private PeerNode AuthenticateNode(SslStream clientSslStream, Socket clientSocket)
{
string nodeIP = clientSocket.RemoteEndPoint.ToString().Split(':')[0];
// if cert is empty or come with the default/harcoded hash, this a new node.
// Generate and send him a certificate
if (clientSslStream.RemoteCertificate == null ||
clientSslStream.RemoteCertificate.GetCertHashString() == "3EE15BE077586D9CB9AEC105AE8AB0613ED6C34B")
{
//TODO : make certmanager directly return an X509Certificate2
//TODO : store the whole cert into a 'Password' structure (need private key if client
// node is lost (or its certificate is lost), or to do cross-restores
Mono.Security.X509.PKCS12 newCert = GenerateNewClientCertificate(nodeIP);
// new node, unknown by hub. let's add it in "pending for approval" status
var x509cert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2();
x509cert2.Import(newCert.Certificates[0].RawData, "",
System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.PersistKeySet | System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable);
var u = CreateNewNode(nodeIP, new NodeCertificate(x509cert2));
u.SetSockets(clientSslStream, clientSocket);
u.SendCertificate(newCert.GetBytes());
u.Disconnect();
return(null);
}
X509Certificate2 remoteCert = new X509Certificate2(clientSslStream.RemoteCertificate);
PeerNode node = new DAL.NodeDAO().NodeApproved(remoteCert.GetSerialNumber());
node.IP = nodeIP;
if (node != null)
{
Logger.Append("HUBRN", Severity.TRIVIA, "Newly connected node : Id=" + node.Id + ", NodeName=" + node.Name + ",IP=" + node.IP + ", status=" + node.Status);
if (!node.Locked)
{
node.Status = NodeStatus.Idle;
}
else
{
node.Status = NodeStatus.Locked; // pending for manual approval
Logger.Append("HUBRN", Severity.NOTICE, "Newly connected node #" + node.Id + " is locked.");
}
}
node.SetSockets(clientSslStream, clientSocket);
node.SendAuthStatus();
return(node);
}
public static byte[] CrearPFX(byte[] bytesCER, byte[] bytesKEY, string password)
{
try
{
if (bytesCER == null || bytesKEY == null)
{
throw new Exception("Empty cer and or key");
}
var certificate = new Mono.Security.X509.X509Certificate(bytesCER);
char[] arrayOfChars = password.ToCharArray();
AsymmetricKeyParameter privateKey = Org.BouncyCastle.Security.PrivateKeyFactory.DecryptKey(arrayOfChars, bytesKEY);
RSA subjectKey = DotNetUtilitiesCustom.ToRSA((RsaPrivateCrtKeyParameters)privateKey);
Mono.Security.X509.PKCS12 p12 = new Mono.Security.X509.PKCS12();
p12.Password = password;
ArrayList list = new ArrayList();
// we use a fixed array to avoid endianess issues
// (in case some tools requires the ID to be 1).
list.Add(new byte[4] {
1, 0, 0, 0
});
Hashtable attributes = new Hashtable(1);
attributes.Add(Mono.Security.X509.PKCS9.localKeyId, list);
p12.AddCertificate(certificate, attributes);
p12.AddPkcs8ShroudedKeyBag(subjectKey, attributes);
return(p12.GetBytes());
}
catch (Exception ex)
{
throw new Exception("Los datos del Certificado CER KEY o Password son incorrectos. No es posible leer la llave privada.", ex);
}
}
