RE-Net | Recurrent Event Network : Autoregressive Structure Inference | Graph Database library

You add the functions which authenticate requests in a middleware. I'm am not sure about how that goes in .NET but I looked up for some middleware snippet and found this:

Multipart questions are hard, since they require multipart answers. Here are the parts I can answer:

How do I specify the CA and the template to use in the CertificateRequest object?

You can't, but that's OK, because you don't in the CertEnroll code, either. The CertificateRequest object is equivalent to your objPkcs10, the CA and template are for what you do with the CreateSigningRequest output.

I have a public key that is a RSAParameters object. How can I get that into an RSA object to use with the CertificateRequst constructor?

A couple of notes:

Change your JavaScript reference for your error.js script to this:

Parsing a Certification Request (colloquially known as a Certificate Signing Request or CSR) and signing it blindly is a very, very bad operational practice.

If you want to be a Certificate Authority, even a private one, you should read and understand everything in the CA/Browser Forum's current (as of whenever you read this) Baseline Requirements document at https://cabforum.org/baseline-requirements-documents/. Maybe you intentionally decide something doesn't apply to you, but then at least it's intentional.

At minimum you should be checking that the request:

• Doesn't grant itself CA authority (hint, issue your signing certificate with a pathLenConstraint of 0 to help block this), unless of course you intend to create a subordinate CA (but, probably not).
• Uses only approved key usage and extended key usage values.
• Uses only approved subject name and Subject Alternative Names extension values (if the request has no EKU extension, or contains the TLS Server usage).
• Doesn't define extensions that interfere with the operation of your CA (Authority Key Identifier, Authority Information Access, Issuer Alternative Name, CRL Distribution Points, ...)
• Doesn't define any extensions you don't understand (e.g. the Certificate Transparency "poison" extension) / authorize for the request.

• .NET doesn't have built-in support for reading Subject Alternative Names, which you're supposed to verify. (Don't use string parsing, use something like System.Formats.Asn1.AsnReader)
• You probably also want to add an Authority Information Access extension, Authority Key Identifier extension, and probably CRL Distribution Point extension to the requests you issue, there's no built-in support for that either.
  • https://github.com/dotnet/runtime/blob/8b8c390755189d45efc0c407992cb7c006b802b5/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs does have examples of all of this (for the tests of X509Chain).
• .NET doesn't have built-in support for writing CRLs or reading OCSP requests or producing OCSP responses, so you're on your own for revocation.
  • https://github.com/dotnet/runtime/blob/8b8c390755189d45efc0c407992cb7c006b802b5/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/RevocationResponder.cs (again, from the tests for X509Chain).
• There's a whole lot of operational processes you need to deal with (see the CA/Browser Forum Baseline Requirements)

This code uses the new System.Formats.Asn1 package (specifically, it was tested with version 5.0.0-preview.8.20407.11 [which should be stable version 5.0.0 in November 2020] on .NET Framework 4.8 from an executable built targeting .NET Framework 4.7.2).

It does verify that the proof-of-private-key-possession signature is valid, and in doing so limits itself to RSA-SSA-PKCS1_v1.5 signatures (no ECDSA, no RSA-SSA-PSS). Adding other algorithms is (of course) possible.

This code DOES NOT provide any sort of operational policy. It's up to the caller to verify that only appropriate extensions are used (including that "critical" bits are appropriate), that names are all appropriate, and, well, anything else aside from "it can be decoded and the subject public key verifies the request signature".

There's an API oddity in that you need to tell the decode routine what hash algorithm you eventually intend to use when signing the request, because CertificateRequest requires it in the constructor to make subsequent signing calls easier.

_{OK, I think that's enough disclaimer, along with some more disclaimers in the code. So, here's enough code to be a "terrible" CA.}

Since they are all base don the same architecture, I would say that the deciding factor should be

1) which image is the smaller (or not as big)

2) which comes with built in binaries that are useful to your need. (e.g. the alpine base normally handles DNS lookup differently when using nslookup) e.g : https://github.com/gliderlabs/docker-alpine/issues/476

In the end, it is up to you, what is important, you pick one that you are comfortable with and one with you trust more with respect to CVE and security updates to be available the fastest.

You have populated the Java class fields for your SHARE_INFO_2 structure after instantiating it, but you haven't written the new fields to native memory prior to using the structure, so the native function is seeing null pointers and the initial values of the instantiated structure.

When a method mapping uses the Structure class, this java-to-native write is done automatically. In this case, however, the NetShareAdd() method expects a Pointer (since there are multiple different classes which could be used). JNA doesn't know where the pointer came from or how big the buffer is, etc., so it can't automatically copy over the memory to the native side after you've made java-side changes.

Adding a shi.write() after setting all the Java-side values of shi will copy that data to native memory and your buffer will then contain the data and pointers that the method expects.