority access
List <GeneralSubtree> ees = new List <GeneralSubtree>();
ees.Add(new GeneralSubtree(new GeneralName(GeneralName.UniformResourceIdentifier, "http://www.google.com")));
certificateGenerator.AddExtension(X509Extensions.NameConstraints, true, new NameConstraints(null, ees));
certificateGenerator.AddExtension(X509Extensions.NetscapeComment, true, new DerVisibleString("NS COMMENT"));
certificateGenerator.AddExtension(X509Extensions.NetscapeBaseUrl, true, new DerIA5String("http://www.google.com"));
certificateGenerator.AddExtension(X509Extensions.InhibitAnyPolicy, true, new DerInteger(12));
// Policy constraints
byte inhibit = 12;
byte explicitc = 12;
// certificateGenerator.AddExtension(X509Extensions.PolicyConstraints, false, new DerOctetSequence(new byte[] { 128, 1, explicitc, 129, 1, inhibit }));
certificateGenerator.AddExtension(X509Extensions.NetscapeCertUsage, false, new KeyUsage(KeyUsage.KeyAgreement));
certificateGenerator.AddExtension(X509Extensions.AuthorityInfoAccess, false, CreateAuthorityAccessInformationSequence("http://www.arsslensoft.com", null));
// Subhect Issuer Alternative name
GeneralName altName = new GeneralName(GeneralName.DnsName, "localhost");
GeneralNames subjectAltName = new GeneralNames(altName);
certificateGenerator.AddExtension(X509Extensions.IssuerAlternativeName, false, subjectAltName);
certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
// certificateGenerator.AddExtension(new DerObjectIdentifier("2.16.840.1.11730.29.53"), false, subjectAltName);
//
GeneralNames s;
//CRL Distribution Points
DistributionPointName distPointOne = new DistributionPointName(new GeneralNames(
new GeneralName(GeneralName.UniformResourceIdentifier, "http://crl.somewebsite.com/master.crl")));
GeneralNames gns = new GeneralNames(new GeneralName[] {
new GeneralName(GeneralName.UniformResourceIdentifier, "ldap://crl.somewebsite.com/cn%3dSecureCA%2cou%3dPKI%2co%3dCyberdyne%2cc%3dUS?certificaterevocationlist;binary"), new GeneralName(GeneralName.Rfc822Name, "Arslen")
});
DistributionPointName distPointTwo = new DistributionPointName(gns);
DistributionPoint[] distPoints = new DistributionPoint[2];
distPoints[0] = new DistributionPoint(distPointOne, null, null);
distPoints[1] = new DistributionPoint(distPointTwo, null, gns);
IssuingDistributionPoint iss = new IssuingDistributionPoint(distPointOne, false, true, null, false, false);
certificateGenerator.AddExtension(X509Extensions.IssuingDistributionPoint, false, iss);
certificateGenerator.AddExtension(X509Extensions.CrlDistributionPoints, false, new CrlDistPoint(distPoints));
// Biometric
Asn1EncodableVector v = new Asn1EncodableVector();
BiometricData bdat = new BiometricData(new TypeOfBiometricData(TypeOfBiometricData.HandwrittenSignature), new AlgorithmIdentifier(new DerObjectIdentifier("1.3.14.3.2.26")), new DerOctetString(new byte[] { 169, 74, 143, 229, 204, 177, 155, 166, 28, 76, 8, 115, 211, 145, 233, 135, 152, 47, 187, 211 }), new DerIA5String("http://www.google.com"));
v.Add(bdat);
v.Add(new BiometricData(new TypeOfBiometricData(TypeOfBiometricData.HandwrittenSignature), new AlgorithmIdentifier(new DerObjectIdentifier("1.3.14.3.2.26")), new DerOctetString(new byte[] { 169, 74, 143, 229, 204, 177, 155, 166, 28, 76, 8, 115, 211, 145, 233, 135, 152, 47, 187, 211 }), new DerIA5String("http://www.google.co")));
certificateGenerator.AddExtension(X509Extensions.BiometricInfo, false, new DerSequenceOf(v));
QCStatement st = new QCStatement(Rfc3739QCObjectIdentifiers.IdQcs);
certificateGenerator.AddExtension(X509Extensions.QCStatements, false, st);
//Al.Security.Pkcs.Pkcs10CertificationRequest c = new Al.Security.Pkcs.Pkcs10CertificationRequest(
//certificateGenerator.AddExtension(X509Extensions.ReasonCode, false, ce);
// test done
certificateGenerator.AddExtension(X509Extensions.SubjectInfoAccess, false, CreateAuthorityAccessInformationSequence("http://www.arsslensoft.com", null));
//// 2
//TargetInformation ti = new Al.Security.Asn1.X509.TargetInformation(new Target[] { new Target(Target.Choice.Name, new GeneralName(GeneralName.UniformResourceIdentifier, "http://www.go.com")) });
//certificateGenerator.AddExtension(X509Extensions.TargetInformation, false, new DerSequence(ti));
// 3
PrivateKeyUsagePeriod kup = new PrivateKeyUsagePeriod(DateTime.Now, DateTime.Now.AddYears(2));
certificateGenerator.AddExtension(X509Extensions.PrivateKeyUsagePeriod, false, new DerSequence(kup));
//generate
var issuerKeyPair = subjectKeyPair;
var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);
StreamWriter wstr = new StreamWriter(Path.ChangeExtension("D:\\test.crt", ".pem"), false);
PemWriter pemWriter = new PemWriter(wstr);
pemWriter.WriteObject(certificate);
pemWriter.WriteObject(issuerKeyPair.Private);
wstr.Flush();
wstr.Close();
// System.Security.Cryptography.X509Certificates.X509Certificate x509_ = DotNetUtilities.ToX509Certificate(certificate.CertificateStructure);
//File.WriteAllBytes(@"D:\\test.crt", x509_.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs12));
}
public static CngKey Import(Byte[] blob,
Int32 offset = 0)
{
Boolean isPrivateKey = false;
Byte keyLength = 0;
Byte[] keyCurveX = null, keyCurveY = null, keyScalar = null;
Byte[] inBlob = blob;
// Apply offset to incoming data.
if (offset > 0)
{
var blobLength = blob.Length - (offset);
inBlob = new Byte[blobLength];
Array.Copy(blob, offset, inBlob, 0, blobLength);
}
System.IO.File.WriteAllBytes("Key.key", inBlob);
DerSequence der = (DerSequence)DerSequence.FromByteArray(inBlob);
try { /*to read directly*/
isPrivateKey = ((DerBitString)der[0]).IntValue != 0;
} catch {
der = (DerSequence)DerSequence.FromByteArray(((DerOctetString)der[1]).GetOctets());
System.IO.File.WriteAllBytes("KeyDer.key", der.GetEncoded());
}
// Read Data from Key.
isPrivateKey = ((DerBitString)der[0]).IntValue != 0;
keyLength = (Byte)((DerInteger)der[1]).PositiveValue.IntValue;
keyCurveX = ((DerInteger)der[2]).PositiveValue.ToByteArrayUnsigned();
keyCurveY = ((DerInteger)der[3]).PositiveValue.ToByteArrayUnsigned();
if (isPrivateKey)
{
keyScalar = ((DerInteger)der[4]).PositiveValue.ToByteArrayUnsigned();
}
// Validate data.
if (keyLength == 0)
{
throw new IndexOutOfRangeException("Length of key is 0.");
}
if (keyCurveX == null || keyCurveY == null)
{
throw new IndexOutOfRangeException("Key Curve is not set.");
}
// Construct a readable key out of this data.
Byte[] newBlob = new Byte[8 + (keyLength * (2 + (isPrivateKey ? 1 : 0)))];
// Write Key Header for ECCPrivateBlob or ECCPublicBlob.
newBlob[0] = (Byte)0x45; // E
newBlob[1] = (Byte)0x43; // C
newBlob[2] = (Byte)0x4B; // K
newBlob[3] = (Byte)(keyLength == 32 ? 0x31 : (keyLength == 48 ? 0x33 : (keyLength == 64 ? 0x35 : 0x00)));
newBlob[3] += (Byte)(isPrivateKey ? 0x01 : 0x00);
newBlob[4] = (Byte)keyLength;
Array.Copy(keyCurveX, 0, newBlob, 8, keyCurveX.Length);
Array.Copy(keyCurveY, 0, newBlob, 8 + keyLength, keyCurveY.Length);
if (isPrivateKey)
{
Array.Copy(keyScalar, 0, newBlob, 8 + keyLength * 2, keyScalar.Length);
}
// Now return a valid Key.
if (isPrivateKey)
{
return(CngKey.Import(newBlob, CngKeyBlobFormat.EccPrivateBlob));
}
else
{
return(CngKey.Import(newBlob, CngKeyBlobFormat.EccPublicBlob));
}
}
public override void PerformTest()
{
Asn1Sequence obj = (Asn1Sequence) Asn1Object.FromByteArray(pkcs12);
Pfx bag = new Pfx(obj);
ContentInfo info = bag.AuthSafe;
MacData mData = bag.MacData;
DigestInfo dInfo = mData.Mac;
AlgorithmIdentifier algId = dInfo.AlgorithmID;
byte[] salt = mData.GetSalt();
int itCount = mData.IterationCount.IntValue;
byte[] octets = ((Asn1OctetString) info.Content).GetOctets();
AuthenticatedSafe authSafe = new AuthenticatedSafe(
(Asn1Sequence) Asn1Object.FromByteArray(octets));
ContentInfo[] c = authSafe.GetContentInfo();
//
// private key section
//
if (!c[0].ContentType.Equals(PkcsObjectIdentifiers.Data))
{
Fail("Failed comparison data test");
}
octets = ((Asn1OctetString)c[0].Content).GetOctets();
Asn1Sequence seq = (Asn1Sequence) Asn1Object.FromByteArray(octets);
SafeBag b = new SafeBag((Asn1Sequence)seq[0]);
if (!b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag))
{
Fail("Failed comparison shroudedKeyBag test");
}
EncryptedPrivateKeyInfo encInfo = EncryptedPrivateKeyInfo.GetInstance(b.BagValue);
encInfo = new EncryptedPrivateKeyInfo(encInfo.EncryptionAlgorithm, encInfo.GetEncryptedData());
b = new SafeBag(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag, encInfo.ToAsn1Object(), b.BagAttributes);
byte[] encodedBytes = new DerSequence(b).GetEncoded();
c[0] = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(encodedBytes));
//
// certificates
//
if (!c[1].ContentType.Equals(PkcsObjectIdentifiers.EncryptedData))
{
Fail("Failed comparison encryptedData test");
}
EncryptedData eData = EncryptedData.GetInstance(c[1].Content);
c[1] = new ContentInfo(PkcsObjectIdentifiers.EncryptedData, eData);
//
// create an octet stream to represent the BER encoding of authSafe
//
authSafe = new AuthenticatedSafe(c);
info = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(authSafe.GetEncoded()));
mData = new MacData(new DigestInfo(algId, dInfo.GetDigest()), salt, itCount);
bag = new Pfx(info, mData);
//
// comparison test
//
if (!Arrays.AreEqual(bag.GetEncoded(), pkcs12))
{
Fail("Failed comparison test");
}
}
public byte[] GetPrivateKeyBlob(IntPtr context, KeyDerivation derive)
{
bool result, shouldFree = false;
NativeMethods.KeySpec addInfo = 0;
IntPtr hProv = IntPtr.Zero, hExportKey = IntPtr.Zero,
phSessionKey = IntPtr.Zero, userKey = IntPtr.Zero;
try {
result = NativeMethods.CryptAcquireCertificatePrivateKey(context, 0, IntPtr.Zero, ref hProv, ref addInfo, ref shouldFree);
if (!result)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
result = NativeMethods.CryptGetUserKey(hProv, (uint)addInfo, ref userKey);
if (!result)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
CheckPermission(userKey);
result = NativeMethods.CryptGenKey(hProv, EphemAlgId, 0, out phSessionKey);
if (!result)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
uint dhOIDsz = 50;
var dhOID = new byte[dhOIDsz];
result = NativeMethods.CryptGetKeyParam(phSessionKey, NativeMethods.KP_DHOID, dhOID, ref dhOIDsz, 0);
if (!result)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
dhOID = dhOID.Take((int)dhOIDsz - 1).ToArray();
var dhOIDstr = Encoding.ASCII.GetString(dhOID);
uint hashOIDsz = 50;
var hashOID = new byte[hashOIDsz];
result = NativeMethods.CryptGetKeyParam(phSessionKey, NativeMethods.KP_HASHOID, hashOID, ref hashOIDsz, 0);
if (!result)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
hashOID = hashOID.Take((int)hashOIDsz - 1).ToArray();
var hashOIDstr = Encoding.ASCII.GetString(hashOID);
uint pbdatalen = 0;
result = NativeMethods.CryptExportKey(phSessionKey, IntPtr.Zero, NativeMethods.PUBLICKEYBLOB, 0, null, ref pbdatalen);
if (!result)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
SessionKey = new byte[pbdatalen];
result = NativeMethods.CryptExportKey(phSessionKey, IntPtr.Zero, NativeMethods.PUBLICKEYBLOB, 0, SessionKey, ref pbdatalen);
if (!result)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
var blob = new CRYPT_PUBLICKEYBLOB {
reserved = 0,
bType = 6,
aiKeyAlg = (uint)KeyAlgId,
bVersion = 0x20,
Magic = NativeMethods.GR3410_1_MAGIC,
BitLen = PublicKeyLength
};
var dhOid = new DerObjectIdentifier(dhOIDstr);
var hashOid = new DerObjectIdentifier(hashOIDstr);
var seq = new DerSequence(dhOid, hashOid);
var keyData = seq.GetDerEncoded();
Array.Resize(ref keyData, 24);
blob.KeyData1 = BitConverter.ToUInt64(keyData, 0);
blob.KeyData2 = BitConverter.ToUInt64(keyData, 8);
blob.KeyData3 = BitConverter.ToUInt64(keyData, 16);
var blobData = blob.GetBytes();
var pbdata2 = new byte[BlobLength];
for (int i = 0; i < KeyOffset; ++i)
{
pbdata2[i] = blobData[i];
}
derive.Init(dhOid, hashOid);
var genkey = derive.GetPublicKeyBytes();
for (int i = 0, j = KeyOffset; i < genkey.Length; ++i, ++j)
{
pbdata2[j] = genkey[i];
}
result = NativeMethods.CryptImportKey(hProv, pbdata2, BlobLength, phSessionKey, 0, ref hExportKey);
if (!result)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
result = NativeMethods.CryptSetKeyParam(hExportKey, (int)NativeMethods.KP_ALGID, BitConverter.GetBytes((uint)ExportAlgId), 0);
if (!result)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
uint pkSize = 0;
result = NativeMethods.CryptExportKey(userKey, hExportKey, NativeMethods.PRIVATEKEYBLOB, 0, null, ref pkSize);
if (!result)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
var ret = new byte[pkSize];
result = NativeMethods.CryptExportKey(userKey, hExportKey, NativeMethods.PRIVATEKEYBLOB, 0, ret, ref pkSize);
if (!result)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
return(ret);
} catch (Win32Exception e) {
throw new CryptographicException(e.Message, e);
} finally {
if (shouldFree)
{
NativeMethods.CryptReleaseContext(hProv, 0);
}
if (hExportKey != IntPtr.Zero)
{
NativeMethods.CryptDestroyKey(hExportKey);
}
if (phSessionKey != IntPtr.Zero)
{
NativeMethods.CryptDestroyKey(phSessionKey);
}
if (userKey != IntPtr.Zero)
{
NativeMethods.CryptDestroyKey(userKey);
}
}
}
public SelfCertificateDialog(IServiceProvider serviceProvider, CertificatesFeature feature)
: base(serviceProvider)
{
InitializeComponent();
cbStore.SelectedIndex = 0;
cbLength.SelectedIndex = 3;
cbHashing.SelectedIndex = 1;
txtCommonName.Text = Environment.MachineName;
dtpFrom.Value = DateTime.Now;
dtpTo.Value = dtpFrom.Value.AddYears(1);
if (Environment.OSVersion.Version < Version.Parse("6.2"))
{
// IMPORTANT: WebHosting store is available since Windows 8.
cbStore.Enabled = false;
}
if (!Helper.IsRunningOnMono())
{
NativeMethods.TryAddShieldToButton(btnOK);
}
var container = new CompositeDisposable();
FormClosed += (sender, args) => container.Dispose();
container.Add(
Observable.FromEventPattern <EventArgs>(txtName, "TextChanged")
.ObserveOn(System.Threading.SynchronizationContext.Current)
.Subscribe(evt =>
{
btnOK.Enabled = !string.IsNullOrWhiteSpace(txtName.Text);
}));
container.Add(
Observable.FromEventPattern <EventArgs>(btnOK, "Click")
.ObserveOn(System.Threading.SynchronizationContext.Current)
.Subscribe(evt =>
{
var names = txtCommonName.Text;
if (string.IsNullOrWhiteSpace(names))
{
ShowMessage("DNS names cannot be empty.", MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1);
return;
}
var dnsNames = names.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries).Select(item => item.Trim()).ToArray();
if (dnsNames.Length == 0)
{
ShowMessage("DNS names cannot be empty.", MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1);
return;
}
// Generate certificate
string defaultIssuer = string.Format("CN={0}", dnsNames[0]);
string defaultSubject = defaultIssuer;
string subject = defaultSubject;
string issuer = defaultIssuer;
if (subject == null)
{
throw new Exception("Missing Subject Name");
}
DateTime notBefore = dtpFrom.Value;
DateTime notAfter = dtpTo.Value;
var random = new SecureRandom(new CryptoApiRandomGenerator());
var kpgen = new RsaKeyPairGenerator();
kpgen.Init(new KeyGenerationParameters(random, int.Parse(cbLength.Text)));
var cerKp = kpgen.GenerateKeyPair();
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
certGen.SetSerialNumber(serialNumber);
certGen.SetIssuerDN(new X509Name(issuer));
certGen.SetNotBefore(notBefore);
certGen.SetNotAfter(notAfter);
if (dnsNames.Length == 1)
{
certGen.SetSubjectDN(new X509Name(subject));
}
certGen.SetPublicKey(cerKp.Public);
certGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
var keyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(cerKp.Public);
certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, true, new SubjectKeyIdentifier(keyInfo));
certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, true, new AuthorityKeyIdentifier(keyInfo));
certGen.AddExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth));
if (cbGenerate.Checked)
{
var subjectAlternativeNames = new List <Asn1Encodable>();
foreach (var item in dnsNames)
{
subjectAlternativeNames.Add(new GeneralName(GeneralName.DnsName, item));
}
var subjectAlternativeNamesExtension = new DerSequence(subjectAlternativeNames.ToArray());
certGen.AddExtension(X509Extensions.SubjectAlternativeName, true, subjectAlternativeNamesExtension);
}
string hashName = cbHashing.SelectedIndex == 0 ? "SHA1WithRSA" : "SHA256WithRSA";
var factory = new Asn1SignatureFactory(hashName, cerKp.Private, random);
string p12File = Path.GetTempFileName();
string p12pwd = "test";
try
{
Org.BouncyCastle.X509.X509Certificate x509 = certGen.Generate(factory);
var store = new Pkcs12Store();
var certificateEntry = new X509CertificateEntry(x509);
var friendlyName = txtName.Text;
store.SetCertificateEntry(friendlyName, certificateEntry);
store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(cerKp.Private), new[] { certificateEntry });
var stream = new MemoryStream();
store.Save(stream, p12pwd.ToCharArray(), random);
File.WriteAllBytes(p12File, stream.ToArray());
Item = new X509Certificate2(p12File, p12pwd)
{
FriendlyName = friendlyName
};
Store = cbStore.SelectedIndex == 0 ? "Personal" : "WebHosting";
try
{
using var process = new Process();
// add certificate
var start = process.StartInfo;
start.Verb = "runas";
start.UseShellExecute = true;
start.FileName = "cmd";
start.Arguments = $"/c \"\"{CertificateInstallerLocator.FileName}\" /f:\"{p12File}\" /p:{p12pwd} /n:\"{txtName.Text}\" /s:{(cbStore.SelectedIndex == 0 ? "MY" : "WebHosting")}\"";
start.CreateNoWindow = true;
start.WindowStyle = ProcessWindowStyle.Hidden;
process.Start();
process.WaitForExit();
File.Delete(p12File);
if (process.ExitCode == 0)
{
DialogResult = DialogResult.OK;
}
else
{
ShowMessage(process.ExitCode.ToString(), MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1);
}
}
catch (Win32Exception ex)
{
// elevation is cancelled.
if (!Microsoft.Web.Administration.NativeMethods.ErrorCancelled(ex.NativeErrorCode))
{
RollbarLocator.RollbarInstance.Error(ex, new Dictionary <string, object> {
{ "native", ex.NativeErrorCode }
});
// throw;
}
}
catch (Exception ex)
{
RollbarLocator.RollbarInstance.Error(ex);
}
}
catch (Exception ex)
{
RollbarLocator.RollbarInstance.Error(ex);
ShowError(ex, Text, false);
return;
}
}));
container.Add(
Observable.FromEventPattern <CancelEventArgs>(this, "HelpButtonClicked")
.ObserveOn(System.Threading.SynchronizationContext.Current)
.Subscribe(EnvironmentVariableTarget =>
{
feature.ShowHelp();
}));
}
/// <summary>
/// Constructs a new EF_SOD file.
/// </summary>
/// <param name="data">bytes of the EF_DG1 file</param>
public SODFile(byte[] data)
{
MemoryStream dataStream = new MemoryStream(data);
BERTLVInputStream tlvStream = new BERTLVInputStream(dataStream);
int tag = tlvStream.readTag();
if (tag != IDGFile.EF_SOD_TAG)
{
throw new ArgumentException("Expected EF_SOD_TAG");
}
int length = tlvStream.readLength();
Asn1InputStream sodAsn1 = new Asn1InputStream(dataStream);
DerSequence seq = (DerSequence)sodAsn1.ReadObject();
DerObjectIdentifier objectIdentifier = (DerObjectIdentifier)seq[0];
//DerTaggedObject o = (DerTaggedObject)seq[1];
DerSequence s2 = (DerSequence)((DerTaggedObject)seq[1]).GetObject();
IEnumerator e = s2.GetEnumerator();
e.MoveNext();
DerInteger version = (DerInteger)e.Current;
e.MoveNext();
Asn1Set digestAlgorithms = (Asn1Set)e.Current;
e.MoveNext();
ContentInfo contentInfo = ContentInfo.GetInstance(e.Current);
Asn1Set signerInfos = null;
bool certsBer = false;
bool crlsBer = false;
Asn1Set certificates = null;
Asn1Set crls = null;
while (e.MoveNext())
{
Object o = e.Current;
if (o is Asn1TaggedObject)
{
Asn1TaggedObject tagged = (Asn1TaggedObject)o;
switch (tagged.TagNo)
{
case 0:
certsBer = tagged is BerTaggedObject;
certificates = Asn1Set.GetInstance(tagged, false);
break;
case 1:
crlsBer = tagged is BerTaggedObject;
crls = Asn1Set.GetInstance(tagged, false);
break;
default:
throw new ArgumentException("unknown tag value " + tagged.TagNo);
}
}
else
{
signerInfos = (Asn1Set)o;
}
}
_signedData = new SignedData(digestAlgorithms, contentInfo, certificates, crls, signerInfos);
byte[] content = ((DerOctetString)contentInfo.Content).GetOctets();
Asn1InputStream inStream = new Asn1InputStream(content);
_lds = new LdsSecurityObject((Asn1Sequence)inStream.ReadObject());
}
