public void LoadCertificateFromPem(Stream stream)
{
if (stream == null)
{
throw new ArgumentNullException(nameof(stream));
}
var chain = new List <byte[]>();
var reader = new PemReader(new StreamReader(stream));
var pem = reader.ReadPemObject();
while (pem != null)
{
if (pem.Type.EndsWith("CERTIFICATE"))
{
chain.Add(pem.Content);
}
else if (pem.Type.EndsWith("PRIVATE KEY"))
{
this._PrivateKey = Certificates.GetPrivateKeyFromPEM(pem);
}
pem = reader.ReadPemObject();
}
this._Certificate = new Certificate
{
CertChain = chain,
CertificateType = TCertificateType.X509
};
}
public static string GetSignature(DateTime dateTime, string cfInstanceCertContent, string roleName, string cfInstanceKeyContent)
{
var formattedSigningTime = GetFormattedSigningTime(dateTime);
var stringToSign = $"{formattedSigningTime}{cfInstanceCertContent}{roleName}";
var data = Encoding.UTF8.GetBytes(stringToSign);
byte[] keyBytes;
using (var reader = new StringReader(cfInstanceKeyContent))
{
var pemReader = new PemReader(reader);
var pemObject = pemReader.ReadPemObject();
keyBytes = pemObject.Content;
}
var seq = (Asn1Sequence)Asn1Object.FromByteArray(keyBytes);
var rsa = RsaPrivateKeyStructure.GetInstance(seq);
var signer = new PssSigner(new RsaEngine(), new Sha256Digest(), 222);
signer.Init(true, new RsaKeyParameters(true, rsa.Modulus, rsa.PrivateExponent));
signer.BlockUpdate(data, 0, data.Length);
var signature = signer.GenerateSignature();
return($"v1:{Convert.ToBase64String(signature)}");
}
public static void LoadKeys(out byte[] priv, out byte[] pub)
{
byte[] privKeyRaw;
byte[] pubKeyRaw;
string privKeyPem;
string pubKeyPem;
//initialize the byte arrays
priv = null;
pub = null;
//read the raw bytes from the file
privKeyRaw = FileManager.ReadBytes("private.key.pem");
pubKeyRaw = FileManager.ReadBytes("public.key.pem");
if (privKeyRaw == null || pubKeyRaw == null)
{
return;
}
//get the string from the file
privKeyPem = Encoding.ASCII.GetString(privKeyRaw);
pubKeyPem = Encoding.ASCII.GetString(pubKeyRaw);
//get the key byte arrays from the PEM data
System.IO.TextReader privStream = new System.IO.StringReader(privKeyPem);
System.IO.TextReader pubStream = new System.IO.StringReader(pubKeyPem);
PemReader rdrPriv = new PemReader(privStream);
PemReader rdrPub = new PemReader(pubStream);
PemObject pemPriv = rdrPriv.ReadPemObject();
PemObject pemPub = rdrPub.ReadPemObject();
priv = (pemPriv.Type == "LOCKNOTE PRIVATE KEY") ? pemPriv.Content : null;
pub = (pemPub.Type == "LOCKNOTE PUBLIC KEY") ? pemPub.Content : null;
}
private AsymmetricKeyParameter GetPrivateKeyParameters(string privateKey)
{
using var reader = new StringReader(privateKey);
var pemReader = new PemReader(reader);
return(PrivateKeyFactory.CreateKey(pemReader.ReadPemObject().Content));
}
public static byte[] GetCertificatePublicKeyInDer()
{
var reader = new StringReader(CertificatePem);
var pem = new PemReader(reader);
return(pem.ReadPemObject().Content);
}
public KeyPair GetKeyPair()
{
var keyGenerationParameters = new KeyGenerationParameters(new SecureRandom(), 4096);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var keys = keyPairGenerator.GenerateKeyPair();
var keyPair = new KeyPair();
var textWriter = new StringWriter();
var pemWriter = new PemWriter(textWriter);
pemWriter.WriteObject(keys.Public);
pemWriter.Writer.Flush();
keyPair.pemPublicKey = textWriter.ToString();
var textReader = new StringReader(keyPair.pemPublicKey);
var pemReader = new PemReader(textReader);
keyPair.publicKey = pemReader.ReadPemObject().Content;
textWriter = new StringWriter();
pemWriter = new PemWriter(textWriter);
pemWriter.WriteObject(keys.Private);
pemWriter.Writer.Flush();
keyPair.pemPrivateKey = textWriter.ToString();
textReader = new StringReader(keyPair.pemPrivateKey);
pemReader = new PemReader(textReader);
keyPair.privateKey = pemReader.ReadPemObject().Content;
return(keyPair);
}
public byte[] PemToByte(string key)
{
var textReader = new StringReader(key);
var pemReader = new PemReader(textReader);
return(pemReader.ReadPemObject().Content);
}
/// <summary>
/// Read a request from a string and return a PKCS10Parser instance
/// </summary>
/// <param name="Request">The request.</param>
/// <returns>
/// PKCS10Parser instance with the request loaded
/// </returns>
/// <exception cref="System.ApplicationException">PEM string does not contain a request
/// or
/// String does not contain a request</exception>
public static Pkcs10Parser ReadRequestFromString(string Request)
{
try // Try PEM first
{
PemReader rdr = new PemReader(new StringReader(Request));
PemObject pem = rdr.ReadPemObject();
if (pem == null)
{
throw new IOException();
}
// Should check it is a request
if (!pem.Type.Contains("REQUEST"))
{
throw new ApplicationException("PEM string does not contain a request");
}
return(new Pkcs10Parser(pem));
}
catch (IOException) // Not a PEM request
{
try
{
return(new Pkcs10Parser(Convert.FromBase64String(Request)));
}
catch (IOException) // Not a request
{
throw new ApplicationException("String does not contain a request");
}
}
}
private static byte[] ExtractKeyBytes(string pemFormattedKey)
{
var stringReader = new StringReader(pemFormattedKey);
var pemReader = new PemReader(stringReader);
var pem = pemReader.ReadPemObject();
return(pem.Content);
}
public byte[] Unpack(string obj)
{
var str = new StringReader(obj);
var pemReader = new PemReader(str);
var pemObj = pemReader.ReadPemObject();
return(pemObj.Content);
}
private string GenerateX509Cert(string publicKey, string x509Subject)
{
Asn1Sequence asn1Sequence = null;
using (var reader = new StringReader(publicKey))
{
// Read the RSA public key from the input string.
var pemReader = new PemReader(reader);
var pemObject = pemReader.ReadPemObject();
asn1Sequence = (Asn1Sequence)Asn1Object.FromByteArray(pemObject.Content);
}
// Generate a TBS certificate. We use placeholder-like values since
// the consumer of this certificate should only use the subject
// public key info.
var tbsCertGen = new V3TbsCertificateGenerator();
tbsCertGen.SetSerialNumber(new DerInteger(1));
var signatureAlgId = new AlgorithmIdentifier(PkcsObjectIdentifiers.Sha1WithRsaEncryption, DerNull.Instance);
tbsCertGen.SetSignature(signatureAlgId);
tbsCertGen.SetIssuer(new X509Name("CN=Root Agency"));
var dateTimeNow = DateTime.Now;
tbsCertGen.SetStartDate(new Time(dateTimeNow.AddMinutes(-10)));
tbsCertGen.SetEndDate(new Time(dateTimeNow.AddYears(1))); // Openssh key doesn`t have any start/end date, this is to satisfy RDFE
tbsCertGen.SetSubject(new X509Name(x509Subject));
tbsCertGen.SetSubjectPublicKeyInfo(new SubjectPublicKeyInfo(new AlgorithmIdentifier(PkcsObjectIdentifiers.RsaEncryption, DerNull.Instance), asn1Sequence));
var tbsCert = tbsCertGen.GenerateTbsCertificate();
// Per RFC 3280, the layout of an X.509 v3 certificate looks like:
// Certificate ::= SEQUENCE {
// tbsCertificate TBSCertificate,
// signatureAlgorithm AlgorithmIdentifier,
// signatureValue BIT STRING
// }
// Since we don't have access to the private key, we cannot create
// a signature for the TBS. However, a valid certificate requires
// a bit string for the signature value, so we use a 0-byte array
// in its place.
Asn1EncodableVector v = new Asn1EncodableVector();
v.Add(tbsCert);
v.Add(signatureAlgId);
v.Add(new DerBitString(new byte[0]));
var derSequence = new DerSequence(v);
// Output the DER-encoded X509 certificate.
var sb = new StringBuilder();
using (var writer = new StringWriter(sb, CultureInfo.InvariantCulture))
{
var pemWriter = new PemWriter(writer);
pemWriter.WriteObject(new PemObject("CERTIFICATE", derSequence.GetEncoded()));
}
return(sb.ToString());
}
public static PemObject LoadPemResource(string resource)
{
using (Stream s = File.Open(resource, FileMode.Open))
{
PemReader p = new PemReader(new StreamReader(s));
PemObject o = p.ReadPemObject();
return(o);
}
}
internal static PemObject LoadPemResource(string resource)
{
Stream s = SimpleTest.GetTestDataAsStream("tls." + resource);
PemReader p = new PemReader(new StreamReader(s));
PemObject o = p.ReadPemObject();
p.Reader.Close();
return(o);
}
public static PemObject LoadPemResource(string path)
{
using (var s = new System.IO.StreamReader(path))
{
PemReader p = new PemReader(s);
PemObject o = p.ReadPemObject();
return(o);
}
throw new Exception("'resource' doesn't specify a valid private key");
}
private RsaKeyParameters GetPublicKeyParameters(string publicKey)
{
using var reader = new StringReader(publicKey);
var pemReader = new PemReader(reader);
var content = pemReader.ReadPemObject().Content;
var asn1PublicKey = SubjectPublicKeyInfo.GetInstance(content).ParsePublicKey();
var key = RsaPublicKeyStructure.GetInstance(asn1PublicKey);
return(new RsaKeyParameters(false, key.Modulus, key.PublicExponent));
}
/// <summary>
/// Get the private key object from the raw key
/// </summary>
/// <param name="pem"></param>
/// <returns></returns>
public static Ed25519PublicKeyParameters DecodeEd25519PublicKey(string pem)
{
TextReader textReader = new StringReader(pem);
PemReader pemReader = new PemReader(textReader);
var pemObject = pemReader.ReadPemObject();
var keyParameters = new Ed25519PublicKeyParameters(pemObject.Content, 0);
var publicKey = DecodeEd25519PublicKey(pemObject.Content);
return(publicKey);
}
/// <summary>
/// Get the private key object from the raw key
/// </summary>
/// <param name="pem"></param>
/// <returns></returns>
public static Ed25519PrivateKeyParameters DecodeEd25519PrivateKey(string pem)
{
TextReader textReader = new StringReader(pem);
PemReader pemReader = new PemReader(textReader);
var pemObject = pemReader.ReadPemObject();
byte[] seed = pemObject.Content.Skip(18).Take(32).ToArray();
var privateKey = DecodeEd25519PrivateKey(seed);
return(privateKey);
}
private PemObject ReadPemObject()
{
var pemReader = new PemReader(new StringReader(pemContents));
var pem = pemReader.ReadPemObject();
if (!"EC PRIVATE KEY".Equals(pem.Type))
{
throw new ParsingException($"Expected EC PRIVATE KEY, got {pem.Type}");
}
return(pem);
}
private static PemObject ReadPemObject(string pemContents)
{
var pemReader = new PemReader(new StringReader(pemContents));
var pem = pemReader.ReadPemObject();
if (!pem.Type.Equals("EC PRIVATE KEY", StringComparison.InvariantCultureIgnoreCase))
{
throw new ParsingException($"Expected EC PRIVATE KEY, got {pem.Type}");
}
return(pem);
}
public IAsymmetricKey GetAsDer(string key)
{
var pemReader = new PemReader(new StringReader(key));
var pemObject = pemReader.ReadPemObject();
if (pemObject.Type.Contains("PUBLIC"))
{
return(keyProvider.GetPublicKey(pemObject.Content));
}
return(pemObject.Type.Contains("ENCRYPTED") ? keyProvider.GetEncryptedPrivateKey(pemObject.Content) : keyProvider.GetPrivateKey(pemObject.Content));
}
public static Rsa CreateFromPublicPEM(string publicPem)
{
using (var publicPemStream = GetMemoryStream(publicPem))
{
using (var streamReaderPub = new StreamReader(publicPemStream))
{
var pemPubReader = new PemReader(streamReaderPub);
var pub = pemPubReader.ReadPemObject();
var pubKey = PublicKeyFactory.CreateKey(pub.Content);
return(new Rsa(pubKey));
}
}
}
public void LoadCertificateFromPem(Stream stream)
{
List <byte[]> chain = new List <byte[]>();
PemReader reader = new PemReader(new StreamReader(stream));
PemObject pem = reader.ReadPemObject();
while (pem != null)
{
if (pem.Type.EndsWith("CERTIFICATE"))
{
chain.Add(pem.Content);
}
else if (pem.Type.EndsWith("PRIVATE KEY"))
{
_PrivateKey = Certificates.GetPrivateKeyFromPEM(pem);
}
pem = reader.ReadPemObject();
}
_Certificate = new Certificate();
_Certificate.CertChain = chain;
_Certificate.CertificateType = TCertificateType.X509;
}
public static X509Certificate GetX509Certificate(string pemEncodedCert)
{
using (TextReader textReader = new StringReader(pemEncodedCert))
{
var pemReader = new PemReader(textReader);
var pemObject = pemReader.ReadPemObject();
if (pemObject.GetType().ToString().EndsWith("CERTIFICATE", StringComparison.InvariantCultureIgnoreCase))
{
var certStructure = X509CertificateStructure.GetInstance(pemObject.Content);
return(new X509Certificate(certStructure));
}
throw new ArgumentException("'pemEncodedCert' doesn't specify a valid certificate");
}
}
/// <summary>
/// Reads a certificate signing request encoded in PEM.
/// </summary>
/// <param name="pemEncodedCsr">The PEM encoded certificate signing request.</param>
/// <returns>
/// The certificate signing request.
/// </returns>
/// <exception cref="ArgumentNullException"><paramref name="pemEncodedCsr"/> is null.</exception>
/// <exception cref="ArgumentException"><paramref name="pemEncodedCsr"/> is white space.</exception>
public static Pkcs10CertificationRequest ReadCsrFromPemEncodedString(
string pemEncodedCsr)
{
new { pemEncodedCsr }.Must().NotBeNullNorWhiteSpace();
Pkcs10CertificationRequest result;
using (var stringReader = new StringReader(pemEncodedCsr))
{
var pemReader = new PemReader(stringReader);
var pemObject = pemReader.ReadPemObject();
result = new Pkcs10CertificationRequest(pemObject.Content);
}
return(result);
}
public IEcKey GetAsDer(string ecKey)
{
var pemReader = new PemReader(new StringReader(ecKey));
PemObject pemObject = pemReader.ReadPemObject();
if (pemObject.Type.Contains("PUBLIC"))
{
throw new InvalidOperationException("EC key format not supported.");
}
if (ecKey.Contains("ENCRYPTED"))
{
throw new InvalidOperationException("Encrypted SEC1 EC key format is not supported.");
}
return(keyProvider.GetSec1PrivateKeyAsPkcs8(pemObject.Content));
}
private static void test()
{
var msg = "Ivona je mala!";
var msg_array = Encoding.ASCII.GetBytes(msg);
var key = makeKey();
var iv = makeIV();
var cry = Encrypt3DES_CBC(msg_array, key, iv, true);
var decrx = Encrypt3DES_CBC(cry, key, iv, false);
var izlaz = Encoding.ASCII.GetString(decrx);
StreamReader txtStream = File.OpenText(@"ServerCert\server_rsa.pem");
PemReader reader = new PemReader(txtStream);
var obj = reader.ReadPemObject();
var tst = obj.Generate();
var t2 = Convert.ToBase64String((obj.Content));
var num = new BigInteger("789");
var publicKey = new MPInteger(num);
var pubStringKey = publicKey.Value.ToString();
int pubLength = pubStringKey.Length;
var size = BitConverter.GetBytes(pubLength);
// reverse zbog toga da ide iz little u big endian - ("normalni")
Array.Reverse(size);
List <byte> rezultat = new List <byte>();
rezultat.AddRange(size);
rezultat.AddRange(Encoding.ASCII.GetBytes(pubStringKey));
var all = rezultat.ToArray();
byte[] velicina = new byte[4];
all.Take(size.Length);
Array.Reverse(velicina);
int packetSize = BitConverter.ToInt32(velicina, 0);
var broj = all.Skip(4).ToArray();
var brojString = Encoding.ASCII.GetString(broj);
var bigintBroj = new BigInteger(brojString);
bool valja = bigintBroj.Equals(num);
}
/// <summary>
/// Extracts a certificate chain from PKCS#7 CMS payload encoded in PEM.
/// </summary>
/// <param name="pemEncodedPkcs7">The payload containing the PKCS#7 CMS data.</param>
/// <remarks>
/// The method is expecting a PKCS#7/CMS SignedData structure containing no "content" and zero SignerInfos.
/// </remarks>
/// <returns>
/// The certificate chain contained in the specified payload.
/// </returns>
/// <exception cref="ArgumentNullException"><paramref name="pemEncodedPkcs7"/> is null.</exception>
/// <exception cref="ArgumentException"><paramref name="pemEncodedPkcs7"/> is white space.</exception>
public static IReadOnlyList <X509Certificate> ReadCertChainFromPemEncodedPkcs7CmsString(
string pemEncodedPkcs7)
{
new { pemEncodedPkcs7 }.Must().NotBeNullNorWhiteSpace();
IReadOnlyList <X509Certificate> result;
using (var stringReader = new StringReader(pemEncodedPkcs7))
{
var pemReader = new PemReader(stringReader);
var pemObject = pemReader.ReadPemObject();
var data = new CmsSignedData(pemObject.Content);
var certStore = data.GetCertificates("COLLECTION");
result = certStore.GetMatches(null).Cast <X509Certificate>().ToList();
}
return(result);
}
public static Rsa CreateFromPrivatePEM(string privatePem)
{
using (var privatePemStream = GetMemoryStream(privatePem))
{
using (var streamReaderPriv = new StreamReader(privatePemStream))
{
var pemPrivReader = new PemReader(streamReaderPriv);
var priv = pemPrivReader.ReadPemObject();
var seq = Asn1Sequence.GetInstance(priv.Content);
var rsa = RsaPrivateKeyStructure.GetInstance(seq);
var pubSpec = new RsaKeyParameters(false, rsa.Modulus, rsa.PublicExponent);
var privSpec = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent,
rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2,
rsa.Coefficient);
return(new Rsa(pubSpec, privSpec));
}
}
}
private static string[] keysFromPem(string pem)
{
checkValidPEM(pem);
StringReader stringReader = new StringReader(pem);
PemReader pemReader = new PemReader(stringReader);
PemObject pemObj = pemReader.ReadPemObject();
string DERfromPEM = BitCoinSharp.Utils.BytesToHexString(pemObj.Content);
string uncompPubKey = DERfromPEM.Substring(DERfromPEM.Length - 128);
string compPubKey = compPubKeyFromUncompPubKey(uncompPubKey);
string privKey = DERfromPEM.Substring(14, 64);
compPubKey = checkHas64(compPubKey);
privKey = checkHas64(privKey);
string[] keyInfo = { uncompPubKey.ToUpper(), compPubKey.ToUpper(), privKey.ToUpper() };
return(keyInfo);
}
public void Decode()
{
try
{
var pemReader = new PemReader(new StringReader(contents));
var pem = pemReader.ReadPemObject();
if (!"EC PRIVATE KEY".Equals(pem.Type))
{
throw new ParsingException($"Expected EC PRIVATE KEY, got {pem.Type}");
}
var headers = pem.Headers.OfType <PemHeader>().ToList();
DecodeHeaders(headers);
DecodeContent(pem.Content);
}
catch (IOException e)
{
throw new ParsingException("Could not read PEM", e);
}
}