private void Empty (ExtendedKeyUsageExtension eku) { Assert.IsFalse (eku.Critical, "Critical"); Assert.AreEqual ("2.5.29.37", eku.Oid, "Oid"); Assert.IsNotNull (eku.Name, "Name"); Assert.IsFalse (eku.Name == eku.Oid, "Name!=Oid"); Assert.AreEqual (0, eku.KeyPurpose.Count, "KeyPurpose"); }
public void KeyPurpose_NotCritical () { ExtendedKeyUsageExtension eku = new ExtendedKeyUsageExtension (); foreach (string oid in CommonKeyPurposes) { eku.KeyPurpose.Clear (); eku.KeyPurpose.Add (oid); Assert.AreEqual ("30-13-06-03-55-1D-25-04-0C-30-0A-06-08-2B-06-01-05-05-07-03-0" + oid [oid.Length - 1].ToString (), BitConverter.ToString (eku.GetBytes ()), oid); } }
public static byte[] CreateClientCert(string subjectName, byte[] rootKey, byte[] rootCert) { if (!subjectName.StartsWith("CN=")) subjectName = "CN=" + subjectName; // Copy the root key since the PrivateKey constructor will blow away the data byte[] rootKeyCopy = new byte[rootKey.Length]; Buffer.BlockCopy(rootKey, 0, rootKeyCopy, 0, rootKey.Length); // Load the server's private key and certificate PrivateKey pvk = new PrivateKey(rootKeyCopy, null); RSA issuerKey = pvk.RSA; X509Certificate issuerCert = new X509Certificate(rootCert); // Serial number MUST be positive byte[] sn = Guid.NewGuid().ToByteArray(); if ((sn[0] & 0x80) == 0x80) sn[0] -= 0x80; ExtendedKeyUsageExtension eku = new ExtendedKeyUsageExtension(); eku.KeyPurpose.Add("1.3.6.1.5.5.7.3.2"); // Indicates the cert is intended for client auth // Generate a client certificate signed by the server root CA X509CertificateBuilder cb = new X509CertificateBuilder(3); cb.SerialNumber = sn; cb.IssuerName = issuerCert.IssuerName; cb.NotBefore = DateTime.Now; cb.NotAfter = new DateTime(643445675990000000); // 12/31/2039 23:59:59Z cb.SubjectName = subjectName; cb.SubjectPublicKey = issuerKey; cb.Hash = "SHA1"; cb.Extensions.Add(eku); byte[] clientCert = cb.Sign(issuerKey); // Generate a PKCS#12 file for the client containing the private key and certificate PKCS12 p12 = new PKCS12(); p12.Password = null; ArrayList list = new ArrayList(4); // We use a fixed array to avoid endianess issues // (in case some tools requires the ID to be 1). list.Add(new byte[] { 1, 0, 0, 0 }); Hashtable attributes = new Hashtable(1); attributes.Add(PKCS9.localKeyId, list); p12.AddCertificate(new X509Certificate(clientCert), attributes); p12.AddCertificate(issuerCert); p12.AddPkcs8ShroudedKeyBag(issuerKey, attributes); return p12.GetBytes(); }
public static void CreateRootCert(string issuer, out byte[] rootCert) { if (!issuer.StartsWith("CN=")) issuer = "CN=" + issuer; // Generate a new issuer key RSA issuerKey = (RSA)RSA.Create(); // Generate a private key PrivateKey key = new PrivateKey(); key.RSA = issuerKey; // Serial number MUST be positive byte[] sn = Guid.NewGuid().ToByteArray(); if ((sn[0] & 0x80) == 0x80) sn[0] -= 0x80; ExtendedKeyUsageExtension eku = new ExtendedKeyUsageExtension(); eku.KeyPurpose.Add("1.3.6.1.5.5.7.3.1"); // Indicates the cert is intended for server auth eku.KeyPurpose.Add("1.3.6.1.5.5.7.3.2"); // Indicates the cert is intended for client auth // Generate a self-signed certificate X509CertificateBuilder cb = new X509CertificateBuilder(3); cb.SerialNumber = sn; cb.IssuerName = issuer; cb.NotBefore = DateTime.Now; cb.NotAfter = new DateTime(643445675990000000); // 12/31/2039 23:59:59Z cb.SubjectName = issuer; cb.SubjectPublicKey = issuerKey; cb.Hash = "SHA1"; cb.Extensions.Add(eku); byte[] serverCert = cb.Sign(issuerKey); // Generate a PKCS#12 file containing the certificate and private key PKCS12 p12 = new PKCS12(); p12.Password = null; ArrayList list = new ArrayList(4); // We use a fixed array to avoid endianess issues // (in case some tools requires the ID to be 1). list.Add(new byte[] { 1, 0, 0, 0 }); Hashtable attributes = new Hashtable(1); attributes.Add(PKCS9.localKeyId, list); p12.AddCertificate(new X509Certificate(serverCert), attributes); p12.AddPkcs8ShroudedKeyBag(issuerKey, attributes); rootCert = p12.GetBytes(); }
internal MSX509.X509Certificate2 GetCertificate(string name) { List<X509Extension> extensions = new List<X509Extension>(); BasicConstraintsExtension constraints = new BasicConstraintsExtension(); constraints.CertificateAuthority = false; constraints.Critical = true; extensions.Add(constraints); KeyUsageExtension keyUsage = new KeyUsageExtension(); keyUsage.KeyUsage = KeyUsages.digitalSignature | KeyUsages.nonRepudiation | KeyUsages.keyEncipherment; extensions.Add(keyUsage); ExtendedKeyUsageExtension extendedUsage = new ExtendedKeyUsageExtension(); extendedUsage.KeyPurpose.Add("1.3.6.1.5.5.7.3.1"); extendedUsage.KeyPurpose.Add("1.3.6.1.5.5.7.3.2"); extensions.Add(extendedUsage); return CreateCertificate(name, extensions, GetRootCertificate(), state_.Config.X509.AuthorityName, MSX509.StoreName.My, state_.Config.X509.RootValidity); }
private bool CheckClientCertificateExtensions(X509Certificate cert) { KeyUsages ku = KeyUsages.digitalSignature | KeyUsages.keyEncipherment | KeyUsages.keyAgreement; KeyUsageExtension kux = null; ExtendedKeyUsageExtension eku = null; X509Extension xtn = cert.Extensions["2.5.29.15"]; if (xtn != null) kux = new KeyUsageExtension (xtn); xtn = cert.Extensions["2.5.29.37"]; if (xtn != null) eku = new ExtendedKeyUsageExtension (xtn); if ((kux != null) && (eku != null)) { // RFC3280 states that when both KeyUsageExtension and // ExtendedKeyUsageExtension are present then BOTH should // be valid return (kux.Support (ku) && eku.KeyPurpose.Contains ("1.3.6.1.5.5.7.3.2")); } else if (kux != null) { return kux.Support (ku); } else if (eku != null) { // Client Authentication (1.3.6.1.5.5.7.3.2) return eku.KeyPurpose.Contains ("1.3.6.1.5.5.7.3.2"); } // last chance - try with older (deprecated) Netscape extensions xtn = cert.Extensions["2.16.840.1.113730.1.1"]; if (xtn != null) { NetscapeCertTypeExtension ct = new NetscapeCertTypeExtension (xtn); return ct.Support (NetscapeCertTypeExtension.CertTypes.SslClient); } // certificate isn't valid for SSL client usage return false; }
public void Constructor_ASN1 () { ExtendedKeyUsageExtension ext = new ExtendedKeyUsageExtension (); ExtendedKeyUsageExtension eku = new ExtendedKeyUsageExtension (ext.ASN1); Empty (eku); }
public void Constructor_Empty () { ExtendedKeyUsageExtension eku = new ExtendedKeyUsageExtension (); Empty (eku); }
internal static bool VerifyKeyUsage (MX.X509Certificate certificate, KeyUsages keyUsages, string purpose) { if (certificate.Extensions == null) return true; KeyUsageExtension kux = null; ExtendedKeyUsageExtension eku = null; var xtn = certificate.Extensions [OidKeyUsage]; if (xtn != null) kux = new KeyUsageExtension (xtn); xtn = certificate.Extensions [OidExtendedKeyUsage]; if (xtn != null) eku = new ExtendedKeyUsageExtension (xtn); if ((kux != null) && (eku != null)) { // RFC3280 states that when both KeyUsageExtension and // ExtendedKeyUsageExtension are present then BOTH should // be valid if (!kux.Support (keyUsages)) return false; return eku.KeyPurpose.Contains (purpose); } else if (kux != null) { return kux.Support (keyUsages); } else if (eku != null) { return eku.KeyPurpose.Contains (purpose); } return true; }
// Note: this method only works for RSA certificates // DH certificates requires some changes - does anyone use one ? private bool checkCertificateUsage (X509Certificate cert) { ClientContext context = (ClientContext)this.Context; // certificate extensions are required for this // we "must" accept older certificates without proofs if (cert.Version < 3) return true; KeyUsages ku = KeyUsages.none; switch (context.Negotiating.Cipher.ExchangeAlgorithmType) { case ExchangeAlgorithmType.RsaSign: ku = KeyUsages.digitalSignature; break; case ExchangeAlgorithmType.RsaKeyX: ku = KeyUsages.keyEncipherment; break; case ExchangeAlgorithmType.DiffieHellman: ku = KeyUsages.keyAgreement; break; case ExchangeAlgorithmType.Fortezza: return false; // unsupported certificate type } KeyUsageExtension kux = null; ExtendedKeyUsageExtension eku = null; X509Extension xtn = cert.Extensions ["2.5.29.15"]; if (xtn != null) kux = new KeyUsageExtension (xtn); xtn = cert.Extensions ["2.5.29.37"]; if (xtn != null) eku = new ExtendedKeyUsageExtension (xtn); if ((kux != null) && (eku != null)) { // RFC3280 states that when both KeyUsageExtension and // ExtendedKeyUsageExtension are present then BOTH should // be valid if (!kux.Support (ku)) return false; return (eku.KeyPurpose.Contains ("1.3.6.1.5.5.7.3.1") || eku.KeyPurpose.Contains ("2.16.840.1.113730.4.1")); } else if (kux != null) { return kux.Support (ku); } else if (eku != null) { // Server Authentication (1.3.6.1.5.5.7.3.1) or // Netscape Server Gated Crypto (2.16.840.1.113730.4) return (eku.KeyPurpose.Contains ("1.3.6.1.5.5.7.3.1") || eku.KeyPurpose.Contains ("2.16.840.1.113730.4.1")); } // last chance - try with older (deprecated) Netscape extensions xtn = cert.Extensions ["2.16.840.1.113730.1.1"]; if (xtn != null) { NetscapeCertTypeExtension ct = new NetscapeCertTypeExtension (xtn); return ct.Support (NetscapeCertTypeExtension.CertTypes.SslServer); } // if the CN=host (checked later) then we assume this is meant for SSL/TLS // e.g. the new smtp.gmail.com certificate return true; }
static int Main (string[] args) { if (args.Length < 1) { Header (); Console.WriteLine ("ERROR: Missing output filename {0}", Environment.NewLine); Help (); return -1; } string fileName = args [args.Length - 1]; // default values byte[] sn = Guid.NewGuid ().ToByteArray (); string subject = defaultSubject; string issuer = defaultIssuer; DateTime notBefore = DateTime.Now; DateTime notAfter = new DateTime (643445675990000000); // 12/31/2039 23:59:59Z RSA issuerKey = (RSA)RSA.Create (); issuerKey.FromXmlString (MonoTestRootAgency); RSA subjectKey = (RSA)RSA.Create (); bool selfSigned = false; string hashName = "SHA1"; CspParameters subjectParams = new CspParameters (); CspParameters issuerParams = new CspParameters (); BasicConstraintsExtension bce = null; ExtendedKeyUsageExtension eku = null; SubjectAltNameExtension alt = null; string p12file = null; string p12pwd = null; X509Certificate issuerCertificate = null; Header(); try { int i=0; while (i < args.Length) { switch (args [i++]) { // Basic options case "-#": // Serial Number sn = BitConverter.GetBytes (Convert.ToInt32 (args [i++])); break; case "-n": // Subject Distinguish Name subject = args [i++]; break; case "-$": // (authenticode) commercial or individual // CRITICAL KeyUsageRestriction extension // hash algorithm string usageRestriction = args [i++].ToLower (); switch (usageRestriction) { case "commercial": case "individual": Console.WriteLine ("WARNING: Unsupported deprecated certification extension KeyUsageRestriction not included"); // Console.WriteLine ("WARNING: ExtendedKeyUsage for codesigning has been included."); break; default: Console.WriteLine ("Unsupported restriction " + usageRestriction); return -1; } break; // Extended Options case "-a": // hash algorithm switch (args [i++].ToLower ()) { case "sha1": hashName = "SHA1"; break; case "md5": Console.WriteLine ("WARNING: MD5 is no more safe for this usage."); hashName = "MD5"; break; default: Console.WriteLine ("Unsupported hash algorithm"); break; } break; case "-b": // Validity / notBefore notBefore = DateTime.Parse (args [i++] + " 23:59:59", CultureInfo.InvariantCulture); break; case "-cy": // basic constraints - autority or end-entity switch (args [i++].ToLower ()) { case "authority": if (bce == null) bce = new BasicConstraintsExtension (); bce.CertificateAuthority = true; break; case "end": // do not include extension bce = null; break; case "both": Console.WriteLine ("ERROR: No more supported in X.509"); return -1; default: Console.WriteLine ("Unsupported certificate type"); return -1; } break; case "-d": // CN private extension ? Console.WriteLine ("Unsupported option"); break; case "-e": // Validity / notAfter notAfter = DateTime.Parse (args [i++] + " 23:59:59", CultureInfo.InvariantCulture); break; case "-eku": // extendedKeyUsage extension char[] sep = { ',' }; string[] purposes = args [i++].Split (sep); if (eku == null) eku = new ExtendedKeyUsageExtension (); foreach (string purpose in purposes) { eku.KeyPurpose.Add (purpose); } break; case "-h": // pathLength (basicConstraints) // MS use an old basicConstrains (2.5.29.10) which // allows both CA and End-Entity. This is no // more supported with 2.5.29.19. if (bce == null) { bce = new BasicConstraintsExtension (); bce.CertificateAuthority = true; } bce.PathLenConstraint = Convert.ToInt32 (args [i++]); break; case "-alt": if (alt == null) { string [] dnsNames = File.ReadAllLines (args [i++]); alt = new SubjectAltNameExtension (null, dnsNames, null, null); } break; case "-ic": issuerCertificate = LoadCertificate (args [i++]); issuer = issuerCertificate.SubjectName; break; case "-in": issuer = args [i++]; break; case "-iv": // TODO password PrivateKey pvk = PrivateKey.CreateFromFile (args [i++]); issuerKey = pvk.RSA; break; case "-l": // link (URL) // spcSpAgencyInfo private extension Console.WriteLine ("Unsupported option"); break; case "-m": // validity period (in months) notAfter = notBefore.AddMonths (Convert.ToInt32 (args [i++])); break; case "-nscp": // Netscape's private extensions - NetscapeCertType // BasicContraints - End Entity Console.WriteLine ("Unsupported option"); break; case "-r": selfSigned = true; break; case "-sc": // subject certificate ? renew ? Console.WriteLine ("Unsupported option"); break; // Issuer CspParameters options case "-ik": issuerParams.KeyContainerName = args [i++]; break; case "-iky": // select a key in the provider string ikn = args [i++].ToLower (); switch (ikn) { case "signature": issuerParams.KeyNumber = 0; break; case "exchange": issuerParams.KeyNumber = 1; break; default: issuerParams.KeyNumber = Convert.ToInt32 (ikn); break; } break; case "-ip": issuerParams.ProviderName = args [i++]; break; case "-ir": switch (args [i++].ToLower ()) { case "localmachine": issuerParams.Flags = CspProviderFlags.UseMachineKeyStore; break; case "currentuser": issuerParams.Flags = CspProviderFlags.UseDefaultKeyContainer; break; default: Console.WriteLine ("Unknown key store for issuer"); return -1; } break; case "-is": Console.WriteLine ("Unsupported option"); return -1; case "-iy": issuerParams.ProviderType = Convert.ToInt32 (args [i++]); break; // Subject CspParameters Options case "-sk": subjectParams.KeyContainerName = args [i++]; break; case "-sky": // select a key in the provider string skn = args [i++].ToLower (); switch (skn) { case "signature": subjectParams.KeyNumber = 0; break; case "exchange": subjectParams.KeyNumber = 1; break; default: subjectParams.KeyNumber = Convert.ToInt32 (skn); break; } break; case "-sp": subjectParams.ProviderName = args [i++]; break; case "-sr": switch (args [i++].ToLower ()) { case "localmachine": subjectParams.Flags = CspProviderFlags.UseMachineKeyStore; break; case "currentuser": subjectParams.Flags = CspProviderFlags.UseDefaultKeyContainer; break; default: Console.WriteLine ("Unknown key store for subject"); return -1; } break; case "-ss": Console.WriteLine ("Unsupported option"); return -1; case "-sv": string pvkFile = args [i++]; if (File.Exists (pvkFile)) { PrivateKey key = PrivateKey.CreateFromFile (pvkFile); subjectKey = key.RSA; } else { PrivateKey key = new PrivateKey (); key.RSA = subjectKey; key.Save (pvkFile); } break; case "-sy": subjectParams.ProviderType = Convert.ToInt32 (args [i++]); break; // Mono Specific Options case "-p12": p12file = args [i++]; p12pwd = args [i++]; break; // Other options case "-?": Help (); return 0; case "-!": ExtendedHelp (); return 0; default: if (i != args.Length) { Console.WriteLine ("ERROR: Unknown parameter"); Help (); return -1; } break; } } // serial number MUST be positive if ((sn [0] & 0x80) == 0x80) sn [0] -= 0x80; if (selfSigned) { if (subject != defaultSubject) { issuer = subject; issuerKey = subjectKey; } else { subject = issuer; subjectKey = issuerKey; } } if (subject == null) throw new Exception ("Missing Subject Name"); X509CertificateBuilder cb = new X509CertificateBuilder (3); cb.SerialNumber = sn; cb.IssuerName = issuer; cb.NotBefore = notBefore; cb.NotAfter = notAfter; cb.SubjectName = subject; cb.SubjectPublicKey = subjectKey; // extensions if (bce != null) cb.Extensions.Add (bce); if (eku != null) cb.Extensions.Add (eku); if (alt != null) cb.Extensions.Add (alt); // signature cb.Hash = hashName; byte[] rawcert = cb.Sign (issuerKey); if (p12file == null) { WriteCertificate (fileName, rawcert); } else { PKCS12 p12 = new PKCS12 (); p12.Password = p12pwd; ArrayList list = new ArrayList (); // we use a fixed array to avoid endianess issues // (in case some tools requires the ID to be 1). list.Add (new byte [4] { 1, 0, 0, 0 }); Hashtable attributes = new Hashtable (1); attributes.Add (PKCS9.localKeyId, list); p12.AddCertificate (new X509Certificate (rawcert), attributes); if (issuerCertificate != null) p12.AddCertificate (issuerCertificate); p12.AddPkcs8ShroudedKeyBag (subjectKey, attributes); p12.SaveToFile (p12file); } Console.WriteLine ("Success"); return 0; } catch (Exception e) { Console.WriteLine ("ERROR: " + e.ToString ()); Help (); } return 1; }
bool ExtendedKeyUsage(MSX.PKCS12 pfx) { foreach (MSX.X509Certificate cert in pfx.Certificates) { MSX.X509Extension xtn = cert.Extensions ["2.5.29.37"]; if (xtn == null) continue; var eku = new ExtendedKeyUsageExtension (xtn); if (!eku.KeyPurpose.Contains ("1.3.6.1.5.5.7.3.1")) continue; key = GetKeyMatchingCertificate (pfx, cert); if (key == null) continue; x509 = new X509Certificate (cert.RawData); break; } // complete ? return ((x509 != null) && (key != null)); }
/// <summary> /// Generates an X509 certificate using the Mono.Security assembly. /// Potentially could prise out the relevant classes from the Mono /// source code in order to reduce plgx size and complexity... one day /// </summary> /// <param name="subject">The subject.</param> /// <param name="issuer">The issuer.</param> /// <returns></returns> public static PKCS12 Generate(string subject, string issuer, string password, KeePassRPCExt KeePassRPCPlugin) { byte[] sn = Guid.NewGuid().ToByteArray(); DateTime notBefore = DateTime.Now; DateTime notAfter = new DateTime(643445675990000000); // 12/31/2039 23:59:59Z subject = "CN=" + subject; issuer = "CN=" + issuer; RSA subjectKey = (RSA)RSA.Create(); RSA issuerKey = (RSA)RSA.Create(); subjectKey.KeySize = 2048; issuerKey.KeySize = 2048; string hashName = "SHA1"; CspParameters subjectParams = new CspParameters(); CspParameters issuerParams = new CspParameters(); // serial number MUST be positive if ((sn[0] & 0x80) == 0x80) sn[0] -= 0x80; //issuer = subject; //RSA issuerKey = subjectKey; if (subject == null) throw new Exception("Missing Subject Name"); X509CertificateBuilder cb = new X509CertificateBuilder(3); cb.SerialNumber = sn; cb.IssuerName = issuer; cb.NotBefore = notBefore; cb.NotAfter = notAfter; cb.SubjectName = subject; cb.SubjectPublicKey = subjectKey; cb.Hash = hashName; //X509 extensions KeyUsageExtension keyUsage = new KeyUsageExtension(); keyUsage.KeyUsage = KeyUsages.keyEncipherment | KeyUsages.digitalSignature; cb.Extensions.Add(keyUsage); ExtendedKeyUsageExtension extendedKeyUsage = new ExtendedKeyUsageExtension(); extendedKeyUsage.KeyPurpose.Add("1.3.6.1.5.5.7.3.1"); cb.Extensions.Add(extendedKeyUsage); byte[] rawcert = cb.Sign(issuerKey); PKCS12 p12 = new PKCS12(); p12.Password = password; ArrayList list = new ArrayList(); // we use a fixed array to avoid endianess issues // (in case some tools requires the ID to be 1). list.Add(new byte[4] { 1, 0, 0, 0 }); Hashtable attributes = new Hashtable(1); attributes.Add(PKCS9.localKeyId, list); p12.AddCertificate(new X509Certificate(rawcert), attributes); p12.AddPkcs8ShroudedKeyBag(subjectKey, attributes); /* if (Type.GetType("Mono.Runtime") != null) { string fileName = Path.Combine(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "KeePassRPC"), "cert.p12"); if (KeePassRPCPlugin.logger != null) KeePassRPCPlugin.logger.WriteLine(fileName); try { p12.SaveToFile(fileName); } catch (Exception) { if (KeePassRPCPlugin.logger != null) KeePassRPCPlugin.logger.WriteLine("Could not write to " + fileName + " security between KPRPC and clients may not be established."); } } return p12.GetBytes(); */ return p12; }
private bool checkCertificateUsage (X509Certificate cert) { ServerContext context = (ServerContext)this.Context; // certificate extensions are required for this // we "must" accept older certificates without proofs if (cert.Version < 3) return true; KeyUsages ku = KeyUsages.none; switch (context.Negotiating.Cipher.ExchangeAlgorithmType) { case ExchangeAlgorithmType.RsaSign: case ExchangeAlgorithmType.RsaKeyX: ku = KeyUsages.digitalSignature; break; case ExchangeAlgorithmType.DiffieHellman: ku = KeyUsages.keyAgreement; break; case ExchangeAlgorithmType.Fortezza: return false; // unsupported certificate type } KeyUsageExtension kux = null; ExtendedKeyUsageExtension eku = null; X509Extension xtn = cert.Extensions["2.5.29.15"]; if (xtn != null) kux = new KeyUsageExtension (xtn); xtn = cert.Extensions["2.5.29.37"]; if (xtn != null) eku = new ExtendedKeyUsageExtension (xtn); if ((kux != null) && (eku != null)) { // RFC3280 states that when both KeyUsageExtension and // ExtendedKeyUsageExtension are present then BOTH should // be valid return (kux.Support (ku) && eku.KeyPurpose.Contains ("1.3.6.1.5.5.7.3.2")); } else if (kux != null) { return kux.Support (ku); } else if (eku != null) { // Client Authentication (1.3.6.1.5.5.7.3.2) return eku.KeyPurpose.Contains ("1.3.6.1.5.5.7.3.2"); } // last chance - try with older (deprecated) Netscape extensions xtn = cert.Extensions["2.16.840.1.113730.1.1"]; if (xtn != null) { NetscapeCertTypeExtension ct = new NetscapeCertTypeExtension (xtn); return ct.Support (NetscapeCertTypeExtension.CertTypes.SslClient); } // certificate isn't valid for SSL server usage return false; }
static void Main(string[] args) { var assembly = Assembly.GetExecutingAssembly(); var title = (AssemblyTitleAttribute)Attribute.GetCustomAttribute(assembly, typeof(AssemblyTitleAttribute)); Console.WriteLine("{0} version {1}", title.Title, assembly.GetName().Version); var copyright = (AssemblyCopyrightAttribute)Attribute.GetCustomAttribute(assembly, typeof(AssemblyCopyrightAttribute)); Console.WriteLine(copyright.Copyright); Console.WriteLine("More information can be found at https://Jexus.codeplex.com"); Console.WriteLine(); var baseAddress = args.Length > 0 ? args[0] : "https://*****:*****@"Remote services must be run as root on Linux."); return; } if (!File.Exists("jws")) { Console.WriteLine(@"Remote services must be running in Jexus installation folder."); return; } var loc = baseAddress.LastIndexOf(':'); var port = "443"; if (loc != -1) { port = baseAddress.Substring(loc + 1); } string dirname = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData); string path = Path.Combine(dirname, ".mono", "httplistener"); if (false == Directory.Exists(path)) { Directory.CreateDirectory(path); } string target_cert = Path.Combine(path, string.Format("{0}.cer", port)); if (File.Exists(target_cert)) { Console.WriteLine("Use {0}", target_cert); } else { Console.WriteLine("Generating a self-signed certificate for Jexus Manager"); // Generate certificate string defaultIssuer = "CN=jexus.lextudio.com"; string defaultSubject = "CN=jexus.lextudio.com"; byte[] sn = Guid.NewGuid().ToByteArray(); string subject = defaultSubject; string issuer = defaultIssuer; DateTime notBefore = DateTime.Now; DateTime notAfter = new DateTime(643445675990000000); // 12/31/2039 23:59:59Z RSA issuerKey = new RSACryptoServiceProvider(2048); RSA subjectKey = null; bool selfSigned = true; string hashName = "SHA1"; CspParameters subjectParams = new CspParameters(); CspParameters issuerParams = new CspParameters(); BasicConstraintsExtension bce = new BasicConstraintsExtension { PathLenConstraint = BasicConstraintsExtension.NoPathLengthConstraint, CertificateAuthority = true }; ExtendedKeyUsageExtension eku = new ExtendedKeyUsageExtension(); eku.KeyPurpose.Add("1.3.6.1.5.5.7.3.1"); SubjectAltNameExtension alt = null; string p12file = Path.Combine(path, "temp.pfx"); string p12pwd = "test"; // serial number MUST be positive if ((sn[0] & 0x80) == 0x80) sn[0] -= 0x80; if (selfSigned) { if (subject != defaultSubject) { issuer = subject; issuerKey = subjectKey; } else { subject = issuer; subjectKey = issuerKey; } } if (subject == null) throw new Exception("Missing Subject Name"); X509CertificateBuilder cb = new X509CertificateBuilder(3); cb.SerialNumber = sn; cb.IssuerName = issuer; cb.NotBefore = notBefore; cb.NotAfter = notAfter; cb.SubjectName = subject; cb.SubjectPublicKey = subjectKey; // extensions if (bce != null) cb.Extensions.Add(bce); if (eku != null) cb.Extensions.Add(eku); if (alt != null) cb.Extensions.Add(alt); IDigest digest = new Sha1Digest(); byte[] resBuf = new byte[digest.GetDigestSize()]; var spki = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(DotNetUtilities.GetRsaPublicKey(issuerKey)); byte[] bytes = spki.PublicKeyData.GetBytes(); digest.BlockUpdate(bytes, 0, bytes.Length); digest.DoFinal(resBuf, 0); cb.Extensions.Add(new SubjectKeyIdentifierExtension { Identifier = resBuf }); cb.Extensions.Add(new AuthorityKeyIdentifierExtension { Identifier = resBuf }); // signature cb.Hash = hashName; byte[] rawcert = cb.Sign(issuerKey); PKCS12 p12 = new PKCS12(); p12.Password = p12pwd; ArrayList list = new ArrayList(); // we use a fixed array to avoid endianess issues // (in case some tools requires the ID to be 1). list.Add(new byte[4] { 1, 0, 0, 0 }); Hashtable attributes = new Hashtable(1); attributes.Add(PKCS9.localKeyId, list); p12.AddCertificate(new Mono.Security.X509.X509Certificate(rawcert), attributes); p12.AddPkcs8ShroudedKeyBag(subjectKey, attributes); p12.SaveToFile(p12file); var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(p12file, p12pwd, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable); // Install certificate string target_pvk = Path.Combine(path, string.Format("{0}.pvk", port)); using (Stream cer = File.OpenWrite(target_cert)) { byte[] raw = x509.RawData; cer.Write(raw, 0, raw.Length); } PrivateKey pvk = new PrivateKey(); pvk.RSA = subjectKey; pvk.Save(target_pvk); } } JexusServer.Credentials = args.Length > 2 ? args[1] + "|" + args[2] : "jexus|lextudio.com"; JexusServer.Timeout = args.Length > 3 ? double.Parse(args[3]) : 30D; using (WebApp.Start<Startup>(url: baseAddress)) { Console.WriteLine("Remote services have started at {0}.", baseAddress); Console.WriteLine("Credentials is {0}", JexusServer.Credentials); Console.WriteLine("Press Enter to quit."); Console.ReadLine(); } }