public static void ProvisionKeyInPrincipalDatabase( BigIntegerRSAPublicKey serverPublicKey, string host, int port, BigIntegerRSAPublicKey keyToProvision, X509Certificate2 clientCert) { var aclDatabaseEntity = new BogusAuthorizeCouchDocument(keyToProvision); var couchClient = GetCouchClient(serverPublicKey, host, port, clientCert); var principalDatabase = couchClient.GetDatabase(ThaliCryptoUtilities.KeyDatabaseName); var getResult = principalDatabase.GetDocument( BogusAuthorizeCouchDocument.GenerateRsaKeyId(keyToProvision)); if (getResult == null) { var createResult = principalDatabase.CreateDocument(aclDatabaseEntity); if (createResult.StatusCode < 200 || createResult.StatusCode > 299) { throw new ApplicationException("Could not successfully put client's credentials in ACL Store: " + createResult.StatusCode); } } }
private static BigIntegerRSAPublicKey ThaliServerCertificateValidationCallback( X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { if (certificate == null || (sslPolicyErrors & SslPolicyErrors.RemoteCertificateNotAvailable) != 0) { throw new ApplicationException(); } if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) != 0) { const X509ChainStatusFlags AcceptableCertChainErrors = X509ChainStatusFlags.UntrustedRoot | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation | X509ChainStatusFlags.NoError; if ( chain.ChainStatus.Any( chainStatus => (chainStatus.Status | AcceptableCertChainErrors) != AcceptableCertChainErrors)) { throw new ApplicationException(); } } // TODO: Actually prove that the last entry in the chain is the root var x509Certv2 = chain.ChainElements[chain.ChainElements.Count - 1].Certificate; var serverPublicKeyParameters = ((RSACryptoServiceProvider)x509Certv2.PublicKey.Key).ExportParameters(false); var serverPresentedRsaKey = new BigIntegerRSAPublicKey(serverPublicKeyParameters); return(serverPresentedRsaKey); }
/// <summary> /// Creates a HttpKeyUri /// </summary> /// <param name="serverPublicKey"></param> /// <param name="host"></param> /// <param name="port"></param> /// <param name="absolutePath">Expected to start with a /</param> /// <param name="extraValue">Queries should start with ? and fragments with #</param> /// <returns></returns> public static HttpKeyUri BuildHttpKeyUri(BigIntegerRSAPublicKey serverPublicKey, string host, int port, string absolutePath, string extraValue) { Debug.Assert(string.IsNullOrWhiteSpace(host) == false && (string.IsNullOrEmpty(absolutePath) || absolutePath[0] == '/')); var modulusAndExponent = serverPublicKey.GetModulusAndExponentAsString(); string httpKeyAbsolutePath = "/" + RsaKeyType + ":" + modulusAndExponent.Item2 + "." + modulusAndExponent.Item1 + absolutePath; return new HttpKeyUri(new UriBuilder(HttpKeySchemeName, host, port, httpKeyAbsolutePath, extraValue).ToString()); }
public static CouchClient GetCouchClient(BigIntegerRSAPublicKey serverPublicKey, string host, int port, X509Certificate2 clientCert) { var configWebRequest = new ThaliConfigWebRequest(serverPublicKey, clientCert); return(new CouchClient( host, port, null, null, true, AuthenticationType.Cookie, configWebRequest)); }
/// <summary> /// Creates a HttpKeyUri /// </summary> /// <param name="serverPublicKey"></param> /// <param name="host"></param> /// <param name="port"></param> /// <param name="absolutePath">Expected to start with a /</param> /// <param name="extraValue">Queries should start with ? and fragments with #</param> /// <returns></returns> public static HttpKeyUri BuildHttpKeyUri(BigIntegerRSAPublicKey serverPublicKey, string host, int port, string absolutePath, string extraValue) { Debug.Assert(string.IsNullOrWhiteSpace(host) == false && (string.IsNullOrEmpty(absolutePath) || absolutePath[0] == '/')); var modulusAndExponent = serverPublicKey.GetModulusAndExponentAsString(); string httpKeyAbsolutePath = "/" + RsaKeyType + ":" + modulusAndExponent.Item2 + "." + modulusAndExponent.Item1 + absolutePath; return(new HttpKeyUri(new UriBuilder(HttpKeySchemeName, host, port, httpKeyAbsolutePath, extraValue).ToString())); }
public BogusAuthorizeCouchDocument(BigIntegerRSAPublicKey publicKey) { Id = GenerateRsaKeyId(publicKey); var modulusAndExponent = publicKey.GetModulusAndExponentAsString(); modulus = modulusAndExponent.Item1; exponent = modulusAndExponent.Item2; keyType = RSAKeyType; }
public BogusAuthorizeCouchDocument(BigIntegerRSAPublicKey publicKey) { Id = GenerateRsaKeyId(publicKey); var modulusAndExponent = publicKey.GetModulusAndExponentAsString(); modulus = modulusAndExponent.Item1; exponent = modulusAndExponent.Item2; keyType = RSAKeyType; }
protected HttpKeyUri(string httpKeyUrlString) : base(httpKeyUrlString) { if (HttpKeySchemeName.Equals(this.Scheme, StringComparison.Ordinal) == false) { throw new ArgumentException("Scheme must be" + HttpKeySchemeName + " and not " + this.Scheme); } var publicKeyAndPath = ExtractKeyAndPath(this.AbsolutePath); this.ServerPublicKey = GenerateServerPublicKey(publicKeyAndPath.Item1); this.PathWithoutPublicKey = publicKeyAndPath.Item2; }
/// <summary> /// Generates a server certificate validator for web requests involving Thali servers /// </summary> /// <param name="expectedServerRsaKey"></param> /// <returns></returns> private static RemoteCertificateValidationCallback ServerCertificateValidationCallbackGenerator( BigIntegerRSAPublicKey expectedServerRsaKey) { return((sender, certificate, chain, sslPolicyErrors) => { var serverPresentedRsaKey = ThaliServerCertificateValidationCallback( certificate, chain, sslPolicyErrors); return serverPresentedRsaKey.Equals(expectedServerRsaKey); }); }
protected HttpKeyUri(string httpKeyUrlString) : base(httpKeyUrlString) { if (HttpKeySchemeName.Equals(this.Scheme, StringComparison.Ordinal) == false) { throw new ArgumentException("Scheme must be" + HttpKeySchemeName + " and not " + this.Scheme); } var publicKeyAndPath = ExtractKeyAndPath(this.AbsolutePath); this.ServerPublicKey = GenerateServerPublicKey(publicKeyAndPath.Item1); this.PathWithoutPublicKey = publicKeyAndPath.Item2; }
public void TestKeyStoreMethods() { var keyPair = ThaliCryptoUtilities.GenerateThaliAcceptablePublicPrivateKeyPair(); var keyStoreBinary = ThaliCryptoUtilities.CreatePKCS12KeyStoreWithPublicPrivateKeyPair(keyPair, ThaliCryptoUtilities.DefaultPassPhrase); var x509cert = ThaliCryptoUtilities.GetX509Certificate(keyStoreBinary, ThaliCryptoUtilities.DefaultPassPhrase); var retrievedKeyParams = ((RSACryptoServiceProvider)x509cert.PrivateKey).ExportParameters(true); var originalBigIntegerRsaPublicKey = new BigIntegerRSAPublicKey((RsaKeyParameters)keyPair.Public); var retrievedBigIntegerRsaPublicKey = new BigIntegerRSAPublicKey(retrievedKeyParams); Assert.IsTrue(originalBigIntegerRsaPublicKey.Equals(retrievedBigIntegerRsaPublicKey)); var originalKeyParams = (RsaPrivateCrtKeyParameters)keyPair.Private; Assert.IsTrue( originalKeyParams.DP.Equals(new BigInteger(1, retrievedKeyParams.DP)) && originalKeyParams.DQ.Equals(new BigInteger(1, retrievedKeyParams.DQ)) && originalKeyParams.P.Equals(new BigInteger(1, retrievedKeyParams.P)) && originalKeyParams.Q.Equals(new BigInteger(1, retrievedKeyParams.Q))); }
/// <summary> /// Connects to a server and returns its root public key value. /// </summary> /// <param name="host">Server's host, an IP or DNS address</param> /// <param name="port">Server's port</param> /// <param name="clientCertificate">A, possibly null, cert to use to authenticate the client</param> /// <returns>Returns the server key if it can be retrieved, otherwise throw an exception</returns> public static BigIntegerRSAPublicKey GetServersRootPublicKey(string host, int port, X509Certificate2 clientCertificate) { Debug.Assert(string.IsNullOrWhiteSpace(host) == false && port >= MinimumTCPPortValue && port <= MaximumTCPPortValue); var serverUri = new UriBuilder(HttpsScheme, host, port).Uri; var httpWebRequest = WebRequest.CreateHttp(serverUri); BigIntegerRSAPublicKey serverRsaPublicKey = null; httpWebRequest.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => { serverRsaPublicKey = ThaliServerCertificateValidationCallback(certificate, chain, sslPolicyErrors); return(true); }; if (clientCertificate != null) { httpWebRequest.ClientCertificates.Add(clientCertificate); } httpWebRequest.Method = "GET"; httpWebRequest.GetResponse().Close(); return(serverRsaPublicKey); }
public ThaliConfigWebRequest(BigIntegerRSAPublicKey serverKey, X509Certificate2 clientCert) { Debug.Assert(clientCert != null); this.serverKey = serverKey; this.clientCert = clientCert; }
public Boolean Equals(BigIntegerRSAPublicKey value) { return this.modulus.Equals(value.modulus) && this.exponent.Equals(value.exponent); }
/// <summary> /// Enterprise in the public key database MUST have IDs of the following form of their entries won't be found /// when the server does a lookup /// </summary> /// <param name="publicKey"></param> /// <returns></returns> public static string GenerateRsaKeyId(BigIntegerRSAPublicKey publicKey) { var modulusAndExponent = publicKey.GetModulusAndExponentAsString(); return RSAKeyType + ":" + modulusAndExponent.Item1 + ":" + modulusAndExponent.Item2; }
/// <summary> /// Generates a server certificate validator for web requests involving Thali servers /// </summary> /// <param name="expectedServerRsaKey"></param> /// <returns></returns> private static RemoteCertificateValidationCallback ServerCertificateValidationCallbackGenerator( BigIntegerRSAPublicKey expectedServerRsaKey) { return (sender, certificate, chain, sslPolicyErrors) => { var serverPresentedRsaKey = ThaliServerCertificateValidationCallback( certificate, chain, sslPolicyErrors); return serverPresentedRsaKey.Equals(expectedServerRsaKey); }; }
public Boolean Equals(BigIntegerRSAPublicKey value) { return(this.modulus.Equals(value.modulus) && this.exponent.Equals(value.exponent)); }
private static BigIntegerRSAPublicKey ThaliServerCertificateValidationCallback( X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { if (certificate == null || (sslPolicyErrors & SslPolicyErrors.RemoteCertificateNotAvailable) != 0) { throw new ApplicationException(); } if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) != 0) { const X509ChainStatusFlags AcceptableCertChainErrors = X509ChainStatusFlags.UntrustedRoot | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation | X509ChainStatusFlags.NoError; if ( chain.ChainStatus.Any( chainStatus => (chainStatus.Status | AcceptableCertChainErrors) != AcceptableCertChainErrors)) { throw new ApplicationException(); } } // TODO: Actually prove that the last entry in the chain is the root var x509Certv2 = chain.ChainElements[chain.ChainElements.Count - 1].Certificate; var serverPublicKeyParameters = ((RSACryptoServiceProvider)x509Certv2.PublicKey.Key).ExportParameters(false); var serverPresentedRsaKey = new BigIntegerRSAPublicKey(serverPublicKeyParameters); return serverPresentedRsaKey; }
public bool Equals(BigIntegerRSAPublicKey value) { return this.Modulus.Equals(value.Modulus) && this.Exponent.Equals(value.Exponent); }
public static void ProvisionThaliClient(BigIntegerRSAPublicKey serverPublicKey, string host, int port, X509Certificate2 clientCert) { var clientPublicKey = new BigIntegerRSAPublicKey(clientCert); ProvisionKeyInPrincipalDatabase(serverPublicKey, host, port, clientPublicKey, clientCert); }
public ThaliConfigWebRequest(BigIntegerRSAPublicKey serverKey, X509Certificate2 clientCert) { Debug.Assert(clientCert != null); this.serverKey = serverKey; this.clientCert = clientCert; }
public static CouchClient GetCouchClient(BigIntegerRSAPublicKey serverPublicKey, string host, int port, X509Certificate2 clientCert) { var configWebRequest = new ThaliConfigWebRequest(serverPublicKey, clientCert); return new CouchClient( host, port, null, null, true, AuthenticationType.Cookie, configWebRequest); }
/// <summary> /// Enterprise in the public key database MUST have IDs of the following form of their entries won't be found /// when the server does a lookup /// </summary> /// <param name="publicKey"></param> /// <returns></returns> public static string GenerateRsaKeyId(BigIntegerRSAPublicKey publicKey) { var modulusAndExponent = publicKey.GetModulusAndExponentAsString(); return(RSAKeyType + ":" + modulusAndExponent.Item1 + ":" + modulusAndExponent.Item2); }
public static void ProvisionThaliClient(BigIntegerRSAPublicKey serverPublicKey, string host, int port, X509Certificate2 clientCert) { var clientPublicKey = new BigIntegerRSAPublicKey(clientCert); ProvisionKeyInPrincipalDatabase(serverPublicKey, host, port, clientPublicKey, clientCert); }
public bool Equals(BigIntegerRSAPublicKey value) { return(this.Modulus.Equals(value.Modulus) && this.Exponent.Equals(value.Exponent)); }
public static void ProvisionKeyInPrincipalDatabase( BigIntegerRSAPublicKey serverPublicKey, string host, int port, BigIntegerRSAPublicKey keyToProvision, X509Certificate2 clientCert) { var aclDatabaseEntity = new BogusAuthorizeCouchDocument(keyToProvision); var couchClient = GetCouchClient(serverPublicKey, host, port, clientCert); var principalDatabase = couchClient.GetDatabase(ThaliCryptoUtilities.KeyDatabaseName); var getResult = principalDatabase.GetDocument( BogusAuthorizeCouchDocument.GenerateRsaKeyId(keyToProvision)); if (getResult == null) { var createResult = principalDatabase.CreateDocument(aclDatabaseEntity); if (createResult.StatusCode < 200 || createResult.StatusCode > 299) { throw new ApplicationException("Could not successfully put client's credentials in ACL Store: " + createResult.StatusCode); } } }