Esempio n. 1
0
        bool GenerateSki()
        {
            if (!File.Exists(SignedCertificateFile))
            {
                _logger.Warn($"Can't generate a SKI because there is no certiface at {SignedCertificateFile}");
                return(false);
            }

            try
            {
                _logger.Debug($"Resolve SKI from {SignedCertificateFile}");
                var parser     = new X509CertificateParser();
                var cert       = parser.ReadCertificate(File.ReadAllBytes(SignedCertificateFile));
                var identifier = new SubjectKeyIdentifierStructure(cert.GetPublicKey());
                var bytes      = identifier.GetKeyIdentifier();
                _ski = BytesAsHex(bytes);

                _logger.Debug($"Resolved SKI '{_ski}'");
                return(true);
            }
            catch (Exception ex)
            {
                _logger.Error($"Failed to get the SKI from {SignedCertificateFile}", ex);
                return(false);
            }
        }
Esempio n. 2
0
        public async Task Create_Secp256k1()
        {
            var key = await _keyStoreService.CreateAsync("alice", "secp256k1", 0);

            try
            {
                var cert = await _keyStoreService.CreateBcCertificateAsync("alice");

                Assert.AreEqual($"CN={key.Id},OU=keystore,O=ipfs", cert.SubjectDN.ToString());
                var ski = new SubjectKeyIdentifierStructure(
                    cert.GetExtensionValue(X509Extensions.SubjectKeyIdentifier));
                Assert.AreEqual(key.Id.ToBase58(), ski.GetKeyIdentifier().ToBase58());
            }
            finally
            {
                await _keyStoreService.RemoveAsync("alice");
            }
        }
Esempio n. 3
0
        public async Task Create_Ed25519()
        {
            var ipfs     = TestFixture.Ipfs;
            var keychain = await ipfs.KeyChainAsync();

            var key = await ipfs.Key.CreateAsync("alice", "ed25519", 0);

            try
            {
                var cert = await keychain.CreateBCCertificateAsync("alice");

                Assert.AreEqual($"CN={key.Id},OU=keystore,O=ipfs", cert.SubjectDN.ToString());
                var ski = new SubjectKeyIdentifierStructure(cert.GetExtensionValue(X509Extensions.SubjectKeyIdentifier));
                Assert.AreEqual(key.Id.ToBase58(), ski.GetKeyIdentifier().ToBase58());
            }
            finally
            {
                await ipfs.Key.RemoveAsync("alice");
            }
        }
Esempio n. 4
0
        PrimarySignature CreateKeyVaultPrimarySignature(SignPackageRequest request, SignatureContent signatureContent, SignatureType signatureType)
        {
            // Get the chain

            var getter = typeof(SignPackageRequest).GetProperty("Chain", BindingFlags.Instance | BindingFlags.NonPublic)
                         .GetGetMethod(true);

            var certs = (IReadOnlyList <X509Certificate2>)getter.Invoke(request, null);


            var attribs = SigningUtility.CreateSignedAttributes(request, certs);

            // Convert .NET crypto attributes to Bouncy Castle
            var attribTable = new AttributeTable(new Asn1EncodableVector(attribs.Cast <CryptographicAttributeObject>()
                                                                         .Select(ToBcAttribute)
                                                                         .ToArray()));
            // SignerInfo generator setup
            var signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder()
                                             .WithSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(attribTable));


            // Subject Key Identifier (SKI) is smaller and less prone to accidental matching than issuer and serial
            // number.  However, to ensure cross-platform verification, SKI should only be used if the certificate
            // has the SKI extension attribute.

            // Try to look for the value
            var bcCer = DotNetUtilities.FromX509Certificate(request.Certificate);
            var ext   = bcCer.GetExtensionValue(new DerObjectIdentifier(Oids.SubjectKeyIdentifier));
            SignerInfoGenerator signerInfoGenerator;

            if (ext != null)
            {
                var ski = new SubjectKeyIdentifierStructure(ext);
                signerInfoGenerator = signerInfoGeneratorBuilder.Build(new RsaSignatureFactory(HashAlgorithmToBouncyCastle(request.SignatureHashAlgorithm), provider), ski.GetKeyIdentifier());
            }
            else
            {
                signerInfoGenerator = signerInfoGeneratorBuilder.Build(new RsaSignatureFactory(HashAlgorithmToBouncyCastle(request.SignatureHashAlgorithm), provider), bcCer);
            }


            var generator = new CmsSignedDataGenerator();

            generator.AddSignerInfoGenerator(signerInfoGenerator);

            // Get the chain as bc certs
            generator.AddCertificates(X509StoreFactory.Create("Certificate/Collection",
                                                              new X509CollectionStoreParameters(certs.Select(DotNetUtilities.FromX509Certificate).
                                                                                                ToList())));

            var msg  = new CmsProcessableByteArray(signatureContent.GetBytes());
            var data = generator.Generate(msg, true);

            var encoded = data.ContentInfo.GetDerEncoded();

            return(PrimarySignature.Load(encoded));
        }