本文整理汇总了C#中System.Security.Cryptography.X509Certificates.X509Certificate2.SignHash方法的典型用法代码示例。如果您正苦于以下问题:C# X509Certificate2.SignHash方法的具体用法?C# X509Certificate2.SignHash怎么用?C# X509Certificate2.SignHash使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类System.Security.Cryptography.X509Certificates.X509Certificate2的用法示例。
在下文中一共展示了X509Certificate2.SignHash方法的1个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: SendCertificateVerify
HandshakeType SendCertificateVerify(ref int offset)
{
#if NET45 || NET451
var key = new X509Certificate2(_clientCertificates[0]).PrivateKey;
var keyDsa = key as DSACryptoServiceProvider;
var keyRsa = key as RSACryptoServiceProvider;
#else
var keyRsa = new X509Certificate2(_clientCertificates[0].Export(X509ContentType.Cert)).GetRSAPrivateKey();
#endif
byte[] signature = null, hash = null;
#if NET45 || NET451
if (keyDsa != null)
{
if (_pendingConnState.TlsVersion == TlsVersion.TLSv1_2 && !_handshakeData.SupportedSignatureAlgorithms.Contains(Tuple.Create(TLSHashAlgorithm.SHA1, SignatureAlgorithm.DSA)))
{
SendAlertFatal(AlertDescription.HandshakeFailure, "Server does not support client certificate sha1-dsa signatures");
}
hash = _handshakeData.CertificateVerifyHash_SHA1.Final();
signature = keyDsa.SignHash(hash, Utils.HashNameToOID["SHA1"]);
// Convert to DER
var r = new byte[21];
var s = new byte[21];
Array.Reverse(signature, 0, 20);
Array.Reverse(signature, 20, 20);
Buffer.BlockCopy(signature, 0, r, 0, 20);
Buffer.BlockCopy(signature, 20, s, 0, 20);
r = new BigInteger(r).ToByteArray();
s = new BigInteger(s).ToByteArray();
Array.Reverse(r);
Array.Reverse(s);
signature = new byte[r.Length + s.Length + 6];
signature[0] = 0x30; // SEQUENCE
signature[1] = (byte)(signature.Length - 2);
signature[2] = 0x02; // INTEGER
signature[3] = (byte)r.Length;
Buffer.BlockCopy(r, 0, signature, 4, r.Length);
signature[4 + r.Length] = 0x02; // INTEGER
signature[4 + r.Length + 1] = (byte)s.Length;
Buffer.BlockCopy(s, 0, signature, 4 + r.Length + 2, s.Length);
if (_pendingConnState.TlsVersion == TlsVersion.TLSv1_2)
{
_buf[offset++] = (byte)TLSHashAlgorithm.SHA1;
_buf[offset++] = (byte)SignatureAlgorithm.DSA;
}
}
else
#endif
if (keyRsa != null)
{
if (_pendingConnState.TlsVersion == TlsVersion.TLSv1_2 && !_handshakeData.SupportedSignatureAlgorithms.Contains(Tuple.Create(TLSHashAlgorithm.SHA1, SignatureAlgorithm.RSA)))
{
SendAlertFatal(AlertDescription.HandshakeFailure, "Server does not support client certificate sha1-rsa signatures");
}
hash = _handshakeData.CertificateVerifyHash_SHA1.Final();
byte[] md5Hash = null;
if (_handshakeData.CertificateVerifyHash_MD5 != null)
{
md5Hash = _handshakeData.CertificateVerifyHash_MD5.Final();
}
// NOTE: It seems problematic to support other hash algorithms than SHA1 since the PrivateKey included in the certificate
// often uses an old Crypto Service Provider (Microsoft Base Cryptographic Provider v1.0) instead of Microsoft Enhanced RSA and AES Cryptographic Provider.
// The following out-commented code might work to change CSP.
//var csp = new RSACryptoServiceProvider().CspKeyContainerInfo;
//keyRsa = new RSACryptoServiceProvider(new CspParameters(csp.ProviderType, csp.ProviderName, keyRsa.CspKeyContainerInfo.KeyContainerName));
// TLS 1.0 and 1.1, export private key and calculate md5-sha1 hash and sign manually
if (_pendingConnState.TlsVersion != TlsVersion.TLSv1_2)
{
var fullHash = new byte[36];
Buffer.BlockCopy(md5Hash, 0, fullHash, 0, 16);
Buffer.BlockCopy(hash, 0, fullHash, 16, 20);
signature = RsaPKCS1.SignRsaPKCS1(keyRsa, fullHash);
// BigIntegers have no Dispose/Clear methods, but they contain sensitive data, so force a garbage collection to remove the data.
GC.Collect(GC.MaxGeneration, GCCollectionMode.Forced, false);
}
else
{
#if NET45 || NET451
signature = keyRsa.SignHash(hash, Utils.HashNameToOID["SHA1"]);
#else
signature = keyRsa.SignHash(hash, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
#endif
if (_pendingConnState.TlsVersion == TlsVersion.TLSv1_2)
{
_buf[offset++] = (byte)TLSHashAlgorithm.SHA1;
_buf[offset++] = (byte)SignatureAlgorithm.RSA;
}
}
}
//.........这里部分代码省略.........