public CertificateSigningService(SecurityConfiguration configuration)
{
using var streamReader = File.OpenText(configuration.PrivateKeyPath);
var pemReader = new PemReader(streamReader);
var @object = pemReader.ReadObject();
var asymmetricCipherKeyPair = @object as AsymmetricCipherKeyPair;
if (asymmetricCipherKeyPair != null)
{
@object = asymmetricCipherKeyPair.Private;
}
try
{
_privateKey = (RsaPrivateCrtKeyParameters)@object;
}
catch (InvalidCastException)
{
throw new Exception($"Invalid RSA private key (Path='{configuration.PrivateKeyPath}').");
}
}
public static RSA GetTestUserPlatformRsaProvider()
{
using (var stringReader = new StringReader(TestUserRsaPrivKey))
{
var pemReader = new PemReader(stringReader);
var rsaPrivKeyParams = pemReader.ReadObject() as RsaPrivateCrtKeyParameters;
RSAParameters rsaParams = new RSAParameters();
rsaParams.D = rsaPrivKeyParams.Exponent.ToByteArrayUnsigned();
rsaParams.DP = rsaPrivKeyParams.DP.ToByteArrayUnsigned();
rsaParams.DQ = rsaPrivKeyParams.DQ.ToByteArrayUnsigned();
rsaParams.Exponent = rsaPrivKeyParams.PublicExponent.ToByteArrayUnsigned();
rsaParams.InverseQ = rsaPrivKeyParams.QInv.ToByteArrayUnsigned();
rsaParams.Modulus = rsaPrivKeyParams.Modulus.ToByteArrayUnsigned();
rsaParams.P = rsaPrivKeyParams.P.ToByteArrayUnsigned();
rsaParams.Q = rsaPrivKeyParams.Q.ToByteArrayUnsigned();
return(RSA.Create(rsaParams));
}
}
public string GetSHA1withRSAKey(string pemTxtFilePath, string sData)
{
try
{
if (!File.Exists(pemTxtFilePath))
{
throw new Exception("PEM (txt) file not found.");
}
using (var reader = File.OpenText(pemTxtFilePath))
{
var pemReader = new PemReader(reader);
var bouncyRsaParameters = (RsaPrivateCrtKeyParameters)pemReader.ReadObject();
var rsaParameters = new RSAParameters();
rsaParameters.Modulus = bouncyRsaParameters.Modulus.ToByteArrayUnsigned();
rsaParameters.P = bouncyRsaParameters.P.ToByteArrayUnsigned();
rsaParameters.Q = bouncyRsaParameters.Q.ToByteArrayUnsigned();
rsaParameters.DP = bouncyRsaParameters.DP.ToByteArrayUnsigned();
rsaParameters.DQ = bouncyRsaParameters.DQ.ToByteArrayUnsigned();
rsaParameters.InverseQ = bouncyRsaParameters.QInv.ToByteArrayUnsigned();
rsaParameters.D = bouncyRsaParameters.Exponent.ToByteArrayUnsigned();
rsaParameters.Exponent = bouncyRsaParameters.PublicExponent.ToByteArrayUnsigned();
var privateKey = new RSACryptoServiceProvider();
privateKey.ImportParameters(rsaParameters);
var sha = new SHA1Managed();
UTF8Encoding str = new UTF8Encoding(true);
byte[] signedData = privateKey.SignData(str.GetBytes(sData), sha);
var result = Convert.ToBase64String(signedData);
return(result);
}
}
catch (Exception)
{
throw new Exception("Signing SHA1 with RSA failed.");
}
}
public SoftToken(string name, string certPath, string keyPath)
{
Name = name;
SharpOCSP.log.Debug("Configuring token: " + name);
SharpOCSP.log.Debug("Certificate path: " + certPath);
//Read OCSP signer certificate
try{
var ocspCertReader = new PemReader(new StreamReader(certPath));
_ocspCertificate = (X509Certificate)ocspCertReader.ReadObject();
}catch (System.UnauthorizedAccessException e) {
throw new OcspFilesystemException("Error reading ocsp certificate: " + keyPath, e);
}catch (FileNotFoundException e) {
throw new OcspFilesystemException("Error reading ocsp certificate: " + keyPath, e);
}
SharpOCSP.log.Debug("Certificate key path: " + keyPath);
//Read private key
try{
var keyReader = new PemReader(new StreamReader(keyPath));
var key_from_pem = keyReader.ReadObject();
RsaPrivateCrtKeyParameters private_key = key_from_pem as RsaPrivateCrtKeyParameters;
AsymmetricCipherKeyPair private_key_pair = key_from_pem as AsymmetricCipherKeyPair;
if (private_key != null)
{
_privateKey = private_key;
}
else if (private_key_pair != null)
{
_privateKey = (RsaPrivateCrtKeyParameters)private_key_pair.Private;
}
else
{
throw new OcspFilesystemException("Error reading private key: " + keyPath);
}
}catch (System.UnauthorizedAccessException e) {
throw new OcspFilesystemException("Can't access private key path: " + keyPath, e);
}catch (FileNotFoundException e) {
throw new OcspFilesystemException("PEM file doesn't exist: " + keyPath, e);
}catch (InvalidCastException e) {
throw new OcspFilesystemException("Is it PEM really?: " + keyPath, e);
}
}
public static string GenerateToken(IConfiguration config)
{
// retrieve appID and privateKey from configuration
var appId = config["Authentication:appId"];
var priavteKeyPath = config["Authentication:privateKey"];
string privateKey = "";
using (var reader = File.OpenText(priavteKeyPath)) // file containing RSA PKCS1 private key
privateKey = reader.ReadToEnd();
//generate claims list
const int SECONDS_EXPIRY = 3600;
var t = DateTime.UtcNow - new DateTime(1970, 1, 1);
var iat = new Claim("iat", ((Int32)t.TotalSeconds).ToString(), ClaimValueTypes.Integer32); // Unix Timestamp for right now
var application_id = new Claim("application_id", appId); // Current app ID
var exp = new Claim("exp", ((Int32)(t.TotalSeconds + SECONDS_EXPIRY)).ToString(), ClaimValueTypes.Integer32); // Unix timestamp for when the token expires
var jti = new Claim("jti", Guid.NewGuid().ToString()); // Unique Token ID
var claims = new List <Claim>()
{
iat, application_id, exp, jti
};
//create rsa parameters
RSAParameters rsaParams;
using (var tr = new StringReader(privateKey))
{
var pemReader = new PemReader(tr);
var kp = pemReader.ReadObject();
var privateRsaParams = kp as RsaPrivateCrtKeyParameters;
rsaParams = DotNetUtilities.ToRSAParameters(privateRsaParams);
}
//generate and return JWT
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.ImportParameters(rsaParams);
Dictionary <string, object> payload = claims.ToDictionary(k => k.Type, v => (object)v.Value);
return(Jose.JWT.Encode(payload, rsa, Jose.JwsAlgorithm.RS256));
}
}
public void ValidateToken_V1_S_2()
{
const string token = "v1.public.eyJkYXRhIjoidGhpcyBpcyBhIHNpZ25lZCBtZXNzYWdlIiw" +
"iZXhwIjoiMjAxOS0wMS0wMVQwMDowMDowMCswMDowMCJ9sBTIb0J_4mis" +
"AuYc4-6P5iR1rQighzktpXhJ8gtrrp2MqSSDkbb8q5WZh3FhUYuW_rg2X" +
"8aflDlTWKAqJkM3otjYwtmfwfOhRyykxRL2AfmIika_A-_MaLp9F0iw4S" +
"1JetQQDV8GUHjosd87TZ20lT2JQLhxKjBNJSwWue8ucGhTgJcpOhXcthq" +
"az7a2yudGyd0layzeWziBhdQpoBR6ryTdtIQX54hP59k3XCIxuYbB9qJM" +
"pixiPAEKBcjHT74sA-uukug9VgKO7heWHwJL4Rl9ad21xyNwaxAnwAJ7C" +
"0fN5oGv8Rl0dF11b3tRmsmbDoIokIM0Dba29x_T3YzOyg.eyJraWQiOiJ" +
"kWWtJU3lseFFlZWNFY0hFTGZ6Rjg4VVpyd2JMb2xOaUNkcHpVSEd3OVVx" +
"biJ9";
const string pem = "-----BEGIN PUBLIC KEY-----\n" +
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaTgTt53ph3p\n" +
"5GHgwoGWwz5hRfWXSQA08NCOwe0FEgALWos9GCjNFCd723nCHxBtN1qd\n" +
"74MSh/uN88JPIbwxKheDp4kxo4YMN5trPaF0e9G6Bj1N02HnanxFLW+g\n" +
"mLbgYO/SZYfWF/M8yLBcu5Y1Ot0ZxDDDXS9wIQTtBE0ne3YbxgZJAZTU\n" +
"5XqyQ1DxdzYyC5lF6yBaR5UQtCYTnXAApVRuUI2Sd6L1E2vl9bSBumZ5\n" +
"IpNxkRnAwIMjeTJB/0AIELh0mE5vwdihOCbdV6alUyhKC1+1w/FW6HWc\n" +
"p/JG1kKC8DPIidZ78Bbqv9YFzkAbNni5eSBOsXVBKG78Zsc8owIDAQAB\n" +
"-----END PUBLIC KEY-----";
// {"data":"this is a signed message", "exp":"2019-01-01T00:00:00+00:00"}
// footer = {"kid":"dYkISylxQeecEcHELfzF88UZrwbLolNiCdpzUHGw9Uqn"}
var reader = new PemReader(new StringReader(pem));
var pemObject = (RsaKeyParameters)reader.ReadObject();
var rsaKey = RSA.Create(DotNetUtilities.ToRSAParameters(pemObject));
var handler = new PasetoTokenHandler();
var result = handler.ValidateToken(token, new TokenValidationParameters
{
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = false,
IssuerSigningKey = new RsaSecurityKey(rsaKey)
});
result.IsValid.Should().BeTrue();
}
public TimeBasedService(
IV2RayCollectService v2ray,
IAsymmetric asymmetric,
ISymmetric symmetric,
IHttpClientFactory factory,
IConfiguration configuration)
{
this.v2rayService = v2ray;
this.http = factory.CreateClient();
this.asymmetric = asymmetric;
this.symmetric = symmetric;
string path = configuration.GetValue <string>("PublicKey");
using (TextReader reader = File.OpenText(path))
{
PemReader pem = new PemReader(reader);
var pemObject = pem.ReadObject();
this.parameter = pemObject as AsymmetricKeyParameter;
}
http.BaseAddress = new Uri(configuration.GetConnectionString("DataServer"));
}
/// <summary>
/// Create an RSA parameter based on XML format public key
/// </summary>
/// <param name="publicKey"></param>
/// <returns>RSAParameters</returns>
protected sealed override RSAParameters CreateRsapFromPublicKey(string publicKey)
{
publicKey = RsaPemFormatHelper.PublicKeyFormat(publicKey);
PemReader pr = new PemReader(new StringReader(publicKey));
object obj = pr.ReadObject();
if (!(obj is RsaKeyParameters rsaKey))
{
throw new Exception("Public key format is incorrect");
}
RSAParameters rsap = new RSAParameters();
rsap.Modulus = rsaKey.Modulus.ToByteArrayUnsigned();
rsap.Exponent = rsaKey.Exponent.ToByteArrayUnsigned();
return(rsap);
}
private string CreateToken(Dictionary <string, object> payload)
{
RSAParameters rsaParams;
using (var tr = new StringReader(this.PrivateKey))
{
var pemReader = new PemReader(tr);
var keyPair = pemReader.ReadObject() as AsymmetricCipherKeyPair;
if (keyPair == null)
{
throw new ArgumentException("Could not read RSA PrivateKey, please check your keys.\n See how generate a valid key: https://gist.github.com/ThiagoBarradas/e58ac282665306977777ffa3f32df376");
}
var privateRsaParams = keyPair.Private as RsaPrivateCrtKeyParameters;
rsaParams = DotNetUtilities.ToRSAParameters(privateRsaParams);
}
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.ImportParameters(rsaParams);
return(Jose.JWT.Encode(payload, rsa, Jose.JwsAlgorithm.RS256));
}
}
/// <summary>
/// Public Key Convert pem->xml
/// </summary>
/// <param name="publicKey"></param>
/// <returns></returns>
public static string RSAPublicKeyPemToXml(string publicKey)
{
publicKey = RSAPublicKeyFormat(publicKey);
PemReader pr = new PemReader(new StringReader(publicKey));
RsaKeyParameters rsaKey = pr.ReadObject() as RsaKeyParameters;
if (rsaKey == null)
{
throw new Exception("Public key format is incorrect");
}
XElement publicElement = new XElement("RSAKeyValue");
//Modulus
XElement pubmodulus = new XElement("Modulus", Convert.ToBase64String(rsaKey.Modulus.ToByteArrayUnsigned()));
//Exponent
XElement pubexponent = new XElement("Exponent", Convert.ToBase64String(rsaKey.Exponent.ToByteArrayUnsigned()));
publicElement.Add(pubmodulus);
publicElement.Add(pubexponent);
return(publicElement.ToString());
}
//private RSACryptoServiceProvider _RSAAlg;
public RsaDecrypter(String pk)
{
//_RSAAlg = new RSACryptoServiceProvider();
//RSAParameters rsap = new RSAParameters();
using (TextReader tr = new StringReader(pk))
{
//byte[] bytes = new byte[pk.Length*sizeof (char)];
//System.Buffer.BlockCopy(pk.ToCharArray(), 0, bytes, 0, bytes.Length);
AsymmetricCipherKeyPair keyPair;
var pemReader = new PemReader(tr);
keyPair = (AsymmetricCipherKeyPair)pemReader.ReadObject();
this.PrivateKey = (RsaKeyParameters)keyPair.Private;
//Console.WriteLine(_privateKey.ToString());
this.Cipher = new RsaEngine();
this.Cipher.Init(false, this.PrivateKey);
}
}
private static SecurityKey LoadPublicKey(this string publicKeyPem)
{
using (StringReader reader = new StringReader(publicKeyPem))
{
PemReader pem = new PemReader(reader);
AsymmetricKeyParameter o = (AsymmetricKeyParameter)pem.ReadObject();
if (o is RsaKeyParameters rsaKeyParameters)
{
return(new RsaSecurityKey(DotNetUtilities.ToRSA(rsaKeyParameters)));
}
if (o is ECPublicKeyParameters eCPublicKeyParameters)
{
byte[] publicKey = eCPublicKeyParameters.Q.GetEncoded();
return(new ECDsaSecurityKey(LoadPublicKey(publicKey)));
}
return(null);
}
}
private static SecurityKey LoadPrivateKey(string privateKeyPem)
{
using (StringReader reader = new StringReader(privateKeyPem))
{
PemReader pem = new PemReader(reader);
AsymmetricCipherKeyPair o = (AsymmetricCipherKeyPair)pem.ReadObject();
if (o.Private is RsaPrivateCrtKeyParameters rsaPrivateCrtKeyParameters)
{
return(new RsaSecurityKey(DotNetUtilities.ToRSA(rsaPrivateCrtKeyParameters)));
}
if (o.Private is ECPrivateKeyParameters eCPrivateKeyParameters)
{
byte[] privateKey = eCPrivateKeyParameters.D.ToByteArrayUnsigned();
return(new ECDsaSecurityKey(LoadPrivateKey(privateKey)));
}
return(null);
}
}
public string CreateToken(TToken data)
{
RSAParameters rsaParams;
using (var tr = new StringReader(_keyProvider.Key))
{
var pemReader = new PemReader(tr, _passwordFinder);
if (!(pemReader.ReadObject() is AsymmetricCipherKeyPair keyPair))
{
throw new Exception("Could not read RSA private key");
}
var privateRsaParams = keyPair.Private as RsaPrivateCrtKeyParameters;
rsaParams = DotNetUtilities.ToRSAParameters(privateRsaParams);
}
using (var rsa = new RSACryptoServiceProvider())
{
rsa.ImportParameters(rsaParams);
return(JWT.Encode(data, rsa, JwsAlgorithm.RS256));
}
}
public void WriterTest()
{
string dir = @"/tmp/";
if (Directory.Exists(Path.Combine(dir, "certs")))
{
Directory.Delete(Path.Combine(dir, "certs"), true);
}
string chainIdStr = "0xb84fe09f32ac58fccf8946c42d81532370621acb000554b0e15a0affc6b4502d";
var certificateStore = new CertificateStore(dir);
var keyPair =
certificateStore.WriteKeyAndCertificate(chainIdStr, "192.168.197.39");
using (StreamReader streamReader = new StreamReader(Path.Combine(dir, "certs", chainIdStr + ".cert.pem")))
{
PemReader pr = new PemReader(streamReader);
X509Certificate certificate = (X509Certificate)pr.ReadObject();
Assert.Equal(keyPair.PublicKey, certificate.GetPublicKey());
}
Directory.Delete(Path.Combine(dir, "certs"), true);
}
private void doWriteReadTest(
AsymmetricKeyParameter akp,
string algorithm)
{
StringWriter sw = new StringWriter();
PemWriter pw = new PemWriter(sw);
pw.WriteObject(akp, algorithm, testPassword, random);
pw.Writer.Close();
string data = sw.ToString();
PemReader pr = new PemReader(new StringReader(data), new Password(testPassword));
AsymmetricCipherKeyPair kp = pr.ReadObject() as AsymmetricCipherKeyPair;
if (kp == null || !kp.Private.Equals(akp))
{
Fail("Failed to read back test key encoded with: " + algorithm);
}
}
internal string CreateToken(Dictionary <string, object> payload)
{
RSAParameters rsaParams;
using (var tr = new StringReader(privateKey))
{
var pemReader = new PemReader(tr);
var keyPair = pemReader.ReadObject() as AsymmetricCipherKeyPair;
if (keyPair == null)
{
throw new Exception("Could not read RSA private key");
}
var privateRsaParams = keyPair.Private as RsaPrivateCrtKeyParameters;
rsaParams = DotNetUtilities.ToRSAParameters(privateRsaParams);
}
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.ImportParameters(rsaParams);
return(Jose.JWT.Encode(payload, rsa, Jose.JwsAlgorithm.RS256));
}
}
static void Main(string[] args)
{
string privateKeyText = File.ReadAllText(Environment.CurrentDirectory + @"\PEMKeys\app_private_key.pem");
string publicKeyText = File.ReadAllText(Environment.CurrentDirectory + @"\PEMKeys\app_public_key.pem");
PemReader privateKeyPemReader = new PemReader(new StringReader(privateKeyText));
RsaPrivateCrtKeyParameters privateKey = (privateKeyPemReader.ReadObject() as AsymmetricCipherKeyPair).Private as RsaPrivateCrtKeyParameters;
PemReader publicKeyPemReader = new PemReader(new StringReader(publicKeyText));
RsaKeyParameters publicKey = publicKeyPemReader.ReadObject() as RsaKeyParameters;
var privateKeyXmlString = DotNetUtilities.ToRSA(privateKey).ToXmlString(true);
var publicKeyXmlString = DotNetUtilities.ToRSA(publicKey).ToXmlString(false);
var verified1 = Test_SHA1withRSA_Sign_Verify_With_DotNet(privateKeyXmlString, publicKeyXmlString);
var verified2 = Test_SHA1withRSA_Sign_Verify_With_BouncyCastle(privateKey, publicKey);
var verified3 = Test_SHA1withRSA_Sign_With_BouncyCastle_Then_Verify_With_DotNet(privateKey, publicKeyXmlString);
var verified4 = Test_SHA1withRSA_Sign_With_DotNet_Then_Verify_With_BouncyCastle(privateKeyXmlString, publicKey);
Console.WriteLine("{0}, {1}, {2}, {3}", verified1, verified2, verified3, verified4);
}
private void EncryptedTest(AsymmetricKeyParameter privKey, string algorithm)
{
StringWriter sw = new StringWriter();
PemWriter pWrt = new PemWriter(sw);
Pkcs8Generator pkcs8 = new Pkcs8Generator(privKey, algorithm);
pkcs8.Password = "******".ToCharArray();
pWrt.WriteObject(pkcs8);
pWrt.Writer.Close();
String result = sw.ToString();
PemReader pRd = new PemReader(new StringReader(result), new Password("hello".ToCharArray()));
AsymmetricKeyParameter rdKey = (AsymmetricKeyParameter)pRd.ReadObject();
pRd.Reader.Close();
Assert.AreEqual(privKey, rdKey);
}
public static string DecodeToken(string token, string publicRsaKey)
{
RSAParameters rsaParams;
using (var tr = new StringReader(publicRsaKey))
{
var pemReader = new PemReader(tr);
var publicKeyParams = pemReader.ReadObject() as RsaKeyParameters;
if (publicKeyParams == null)
{
throw new Exception("Could not read RSA public key");
}
rsaParams = DotNetUtilities.ToRSAParameters(publicKeyParams);
}
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.ImportParameters(rsaParams);
// This will throw if the signature is invalid
return(Jose.JWT.Decode(token, rsa, Jose.JwsAlgorithm.RS256));
}
}
/// <summary>
/// 签名方式1
/// </summary>
/// <param name="data">签名内容的json串格式</param>
/// <param name="pemFile">私钥文件物理路径</param>
/// <returns></returns>
public static string CreateSignedToken(string data, string pemFile)
{
var ts = DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0);
//5分钟内有效
var exp = ts.TotalMilliseconds + 30000;
var payload = new Dictionary <string, object>
{
{ "sub", "tester" },
{ "exp", exp },
{ "datas", GetMd5(data) }
};
using (StreamReader reader = File.OpenText(pemFile))
{
PemReader pemReader = new PemReader(reader);
AsymmetricCipherKeyPair keyPair = (AsymmetricCipherKeyPair)pemReader.ReadObject();
RSA privateKey = DotNetUtilities.ToRSA((RsaPrivateCrtKeyParameters)keyPair.Private);
return(JWT.Encode(payload, privateKey, JwsAlgorithm.PS256));
}
}
public static string GetPublicKeyPEMfromCert(string certPem)
{
// 証明書の読み込み
var pemReader = new PemReader(new StringReader(certPem));
var readedCert = (Org.BouncyCastle.X509.X509Certificate)pemReader.ReadObject();
// Get
var publicKey = readedCert.GetPublicKey();
// ToPem
var mem = new MemoryStream();
using (var writer = new StreamWriter(mem, Encoding.ASCII)) {
var pemWriter = new PemWriter(writer);
pemWriter.WriteObject(publicKey);
pemWriter.Writer.Flush();
}
var pem = Encoding.UTF8.GetString(mem.ToArray());
return(pem);
}
public static bool ECVerify(string signedData, string signature, string publicKey)
{
try
{
byte[] r = Convert.FromBase64String(signature);
byte[] s = Encoding.UTF8.GetBytes(signedData);
PemReader pemReader = new PemReader(new StringReader(publicKey));
AsymmetricKeyParameter pKey = (AsymmetricKeyParameter)pemReader.ReadObject();
ECKeyParameters publicECKey = (ECKeyParameters)pKey;
ISigner sig = SignerUtilities.GetSigner("Sha512WithECDSA");
sig.Init(false, publicECKey);
sig.BlockUpdate(s, 0, s.Length);
return(sig.VerifySignature(r));
}
catch (Exception ex)
{
throw ex;
}
}
private static X509Certificate2 LoadFromPem(string certPath, string keyPath)
{
try
{
using (var certWithoutPrivateKey = new X509Certificate2(certPath))
using (var keyFile = File.OpenText(keyPath))
{
// Workaround https://github.com/dotnet/corefx/issues/20414
var pemReader = new PemReader(keyFile);
var pemObj = pemReader.ReadObject();
switch (pemObj)
{
case RsaPrivateCrtKeyParameters rsaParams:
{
var rsa = CreateRSA(rsaParams);
// See https://github.com/dotnet/corefx/issues/24454#issuecomment-388231655
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
using (var certWithKey = certWithoutPrivateKey.CopyWithPrivateKey(rsa))
{
return(new X509Certificate2(certWithKey.Export(X509ContentType.Pkcs12)));
}
}
else
{
// Only works on Linux/macOS
return(certWithoutPrivateKey.CopyWithPrivateKey(rsa));
}
}
}
throw new InvalidOperationException($"Failed to read private key from '{keyPath}'. Unexpected format: " + pemObj.GetType().Name);
}
}
catch (Exception ex)
{
throw new InvalidOperationException($"Failed to load certificate file from '{certPath}' and '{keyPath}'", ex);
}
}
public void loadKey(String filein, String privateKeyFile)
{
byte[] cipherTextBytes = File.ReadAllBytes(filein);
PemReader pr = new PemReader(
(StreamReader)File.OpenText(privateKeyFile)
); //"./private.pem"
AsymmetricCipherKeyPair keys = (AsymmetricCipherKeyPair)pr.ReadObject();
OaepEncoding eng = new OaepEncoding(new RsaEngine());
eng.Init(false, keys.Private);
int length = cipherTextBytes.Length;
int blockSize = eng.GetInputBlockSize();
List <byte> plainTextBytes = new List <byte>();
for (int chunkPosition = 0;
chunkPosition < length;
chunkPosition += blockSize)
{
int chunkSize = Math.Min(blockSize, length - chunkPosition);
plainTextBytes.AddRange(eng.ProcessBlock(
cipherTextBytes, chunkPosition, chunkSize
));
}
//Inicializar encryptor
var aes = new AesCryptoServiceProvider();
//aes.GenerateKey();
byte[] clave = plainTextBytes.ToArray();
byte[] iv = Convert.FromBase64String("Enf3G3rTMC7lwBJmtVcRvQ==");
aes = new AesCryptoServiceProvider();
encryptor = aes.CreateEncryptor(clave, iv);
decryptor = aes.CreateDecryptor(clave, iv);
AESKey = Convert.ToBase64String(plainTextBytes.ToArray());
}
public static string loadsslx509(string password)
{
UnicodeEncoding ByteConverter = new UnicodeEncoding();
string certificate = @"E:\Safcomcert\certg.cer";
//load cert to a X509
//X509Certificate cert = X509Certificate.CreateFromCertFile(certificate);
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(2048))
{
/**get an instance of RSAParameters from ExportParameters function
* RSAParameters rsakeyinfo = RSA.ExportParameters(false);
* rsakeyinfo.Modulus = cert.GetPublicKey();
* var kj =Convert.ToBase64String(cert.GetPublicKey());
* //Import key parameters into RSA.
* RSA.ImportParameters(rsakeyinfo);
* return Convert.ToBase64String(RSA.Encrypt(Encoding.UTF8.GetBytes(password), RSAEncryptionPadding.Pkcs1));
**/
var plainTextBytes = Encoding.UTF8.GetBytes(password);
PemReader pr = new PemReader(File.OpenText(certificate));
X509Certificate cert = (X509Certificate)pr.ReadObject();
//PKCS1 v1.5 paddings
Pkcs1Encoding eng = new Pkcs1Encoding(new RsaEngine());
eng.Init(true, cert.GetPublicKey());
int length = plainTextBytes.Length;
int blockSize = eng.GetInputBlockSize();
List <byte> cipherTextBytes = new List <byte>();
for (int chunkPosition = 0;
chunkPosition < length;
chunkPosition += blockSize)
{
int chunkSize = Math.Min(blockSize, length - chunkPosition);
cipherTextBytes.AddRange(eng.ProcessBlock(
plainTextBytes, chunkPosition, chunkSize
));
}
return(Convert.ToBase64String(cipherTextBytes.ToArray()));
}
}
// dsa public pem 转 xml
private static void DSAPublicPEM2XML()
{
DSA dsa;
using (var rdr = new StreamReader("D:\\dsapub.pem"))
{
var pr = new PemReader(rdr);
var o = pr.ReadObject() as DsaPublicKeyParameters;
var prm = new CspParameters(13);
prm.Flags = CspProviderFlags.UseMachineKeyStore;
dsa = new DSACryptoServiceProvider(prm);
var dp = new DSAParameters
{
G = o.Parameters.G.ToByteArrayUnsigned(),
P = o.Parameters.P.ToByteArrayUnsigned(),
Q = o.Parameters.Q.ToByteArrayUnsigned(),
Y = o.Y.ToByteArrayUnsigned()
};
if (o.Parameters.ValidationParameters != null)
{
dp.Counter = o.Parameters.ValidationParameters.Counter;
dp.Seed = o.Parameters.ValidationParameters.GetSeed();
}
dsa.ImportParameters(dp);
}
// 写入xml文件
using (var fs = new FileStream("D:\\xtoken.pubkey", FileMode.Create, FileAccess.Write))
{
var sw = new StreamWriter(fs);
var xml = dsa.ToXmlString(false);
sw.Write(xml);
sw.Flush();
sw.Dispose();
}
}
/// <summary>
/// Initializes a new instance of the <see cref="MimeKit.Cryptography.DkimSigner"/> class.
/// </summary>
/// <remarks>
/// Creates a new <see cref="DkimSigner"/>.
/// </remarks>
/// <param name="fileName">The file containing the private key.</param>
/// <param name="domain">The domain that the signer represents.</param>
/// <param name="selector">The selector subdividing the domain.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="fileName"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="domain"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="selector"/> is <c>null</c>.</para>
/// </exception>
/// <exception cref="System.ArgumentException">
/// <paramref name="fileName"/> is a zero-length string, contains only white space, or
/// contains one or more invalid characters as defined by
/// <see cref="System.IO.Path.InvalidPathChars"/>.
/// </exception>
/// <exception cref="System.FormatException">
/// The file did not contain a private key.
/// </exception>
/// <exception cref="System.IO.DirectoryNotFoundException">
/// <paramref name="fileName"/> is an invalid file path.
/// </exception>
/// <exception cref="System.IO.FileNotFoundException">
/// The specified file path could not be found.
/// </exception>
/// <exception cref="System.UnauthorizedAccessException">
/// The user does not have access to read the specified file.
/// </exception>
/// <exception cref="System.IO.IOException">
/// An I/O error occurred.
/// </exception>
public DkimSigner(string fileName, string domain, string selector)
{
if (fileName == null)
{
throw new ArgumentNullException("fileName");
}
if (fileName.Length == 0)
{
throw new ArgumentException("The file name cannot be empty.", "fileName");
}
if (domain == null)
{
throw new ArgumentNullException("domain");
}
if (selector == null)
{
throw new ArgumentNullException("selector");
}
AsymmetricCipherKeyPair key;
using (var stream = new StreamReader(fileName)) {
var reader = new PemReader(stream);
key = reader.ReadObject() as AsymmetricCipherKeyPair;
}
if (key == null)
{
throw new FormatException("Private key not found.");
}
SignatureAlgorithm = DkimSignatureAlgorithm.RsaSha256;
PrivateKey = key.Private;
Selector = selector;
Domain = domain;
}
/// <summary>
/// 采用标准RSA算法
/// </summary>
/// <param name="EncryptString"></param>
/// <returns></returns>
public async static Task <string> RSAEncrypt(string EncryptString)
{
// var pempath = $"{Environment.CurrentDirectory}/{ConfigHelper.Configuration["WeChatPay:RsaPublicKey"]}";
if (!File.Exists(WxPayConfig.pempath))
{
var PublicKey = await WxPayApi.Getpublickey();
if (!string.IsNullOrWhiteSpace(PublicKey))
{
File.WriteAllText(WxPayConfig.pempath, PublicKey);
}
else
{
return("获取公钥失败!");
}
}
string R;
// 加载公钥
RsaKeyParameters pubkey;
using (var sr = new StreamReader(WxPayConfig.pempath))
{
var pemReader = new PemReader(sr);
pubkey = (RsaKeyParameters)pemReader.ReadObject();
}
// 初始化cipher
var cipher =
(BufferedAsymmetricBlockCipher)CipherUtilities.GetCipher("RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING");
cipher.Init(true, pubkey);
// 加密message
var message = Encoding.UTF8.GetBytes(EncryptString);
var output = EncryptUtil.Encrypt(message, cipher);
R = Convert.ToBase64String(output);
return(R);
}
public static string PublicKeyPemPkcs8ToXml(string publicKey)
{
var pemReader = new PemReader(new StringReader(publicKey.AppendPkcs8PublicKeyFormat()));
if (pemReader.ReadObject() is not RsaKeyParameters rsaKey)
{
throw new Exception("Public key format is incorrect");
}
var publicElement = new XElement("RSAKeyValue");
//Modulus
var publicModulus = new XElement("Modulus", Convert.ToBase64String(rsaKey.Modulus.ToByteArrayUnsigned()));
//Exponent
var publicExponent = new XElement("Exponent", Convert.ToBase64String(rsaKey.Exponent.ToByteArrayUnsigned()));
publicElement.Add(publicModulus);
publicElement.Add(publicExponent);
return(publicElement.ToString());
}
public override void PerformTest()
{
IPasswordFinder pGet = new Password("secret".ToCharArray());
PemReader pemRd = OpenPemResource("test.pem", pGet);
IAsymmetricCipherKeyPair pair;
object o;
while ((o = pemRd.ReadObject()) != null)
{
// if (o is AsymmetricCipherKeyPair)
// {
// ackp = (AsymmetricCipherKeyPair)o;
//
// Console.WriteLine(ackp.Public);
// Console.WriteLine(ackp.Private);
// }
// else
// {
// Console.WriteLine(o.ToString());
// }
}
//
// pkcs 7 data
//
pemRd = OpenPemResource("pkcs7.pem", null);
ContentInfo d = (ContentInfo)pemRd.ReadObject();
if (!d.ContentType.Equals(CmsObjectIdentifiers.EnvelopedData))
{
Fail("failed envelopedData check");
}
/*
{
//
// ECKey
//
pemRd = OpenPemResource("eckey.pem", null);
// TODO Resolve return type issue with EC keys and fix PemReader to return parameters
// ECNamedCurveParameterSpec spec = (ECNamedCurveParameterSpec)pemRd.ReadObject();
pair = (AsymmetricCipherKeyPair)pemRd.ReadObject();
ISigner sgr = SignerUtilities.GetSigner("ECDSA");
sgr.Init(true, pair.Private);
byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
sgr.BlockUpdate(message, 0, message.Length);
byte[] sigBytes = sgr.GenerateSignature();
sgr.Init(false, pair.Public);
sgr.BlockUpdate(message, 0, message.Length);
if (!sgr.VerifySignature(sigBytes))
{
Fail("EC verification failed");
}
// TODO Resolve this issue with the algorithm name, study Java version
// if (!((ECPublicKeyParameters) pair.Public).AlgorithmName.Equals("ECDSA"))
// {
// Fail("wrong algorithm name on public got: " + ((ECPublicKeyParameters) pair.Public).AlgorithmName);
// }
//
// if (!((ECPrivateKeyParameters) pair.Private).AlgorithmName.Equals("ECDSA"))
// {
// Fail("wrong algorithm name on private got: " + ((ECPrivateKeyParameters) pair.Private).AlgorithmName);
// }
}
*/
//
// writer/parser test
//
IAsymmetricCipherKeyPairGenerator kpGen = GeneratorUtilities.GetKeyPairGenerator("RSA");
kpGen.Init(
new RsaKeyGenerationParameters(
BigInteger.ValueOf(0x10001),
new SecureRandom(),
768,
25));
pair = kpGen.GenerateKeyPair();
keyPairTest("RSA", pair);
// kpGen = KeyPairGenerator.getInstance("DSA");
// kpGen.initialize(512, new SecureRandom());
DsaParametersGenerator pGen = new DsaParametersGenerator();
pGen.Init(512, 80, new SecureRandom());
kpGen = GeneratorUtilities.GetKeyPairGenerator("DSA");
kpGen.Init(
new DsaKeyGenerationParameters(
new SecureRandom(),
pGen.GenerateParameters()));
pair = kpGen.GenerateKeyPair();
keyPairTest("DSA", pair);
//
// PKCS7
//
MemoryStream bOut = new MemoryStream();
PemWriter pWrt = new PemWriter(new StreamWriter(bOut));
pWrt.WriteObject(d);
pWrt.Writer.Close();
pemRd = new PemReader(new StreamReader(new MemoryStream(bOut.ToArray(), false)));
d = (ContentInfo)pemRd.ReadObject();
if (!d.ContentType.Equals(CmsObjectIdentifiers.EnvelopedData))
{
Fail("failed envelopedData recode check");
}
// OpenSSL test cases (as embedded resources)
doOpenSslDsaTest("unencrypted");
doOpenSslRsaTest("unencrypted");
doOpenSslTests("aes128");
doOpenSslTests("aes192");
doOpenSslTests("aes256");
doOpenSslTests("blowfish");
doOpenSslTests("des1");
doOpenSslTests("des2");
doOpenSslTests("des3");
doOpenSslTests("rc2_128");
doOpenSslDsaTest("rc2_40_cbc");
doOpenSslRsaTest("rc2_40_cbc");
doOpenSslDsaTest("rc2_64_cbc");
doOpenSslRsaTest("rc2_64_cbc");
// TODO Figure out why exceptions differ for commented out cases
doDudPasswordTest("7fd98", 0, "Corrupted stream - out of bounds length found");
doDudPasswordTest("ef677", 1, "Corrupted stream - out of bounds length found");
// doDudPasswordTest("800ce", 2, "cannot recognise object in stream");
doDudPasswordTest("b6cd8", 3, "DEF length 81 object truncated by 56");
doDudPasswordTest("28ce09", 4, "DEF length 110 object truncated by 28");
doDudPasswordTest("2ac3b9", 5, "DER length more than 4 bytes: 11");
doDudPasswordTest("2cba96", 6, "DEF length 100 object truncated by 35");
doDudPasswordTest("2e3354", 7, "DEF length 42 object truncated by 9");
doDudPasswordTest("2f4142", 8, "DER length more than 4 bytes: 14");
doDudPasswordTest("2fe9bb", 9, "DER length more than 4 bytes: 65");
doDudPasswordTest("3ee7a8", 10, "DER length more than 4 bytes: 57");
doDudPasswordTest("41af75", 11, "malformed sequence in DSA private key");
doDudPasswordTest("1704a5", 12, "corrupted stream detected");
// doDudPasswordTest("1c5822", 13, "corrupted stream detected");
// doDudPasswordTest("5a3d16", 14, "corrupted stream detected");
doDudPasswordTest("8d0c97", 15, "corrupted stream detected");
doDudPasswordTest("bc0daf", 16, "corrupted stream detected");
doDudPasswordTest("aaf9c4d",17, "Corrupted stream - out of bounds length found");
// encrypted private key test
pGet = new Password("password".ToCharArray());
pemRd = OpenPemResource("enckey.pem", pGet);
RsaPrivateCrtKeyParameters privKey = (RsaPrivateCrtKeyParameters)pemRd.ReadObject();
if (!privKey.PublicExponent.Equals(new BigInteger("10001", 16)))
{
Fail("decryption of private key data check failed");
}
// general PKCS8 test
pGet = new Password("password".ToCharArray());
pemRd = OpenPemResource("pkcs8test.pem", pGet);
while ((privKey = (RsaPrivateCrtKeyParameters)pemRd.ReadObject()) != null)
{
if (!privKey.PublicExponent.Equals(new BigInteger("10001", 16)))
{
Fail("decryption of private key data check failed");
}
}
}
private void keyPairTest(
string name,
IAsymmetricCipherKeyPair pair)
{
MemoryStream bOut = new MemoryStream();
PemWriter pWrt = new PemWriter(new StreamWriter(bOut));
pWrt.WriteObject(pair.Public);
pWrt.Writer.Close();
PemReader pemRd = new PemReader(new StreamReader(new MemoryStream(bOut.ToArray(), false)));
IAsymmetricKeyParameter pubK = (AsymmetricKeyParameter) pemRd.ReadObject();
if (!pubK.Equals(pair.Public))
{
Fail("Failed public key read: " + name);
}
bOut = new MemoryStream();
pWrt = new PemWriter(new StreamWriter(bOut));
pWrt.WriteObject(pair.Private);
pWrt.Writer.Close();
pemRd = new PemReader(new StreamReader(new MemoryStream(bOut.ToArray(), false)));
IAsymmetricCipherKeyPair kPair = (AsymmetricCipherKeyPair) pemRd.ReadObject();
if (!kPair.Private.Equals(pair.Private))
{
Fail("Failed private key read: " + name);
}
if (!kPair.Public.Equals(pair.Public))
{
Fail("Failed private key public read: " + name);
}
}
public void TestPkcs8Plain()
{
IAsymmetricCipherKeyPairGenerator kpGen = GeneratorUtilities.GetKeyPairGenerator("RSA");
kpGen.Init(new KeyGenerationParameters(new SecureRandom(), 1024));
IAsymmetricKeyParameter privKey = kpGen.GenerateKeyPair().Private;
StringWriter sw = new StringWriter();
PemWriter pWrt = new PemWriter(sw);
Pkcs8Generator pkcs8 = new Pkcs8Generator(privKey);
pWrt.WriteObject(pkcs8);
pWrt.Writer.Close();
string result = sw.ToString();
PemReader pRd = new PemReader(new StringReader(result), new Password("hello".ToCharArray()));
IAsymmetricKeyParameter rdKey = (AsymmetricKeyParameter)pRd.ReadObject();
pRd.Reader.Close();
Assert.AreEqual(privKey, rdKey);
}
private void EncryptedTest(IAsymmetricKeyParameter privKey, string algorithm)
{
StringWriter sw = new StringWriter();
PemWriter pWrt = new PemWriter(sw);
Pkcs8Generator pkcs8 = new Pkcs8Generator(privKey, algorithm);
pkcs8.Password = "******".ToCharArray();
pWrt.WriteObject(pkcs8);
pWrt.Writer.Close();
String result = sw.ToString();
PemReader pRd = new PemReader(new StringReader(result), new Password("hello".ToCharArray()));
IAsymmetricKeyParameter rdKey = (AsymmetricKeyParameter)pRd.ReadObject();
pRd.Reader.Close();
Assert.AreEqual(privKey, rdKey);
}