/// <summary>
/// Construct from a subject key, subject name and issuer name.
/// </summary>
/// <param name="SubjectKey">Key that the certificate will authenticate.</param>
/// <param name="SubjectName">Subject name.</param>
public TBSCertificate(
KeyPair SubjectKey,
List<Name> SubjectName)
: this() {
SetValidity();
Subject = SubjectName;
var KeyPair = SubjectKey;
SubjectPublicKeyInfo = KeyPair.KeyInfoData;
}
/// <summary>
/// Sign the specified data with the specified key and construct
/// the corresponding JWS object.
/// </summary>
/// <param name="Data">Data to be signed</param>
/// <param name="SignatureKey">The signature key</param>
public JoseWebSignature(byte [] Data, KeyPair SignatureKey) {
Payload = Data;
var Signer = SignatureKey.SignatureProvider;
// if we wanted to change the digest provider
// Signer.DigestAlgorithm = CryptoAlgorithmID.SHA_2_256;
var PreHeader = new SignatureHeader(Signer);
// This isn't working right now because the code does not
// fetch the private key from the store.
Payload = Data;
Header = PreHeader.GetBytes(false);
var SignatureValue = Signer.Sign(Payload);
Signature = SignatureValue.Integrity;
}
/// <summary>
/// Create a certificate with the specified subject Key. Note that the template is
/// must be completed with calls to set validity etc. before use.
/// </summary>
/// <param name="SubjectKey">Cryptographic provider for the subject key.</param>
/// <param name="Application">Certificate application(s).</param>
/// <param name="Subject">Subject name.</param>
/// <param name="SubjectAltName">The certificate subject altname</param>
public Certificate(KeyPair SubjectKey, Application Application,
string Subject,
string SubjectAltName) {
_KeyPair = SubjectKey;
var SubjectName = new Name(Subject).ToList();
TBSCertificate = new TBSCertificate(SubjectKey, SubjectName);
TBSCertificate.SetProfile(Application);
TBSCertificate.SetSubjectAltName(SubjectAltName);
}
/// <summary>
/// Create a certificate with the specified subject Key. Note that the template is
/// must be completed with calls to set validity etc. before use.
/// </summary>
/// <param name="SubjectKey">Cryptographic provider for the subject key.</param>
/// <param name="Application">Certificate application(s).</param>
public Certificate(KeyPair SubjectKey, Application Application) {
_KeyPair = SubjectKey;
var SubjectName = new Name(SubjectKey).ToList();
TBSCertificate = new TBSCertificate(SubjectKey, SubjectName);
}
/// <summary>
/// Create an anonymous certificate with the specified key uses, subject Key and
/// sign with the specified key.
/// <para>
/// Default lifespan is 20 years.
/// </para>
/// </summary>
/// <param name="SubjectKey">Cryptographic provider for the subject key.</param>
/// <param name="Application">Certificate application(s).</param>
/// <param name="SigningCertificate">Certificate of signer.</param>
public Certificate(KeyPair SubjectKey, Application Application,
Certificate SigningCertificate) :
this(SubjectKey, Application) {
_UDF = SubjectKey.UDF;
TBSCertificate.SetValidity(20);
Sign(SigningCertificate);
this.Application = Application;
}
/// <summary>
/// Return the private portion of the keypair.
/// </summary>
/// <param name="KeyPair">The key pair.</param>
/// <returns>The private data.</returns>
public static Key GetPrivate(KeyPair KeyPair) {
if (KeyPair as RSAKeyPair != null) {
return new PrivateKeyRSA(KeyPair as RSAKeyPair);
}
return null;
}
/// <summary>
/// Verify the specified signature.
/// </summary>
/// <param name="UDF">The UDF of the purported signature verification key.</param>
/// <param name="Public">The public signature verification key.</param>
/// <returns>True if verification succeeds, otherwise false.</returns>
public bool Verify(string UDF, KeyPair Public) {
Throw.IfNot(UDF == Public.UDF, "Key does not match fingerprint");
return Verify(Public);
}
/// <summary>
/// Verify the keypair parameters match the fingerprint.
/// </summary>
/// <param name="TestUDF">The fingerprint value.</param>
/// <returns>true if the verification succeeds, false otherwise.</returns>
public bool Verify (string TestUDF) {
var KeyPair = GetKeyPair();
if (KeyPair.UDF == TestUDF) {
_KeyPair = KeyPair;
return true;
}
return false;
}
/// <summary>
/// Encrypt to the specified key of the specified profile.
/// </summary>
/// <param name="KeyPair">KeyPair for the recipient.</param>
public Recipient(KeyPair KeyPair) {
Header = new Header();
Header.kid = KeyPair.UDF;
}
/// <summary>
/// Return an encrypted key data entry for the specified encryption key.
/// </summary>
/// <param name="EncryptionKey">The key to use for encryption.</param>
/// <returns>The encrypted key data.</returns>
public byte[] EncryptKey(KeyPair EncryptionKey) {
var Exchange = EncryptionKey.ExchangeProviderEncrypt;
var Result = Exchange.Encrypt(CryptoData.Key);
//Trace.WriteHex("Key is ", CryptoData.Key);
return Result;
}
/// <summary>
/// Decrypt the content using the specified private key.
/// </summary>
/// <returns>The decrypted data</returns>
public byte[] Decrypt(KeyPair DecryptionKey) {
// Read the preheader, get the encryption algorithm
//var PreHeader = Header.From(Protected);
var Recipient = Find(DecryptionKey.UDF);
var Exchange = DecryptionKey.ExchangeProviderDecrypt;
CryptoData.Key = Exchange.Decrypt(Recipient.EncryptedKey);
//Trace.WriteHex("Decryption Key", CryptoData.Key);
CryptoData.IV = IV;
// get the IV
var Decryptor = CryptoCatalog.Default.GetEncryption(BulkAlgorithm);
// decrypt the data
var Result = Decryptor.Decrypt(CryptoData, CipherText);
return Result.Data;
}
/// <summary>
/// Add an entry for the specified key to the recipient list.
/// </summary>
/// <param name="EncryptionKey">The encryption key to create the
/// entry for.</param>
public void Add(KeyPair EncryptionKey) {
var Recipient = new Recipient(EncryptionKey);
//Trace.WriteLine("Create blob for {0}", EncryptionKey.UDF);
Recipient.EncryptedKey = EncryptKey(EncryptionKey);
//Trace.WriteHex("Created", Recipient.EncryptedKey);
Recipient.Header = new Header();
Recipient.Header.kid = EncryptionKey.UDF;
Add(Recipient);
return;
}
/// <summary>
/// Create a signed connection result.
/// </summary>
/// <param name="ConnectionResult">Data to sign.</param>
/// <param name="AdminKey">Signing key.</param>
public SignedConnectionResult(ConnectionResult ConnectionResult,
KeyPair AdminKey) {
var SignedDeviceProfile = ConnectionResult.Device;
var DeviceProfile = SignedDeviceProfile.Data;
Identifier = DeviceProfile.UDF;
SignedData = new JoseWebSignature(ConnectionResult.GetBytes(), AdminKey);
}
/// <summary>
/// Create a certificate with the specified subject Key. Note that the template is
/// must be completed with calls to set validity etc. before use.
/// </summary>
/// <param name="SubjectKey">Cryptographic provider for the subject key.</param>
/// <param name="Application">Certificate application(s).</param>
public Certificate(CryptoProvider SubjectKey, Application Application) {
_KeyPair = SubjectKey.KeyPair;
if (SubjectKey as CryptoProviderSignature != null) {
_CryptoProviderSignature = SubjectKey as CryptoProviderSignature;
}
if (SubjectKey as CryptoProviderExchange != null) {
_CryptoProviderExchange = SubjectKey as CryptoProviderExchange;
}
var SubjectName = new Name(SubjectKey).ToList();
TBSCertificate = new TBSCertificate(SubjectKey.KeyPair, SubjectName);
}
/// <summary>
/// Verify the specified signature.
/// </summary>
/// <param name="Public">The public signature verification key.</param>
/// <returns>True if verification succeeds, otherwise false.</returns>
public bool Verify(KeyPair Public) {
var Verifier = Public.VerificationProvider;
// unpack the header here.
// set digest here using alg parameter.
return Verifier.Verify(Payload, Signature);
}
/// <summary>
/// Create a certificate from binary data.
/// </summary>
/// <param name="Data">Binary certificate data</param>
public Certificate(byte[] Data) {
//Goedel.Debug.Trace.WriteLine(Convert.ToBase64String(Data));
_Data = Data;
var X509Cert = new X509Certificate2(Data);
_KeyPair = KeyPair.GetKeyPair(X509Cert.PublicKey.Key);
TBSCertificate = new TBSCertificate(X509Cert);
}
/// <summary>
/// Create name from the UDF fingerprint of a key.
/// </summary>
/// <param name="KeyPair">Key from which to create the fingerprint.</param>
public Name(KeyPair KeyPair) :
this(KeyPair.UDF) {
}