/// <summary>
/// 生成自签名证书
/// </summary>
/// <param name="subjectName"></param>
/// <param name="issuerName"></param>
/// <param name="issuerPrivKey"></param>
/// <param name="keyStrength"></param>
/// <returns></returns>
public static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey, int keyStrength = 2048)
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and Subject Name
var subjectDN = new X509Name(subjectName);
var issuerDN = new X509Name(issuerName);
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
AsymmetricCipherKeyPair subjectKeyPair;
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Generating the Certificate
// var issuerKeyPair = subjectKeyPair;
// https://stackoverflow.com/questions/60547020/c-sharp-generate-intermediate-certificate-from-self-signed-root-ca
ISignatureFactory signatureFactory = new Asn1SignatureFactory(PkcsObjectIdentifiers.Sha256WithRsaEncryption.ToString(), issuerPrivKey, random);
// ISignatureFactory signatureFactory = new Asn1SignatureFactory(PkcsObjectIdentifiers.Sha256WithRsaEncryption.ToString(), issuerKeyPair.Private, random);
// selfsign certificate
var certificate = certificateGenerator.Generate(signatureFactory);
// Corresponding private key
PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
// Merge into X509Certificate2
var x509 = new X509Certificate2(certificate.GetEncoded());
Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("malformed sequence in RSA private key");
}
RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(seq);
RsaPrivateCrtKeyParameters rsaParams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
// https://github.com/bcgit/bc-csharp/issues/160
// https://stackoverflow.com/questions/54752834/error-setting-x509certificate2-privatekey
// x509.PrivateKey = DotNetUtilities.ToRSA(rsaParams);
// return x509;
// [DotNetUtilities class only works on Windows](https://github.com/bcgit/bc-csharp/issues/160)
// if run on Linux will cause 'CspParameters' requires Windows Cryptographic API (CAPI), which is not available on this platform.
// var cert = x509.CopyWithPrivateKey(DotNetUtilities.ToRSA(rsaParams));
var parms = DotNetUtilities.ToRSAParameters(rsaParams);
var rsaCreate = RSA.Create();
rsaCreate.ImportParameters(parms);
var cert = x509.CopyWithPrivateKey(rsaCreate);
return(cert);
}
// Method GenerateSelfSignedCertificate
private static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey, int keyStrength = 2048)
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
const string signatureAlgorithm = "SHA256WithRSA";
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
// Issuer and Subject Name
var subjectDN = new X509Name(subjectName);
X509Name issuerDN = new X509Name(issuerName);
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddDays(7);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
AsymmetricCipherKeyPair subjectKeyPair;
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Generating the Certificate
var issuerKeyPair = subjectKeyPair;
// selfsign certificate
var certificate = certificateGenerator.Generate(issuerPrivKey, random);
// correcponding private key
PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
// merge into X509Certificate2
var x509 = new X509Certificate2(certificate.GetEncoded());
var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("malformed sequence in RSA private key");
}
var rsa = new RsaPrivateKeyStructure(seq);
RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams);
return(x509);
}
/// <summary>
/// Creates a self signed Certificate using Boncy castle crypto
/// </summary>
/// <param name="request"></param>
/// <param name="issuerPrivKey"></param>
/// <param name="myPrivateKey"></param>
/// <returns></returns>
public static X509Certificate2 CreateSelfSignedCertificateBasedOnCertificateAuthorityPrivateKey(APICertificateRequest request, AsymmetricKeyParameter issuerPrivKey, ref AsymmetricKeyParameter myPrivateKey)
{
const int keyStrength = 4096;
// Generating Random Numbers
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(randomGenerator);
//ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", issuerPrivKey, random);
ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", issuerPrivKey, random);
// The Certificate Generator
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage((new List <DerObjectIdentifier>()
{
new DerObjectIdentifier("1.3.6.1.5.5.7.3.1"), new DerObjectIdentifier("1.3.6.1.5.5.7.3.2")
})));
var lExtensions = new List <DerObjectIdentifier>();
if (request.Aspsp)
{
lExtensions.Add(new DerObjectIdentifier("0.4.0.19495.1.1"));//, PSD2Roles.ASPSP);
}
if (request.Pisp)
{
lExtensions.Add(new DerObjectIdentifier("0.4.0.19495.1.2"));//, PSD2Roles.PISP);
}
if (request.Aisp)
{
lExtensions.Add(new DerObjectIdentifier("0.4.0.19495.1.3"));//, PSD2Roles.AISP);
}
if (request.Piisp)
{
lExtensions.Add(new DerObjectIdentifier("0.4.0.19495.1.4"));//, PSD2Roles.PIISP);
}
certificateGenerator.AddExtension(X509Extensions.QCStatements, true, new ExtendedKeyUsage(lExtensions));
// Serial Number
BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and Subject Name
// build name attributes
var nameOids = new ArrayList();
nameOids.Add(X509Name.CN);
nameOids.Add(X509Name.O);
nameOids.Add(X509Name.OU);
nameOids.Add(X509Name.C);
nameOids.Add(X509Name.L);
nameOids.Add(X509Name.ST);
var nameValues = new ArrayList();
nameValues.Add(request.CommonName);
nameValues.Add(request.Organization);
nameValues.Add(request.OrganizationUnit);
nameValues.Add(request.Country);
nameValues.Add(request.City);
nameValues.Add(request.State);
//X509Name subjectDN = new X509Name("CN="+request.CommonName);
X509Name subjectDN = new X509Name(nameOids, nameValues);
X509Name issuerDN = new X509Name("CN=" + request.CommonName);
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
DateTime notBefore = DateTime.UtcNow.Date;
DateTime notAfter = notBefore.AddDays(request.Validity);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
AsymmetricCipherKeyPair subjectKeyPair;
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
myPrivateKey = subjectKeyPair.Private;
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
//GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.OtherName, subjectName));
//certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
// self sign certificate
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(signatureFactory);
X509Certificate2 certificate2 = new X509Certificate2(certificate.GetEncoded());
//certificate2.Import(certificate.GetEncoded());
return(certificate2);
}
protected override void CompleteWizard()
{
// Generate the CSR
X509Name subjectName =
new X509Name(string.Format("C={0},ST={1},L={2},O={3},OU={4},CN={5}",
_wizardData.Country,
_wizardData.State,
_wizardData.City,
_wizardData.Organization,
_wizardData.Unit,
_wizardData.CommonName));
// Generate the private/public keypair
RsaKeyPairGenerator kpgen = new RsaKeyPairGenerator();
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
kpgen.Init(new KeyGenerationParameters(new SecureRandom(randomGenerator), _wizardData.Length));
AsymmetricCipherKeyPair keyPair = kpgen.GenerateKeyPair();
// Generate the CSR
Asn1Set attributes = new DerSet(
new DerSequence(
new DerObjectIdentifier("1.3.6.1.4.1.311.13.2.3"),
new DerSet(new DerIA5String(Environment.OSVersion.Version.ToString()))),
new DerSequence(
new DerObjectIdentifier("1.3.6.1.4.1.311.21.20"),
new DerSet(
new DerSequence(
new DerInteger(5),
new DerUtf8String(Environment.MachineName),
new DerUtf8String(Environment.UserName),
new DerUtf8String("JexusManager.exe")))),
new DerSequence(
new DerObjectIdentifier("1.3.6.1.4.1.311.13.2.2"),
new DerSet(
new DerSequence(
new DerInteger(1),
new DerBmpString("Microsoft RSA SChannel Cryptographic Provider"),
new DerBitString(new byte[0])))),
new DerSequence(
new DerObjectIdentifier("1.2.840.113549.1.9.14"),
new DerSet(
new DerSequence(
new DerSequence(
new DerObjectIdentifier("2.5.29.15"),
new DerBoolean(new byte[] { 0x01 }),
new DerOctetString(new byte[] { 0x03, 0x02, 0x04, 0xF0 })),
new DerSequence(
new DerObjectIdentifier("2.5.29.37"),
new DerOctetString(new byte[]
{
0x30, 0x0a, 0x06, 0x08,
0x2b, 0x06, 0x01, 0x05,
0x05, 0x07, 0x03, 0x01
})),
new DerSequence(
new DerObjectIdentifier("1.2.840.113549.1.9.15"),
new DerOctetString(new byte[]
{
0x30, 0x69, 0x30, 0x0e,
0x06, 0x08, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d,
0x03, 0x02, 0x02, 0x02,
0x00, 0x80, 0x30, 0x0e,
0x06, 0x08, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d,
0x03, 0x04, 0x02, 0x02,
0x00, 0x80, 0x30, 0x0b,
0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03,
0x04, 0x01, 0x2a, 0x30,
0x0b, 0x06, 0x09, 0x60,
0x86, 0x48, 0x01, 0x65,
0x03, 0x04, 0x01, 0x2d,
0x30, 0x0b, 0x06, 0x09,
0x60, 0x86, 0x48, 0x01,
0x65, 0x03, 0x04, 0x01,
0x02, 0x30, 0x0b, 0x06,
0x09, 0x60, 0x86, 0x48,
0x01, 0x65, 0x03, 0x04,
0x01, 0x05, 0x30, 0x07,
0x06, 0x05, 0x2b, 0x0e,
0x03, 0x02, 0x07, 0x30,
0x0a, 0x06, 0x08, 0x2a,
0x86, 0x48, 0x86, 0xf7,
0x0d, 0x03, 0x07
})),
new DerSequence(
new DerObjectIdentifier("2.5.29.14"),
new DerOctetString(new byte[]
{
0x04, 0x14, 0xaa, 0x25,
0xd9, 0xa2, 0x39, 0x7e,
0x49, 0xd2, 0x94, 0x85,
0x7e, 0x82, 0xa8, 0x8f,
0x3b, 0x20, 0xf1, 0x4e, 0x65, 0xe5
}))))));
var signing = new Asn1SignatureFactory("SHA256withRSA", keyPair.Private);
Pkcs10CertificationRequest kpGen = new Pkcs10CertificationRequest(signing, subjectName, keyPair.Public, attributes, keyPair.Private);
using (var stream = new StreamWriter(_wizardData.FileName))
{
stream.WriteLine(_wizardData.UseIisStyle ? "-----BEGIN NEW CERTIFICATE REQUEST-----" : "-----BEGIN CERTIFICATE REQUEST-----");
stream.WriteLine(Convert.ToBase64String(kpGen.GetDerEncoded(), Base64FormattingOptions.InsertLineBreaks));
stream.WriteLine(_wizardData.UseIisStyle ? "-----END NEW CERTIFICATE REQUEST-----" : "-----END CERTIFICATE REQUEST-----");
}
var key = DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)keyPair.Private);
PrivateKey pvk = new PrivateKey();
pvk.RSA = new RSACryptoServiceProvider();
pvk.RSA.ImportParameters(key);
var file = DialogHelper.GetPrivateKeyFile(subjectName.ToString());
var folder = Path.GetDirectoryName(file);
if (!Directory.Exists(folder))
{
Directory.CreateDirectory(folder);
}
pvk.Save(file);
}
public void TestMethod1()
{
// this snippet can be easily used in any normal c# project as well by simply removing the .Dump() methods
// and saving the output into a variable / file of your choice.
// you'll need to add BouncyCastle.Crypto nuget to use this.
// tested on 1.8.0-beta4
AsymmetricCipherKeyPair pair;
Pkcs10CertificationRequest csr;
var ecMode = false;
var values = new Dictionary <DerObjectIdentifier, string> {
{ X509Name.CN, "" }, //domain name
{ X509Name.OU, "Domain Control Validated" },
{ X509Name.O, "" }, //Organisation's Legal name
{ X509Name.L, "London" },
{ X509Name.ST, "England" },
{ X509Name.C, "GB" },
};
var subjectAlternateNames = new GeneralName[] { };
var extensions = new Dictionary <DerObjectIdentifier, X509Extension>()
{
{ X509Extensions.BasicConstraints, new X509Extension(true, new DerOctetString(new BasicConstraints(false))) },
{ X509Extensions.KeyUsage, new X509Extension(true, new DerOctetString(new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment | KeyUsage.DataEncipherment | KeyUsage.NonRepudiation))) },
{ X509Extensions.ExtendedKeyUsage, new X509Extension(false, new DerOctetString(new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth))) },
};
if (values[X509Name.CN].StartsWith("www."))
{
values[X509Name.CN] = values[X509Name.CN].Substring(4);
}
if (!values[X509Name.CN].StartsWith("*.") && subjectAlternateNames.Length == 0)
{
subjectAlternateNames = new GeneralName[] { new GeneralName(GeneralName.DnsName, $"www.{values[X509Name.CN]}") }
}
;
if (subjectAlternateNames.Length > 0)
{
extensions.Add(X509Extensions.SubjectAlternativeName, new X509Extension(false, new DerOctetString(new GeneralNames(subjectAlternateNames))));
}
var subject = new X509Name(values.Keys.Reverse().ToList(), values);
if (ecMode)
{
var gen = new ECKeyPairGenerator();
var ecp = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp384r1");
gen.Init(new ECKeyGenerationParameters(new ECDomainParameters(ecp.Curve, ecp.G, ecp.N, ecp.H, ecp.GetSeed()), new SecureRandom()));
pair = gen.GenerateKeyPair();
extensions.Add(X509Extensions.SubjectKeyIdentifier, new X509Extension(false, new DerOctetString(new SubjectKeyIdentifierStructure(pair.Public))));
csr = new Pkcs10CertificationRequest("SHA256withECDSA", subject, pair.Public, new DerSet(new AttributePkcs(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, new DerSet(new X509Extensions(extensions)))), pair.Private);
}
else
{
var gen = new RsaKeyPairGenerator();
gen.Init(new KeyGenerationParameters(new SecureRandom(), 2048));
pair = gen.GenerateKeyPair();
extensions.Add(X509Extensions.SubjectKeyIdentifier, new X509Extension(false, new DerOctetString(new SubjectKeyIdentifierStructure(pair.Public))));
csr = new Pkcs10CertificationRequest("SHA256withRSA", subject, pair.Public, new DerSet(new AttributePkcs(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, new DerSet(new X509Extensions(extensions)))), pair.Private);
}
//Convert BouncyCastle csr to .PEM file.
var csrPem = new StringBuilder();
var csrPemWriter = new PemWriter(new StringWriter(csrPem));
csrPemWriter.WriteObject(csr);
csrPemWriter.Writer.Flush();
Console.WriteLine(csrPem.ToString());
var privateKeyPem = new StringBuilder();
var privateKeyPemWriter = new PemWriter(new StringWriter(privateKeyPem));
privateKeyPemWriter.WriteObject(pair.Private);
csrPemWriter.Writer.Flush();
//privateKeyPem.ToString().Dump("Private Key");
}
}
public static X509Certificate2 GenerateCertificate(string subjectName, X509Certificate2?issuerCertificate = null,
bool generateCA = false, int keyStrength = 2048)
{
if (Verbose)
{
Console.WriteLine($"Generating {(issuerCertificate != null ? "" : "self-signed ")}certificate for {subjectName}");
}
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
const string signatureAlgorithm = "SHA256WithRSA";
// Issuer and Subject Name
var subjectDN = new X509Name(subjectName);
var issuerDN = issuerCertificate != null ? new X509Name(issuerCertificate.Subject) : subjectDN;
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For the next 2 year
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public/Private Key Pair
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
if (generateCA)
{
// Indicate we're a CA
certificateGenerator.AddExtension(
X509Extensions.BasicConstraints.Id, true, new BasicConstraints(cA: true));
}
// Generating the Certificate
// For CA-signed certificate, we use the issuer private key, or for self-signed we use the cert's own key
AsymmetricKeyParameter signingPrivateKey;
if (issuerCertificate != null)
{
var issuerKeyPair = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey);
var issuerSerialNumber = new BigInteger(issuerCertificate.GetSerialNumber());
AddAuthorityKeyIdentifier(certificateGenerator, issuerDN, issuerKeyPair.Public, issuerSerialNumber);
signingPrivateKey = issuerKeyPair.Private;
}
else
{
signingPrivateKey = subjectKeyPair.Private;
}
var signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, signingPrivateKey, random);
var certificate = certificateGenerator.Generate(signatureFactory);
// merge into X509Certificate2
var x509Cert = new X509Certificate2(DotNetUtilities.ToX509Certificate(certificate));
var rsaKey = DotNetUtilities.ToRSA((RsaPrivateCrtKeyParameters)subjectKeyPair.Private);
#if NET452
x509Cert.PrivateKey = rsaKey;
return(x509Cert);
#else
return(x509Cert.CopyWithPrivateKey(rsaKey));
#endif
}
public static X509Certificate2 CreateCertificateAuthorityCertificate(string subjectName)
{
const int keyStrength = 2048;
// Generating Random Numbers
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(randomGenerator);
// The Certificate Generator
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and Subject Name
X509Name subjectDN = new X509Name("CN=" + subjectName);
X509Name issuerDN = subjectDN;
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
DateTime notBefore = DateTime.UtcNow.Date;
DateTime notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
KeyGenerationParameters keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
AsymmetricCipherKeyPair subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Generating the Certificate
AsymmetricCipherKeyPair issuerKeyPair = subjectKeyPair;
ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", issuerKeyPair.Private, random);
// selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(signatureFactory);
X509Certificate2 x509 = new X509Certificate2(certificate.GetEncoded())
{
FriendlyName = subjectName,
PrivateKey = DotNetUtilities.ToRSA((RsaPrivateCrtKeyParameters)subjectKeyPair.Private)
};
//// correcponding private key
//PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
//Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded());
//if (seq.Count != 9)
//{
// //throw new PemException("malformed sequence in RSA private key");
//}
//RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(seq);
//RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters(rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
//x509.FriendlyName = subjectName;
//x509.PrivateKey = DotNetUtilities.ToRSA((RsaPrivateCrtKeyParameters)subjectKeyPair.Private);
return(x509);
}
/// <summary>
/// Generates CRT and PFX files
/// </summary>
/// <param name="subjectName">should be same as domain where socket are used</param>
/// <param name="keyStrength"></param>
/// <returns></returns>
public X509Certificate2 GenerateCACertificate(string subjectName, int keyStrength = 2048)
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
const string signatureAlgorithm = "SHA256WithRSA";
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
// Issuer and Subject Name
var subjectDN = new X509Name(subjectName);
var issuerDN = subjectDN;
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(100);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
AsymmetricCipherKeyPair subjectKeyPair;
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Generating the Certificate
var issuerKeyPair = subjectKeyPair;
// selfsign certificate
var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);
var x509 = new X509Certificate2(certificate.GetEncoded());
// Add CA certificate to Root store
// Genereate PFX
SaveToPFX(issuerKeyPair, x509, GetIssuer());
// generate crt file
//var fileInfo = new FileInfo(GetPublicCertPath());
//if (!fileInfo.Exists)
//{
// ExportToPEM(x509);
//}
return(x509);
}
/// <summary>
/// Creates a self signed application instance certificate.
/// </summary>
/// <param name="storeType">Type of certificate store (Directory) <see cref="CertificateStoreType"/>.</param>
/// <param name="storePath">The store path (syntax depends on storeType).</param>
/// <param name="password">The password to use to protect the certificate.</param>
/// <param name="applicationUri">The application uri (created if not specified).</param>
/// <param name="applicationName">Name of the application (optional if subjectName is specified).</param>
/// <param name="subjectName">The subject used to create the certificate (optional if applicationName is specified).</param>
/// <param name="domainNames">The domain names that can be used to access the server machine (defaults to local computer name if not specified).</param>
/// <param name="keySize">Size of the key (1024, 2048 or 4096).</param>
/// <param name="startTime">The start time.</param>
/// <param name="lifetimeInMonths">The lifetime of the key in months.</param>
/// <param name="hashSizeInBits">The hash size in bits.</param>
/// <param name="isCA">if set to <c>true</c> then a CA certificate is created.</param>
/// <param name="issuerCAKeyCert">The CA cert with the CA private key.</param>
/// <returns>The certificate with a private key.</returns>
public static X509Certificate2 CreateCertificate(
string storeType,
string storePath,
string password,
string applicationUri,
string applicationName,
string subjectName,
IList <String> domainNames,
ushort keySize,
DateTime startTime,
ushort lifetimeInMonths,
ushort hashSizeInBits,
bool isCA,
X509Certificate2 issuerCAKeyCert)
{
if (issuerCAKeyCert != null)
{
if (!issuerCAKeyCert.HasPrivateKey)
{
throw new NotSupportedException("Cannot sign with a CA certificate without a private key.");
}
throw new NotSupportedException("Signing with an issuer CA certificate is currently unsupported.");
}
// set default values.
SetSuitableDefaults(
ref applicationUri,
ref applicationName,
ref subjectName,
ref domainNames,
ref keySize,
ref lifetimeInMonths,
isCA);
// cert generators
SecureRandom random = new SecureRandom();
X509V3CertificateGenerator cg = new X509V3CertificateGenerator();
// Serial Number
BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
cg.SetSerialNumber(serialNumber);
// build name attributes
var nameOids = new ArrayList();
nameOids.Add(X509Name.DC);
nameOids.Add(X509Name.CN);
var nameValues = new ArrayList();
nameValues.Add(domainNames[0]);
nameValues.Add(subjectName);
// self signed
X509Name subjectDN = new X509Name(nameOids, nameValues);
X509Name issuerDN = subjectDN;
cg.SetIssuerDN(issuerDN);
cg.SetSubjectDN(subjectDN);
// valid for
cg.SetNotBefore(startTime);
cg.SetNotAfter(startTime.AddMonths(lifetimeInMonths));
// Private/Public Key
AsymmetricCipherKeyPair subjectKeyPair;
var keyGenerationParameters = new KeyGenerationParameters(random, keySize);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
cg.SetPublicKey(subjectKeyPair.Public);
// add extensions
// Subject key identifier
cg.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, false,
new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public)));
// Basic constraints
cg.AddExtension(X509Extensions.BasicConstraints.Id, true, new BasicConstraints(isCA));
// Authority Key identifier
var issuerKeyPair = subjectKeyPair;
var issuerSerialNumber = serialNumber;
cg.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, false,
new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public),
new GeneralNames(new GeneralName(issuerDN)), issuerSerialNumber));
if (!isCA)
{
// Key usage
cg.AddExtension(X509Extensions.KeyUsage, true,
new KeyUsage(KeyUsage.DataEncipherment | KeyUsage.DigitalSignature |
KeyUsage.NonRepudiation | KeyUsage.KeyCertSign | KeyUsage.KeyEncipherment));
// Extended Key usage
cg.AddExtension(X509Extensions.ExtendedKeyUsage, true,
new ExtendedKeyUsage(new List <DerObjectIdentifier>()
{
new DerObjectIdentifier("1.3.6.1.5.5.7.3.1"), // server auth
new DerObjectIdentifier("1.3.6.1.5.5.7.3.2"), // client auth
}));
// subject alternate name
cg.AddExtension(X509Extensions.SubjectAlternativeName, false,
new GeneralNames(new GeneralName[] {
new GeneralName(GeneralName.UniformResourceIdentifier, applicationUri),
new GeneralName(GeneralName.DnsName, domainNames[0])
}));
}
else
{
// Key usage CA
cg.AddExtension(X509Extensions.KeyUsage, true,
new KeyUsage(KeyUsage.CrlSign | KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
}
// sign certificate
ISignatureFactory signatureFactory =
new Asn1SignatureFactory((hashSizeInBits < 256) ? "SHA1WITHRSA" : "SHA256WITHRSA", subjectKeyPair.Private, random);
Org.BouncyCastle.X509.X509Certificate x509 = cg.Generate(signatureFactory);
// create pkcs12 store for cert and private key
X509Certificate2 certificate = null;
using (MemoryStream pfxData = new MemoryStream())
{
Pkcs12Store pkcsStore = new Pkcs12StoreBuilder().Build();
X509CertificateEntry[] chain = new X509CertificateEntry[1];
string passcode = "passcode";
chain[0] = new X509CertificateEntry(x509);
pkcsStore.SetKeyEntry(applicationName, new AsymmetricKeyEntry(subjectKeyPair.Private), chain);
pkcsStore.Save(pfxData, passcode.ToCharArray(), random);
// merge into X509Certificate2
certificate = CreateCertificateFromPKCS12(pfxData.ToArray(), passcode);
}
Utils.Trace(Utils.TraceMasks.Security, "Created new certificate: {0}", certificate.Thumbprint);
// add cert to the store.
if (!String.IsNullOrEmpty(storePath))
{
ICertificateStore store = null;
if (storeType == CertificateStoreType.X509Store)
{
store = new X509CertificateStore();
}
else if (storeType == CertificateStoreType.Directory)
{
store = new DirectoryCertificateStore();
}
else
{
throw new ArgumentException("Invalid store type");
}
store.Open(storePath);
store.Add(certificate);
store.Close();
store.Dispose();
}
// note: this cert has a private key!
return(certificate);
}
static void Main(string[] args)
{
Console.WriteLine("======== Mixin C# SDK Test ========= \n");
MixinApi mixinApi = new MixinApi();
mixinApi.Init(USRCONFIG.ClientId, USRCONFIG.ClientSecret, USRCONFIG.SessionId, USRCONFIG.PinToken, USRCONFIG.PrivateKey);
Console.WriteLine("======== Initiation Finished ========= \n");
Console.WriteLine("======== Test Create PIN ===========\n");
Console.WriteLine(mixinApi.CreatePIN(USRCONFIG.PinCode, "123456").ToString());
Console.WriteLine();
Console.WriteLine(mixinApi.CreatePIN("123456", USRCONFIG.PinCode).ToString());
Console.WriteLine("\n\n======== Test Verify PIN ===========\n");
Console.WriteLine(mixinApi.VerifyPIN(USRCONFIG.PinCode).ToString());
Console.WriteLine("\n\n======== Test Deposit ===========\n");
Console.WriteLine(mixinApi.Deposit("3596ab64-a575-39ad-964e-43b37f44e8cb").ToString());
Console.WriteLine("\n\n======== Test Read Assets ===========\n");
var assets = mixinApi.ReadAssets();
foreach (var asset in assets)
{
Console.WriteLine(asset.ToString());
Console.WriteLine();
}
Console.WriteLine("\n\n======== Test Read Asset ===========\n");
Console.WriteLine(mixinApi.ReadAsset("6cfe566e-4aad-470b-8c9a-2fd35b49c68d"));
Console.WriteLine("\n\n======== Test Search Assest ===========\n");
assets = mixinApi.SearchAssets("CNB");
foreach (var asset in assets)
{
Console.WriteLine(asset.ToString());
Console.WriteLine();
}
Console.WriteLine("\n\n======== Test Network Asset ===========\n");
Console.WriteLine(mixinApi.NetworkAsset("965e5c6e-434c-3fa9-b780-c50f43cd955c"));
Console.WriteLine("\n\n======== Test Top Assets ===========\n");
var topasset = mixinApi.TopAssets();
foreach (var asset in topasset)
{
Console.WriteLine(asset.ToString());
Console.WriteLine();
}
Console.WriteLine("\n\n======== Test Network Snapshot don't auth ===========\n");
Console.WriteLine(mixinApi.NetworkSnapshot("85b8c435-1ef6-4f2a-85f9-8def2a852473", false));
Console.WriteLine("\n\n======== Test Network Snapshot auth ===========\n");
Console.WriteLine(mixinApi.NetworkSnapshot("85b8c435-1ef6-4f2a-85f9-8def2a852473", true));
Console.WriteLine("\n\n======== Test Network Snapshots ===========\n");
var snaps = mixinApi.NetworkSnapshots(2, "2019-01-02T15:04:05.999999999-07:00", null, null, false);
foreach (var sn in snaps)
{
Console.WriteLine(sn.ToString());
Console.WriteLine();
}
snaps = mixinApi.NetworkSnapshots(2, "2019-01-02T15:04:05.999999999-07:00", null, null, true);
foreach (var sn in snaps)
{
Console.WriteLine(sn.ToString());
Console.WriteLine();
}
Console.WriteLine("\n\n======== External Transactions ===========\n");
var ts = mixinApi.ExternalTransactions("6cfe566e-4aad-470b-8c9a-2fd35b49c68d", null, null, null, 10, null);
foreach (var t in ts)
{
Console.WriteLine(t.ToString());
Console.WriteLine();
}
Console.WriteLine("\n\n======== Test Create Address ===========\n");
var addr = mixinApi.CreateAddress("965e5c6e-434c-3fa9-b780-c50f43cd955c", "0xe6Bf2C2E8f3243dF46308ca472038eA9Fa1bc42C", "CNB withdraw", null, null, USRCONFIG.PinCode);
Console.WriteLine(addr);
Console.WriteLine("\n\n======== Test Create Address ===========\n");
addr = mixinApi.CreateAddress("965e5c6e-434c-3fa9-b780-c50f43cd955c", "0x078C5AF6C8Ab533b8ef7FAb822B5B5f70A9d1c35", "CNB withdraw123", null, null, USRCONFIG.PinCode);
Console.WriteLine(addr);
Console.WriteLine("\n\n======== Test Read Address ===========\n");
Console.WriteLine(mixinApi.ReadAddress(addr.address_id));
Console.WriteLine("\n\n======== Test Delete Address ===========\n");
Console.WriteLine(mixinApi.DeleteAddress(USRCONFIG.PinCode, addr.address_id));
Console.WriteLine("\n\n======== Test Withdrawal Addresses ===========\n");
var addrlist = mixinApi.WithdrawalAddresses("965e5c6e-434c-3fa9-b780-c50f43cd955c");
foreach (var a in addrlist)
{
Console.WriteLine(a.ToString());
Console.WriteLine();
}
Console.WriteLine("\n\n======== Test Withdrawal ===========\n");
Console.WriteLine(mixinApi.Withdrawal(addrlist[0].address_id, "100", USRCONFIG.PinCode, System.Guid.NewGuid().ToString(), "Test withdraw"));
Console.WriteLine("\n\n======== Test Search User ===========\n");
var u = mixinApi.SearchUser("31243");
Console.WriteLine(u);
Console.WriteLine("\n\n======== Test Read User ===========\n");
Console.WriteLine(mixinApi.ReadUser("cf0b9c0e-a80a-4044-a6dc-797400c148d7"));
Console.WriteLine("\n\n======== Test Transfer ===========\n");
Console.WriteLine(mixinApi.Transfer("965e5c6e-434c-3fa9-b780-c50f43cd955c", "cf0b9c0e-a80a-4044-a6dc-797400c148d7", "100", USRCONFIG.PinCode, System.Guid.NewGuid().ToString(), "Test Transfer"));
Console.WriteLine("\n\n======== Test Verify Payment ===========\n");
Console.WriteLine(mixinApi.VerifyPayment("965e5c6e-434c-3fa9-b780-c50f43cd955c", "cf0b9c0e-a80a-4044-a6dc-797400c148d7", "100", "414c95cc-d695-48df-b23b-00815b21ed00"));
Console.WriteLine("\n\n======== Test Read Transfer ===========\n");
Console.WriteLine(mixinApi.ReadTransfer("414c95cc-d695-48df-b23b-00815b21ed00"));
Console.WriteLine("\n\n======== Test APP User ===========\n");
var kpgen = new RsaKeyPairGenerator();
kpgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));
var keyPair = kpgen.GenerateKeyPair();
AsymmetricKeyParameter privateKey = keyPair.Private;
AsymmetricKeyParameter publicKey = keyPair.Public;
SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public);
string pk = Convert.ToBase64String(info.GetDerEncoded());
var user = mixinApi.APPUser("Csharp" + (new Random().Next() % 100) + "test", pk);
Console.WriteLine(user);
Console.WriteLine("\n\n======== Test Read Profile ===========\n");
Console.WriteLine(mixinApi.ReadProfile());
Console.WriteLine("\n\n======== Test Update Profile ===========\n");
Console.WriteLine(mixinApi.UpdateProfile("mixin_csharp_sdk_demo", "iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAAABGdBTUEAAK/INwWK6QAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QA/wD/AP+gvaeTAAAAB3RJTUUH4wEJAgwnFleLvwAAEWhJREFUaN61mXmMXVd9xz/nnLu8bfbNY4+dOCZ2bJOoIRskbKLQQJpUgbD8QdWyFpWyCRpQoSrQShVFLFUqBahUGkGRKEVBVgqEUoJLgCQkBBLHOI4dO9jO2GN7tjdvu/csv/5x74xnbIdCoEf6+ln33Tnn+z2/9ZyneJZj3+GnOVlbzwXMcdT3c7IHTSvsHNLRTE/qCjUoUAMiBQ4lbQ0LG+u68/NZ7/pixURFWO/nOK6HGOmd4OLNF/zGPNSzIX/P4SYpjhOhxiO9lJcP2eGWU8/NA1d54TLgQqMYU4qKAiPgRegGOIlwONY8kmge7Itk74OtePGiKGNSt8iJuPaCwf8/Ad974jSTeol9YZzXXPiQuuvo1dss6mYn6qaA2hlrNVCLoBYpYg1GgVIgAl4gD0LXQdcLLjCvFY/GyF2pDrte9YPKwW+9OONVU10ePpVyxWTtdyfggaNNZrqQ6MBB28/GqLMpw7zNinpj7rkoMYqRiqY/KYgvTyrnWUiAPEAzF2azgA9IxXAg0XJHPeKOp9r6+Na+gBXF1qjJBZNjv52Ag0emua89SEUHptI8Ppqlr85Ff7DruSL3wmhVM1nXxPr/3gs5a8HcC9OdwHwmVA1Si9R9VcMnLhky3zq44HzLKV5/ceXZC3jsiUP8V2eK9WlOI1aDTcuHup53tqz0O4EL+g3jNfNrmfoZRYkw0wkcbXlSrRhI9Vwt4jOjsb9t0aqlJae5OG1x9ebzW+IZBXzz8TmezlOqRmhEYWLJ6k+2nPxxMw/ai+KiQcPEb0l+9Tje9jzV9CRGMZRq15+ofxmJ3EdaXs9mQXORm+bKnc855++iZ5pwIRPq2pJqPbyQ8elm5t64mAtOYH0jYihRWB9+R/QVI6liIYGZtiOzKrJV82chVWo09rcqkeaxeOLXt8C/P3IapRT1yNdOZMknF7PwzvmeVxZFLVbsGEmpRABCREBEWBuy/xddhSiFCwq0Lp9A2wX2zeZkTkiNYqxm3EhFf2pTJfvootW58Tl/sGPyV1vgrh/vAW258blb+eLDT711oWffdrrrlRVAKfprMZpAzwojqXDpRBV9DkVZ9e95hkC7l/HLpmWmKyiTrJBpRNDqeZxXeB8iJebdWqL997UG73h9/xG+c9/PuP4Flz+zgMN6irgTuOOhJ69ezNwHT7Zc2guC0hqjFVVTZA/vPRJ5BpI6SqlzGcpZMpbVlHXhyb2P09/oRyojHFvqokyC0oqaAe8DIuAsHA++bog//KL63EO/dP2PVaprKa/ZvF0/fYph1WLMtGvNzH/gdDOfWuparPPk1iHBoySQ5Y7MOnLn8SEQzoGsei4FpEQQRIS5+Xl+ev+PqTWPM1UXsqxDlju0COI91jly51joWE4u5Rc3c3nvJtNMInHc+b37zi+AxjjTHc2prvr9+VZ+w2wrI3cO6zzWebz3OO/pWU9mi0UKgueKEDnz3Ht/Dqy1zM3Pc98Pf4A6eYgLG4per4tzHu88ee6wuSPLHSeXMuY69jVHeum1c9SZvuz553ehNHR5wYX1yv1PLv7pbLPX6GYeZQwqBEQpYjRZ7jFaEbwjTwLBe6T0oLNdSURWcPbYvn07U1NTiAiVNIWaYs+JLrlW5NZh3ZkMZy3MGIYbUfonl9Vnf3Ts0IJd/m4lkf/3vlM8cbJDq+ee9/Rc969mFnt1G4QgFKb3gkigkWpEArlz9EWB54xUV3Z8NdlwXtc6Y5lGo8Hw8DDDw8MMDg6y2M3Yd6JJx0ecWsqxLuBDCR+wztOI9VjAfNsSn3rJVZdy93/uOmOBif4Kr739If7mj7a9Yq7ZHet0c4iK3Ve+aHCcUzQ7hkZq8N6R5QHrLKrc/WWsHquJnz2W31UKrHX0spym5HQzSzjrfWdhtqU3DMXRS1vxwN7b3/GWtTHwi+km33jX1bXFVu+FC80uWW6xucXmDmuLzyyzzC316GWWXlb4p7V2Bc45nHPn9X3n3Mrn6v9bawm+eLebWWabxfy2jIFlZMV3qpWHF2/vPJp85Js/XBsDvcwyPefXN1u9S5baPSwKLQEVAnhVFB/gdNNRMYKWQFYRrHUoBKUUxhiUUiu7bUzhocuilFKEENBar8SI1hrRGuc9zXaP2Y7CBnVOhRURFvC0usnOfMOW0UruptcIeHq2TaMSbVxq90Y73QwxBi2CMgKrOs08hxkFgxVFLxO8d0hJan5+ngcffJAkSTDG0G632blzJxs2bEBEOHz4MLVajYGBAZ588km2b99OHCeIBKx1HJ9r0RYD6tzSiAjiFEvdfNKJmnJBTefOn3GhwycWyXK7sdXu1bIsx1pLXsJatwanFrucbvbIrF3jJnv37mXPnj1ceumlXHXVVSwuLrJ79+6VtHn48GGSJOH48eO0Wi2iKEKkCNJWt8dss33OWqvRyyytbl5rdrJ1zW6+1oUePzLLRWP1kXYn03mWowWUgDJFFV5tUwFO9BwLjaioyKFIee12G2stURRhjGFkZIRms8nc3Bx79uzhwIEDpGnKoUOH2LJly0pGkuDJspw8twTtivXO40JahE43T7LcD0/PtRFZJeAXT53ipTvX1U7Pt8h6DgMoEZQJKFM0XKuHdzlzSznWOowGEY1zjizLcM7R6/W48sorEZGiaM3NMTo6SqVSodfrMTk5ife+CHiktJIjGPeMLkQILLR6upvZ2tFTLWS1BUKxk7LU7jG/1GNgqFFYwQSUMUWuWyPAYS1470EUWgvOOfI8R2uNUoo4jtcE7o4dO4jjmPHxcTZt2rSSXrXWCILNHcFYUGefMwSC0O7mDKSKEIJICCByRsDUcA2FtLQEmq0OQWv6+kHHEcqHNYEMCu8c3heZR5edWrfbZXFxcSUD7d+/nyzLaDabPPTQQ3S7XQ4cOEC9Xuf06dNMTEwgIpiypbbOEawrfHd1LyvQ6Vna3Qw9XPFKpDXWSFBKnRGwY+MQiJxKDR5nTbvVISDU6lVMHKHU2jhwzhJ8RBzHGK2IoogQAt1ulzRNqVar7N69m9nZWW655RauvfZarr/+er7yla9www03sG7dupW5IqNRKJy1eONQ6kwbEUToZZ5ulqNDIDXkaaxn1w1U0GqVC22bGqReiY7WUtNS3g2EXNHtKFwQqtWUKIpKAWolt3uvSZKE2Gi0MWzbto177rmHXbt2UalUOHr0KNdccw0zMzPs3LmDTqdDo9FgampqTcWOTOFy1jqCXnYhwQchsx7nPMF7Yg21RC8N1uJpg6yNgQ0jDWqV5EhfNZ6JlAxkLkeswioIQYiTiCgyaKXOWCBEhYBIIwJXX301k5OTLCwsoJTiiiuuYPPmzSwuLjI4OIhzjptuuokkSda0FpExKK1w1hG0Q1TA+YD1ZQsSAuI8tVrMSC1+WuWdp0OWkUTmjIB6JebFz9s889379z9WjfXW3lIPUcXNVAByCThb7LTRCu+KDGKiCGM0IkIcx2zbtm2lAi+nyXq9vkK4v7//nL4oMhpdWsBiCZTVXMqONniU96wf7GO4kfzcHrh77sDJFFjVC730sile+PbPZ+PDjd1D/RXBW4LNkTxHrEWswzuPyy1ZbsnynODCSiNnjFkhvlzYQlkfVhM+X1NXHNMgz4ueKjiP+IB4jzgHzjFcjZgarruhvuruR9RVPq33F+KXp5hb6vHnr76SejW9Z3Kk/9jRoyc35nmGAEFR9DsSFYfwoAmlXxYtdJFlg/z6B/vVI0gZtN5DKM8XZWuuQ2CgapjoTxkdqBwa7qvcW0sjDv/skbUWuGzzGFdum+TdN1+xf2pi4O6h/ipic0KeIVlWWiIvdsQ7xPsyphVCefry/lkilIVKEB+g3HkTPMM1w1DFMNqfMtpfvest11/61GAj5VMfff9aCwB0c8f7bvu227hu6Eub1g/fPHt6YczmPQJF90lIIAqIicC7lV3yzvEsL7opHb309dJtCKSRYrieUIuKq5zJ4frRscHav336a/dLrZaeiZ81pgxw6ZZ1vPJFz73/2PHZr05Pn373selTRTBKQElAhRgVBULwSCjOr0HCb3ArdD4NhQUJDhU8fdWUoVpMrAQjjonBQdYN933pL26+8pE77318JdbWuBDAzddtpdnO+NxX/8dt3TzxT9u2TD7aqCWIzZCsVyDPCtgMcR7vHbY8pDxbWFe05JVIM96XMFaPiPEonzNYS9g4MXj/1PjAF277+v3S7ubcfN3W8wsAeP8bXsBNL9nJN77z0wM7tqz/+LYtG+bTSBHyjJD1CFmXkPeQPIfgUVqhjX520AWM1lTShInBBn2xQnmLcjmNRHPB5NDMxonBjz3w2NGj73nt82lU0zV8z3HcS973dT70is1YL7zppivMez9x5wceeHj/x/cfOFKxzqOiGBUliFZsHK/ysss3opUrZ1PFlL8iHJav2LXWpElMrZJgtOHkQpefPH4SIUVJoJpEbJ4aW9pywcStH3v7y//5zu8/Jm/58qNcPF4jd4FHP33LuQKu+/AuAsLpJcvUUMo9H38xn/v2seqDP9nzkZ89euDWg08eS3LrwESoKEaUELwtmi+ty3ODPtNyrO5glSLSijgy1NKYahqRxBFaFW6gtSEyCRqopjGbNox2N24Y/7uFpP8zX7j7Cbt9U7/EkZZ6rMmDEBnFA39/81oBk+/4KgDDtRgbgkLQ00tW33L5uj6Zm/nLfb849N4DB4/UOp0eog3KRCgTgTZFy20MShuUOuMiUaRJoogkNqRJRGyKK0qFlLVFUFKkUYPQqKVMrR9rjkyMfHbPgrr9iZlWpxprBzggCMgHb9wh9+4/yfW/t5E1jffkdW+gmhi8iBLBAElfamqHT3eqbV3d/5zJwcWhRmV7cLYRrEUjxAYSo0iNphJpqrGmlhZXL400op5G1GJNahRRmY51mW3OwJEaxchQg6mpiWnpG7j9R9P2m7OtPEqMiktPEUCMVtLOghw8scTzNo+eEfDm23/AsbkO3eLmTZcptgr0a6XGerkfP56phcGRoemp8cGhehqNEJxWwRPpQkRiINYFIgRDKAiLR4lHi0NJQVgFjw6OSMFAo8rk5KjtHx9/7Jir3Ln3dH7IB+nTqviZtiTvKX7tDLkLcu/f3sjeo/NnBFz+h2/mu3/9Sv71+08oF0QDCVAHhoEJpdgAbJjrhaSlKydHx4Y760YH6o1KUtWIJvjiEkxCSbYgrySggy9FFM8iBdUkYrC/zrp1o35wYuLUYjLw8L5FHpvt+qAVA6r4jTku6TkgByzgchfCfU+cZN/TC2sL2T/sepRKYuhZX6YTolJIDegDBrRisGd9/aDleC0ebI1tHFh34fre+tBZGu61WpVep2vyvLitEJEi4xhNFBnSJKFSSanWqz6p1bshrc3P+fj4TEtOdazraUVDK2KgW65vgRZQKcVoQPkg6onpRVlzIgO4aKIP52U52y2bbVl9F+iUEykFoWNDeCqnHZvqkUa1VhvoGx8YUK4/Dq5uxNdUCBGIVloHZYx1ynStitqLwSwt5DRbi6HrgvdK4bVaWScr1+mUa2alEA+E5Ww92l8BOauVuPXLD6IUEhu9TD4DmqUVKCfsL12roiBVitiHEC90MfOglTJGa6MjrSJdnKS1gAQhuCDeiwTEBwVSEl/eJFuutyygBSwAs+VnZzkTDVQT+cc3XcNPnjy9VkAS6eWWWMqXu+VXvpxgdpl8iaREpBRRcUQVLQFtg2gp3GDVQRTRECjOSMs7ukzerrJAr1yvDSyVYjrlO6GvGsvOGz/PFz/7urV14KJ3fQ2tV+4ldYloFdEESMvPuERUwqzC8kXS2a2KlKTlLAGrkZ8lJl/1zIsgR+aW5IrNo7ztZZestYBZ+2t7WLWgKyfTZxFdTXg11CqcPZbnXZ57tTX8eRBW/41SyKbhBicWurz1ZVvPXeDi9/zHedZcQ+hs6PM8W+U15x3yDAjP8BxY27EfuO11APwvqpXlIigj7n0AAAAldEVYdGRhdGU6Y3JlYXRlADIwMTktMDEtMDlUMDI6MTI6MzkrMDg6MDClD0PgAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE5LTAxLTA5VDAyOjEyOjM5KzA4OjAw1FL7XAAAAEN0RVh0c29mdHdhcmUAL3Vzci9sb2NhbC9pbWFnZW1hZ2ljay9zaGFyZS9kb2MvSW1hZ2VNYWdpY2stNy8vaW5kZXguaHRtbL21eQoAAAAYdEVYdFRodW1iOjpEb2N1bWVudDo6UGFnZXMAMaf/uy8AAAAYdEVYdFRodW1iOjpJbWFnZTo6SGVpZ2h0ADEyOEN8QYAAAAAXdEVYdFRodW1iOjpJbWFnZTo6V2lkdGgAMTI40I0R3QAAABl0RVh0VGh1bWI6Ok1pbWV0eXBlAGltYWdlL3BuZz+yVk4AAAAXdEVYdFRodW1iOjpNVGltZQAxNTQ2OTcxMTU59OK0DQAAABJ0RVh0VGh1bWI6OlNpemUAMTYxODVCiLvlAQAAAGJ0RVh0VGh1bWI6OlVSSQBmaWxlOi8vL2hvbWUvd3d3cm9vdC9uZXdzaXRlL3d3dy5lYXN5aWNvbi5uZXQvY2RuLWltZy5lYXN5aWNvbi5jbi9maWxlcy8xMDgvMTA4NjU1NS5wbmcDuUg9AAAAAElFTkSuQmCC"));
Console.WriteLine("\n\n======== Test Update Perference ===========\n");
Console.WriteLine(mixinApi.UpdatePerference("CONTACTS", "CONTACTS"));
Console.WriteLine(mixinApi.UpdatePerference("EVERYBODY", "EVERYBODY"));
Console.WriteLine("\n\n======== Test Rotate User's QR ===========\n");
Console.WriteLine(mixinApi.RotateUserQR());
Console.WriteLine("\n\n======== Test Friends ===========\n");
var friends = mixinApi.Friends();
foreach (var f in friends)
{
Console.WriteLine(f);
Console.WriteLine();
}
Console.WriteLine("\n\n======== Test Create Attachment ===========\n");
Console.WriteLine(mixinApi.CreateAttachment());
Console.WriteLine("\n\n======== Test Create Conversation ===========\n");
var users = new List <ParticipantAction>();
users.Add(new ParticipantAction {
action = "ADD", role = "", user_id = u.user_id
});
Console.WriteLine(mixinApi.CreateConversation("GROUP", users));
Console.WriteLine(mixinApi.CreateConversation("CONTACT", users));
Console.WriteLine("\n\n======== Test Read Conversation ===========\n");
Console.WriteLine(mixinApi.ReadConversation("fd72abcd-b080-3e0e-bfea-a0b1282b4bd0"));
mixinApi.WebSocketConnect(HandleOnRecivedMessage).Wait();
mixinApi.StartRecive();
do
{
var msg = Console.ReadLine();
mixinApi.SendTextMessage("fd72abcd-b080-3e0e-bfea-a0b1282b4bd0", msg).Wait();
} while (true);
}
/// <summary>
/// Creates new certificate
/// </summary>
/// <returns></returns>
public static void CreateSelfSignedCertificate(string subjectDirName, DateTime startDate, DateTime endDate, int signatureBits, int keyStrength, string password, string fileName)
{
string signatureAlgorithm;
switch (signatureBits)
{
case 160:
signatureAlgorithm = "SHA1withRSA";
break;
case 224:
signatureAlgorithm = "SHA224withRSA";
break;
case 256:
signatureAlgorithm = "SHA256withRSA";
break;
case 384:
signatureAlgorithm = "SHA384withRSA";
break;
case 512:
signatureAlgorithm = "SHA512withRSA";
break;
default:
throw new ArgumentException("Invalid signature bit size.", "signatureBits");
}
// Generating Random Numbers
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(randomGenerator);
// Generate public/private keys.
AsymmetricCipherKeyPair encryptionKeys;
KeyGenerationParameters keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
encryptionKeys = keyPairGenerator.GenerateKeyPair();
// The Certificate Generator
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
certificateGenerator.SetSerialNumber(BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random));
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
certificateGenerator.SetIssuerDN(new X509Name(subjectDirName));
certificateGenerator.SetSubjectDN(new X509Name(subjectDirName));
certificateGenerator.SetNotBefore(startDate);
certificateGenerator.SetNotAfter(endDate);
certificateGenerator.SetPublicKey(encryptionKeys.Public);
// self-sign certificate
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(encryptionKeys.Private, random);
Pkcs12Store store = new Pkcs12Store();
string friendlyName = certificate.SubjectDN.ToString();
X509CertificateEntry certificateEntry = new X509CertificateEntry(certificate);
store.SetCertificateEntry(friendlyName, certificateEntry);
store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(encryptionKeys.Private), new[] { certificateEntry });
MemoryStream stream = new MemoryStream();
store.Save(stream, password.ToCharArray(), random);
//Verify that the certificate is valid.
_ = new X509Certificate2(stream.ToArray(), password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
//Write the file.
File.WriteAllBytes(fileName, stream.ToArray());
File.WriteAllBytes(Path.ChangeExtension(fileName, ".cer"), certificate.GetEncoded());
}
/// <inheritdoc/>
public async Task <(X509Certificate?Certificate, RsaKeyParameters?Key)> GetLocalCertificateAsync(ApplicationDescription applicationDescription, ILogger?logger = null)
{
if (applicationDescription == null)
{
throw new ArgumentNullException(nameof(applicationDescription));
}
string?applicationUri = applicationDescription.ApplicationUri;
if (string.IsNullOrEmpty(applicationUri))
{
throw new ArgumentOutOfRangeException(nameof(applicationDescription), "Expecting ApplicationUri in the form of 'http://{hostname}/{appname}' -or- 'urn:{hostname}:{appname}'.");
}
string?subjectName = null;
string?hostName = null;
string?appName = null;
UriBuilder appUri = new UriBuilder(applicationUri);
if (appUri.Scheme == "http" && !string.IsNullOrEmpty(appUri.Host))
{
var path = appUri.Path.Trim('/');
if (!string.IsNullOrEmpty(path))
{
hostName = appUri.Host;
appName = path;
subjectName = $"CN={appName},DC={hostName}";
}
}
if (appUri.Scheme == "urn")
{
var parts = appUri.Path.Split(new[] { ':' }, 2);
if (parts.Length == 2)
{
hostName = parts[0];
appName = parts[1];
subjectName = $"CN={appName},DC={hostName}";
}
}
if (subjectName == null)
{
throw new ArgumentOutOfRangeException(nameof(applicationDescription), "Expecting ApplicationUri in the form of 'http://{hostname}/{appname}' -or- 'urn:{hostname}:{appname}'.");
}
var crt = default(X509Certificate);
var key = default(RsaKeyParameters);
// Build 'own/certs' certificate store.
var ownCerts = new Org.BouncyCastle.Utilities.Collections.HashSet();
var ownCertsInfo = new DirectoryInfo(Path.Combine(_pkiPath, "own", "certs"));
if (ownCertsInfo.Exists)
{
foreach (var info in ownCertsInfo.EnumerateFiles())
{
using (var crtStream = info.OpenRead())
{
var c = _certParser.ReadCertificate(crtStream);
if (c != null)
{
ownCerts.Add(c);
}
}
}
}
IX509Store ownCertStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(ownCerts));
// Select the newest certificate that matches by subject name.
var selector = new X509CertStoreSelector()
{
Subject = new X509Name(subjectName)
};
crt = ownCertStore.GetMatches(selector).OfType <X509Certificate>().OrderBy(c => c.NotBefore).LastOrDefault();
if (crt != null)
{
// If certificate found, verify alt-name, and retrieve private key.
var asn1OctetString = crt.GetExtensionValue(X509Extensions.SubjectAlternativeName);
if (asn1OctetString != null)
{
var asn1Object = X509ExtensionUtilities.FromExtensionValue(asn1OctetString);
GeneralNames gns = GeneralNames.GetInstance(asn1Object);
if (gns.GetNames().Any(n => n.TagNo == GeneralName.UniformResourceIdentifier && n.Name.ToString() == applicationUri))
{
var ki = new FileInfo(Path.Combine(_pkiPath, "own", "private", $"{crt.SerialNumber}.key"));
if (ki.Exists)
{
using (var keyStream = new StreamReader(ki.OpenRead()))
{
var keyReader = new PemReader(keyStream);
var keyPair = keyReader.ReadObject() as AsymmetricCipherKeyPair;
if (keyPair != null)
{
key = keyPair.Private as RsaKeyParameters;
}
}
}
}
}
}
// If certificate and key are found, return to caller.
if (crt != null && key != null)
{
logger?.LogTrace($"Found certificate with subject alt name '{applicationUri}'.");
return(crt, key);
}
if (!CreateLocalCertificateIfNotExist)
{
return(null, null);
}
// Create new certificate
var subjectDN = new X509Name(subjectName);
// Create a keypair.
var kp = await Task.Run <AsymmetricCipherKeyPair>(() =>
{
RsaKeyPairGenerator kg = new RsaKeyPairGenerator();
kg.Init(new KeyGenerationParameters(_rng, 2048));
return(kg.GenerateKeyPair());
});
key = kp.Private as RsaPrivateCrtKeyParameters;
// Create a certificate.
X509V3CertificateGenerator cg = new X509V3CertificateGenerator();
var subjectSN = BigInteger.ProbablePrime(120, _rng);
cg.SetSerialNumber(subjectSN);
cg.SetSubjectDN(subjectDN);
cg.SetIssuerDN(subjectDN);
cg.SetNotBefore(DateTime.Now.Date.ToUniversalTime());
cg.SetNotAfter(DateTime.Now.Date.ToUniversalTime().AddYears(25));
cg.SetPublicKey(kp.Public);
cg.AddExtension(
X509Extensions.BasicConstraints.Id,
true,
new BasicConstraints(false));
cg.AddExtension(
X509Extensions.SubjectKeyIdentifier.Id,
false,
new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public)));
cg.AddExtension(
X509Extensions.AuthorityKeyIdentifier.Id,
false,
new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public), new GeneralNames(new GeneralName(subjectDN)), subjectSN));
cg.AddExtension(
X509Extensions.SubjectAlternativeName,
false,
new GeneralNames(new[] { new GeneralName(GeneralName.UniformResourceIdentifier, applicationUri), new GeneralName(GeneralName.DnsName, hostName) }));
cg.AddExtension(
X509Extensions.KeyUsage,
true,
new KeyUsage(KeyUsage.DataEncipherment | KeyUsage.DigitalSignature | KeyUsage.NonRepudiation | KeyUsage.KeyCertSign | KeyUsage.KeyEncipherment));
cg.AddExtension(
X509Extensions.ExtendedKeyUsage,
true,
new ExtendedKeyUsage(KeyPurposeID.IdKPClientAuth, KeyPurposeID.IdKPServerAuth));
crt = cg.Generate(new Asn1SignatureFactory("SHA256WITHRSA", key, _rng));
logger?.LogTrace($"Created certificate with subject alt name '{applicationUri}'.");
var keyInfo = new FileInfo(Path.Combine(_pkiPath, "own", "private", $"{crt.SerialNumber}.key"));
if (!keyInfo.Directory.Exists)
{
Directory.CreateDirectory(keyInfo.DirectoryName);
}
else if (keyInfo.Exists)
{
keyInfo.Delete();
}
using (var keystream = new StreamWriter(keyInfo.OpenWrite()))
{
var pemwriter = new PemWriter(keystream);
pemwriter.WriteObject(key);
}
var crtInfo = new FileInfo(Path.Combine(_pkiPath, "own", "certs", $"{crt.SerialNumber}.crt"));
if (!crtInfo.Directory.Exists)
{
Directory.CreateDirectory(crtInfo.DirectoryName);
}
else if (crtInfo.Exists)
{
crtInfo.Delete();
}
using (var crtstream = new StreamWriter(crtInfo.OpenWrite()))
{
var pemwriter = new PemWriter(crtstream);
pemwriter.WriteObject(crt);
}
return(crt, key);
}
protected static X509Certificate2 GenerateCertificate(
string subjectName = "CN=localhost",
string issuerName = "CN=Local AjaxLife CA",
int strength = 2048,
string hashAlgo = "SHA256WithRSA",
double age = 86400
)
{
AsymmetricKeyParameter issuerPrivateKey = GenerateCA(issuerName, strength, hashAlgo, age);
CryptoApiRandomGenerator genRandom = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(genRandom);
X509V3CertificateGenerator genCert = new X509V3CertificateGenerator();
genCert.SetSerialNumber(
BigIntegers.CreateRandomInRange(
BigInteger.One,
BigInteger.ValueOf(Int64.MaxValue),
random
)
);
genCert.SetSignatureAlgorithm(hashAlgo);
genCert.SetIssuerDN(new X509Name(issuerName));
genCert.SetSubjectDN(new X509Name(subjectName));
genCert.SetNotBefore(DateTime.Now.AddSeconds(-86400));
genCert.SetNotAfter(DateTime.Now.AddSeconds(age));
RsaKeyPairGenerator genKeypair = new RsaKeyPairGenerator();
genKeypair.Init(
new KeyGenerationParameters(random, strength)
);
AsymmetricCipherKeyPair keypair = genKeypair.GenerateKeyPair();
genCert.SetPublicKey(keypair.Public);
PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keypair.Private);
X509Certificate2 x509 = new X509Certificate2(genCert.Generate(issuerPrivateKey, random).GetEncoded());
Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("Malformed sequence in RSA private key");
}
RsaPrivateKeyStructure rsa = new RsaPrivateKeyStructure(seq);
RsaPrivateCrtKeyParameters rsaParams = new RsaPrivateCrtKeyParameters(
rsa.Modulus,
rsa.PublicExponent,
rsa.PrivateExponent,
rsa.Prime1,
rsa.Prime2,
rsa.Exponent1,
rsa.Exponent2,
rsa.Coefficient
);
x509.PrivateKey = DotNetUtilities.ToRSA(rsaParams);
AddCertToStore(x509, StoreName.My, StoreLocation.CurrentUser);
return(x509);
}
/// <summary>
/// The bouncy castle button click.
/// </summary>
/// <param name="sender">
/// The sender.
/// </param>
/// <param name="e">
/// The e.
/// </param>
private void BouncyCastleButtonClick(object sender, EventArgs e)
{
// Install-Package BouncyCastle -Version 1.8.1
var keyGenerate = new RsaKeyPairGenerator();
keyGenerate.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));
AsymmetricCipherKeyPair kp1 = keyGenerate.GenerateKeyPair();
var gen1 = new X509V3CertificateGenerator();
var certName1 = new X509Name("CN=DupelMan1");
var serialNo1 = new BigInteger("1", 10);
gen1.SetSerialNumber(serialNo1);
gen1.SetSubjectDN(certName1);
gen1.SetIssuerDN(certName1);
gen1.SetNotAfter(DateTime.Now.AddYears(1));
gen1.SetNotBefore(DateTime.Now.AddDays(-1));
gen1.SetSignatureAlgorithm("SHA1WITHRSA");
gen1.SetPublicKey(kp1.Public);
var myCert1 = gen1.Generate(kp1.Private);
var certBytes1 = DotNetUtilities.ToX509Certificate(myCert1).Export(X509ContentType.Cert);
File.WriteAllBytes("D:\\DupelMan1.cer", certBytes1);
AsymmetricCipherKeyPair kp2 = keyGenerate.GenerateKeyPair();
var gen2 = new X509V3CertificateGenerator();
var certName2 = new X509Name("CN=DupelMan2");
var serialNo2 = new BigInteger("2", 10);
gen2.SetSerialNumber(serialNo2);
gen2.SetSubjectDN(certName2);
gen2.SetIssuerDN(certName2);
gen2.SetNotAfter(DateTime.Now.AddYears(1));
gen2.SetNotBefore(DateTime.Now.AddDays(-1));
gen2.SetSignatureAlgorithm("SHA1WITHRSA");
gen2.SetPublicKey(kp2.Public);
gen2.AddExtension(
X509Extensions.AuthorityKeyIdentifier.Id,
false,
new AuthorityKeyIdentifier(
SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp1.Public),
new GeneralNames(new GeneralName(certName1)),
serialNo1));
var myCert = gen2.Generate(kp1.Private);
var certBytes = DotNetUtilities.ToX509Certificate(myCert).Export(X509ContentType.Cert);
File.WriteAllBytes("D:\\DupelMan2.cer", certBytes);
//this.SaveByteToFile(@"D:\private.bin", kp.Private);
//this.SaveByteToFile(@"D:\public.bin", kp.Public);
/*var certBytes = DotNetUtilities.ToX509Certificate(myCert).Export(X509ContentType.Cert, "12345678");
* var fs = new FileStream("D:\\DupelMan.crt", FileMode.CreateNew);
* fs.Write(certBytes, 0, certBytes.Length);
* fs.Flush();
* fs.Close();*/
certBytes = DotNetUtilities.ToX509Certificate(myCert).Export(X509ContentType.Cert, "12345678");
File.WriteAllBytes("D:\\DupelMan.pfx", certBytes);
/*var fs1 = new FileStream("D:\\DupelMan.pfx", FileMode.CreateNew);
* fs1.Write(certBytes, 0, certBytes.Length);
* fs1.Flush();
* fs1.Close();*/
/*var cert2 = new X509Certificate2(certBytes, "12345678"); // Convert X509Certificate to X509Certificate2
* var rsaPriv = DotNetUtilities.ToRSA(kp.Private as RsaPrivateCrtKeyParameters); // Convert BouncyCastle Private Key to RSA
* var csp = new CspParameters { KeyContainerName = "MyKeyContainer" }; // Setup RSACryptoServiceProvider with "KeyContainerName" set
*
* var rsaPrivate = new RSACryptoServiceProvider(csp);
* rsaPrivate.ImportParameters(rsaPriv.ExportParameters(true)); // Import private key from BouncyCastle's rsa
* cert2.PrivateKey = rsaPrivate; // Set private key on our X509Certificate2
*
* var cert2Bytes = cert2.Export(X509ContentType.Pkcs12, "12345678");
*
* var data = File.ReadAllBytes(@"D:\GPEngRootCA.cer");*/
//SHA1 sha = new SHA1CryptoServiceProvider();
//var signedBytes = sha.ComputeHash(data);
//SHA1 shaM = new SHA1Managed();
//var signedBytes = shaM.ComputeHash(data);
//this.InfoListBox.Items.Add(BitConverter.ToString(signedBytes).Replace("-", " "));
/*if (File.Exists(@"D:\DupelMan.pfx"))
* {
* File.Delete(@"D:\DupelMan.pfx");
* }
*
* File.WriteAllBytes(@"D:\DupelMan.pfx", cert2.Export(X509ContentType.Pkcs12, "12345678"));*/
this.InfoListBox.Items.Add(@"Ok!");
}
public static bool ExportAsPkcs12(this IKeySet keySet, Stream saveStream, Func <string> passwordPrompt)
{
var issuerGenerator = new RsaKeyPairGenerator();
issuerGenerator.Init(new KeyGenerationParameters(Secure.Random, 2048));
var issuerKp = issuerGenerator.GenerateKeyPair();
var issuercn = new X509Name($"CN=Keyczar|{keySet.Metadata.Name}|TEMPCA");
var issuerGenertor = new X509V3CertificateGenerator();
BigInteger issueSerialNumber = BigInteger.ProbablePrime(128, Secure.Random);
issuerGenertor.SetSerialNumber(issueSerialNumber);
issuerGenertor.SetSubjectDN(issuercn);
issuerGenertor.SetIssuerDN(issuercn);
issuerGenertor.SetNotAfter(DateTime.Now.AddYears(100));
issuerGenertor.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)));
issuerGenertor.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeID.AnyExtendedKeyUsage));
issuerGenertor.SetPublicKey(issuerKp.Public);
ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", issuerKp.Private, Secure.Random);
var issuerCert = issuerGenertor.Generate(signatureFactory);
var builder = new Pkcs12StoreBuilder();
var store = builder.Build();
var issueEntryCert = new X509CertificateEntry(issuerCert);
var hasPrivateKeys = false;
foreach (var version in keySet.Metadata.Versions)
{
using (var key = keySet.GetKey(version.VersionNumber))
{
var cn = new X509Name($"CN=Keyczar|{keySet.Metadata.Name}|{version.VersionNumber}");
var certificateGenerator = new X509V3CertificateGenerator();
BigInteger serialNo = BigInteger.ProbablePrime(128, Secure.Random);
certificateGenerator.SetSerialNumber(serialNo);
certificateGenerator.SetSubjectDN(cn);
certificateGenerator.SetIssuerDN(issuercn);
certificateGenerator.SetNotAfter(DateTime.Now.AddYears(100));
certificateGenerator.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)));
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeID.AnyExtendedKeyUsage));
switch (key)
{
case IRsaPrivateKey k:
{
hasPrivateKeys = true;
var publicKey = BouncyCastleFromKey(k.PublicKey);
var privateKey = BouncyCastleFromKey(k);
certificateGenerator.SetPublicKey(publicKey);
var certificate = certificateGenerator.Generate(signatureFactory);
var entryCert = new X509CertificateEntry(certificate);
store.SetCertificateEntry(certificate.SubjectDN.ToString(), entryCert);
var keyEntry = new AsymmetricKeyEntry(privateKey);
store.SetKeyEntry(certificate.SubjectDN.ToString() + "_key", keyEntry, new X509CertificateEntry[] { entryCert, issueEntryCert });
}
break;
case IRsaPublicKey rsaPub:
{
var publicKey = BouncyCastleFromKey(rsaPub);
certificateGenerator.SetPublicKey(publicKey);
var certificate = certificateGenerator.Generate(signatureFactory);
var entryCert = new X509CertificateEntry(certificate);
store.SetCertificateEntry(certificate.SubjectDN.ToString(), entryCert);
}
break;
case DsaPrivateKey dsaKey:
{
hasPrivateKeys = true;
var publicKey = BouncyCastleFromKey(dsaKey.PublicKey);
var privateKey = BouncyCastleFromKey(dsaKey);
certificateGenerator.SetPublicKey(publicKey);
var certificate = certificateGenerator.Generate(signatureFactory);
var entryCert = new X509CertificateEntry(certificate);
store.SetCertificateEntry(certificate.SubjectDN.ToString(), entryCert);
var keyEntry = new AsymmetricKeyEntry(privateKey);
store.SetKeyEntry(certificate.SubjectDN.ToString() + "|key", keyEntry, new X509CertificateEntry[] { entryCert, issueEntryCert });
}
break;
case DsaPublicKey dsaKey:
{
var publicKey = BouncyCastleFromKey(dsaKey);
certificateGenerator.SetPublicKey(publicKey);
var certificate = certificateGenerator.Generate(signatureFactory);
var entryCert = new X509CertificateEntry(certificate);
store.SetCertificateEntry(certificate.SubjectDN.ToString(), entryCert);
}
break;
}
}
}
if (!hasPrivateKeys)
{
passwordPrompt = null;
}
var password = passwordPrompt?.Invoke();
if (String.IsNullOrEmpty(password))
{
password = null;
}
store.Save(saveStream, password?.ToCharArray(), new SecureRandom());
return(true);
}
public override void PerformTest()
{
testSig(1, pub1, prv1, slt1a, msg1a, sig1a);
testSig(2, pub1, prv1, slt1b, msg1b, sig1b);
testSig(3, pub2, prv2, slt2a, msg2a, sig2a);
testSig(4, pub2, prv2, slt2b, msg2b, sig2b);
testSig(5, pub4, prv4, slt4a, msg4a, sig4a);
testSig(6, pub4, prv4, slt4b, msg4b, sig4b);
testSig(7, pub8, prv8, slt8a, msg8a, sig8a);
testSig(8, pub8, prv8, slt8b, msg8b, sig8b);
testSig(9, pub9, prv9, slt9a, msg9a, sig9a);
testSig(10, pub9, prv9, slt9b, msg9b, sig9b);
//
// loop test
//
int failed = 0;
byte[] data = new byte[DATA_LENGTH];
SecureRandom random = new SecureRandom();
RsaKeyParameters[] kprv = { prv1, prv2, prv4, prv8, prv9 };
RsaKeyParameters[] kpub = { pub1, pub2, pub4, pub8, pub9 };
for (int j = 0, i = 0; j < NUM_TESTS; j++, i++)
{
if (i == kprv.Length)
{
i = 0;
}
if (!isProcessingOkay(kpub[i], kprv[i], data, random))
{
failed++;
}
}
if (failed != 0)
{
Fail("loop test failed - failures: " + failed);
}
//
// key generation test
//
RsaKeyPairGenerator pGen = new RsaKeyPairGenerator();
RsaKeyGenerationParameters genParam = new RsaKeyGenerationParameters(
BigInteger.ValueOf(0x11), new SecureRandom(), 1024, 25);
pGen.Init(genParam);
failed = 0;
for (int k = 0; k < NUM_TESTS_WITH_KEY_GENERATION; k++)
{
IAsymmetricCipherKeyPair pair = pGen.GenerateKeyPair();
for (int j = 0; j < NUM_TESTS; j++)
{
if (!isProcessingOkay((RsaKeyParameters)pair.Public, (RsaKeyParameters)pair.Private, data, random))
{
failed++;
}
}
}
if (failed != 0)
{
Fail("loop test with key generation failed - failures: " + failed);
}
}
static void Main(string[] args)
{
n = Int32.Parse(args[0]);
try
{
byte[][] X = new byte[n + 1][];
string[] X0 = new string[n + 1];
Random rnd = new Random();
for (int i = 0; i < n + 1; ++i)
{
UTF8Encoding utf8enc = new UTF8Encoding();
X0[i] = rnd.Next().ToString();
X[i] = utf8enc.GetBytes(X0[i]);
}
RsaKeyParameters[] P = new RsaKeyParameters[n + 1];
for (int i = 0; i < n; ++i)
{
RsaKeyPairGenerator rsaKeyPairGnr = new RsaKeyPairGenerator();
rsaKeyPairGnr.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(new SecureRandom(), 512));
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair = rsaKeyPairGnr.GenerateKeyPair();
RsaKeyParameters publicKey = (RsaKeyParameters)keyPair.Public;
IAsymmetricBlockCipher cipher = new RsaEngine();
P[i + 1] = publicKey;
}
RsaKeyPairGenerator rsaKeyPairGnr_s = new RsaKeyPairGenerator();
rsaKeyPairGnr_s.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(new SecureRandom(), 512));
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair_s = rsaKeyPairGnr_s.GenerateKeyPair();
P[0] = (RsaKeyParameters)keyPair_s.Public;
RsaKeyParameters Ks = (RsaKeyParameters)keyPair_s.Private;
string server = "127.0.0.1";
Int32 port = 13000;
TcpClient client = new TcpClient(server, port);
//Time start
DateTime now = DateTime.Now;
Console.WriteLine("Strat Second: {0}", now.Millisecond);
NetworkStream stream = client.GetStream();
byte[] bytes;
string response;
bytes = new byte[64];
stream.Read(bytes, 0, bytes.Length);
response = System.Text.Encoding.ASCII.GetString(bytes, 0, bytes.Length);
string N = response;
string m = N;
byte[] v = ring_sign(P, m, Ks, X);
stream.Write(v);
Console.WriteLine(v.Length);
string x = "";
for (int i = 0; i < n + 1; ++i)
{
x += P[i].Exponent + "|";
}
string M = "";
for (int i = 0; i < n + 1; ++i)
{
M += P[i].Modulus + "|";
}
string X0_str = "";
for (int i = 0; i < n + 1; ++i)
{
X0_str += X0[i] + "|";
}
bytes = Encoding.UTF8.GetBytes(x + M + X0_str);
stream.Write(bytes);
stream.Flush();
// Close everything.
stream.Close();
client.Close();
}
catch (ArgumentNullException e)
{
Console.WriteLine("ArgumentNullException: {0}", e);
}
catch (SocketException e)
{
Console.WriteLine("SocketException: {0}", e);
}
}
public AsymmetricKeyParameter GenerateCACertificate(string subjectName, string privateKeyFilePassword, string rootsigningCertFileName, int keyStrength = 2048)
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and Subject Name
var subjectDN = new X509Name(subjectName);
var issuerDN = subjectDN;
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
KeyUsage keyUsage = new KeyUsage(KeyUsage.KeyCertSign | KeyUsage.CrlSign);
certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, keyUsage);
// Subject Public Key
AsymmetricCipherKeyPair subjectKeyPair;
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Generating the Certificate
var issuerKeyPair = subjectKeyPair;
// selfsign certificate
ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", issuerKeyPair.Private, random);
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(signatureFactory);
System.Security.Cryptography.X509Certificates.X509Certificate2 x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded());
#region Private Key
// correcponding private key
PrivateKeyInfo pinfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
var seq = (Asn1Sequence)Asn1Object.FromByteArray(pinfo.ParsePrivateKey().GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("malformed sequence in RSA private key");
}
RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(seq);
RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams);
#endregion
// Add CA certificate to Root store
AddCertToStore(x509, System.Security.Cryptography.X509Certificates.StoreName.Root, System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine);
File.WriteAllBytes(rootsigningCertFileName.Replace(".pfx", ".cer"), x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert));
// Export Certificate with private key
File.WriteAllBytes(rootsigningCertFileName, x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs12, privateKeyFilePassword));
return(issuerKeyPair.Private);
}
public System.Security.Cryptography.X509Certificates.X509Certificate2 GenerateSelfSignedCertificate(string certificateName, List <string> subjectAlternateNames, string certificateFileName, string privateKeyFilePassword, string issuerName, AsymmetricKeyParameter issuerPrivKey, int keyStrength)
{
string subjectName = string.Format("CN={0}", certificateName);
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and Subject Name
var subjectDN = new X509Name(subjectName);
// original code var issuerDN = issuerName;
var issuerDN = new X509Name(issuerName);
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
KeyUsage keyUsage = new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment);
certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, keyUsage);
// Add the “Extended Key Usage” attribute, specifying “server authentication”.
var usages = new[] { KeyPurposeID.IdKPServerAuth };
certificateGenerator.AddExtension(
X509Extensions.ExtendedKeyUsage.Id,
false,
new ExtendedKeyUsage(usages));
/* DNS Name=*.fullyqualified.domainname.com */
if (subjectAlternateNames.Count <= 1)
{
/* the <=1 is for the simple reason of showing an alternate syntax .. */
foreach (string subjectAlternateName in subjectAlternateNames)
{
GeneralName altName = new GeneralName(GeneralName.DnsName, subjectAlternateName);
GeneralNames subjectAltName = new GeneralNames(altName);
certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
}
}
else
{
//Asn1Encodable[] ansiEncodeSubjectAlternativeNames = new Asn1Encodable[]
// {
// //new GeneralName(GeneralName.DnsName, “*.fullyqualified.domainname.com”),
// new GeneralName(GeneralName.DnsName, “*.fullyqualified.domainname.com”)
// };
List <Asn1Encodable> asn1EncodableList = new List <Asn1Encodable>();
foreach (string subjectAlternateName in subjectAlternateNames)
{
asn1EncodableList.Add(new GeneralName(GeneralName.DnsName, subjectAlternateName));
}
DerSequence subjectAlternativeNamesExtension = new DerSequence(asn1EncodableList.ToArray());
certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName.Id, false, subjectAlternativeNamesExtension);
}
// Subject Public Key
AsymmetricCipherKeyPair subjectKeyPair;
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Generating the Certificate
var issuerKeyPair = subjectKeyPair;
// selfsign certificate
ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", issuerKeyPair.Private, random);
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(signatureFactory);
// correcponding private key
PrivateKeyInfo pinfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
// merge into X509Certificate2
var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded());
var seq = (Asn1Sequence)Asn1Object.FromByteArray(pinfo.ParsePrivateKey().GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("malformed sequence in RSA private key");
}
RsaPrivateKeyStructure rsa = RsaPrivateKeyStructure.GetInstance(seq);
RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
x509.PrivateKey = DotNetUtilities.ToRSA(rsaparams);
File.WriteAllBytes(certificateFileName.Replace(".pfx", ".cer"), x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert));
// Export Certificate with private key
File.WriteAllBytes(certificateFileName, x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs12, privateKeyFilePassword));
return(x509);
}
protected void Page_Load(object sender, EventArgs e)
{
//AuthCode();
//ModeWappay();
//return;
_log.Info("测试");
//X509Certificate2 pc = new X509Certificate2(@"D:/182000899000001_01.pfx", "123456", X509KeyStorageFlags.MachineKeySet);
////return BigNum.ToDecimalStr(BigNum.ConvertFromHex(pc.SerialNumber)); 低于4.0版本的.NET请使用此方法
////return BigInteger.Parse(pc.SerialNumber, System.Globalization.NumberStyles.HexNumber).ToString();
//Org.BouncyCastle.Math.BigInteger mod = new Org.BouncyCastle.Math.BigInteger(pc.GetSerialNumberString(), 16);
//string m = "123333333333333333333333333333333333333333333333333333333333333333333333333333333333333333344444444444444444444444444FFFFFFFFFFFFGGGGGGGGGGGGGGGGGGGGGGGGGGGGG";
//string sign = Cmn.GetSign(m);
//bool f = Cmn.ValitedSign(sign, m);
//int a = 0;
//Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters)privateKey
//RSA密钥对的构造器
RsaKeyPairGenerator keyGenerator = new RsaKeyPairGenerator();
//RSA密钥构造器的参数
RsaKeyGenerationParameters param = new RsaKeyGenerationParameters(
Org.BouncyCastle.Math.BigInteger.ValueOf(3),
new Org.BouncyCastle.Security.SecureRandom(),
1024, //密钥长度
25);
//用参数初始化密钥构造器
keyGenerator.Init(param);
//产生密钥对
string input = "popozh RSA test";
AsymmetricCipherKeyPair keyPair = keyGenerator.GenerateKeyPair();
//获取公钥和密钥
AsymmetricKeyParameter publicKey = keyPair.Public;
AsymmetricKeyParameter privateKey = keyPair.Private;
if (((RsaKeyParameters)publicKey).Modulus.BitLength < 1024)
{
Console.WriteLine("failed key generation (1024) length test");
}
Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters pu = (Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters)publicKey;
Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters pr = (Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters)privateKey;
//加密
string mSign = GetSign(input, pr);
//解密
bool isPass = ValitedSign(mSign, input, pu);
return;
//一个测试……………………
//输入,十六进制的字符串,解码为byte[]
//string input = "4e6f77206973207468652074696d6520666f7220616c6c20676f6f64206d656e";
//byte[] testData = Org.BouncyCastle.Utilities.Encoders.Hex.Decode(input);
byte[] testData = Encoding.UTF8.GetBytes(input);
Console.WriteLine("明文:" + input + Environment.NewLine);
//非对称加密算法,加解密用
IAsymmetricBlockCipher engine = new RsaEngine();
//公钥加密
engine.Init(true, publicKey);
try
{
testData = engine.ProcessBlock(testData, 0, testData.Length);
Console.WriteLine("密文(base64编码):" + Convert.ToBase64String(testData) + Environment.NewLine);
}
catch (Exception ex)
{
Console.WriteLine("failed - exception " + Environment.NewLine + ex.ToString());
}
//string K = Convert.ToBase64String(testData);//System.Text.Encoding.Default.GetString(testData);
//string sign = Cmn.GetSign(K);
//int m = 1;
//私钥解密
engine.Init(false, privateKey);
try
{
testData = engine.ProcessBlock(testData, 0, testData.Length);
}
catch (Exception ef)
{
Console.WriteLine("failed - exception " + ef.ToString());
}
if (input.Equals(Encoding.UTF8.GetString(testData)))
{
Console.WriteLine("解密成功");
}
Console.Read();
}
public void GenerateUsingCsr()
{
var root = File.ReadAllBytes(@"root.pfx");
X509KeyUsageExtension var = new X509KeyUsageExtension(
X509KeyUsageFlags.CrlSign | X509KeyUsageFlags.DecipherOnly | X509KeyUsageFlags.KeyCertSign, true);
var x509RootCert = new X509Certificate2(root, "airwatch",
X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet);
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
var cert = new X509V3CertificateGenerator();
var csr = string.Empty;
var textReader = new StringReader(csr);
var reader = new Org.BouncyCastle.OpenSsl.PemReader(textReader);
var csrRequestObject = reader.ReadObject() as Pkcs10CertificationRequest;
if (csrRequestObject != null)
{
var csrInfo = csrRequestObject.GetCertificationRequestInfo();
csrInfo.SubjectPublicKeyInfo.GetPublicKey();
cert.SetPublicKey(PublicKeyFactory.CreateKey(csrInfo.SubjectPublicKeyInfo));
}
cert.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage((int)0));
var asn1EncodableVector = new Asn1EncodableVector
{
new DerObjectIdentifier("1.3.6.1.4.1.311.20.2.1")
};
var derSeq = new DerSequence(asn1EncodableVector);
cert.AddExtension(X509Extensions.AuthorityInfoAccess, false, derSeq);
cert.AddExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(true));
var privatekey = x509RootCert.PrivateKey as RSACryptoServiceProvider;
var ss = privatekey.ExportParameters(true);
IRsa rsa = new RsaCoreEngine();
rsa.Init(true, new RsaKeyParameters(true, new BigInteger(1, ss.Modulus), new BigInteger(1, ss.Exponent)));
//var signer = new RsaDigestSigner(rsa, new Sha512Digest(),
// new AlgorithmIdentifier(new DerObjectIdentifier("1.3.6.1.4.1.311.20.2.1")));
//(signingKeyPair, properties.SignatureAlgorithm);
X509Extension extension = new X509Extension(false, new DerOctetString(new AuthorityKeyIdentifierStructure(new X509Certificate(X509CertificateStructure.GetInstance(root)))));
cert.AddExtension(X509Extensions.CertificateIssuer, true, new AuthorityKeyIdentifierStructure(new X509Certificate(X509CertificateStructure.GetInstance(root))));
var serialNumber =
BigIntegers.CreateRandomInRange(
BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
cert.SetSerialNumber(serialNumber);
var subjectDN = new X509Name("CN=test");
cert.SetIssuerDN(subjectDN);
cert.SetSubjectDN(subjectDN);
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(10);
cert.SetNotBefore(notBefore);
cert.SetNotAfter(notAfter);
const int strength = 2048;
var keyGenerationParameters = new KeyGenerationParameters(random, strength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
cert.SetPublicKey(subjectKeyPair.Public);
cert.SetSignatureAlgorithm("SHA256withRSA");
var certificate = cert.Generate(subjectKeyPair.Private, random);
var certexp = new X509Certificate2(certificate.GetEncoded(), "1234");
certexp.Extensions.Add(var);
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(certexp);
File.WriteAllBytes(@"C:\cmstest\test.pfx", certexp
.Export(X509ContentType.Pfx, "1234"));
}
/// <summary>
/// Generates the certificate.
/// </summary>
/// <param name="subjectName">Name of the subject.</param>
/// <param name="issuerName">Name of the issuer.</param>
/// <param name="validFrom">The valid from.</param>
/// <param name="validTo">The valid to.</param>
/// <param name="keyStrength">The key strength.</param>
/// <param name="signatureAlgorithm">The signature algorithm.</param>
/// <param name="issuerPrivateKey">The issuer private key.</param>
/// <param name="hostName">The host name</param>
/// <returns>X509Certificate2 instance.</returns>
/// <exception cref="PemException">Malformed sequence in RSA private key</exception>
private static X509Certificate2 generateCertificate(string?hostName,
string subjectName,
string issuerName, DateTime validFrom,
DateTime validTo, int keyStrength = 2048,
string signatureAlgorithm = "SHA256WithRSA",
AsymmetricKeyParameter?issuerPrivateKey = null)
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var secureRandom = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber =
BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), secureRandom);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and Subject Name
var subjectDn = new X509Name(subjectName);
var issuerDn = new X509Name(issuerName);
certificateGenerator.SetIssuerDN(issuerDn);
certificateGenerator.SetSubjectDN(subjectDn);
certificateGenerator.SetNotBefore(validFrom);
certificateGenerator.SetNotAfter(validTo);
if (hostName != null)
{
// add subject alternative names
var subjectAlternativeNames = new Asn1Encodable[] { new GeneralName(GeneralName.DnsName, hostName) };
var subjectAlternativeNamesExtension = new DerSequence(subjectAlternativeNames);
certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName.Id, false,
subjectAlternativeNamesExtension);
}
// Subject Public Key
var keyGenerationParameters = new KeyGenerationParameters(secureRandom, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Set certificate intended purposes to only Server Authentication
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false,
new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth));
if (issuerPrivateKey == null)
{
certificateGenerator.AddExtension(X509Extensions.BasicConstraints.Id, true, new BasicConstraints(true));
}
var signatureFactory = new Asn1SignatureFactory(signatureAlgorithm,
issuerPrivateKey ?? subjectKeyPair.Private, secureRandom);
// Self-sign the certificate
var certificate = certificateGenerator.Generate(signatureFactory);
// Corresponding private key
var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
var seq = (Asn1Sequence)Asn1Object.FromByteArray(privateKeyInfo.ParsePrivateKey().GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("Malformed sequence in RSA private key");
}
var rsa = RsaPrivateKeyStructure.GetInstance(seq);
var rsaparams = new RsaPrivateCrtKeyParameters(rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent,
rsa.Prime1, rsa.Prime2, rsa.Exponent1,
rsa.Exponent2, rsa.Coefficient);
// Set private key onto certificate instance
var x509Certificate = withPrivateKey(certificate, rsaparams);
if (!doNotSetFriendlyName)
{
try
{
x509Certificate.FriendlyName = ProxyConstants.CNRemoverRegex.Replace(subjectName, string.Empty);
}
catch (PlatformNotSupportedException)
{
doNotSetFriendlyName = true;
}
}
return(x509Certificate);
}
//
// Summary:
// /// Method responsible for generate certificate. ///
//
// Parameters:
// request:
// The request param.
//
public CreateCertificateResult Generate(CreateCertificateCommand request)
{
AsymmetricKeyParameter caPrivateKey = null;
var caCert = GenerateCACertificate("CN=MyROOTCA", ref caPrivateKey);
SecureRandom random = new SecureRandom();
RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(new KeyGenerationParameters(random, 2048));
AsymmetricCipherKeyPair subjectKeyPair = keyPairGenerator.GenerateKeyPair();
IDictionary issuerAttrs = FactoryIssuerAttrs();
IDictionary subjectAttrs = FactorySubjectAttrs(request);
BigInteger serialNumber = BigInteger.ProbablePrime(120, new Random());
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
certificateGenerator.SetSerialNumber(serialNumber);
certificateGenerator.SetIssuerDN(new X509Name(new ArrayList(issuerAttrs.Keys), issuerAttrs));
certificateGenerator.SetSubjectDN(new X509Name(new ArrayList(subjectAttrs.Keys), subjectAttrs));
certificateGenerator.SetNotBefore(DateTime.UtcNow.Date);
certificateGenerator.SetNotAfter(DateTime.UtcNow.Date.AddYears(3));
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
certificateGenerator.AddExtension(X509Extensions.KeyUsage, true,
new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyAgreement | KeyUsage.NonRepudiation));
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false,
new ExtendedKeyUsage(new[] { KeyPurposeID.IdKPServerAuth }));
GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.DnsName, "SAN"));
certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
Asn1SignatureFactory signatureFactory =
new Asn1SignatureFactory(HashType.SHA256WithRSA.ToString(), subjectKeyPair.Private);
X509Certificate certificate = certificateGenerator.Generate(signatureFactory);
X509CertificateEntry certEntry = new X509CertificateEntry(certificate);
Pkcs12Store store = new Pkcs12StoreBuilder().Build();
store.SetCertificateEntry(certificate.SubjectDN.ToString(), certEntry);
store.SetKeyEntry(certificate.SubjectDN + "_key", new AsymmetricKeyEntry(subjectKeyPair.Private),
new[] { certEntry });
MemoryStream p12Stream = new MemoryStream();
store.Save(p12Stream, request.Pin.ToCharArray(), random);
byte[] pfx = Pkcs12Utilities.ConvertToDefiniteLength(p12Stream.ToArray(), request.Pin.ToCharArray());
X509Certificate2 x509Certificate2 =
new X509Certificate2(pfx, request.Pin, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
CreateCrl(caCert, caPrivateKey, serialNumber);
return(FactoryResponse(x509Certificate2));
}
static void Main(string[] args)
{
Console.WriteLine("Please select option 1/2");
string option = Console.ReadLine();
if (option == "1")
{
Certificate cert = new Certificate(2048);
Console.WriteLine("---------------------------- AS2805.6.5.3 Option 1--------------------------------------------------------");
Console.WriteLine("---------------Manufacturer’s key pair (PKman, SKman)---------------");
Certificate man = new Certificate(2048);
byte[] PKman = man.GetPublicKey();
byte[] SKman = man.GetPrivateKey();
Console.WriteLine("------------------Terminal cryptographic unit’s key pair (PKtcu, SKtcu)-------------------");
Certificate tcu = new Certificate(2048);
byte[] PKtcu = tcu.GetPublicKey();
byte[] SKtcu = tcu.GetPrivateKey();
Console.WriteLine("----------------Sponsor’s key pair (PKsp, SKsp)------------------------");
Certificate sp = new Certificate(2048);
byte[] PKsp = sp.GetPublicKey();
byte[] SKsp = sp.GetPrivateKey();
Console.WriteLine("--------------Getting RNsp, tcuid and user data -------------- ");
Random rnd = new Random();
string RNsp = rnd.Next(222222, 999999).ToString();
byte[] RNsp_bytes = Encoding.ASCII.GetBytes(RNsp);
Console.WriteLine("RNsp: \t" + RNsp);
string user_data = "OPTIONAL USER DATA THAT CAN BE ANY LENGTH";
byte[] user_data_bytes = Encoding.ASCII.GetBytes(user_data);
Console.WriteLine("User Data: \t" + user_data);
string tcuid = "MN044712H";
byte[] tcuid_bytes = Encoding.ASCII.GetBytes(tcuid);
Console.WriteLine("TCUID: \t" + tcuid);
string AIIC = "0000045127823121";
byte[] AIIC_bytes = Encoding.ASCII.GetBytes(AIIC);
Console.WriteLine("AIIC: \t" + AIIC);
SecureRandom random = new SecureRandom();
DesEdeKeyGenerator keyGen = new DesEdeKeyGenerator();
keyGen.Init(new KeyGenerationParameters(random, 128));
byte[] KI_bytes = keyGen.GenerateKey();
string KI = BitConverter.ToString(KI_bytes).Replace("-", string.Empty);
Console.WriteLine("KI: \t" + KI);
byte[] KIA_bytes = keyGen.GenerateKey();
string KIA = BitConverter.ToString(KIA_bytes).Replace("-", string.Empty);
Console.WriteLine("KIA: \t" + KIA);
byte[] KCA_bytes = keyGen.GenerateKey();
string KCA = BitConverter.ToString(KCA_bytes).Replace("-", string.Empty);
Console.WriteLine("KCA: \t" + KCA);
DateTime today = DateTime.Now.Date;
byte[] today_bytes = Encoding.ASCII.GetBytes(today.ToString("yyyyMMdd HH:mm:ss"));
Console.WriteLine("DTS: \t" + today.ToString("yyyyMMdd HH:mm:ss"));
Console.WriteLine("-----------------------------------------------------------------------");
Console.WriteLine("--------------------------Sponsor Pre-Compute--------------------------");
HashMAC hash = new HashMAC(new Sha256Digest());
byte[] H_PKman_userdata = hash.Hash_Data(PKman.Concat(user_data_bytes).ToArray());
Console.WriteLine("SHA256 Hash of PKman + user data : \n" + Utils.HexDump(H_PKman_userdata));
byte[] H_PKsp_RNsp_userdata = hash.Hash_Data(PKsp.Concat(RNsp_bytes).Concat(user_data_bytes).ToArray());
//Console.WriteLine("SHA256 Hash of PKsp + user data : \n" + Utils.HexDump(H_PKman_userdata));
Console.WriteLine("----------------------------------------------------------------------------------");
Signature sign = new Signature();
byte[] sSKman_H_PKman_userdata = sign.SignData(H_PKman_userdata, man.get_Private_Params());
Console.WriteLine("Sponsor Verifies Manufacturer Signature of sSKman(H(PKman + user data)) : \n" + Utils.HexDump(sSKman_H_PKman_userdata));
byte[] sSKman_H_PKsp_RNsp_userdata = sign.SignData(H_PKsp_RNsp_userdata, man.get_Private_Params());
//Console.WriteLine("Signature of sSKman(H(PKsp + user data)) : \n" + Utils.HexDump(sSKman_H_PKsp_userdata));
byte[] H_PKsp = hash.Hash_Data(PKsp);
//Console.WriteLine("SHA256 Hash of PKsp : \n" + Utils.HexDump(H_PKsp));
byte[] sSKman_H_PKsp = sign.SignData(H_PKsp, man.get_Private_Params());
//Console.WriteLine("Signature of sSKman(H(PKsp))) : \n" + Utils.HexDump(sSKman_H_PKsp));
//Console.WriteLine("--------------------------TCU Pre-Compute--------------------------");
byte[] H_PKtcu = hash.Hash_Data(PKtcu);
//Console.WriteLine("SHA256 Hash of PKtcu : \n" + Utils.HexDump(H_PKtcu));
//Pad pad = new Pad();
//var padHash = pad.Pad_Data(H_PKtcu, 128);
//Console.WriteLine("SHA256 Hash of PKtcu and PKCS v1.5 padding : \n" + Utils.HexDump(padHash));
Console.WriteLine("----------------------------------------------------------------------------------");
byte[] sSKman_H_PKtcu_ = sign.SignData(H_PKtcu, man.get_Private_Params());
Console.WriteLine("Termninal Verifies Manufacturer Signature of PKtcu sSKman(H(PKtcu)) :\n" + Utils.HexDump(sSKman_H_PKtcu_));
Console.WriteLine("----------------------------------------------------------------------------------");
byte[] sSKman_H_PKtcu_TCUID_userdata = sign.SignData(H_PKtcu.Concat(tcuid_bytes).Concat(user_data_bytes).ToArray(), man.get_Private_Params());
//Console.WriteLine("Signature of sSKman(H(PKtcu)|TCUID|user data) : \n" + Utils.HexDump(sSKman_H_PKtcu));
//Console.ReadLine();
Console.WriteLine("-------------------------- OPTION 1 --------------------------");
Console.WriteLine("--------------------------SIGN ON REQUEST 1--------------------------\n\n");
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("TCU -> Sending:...");
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("User Data: " + user_data + "\n" + Utils.HexDump(user_data_bytes));
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("TCUID: " + tcuid + " \n" + Utils.HexDump(tcuid_bytes));
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("H(PKtcu) \n" + Utils.HexDump(H_PKtcu));
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("sSKman(H(PKtcu)|TCUID|user data) \n" + Utils.HexDump(sSKman_H_PKtcu_TCUID_userdata));
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("------------------------SIGN ON RESPONSE 1--------------------------------------");
Console.WriteLine("Veryfying Signature of sSKman(H(PKtcu)|TCUID|user data)");
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("User Data: " + user_data + "\n" + Utils.HexDump(user_data_bytes));
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("RNsp: " + RNsp + "\n" + Utils.HexDump(RNsp_bytes));
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("H(PKsp|RNsp|userdata) \n" + Utils.HexDump(H_PKsp_RNsp_userdata));
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("Sign: sSKman(H(PKsp|RNsp|user data)):\n" + Utils.HexDump(sSKman_H_PKsp_RNsp_userdata));
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("-------------------------- SIGN ON REQUEST 2--------------------------\n\n");
//Construct cryptogram encrypted by PKsp
Console.WriteLine("Constructing the KI KeyBlock cryptogram (KI, TCUID, RNsp, DTS, user dat)----------");
Asn1 asn = new Asn1();
byte[] KI_KeyBlock_bytes = asn.KI_KeyBlock(KI_bytes, tcuid_bytes, today_bytes, RNsp_bytes, user_data_bytes);
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine(Utils.HexDump(KI_KeyBlock_bytes));
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("Encrypt: ePKsp(KI, TCUID, RNsp, DTS, user data): \n");
byte[] PKsp_KI_TCUID_RNsp_DTS_user_data = sp.Encrypt(KI_KeyBlock_bytes);
Console.WriteLine(Utils.HexDump(PKsp_KI_TCUID_RNsp_DTS_user_data));
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("Hash: H(ePKsp(KI, TCUID, RNsp, DTS, user data)): \n");
byte[] H_PKsp_KI_TCUID_RNsp_DTS_user_data = hash.Hash_Data(PKsp_KI_TCUID_RNsp_DTS_user_data);
Console.WriteLine(Utils.HexDump(H_PKsp_KI_TCUID_RNsp_DTS_user_data));
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("Sign: sSKtcu(H(ePKsp(KI, TCUID, RNsp, DTS, user data))): \n");
byte[] sSKtcu_H_PKsp_KI_TCUID_RNsp_DTS_user_data = sign.SignData(H_PKsp_KI_TCUID_RNsp_DTS_user_data, tcu.get_Private_Params());
Console.WriteLine(Utils.HexDump(sSKtcu_H_PKsp_KI_TCUID_RNsp_DTS_user_data));
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("Send Signature and Encryption to Sponsor so that KI can be extracted \n");
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("Verify: sSKtcu(H(ePKsp(KI, TCUID, RNsp, DTS, user data))): \n");
bool sSKtcuV = sign.VerifySignature(tcu.get_Public_Params(), sSKtcu_H_PKsp_KI_TCUID_RNsp_DTS_user_data, H_PKsp_KI_TCUID_RNsp_DTS_user_data);
Console.WriteLine("Verified: " + sSKtcuV);
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("Decrypt: ePKsp(KI, TCUID, RNsp, DTS, user data): \n");
Console.WriteLine("Decrypted:\n" + Utils.HexDump(sp.Decrypt(PKsp_KI_TCUID_RNsp_DTS_user_data)));
Console.WriteLine("----------------------------------------------------------------------------------\n\n");
Console.WriteLine("-------------------------- SIGN ON RESPONSE 2-------------------------\n\n");
/*
* The KCA shall be used to derive a unique KIA_n per acquirer. The sponsor shall be responsible for providing the KIA_n to each acquirer through a secure channel.
* Each acquirer shall use its unique KIAn to download or derive the initial key(s) required for the appropriate key management scheme
*
*
* The AIIC is right justified and left zero filled in a 128-bit data field.
* KMACI_n = (OWF(KIA_n,D))
* KCA =
*/
DESAES desaes = new DESAES();
Console.WriteLine("-------------------------Calculate KMACI_n = HMAC(KIA_n,AIIC) -------------------------\n");
Console.WriteLine("-------------------------OWF = SHA256 HMAC -------------------------");
byte[] H_KIA_n_AIIC = hash.HMAC(AIIC_bytes, KIA_bytes);
Console.WriteLine("KMAC = \n" + Utils.HexDump(H_KIA_n_AIIC));
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("KCA = \n" + Utils.HexDump(KCA_bytes));
Console.WriteLine("------------------------------ENCRYPT---------------------------------------------");
var E_KMAC = desaes.EncryptDES3(H_KIA_n_AIIC, KI_bytes);
Console.WriteLine("e(KMAC) = \n" + Utils.HexDump(E_KMAC));
Console.WriteLine("----------------------------------------------------------------------------------");
var E_KCA = desaes.EncryptDES3(KCA_bytes, KI_bytes);
Console.WriteLine("e(KCA) = \n" + Utils.HexDump(E_KCA));
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("------------------------------DECRYPT---------------------------------------------");
var D_KCA = desaes.DecryptDES3(E_KCA, KI_bytes);
Console.WriteLine("d(KCA) = \n" + Utils.HexDump(D_KCA));
Console.WriteLine("----------------------------------------------------------------------------------");
var D_KMAC = desaes.DecryptDES3(E_KMAC, KI_bytes);
Console.WriteLine("d(KMAC) = \n" + Utils.HexDump(D_KMAC));
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine("**------------------------------DONE--------------------------------------------**");
}
else
{
bool ForEncryption = true;
//Requested Certificate Name and things
X509Name name = new X509Name("C=Commonwealth Bank of Australia, O=CBA, OU=Cryptographical Services, CN=TID25124548");
//Key generation 2048bits
var rkpg = new RsaKeyPairGenerator();
rkpg.Init(new KeyGenerationParameters(new SecureRandom(), 2048));
AsymmetricCipherKeyPair ackp = rkpg.GenerateKeyPair(); //BAPI.EncryptionKey;
//if (!ForEncryption) ackp = BAPI.SignKey;
//Key Usage Extension
var ku = new KeyUsage(ForEncryption ? KeyUsage.KeyEncipherment : KeyUsage.DigitalSignature);
var extgen = new Org.BouncyCastle.Asn1.X509.X509ExtensionsGenerator();
extgen.AddExtension(X509Extensions.KeyUsage, true, ku);
var attribute = new AttributeX509(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, new DerSet(extgen.Generate()));
//PKCS #10 Certificate Signing Request
Pkcs10CertificationRequest csr = new Pkcs10CertificationRequest("SHA1WITHRSA", name, ackp.Public, new DerSet(attribute), ackp.Private); //new DerSet(new DerOctetString(ku))
var csrbytedata = csr.GetDerEncoded();
var asn1Csr = csr.ToAsn1Object();
//////
Console.WriteLine(asn1Csr.GetDerEncoded().ToString());
Console.WriteLine(Utils.HexDump(csrbytedata));
string pwd = "password";
var suppliers = new[] { "CN=*.cba.com.au" };
var CA_issuer = new X509(suppliers, "CN=CBA RootCA, OU=Cryptographical Services, O=Commonwealth Bank of Australia, L=SYDNEY, C=AU", CertStrength.bits_2048);
X509Certificate2 GeneratedCert = CA_issuer.MakeCertificate(pwd, "CN=TID25124548.cba.com.au, OU=Commonwealth Bank of Australia, OU=CBA Business System Hosting, O=Commonwealth Bank of Australia, C=AU", 2);
Console.WriteLine(GeneratedCert.ToString());
Console.WriteLine(Utils.HexDump(GeneratedCert.Export(X509ContentType.Pkcs12, pwd)));
Console.ReadLine();
}
}
/// <summary>
/// Create a CSR and submit it to the Acme server for signing. Returns the certificate chain.
/// </summary>
/// <param name="domains">The list of domains that this certificate will be for. The first domain listed will be the CommonName.</param>
/// <param name="keyPair">The RSA key pair for signing the certificate request, this is the key that will be used in conjunction with the certificate.</param>
/// <returns>A tuple whose first value is the private key data and whose second value is a list of certificates. Everything is encoded in DER format, the first certificate is the signed certificate.</returns>
public Tuple <byte[], List <byte[]> > GetCertificate(ICollection <string> domains)
{
//
// Generate a new key for the certificate.
//
var generator = new RsaKeyPairGenerator();
generator.Init(new KeyGenerationParameters(new SecureRandom(), 2048));
var keyPair = generator.GenerateKeyPair();
var sig = new Asn1SignatureFactory("SHA256WITHRSA", keyPair.Private);
var commonName = new X509Name(new DerObjectIdentifier[] { X509Name.CN }, new string[] { domains.First() });
//
// Generate the list of subject alternative names.
//
List <GeneralName> names = new List <GeneralName>();
foreach (var domain in domains)
{
names.Add(new GeneralName(GeneralName.DnsName, domain));
}
var sanOctect = new DerOctetString(new GeneralNames(names.ToArray()));
var sanSequence = new DerSequence(X509Extensions.SubjectAlternativeName, sanOctect);
var extensionSet = new DerSet(new DerSequence(sanSequence));
var attributes = new DerSet(new DerSequence(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, extensionSet));
//
// Generate the CSR from all the data.
//
var csr = new Pkcs10CertificationRequest(sig, commonName, keyPair.Public, attributes, keyPair.Private);
var payload = new
{
resource = "new-cert",
csr = UrlBase64Encode(csr.GetDerEncoded())
};
var certificates = new List <X509Certificate>();
var certParser = new X509CertificateParser();
byte[] certData;
//
// Send the request and fetch the certificate data.
//
certData = SendMessage <byte[]>(Directory.NewCert, payload, GetNonce(), out WebHeaderCollection headers);
certificates.Add(certParser.ReadCertificate(certData));
//
// Fetch all the certificates in the chain.
//
foreach (var link in headers.GetValues("Link"))
{
var match = System.Text.RegularExpressions.Regex.Match(link, "\\<(.*)\\>;rel=\"(.*)\"");
if (match.Success && match.Groups[2].Value == "up")
{
certData = GetRequest <byte[]>(match.Groups[1].Value);
certificates.Add(certParser.ReadCertificate(certData));
}
}
var privateKeyData = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private).ToAsn1Object().GetDerEncoded();
var certificateData = certificates.Select(c => c.GetEncoded()).ToList();
return(new Tuple <byte[], List <byte[]> >(privateKeyData, certificateData));
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
// ReSharper disable once InconsistentNaming
public void Configure(IApplicationBuilder app, IApplicationLifetime applicationLifetime,
IHostingEnvironment env, ILoggerFactory loggerFactory)
{
// create default configuration
var serverConfig = new SConfiguration();
// bind configuration
_fileConfig.Bind(serverConfig);
// build context
var context = SConfigurator.createContext(serverConfig);
// import crypto keys
var privateKeySource = context.configuration.privateKey;
if (string.IsNullOrEmpty(privateKeySource))
{
// generate crypto keys
var defaultKeySize = 2048;
context.log.writeLine($"Private key not provided, generating new keypair of size {defaultKeySize}",
SLogger.LogLevel.Information);
var gen = new RsaKeyPairGenerator();
gen.Init(new KeyGenerationParameters(new SecureRandom(), defaultKeySize));
var keyPair = gen.GenerateKeyPair();
var privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private);
var publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public);
privateKeySource = Convert.ToBase64String(privateKeyInfo.ToAsn1Object().GetDerEncoded());
var encodedPublicKey = Convert.ToBase64String(publicKeyInfo.ToAsn1Object().GetDerEncoded());
context.log.writeLine($"private key:\n{privateKeySource}", SLogger.LogLevel.Information);
context.log.writeLine($"public key:\n{encodedPublicKey}", SLogger.LogLevel.Information);
}
// import key pair
var privateKey =
(RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(Convert.FromBase64String(privateKeySource));
context.configuration.crypto = DotNetUtilities.ToRSA(privateKey);
context.log.writeLine($"Imported private key from configuration", SLogger.LogLevel.Information);
context.log.writeLine("Server context created", SLogger.LogLevel.Information);
// load persistent state
SConfigurator.loadState(context, state_storage_database_file_name);
context.log.writeLine($"Persistent state loaded from {state_storage_database_file_name}",
SLogger.LogLevel.Information);
// load database
context.connectDatabase();
context.log.writeLine($"Database connected", SLogger.LogLevel.Information);
// register application stop handler
// AssemblyLoadContext.Default.Unloading += (c) => OnUnload(context);
applicationLifetime.ApplicationStopping.Register(() => onUnload(context));
context.log.writeLine($"Application interrupt handler registered", SLogger.LogLevel.Information);
// add aspnet developer exception page
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
// add aspnet logger
if (env.IsDevelopment() && serverConfig.aspnetVerboseLogging)
{
loggerFactory.AddConsole(LogLevel.Information);
}
else
{
loggerFactory.AddConsole(LogLevel.Warning);
}
// add wwwroot/
app.UseStaticFiles();
// set up Nancy OWIN hosting
app.UseOwin(x => x.UseNancy(options => {
options.PassThroughWhenStatusCodesAre(
HttpStatusCode.NotFound,
HttpStatusCode.InternalServerError
);
options.Bootstrapper = new AppBootstrapper(context);
}));
context.log.writeLine($"Web services mapped successfully", SLogger.LogLevel.Information);
}
/// <summary>
/// Creates a self signed application instance certificate.
/// </summary>
/// <param name="storeType">Type of certificate store (Directory) <see cref="CertificateStoreType"/>.</param>
/// <param name="storePath">The store path (syntax depends on storeType).</param>
/// <param name="password">The password to use to protect the certificate.</param>
/// <param name="applicationUri">The application uri (created if not specified).</param>
/// <param name="applicationName">Name of the application (optional if subjectName is specified).</param>
/// <param name="subjectName">The subject used to create the certificate (optional if applicationName is specified).</param>
/// <param name="domainNames">The domain names that can be used to access the server machine (defaults to local computer name if not specified).</param>
/// <param name="keySize">Size of the key (1024, 2048 or 4096).</param>
/// <param name="startTime">The start time.</param>
/// <param name="lifetimeInMonths">The lifetime of the key in months.</param>
/// <param name="hashSizeInBits">The hash size in bits.</param>
/// <param name="isCA">if set to <c>true</c> then a CA certificate is created.</param>
/// <param name="issuerCAKeyCert">The CA cert with the CA private key.</param>
/// <returns>The certificate with a private key.</returns>
public static X509Certificate2 CreateCertificate(
string storeType,
string storePath,
string password,
string applicationUri,
string applicationName,
string subjectName,
IList <String> domainNames,
ushort keySize,
DateTime startTime,
ushort lifetimeInMonths,
ushort hashSizeInBits,
bool isCA = false,
X509Certificate2 issuerCAKeyCert = null,
byte[] publicKey = null)
{
if (issuerCAKeyCert != null)
{
if (!issuerCAKeyCert.HasPrivateKey)
{
throw new NotSupportedException("Cannot sign with a CA certificate without a private key.");
}
}
if (publicKey != null && issuerCAKeyCert == null)
{
throw new NotSupportedException("Cannot use a public key without a CA certificate with a private key.");
}
// set default values.
X509Name subjectDN = SetSuitableDefaults(
ref applicationUri,
ref applicationName,
ref subjectName,
ref domainNames,
ref keySize,
ref lifetimeInMonths);
using (var cfrg = new CertificateFactoryRandomGenerator())
{
// cert generators
SecureRandom random = new SecureRandom(cfrg);
X509V3CertificateGenerator cg = new X509V3CertificateGenerator();
// Serial Number
BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
cg.SetSerialNumber(serialNumber);
// subject and issuer DN
X509Name issuerDN = null;
if (issuerCAKeyCert != null)
{
issuerDN = new CertificateFactoryX509Name(issuerCAKeyCert.Subject);
}
else
{
// self signed
issuerDN = subjectDN;
}
cg.SetIssuerDN(issuerDN);
cg.SetSubjectDN(subjectDN);
// valid for
cg.SetNotBefore(startTime);
cg.SetNotAfter(startTime.AddMonths(lifetimeInMonths));
// set Private/Public Key
AsymmetricKeyParameter subjectPublicKey;
AsymmetricKeyParameter subjectPrivateKey;
if (publicKey == null)
{
var keyGenerationParameters = new KeyGenerationParameters(random, keySize);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
AsymmetricCipherKeyPair subjectKeyPair = keyPairGenerator.GenerateKeyPair();
subjectPublicKey = subjectKeyPair.Public;
subjectPrivateKey = subjectKeyPair.Private;
}
else
{
// special case, if a cert is signed by CA, the private key of the cert is not needed
subjectPublicKey = PublicKeyFactory.CreateKey(publicKey);
subjectPrivateKey = null;
}
cg.SetPublicKey(subjectPublicKey);
// add extensions
// Subject key identifier
cg.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, false,
new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectPublicKey)));
// Basic constraints
cg.AddExtension(X509Extensions.BasicConstraints.Id, true, new BasicConstraints(isCA));
// Authority Key identifier references the issuer cert or itself when self signed
AsymmetricKeyParameter issuerPublicKey;
BigInteger issuerSerialNumber;
if (issuerCAKeyCert != null)
{
issuerPublicKey = GetPublicKeyParameter(issuerCAKeyCert);
issuerSerialNumber = GetSerialNumber(issuerCAKeyCert);
}
else
{
issuerPublicKey = subjectPublicKey;
issuerSerialNumber = serialNumber;
}
cg.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, false,
new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issuerPublicKey),
new GeneralNames(new GeneralName(issuerDN)), issuerSerialNumber));
if (!isCA)
{
// Key usage
cg.AddExtension(X509Extensions.KeyUsage, true,
new KeyUsage(KeyUsage.DataEncipherment | KeyUsage.DigitalSignature |
KeyUsage.NonRepudiation | KeyUsage.KeyCertSign | KeyUsage.KeyEncipherment));
// Extended Key usage
cg.AddExtension(X509Extensions.ExtendedKeyUsage, true,
new ExtendedKeyUsage(new List <DerObjectIdentifier>()
{
new DerObjectIdentifier("1.3.6.1.5.5.7.3.1"), // server auth
new DerObjectIdentifier("1.3.6.1.5.5.7.3.2"), // client auth
}));
// subject alternate name
List <GeneralName> generalNames = new List <GeneralName>();
generalNames.Add(new GeneralName(GeneralName.UniformResourceIdentifier, applicationUri));
for (int i = 0; i < domainNames.Count; i++)
{
int domainType = GeneralName.OtherName;
switch (Uri.CheckHostName(domainNames[i]))
{
case UriHostNameType.Dns: domainType = GeneralName.DnsName; break;
case UriHostNameType.IPv4:
case UriHostNameType.IPv6: domainType = GeneralName.IPAddress; break;
default: continue;
}
generalNames.Add(new GeneralName(domainType, domainNames[i]));
}
cg.AddExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(generalNames.ToArray()));
}
else
{
// Key usage CA
cg.AddExtension(X509Extensions.KeyUsage, true,
new KeyUsage(KeyUsage.CrlSign | KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
}
// sign certificate
AsymmetricKeyParameter signingKey;
if (issuerCAKeyCert != null)
{
// signed by issuer
signingKey = GetPrivateKeyParameter(issuerCAKeyCert);
}
else
{
// self signed
signingKey = subjectPrivateKey;
}
ISignatureFactory signatureFactory =
new Asn1SignatureFactory(GetRSAHashAlgorithm(hashSizeInBits), signingKey, random);
Org.BouncyCastle.X509.X509Certificate x509 = cg.Generate(signatureFactory);
// convert to X509Certificate2
X509Certificate2 certificate = null;
if (subjectPrivateKey == null)
{
// create the cert without the private key
certificate = new X509Certificate2(x509.GetEncoded());
}
else
{
// note: this cert has a private key!
certificate = CreateCertificateWithPrivateKey(x509, null, subjectPrivateKey, random);
}
Utils.Trace(Utils.TraceMasks.Security, "Created new certificate: {0}", certificate.Thumbprint);
// add cert to the store.
if (!String.IsNullOrEmpty(storePath) && !String.IsNullOrEmpty(storeType))
{
using (ICertificateStore store = CertificateStoreIdentifier.CreateStore(storeType))
{
if (store == null)
{
throw new ArgumentException("Invalid store type");
}
store.Open(storePath);
store.Add(certificate, password);
store.Close();
}
}
return(certificate);
}
}
private AsymmetricCipherKeyPair GenerateRsaKeyPair()
{
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(new KeyGenerationParameters(GetSecureRandom(), RsaKeySizeBits));
return keyPairGenerator.GenerateKeyPair();
}
/// Note: Much of this code comes from https://stackoverflow.com/a/22247129
/// <exception cref="CryptographicException">
/// Sometimes thrown due to issues generating keys.
/// </exception>
private static X509Certificate2 GenerateSelfSignedCertificate(string subject)
{
const int keyStrength = 2048;
// Generating Random Numbers
//
// For some reason the CryptoAPI wrapper doesn't come with the
// .Net Core/Standard version of BouncyCastle, guessing this is most likely due to
// platform compat issues. Use VMPC.
var randomGenerator = new VmpcRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
certificateGenerator.SetSerialNumber(BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random));
// Subject Public Key
var keyPairGenerator = new RsaKeyPairGenerator();
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Subject DN
certificateGenerator.SetSubjectDN(new X509Name("CN=" + subject));
// Subject Alternative Name
var subjectAlternativeNames = new List <Asn1Encodable>()
{
new GeneralName(GeneralName.DnsName, Environment.MachineName),
new GeneralName(GeneralName.DnsName, "localhost"),
new GeneralName(GeneralName.IPAddress, "127.0.0.1"),
};
if (subject != "localhost" && subject != Environment.MachineName)
{
subjectAlternativeNames.Add(new GeneralName(GeneralName.DnsName, subject));
}
certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName.Id, false, new DerSequence(subjectAlternativeNames.ToArray()));
// Issuer
certificateGenerator.SetIssuerDN(new X509Name("CN=" + subject));
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, false, new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public)));
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Add basic constraint
certificateGenerator.AddExtension(X509Extensions.BasicConstraints.Id, true, new BasicConstraints(false));
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth));
// Signature Algorithm
const string signatureAlgorithm = "SHA256WithRSA";
var signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, subjectKeyPair.Private);
// self-signed certificate
var certificate = certificateGenerator.Generate(signatureFactory);
// corresponding private key
var info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
// merge into X509Certificate2
var x509 = new X509Certificate2(certificate.GetEncoded());
var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded());
if (seq.Count != 9)
{
// throw new PemException("malformed sequence in RSA private key");
}
var rsa = RsaPrivateKeyStructure.GetInstance(seq);
var rsaParams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
// This can throw CryptographicException in some cases. Catch above here and deal with it
// in the application level.
x509.PrivateKey = ToDotNetKey(rsaParams); // x509.PrivateKey = DotNetUtilities.ToRSA(rsaParams);
return(x509);
}
