/// <summary>
/// Generate an X509 certificate.
/// </summary>
/// <param name="privateKey">The private key of the issuer that is signing this certificate.</param>
/// <param name="publicKey">The public key of the issuer that is signing this certificate.</param>
/// <param name="serialNumber">The certificate serial number.</param>
/// <param name="issuerDN">The issuer.</param>
/// <param name="subjectDN">The subject.</param>
/// <param name="notBefore">Not before date.</param>
/// <param name="notAfter">Not after data.</param>
/// <param name="publicExponent">The public exponent (e; the public key is now represented as {e, n}).</param>
/// <param name="strength">The strength of the cipher.</param>
/// <param name="signatureAlgorithm">The signature algorithm to use.</param>
/// <returns>The X509 certificate.</returns>
public X509Certificate2 Generate(RSACryptoServiceProvider privateKey, RSACryptoServiceProvider publicKey, long serialNumber,
Openssl.Subject issuerDN, Openssl.Subject subjectDN, DateTime notBefore, DateTime notAfter, long publicExponent = 3, int strength = 4096,
Nequeo.Cryptography.Signing.SignatureAlgorithm signatureAlgorithm = Nequeo.Cryptography.Signing.SignatureAlgorithm.SHA512withRSA)
{
// Clear the certificate.
_certificate = null;
_subjectDN = subjectDN;
_rsPrivateParam = null;
// Create the rsa key paramaters from the strength and public exponent.
Key.Crypto.Generators.RsaKeyPairGenerator keyPair = new Key.Crypto.Generators.RsaKeyPairGenerator();
Key.Crypto.Parameters.RsaKeyGenerationParameters keyPairParam =
new Key.Crypto.Parameters.RsaKeyGenerationParameters(
Key.Math.BigInteger.ValueOf(publicExponent), new Key.Security.SecureRandom(), strength, 25);
// Initialise the parameters and generate the public private key pair.
keyPair.Init(keyPairParam);
Key.Crypto.AsymmetricCipherKeyPair rsaKeyPair = keyPair.GenerateKeyPair();
// Assign the rsa parameters.
RSAParameters rsaParam = new RSAParameters();
Key.Crypto.Parameters.RsaKeyParameters rsaPublicParam = (Key.Crypto.Parameters.RsaKeyParameters)rsaKeyPair.Public;
_rsPrivateParam = (Key.Crypto.Parameters.RsaPrivateCrtKeyParameters)rsaKeyPair.Private;
rsaParam.D = _rsPrivateParam.Exponent.ToByteArrayUnsigned();
rsaParam.DP = _rsPrivateParam.DP.ToByteArrayUnsigned();
rsaParam.DQ = _rsPrivateParam.DQ.ToByteArrayUnsigned();
rsaParam.InverseQ = _rsPrivateParam.QInv.ToByteArrayUnsigned();
rsaParam.P = _rsPrivateParam.P.ToByteArrayUnsigned();
rsaParam.Q = _rsPrivateParam.Q.ToByteArrayUnsigned();
rsaParam.Modulus = _rsPrivateParam.Modulus.ToByteArrayUnsigned();
rsaParam.Exponent = _rsPrivateParam.PublicExponent.ToByteArrayUnsigned();
// Create the encyption provider.
RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider();
rsaProvider.ImportParameters(rsaParam);
// Create a new certificate generator.
Key.X509.X509V3CertificateGenerator certGenerator = new Key.X509.X509V3CertificateGenerator();
certGenerator.Reset();
// Set the certificate values.
certGenerator.SetSerialNumber(Key.Math.BigInteger.ValueOf(serialNumber));
certGenerator.SetIssuerDN(GetNames(issuerDN));
certGenerator.SetSubjectDN(GetNames(subjectDN));
certGenerator.SetNotBefore(notBefore);
certGenerator.SetNotAfter(notAfter);
certGenerator.SetPublicKey(rsaPublicParam);
certGenerator.SetSignatureAlgorithm(GetSignatureAlgorithm(signatureAlgorithm));
// Export the signer private key parameters.
RSAParameters rsaPrivateKeySignerParam = privateKey.ExportParameters(true);
Key.Crypto.Parameters.RsaPrivateCrtKeyParameters rsaPrivateKeySigner =
new Key.Crypto.Parameters.RsaPrivateCrtKeyParameters(
new Key.Math.BigInteger(1, rsaPrivateKeySignerParam.Modulus),
new Key.Math.BigInteger(1, rsaPrivateKeySignerParam.Exponent),
new Key.Math.BigInteger(1, rsaPrivateKeySignerParam.D),
new Key.Math.BigInteger(1, rsaPrivateKeySignerParam.P),
new Key.Math.BigInteger(1, rsaPrivateKeySignerParam.Q),
new Key.Math.BigInteger(1, rsaPrivateKeySignerParam.DP),
new Key.Math.BigInteger(1, rsaPrivateKeySignerParam.DQ),
new Key.Math.BigInteger(1, rsaPrivateKeySignerParam.InverseQ)
);
// Export the signer public key parameters.
RSAParameters rsaPublicKeySignerParam = publicKey.ExportParameters(false);
Key.Crypto.Parameters.RsaKeyParameters rsaPublicKeySigner =
new Key.Crypto.Parameters.RsaKeyParameters(
false,
new Key.Math.BigInteger(1, rsaPublicKeySignerParam.Modulus),
new Key.Math.BigInteger(1, rsaPublicKeySignerParam.Exponent)
);
// Add the extensions
certGenerator.AddExtension(
Key.Asn1.X509.X509Extensions.SubjectKeyIdentifier,
false,
new Key.X509.Extension.SubjectKeyIdentifierStructure(rsaPublicParam));
certGenerator.AddExtension(
Key.Asn1.X509.X509Extensions.AuthorityKeyIdentifier,
false,
new Key.X509.Extension.AuthorityKeyIdentifierStructure(rsaPublicKeySigner));
// Create the certificate.
_certificate = certGenerator.Generate(rsaPrivateKeySigner);
_certificate.CheckValidity(DateTime.UtcNow);
_certificate.Verify(rsaPublicKeySigner);
byte[] raw = _certificate.GetEncoded();
// Return the certificate.
X509Certificate2 x509Certificate2 = new X509Certificate2(raw);
x509Certificate2.PrivateKey = rsaProvider;
x509Certificate2.FriendlyName = subjectDN.CommonName;
return(x509Certificate2);
}
