Exemplo n.º 1
0
 /*public static String GetPublicKey(byte[] data)
 {
     OpenCertificate();
     X509Certificate2 myCert = new X509Certificate2(data);
     String publicKey = myCert.GetPublicKeyString();
     return publicKey;
 }*/
 public static byte[] GetPublicKey(byte[] data)
 {
     OpenCertificate();
     X509Certificate2 myCert = new X509Certificate2(data);
     byte[] publicKey = myCert.GetPublicKey();
     return publicKey;
 }
Exemplo n.º 2
0
        public static byte[] GetPublicKey(byte[] certDER)
        {
            byte[] publickeyDER = null;

            try {
                // DERで取得
                List <byte> pubkey_pkcs8 = new List <byte>();
                {
                    var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certDER);

                    // ここで取れるデータはPKCS#1形式の公開鍵
                    // 先頭に
                    // 30820122300d06092a864886f70d01010105000382010f00
                    // を付加するとOpenSSLで取り扱い可能なPKCS#8になる
                    // https://qiita.com/hotpepsi/items/128f3a660cee8b5467c6
                    byte[] pubkey_pkcs1 = x509.GetPublicKey();

                    pubkey_pkcs8.AddRange(Common.HexStringToBytes("30820122300d06092a864886f70d01010105000382010f00").ToArray());
                    pubkey_pkcs8.AddRange(pubkey_pkcs1.ToArray());
                }

                publickeyDER = pubkey_pkcs8.ToArray();
            } catch (Exception ex) {
                logger.Debug(ex);
            }

            return(publickeyDER);
        }
Exemplo n.º 3
0
        private static HttpStatusCode UploadNewManagementCert(string subscriptionId, X509Certificate2 existingCertificate, string newCertificateCerFilePath)
        {
            var statusCode = HttpStatusCode.Unused;
            var newCertificate = new X509Certificate2(newCertificateCerFilePath);

            var creds = new CertificateCloudCredentials(subscriptionId, existingCertificate);
            var client = new ManagementClient(creds);

            var parm = new ManagementCertificateCreateParameters()
            {
                Data = newCertificate.RawData,
                PublicKey = newCertificate.GetPublicKey(),
                Thumbprint = newCertificate.Thumbprint
            };

            //Hyak throws an exception for a Created result, which is actually  the success code
            try
            {
                var response = client.ManagementCertificates.Create(parm);
            }
            catch (CloudException ex)
            {
                statusCode = ex.Response.StatusCode;
            }

            return statusCode;
        }
Exemplo n.º 4
0
        /// <summary>
        /// 加载密码加密证书
        /// </summary>
        public static RSACryptoServiceProvider initEncryptCert()
        {
            X509Certificate2 pc = new X509Certificate2(SDKConfig.EncryptCert);
                byte[] by=pc.GetPublicKey();

               RSACryptoServiceProvider pl = new RSACryptoServiceProvider();
               return  (RSACryptoServiceProvider)pc.PublicKey.Key;
        }
Exemplo n.º 5
0
 static void Main(string[] args)
 {
     X509Certificate2 cert = new X509Certificate2(args[0]);
     SHA256 sha = new SHA256CryptoServiceProvider();
     byte[] result = sha.ComputeHash(cert.GetPublicKey());
     SoapHexBinary shb = new SoapHexBinary(result);
     Console.WriteLine(shb.ToString());
 }
Exemplo n.º 6
0
        public MFTestResults CertTest_Test()
        {
            bool bRes = true;

            try
            {
                //string filename = "microsoft.cer";
                using (Session session = new Session("", MechanismType.RSA_PKCS))
                {
                    X509Certificate2 cert = new X509Certificate2(session, Properties.Resources.GetBytes(Properties.Resources.BinaryResources.microsoft));
                    Log.Comment(cert.Subject);

                    Log.Comment(cert.Issuer);

                    byte[] serialNumber = new byte[cert.GetSerialNumber().Length];
                    Array.Copy(cert.GetSerialNumber(), 0,
                                         serialNumber, 0,
                                         cert.GetSerialNumber().Length);
                    PrintByteArray(serialNumber);

                    Log.Comment(cert.GetKeyAlgorithm());


                    byte[] publicKey = new byte[cert.GetPublicKey().Length];
                    Array.Copy(cert.GetPublicKey(), 0,
                                         publicKey, 0,
                                         cert.GetPublicKey().Length);
                    PrintByteArray(publicKey);

                    Log.Comment(cert.GetEffectiveDateString());
                    Log.Comment(cert.GetExpirationDateString());
                }
            }
            catch
            {
                bRes = false;
            }

            return bRes ? MFTestResults.Pass : MFTestResults.Fail;
        }
Exemplo n.º 7
0
 public void AnalysePackage(byte[] s_cOneArray)
 {
     //取ServerHello中的随机数
     Array.ConstrainedCopy(s_cOneArray, 15, scOne.ServerHello.Random_bytes, 0, 28);
     Array.Copy(scOne.ServerHello.Random_bytes, App.SeverHelloAndClientHelloRandom, 28);
     Array.Copy(scOne.ServerHello.Random_bytes, 0, App.ClientHelloAndServerHelloRandom, 28, 28);
     //取ServerHello中的Length
     Array.ConstrainedCopy(s_cOneArray, 6, scOne.ServerHello.Length, 0, 3);
     string lengthHEX = JinZhiHelper.DecimalTo2HEX(scOne.ServerHello.Length[0])
         + JinZhiHelper.DecimalTo2HEX(scOne.ServerHello.Length[1])
         + JinZhiHelper.DecimalTo2HEX(scOne.ServerHello.Length[2]);
     scOne.ServerHello.LengthValue = Convert.ToInt32(lengthHEX, 16);
     //取Certificates中的公钥
     Array.ConstrainedCopy(s_cOneArray, 5 + 4 + scOne.ServerHello.LengthValue + 15, scOne.Certificate.Certificates, 0, 1376);
     X509Certificate2 cert = new X509Certificate2(scOne.Certificate.Certificates);
     scOne.Certificate.SubjectPublicKey = cert.GetPublicKey();
     App.PublicKey = cert.PublicKey;
 }
 public static string BuildHashForPublicKey(X509Certificate2 certificate, HashAlgorithm algorithm)
 {
     var PUBLIC_KEY_INFO_TYPE = new IntPtr(8);
     IntPtr publicKeyParametersBuffer = IntPtr.Zero, publicKeyBuffer = IntPtr.Zero, encodingBuffer = IntPtr.Zero;
     try
     {
         var publicKey = certificate.GetPublicKey();
         publicKeyParametersBuffer = Marshal.AllocCoTaskMem(certificate.PublicKey.EncodedParameters.RawData.Length);
         publicKeyBuffer = Marshal.AllocCoTaskMem(publicKey.Length);
         Marshal.Copy(certificate.PublicKey.EncodedParameters.RawData, 0, publicKeyParametersBuffer, certificate.PublicKey.EncodedParameters.RawData.Length);
         Marshal.Copy(publicKey, 0, publicKeyBuffer, publicKey.Length);
         var publicKeyInfo = new CERT_PUBLIC_KEY_INFO();
         publicKeyInfo.Algorithm = new CRYPT_ALGORITHM_IDENTIFIER();
         publicKeyInfo.PublicKey = new CRYPT_BIT_BLOB();
         publicKeyInfo.Algorithm.pszObjId = certificate.PublicKey.EncodedKeyValue.Oid.Value;
         publicKeyInfo.Algorithm.Parameters = new CRYPT_OBJID_BLOB();
         publicKeyInfo.PublicKey.cbData = (uint)publicKey.Length;
         publicKeyInfo.PublicKey.cUnusedBits = 0;
         publicKeyInfo.PublicKey.pbData = publicKeyBuffer;
         publicKeyInfo.Algorithm.Parameters.cbData = (uint)certificate.PublicKey.EncodedParameters.RawData.Length;
         publicKeyInfo.Algorithm.Parameters.pbData = publicKeyParametersBuffer;
         uint size = 0;
         if (Crypto32.CryptEncodeObject(1, PUBLIC_KEY_INFO_TYPE, publicKeyInfo, IntPtr.Zero, ref size))
         {
             encodingBuffer = Marshal.AllocCoTaskMem((int)size);
             if (Crypto32.CryptEncodeObject(1, PUBLIC_KEY_INFO_TYPE, publicKeyInfo, encodingBuffer, ref size))
             {
                 var encoded = new byte[size];
                 Marshal.Copy(encodingBuffer, encoded, 0, encoded.Length);
                 return Convert.ToBase64String(algorithm.ComputeHash(encoded));
             }
         }
     }
     finally
     {
         Marshal.FreeCoTaskMem(publicKeyParametersBuffer);
         Marshal.FreeCoTaskMem(encodingBuffer);
         Marshal.FreeCoTaskMem(publicKeyBuffer);
     }
     return null;
 }
Exemplo n.º 9
0
 /// <summary>
 /// Gets the <see cref="DSA" /> public key from the certificate or null if the certificate does not have a DSA public key.
 /// </summary>
 public static DSA GetDSAPublicKey(this X509Certificate2 certificate)
 {
     return(certificate.GetPublicKey <DSA>());
 }
 /// <summary>
 ///     Checks that two certificate are equal. Verifies that the public keys and expiration dates for
 ///     <paramref
 ///         name="first" />
 ///     and
 ///     <paramref
 ///         name="second" />
 ///     are the same.
 /// </summary>
 /// <param name="first"> The first certificate to compare </param>
 /// <param name="second"> The second certificate to compare </param>
 /// <returns> True if the certificates are equal, otherwise false </returns>
 public static bool IsEqualTo(this X509Certificate2 first, X509Certificate2 second) {
     return first.GetPublicKey() == second.GetPublicKey() &&
         first.NotAfter == second.NotAfter;
 }
Exemplo n.º 11
0
        public static void SignXml(ref XmlDocument document, X509Certificate2 certificate, RequestType requestType)
        {
            document.PreserveWhitespace = true;

            if (requestType == RequestType.Invoice || requestType == RequestType.Buisness_premise)
            {
                XmlNode nodeTaxNumber = document.GetElementsByTagName("fu:TaxNumber")[0];
                nodeTaxNumber.InnerText = AppLink.VATNumber;
                string taxNumber = nodeTaxNumber.InnerText;

                if (requestType == RequestType.Invoice)
                {
                    string issueDate = DateTime.Now.ToUniversalTime().ToString("s");
                    XmlNode nodeIssueDate = document.GetElementsByTagName("fu:IssueDateTime")[0];
                    nodeIssueDate.InnerText = issueDate;

                    XmlNode nodeInvoiceNumber = document.GetElementsByTagName("fu:InvoiceNumber")[0];
                    string invoiceNumber = nodeInvoiceNumber.InnerText;

                    XmlNode nodeBusinessPremiseID = document.GetElementsByTagName("fu:BusinessPremiseID")[0];
                    string businessPremiseID = nodeBusinessPremiseID.InnerText;

                    XmlNode nodeElectronicDeviceID = document.GetElementsByTagName("fu:ElectronicDeviceID")[0];
                    string electronicDeviceID = nodeElectronicDeviceID.InnerText;

                    XmlNode nodeInvoiceAmount = document.GetElementsByTagName("fu:InvoiceAmount")[0];
                    string invoiceAmount = nodeInvoiceAmount.InnerText;

                    string zoi = CalculateZOI(taxNumber, issueDate, invoiceNumber, businessPremiseID, electronicDeviceID, invoiceAmount, certificate);

                    XmlNode nodeZoi = document.GetElementsByTagName("fu:ProtectedID")[0];
                    nodeZoi.InnerText = zoi;
                }
            }

            CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");

            if (document == null)
                throw new ArgumentException("xmlDoc");

            // Create a SignedXml object.
            SignedXml signedXml = new SignedXml(document);

            byte[] data = certificate.GetPublicKey();
            string base64 = Convert.ToBase64String(data);

            RSACryptoServiceProvider rsaCSP = (RSACryptoServiceProvider)certificate.PrivateKey;
            CspParameters cspParameters = new CspParameters();
            cspParameters.KeyContainerName = rsaCSP.CspKeyContainerInfo.KeyContainerName;
            cspParameters.KeyNumber = rsaCSP.CspKeyContainerInfo.KeyNumber == KeyNumber.Exchange ? 1 : 2;
            RSACryptoServiceProvider rsaAesCSP = new RSACryptoServiceProvider(cspParameters);

            signedXml.SigningKey = rsaAesCSP; //newKey;

            KeyInfo keyInfo = new KeyInfo();
            KeyInfoX509Data keyInfoData = new KeyInfoX509Data();
            keyInfoData.AddIssuerSerial(certificate.Issuer, certificate.SerialNumber);

            X509Extension extension = certificate.Extensions[1];
            AsnEncodedData asndata = new AsnEncodedData(extension.Oid, extension.RawData);
            keyInfoData.AddSubjectName(certificate.SubjectName.Name);

            // Create a reference to be signed.
            Reference reference = new Reference();
            reference.Uri = "#test";
            reference.DigestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256";

            // Add an enveloped transformation to the reference.
            XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
            reference.AddTransform(env);

            // Add the reference to the SignedXml object.
            signedXml.AddReference(reference);

            keyInfo.AddClause(keyInfoData);
            signedXml.KeyInfo = keyInfo;

            signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";

            // Compute the signature.
            signedXml.ComputeSignature();

            // Get the XML representation of the signature and save
            // it to an XmlElement object.
            XmlElement xmlDigitalSignature = signedXml.GetXml();

            XmlNode element;
            if (requestType == RequestType.Invoice)
            {
                element = document.GetElementsByTagName("fu:InvoiceRequest")[0];

            }
            else
            {
                element = document.GetElementsByTagName("fu:BusinessPremiseRequest")[0];
            }

            element.AppendChild(xmlDigitalSignature);
        }
Exemplo n.º 12
0
        // Filters the given list of certificates down to only the certificates that match the given certificate.
        private void FindMatchingCertificates(List<X509Certificate2> certificates, X509Certificate2 certificate)
        {
            byte[] hash = certificate.GetCertHash();
            byte[] key = certificate.GetPublicKey();

            for (int i = certificates.Count - 1; i >= 0; i--)
            {
                if (!hash.SequenceEqual(certificates[i].GetCertHash()) || !key.SequenceEqual(certificates[i].GetPublicKey()))
                    certificates.RemoveAt(i);
            }
        }
Exemplo n.º 13
0
        /// <summary>
        /// Verifies the PK fingerprint.
        /// </summary>
        /// <returns><c>true</c>, if PK fingerprint was verifyed, <c>false</c> otherwise.</returns>
        /// <param name="endCert">End cert.</param>
        /// <param name="requestUri">Request URI.</param>
        private static bool VerifyPublicKey(System.Security.Cryptography.X509Certificates.X509Certificate endCert, String requestUri)
        {
            SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation VerifyPublicKey "+ requestUri);

            string[] publickey = null;
            foreach(KeyValuePair<string, string[]> entry in IPhoneIO.PublicKey)
            {
                if(requestUri.StartsWith(entry.Key)) {
                    SystemLogger.Log (SystemLogger.Module.PLATFORM, "*** found fingerprint to check for requestUri: ["+requestUri+"]");

                    publickey = new string[entry.Value.Length];
                    int i = 0;
                    foreach (string fprint in entry.Value) {
                        publickey[i] = ToThumbprint (fprint);
                    }
                }
            }

            if (publickey != null) {

                W.X509Certificate2 certificateThumb = new W.X509Certificate2 (endCert);

                var PublicThumb = BitConverter.ToString (certificateThumb.GetPublicKey ()).Replace ("-", "");

                //SystemLogger.Log (SystemLogger.Module.PLATFORM, "**************** Certificate PublicThumb: [" + PublicThumb + "]");

                //SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation io-services-config publickey: [" + string.Join(",", publickey) + "]");

                if (!publickey.Contains (PublicThumb)) {
                    SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation Public Key ERROR!!!");
                    return false;
                }
            } else {
                SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** WARNING!! Certificate Validation Public Key NOT FOUND!!! (you should provide a valid fingerprint in your io-sevices-config.xml file in order to validate HTTPS web certificates)");
                return false;
            }

            return true;
        }
Exemplo n.º 14
0
 /// <summary>
 /// Gets the <see cref="ECDsa" /> public key from the certificate or null if the certificate does not have an ECDsa public key.
 /// </summary>
 public static ECDsa?GetECDsaPublicKey(this X509Certificate2 certificate)
 {
     return(certificate.GetPublicKey <ECDsa>(cert => HasECDsaKeyUsage(cert)));
 }
Exemplo n.º 15
0
 /// <summary>
 /// Gets the <see cref="Gost3410" /> public key from the certificate or null if the certificate does not have an Gost3410 public key.
 /// </summary>
 public static Gost3410 GetGost3410PublicKey(this X509Certificate2 certificate)
 {
     return(certificate.GetPublicKey <Gost3410>());
 }
Exemplo n.º 16
0
 /// <summary>
 /// Gets the <see cref="Gost3410_2012_512" /> public key from the certificate or null if the certificate does not have an Gost3410 public key.
 /// </summary>
 public static Gost3410_2012_512 GetGost3410_2012_512PublicKey(this X509Certificate2 certificate)
 {
     return(certificate.GetPublicKey <Gost3410_2012_512>());
 }
 public static ECDsa GetECDsaPublicKey(this X509Certificate2 certificate)
 {
     return(certificate.GetPublicKey <ECDsa>());
 }
Exemplo n.º 18
0
        /// <summary>
        /// Encrypts a value using the requested certificate.
        /// The certificate must have a valid RSA public key.
        /// </summary>
        /// <param name="value">The value to be encrypted.</param>
        /// <param name="certificate">The certificate used to encrypt the value.</param>
        /// <remarks> 
        /// First a cryptographically random AES key is generated.
        /// The value is encrypted using that AES key.
        /// The AES key is then encrypted using the RSA key from the certificate.
        /// Then the encrypted value is joined with the encrypted AES key.
        /// That result is base 64 encoded and returned.
        /// 
        /// The format of the result in binary (before base 64 encoding) is the following:
        /// [AES key length in bytes] - Length: 4 bytes
        /// [AES block size in bytes] - Length: 4 bytes
        /// [AES key encrypted length in bytes] - Length: 4 bytes
        /// [AES initialization vector encrypted length in bytes] - Length: 4 bytes
        /// [Certificate public key length in bytes] - Length: 4 bytes
        /// [Certificate public key] - Length: Public key length
        /// [Encrypted AES key] - Length: AES key encrypted length bytes
        /// [Encrypted AES initialization vector] - Length: AES Block size bytes
        /// [Encrypted value] - Length: remaining data length
        /// </remarks>
        /// <returns>The encrypted, base64-encoded value.</returns>
        public static string Encrypt(string value, X509Certificate2 certificate)
        {
            const int keySizeBits = 256;
            const int keySizeBytes = keySizeBits / 8;
            const int blockSizeBits = 128;
            const int blockSizeBytes = blockSizeBits / 8;

            // Get the RSA key from the certificate
            var rsa = certificate.PublicKey.Key as RSACryptoServiceProvider;
            if (rsa == null)
            {
                throw new InvalidOperationException("Certificate does not contain an RSA public key.");
            }

            // Get the public key as a byte array
            var publicKey = certificate.GetPublicKey();

            using (var aes = new AesManaged
            {
                KeySize = keySizeBits,
                BlockSize = blockSizeBits,
                Mode = CipherMode.CBC
            })
            {
                // Generate a cryptographically random initialization vector and key
                aes.GenerateIV();
                aes.GenerateKey();

                if (aes.IV.Length != blockSizeBytes)
                {
                    throw new InvalidOperationException("AES IV size is not equal to the block size.");
                }

                // Encrypt the AES key and initialization vector
                var keyBytes = rsa.Encrypt(aes.Key, false);
                var ivBytes = rsa.Encrypt(aes.IV, false);

                using (var memory = new MemoryStream())
                {
                    // Write the AES key length and block size
                    memory.WriteInt(keySizeBytes);
                    memory.WriteInt(blockSizeBytes);

                    // Write the sizes of the encrypted AES key and initialization vector
                    memory.WriteInt(keyBytes.Length);
                    memory.WriteInt(ivBytes.Length);

                    // Write the size of the certificate public key
                    memory.WriteInt(publicKey.Length);

                    // Write the public key
                    memory.Write(publicKey, 0, publicKey.Length);

                    // Write the encrypted AES key and initialization vector
                    memory.Write(keyBytes, 0, keyBytes.Length);
                    memory.Write(ivBytes, 0, ivBytes.Length);

                    // Encrypt and write the actual value using the aes encryption
                    using (var transform = aes.CreateEncryptor())
                    using (var crypto = new CryptoStream(memory, transform, CryptoStreamMode.Write))
                    {
                        var bytes = Encoding.UTF8.GetBytes(value);
                        crypto.Write(bytes, 0, bytes.Length);
                        crypto.FlushFinalBlock();
                    }

                    // Return the base 64 encoded result
                    return Convert.ToBase64String(memory.ToArray(), Base64FormattingOptions.InsertLineBreaks);
                }
            }
        }
Exemplo n.º 19
0
 /// <summary>
 /// Gets the <see cref="RSA" /> public key from the certificate or null if the certificate does not have an RSA public key.
 /// </summary>
 public static RSA?GetRSAPublicKey(this X509Certificate2 certificate)
 {
     return(certificate.GetPublicKey <RSA>());
 }
Exemplo n.º 20
0
        private static string Rfc4050XmlMaker(string algo, DerObjectIdentifier keyAlgoOid, X509Certificate2 cert)
        {
            if (!algo.Equals("ECDH", StringComparison.InvariantCultureIgnoreCase) &&
                !algo.Equals("ECDSA", StringComparison.InvariantCultureIgnoreCase))
                throw new Exception("Cannot generate rfc4050 keys for unknown EC algorithm");

            algo = algo.ToUpper();
            var namedCurve = SecNamedCurves.GetByOid(keyAlgoOid);
            var publickey = new ECPublicKeyParameters(algo,
                        namedCurve.Curve.DecodePoint(cert.GetPublicKey()), // Q
                        keyAlgoOid);

            //now we have the public key in bouncy castle
            //we can create the xml to import to CngKey
            string xml = "<" + algo + @"KeyValue xmlns='http://www.w3.org/2001/04/xmldsig-more#'>
                              <DomainParameters>
                                <NamedCurve URN='urn:oid:" + keyAlgoOid.Id + @"' />
                              </DomainParameters>
                              <PublicKey>
                                <X Value='" + publickey.Q.X.ToBigInteger() +
                                                        @"' xsi:type='PrimeFieldElemType' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' />
                                <Y Value='" + publickey.Q.Y.ToBigInteger() +
                                                        @"' xsi:type='PrimeFieldElemType' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' />
                              </PublicKey>
                            </" + algo + "KeyValue>";

            return xml;
        }