aboutsummaryrefslogtreecommitdiff
path: root/utils/ipn_sqlclr/TaggantWebService.cs
diff options
context:
space:
mode:
Diffstat (limited to 'utils/ipn_sqlclr/TaggantWebService.cs')
-rw-r--r--utils/ipn_sqlclr/TaggantWebService.cs159
1 files changed, 159 insertions, 0 deletions
diff --git a/utils/ipn_sqlclr/TaggantWebService.cs b/utils/ipn_sqlclr/TaggantWebService.cs
new file mode 100644
index 0000000..e4157e7
--- /dev/null
+++ b/utils/ipn_sqlclr/TaggantWebService.cs
@@ -0,0 +1,159 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Xml;
+using certificateManagementService;
+using Org.BouncyCastle.Asn1.X509;
+using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.OpenSsl;
+using Org.BouncyCastle.Pkcs;
+using Org.BouncyCastle.Security;
+using Org.BouncyCastle.X509;
+using policyService;
+using veriSignCertIssuingService;
+using ItemChoiceType = certificateManagementService.ItemChoiceType;
+
+namespace ipn_sqlclr
+{
+ public static class TaggantWebService
+ {
+ public static void CertRevoke(TaggantConfig tc, string id, List<LogItem> log)
+ {
+ var es = new certificateManagementService.certificateManagementService(tc.ClientCertificate, tc["ManagementUrl"]);
+ try
+ {
+ var updateCertificateStatusRequest = new UpdateCertificateStatusRequestType
+ {
+ clientTransactionID = "ipn_sqlclr " + new SecureRandom().Next(),
+ operationType = OperationTypeEnum.Revoke,
+ revocationReasonSpecified = false,
+ ItemElementName = ItemChoiceType.seatId,
+ Item = id,
+ //certificateIssuer = "?",
+ //challenge = "?",
+ //comment = "?",
+ version = tc["ManagementVersion"]
+ };
+ /*var updateResponse =*/ es.updateCertificateStatus(updateCertificateStatusRequest);
+ }
+ finally
+ {
+ LogXml("updateCertificateStatus", es, log);
+ }
+ }
+ public static string CertRequestNew(TaggantConfig tc, string id, string mail, string privateKey, List<LogItem> log)
+ {
+ var csr = CreateCsr(tc, privateKey);
+ log.Add(new LogItem {MsgId = 16, P = new[] {csr}});
+
+ var es = new veriSignCertIssuingService.veriSignCertIssuingService(tc.ClientCertificate, tc["EnrollmentUrl"]);
+ try
+ {
+ var requestSecurityTokenType = new RequestSecurityTokenType
+ {
+ Item = new RequestVSSecurityTokenEnrollmentType
+ {
+ clientTransactionID = "ipn_sqlclr " + new SecureRandom().Next(),
+ certificateProfileID = tc["CertificateProfileOid"],
+ requestType = RequestTypeEnum.httpdocsoasisopenorgwssxwstrust200512Issue,
+ version = tc["EnrollVersion"],
+ tokenType = TokenType.httpdocsoasisopenorgwss200401oasis200401wssx509tokenprofile10PKCS7,
+ binarySecurityToken = new[]
+ {
+ new BinarySecurityTokenType
+ {
+ ValueType = "http://schemas.verisign.com/pkiservices/2009/07/PKCS10",
+ EncodingType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary",
+ Value = csr
+ }
+ },
+ nameValuePair = new[]
+ {
+ new NameValueType {name = "seat_id", value = mail},
+ new NameValueType {name = "common_name", value = string.Format("VMProtect Client {0}", id)},
+ new NameValueType {name = "mail_lastName", value = "Client"},
+ new NameValueType {name = "mail_firstName", value = string.Format("{0} VMProtect", id)},
+ new NameValueType {name = "emailAddress", value = mail},
+ new NameValueType {name = "mail_email", value = mail},
+ new NameValueType {name = "country", value = "ru"}
+ }
+ }
+ };
+ var enrollmentResponse = es.RequestSecurityToken(requestSecurityTokenType);
+ var certs = ((AttributedString)(enrollmentResponse.Item.requestedVSSecurityToken.Items[0])).Value;
+ var certPkcs7 = Convert.FromBase64String(certs);
+ var parser = new X509CertificateParser();
+ var cert = parser.ReadCertificate(certPkcs7);
+ using (var pw = new StringWriter())
+ {
+ new PemWriter(pw).WriteObject(cert);
+ pw.Flush();
+ return pw.ToString();
+ }
+ }
+ finally
+ {
+ LogXml("RequestSecurityToken", es, log);
+ }
+ }
+
+ private static string CreateCsr(TaggantConfig tc, string privateKey)
+ {
+ AsymmetricCipherKeyPair pair;
+ using (var reader = new StringReader(privateKey))
+ pair = (AsymmetricCipherKeyPair) new PemReader(reader).ReadObject();
+
+ var csr = new Pkcs10CertificationRequest(tc["CsrAlgorithm"], new X509Name(tc["CsrSubject"]), pair.Public, null, pair.Private);
+ using (var pw = new StringWriter())
+ {
+ new PemWriter(pw).WriteObject(csr);
+ pw.Flush();
+ return pw.ToString();
+ }
+ }
+
+ public static IEnumerable<OID> GetPolicies(TaggantConfig tc, List<LogItem> log)
+ {
+ var ps = new policyService.policyService(tc.ClientCertificate, tc["PolicyUrl"]);
+ try
+ {
+ var rp = ps.requestPolicies(new getPolicies {version = tc["PolicyVersion"]});
+ return rp.oIDs;
+ }
+ finally
+ {
+ LogXml("requestPolicies", ps, log);
+ }
+ }
+
+ private static void LogXml(string src, XmlReaderSpyService ss, ICollection<LogItem> log)
+ {
+ var req = new XmlDocument();
+ var resp = new XmlDocument();
+ var reqs = ss.GetRequestXml();
+ var resps = ss.GetResponseXml();
+ try
+ {
+ req.LoadXml(reqs);
+ }
+ catch (Exception)
+ {
+ req = null;
+ }
+ try
+ {
+ resp.LoadXml(resps);
+ }
+ catch (Exception)
+ {
+ resp = null;
+ }
+ if (req != null && string.IsNullOrWhiteSpace(req.InnerXml))
+ req = null;
+ if (resp != null && string.IsNullOrWhiteSpace(resp.InnerXml))
+ resp = null;
+ if (!string.IsNullOrWhiteSpace(reqs) || !string.IsNullOrWhiteSpace(resps))
+ log.Add(new LogItem {MsgId = 17, P = new[] {src, reqs, resps}, Xml = new[] {req, resp}});
+ }
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 07:00:37 +0000