public DefaultHmac(ReadOnlySpan <byte> key, HashAlgorithmName name)
{
_hasher = IncrementalHash.CreateHMAC(name, key);
Name = name.ToString() switch
{
@"MD5" => @"HMAC-MD5",
@"SHA1" => @"HMAC-SHA-1",
@"SHA256" => @"HMAC-SHA-256",
@"SHA384" => @"HMAC-SHA-384",
@"SHA512" => @"HMAC-SHA-512",
_ => name.ToString()
};
}
/// <summary>
/// Computes the hash of the string using the specified algorithm.
/// </summary>
/// <param name="value">The string which's hash to compute.</param>
/// <param name="algorithm">The hash algorithm to use for computing the hash.</param>
/// <returns>Returns the hash value as byte-array.</returns>
public static byte[] ComputeHash(this string value, HashAlgorithmName algorithm)
{
using var implementation = HashAlgorithm.Create(algorithm.ToString());
var bytes = Encoding.UTF8.GetBytes(value);
return(implementation.ComputeHash(bytes));
}
public CertificateOutputViewModel(byte[] signature, byte[] data, byte[] key, HashAlgorithmName hash,
SymmetricAlgorithmName sym, SymmetricAlgorithmKey symKey, AsymmetricAlgorithmName alg,
AsymmetricAlgorithmKey algKey, string file)
{
this.Description = "Certificate";
this.EnvelopeData = Convert.ToBase64String(data);
this.EnvelopeCryptKey = key.ConvertToHex();
this.Signature = signature.ConvertToHex();
this.Methods = new List <string>()
{
hash.ToString(),
sym.ToString(),
alg.ToString()
};
this.Method = string.Join("\n", Methods);
this.KeyLengths = new List <string>()
{
"",
((int)symKey).ToString("X"), // hex
((int)algKey).ToString("X") // hex
};
this.KeyLength = string.Join("\n", KeyLengths);
this.FileName = file;
}
public ScramShaMechanism(
UsernamePasswordCredential credential,
HashAlgorithmName hashAlgorithmName,
IRandomStringGenerator randomStringGenerator,
H h,
Hi hi,
Hmac hmac)
{
_credential = Ensure.IsNotNull(credential, nameof(credential));
_h = h;
_hi = hi;
_hmac = hmac;
if (!hashAlgorithmName.ToString().StartsWith("SHA"))
{
throw new ArgumentException("Must specify a SHA algorithm.");
}
_name = $"SCRAM-SHA-{hashAlgorithmName.ToString().Substring(3)}";
_randomStringGenerator = Ensure.IsNotNull(randomStringGenerator, nameof(randomStringGenerator));
}
public static string GetBankingSignature(this string dataToSign, string privateKey, HashAlgorithmName hashAlgorithmName)
{
var csp = new RSACryptoServiceProvider(2048);
csp.FromXmlStringEx(privateKey);
var inputBytes = Encoding.UTF8.GetBytes(dataToSign);
var signatureBytes = csp.SignData(inputBytes, hashAlgorithmName.ToString());
return(Convert.ToBase64String(signatureBytes));
}
public SignatureOutputViewModel(byte[] signature, HashAlgorithmName hash, AsymmetricAlgorithmName alg,
AsymmetricAlgorithmKey algKey, string file)
{
this.Description = "Signature";
this.Signature = signature.ConvertToHex();
this.Methods = new List <string>()
{
hash.ToString(),
alg.ToString()
};
this.Method = string.Join("\n", Methods);
this.KeyLengths = new List <string>()
{
"0A",
((int)algKey).ToString("X") // hex
};
this.KeyLength = string.Join("\n", KeyLengths);
this.FileName = file;
}
private static void X509Certificate2ToString(X509Certificate2 cert, StringBuilder certStringBuilder, HashAlgorithmName fingerprintAlgorithm, string indentation)
{
var certificateFingerprint = GetHashString(cert, fingerprintAlgorithm);
certStringBuilder.AppendLine($"{indentation}{string.Format(CultureInfo.CurrentCulture, Strings.CertUtilityCertificateSubjectName, cert.Subject)}");
certStringBuilder.AppendLine($"{indentation}{string.Format(CultureInfo.CurrentCulture, Strings.CertUtilityCertificateHashSha1, cert.Thumbprint)}");
certStringBuilder.AppendLine($"{indentation}{string.Format(CultureInfo.CurrentCulture, Strings.CertUtilityCertificateHash, fingerprintAlgorithm.ToString(), certificateFingerprint)}");
certStringBuilder.AppendLine($"{indentation}{string.Format(CultureInfo.CurrentCulture, Strings.CertUtilityCertificateIssuer, cert.IssuerName.Name)}");
certStringBuilder.AppendLine($"{indentation}{string.Format(CultureInfo.CurrentCulture, Strings.CertUtilityCertificateValidity, cert.NotBefore, cert.NotAfter)}");
}
/// <summary>
/// Converts a X509Certificate2 to a collection of log messages for various verbosity levels -
/// Subject Name: CN=name
/// SHA1 hash: hash
/// Issued by: CN=issuer
/// Valid from: issue date time to expiry date time in local time
/// </summary>
/// <param name="cert">X509Certificate2 to be converted to string.</param>
/// <param name="fingerprintAlgorithm">Algorithm used to calculate certificate fingerprint</param>
/// <returns>string representation of the X509Certificate2.</returns>
internal static IReadOnlyList <SignatureLog> X509Certificate2ToLogMessages(X509Certificate2 cert, HashAlgorithmName fingerprintAlgorithm, string indentation = " ")
{
var certificateFingerprint = GetHashString(cert, fingerprintAlgorithm);
var issues = new List <SignatureLog>();
issues.Add(SignatureLog.MinimalLog($"{indentation}{string.Format(CultureInfo.CurrentCulture, Strings.CertUtilityCertificateSubjectName, cert.Subject)}"));
issues.Add(SignatureLog.InformationLog($"{indentation}{string.Format(CultureInfo.CurrentCulture, Strings.CertUtilityCertificateHashSha1, cert.Thumbprint)}"));
issues.Add(SignatureLog.MinimalLog($"{indentation}{string.Format(CultureInfo.CurrentCulture, Strings.CertUtilityCertificateHash, fingerprintAlgorithm.ToString(), certificateFingerprint)}"));
issues.Add(SignatureLog.InformationLog($"{indentation}{string.Format(CultureInfo.CurrentCulture, Strings.CertUtilityCertificateIssuer, cert.IssuerName.Name)}"));
issues.Add(SignatureLog.MinimalLog($"{indentation}{string.Format(CultureInfo.CurrentCulture, Strings.CertUtilityCertificateValidity, cert.NotBefore, cert.NotAfter)}"));
return(issues);
}
public static String SignHash(string data, HashAlgorithmName algorithmName, X509Certificate2 cert, OutputDataType datatype)
{
byte[] bData, bHash, bResult;
HashAlgorithm ha = GetHashAlgorithm(algorithmName);
bData = UnicodeEncoding.UTF8.GetBytes(data);
bHash = ha.ComputeHash(bData);
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PrivateKey;
bResult = rsa.SignHash(bHash, CryptoConfig.MapNameToOID(algorithmName.ToString()));
return ToString(bResult, datatype);
}
/// <summary>
/// Updates the certificate list of a trusted signer by adding the given certificate.
/// If the signer does not exists it creates a new one.
/// </summary>
/// <remarks>This method defaults to adding a trusted author if the signer doesn't exist.</remarks>
/// <param name="name">Name of the trusted author.</param>
/// <param name="fingerprint">Fingerprint to be added to the certificate entry.</param>
/// <param name="hashAlgorithm">Hash algorithm used to calculate <paramref name="fingerprint"/>.</param>
/// <param name="allowUntrustedRoot">Specifies if allowUntrustedRoot should be set to true in the certificate entry.</param>
public void AddOrUpdateTrustedSigner(string name, string fingerprint, HashAlgorithmName hashAlgorithm, bool allowUntrustedRoot)
{
if (string.IsNullOrEmpty(name))
{
throw new ArgumentException(Strings.ArgumentCannotBeNullOrEmpty, nameof(name));
}
if (string.IsNullOrEmpty(fingerprint))
{
throw new ArgumentException(Strings.ArgumentCannotBeNullOrEmpty, nameof(fingerprint));
}
if (!Enum.IsDefined(typeof(HashAlgorithmName), hashAlgorithm) || hashAlgorithm == HashAlgorithmName.Unknown)
{
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Strings.UnsupportedHashAlgorithm, hashAlgorithm.ToString()));
}
var certificateToAdd = new CertificateItem(fingerprint, hashAlgorithm, allowUntrustedRoot);
TrustedSignerItem signerToAdd = null;
var signers = _trustedSignersProvider.GetTrustedSigners();
foreach (var existingSigner in signers)
{
if (string.Equals(existingSigner.Name, name, StringComparison.Ordinal))
{
signerToAdd = existingSigner;
break;
}
}
string logMessage = null;
if (signerToAdd == null)
{
signerToAdd = new AuthorItem(name, certificateToAdd);
logMessage = Strings.SuccessfullyAddedTrustedAuthor;
}
else
{
signerToAdd.Certificates.Add(certificateToAdd);
logMessage = Strings.SuccessfullUpdatedTrustedSigner;
}
_trustedSignersProvider.AddOrUpdateTrustedSigner(signerToAdd);
_logger.Log(LogLevel.Information, string.Format(CultureInfo.CurrentCulture, logMessage, name));
}
private PackageVerificationResult VerifyAllowList(ISignedPackageReader package, Signature signature, SignedPackageVerifierSettings settings)
{
var status = SignatureVerificationStatus.Trusted;
var issues = new List <SignatureLog>();
if (_allowList.Count() > 0 && !IsSignatureAllowed(signature))
{
status = SignatureVerificationStatus.Invalid;
issues.Add(SignatureLog.Issue(fatal: true, code: NuGetLogCode.NU3003, message: string.Format(CultureInfo.CurrentCulture, Strings.Error_NoMatchingCertificate, _fingerprintAlgorithm.ToString())));
}
return(new SignedPackageVerificationResult(status, signature, issues));
}
