public void TestImportCertificates() { var database = new SqliteCertificateDatabase("smime.db", "no.secret"); var dataDir = Path.Combine("..", "..", "TestData", "smime"); var certificates = new List <X509Certificate> (); using (var ctx = new DefaultSecureMimeContext(database)) { foreach (var filename in CertificateAuthorities) { var path = Path.Combine(dataDir, filename); using (var stream = File.OpenRead(path)) { var parser = new X509CertificateParser(); foreach (X509Certificate certificate in parser.ReadCertificates(stream)) { certificates.Add(certificate); ctx.Import(certificate); } } } // make sure each certificate is there and then delete them... foreach (var certificate in certificates) { var record = database.Find(certificate, X509CertificateRecordFields.Id); Assert.IsNotNull(record, "Find"); database.Remove(record); } } }
/// <summary> /// Imports a DER-encoded certificate stream. /// </summary> /// <remarks> /// Imports all of the certificates in the DER-encoded stream. /// </remarks> /// <param name="stream">The raw certificate(s).</param> /// <param name="trusted"><c>true</c> if the certificates are trusted.</param> /// <exception cref="System.ArgumentNullException"> /// <paramref name="stream"/> is <c>null</c>. /// </exception> public void Import(Stream stream, bool trusted) { if (stream == null) { throw new ArgumentNullException(nameof(stream)); } var parser = new X509CertificateParser(); foreach (X509Certificate certificate in parser.ReadCertificates(stream)) { X509CertificateRecord record; if ((record = dbase.Find(certificate, X509CertificateRecordFields.Id | X509CertificateRecordFields.Trusted)) != null) { if (trusted && !record.IsTrusted) { record.IsTrusted = trusted; dbase.Update(record, X509CertificateRecordFields.Trusted); } continue; } record = new X509CertificateRecord(certificate); record.IsTrusted = trusted; dbase.Add(record); } }
public static byte[] GenerateP12(string privateKey, byte[] pemCertificate, string password) { var rng = new SecureRandom(); Pkcs12Store pkcs12Store = new Pkcs12Store(); var parser = new X509CertificateParser(); var certChain = parser.ReadCertificates(pemCertificate); PemReader pemReader = new PemReader(new StringReader(privateKey)); var keypair = pemReader.ReadObject() as AsymmetricCipherKeyPair; var privateKeyPart = keypair.Private; X509CertificateEntry[] certEntry = new X509CertificateEntry[certChain.Count]; int index = 0; foreach (var cert in certChain) { certEntry[index] = new X509CertificateEntry(cert as X509Certificate); index++; } pkcs12Store.SetKeyEntry(certEntry[0].Certificate.SubjectDN.ToString(), new AsymmetricKeyEntry(privateKeyPart), certEntry); MemoryStream memoryStream = new MemoryStream(); pkcs12Store.Save(memoryStream, null, rng); return(memoryStream.ToArray()); }
public void SetUp() { using (var ctx = CreateContext()) { var dataDir = Path.Combine("..", "..", "TestData", "smime"); string path; CryptographyContext.Register(ctx.GetType()); foreach (var filename in CertificateAuthorities) { path = Path.Combine(dataDir, filename); using (var file = File.OpenRead(path)) { if (ctx is DefaultSecureMimeContext) { ((DefaultSecureMimeContext)ctx).Import(file, true); } else { var parser = new X509CertificateParser(); foreach (X509Certificate certificate in parser.ReadCertificates(file)) { ctx.Import(certificate); } } } } path = Path.Combine(dataDir, "smime.p12"); using (var file = File.OpenRead(path)) ctx.Import(file, "no.secret"); } }
public void TestCertificateConversion() { var fileNames = new string[] { "certificate-authority.crt", "intermediate.crt", "StartComCertificationAuthority.crt", "StartComClass1PrimaryIntermediateClientCA.crt" }; var dataDir = Path.Combine("..", "..", "TestData", "smime"); var parser = new X509CertificateParser(); foreach (var fileName in fileNames) { using (var stream = File.OpenRead(Path.Combine(dataDir, fileName))) { foreach (X509Certificate certificate in parser.ReadCertificates(stream)) { var certificate2 = certificate.AsX509Certificate2(); var certificate1 = certificate2.AsBouncyCastleCertificate(); Assert.AreEqual(certificate2.Thumbprint, certificate1.GetFingerprint().ToUpperInvariant(), "Fingerprint"); Assert.AreEqual(certificate2.GetNameInfo(X509NameType.EmailName, true), certificate1.GetIssuerNameInfo(X509Name.EmailAddress), "Issuer Email"); Assert.AreEqual(certificate2.GetNameInfo(X509NameType.EmailName, false), certificate1.GetSubjectEmailAddress(), "Subject Email"); Assert.AreEqual(certificate2.GetNameInfo(X509NameType.SimpleName, false), certificate1.GetCommonName(), "Common Name"); var usage2 = GetX509Certificate2KeyUsageFlags(certificate2); var usage1 = certificate1.GetKeyUsageFlags(); Assert.AreEqual(usage2, usage1, "KeyUsageFlags"); } } } }
/// <summary> /// Adds issuer certificates. /// </summary> /// <param name="certificates">The issuer certificates.</param> public void Add(byte[] certificates) { var certParser = new X509CertificateParser(); var issuers = certParser.ReadCertificates(certificates).OfType <X509Certificate>(); foreach (var cert in issuers) { this.certificates[cert.SubjectDN] = cert; } }
internal static List <X509Certificate> ReadAllCerts(byte[] contentsKey) { X509CertificateParser cf = new X509CertificateParser(); List <X509Certificate> certs = new List <X509Certificate>(); foreach (X509Certificate cc in cf.ReadCertificates(contentsKey)) { certs.Add(cc); } return(certs); }
/// <summary> /// Zertifikat von einer URL herunterladen /// </summary> /// <param name="downloadUrl">Die URL von der das Zertifikat heruntergeladen werden soll</param> /// <returns>Zertifikat (mit zusätzlichen Zertifikaten, damit eine vollständige Zertifikat-Kette erstellt werden kann)</returns> /// <remarks> /// Die URL wird von der Funktion <see cref="QueryOrderStatusAsync"/> zurückgeliefert, wenn der <see cref="OstcOrderStatus"/> /// den Wert <see cref="OstcOrderStatus.Successful"/> hat. /// </remarks> public async Task <IReadOnlyList <X509Certificate> > DownloadCertificateAsync(Uri downloadUrl) { var response = await _client.GetAsync(downloadUrl); response.EnsureSuccessStatusCode(); var certData = await response.Content.ReadAsByteArrayAsync(); var parser = new X509CertificateParser(); var certs = parser.ReadCertificates(certData).Cast <X509Certificate>().ToList(); return(certs); }
/// <summary> /// Imports a DER-encoded certificate stream. /// </summary> /// <remarks> /// Imports the certificate(s). /// </remarks> /// <param name="stream">The raw certificate(s).</param> /// <param name="trusted"><c>true</c> if the certificates are trusted; othewrwise, <c>false</c>.</param> /// <exception cref="System.ArgumentNullException"> /// <paramref name="stream"/> is <c>null</c>. /// </exception> public void Import(Stream stream, bool trusted) { if (stream == null) { throw new ArgumentNullException(nameof(stream)); } var parser = new X509CertificateParser(); foreach (X509Certificate certificate in parser.ReadCertificates(stream)) { Import(certificate, trusted); } }
/// <summary> /// Imports the certificate(s) from the specified stream. /// </summary> /// <remarks> /// Imports the certificate(s) from the specified stream. /// </remarks> /// <param name="stream">The stream to import.</param> /// <exception cref="System.ArgumentNullException"> /// <paramref name="stream"/> is <c>null</c>. /// </exception> /// <exception cref="System.IO.IOException"> /// An error occurred reading the stream. /// </exception> public void Import(Stream stream) { if (stream == null) { throw new ArgumentNullException(nameof(stream)); } var parser = new X509CertificateParser(); foreach (X509Certificate certificate in parser.ReadCertificates(stream)) { if (unique.Add(certificate)) { certs.Add(certificate); } } }
public IList LoadCertificates() { if (!Directory.Exists(_source)) { throw new DirectoryNotFoundException("Directory not found: " + _source); } List <X509Certificate> certList = new List <X509Certificate>(); string[] files = Directory.GetFiles(_source); List <string> failures = new List <string>(); foreach (string file in files) { try { if (SkipResource(_ignore, file)) { continue; } X509CertificateParser certParser = new X509CertificateParser(); using (Stream stream = new FileStream(file, FileMode.Open)) { var certs = certParser.ReadCertificates(stream); stream.Close(); foreach (var cert in certs) { certList.Add(cert as X509Certificate); } } } catch (Exception e) { failures.Add(string.Format("Failed loading file {0}\r\n{1}", file, e.Message)); } } if (failures.Count > 0) { string result = failures.Aggregate((current, f) => current + f + "\r\n"); throw new Exception(result); } return(certList); }
// Constructors for validating existing signatures /** * Use this constructor if you want to verify a signature using the sub-filter adbe.x509.rsa_sha1. * @param contentsKey the /Contents key * @param certsKey the /Cert key * @param provider the provider or <code>null</code> for the default provider */ public PdfPKCS7(byte[] contentsKey, byte[] certsKey) { X509CertificateParser cf = new X509CertificateParser(); certs = new List <X509Certificate>(); foreach (X509Certificate cc in cf.ReadCertificates(certsKey)) { if (signCert != null) { signCert = cc; } certs.Add(cc); } signCerts = certs; crls = new List <X509Crl>(); Asn1InputStream inp = new Asn1InputStream(new MemoryStream(contentsKey)); digest = ((Asn1OctetString)inp.ReadObject()).GetOctets(); sig = SignerUtilities.GetSigner("SHA1withRSA"); sig.Init(false, signCert.GetPublicKey()); }
/// <summary> /// Imports a DER-encoded certificate stream. /// </summary> /// <remarks> /// Imports all of the certificates in the DER-encoded stream. /// </remarks> /// <param name="stream">The raw certificate(s).</param> /// <param name="trusted"><c>true</c> if the certificates are trusted.</param> /// <exception cref="System.ArgumentNullException"> /// <paramref name="stream"/> is <c>null</c>. /// </exception> public void Import(Stream stream, bool trusted) { if (stream == null) { throw new ArgumentNullException("stream"); } var parser = new X509CertificateParser(); foreach (X509Certificate certificate in parser.ReadCertificates(stream)) { if (dbase.Find(certificate, X509CertificateRecordFields.Id) != null) { continue; } var record = new X509CertificateRecord(certificate); record.IsTrusted = trusted; dbase.Add(record); } }
public void TestAddRemove() { var certificates = new List <X509Certificate> (); var parser = new X509CertificateParser(); var store = new X509CertificateStore(); foreach (var authority in CertificateAuthorities) { var path = GetTestDataPath(authority); using (var stream = File.OpenRead(path)) { foreach (X509Certificate certificate in parser.ReadCertificates(stream)) { certificates.Add(certificate); } } } foreach (var certificate in certificates) { store.Add(certificate); } var count = store.Certificates.Count(); Assert.AreEqual(CertificateAuthorities.Length, count, "Unexpected number of certificates after Add."); foreach (var certificate in certificates) { var key = store.GetPrivateKey(certificate); Assert.IsNull(key, "GetPrivateKey"); store.Remove(certificate); } count = store.Certificates.Count(); Assert.AreEqual(0, count, "Unexpected number of certificates after Remove."); }
void ParseKeySets() { var fi = new FileInfo(FilePath); long contentLength = fi.Length; using (var ms = new MemoryStream((int)contentLength)) { using (var fs = fi.OpenRead()) { fs.CopyTo(ms); } ms.Position = 0; Certificates = certificatePemParser.ReadCertificates(ms).Cast <X509Certificate>(); ms.Position = 0; PrivateKey = privateKeyParser.ReadPrivateKey(ms); } var cert1 = Certificates.ElementAt(0); string alias = "bridgePro1"; var pkcs12Store = Pkcs12Store = new Pkcs12Store(); var certEntry = new X509CertificateEntry(cert1); pkcs12Store.SetCertificateEntry(alias, certEntry); var certKey = PrivateKey; pkcs12Store.SetKeyEntry(alias, new AsymmetricKeyEntry(certKey), new[] { certEntry }); using (MemoryStream pfxStream = new MemoryStream()) { pkcs12Store.Save(pfxStream, null, new SecureRandom()); pfxStream.Seek(0, SeekOrigin.Begin); KeyedCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(pfxStream.ToArray()); } }
/// <summary> /// Herunterladen des Zertifikats /// </summary> /// <param name="orderId">ID des Auftrags</param> /// <returns>Zertifikat von der OSTC (private Schlüssel fehlt hier!)</returns> /// <remarks>Es wird eine Exception ausgelöst, wenn noch kein Schlüssel verfügbar ist.</remarks> public async Task <IReadOnlyList <X509Certificate> > DownloadCertificateAsync(string orderId) { var query = new OstcSchluessel { Auftragsnummer = orderId, ItemElementName = (OstcKeyType)Enum.Parse(typeof(OstcKeyType), Sender.SenderId.Type.ToString()), Item = Sender.SenderId.Id, }; var queryData = OstcUtils.Serialize(query, Iso88591); ValidateData(queryData, OstcMessageType.KeyData); var now = DateTime.Now; var message = new TransportRequestType() { version = SupportedVersionsType.Item11, profile = ExtraProfileOstc, TransportHeader = CreateRequestHeader(now, OstcDataType.Key, ExtraScenario.RequestWithResponse), TransportBody = new TransportRequestBodyType { Items = new object[] { new DataType { Item = new Base64CharSequenceType() { Value = queryData, }, }, }, }, }; ValidateRequest(message, OstcMessageType.Key); var messageData = OstcExtraSerializer.Iso88591.Serialize(message); var request = CreateRequest(Network.Requests.KeyRequest); using (var requestStream = await Task.Factory.FromAsync(request.BeginGetRequestStream, request.EndGetRequestStream, null)) { requestStream.Write(messageData, 0, messageData.Length); } using (var response = await Task.Factory.FromAsync(request.BeginGetResponse, request.EndGetResponse, null)) { var serializer = new XmlSerializer(typeof(TransportResponseType)); var responseData = (TransportResponseType)serializer.Deserialize(response.GetResponseStream()); var flags = responseData.TransportHeader.GetFlags().ToList(); if (flags.Any(x => x.weight == ExtraFlagWeight.Error)) { throw new Ostc2Exception(flags); } var certData = ((Base64CharSequenceType)((DataType)responseData.TransportBody.Items[0]).Item).Value; var parser = new X509CertificateParser(); var certs = parser.ReadCertificates(certData).Cast <X509Certificate>().ToList(); return(certs); } }
/** * Use this constructor if you want to verify a signature using * the sub-filter adbe.pkcs7.detached or adbe.pkcs7.sha1. * @param contentsKey the /Contents key * @param tsp set to true if there's a PAdES LTV time stamp. * @param provider the provider or <code>null</code> for the default provider */ public PdfPKCS7(byte[] contentsKey, bool tsp) { isTsp = tsp; Asn1InputStream din = new Asn1InputStream(new MemoryStream(contentsKey)); // // Basic checks to make sure it's a PKCS#7 SignedData Object // Asn1Object pkcs; try { pkcs = din.ReadObject(); } catch { throw new ArgumentException(MessageLocalization.GetComposedMessage("can.t.decode.pkcs7signeddata.object")); } if (!(pkcs is Asn1Sequence)) { throw new ArgumentException(MessageLocalization.GetComposedMessage("not.a.valid.pkcs.7.object.not.a.sequence")); } Asn1Sequence signedData = (Asn1Sequence)pkcs; DerObjectIdentifier objId = (DerObjectIdentifier)signedData[0]; if (!objId.Id.Equals(SecurityIDs.ID_PKCS7_SIGNED_DATA)) { throw new ArgumentException(MessageLocalization.GetComposedMessage("not.a.valid.pkcs.7.object.not.signed.data")); } Asn1Sequence content = (Asn1Sequence)((Asn1TaggedObject)signedData[1]).GetObject(); // the positions that we care are: // 0 - version // 1 - digestAlgorithms // 2 - possible ID_PKCS7_DATA // (the certificates and crls are taken out by other means) // last - signerInfos // the version version = ((DerInteger)content[0]).Value.IntValue; // the digestAlgorithms digestalgos = new Dictionary <string, object>(); IEnumerator e = ((Asn1Set)content[1]).GetEnumerator(); while (e.MoveNext()) { Asn1Sequence s = (Asn1Sequence)e.Current; DerObjectIdentifier o = (DerObjectIdentifier)s[0]; digestalgos[o.Id] = null; } // the certificates and crls X509CertificateParser cf = new X509CertificateParser(); certs = new List <X509Certificate>(); foreach (X509Certificate cc in cf.ReadCertificates(contentsKey)) { certs.Add(cc); } crls = new List <X509Crl>(); // the possible ID_PKCS7_DATA Asn1Sequence rsaData = (Asn1Sequence)content[2]; if (rsaData.Count > 1) { Asn1OctetString rsaDataContent = (Asn1OctetString)((Asn1TaggedObject)rsaData[1]).GetObject(); RSAdata = rsaDataContent.GetOctets(); } // the signerInfos int next = 3; while (content[next] is Asn1TaggedObject) { ++next; } Asn1Set signerInfos = (Asn1Set)content[next]; if (signerInfos.Count != 1) { throw new ArgumentException(MessageLocalization.GetComposedMessage("this.pkcs.7.object.has.multiple.signerinfos.only.one.is.supported.at.this.time")); } Asn1Sequence signerInfo = (Asn1Sequence)signerInfos[0]; // the positions that we care are // 0 - version // 1 - the signing certificate issuer and serial number // 2 - the digest algorithm // 3 or 4 - digestEncryptionAlgorithm // 4 or 5 - encryptedDigest signerversion = ((DerInteger)signerInfo[0]).Value.IntValue; // Get the signing certificate Asn1Sequence issuerAndSerialNumber = (Asn1Sequence)signerInfo[1]; Org.BouncyCastle.Asn1.X509.X509Name issuer = Org.BouncyCastle.Asn1.X509.X509Name.GetInstance(issuerAndSerialNumber[0]); BigInteger serialNumber = ((DerInteger)issuerAndSerialNumber[1]).Value; foreach (X509Certificate cert in certs) { if (issuer.Equivalent(cert.IssuerDN) && serialNumber.Equals(cert.SerialNumber)) { signCert = cert; break; } } if (signCert == null) { throw new ArgumentException(MessageLocalization.GetComposedMessage("can.t.find.signing.certificate.with.serial.1", issuer.ToString() + " / " + serialNumber.ToString(16))); } CalcSignCertificateChain(); digestAlgorithmOid = ((DerObjectIdentifier)((Asn1Sequence)signerInfo[2])[0]).Id; next = 3; if (signerInfo[next] is Asn1TaggedObject) { Asn1TaggedObject tagsig = (Asn1TaggedObject)signerInfo[next]; Asn1Set sseq = Asn1Set.GetInstance(tagsig, false); sigAttr = sseq.GetEncoded(Asn1Encodable.Der); for (int k = 0; k < sseq.Count; ++k) { Asn1Sequence seq2 = (Asn1Sequence)sseq[k]; if (((DerObjectIdentifier)seq2[0]).Id.Equals(SecurityIDs.ID_MESSAGE_DIGEST)) { Asn1Set sset = (Asn1Set)seq2[1]; digestAttr = ((DerOctetString)sset[0]).GetOctets(); } else if (((DerObjectIdentifier)seq2[0]).Id.Equals(SecurityIDs.ID_ADBE_REVOCATION)) { Asn1Set setout = (Asn1Set)seq2[1]; Asn1Sequence seqout = (Asn1Sequence)setout[0]; for (int j = 0; j < seqout.Count; ++j) { Asn1TaggedObject tg = (Asn1TaggedObject)seqout[j]; if (tg.TagNo == 1) { Asn1Sequence seqin = (Asn1Sequence)tg.GetObject(); FindOcsp(seqin); } if (tg.TagNo == 0) { Asn1Sequence seqin = (Asn1Sequence)tg.GetObject(); FindCRL(seqin); } } } } if (digestAttr == null) { throw new ArgumentException(MessageLocalization.GetComposedMessage("authenticated.attribute.is.missing.the.digest")); } ++next; } digestEncryptionAlgorithmOid = ((DerObjectIdentifier)((Asn1Sequence)signerInfo[next++])[0]).Id; digest = ((Asn1OctetString)signerInfo[next++]).GetOctets(); if (next < signerInfo.Count && (signerInfo[next] is DerTaggedObject)) { Asn1TaggedObject taggedObject = (Asn1TaggedObject)signerInfo[next]; Asn1Set unat = Asn1Set.GetInstance(taggedObject, false); Org.BouncyCastle.Asn1.Cms.AttributeTable attble = new Org.BouncyCastle.Asn1.Cms.AttributeTable(unat); Org.BouncyCastle.Asn1.Cms.Attribute ts = attble[PkcsObjectIdentifiers.IdAASignatureTimeStampToken]; if (ts != null && ts.AttrValues.Count > 0) { Asn1Set attributeValues = ts.AttrValues; Asn1Sequence tokenSequence = Asn1Sequence.GetInstance(attributeValues[0]); Org.BouncyCastle.Asn1.Cms.ContentInfo contentInfo = Org.BouncyCastle.Asn1.Cms.ContentInfo.GetInstance(tokenSequence); this.timeStampToken = new TimeStampToken(contentInfo); } } if (isTsp) { Org.BouncyCastle.Asn1.Cms.ContentInfo contentInfoTsp = Org.BouncyCastle.Asn1.Cms.ContentInfo.GetInstance(signedData); this.timeStampToken = new TimeStampToken(contentInfoTsp); TimeStampTokenInfo info = timeStampToken.TimeStampInfo; String algOID = info.MessageImprintAlgOid; messageDigest = DigestUtilities.GetDigest(algOID); } else { if (RSAdata != null || digestAttr != null) { messageDigest = GetHashClass(); encContDigest = GetHashClass(); } sig = SignerUtilities.GetSigner(GetDigestAlgorithm()); sig.Init(false, signCert.GetPublicKey()); } }
protected SecureMimeTestsBase() { using (var ctx = CreateContext()) { var dataDir = Path.Combine("..", "..", "TestData", "smime"); string path; CryptographyContext.Register(ctx.GetType()); if (ctx is WindowsSecureMimeContext) { var windows = (WindowsSecureMimeContext)ctx; var parser = new X509CertificateParser(); using (var stream = File.OpenRead(Path.Combine(dataDir, "certificate-authority.crt"))) { foreach (X509Certificate certificate in parser.ReadCertificates(stream)) { windows.Import(StoreName.AuthRoot, certificate); } } using (var stream = File.OpenRead(Path.Combine(dataDir, "intermediate.crt"))) { foreach (X509Certificate certificate in parser.ReadCertificates(stream)) { windows.Import(StoreName.CertificateAuthority, certificate); } } using (var stream = File.OpenRead(Path.Combine(dataDir, "StartComCertificationAuthority.crt"))) { foreach (X509Certificate certificate in parser.ReadCertificates(stream)) { windows.Import(StoreName.AuthRoot, certificate); } } using (var stream = File.OpenRead(Path.Combine(dataDir, "StartComClass1PrimaryIntermediateClientCA.crt"))) { foreach (X509Certificate certificate in parser.ReadCertificates(stream)) { windows.Import(StoreName.CertificateAuthority, certificate); } } } else { foreach (var filename in CertificateAuthorities) { path = Path.Combine(dataDir, filename); using (var stream = File.OpenRead(path)) { if (ctx is DefaultSecureMimeContext) { ((DefaultSecureMimeContext)ctx).Import(stream, true); } else { var parser = new X509CertificateParser(); foreach (X509Certificate certificate in parser.ReadCertificates(stream)) { ctx.Import(certificate); } } } } } path = Path.Combine(dataDir, "smime.p12"); using (var file = File.OpenRead(path)) ctx.Import(file, "no.secret"); } }