-
Notifications
You must be signed in to change notification settings - Fork 49
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #120 from Appdynamics/LicenseSignCertFix
License sign cert fix
- Loading branch information
Showing
7 changed files
with
198 additions
and
4 deletions.
There are no files selected for viewing
12 changes: 12 additions & 0 deletions
12
LicenseSign/LicenseSign.LocalCert/LicenseSign.LocalCert.csproj
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| <Project Sdk="Microsoft.NET.Sdk"> | ||
|
|
||
| <PropertyGroup> | ||
| <OutputType>Exe</OutputType> | ||
| <TargetFramework>netcoreapp3.1</TargetFramework> | ||
| </PropertyGroup> | ||
|
|
||
| <ItemGroup> | ||
| <PackageReference Include="Newtonsoft.Json" Version="12.0.3" /> | ||
| </ItemGroup> | ||
|
|
||
| </Project> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,143 @@ | ||
| using Newtonsoft.Json.Linq; | ||
| using System; | ||
| using System.IO; | ||
| using Newtonsoft.Json; | ||
| using System.Text; | ||
| using System.Security; | ||
| using System.Net; | ||
| using System.Collections.Generic; | ||
| using System.Linq; | ||
| using System.Security.Cryptography.X509Certificates; | ||
| using System.Security.Cryptography; | ||
|
|
||
| namespace LicenseSign | ||
| { | ||
| class Program | ||
| { | ||
| static void Main(string[] args) | ||
| { | ||
| if (args.Length != 3) | ||
| { | ||
| Console.WriteLine("path_to_license_file path_to_private_certificate password_of_private_certificate"); | ||
| Console.WriteLine("Not enough parameters passed"); | ||
| return; | ||
| } | ||
|
|
||
| string licenseFilePath = args[0]; | ||
| //string certificateFilePath = args[1]; | ||
| string certificatePath = args[1]; | ||
| string certificatePassword = args[2]; | ||
|
|
||
| JObject licenseFile = JObject.Parse(File.ReadAllText(licenseFilePath)); | ||
| JObject licensedFeatures = (JObject)licenseFile["LicensedFeatures"]; | ||
|
|
||
| //string dataToSign = licensedFeatures.ToString(Formatting.Indented); | ||
| string dataToSign = licensedFeatures.ToString(Formatting.None); | ||
| Console.WriteLine("Signing {0}", dataToSign); | ||
|
|
||
| var bytesToSign = Encoding.UTF8.GetBytes(dataToSign); | ||
| Console.WriteLine("Data to sign array length: {0}", dataToSign.Length); | ||
|
|
||
| // Can't get this certificate to load the private key when it is loaded from local file system pfx | ||
| //Console.WriteLine("Specify password for {0}", certificateFilePath); | ||
| //String password = ReadPassword('*'); | ||
| //SecureString securePassword = new NetworkCredential("", password).SecurePassword; | ||
|
|
||
| //X509Certificate2 privateCert = new X509Certificate2(certificateFilePath, securePassword); | ||
|
|
||
| // Instead it needs to be present in the MyStore | ||
| X509Certificate2 privateCert = new X509Certificate2(certificatePath, certificatePassword, X509KeyStorageFlags.Exportable); | ||
|
|
||
| Console.WriteLine("Certificate: {0}", privateCert); | ||
|
|
||
| var bytesSigned = SignData(privateCert, bytesToSign); | ||
| Console.WriteLine("Signed data array length: {0}", bytesSigned.Length); | ||
|
|
||
| bool validated = ValidateData(privateCert, bytesSigned, bytesToSign); | ||
| Console.WriteLine("Is Validated: {0}", validated); | ||
|
|
||
| string signedString = Convert.ToBase64String(bytesSigned); | ||
| Console.WriteLine("Signature {0}", signedString); | ||
|
|
||
| licenseFile["Signature"] = signedString; | ||
|
|
||
| Console.WriteLine("Saving {0}", licenseFile); | ||
| using (StreamWriter sw = File.CreateText(licenseFilePath)) | ||
| { | ||
| JsonSerializer serializer = new JsonSerializer(); | ||
| serializer.NullValueHandling = NullValueHandling.Include; | ||
| serializer.Formatting = Newtonsoft.Json.Formatting.Indented; | ||
| serializer.Serialize(sw, licenseFile); | ||
| } | ||
| } | ||
|
|
||
| public static byte[] SignData(X509Certificate2 certificate, byte[] dataToSign) | ||
| { | ||
| var rsaPrivateKey = certificate.GetRSAPrivateKey(); | ||
| var parameters = rsaPrivateKey.ExportParameters(true); | ||
| Console.WriteLine("Certificate private key RSA parameters were successfully exported."); | ||
|
|
||
| var privateKey = certificate.PrivateKey; | ||
| Console.WriteLine("Certificate private key is accessible."); | ||
|
|
||
| // generate new private key in correct format | ||
| var cspParams = new CspParameters() | ||
| { | ||
| ProviderType = 24, | ||
| ProviderName = "Microsoft Enhanced RSA and AES Cryptographic Provider" | ||
| }; | ||
| var rsaCryptoServiceProvider = new RSACryptoServiceProvider(cspParams); | ||
| rsaCryptoServiceProvider.ImportParameters(parameters); | ||
|
|
||
| // sign data | ||
| var signedBytes = rsaCryptoServiceProvider.SignData(dataToSign, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); | ||
| return signedBytes; | ||
| } | ||
|
|
||
| public static bool ValidateData(X509Certificate2 certificate, byte[] signature, byte[] dataToValidate) | ||
| { | ||
| var rsaPublicKey = certificate.GetRSAPublicKey(); | ||
|
|
||
| bool validationResult = rsaPublicKey.VerifyData(dataToValidate, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); | ||
|
|
||
| return validationResult; | ||
| } | ||
|
|
||
| public static string ReadPassword(char mask) | ||
| { | ||
| const int ENTER = 13, BACKSP = 8, CTRLBACKSP = 127; | ||
| int[] FILTERED = { 0, 27, 9, 10 /*, 32 space, if you care */ }; // const | ||
|
|
||
| var pass = new Stack<char>(); | ||
| char chr = (char)0; | ||
|
|
||
| while ((chr = System.Console.ReadKey(true).KeyChar) != ENTER) | ||
| { | ||
| if (chr == BACKSP) | ||
| { | ||
| if (pass.Count > 0) | ||
| { | ||
| System.Console.Write("\b \b"); | ||
| pass.Pop(); | ||
| } | ||
| } | ||
| else if (chr == CTRLBACKSP) | ||
| { | ||
| while (pass.Count > 0) | ||
| { | ||
| System.Console.Write("\b \b"); | ||
| pass.Pop(); | ||
| } | ||
| } | ||
| else if (FILTERED.Count(x => chr == x) > 0) { } | ||
| else | ||
| { | ||
| pass.Push((char)chr); | ||
| System.Console.Write(mask); | ||
| } | ||
| } | ||
|
|
||
| return new string(pass.Reverse().ToArray()); | ||
| } | ||
| } | ||
| } |
8 changes: 8 additions & 0 deletions
8
LicenseSign/LicenseSign.LocalCert/Properties/launchSettings.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| { | ||
| "profiles": { | ||
| "LicenseSign.LocalCert": { | ||
| "commandName": "Project", | ||
| "commandLineArgs": "\"path_to_license_file\" \"path_to_private_certificate\" \"password_of_private_certificate\"" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -12,4 +12,29 @@ Third, sign the license file via LicenseSign | |
| This is .NET Core 3.1 | ||
| Uses private key from the cert in My personal store to sign the license file | ||
|
|
||
| Fourth, read the license file and validate signature from DEXTER | ||
| Fourth, read the license file and validate signature from DEXTER | ||
|
|
||
|
|
||
|
|
||
| ------Updated Instructions 9/23/2020--------- | ||
| There should never be a need to issue a new cert with the IssueCertificate program. | ||
| - Valid public cert is available in Dexter root project directory AppDynamics.DEXTER.public.cer | ||
| - Valid private cert is hosted on AppDynamics Google Drive. | ||
| - email: [email protected] for access | ||
|
|
||
| Signing a new license can be done in two ways | ||
| 1. If private cert is installed in your local PC with export parameters enabled. | ||
| - path_to_license_file: license file on which to overwrite the "Signature" field | ||
| - default choose from any json from LicenseSign/LicenseFiles/*. | ||
| - make sure to verify "ExpirationDateTime". | ||
| - new license will OVERWRITE old license. | ||
| - Name of the private cert installed in your PC cert store. | ||
|
|
||
| 2. If you have private cert file located in your PC and you know the password of the cert file | ||
| Run LicenseSign.LocalCert with the following arguments [path_to_license_file path_to_private_certificate password_of_private_certificate] | ||
| - path_to_license_file: license file on which to overwrite the "Signature" field | ||
| - default choose from any json from LicenseSign/LicenseFiles/* | ||
| - make sure to verify "ExpirationDateTime" | ||
| - new license will OVERWRITE old license | ||
| - path_to_private_certificate: from Google Drive located in LicenseSign/IssueCertificate/bin/Debug/AppDynamics.DEXTER.private.pfx | ||
| - password_of_private_certificate: from Google Drive located in privatekeypassword.txt | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,5 @@ | ||
| { | ||
| "sdk": { | ||
| "version": "3.1.100" | ||
| "version": "3.1.401" | ||
| } | ||
| } |