public PKIHelper(CertType type, byte[] rawCert, string password = "")
{
this.RawCert = rawCert;
this.Password = password;
this.CertType = type;
_pkiResul = new PKIResult();
}
public CertRecord(string name, int timeToLive, CertType type, ushort keyTag, DnsSecAlgorithm algorithm, byte[] certificate)
: base(name, RecordType.Cert, RecordClass.INet, timeToLive)
{
Type = type;
KeyTag = keyTag;
Algorithm = algorithm;
Certificate = certificate ?? new byte[] { };
}
/// <summary>
/// Creates a new instace of the CertRecord class
/// </summary>
/// <param name="name"> Name of the record </param>
/// <param name="timeToLive"> Seconds the record should be cached at most </param>
/// <param name="type"> Type of the certificate data </param>
/// <param name="keyTag"> Key tag </param>
/// <param name="algorithm"> Algorithm of the certificate </param>
/// <param name="certificate"> Binary data of the certificate </param>
public CertRecord(DomainName name, int timeToLive, CertType type, ushort keyTag, DnsSecAlgorithm algorithm, byte[] certificate)
: base(name, RecordType.Cert, RecordClass.INet, timeToLive)
{
Type = type;
KeyTag = keyTag;
Algorithm = algorithm;
Certificate = certificate ?? Array.Empty <byte>();
}
/// <summary>
/// Creates a new instace of the CertRecord class
/// </summary>
/// <param name="name"> Name of the record </param>
/// <param name="timeToLive"> Seconds the record should be cached at most </param>
/// <param name="type"> Type of the certificate data </param>
/// <param name="keyTag"> Key tag </param>
/// <param name="algorithm"> Algorithm of the certificate </param>
/// <param name="certificate"> Binary data of the certificate </param>
public CertRecord(string name, int timeToLive, CertType type, ushort keyTag, DnsSecAlgorithm algorithm, byte[] certificate)
: base(name, RecordType.Cert, RecordClass.INet, timeToLive)
{
Type = type;
KeyTag = keyTag;
Algorithm = algorithm;
Certificate = certificate ?? new byte[] { };
}
private static TLSCertificateKeyPair CreateCert(CertType certType, string subjectAlternativeName, string commonName, string signatureAlgorithm, string keyType)
{
if (commonName == null)
{
commonName = Guid.NewGuid().ToString();
}
KeyPair keyPair = CreateKeyPair(keyType);
Certificate cert = CreateSelfSignedCertificate(certType, keyPair, commonName, signatureAlgorithm, subjectAlternativeName);
return(new TLSCertificateKeyPair(cert, keyPair));
}
private string ExpandedSavePath_Value(string savePath, CertType certType, string cert)
{
if (string.IsNullOrWhiteSpace(savePath))
{
savePath = Environment.CurrentDirectory;
}
if (certType == 0)
{
return(null);
}
if (string.IsNullOrWhiteSpace(cert))
{
return(null);
}
var ext = GetExt(certType);
var pathExpanded = Environment.ExpandEnvironmentVariables(savePath);
string path;
string fname;
if (!Directory.Exists(pathExpanded))
{
path = Path.GetDirectoryName(pathExpanded) + "\\";
fname = Path.GetFileName(pathExpanded);
if (string.IsNullOrWhiteSpace(fname))
{
fname = cert + "." + ext;
}
else if (Path.GetExtension(fname) != "." + ext)
{
fname += "." + ext;
}
}
else if (!pathExpanded.EndsWith("\\"))
{
path = pathExpanded + "\\";
fname = cert + "." + ext;
}
else
{
path = pathExpanded;
fname = cert + "." + ext;
}
var fullName = Path.Combine(path, fname);
return(fullName);
}
public override int GetHashCode()
{
int hash = 1;
if (certificateUuid_ != null)
{
hash ^= CertificateUuid.GetHashCode();
}
if (rootGuid_ != null)
{
hash ^= RootGuid.GetHashCode();
}
if (CertType != 0)
{
hash ^= CertType.GetHashCode();
}
if (IsSigner != false)
{
hash ^= IsSigner.GetHashCode();
}
if (DistinguisedName.Length != 0)
{
hash ^= DistinguisedName.GetHashCode();
}
if (signerUuid_ != null)
{
hash ^= SignerUuid.GetHashCode();
}
if (Signature.Length != 0)
{
hash ^= Signature.GetHashCode();
}
if (startTime_ != null)
{
hash ^= StartTime.GetHashCode();
}
if (endTime_ != null)
{
hash ^= EndTime.GetHashCode();
}
if (CertificateBody.Length != 0)
{
hash ^= CertificateBody.GetHashCode();
}
if (_unknownFields != null)
{
hash ^= _unknownFields.GetHashCode();
}
return(hash);
}
/// <summary>
/// 获取验签对象
/// </summary>
/// <param name="signerType"></param>
/// <returns></returns>
/// <exception cref="ArgumentOutOfRangeException"></exception>
public static IVerifier GetVerifier(CertType certType)
{
switch (certType)
{
case CertType.RSA:
return(new SHA256WithRSAVerifier());
case CertType.SM:
return(new SM3WithSM2Verifier());
default:
throw new ArgumentOutOfRangeException(nameof(certType));
}
}
public string GetAsset(CertType certType)
{
switch (certType)
{
case CertType.KeyPEM: return(this.KeyPem);
case CertType.CsrPEM: return(this.CsrPem);
case CertType.CertificatePEM: return(this.CrtPem);
case CertType.IssuerPEM: return(this.IssuerPem);
default: return(null);
}
}
private static string CertTypeEnumToString(CertType arg)
{
switch (arg)
{
case CertType.KeyPEM: return("Key PEM");
case CertType.CsrPEM: return("Csr PEM");
case CertType.CertificatePEM: return("Certificate PEM");
case CertType.CertificateDER: return("Certificate DER");
case CertType.IssuerPEM: return("Issuer PEM");
case CertType.IssuerDER: return("Issuer DER");
case CertType.Pkcs12: return("Pkcs12");
default: return("");
}
}
internal static string GetExt(CertType certType)
{
string ext;
switch (certType)
{
case CertType.KeyPEM:
ext = "pem";
break;
case CertType.CsrPEM:
ext = "pem";
break;
case CertType.CertificatePEM:
ext = "pem";
break;
case CertType.CertificateDER:
ext = "der";
break;
case CertType.IssuerPEM:
ext = "pem";
break;
case CertType.IssuerDER:
ext = "der";
break;
case CertType.Pkcs12:
ext = "pfx";
break;
default:
ext = "";
break;
}
return(ext);
}
private static Certificate CreateSelfSignedCertificate(CertType certType, KeyPair keyPair, string commonName, string signatureAlgorithm, string san)
{
X509V3CertificateGenerator certBuilder = CreateCertBuilder(keyPair, commonName);
// Basic constraints
BasicConstraints constraints = new BasicConstraints(true);
certBuilder.AddExtension(X509Extensions.BasicConstraints, true, constraints);
// Key usage
KeyUsage usage = new KeyUsage(Org.BouncyCastle.Asn1.X509.KeyUsage.KeyEncipherment | Org.BouncyCastle.Asn1.X509.KeyUsage.DigitalSignature | Org.BouncyCastle.Asn1.X509.KeyUsage.KeyCertSign);
certBuilder.AddExtension(X509Extensions.KeyUsage, false, usage);
// Extended key usage
//var usages = new[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth };
certBuilder.AddExtension(X509Extensions.ExtendedKeyUsage, false, KeyUsage(certType));
if (san != null)
{
AddSAN(certBuilder, san);
}
ISignatureFactory signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, keyPair.PrivateKey, new SecureRandom());
return(Certificate.Create(certBuilder.Generate(signatureFactory), keyPair.PrivateKey));
}
/// <summary>
/// 构造函数
/// </summary>
/// <param name="senparcWeixinSettingForTenpayV3"></param>
public BasePayApis2(SenparcHttpClient httpClient, ISenparcWeixinSettingForTenpayV3 senparcWeixinSettingForTenpayV3 = null, CertType certType = CertType.RSA)
{
this._httpClient = httpClient;
_tenpayV3Setting = senparcWeixinSettingForTenpayV3 ?? Senparc.Weixin.Config.SenparcWeixinSetting.TenpayV3Setting;
this._certType = certType;
}
public TenPayHttpClient(SenparcHttpClient httpClient, ISenparcWeixinSettingForTenpayV3 senparcWeixinSettingForTenpayV3 = null, CertType certType = CertType.RSA)
{
this._httpClient = httpClient;
this._client = this._httpClient.Client;
_tenpayV3Setting = senparcWeixinSettingForTenpayV3 ?? Senparc.Weixin.Config.SenparcWeixinSetting.TenpayV3Setting;
//从工厂获得签名和验签的方法类
_signer = TenPayCertFactory.GetSigner(certType);
_verifier = TenPayCertFactory.GetVerifier(certType);
#region 配置UA
//ACCEPT header
_client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
_client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("*/*"));
//User-Agent header
var userAgentValues = UserAgentValues.Instance;
_client.DefaultRequestHeaders.UserAgent.Add(new ProductInfoHeaderValue("Senparc.Weixin.TenPayV3-C#", userAgentValues.TenPayV3Version));
_client.DefaultRequestHeaders.UserAgent.Add(new ProductInfoHeaderValue($"(Senparc.Weixin {userAgentValues.SenparcWeixinVersion})"));
_client.DefaultRequestHeaders.UserAgent.Add(new ProductInfoHeaderValue(".NET", userAgentValues.RuntimeVersion));
_client.DefaultRequestHeaders.UserAgent.Add(new ProductInfoHeaderValue($"({userAgentValues.OSVersion})"));
#endregion
}
//Filling this in might be a good idea (sarcasm)
public void RemoveCert(CertType c, bool alreadyRemovedFromPQ = false)
{
}
//EMPTY METHOD ):
public Certificate[] CertificateMaker(Vertex v, double time, CertType ct = CertType.any)
{
return(new Certificate[8]);
}
private static ExtendedKeyUsage KeyUsage(CertType type) => new ExtendedKeyUsage(type == CertType.SERVER ? KeyPurposeID.IdKPServerAuth : KeyPurposeID.IdKPClientAuth);