public void Export(Container container, Stream output) { var rawCert = container.GetRawCertificate(); var privateKey = container.GetPrivateKey(); var cert = new X509CertificateParser().ReadCertificate(rawCert); var certEntry = new X509CertificateEntry(cert); string friendlyName = "alias"; var store = new Pkcs12Store(); store.SetCertificateEntry(friendlyName, certEntry); store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(privateKey), new[] { certEntry }); var password = _password.ToCharArray(); using (var ms = new MemoryStream()) { store.Save(ms, password, new SecureRandom()); // Save дописывает в конец какой-то мусор ms.Position = 0; var asn1 = new Asn1InputStream(ms); var result = asn1.ReadObject(); byte[] buf = Pkcs12Utilities.ConvertToDefiniteLength(result.GetEncoded(), password); output.Write(buf, 0, buf.Length); } }
public static X509Certificate2 GenerateSelfSignedCert() { var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var certificateGenerator = new X509V3CertificateGenerator(); var serialNumber = BigIntegers.CreateRandomInRange( BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); const string signatureAlgorithm = "SHA1WithRSA"; certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); var subjectDN = new X509Name("CN=simpletorrent"); var issuerDN = subjectDN; certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); var notBefore = DateTime.UtcNow.Date.AddHours(-24); var notAfter = notBefore.AddYears(1000); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); const int strength = 4096; var keyGenerationParameters = new KeyGenerationParameters(random, strength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); var issuerKeyPair = subjectKeyPair; var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random); var store = new Pkcs12Store(); string friendlyName = certificate.SubjectDN.ToString(); var certificateEntry = new X509CertificateEntry(certificate); store.SetCertificateEntry(friendlyName, certificateEntry); store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(subjectKeyPair.Private), new[] { certificateEntry }); string password = "******"; var stream = new MemoryStream(); store.Save(stream, password.ToCharArray(), random); //mono bug #1660 fix -> convert to definite-length encoding byte[] pfx = Pkcs12Utilities.ConvertToDefiniteLength(stream.ToArray(), password.ToCharArray()); var convertedCertificate = new X509Certificate2( pfx, password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); return(convertedCertificate); }
private static byte[] CreatePfxFile(Org.BouncyCastle.X509.X509Certificate certificate, AsymmetricKeyParameter privateKey, string password = null) { // create certificate entry var certEntry = new X509CertificateEntry(certificate); string friendlyName = certificate.SubjectDN.ToString(); // get bytes of private key. PrivateKeyInfo keyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateKey); byte[] keyBytes = keyInfo.ToAsn1Object().GetEncoded(); var builder = new Pkcs12StoreBuilder(); builder.SetUseDerEncoding(true); var store = builder.Build(); // create store entry store.SetKeyEntry("", new AsymmetricKeyEntry(privateKey), new X509CertificateEntry[] { certEntry }); byte[] pfxBytes = null; using (MemoryStream stream = new MemoryStream()) { store.Save(stream, password?.ToCharArray(), new SecureRandom()); pfxBytes = stream.ToArray(); } var result = Pkcs12Utilities.ConvertToDefiniteLength(pfxBytes); return(result); }
public static X509Certificate2 Load(Stream stream, string password) { var loadStore = new Pkcs12Store(); loadStore.Load(stream, password?.ToCharArray()); string keyAlias = loadStore.Aliases.Cast <string> ().FirstOrDefault(loadStore.IsKeyEntry); if (keyAlias == null) { throw new NotImplementedException("Alias"); } var builder = new Pkcs12StoreBuilder(); builder.SetUseDerEncoding(true); var saveStore = builder.Build(); var chain = new X509CertificateEntry(loadStore.GetCertificate(keyAlias).Certificate); saveStore.SetCertificateEntry("Alias", chain); saveStore.SetKeyEntry("Alias", new AsymmetricKeyEntry((RsaPrivateCrtKeyParameters)loadStore.GetKey(keyAlias).Key), new [] { chain }); using (var saveStream = new MemoryStream()) { saveStore.Save(saveStream, new char[0], new SecureRandom()); return(new X509Certificate2(Pkcs12Utilities.ConvertToDefiniteLength(saveStream.ToArray()))); } }
/// <summary> /// Genera el archivo pfx y devuelve el resultado con su contraseña /// </summary> /// <param name="rutaArchivoCer"></param> /// <param name="rutaArchivoKey"></param> /// <param name="secretArchivoKey"></param> /// <param name="rutaGuardado"></param> /// <param name="nombreArchivoPfx"></param> /// <param name="secretArchivoPfx"></param> /// <param name="conservarArchivo"></param> /// <returns>Pfx</returns> public static CfdiPfx generarArchivoPfx(string rutaArchivoCer, string rutaArchivoKey, string secretArchivoKey, string rutaGuardado, string nombreArchivoPfx, string secretArchivoPfx, Boolean conservarArchivo) { try { string rutaArchivoPfx = Path.Combine(rutaGuardado, nombreArchivoPfx); if (!Directory.Exists(rutaGuardado)) { Directory.CreateDirectory(rutaGuardado); } if (File.Exists(rutaArchivoPfx)) { File.Delete(rutaArchivoPfx); } X509Certificate2 certificado = new X509Certificate2(rutaArchivoCer); Org.BouncyCastle.X509.X509Certificate certificate = DotNetUtilities.FromX509Certificate(certificado); byte[] bytesArchivoKey = File.ReadAllBytes(rutaArchivoKey); AsymmetricKeyParameter privateKey = PrivateKeyFactory.DecryptKey(secretArchivoKey.ToCharArray(), bytesArchivoKey); var certEntry = new X509CertificateEntry(certificate); string friendlyName = certificate.SubjectDN.ToString(); PrivateKeyInfo keyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateKey); byte[] keyBytes = keyInfo.ToAsn1Object().GetEncoded(); var builder = new Pkcs12StoreBuilder(); builder.SetUseDerEncoding(true); var store = builder.Build(); store.SetKeyEntry("PrivateKeyAlias", new AsymmetricKeyEntry(privateKey), new X509CertificateEntry[] { certEntry }); byte[] pfxBytes = null; using (MemoryStream stream = new MemoryStream()) { store.Save(stream, secretArchivoPfx.ToCharArray(), new SecureRandom()); pfxBytes = stream.ToArray(); // Este sirve para la cancelacion } var result = Pkcs12Utilities.ConvertToDefiniteLength(pfxBytes); if (conservarArchivo) { File.WriteAllBytes(rutaArchivoPfx, result); } return(new CfdiPfx(result, secretArchivoPfx)); } catch (Exception ex) { throw ex; } }
public static X509Certificate2 LoadFromUnencryptedPEM(string pem) { //Extract certificate var pattern = new Regex(@"^[-]{5}BEGIN CERTIFICATE[-]{5}(?<certificate>([^-]*))[-]{5}END CERTIFICATE[-]{5}", RegexOptions.Multiline); var pvk_pattern = new Regex(@"[-]{5}BEGIN(?<encrypted>( ENCRYPTED)?) PRIVATE KEY[-]{5}(?<key>([^-]*))[-]{5}END( ENCRYPTED)? PRIVATE KEY[-]{5}", RegexOptions.Multiline); if (!pattern.IsMatch(pem)) { throw new ArgumentException("Certificate malformed. (No certitficates found)"); } if (!pvk_pattern.IsMatch(pem)) { throw new ArgumentException("Certificate malformed. (No private key found)"); } //Read all certificates to a jagged byte array MatchCollection mc = pattern.Matches(pem); var certificates = new byte[mc.Count][]; var index = 0; foreach (Match match in mc) { certificates[index] = Convert.FromBase64String(match.Groups["certificate"].ToString().Trim(Environment.NewLine.ToCharArray())); index++; } //If the private key is encrypted (check on "encrypted" group) then that need to be handled in future, probably never. Match pvk_match = pvk_pattern.Match(pem); string pvk = pvk_match.Groups["key"].ToString(); var parser = new X509CertificateParser(); var parsedCertificate = parser.ReadCertificate(Combine(certificates)); var builder = new Pkcs12StoreBuilder(); builder.SetUseDerEncoding(true); var inputKeyStore = builder.Build(); inputKeyStore.SetCertificateEntry("Alias", new X509CertificateEntry(parsedCertificate)); inputKeyStore.SetKeyEntry("Alias", new AsymmetricKeyEntry((RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(Convert.FromBase64String(pvk))), new [] { new X509CertificateEntry(parsedCertificate) }); string keyAlias = inputKeyStore.Aliases.Cast <string> ().FirstOrDefault(inputKeyStore.IsKeyEntry); if (keyAlias == null) { throw new InvalidKeyException("Alias"); } using (var stream = new MemoryStream()) { //There is no password inputKeyStore.Save(stream, new char[0], new SecureRandom()); return(new X509Certificate2(Pkcs12Utilities.ConvertToDefiniteLength(stream.ToArray()))); } }
/// <summary> /// Loads the X.509 certificate with private key. /// </summary> /// <param name="options">The options used to load the certificate.</param> /// <returns>The certificate.</returns> public static X509Certificate2?GetCertificate(this FtpOptions options) { if (string.IsNullOrEmpty(options.Ftps.Certificate)) { return(null); } var cert = new X509Certificate2(options.Ftps.Certificate, options.Ftps.Password); if (cert.HasPrivateKey) { return(cert); } cert.Dispose(); var certCollection = new X509Certificate2Collection(); certCollection.Import(options.Ftps.Certificate, options.Ftps.Password, X509KeyStorageFlags.Exportable); var passwordFinder = string.IsNullOrEmpty(options.Ftps.Password) ? (IPasswordFinder?)null : new BcStaticPassword(options.Ftps.Password); AsymmetricKeyParameter keyParameter; using (var pkReader = File.OpenText(options.Ftps.PrivateKey)) { keyParameter = (AsymmetricKeyParameter) new PemReader(pkReader, passwordFinder).ReadObject(); } var store = new Pkcs12StoreBuilder() .SetUseDerEncoding(true) .Build(); var chain = certCollection.Cast <X509Certificate2>() .Select(DotNetUtilities.FromX509Certificate) .Select(x => new X509CertificateEntry(x)) .ToArray(); store.SetKeyEntry("0", new AsymmetricKeyEntry(keyParameter), chain); byte[] data; using (var output = new MemoryStream()) { store.Save(output, Array.Empty <char>(), new SecureRandom()); data = output.ToArray(); } var result = Pkcs12Utilities.ConvertToDefiniteLength(data); return(new X509Certificate2(result)); }
internal byte[] CreatePfxContainer(X509Certificate cert, AsymmetricCipherKeyPair keys) { var certEntry = new X509CertificateEntry(cert); var pkcs12Store = new Pkcs12StoreBuilder() .SetUseDerEncoding(true) .Build(); var keyEntry = new AsymmetricKeyEntry(keys.Private); pkcs12Store.SetKeyEntry("ServerInstance", keyEntry, new X509CertificateEntry[] { certEntry }); using (MemoryStream stream = new MemoryStream()) { pkcs12Store.Save(stream, null, new SecureRandom()); var bytes = stream.ToArray(); return(Pkcs12Utilities.ConvertToDefiniteLength(bytes)); } }
private static byte[] CreatePfxFile(X509Certificate certificate, AsymmetricKeyParameter privateKey, string name, string password) { var certEntry = new X509CertificateEntry(certificate); var builder = new Pkcs12StoreBuilder(); builder.SetUseDerEncoding(true); var store = builder.Build(); store.SetKeyEntry(name, new AsymmetricKeyEntry(privateKey), new X509CertificateEntry[] { certEntry }); using MemoryStream stream = new MemoryStream(); store.Save(stream, password.ToCharArray(), new SecureRandom()); var pfxBytes = stream.ToArray(); var result = Pkcs12Utilities.ConvertToDefiniteLength(pfxBytes); return(result); }
public static byte[] CreatePKCS12(X509Certificate certificate, AsymmetricKeyParameter privateKey, string password) { var builder = new Pkcs12StoreBuilder(); builder.SetUseDerEncoding(true); var store = builder.Build(); var certEntry = new X509CertificateEntry(certificate); store.SetKeyEntry("some_alias", new AsymmetricKeyEntry(privateKey), new X509CertificateEntry[] { certEntry }); byte[] pfxBytes; using (MemoryStream stream = new MemoryStream()) { store.Save(stream, password.ToCharArray(), new SecureRandom()); pfxBytes = stream.ToArray(); } return(Pkcs12Utilities.ConvertToDefiniteLength(pfxBytes)); }
private byte[] CreatePfxContainer(X509Certificate certificate, AsymmetricCipherKeyPair keys) { var certEntry = new X509CertificateEntry(certificate); var pkcs12Store = new Pkcs12StoreBuilder() .SetUseDerEncoding(true) .Build(); if (keys != null) { var keyEntry = new AsymmetricKeyEntry(keys.Private); pkcs12Store.SetKeyEntry("ServerInstance", keyEntry, new [] { certEntry }); } using (MemoryStream stream = new MemoryStream()) { pkcs12Store.Save(stream, string.Empty.ToCharArray(), new SecureRandom()); // linux will not like certs null password as they have no signature var bytes = stream.ToArray(); return(Pkcs12Utilities.ConvertToDefiniteLength(bytes)); return(bytes); } }
/// <summary> /// Create pfx /// </summary> /// <param name="certificate"></param> /// <param name="privateKey"></param> /// <param name="password"></param> internal static byte[] ToPfx(this X509Certificate certificate, AsymmetricKeyParameter privateKey, string password = null) { var builder = new Pkcs12StoreBuilder(); builder.SetUseDerEncoding(true); var store = builder.Build(); // create store entry var friendlyName = certificate.SubjectDN.ToString(); store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(privateKey), new X509CertificateEntry[] { new X509CertificateEntry(certificate) }); using (var stream = new MemoryStream()) { using (var cfrg = new RandomGeneratorAdapter()) { store.Save(stream, (password ?? string.Empty).ToCharArray(), new SecureRandom(cfrg)); } return(Pkcs12Utilities.ConvertToDefiniteLength(stream.ToArray())); } }
private byte[] CreatePfxFile(Org.BouncyCastle.X509.X509Certificate cert, AsymmetricKeyParameter privateKey, string password, string keyFriendlyName) { var certEntry = new X509CertificateEntry(cert); var friendlyName = cert.SubjectDN.ToString(); var keyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateKey); var keyBytes = keyInfo.ToAsn1Object().GetEncoded(); var builder = new Pkcs12StoreBuilder(); builder.SetUseDerEncoding(true); var store = builder.Build(); store.SetKeyEntry(keyFriendlyName, new AsymmetricKeyEntry(privateKey), new[] { certEntry }); byte[] pfxBytes; using (var ms = new MemoryStream()) { store.Save(ms, password.ToCharArray(), new SecureRandom()); pfxBytes = ms.ToArray(); } return(Pkcs12Utilities.ConvertToDefiniteLength(pfxBytes)); }
// // Summary: // /// Method responsible for generate certificate. /// // // Parameters: // request: // The request param. // public CreateCertificateResult Generate(CreateCertificateCommand request) { AsymmetricKeyParameter caPrivateKey = null; var caCert = GenerateCACertificate("CN=MyROOTCA", ref caPrivateKey); SecureRandom random = new SecureRandom(); RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(new KeyGenerationParameters(random, 2048)); AsymmetricCipherKeyPair subjectKeyPair = keyPairGenerator.GenerateKeyPair(); IDictionary issuerAttrs = FactoryIssuerAttrs(); IDictionary subjectAttrs = FactorySubjectAttrs(request); BigInteger serialNumber = BigInteger.ProbablePrime(120, new Random()); X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); certificateGenerator.SetSerialNumber(serialNumber); certificateGenerator.SetIssuerDN(new X509Name(new ArrayList(issuerAttrs.Keys), issuerAttrs)); certificateGenerator.SetSubjectDN(new X509Name(new ArrayList(subjectAttrs.Keys), subjectAttrs)); certificateGenerator.SetNotBefore(DateTime.UtcNow.Date); certificateGenerator.SetNotAfter(DateTime.UtcNow.Date.AddYears(3)); certificateGenerator.SetPublicKey(subjectKeyPair.Public); certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyAgreement | KeyUsage.NonRepudiation)); certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(new[] { KeyPurposeID.IdKPServerAuth })); GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.DnsName, "SAN")); certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName); Asn1SignatureFactory signatureFactory = new Asn1SignatureFactory(HashType.SHA256WithRSA.ToString(), subjectKeyPair.Private); X509Certificate certificate = certificateGenerator.Generate(signatureFactory); X509CertificateEntry certEntry = new X509CertificateEntry(certificate); Pkcs12Store store = new Pkcs12StoreBuilder().Build(); store.SetCertificateEntry(certificate.SubjectDN.ToString(), certEntry); store.SetKeyEntry(certificate.SubjectDN + "_key", new AsymmetricKeyEntry(subjectKeyPair.Private), new[] { certEntry }); MemoryStream p12Stream = new MemoryStream(); store.Save(p12Stream, request.Pin.ToCharArray(), random); byte[] pfx = Pkcs12Utilities.ConvertToDefiniteLength(p12Stream.ToArray(), request.Pin.ToCharArray()); X509Certificate2 x509Certificate2 = new X509Certificate2(pfx, request.Pin, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); CreateCrl(caCert, caPrivateKey, serialNumber); return(FactoryResponse(x509Certificate2)); }