private PeerNode AuthenticateNode(SslStream clientSslStream, Socket clientSocket) { string nodeIP = clientSocket.RemoteEndPoint.ToString().Split(':')[0]; // if cert is empty or come with the default/harcoded hash, this a new node. // Generate and send him a certificate if (clientSslStream.RemoteCertificate == null || clientSslStream.RemoteCertificate.GetCertHashString() == "3EE15BE077586D9CB9AEC105AE8AB0613ED6C34B") { //TODO : make certmanager directly return an X509Certificate2 //TODO : store the whole cert into a 'Password' structure (need private key if client // node is lost (or its certificate is lost), or to do cross-restores Mono.Security.X509.PKCS12 newCert = GenerateNewClientCertificate(nodeIP); // new node, unknown by hub. let's add it in "pending for approval" status var x509cert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(); x509cert2.Import(newCert.Certificates[0].RawData, "", System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.PersistKeySet | System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable); var u = CreateNewNode(nodeIP, new NodeCertificate(x509cert2)); u.SetSockets(clientSslStream, clientSocket); u.SendCertificate(newCert.GetBytes()); u.Disconnect(); return(null); } X509Certificate2 remoteCert = new X509Certificate2(clientSslStream.RemoteCertificate); PeerNode node = new DAL.NodeDAO().NodeApproved(remoteCert.GetSerialNumber()); node.IP = nodeIP; if (node != null) { Logger.Append("HUBRN", Severity.TRIVIA, "Newly connected node : Id=" + node.Id + ", NodeName=" + node.Name + ",IP=" + node.IP + ", status=" + node.Status); if (!node.Locked) { node.Status = NodeStatus.Idle; } else { node.Status = NodeStatus.Locked; // pending for manual approval Logger.Append("HUBRN", Severity.NOTICE, "Newly connected node #" + node.Id + " is locked."); } } node.SetSockets(clientSslStream, clientSocket); node.SendAuthStatus(); return(node); }
public static byte[] CrearPFX(byte[] bytesCER, byte[] bytesKEY, string password) { try { if (bytesCER == null || bytesKEY == null) { throw new Exception("Empty cer and or key"); } var certificate = new Mono.Security.X509.X509Certificate(bytesCER); char[] arrayOfChars = password.ToCharArray(); AsymmetricKeyParameter privateKey = Org.BouncyCastle.Security.PrivateKeyFactory.DecryptKey(arrayOfChars, bytesKEY); RSA subjectKey = DotNetUtilitiesCustom.ToRSA((RsaPrivateCrtKeyParameters)privateKey); Mono.Security.X509.PKCS12 p12 = new Mono.Security.X509.PKCS12(); p12.Password = password; ArrayList list = new ArrayList(); // we use a fixed array to avoid endianess issues // (in case some tools requires the ID to be 1). list.Add(new byte[4] { 1, 0, 0, 0 }); Hashtable attributes = new Hashtable(1); attributes.Add(Mono.Security.X509.PKCS9.localKeyId, list); p12.AddCertificate(certificate, attributes); p12.AddPkcs8ShroudedKeyBag(subjectKey, attributes); return(p12.GetBytes()); } catch (Exception ex) { throw new Exception("Los datos del Certificado CER KEY o Password son incorrectos. No es posible leer la llave privada.", ex); } }