From fb886082caa36cd63c1ded81a3facce34e491ef4 Mon Sep 17 00:00:00 2001
From: Klaus Fischer <klaus.fischer@eloware.com>
Date: Wed, 8 Jun 2022 09:37:25 +0200
Subject: [PATCH] Self signed certificate does not export public key
---
FitConnect/EncryptionBaseClass.cs | 11 ++--
...=> SenderEncryptionWithCertificateTest.cs} | 13 +++--
...erEncryptionWithImportedCertificateTest.cs | 4 ++
.../SenderEncryptionWithoutCertificateTest.cs | 53 +++++++++++++++++++
4 files changed, 71 insertions(+), 10 deletions(-)
rename SenderTest/{SenderEncryptionTest.cs => SenderEncryptionWithCertificateTest.cs} (91%)
create mode 100644 SenderTest/SenderEncryptionWithImportedCertificateTest.cs
create mode 100644 SenderTest/SenderEncryptionWithoutCertificateTest.cs
diff --git a/FitConnect/EncryptionBaseClass.cs b/FitConnect/EncryptionBaseClass.cs
index bdcf0ff8..a51874da 100644
--- a/FitConnect/EncryptionBaseClass.cs
+++ b/FitConnect/EncryptionBaseClass.cs
@@ -31,18 +31,23 @@ public class EncryptionBaseClass {
}
_publicKey = cert.GetRSAPublicKey();
+ // _publicKey = RSA.Create(2048);
+ // _publicKey.ImportRSAPublicKey(cert.GetPublicKey(), out int _);
- if (_publicKey == null)
+ if ((_publicKey?.KeySize ?? 0) == 0)
throw new Exception("Invalid certificate, no public key");
_logger.LogInformation("Public key imported {}",
Convert.ToBase64String(_publicKey.ExportRSAPrivateKey()));
-
if (cert.HasPrivateKey) {
_privateKey = cert.GetRSAPrivateKey();
- _logger.LogInformation("Certificate imported");
}
+
+ if (_privateKey != null)
+ _logger.LogInformation("Certificate with private key imported");
+ else
+ _logger.LogInformation("Certificate has no private key");
}
/// <summary>
diff --git a/SenderTest/SenderEncryptionTest.cs b/SenderTest/SenderEncryptionWithCertificateTest.cs
similarity index 91%
rename from SenderTest/SenderEncryptionTest.cs
rename to SenderTest/SenderEncryptionWithCertificateTest.cs
index ac3409a4..5aadfd97 100644
--- a/SenderTest/SenderEncryptionTest.cs
+++ b/SenderTest/SenderEncryptionWithCertificateTest.cs
@@ -9,9 +9,9 @@ using NUnit.Framework;
namespace SenderTest;
-public partial class SenderEncryptionTest {
+public class SenderEncryptionWithCertificateTest {
private Sender _sender = null!;
- private ILogger<SenderEncryptionTest> _logger = null!;
+ private ILogger<SenderEncryptionWithCertificateTest> _logger = null!;
/*
* Encryption test must be changed for production to only allow extern signed certificates
@@ -21,11 +21,11 @@ public partial class SenderEncryptionTest {
[SetUp]
public void Setup() {
_logger = LoggerFactory.Create(cfg => cfg.AddConsole())
- .CreateLogger<SenderEncryptionTest>();
+ .CreateLogger<SenderEncryptionWithCertificateTest>();
_sender = new Sender(_logger,
FitConnectEndpoints.Create(FitConnectEndpoints.EndpointType.Development));
var certificate = CreateSelfSignedCertificate(null);
- // _sender.ImportCertificate(certificate);
+ _sender.ImportCertificate(certificate);
}
@@ -53,11 +53,10 @@ public partial class SenderEncryptionTest {
var privateKey = _sender.ExportPrivateKey();
_logger.LogInformation("Private key: {}", Convert.ToBase64String(privateKey));
}
-}
-#region Static helpers
-public partial class SenderEncryptionTest {
+ #region Static helpers
+
private X509Certificate2 CreateSelfSignedCertificate(string? exportPath = "../../../") {
var req = new CertificateRequest("cn=foobar", ECDsa.Create(), HashAlgorithmName.SHA256);
var cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddYears(5));
diff --git a/SenderTest/SenderEncryptionWithImportedCertificateTest.cs b/SenderTest/SenderEncryptionWithImportedCertificateTest.cs
new file mode 100644
index 00000000..772bcfde
--- /dev/null
+++ b/SenderTest/SenderEncryptionWithImportedCertificateTest.cs
@@ -0,0 +1,4 @@
+namespace SenderTest;
+
+public class SenderEncryptionWithImportedCertificateTest {
+}
diff --git a/SenderTest/SenderEncryptionWithoutCertificateTest.cs b/SenderTest/SenderEncryptionWithoutCertificateTest.cs
new file mode 100644
index 00000000..06bd1d06
--- /dev/null
+++ b/SenderTest/SenderEncryptionWithoutCertificateTest.cs
@@ -0,0 +1,53 @@
+using System;
+using System.Text;
+using FitConnect;
+using Microsoft.Extensions.Logging;
+using NUnit.Framework;
+
+namespace SenderTest;
+
+
+public class SenderEncryptionWithoutCertificateTest {
+ private Sender _sender = null!;
+ private ILogger<SenderEncryptionWithoutCertificateTest> _logger = null!;
+
+ /*
+ * Encryption test must be changed for production to only allow extern signed certificates
+ * and forbid self-signed certificates.
+ */
+
+ [SetUp]
+ public void Setup() {
+ _logger = LoggerFactory.Create(cfg => cfg.AddConsole())
+ .CreateLogger<SenderEncryptionWithoutCertificateTest>();
+ _sender = new Sender(_logger,
+ FitConnectEndpoints.Create(FitConnectEndpoints.EndpointType.Development));
+ }
+
+
+ [Test]
+ public void CryptWithOutPublicKeyImport() {
+ var cypher = _sender.EncryptData(Encoding.UTF8.GetBytes("test"));
+
+ _logger.LogInformation("Cypher: {}", Convert.ToBase64String(cypher));
+ }
+
+
+ [Test]
+ [Ignore("Not applicable for production")]
+ public void CryptWithPublicKeyImport() {
+ var publicKey = Convert.FromBase64String(
+ "MIIBCgKCAQEAzu/ek6A5AMuROs+12pncbYNteGkd6ReU28ZY5gCM4hNFI0h1E+0+OST+Yxw7zhvbFhZbYdVt8LmzonMAtENituLxzZj7MsWom/ZzxTdp4Cx5zlx8x6Qx/ZPoSS2T2Sf0ttymaMc6ZadpWsDhg/Mnf6beF1W/QoGH/bHBa8U4rhkUa+OKf3wyo08km8oyUJaj6kkB0VdhRp5rSyvXJtUMZ5A0LcYFygnkHTSQlQhdrAK+6nTo//mfNfPtqta2wBb9ONpVwN0V7I5PSdH2WxZMZsYFicLOGbNeF08gibmL+7TeBTssYtrNVM88cG0v+aWeBun0WVrpCntDIA9HIujWowIDAQAB");
+
+ var cypher = _sender.EncryptData(Encoding.UTF8.GetBytes("test"), publicKey);
+
+ _logger.LogInformation("Cypher: {}", Convert.ToBase64String(cypher));
+ }
+
+ [Test]
+ public void ExportPrivateKey() {
+ var privateKey = _sender.ExportPrivateKey();
+ _logger.LogInformation("Private key: {}", Convert.ToBase64String(privateKey));
+ }
+
+}
--
GitLab