esiur/esiur-dotnet
2
0
Fork 0
mirror of https://github.com/esiur/esiur-dotnet.git synced 2026-04-04 04:18:22 +00:00
Code Issues Projects Releases Wiki Activity

WIP

Browse Source
This commit is contained in:
ahmed
2026-04-02 19:42:54 +03:00
parent 4fae21deaf
commit 74830eea0c
82 changed files with 2501 additions and 3008 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
Esiur/Security/Authority/AlienAuthentication.cs
View File

@@ -1,40 +0,0 @@
/*
Copyright (c) 2017 Ahmed Kh. Zamil
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace Esiur.Security.Authority;
public class AlienAuthentication : Authentication
{
public AlienAuthentication() :
base(AuthenticationType.Alien)
{
}
}

6
Esiur/Security/Authority/Authentication.cs
View File

@@ -32,7 +32,7 @@ namespace Esiur.Security.Authority;
public class Authentication
{
AuthenticationType type;
AuthenticationMode type;
public AuthenticationMethod Method { get; set; }
@@ -52,12 +52,12 @@ public class Authentication
set;
}
public AuthenticationType Type
public AuthenticationMode Type
{
get => type;
}
public Authentication(AuthenticationType type)
public Authentication(AuthenticationMode type)
{
this.type = type;
}

11
Esiur/Security/Authority/AuthenticationMethod.cs
View File

@@ -7,7 +7,12 @@ namespace Esiur.Security.Authority;
public enum AuthenticationMethod : byte
{
None,
Credentials,
Token,
Certificate
PpapCredentialsAnonymous,
PpapCredentialsCredentials,
PpapCredentialsHec,
PpapHecAnonymous,
PpapHecCredentials,
PpapHecHec,
HashAnonymous,
}

10
Esiur/Security/Authority/AuthenticationType.cs → Esiur/Security/Authority/AuthenticationMode.cs
View File

@@ -30,10 +30,10 @@ using System.Threading.Tasks;
namespace Esiur.Security.Authority;
public enum AuthenticationType
public enum AuthenticationMode:byte
{
Host,
CoHost,
Client,
Alien
None = 0x0,
InitializerIdentity = 0x1,
ResponderIdentity = 0x2,
DualIdentity = 0x3,
}

28
Esiur/Security/Authority/AuthenticationResult.cs Normal file
View File

@@ -0,0 +1,28 @@
using Esiur.Core;
using System;
using System.Collections.Generic;
using System.Text;
namespace Esiur.Security.Authority
{
public class AuthenticationResult
{
public AuthenticationRuling Ruling { get; internal set; }
public string Identity { get; internal set; }
public object HandshakePayload { get; internal set; }
public byte[] SessionKey { get; internal set; }
public ExceptionCode? ExceptionCode { get; internal set; }
public string ExceptionMessage { get; internal set; }
public AuthenticationResult(AuthenticationRuling ruling, string identity, object handshakePayload, byte[] sessionKey)
{
Ruling = ruling;
Identity = identity;
HandshakePayload = handshakePayload;
SessionKey = sessionKey;
}
}
}

13
Esiur/Security/Authority/AuthenticationRuling.cs Normal file
View File

@@ -0,0 +1,13 @@
using System;
using System.Collections.Generic;
using System.Text;
namespace Esiur.Security.Authority
{
public enum AuthenticationRuling
{
Failed,
InProgress,
Succeeded,
}
}

201
Esiur/Security/Authority/CACertificate.cs
View File

@@ -1,201 +0,0 @@
/*
Copyright (c) 2017 Ahmed Kh. Zamil
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
using Esiur.Data;
using Esiur.Core;
using Esiur.Misc;
using Esiur.Security.Cryptography;
using Esiur.Security.Integrity;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
namespace Esiur.Security.Authority;
public class CACertificate : Certificate
{
string name;
public string Name
{
get { return name; }
}
public CACertificate(byte[] data, uint offset, uint length, bool privateKeyIncluded = false)
: base(0, DateTime.MinValue, DateTime.MinValue, HashFunctionType.MD5)
{
uint oOffset = offset;
this.id = DC.GetUInt64(data, offset, Endian.Little);
offset += 8;
this.issueDate = DC.GetDateTime(data, offset, Endian.Little);
offset += 8;
this.expireDate = DC.GetDateTime(data, offset, Endian.Little);
offset += 8;
this.hashFunction = (HashFunctionType)(data[offset++] >> 4);
this.name = (Encoding.ASCII.GetString(data, (int)offset + 1, data[offset]));
offset += (uint)data[offset] + 1;
var aea = (AsymetricEncryptionAlgorithmType)(data[offset] >> 5);
if (aea == AsymetricEncryptionAlgorithmType.RSA)
{
var key = new RSAParameters();
uint exponentLength = (uint)data[offset++] & 0x1F;
key.Exponent = DC.Clip(data, offset, exponentLength);
offset += exponentLength;
uint keySize = DC.GetUInt16(data, offset, Endian.Little);
offset += 2;
key.Modulus = DC.Clip(data, offset, keySize);
offset += keySize;
// copy cert data
this.publicRawData = new byte[offset - oOffset];
Buffer.BlockCopy(data, (int)oOffset, publicRawData, 0, publicRawData.Length);
if (privateKeyIncluded)
{
uint privateKeyLength = (keySize * 3) + (keySize / 2);
uint halfKeySize = keySize / 2;
privateRawData = DC.Clip(data, offset, privateKeyLength);
key.D = DC.Clip(data, offset, keySize);
offset += keySize;
key.DP = DC.Clip(data, offset, halfKeySize);
offset += halfKeySize;
key.DQ = DC.Clip(data, offset, halfKeySize);
offset += halfKeySize;
key.InverseQ = DC.Clip(data, offset, halfKeySize);
offset += halfKeySize;
key.P = DC.Clip(data, offset, halfKeySize);
offset += halfKeySize;
key.Q = DC.Clip(data, offset, halfKeySize);
offset += halfKeySize;
}
// setup rsa
this.rsa = RSA.Create();// new RSACryptoServiceProvider();
this.rsa.ImportParameters(key);
}
}
public CACertificate(ulong id, string authorityName, DateTime issueDate, DateTime expireDate,
HashFunctionType hashFunction = HashFunctionType.SHA1, uint ip = 0, byte[] ip6 = null)
: base(id, issueDate, expireDate, hashFunction)
{
// assign type
BinaryList cr = new BinaryList();
// make header
cr.AddUInt64(id)
.AddDateTime(issueDate)
.AddDateTime(expireDate);
// hash function
cr.AddUInt8((byte)((byte)hashFunction << 4));
this.hashFunction = hashFunction;
// CA Name
this.name = authorityName;
cr.AddUInt8((byte)(authorityName.Length))
.AddUInt8Array(Encoding.ASCII.GetBytes(authorityName));
// public key
rsa = RSA.Create();// new RSACryptoServiceProvider(2048);
rsa.KeySize = 2048;
RSAParameters dRSAKey = rsa.ExportParameters(true);
cr.AddUInt8((byte)dRSAKey.Exponent.Length)
.AddUInt8Array(dRSAKey.Exponent)
.AddUInt16((ushort)dRSAKey.Modulus.Length)
.AddUInt8Array(dRSAKey.Modulus);
publicRawData = cr.ToArray();
privateRawData = DC.Merge(dRSAKey.D, dRSAKey.DP, dRSAKey.DQ, dRSAKey.InverseQ, dRSAKey.P, dRSAKey.Q);
}
public override bool Save(string filename, bool includePrivate = false)
{
try
{
if (includePrivate)
File.WriteAllBytes(filename, new BinaryList()
.AddUInt8((byte)CertificateType.CAPrivate)
.AddUInt8Array(publicRawData)
.AddUInt8Array(privateRawData)
.ToArray());
else
File.WriteAllBytes(filename, new BinaryList()
.AddUInt8((byte)CertificateType.CAPublic)
.AddUInt8Array(publicRawData).ToArray());
return true;
}
catch
{
return false;
}
}
public override byte[] Serialize(bool includePrivate = false)
{
if (includePrivate)
return new BinaryList()
.AddUInt8Array(publicRawData)
.AddUInt8Array(privateRawData)
.ToArray();
else
return publicRawData;
}
}

221
Esiur/Security/Authority/Certificate.cs
View File

@@ -1,221 +0,0 @@
/*
Copyright (c) 2019 - 2024 Ahmed Kh. Zamil
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
using Esiur.Data;
using Esiur.Core;
using Esiur.Misc;
using Esiur.Security.Cryptography;
using Esiur.Security.Integrity;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
namespace Esiur.Security.Authority;
public abstract class Certificate
{
protected DateTime issueDate, expireDate;
protected RSA rsa;
protected Aes aes;
protected byte[] publicRawData;
protected byte[] privateRawData;
protected ulong id;
protected HashFunctionType hashFunction;
public Certificate(ulong id, DateTime issueDate, DateTime expireDate, HashFunctionType hashFunction)
{
this.id = id;
this.issueDate = issueDate;
this.expireDate = expireDate;
this.hashFunction = hashFunction;
}
public ulong Id
{
get { return id; }
}
public AsymetricEncryptionAlgorithmType AsymetricEncryptionAlgorithm
{
get { return AsymetricEncryptionAlgorithmType.RSA; }
}
public byte[] AsymetricEncrypt(byte[] message)
{
return rsa.Encrypt(message, RSAEncryptionPadding.OaepSHA512);
}
public byte[] AsymetricEncrypt(byte[] message, uint offset, uint length)
{
if (message.Length != length)
return rsa.Encrypt(DC.Clip(message, offset, length), RSAEncryptionPadding.OaepSHA512);
else
return rsa.Encrypt(message, RSAEncryptionPadding.OaepSHA512);
}
public byte[] AsymetricDecrypt(byte[] message)
{
try
{
return rsa.Decrypt(message, RSAEncryptionPadding.OaepSHA512);
}
catch (Exception ex)
{
Global.Log("Certificate", LogType.Error, ex.ToString());
return null;
}
}
public byte[] AsymetricDecrypt(byte[] message, uint offset, uint length)
{
try
{
if (message.Length != length)
return rsa.Decrypt(DC.Clip(message, offset, length), RSAEncryptionPadding.OaepSHA512);
else
return rsa.Decrypt(message, RSAEncryptionPadding.OaepSHA512);
}
catch (Exception ex)
{
Global.Log("Certificate", LogType.Error, ex.ToString());
return null;
}
}
public byte[] SymetricEncrypt(byte[] message, uint offset, uint length)
{
byte[] rt = null;
using (var ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, aes.CreateEncryptor(), CryptoStreamMode.Write))
cs.Write(message, (int)offset, (int)length);
rt = ms.ToArray();
}
return rt;
}
public byte[] SymetricEncrypt(byte[] message)
{
return SymetricEncrypt(message, 0, (uint)message.Length);
}
public byte[] SymetricDecrypt(byte[] message, uint offset, uint length)
{
byte[] rt = null;
using (var ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, aes.CreateDecryptor(), CryptoStreamMode.Write))
cs.Write(message, (int)offset, (int)length);
rt = ms.ToArray();
}
return rt;
}
public byte[] SymetricDecrypt(byte[] message)
{
return SymetricDecrypt(message, 0, (uint)message.Length);
}
public byte[] Sign(byte[] message)
{
return Sign(message, 0, (uint)message.Length);
}
public byte[] Sign(byte[] message, uint offset, uint length)
{
if (hashFunction == HashFunctionType.SHA1)
return rsa.SignData(message, (int)offset, (int)length, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
else if (hashFunction == HashFunctionType.MD5)
return rsa.SignData(message, (int)offset, (int)length, HashAlgorithmName.MD5, RSASignaturePadding.Pkcs1);
else if (hashFunction == HashFunctionType.SHA256)
return rsa.SignData(message, (int)offset, (int)length, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
else if (hashFunction == HashFunctionType.SHA384)
return rsa.SignData(message, (int)offset, (int)length, HashAlgorithmName.SHA384, RSASignaturePadding.Pkcs1);
else if (hashFunction == HashFunctionType.SHA512)
return rsa.SignData(message, (int)offset, (int)length, HashAlgorithmName.SHA512, RSASignaturePadding.Pkcs1);
return null;
}
public bool InitializeSymetricCipher(SymetricEncryptionAlgorithmType algorithm, int keyLength, byte[] key, byte[] iv)
{
if (algorithm == SymetricEncryptionAlgorithmType.AES)
{
if (keyLength == 0) // 128 bit
{
aes = Aes.Create();
aes.Mode = CipherMode.CBC;
aes.Padding = PaddingMode.PKCS7;
aes.Key = key;
aes.IV = iv;
return true;
}
}
return false;
}
public abstract bool Save(string filename, bool includePrivate = false);
public abstract byte[] Serialize(bool includePrivate = false);
public static Certificate Load(string filename)
{
byte[] ar = File.ReadAllBytes(filename);
var t = (CertificateType)ar[0];
switch (t)
{
case CertificateType.CAPublic:
return new CACertificate(ar, 1, (uint)ar.Length - 1);
case CertificateType.CAPrivate:
return new CACertificate(ar, 1, (uint)ar.Length - 1, true);
case CertificateType.DomainPublic:
return new DomainCertificate(ar, 1, (uint)ar.Length - 1);
case CertificateType.DomainPrivate:
return new DomainCertificate(ar, 1, (uint)ar.Length - 1, true);
case CertificateType.UserPublic:
return new UserCertificate(ar, 1, (uint)ar.Length - 1);
case CertificateType.UserPrivate:
return new UserCertificate(ar, 1, (uint)ar.Length - 1, true);
}
return null;
}
}

41
Esiur/Security/Authority/CertificateType.cs
View File

@@ -1,41 +0,0 @@
/*
Copyright (c) 2017 Ahmed Kh. Zamil
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace Esiur.Security.Authority;
public enum CertificateType
{
CAPublic = 0,
CAPrivate,
DomainPublic,
DomainPrivate,
UserPublic,
UserPrivate
}

70
Esiur/Security/Authority/ClientAuthentication.cs
View File

@@ -1,70 +0,0 @@
/*
Copyright (c) 2017 Ahmed Kh. Zamil
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace Esiur.Security.Authority;
public class ClientAuthentication : Authentication
{
/*
string username;
byte[] password;
string domain;
byte[] token;
UserCertificate certificate;
public string Username => username;
public byte[] Password => password;
//public string Domain => domain;
public byte[] Token => token;
public byte[] Nounce { get; set; }
*/
public ClientAuthentication()
: base(AuthenticationType.Client)
{
}
/*
public ClientAuthentication(byte[] token)
: base(AuthenticationType.Client)
{
this.token = token;
}
public ClientAuthentication(string username, byte[] password)
: base(AuthenticationType.Client)
{
this.username = username;
this.password = password;
//this.domain = domain;
}
*/
}

40
Esiur/Security/Authority/CoHostAuthentication.cs
View File

@@ -1,40 +0,0 @@
/*
Copyright (c) 2017 Ahmed Kh. Zamil
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace Esiur.Security.Authority;
public class CoHostAuthentication : Authentication
{
public CoHostAuthentication()
: base(AuthenticationType.CoHost)
{
}
}

249
Esiur/Security/Authority/DomainCertificate.cs
View File

@@ -1,249 +0,0 @@
/*
Copyright (c) 2017 Ahmed Kh. Zamil
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
using Esiur.Data;
using Esiur.Misc;
using Esiur.Security.Cryptography;
using Esiur.Security.Integrity;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
namespace Esiur.Security.Authority;
public class DomainCertificate : Certificate
{
uint ip;
byte[] ip6;
string domain;
//CACertificate ca;
string caName;
ulong caId;
byte[] signature;
string authorityName;
public string AuthorityName
{
get { return authorityName; }
}
public string Domain
{
get { return domain; }
}
public byte[] Signature
{
get { return signature; }
}
public uint IPAddress
{
get { return ip; }
}
public byte[] IPv6Address
{
get { return ip6; }
}
public DomainCertificate(byte[] data, uint offset, uint length, bool privateKeyIncluded = false)
: base(0, DateTime.MinValue, DateTime.MinValue, HashFunctionType.MD5)
{
var oOffset = offset;
this.id = DC.GetUInt64(data, offset, Endian.Little);
offset += 8;
// load IPs
this.ip = DC.GetUInt32(data, offset, Endian.Little);
offset += 4;
this.ip6 = DC.Clip(data, offset, 16);
offset += 16;
this.issueDate = DC.GetDateTime(data, offset, Endian.Little);
offset += 8;
this.expireDate = DC.GetDateTime(data, offset, Endian.Little);
offset += 8;
this.domain = Encoding.ASCII.GetString(data, (int)offset + 1, data[offset]);
offset += (uint)data[offset] + 1;
this.authorityName = (Encoding.ASCII.GetString(data, (int)offset + 1, data[offset]));
offset += (uint)data[offset] + 1;
caId = DC.GetUInt64(data, offset, Endian.Little);
offset += 8;
var aea = (AsymetricEncryptionAlgorithmType)(data[offset] >> 5);
if (aea == AsymetricEncryptionAlgorithmType.RSA)
{
var key = new RSAParameters();
uint exponentLength = (uint)data[offset++] & 0x1F;
key.Exponent = DC.Clip(data, offset, exponentLength);
offset += exponentLength;
uint keySize = DC.GetUInt16(data, offset, Endian.Little);
offset += 2;
key.Modulus = DC.Clip(data, offset, keySize);
offset += keySize;
// copy cert data
publicRawData = new byte[offset - oOffset];
Buffer.BlockCopy(data, (int)oOffset, publicRawData, 0, publicRawData.Length);
if (privateKeyIncluded)
{
uint privateKeyLength = (keySize * 3) + (keySize / 2);
privateRawData = DC.Clip(data, offset, privateKeyLength);
uint halfKeySize = keySize / 2;
key.D = DC.Clip(data, offset, keySize);
offset += keySize;
key.DP = DC.Clip(data, offset, halfKeySize);
offset += halfKeySize;
key.DQ = DC.Clip(data, offset, halfKeySize);
offset += halfKeySize;
key.InverseQ = DC.Clip(data, offset, halfKeySize);
offset += halfKeySize;
key.P = DC.Clip(data, offset, halfKeySize);
offset += halfKeySize;
key.Q = DC.Clip(data, offset, halfKeySize);
offset += halfKeySize;
}
// setup rsa
rsa = RSA.Create();// new RSACryptoServiceProvider();
rsa.ImportParameters(key);
this.signature = DC.Clip(data, offset, length - (offset - oOffset));
}
}
public DomainCertificate(ulong id, string domain, CACertificate authority, DateTime issueDate,
DateTime expireDate, HashFunctionType hashFunction = HashFunctionType.SHA1, uint ip = 0, byte[] ip6 = null)
: base(id, issueDate, expireDate, hashFunction)
{
// assign type
var cr = new BinaryList();
// id
cr.AddUInt64(id);
// ip
this.ip = ip;
this.ip6 = ip6;
cr.AddUInt32(ip);
if (ip6?.Length == 16)
cr.AddUInt8Array(ip6);
else
cr.AddUInt8Array(new byte[16]);
cr.AddDateTime(issueDate)
.AddDateTime(expireDate);
// domain
this.domain = domain;
cr.AddUInt8((byte)(domain.Length))
.AddUInt8Array(Encoding.ASCII.GetBytes(domain));
// CA
this.caName = authority.Name;
cr.AddUInt8((byte)(authority.Name.Length))
.AddUInt8Array(Encoding.ASCII.GetBytes(authority.Name));
this.authorityName = authority.Name;
// CA Index
//co.KeyIndex = authority.KeyIndex;
this.caId = authority.Id;
cr.AddUInt64(caId);
// public key
rsa = RSA.Create();// new RSACryptoServiceProvider(2048);
rsa.KeySize = 2048;
RSAParameters dRSAKey = rsa.ExportParameters(true);
cr.AddUInt8((byte)dRSAKey.Exponent.Length)
.AddUInt8Array(dRSAKey.Exponent)
.AddUInt16((ushort)dRSAKey.Modulus.Length)
.AddUInt8Array(dRSAKey.Modulus);
publicRawData = cr.ToArray();
// private key
this.privateRawData = DC.Merge(dRSAKey.D, dRSAKey.DP, dRSAKey.DQ, dRSAKey.InverseQ, dRSAKey.P, dRSAKey.Q);
this.signature = authority.Sign(publicRawData);
}
public override bool Save(string filename, bool includePrivate = false)
{
try
{
if (includePrivate)
File.WriteAllBytes(filename, DC.Merge(new byte[] { (byte)CertificateType.DomainPrivate }, publicRawData, signature, privateRawData));
else
File.WriteAllBytes(filename, DC.Merge(new byte[] { (byte)CertificateType.DomainPublic }, publicRawData, signature));
return true;
}
catch
{
return false;
}
}
public override byte[] Serialize(bool includePrivate = false)
{
if (includePrivate)
return DC.Merge(publicRawData, signature, privateRawData);
else
return DC.Merge(publicRawData, signature);
}
}

41
Esiur/Security/Authority/HostAuthentication.cs
View File

@@ -1,41 +0,0 @@
/*
Copyright (c) 2017 Ahmed Kh. Zamil
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace Esiur.Security.Authority;
public class HostAuthentication : Authentication
{
public HostAuthentication()
: base(AuthenticationType.Host)
{
}
}

18
Esiur/Security/Authority/IAuthenticationHandler.cs Normal file
View File

@@ -0,0 +1,18 @@
using Esiur.Net.Packets;
using System;
using System.Collections.Generic;
using System.Text;
namespace Esiur.Security.Authority
{
public interface IAuthenticationHandler
{
public AuthenticationResult Initialize(Session session);
public AuthenticationResult Process(object handshakePayload);
public void Terminate(Session session);
public void Update(Session session, object authData);
}
}

13
Esiur/Security/Authority/IAuthenticationInitiator.cs Normal file
View File

@@ -0,0 +1,13 @@
using System;
using System.Collections.Generic;
using System.Text;
namespace Esiur.Security.Authority
{
public interface IAuthenticationInitiator
{
public AuthenticationResult Initiate(Session session);
public AuthenticationResult Process(object handshakePayload);
}
}

12
Esiur/Security/Authority/IAuthenticationResponder.cs Normal file
View File

@@ -0,0 +1,12 @@
using System;
using System.Collections.Generic;
using System.Text;
namespace Esiur.Security.Authority
{
public interface IAuthenticationResponder
{
public AuthenticationResult Process(Session session);
}
}

17
Esiur/Security/Authority/Session.cs
View File

@@ -31,7 +31,6 @@ using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Esiur.Security.Cryptography;
using static System.Collections.Specialized.BitVector32;
using Esiur.Net.Packets;
namespace Esiur.Security.Authority;
@@ -44,21 +43,21 @@ public class Session
public IKeyExchanger KeyExchanger { get; set; } = null;
//public IKeyExchanger KeyExchanger { get; set; } = null;
public ISymetricCipher SymetricCipher { get; set; } = null;
public Map<EpAuthPacketHeader, object> LocalHeaders { get; set; } = new Map<EpAuthPacketHeader, object>();
public Map<EpAuthPacketHeader, object> RemoteHeaders { get; set; } = new Map<EpAuthPacketHeader, object>();
public AuthenticationMethod LocalMethod { get; set; }
public AuthenticationMethod RemoteMethod { get; set; }
//public AuthenticationMethod AuthenticationMethod { get; set; }
//public AuthenticationMethod RemoteMethod { get; set; }
public AuthenticationType AuthenticationType { get; set; }
public AuthenticationMode AuthenticationMode { get; set; }
public EncryptionMode EncryptionMode { get; set; }
public IAuthenticationHandler AuthenticationHandler { get; set; }
//public IAuthenticationHandler AuthenticationResponder { get; set; }
public string AuthorizedAccount { get; set; }
public string AuthorizedIdentity { get; set; }
}