From 28008a746a31abb7909dd86cb0cd413ac8943b0b Mon Sep 17 00:00:00 2001
From: jmpoep <OriginalEntryPoint@qq.com>
Date: Thu, 7 Dec 2023 16:51:07 +0800
Subject: first commit

---
 utils/ipn_sqlclr/TaggantWebService.cs | 159 ++++++++++++++++++++++++++++++++++
 1 file changed, 159 insertions(+)
 create mode 100644 utils/ipn_sqlclr/TaggantWebService.cs

(limited to 'utils/ipn_sqlclr/TaggantWebService.cs')

diff --git a/utils/ipn_sqlclr/TaggantWebService.cs b/utils/ipn_sqlclr/TaggantWebService.cs
new file mode 100644
index 0000000..e4157e7
--- /dev/null
+++ b/utils/ipn_sqlclr/TaggantWebService.cs
@@ -0,0 +1,159 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Xml;
+using certificateManagementService;
+using Org.BouncyCastle.Asn1.X509;
+using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.OpenSsl;
+using Org.BouncyCastle.Pkcs;
+using Org.BouncyCastle.Security;
+using Org.BouncyCastle.X509;
+using policyService;
+using veriSignCertIssuingService;
+using ItemChoiceType = certificateManagementService.ItemChoiceType;
+
+namespace ipn_sqlclr
+{
+	public static class TaggantWebService
+	{
+		public static void CertRevoke(TaggantConfig tc, string id, List<LogItem> log)
+		{
+			var es = new certificateManagementService.certificateManagementService(tc.ClientCertificate, tc["ManagementUrl"]);
+			try
+			{
+				var updateCertificateStatusRequest = new UpdateCertificateStatusRequestType
+				{
+					clientTransactionID = "ipn_sqlclr " + new SecureRandom().Next(),
+					operationType = OperationTypeEnum.Revoke,
+					revocationReasonSpecified = false,
+					ItemElementName = ItemChoiceType.seatId,
+					Item = id,
+					//certificateIssuer = "?",
+					//challenge = "?",
+					//comment = "?",
+					version = tc["ManagementVersion"]
+				};
+				/*var updateResponse =*/ es.updateCertificateStatus(updateCertificateStatusRequest);
+			}
+			finally
+			{
+				LogXml("updateCertificateStatus", es, log);
+			}
+		}
+		public static string CertRequestNew(TaggantConfig tc, string id, string mail, string privateKey, List<LogItem> log)
+		{
+			var csr = CreateCsr(tc, privateKey);
+			log.Add(new LogItem {MsgId = 16, P = new[] {csr}});
+
+			var es = new veriSignCertIssuingService.veriSignCertIssuingService(tc.ClientCertificate, tc["EnrollmentUrl"]);
+			try
+			{
+				var requestSecurityTokenType = new RequestSecurityTokenType
+				{
+					Item = new RequestVSSecurityTokenEnrollmentType
+					{
+						clientTransactionID = "ipn_sqlclr " + new SecureRandom().Next(),
+						certificateProfileID = tc["CertificateProfileOid"],
+						requestType = RequestTypeEnum.httpdocsoasisopenorgwssxwstrust200512Issue,
+						version = tc["EnrollVersion"],
+						tokenType = TokenType.httpdocsoasisopenorgwss200401oasis200401wssx509tokenprofile10PKCS7,
+						binarySecurityToken = new[]
+						{
+							new BinarySecurityTokenType
+							{
+								ValueType = "http://schemas.verisign.com/pkiservices/2009/07/PKCS10",
+								EncodingType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary",
+								Value = csr
+							}
+						},
+						nameValuePair = new[]
+						{
+							new NameValueType {name = "seat_id", value = mail},
+							new NameValueType {name = "common_name", value = string.Format("VMProtect Client {0}", id)},
+							new NameValueType {name = "mail_lastName", value = "Client"},
+							new NameValueType {name = "mail_firstName", value = string.Format("{0} VMProtect", id)},
+							new NameValueType {name = "emailAddress", value = mail},
+							new NameValueType {name = "mail_email", value = mail},
+							new NameValueType {name = "country", value = "ru"}
+						}
+					}
+				};
+				var enrollmentResponse = es.RequestSecurityToken(requestSecurityTokenType);
+				var certs = ((AttributedString)(enrollmentResponse.Item.requestedVSSecurityToken.Items[0])).Value;
+				var certPkcs7 = Convert.FromBase64String(certs);
+				var parser = new X509CertificateParser();
+				var cert = parser.ReadCertificate(certPkcs7);
+				using (var pw = new StringWriter())
+				{
+					new PemWriter(pw).WriteObject(cert);
+					pw.Flush();
+					return pw.ToString();
+				}
+			}
+			finally
+			{
+				LogXml("RequestSecurityToken", es, log);
+			}
+		}
+
+		private static string CreateCsr(TaggantConfig tc, string privateKey)
+		{
+			AsymmetricCipherKeyPair pair;
+			using (var reader = new StringReader(privateKey))
+				pair = (AsymmetricCipherKeyPair) new PemReader(reader).ReadObject();
+
+			var csr = new Pkcs10CertificationRequest(tc["CsrAlgorithm"], new X509Name(tc["CsrSubject"]), pair.Public, null, pair.Private);
+			using (var pw = new StringWriter())
+			{
+				new PemWriter(pw).WriteObject(csr);
+				pw.Flush();
+				return pw.ToString();
+			}
+		}
+
+		public static IEnumerable<OID> GetPolicies(TaggantConfig tc, List<LogItem> log)
+		{
+			var ps = new policyService.policyService(tc.ClientCertificate, tc["PolicyUrl"]);
+			try
+			{
+				var rp = ps.requestPolicies(new getPolicies {version = tc["PolicyVersion"]});
+				return rp.oIDs;
+			}
+			finally
+			{
+				LogXml("requestPolicies", ps, log);
+			}
+		}
+
+		private static void LogXml(string src, XmlReaderSpyService ss, ICollection<LogItem> log)
+		{
+			var req = new XmlDocument();
+			var resp = new XmlDocument();
+			var reqs = ss.GetRequestXml();
+			var resps = ss.GetResponseXml();
+			try
+			{
+				req.LoadXml(reqs);
+			}
+			catch (Exception)
+			{
+				req = null;
+			}
+			try
+			{
+				resp.LoadXml(resps);
+			}
+			catch (Exception)
+			{
+				resp = null;
+			}
+			if (req != null && string.IsNullOrWhiteSpace(req.InnerXml))
+				req = null;
+			if (resp != null && string.IsNullOrWhiteSpace(resp.InnerXml))
+				resp = null;
+			if (!string.IsNullOrWhiteSpace(reqs) || !string.IsNullOrWhiteSpace(resps))
+				log.Add(new LogItem {MsgId = 17, P = new[] {src, reqs, resps}, Xml = new[] {req, resp}});
+		}
+	}
+}
-- 
cgit v1.2.3