Beispiel #1
0
        /// <summary>
        /// Issues a Domain Validation certificate for the supplied hostname.
        /// </summary>
        /// <param name="host">
        /// The hostname for which to issue a DV certificate.
        /// </param>
        /// <returns>
        /// A DV certificate for the specified host.
        /// </returns>
        public System.Security.Cryptography.X509Certificates.X509Certificate2 GetSpoofedCertificateForHost(string host)
        {
            lock (m_genLock)
            {
                System.Security.Cryptography.X509Certificates.X509Certificate2 cloned = null;

                if (m_certificates.TryGetValue(host, out cloned))
                {
                    return(cloned);
                }

                var certGen = new X509V3CertificateGenerator();

                var serialRandomGen = new CryptoApiRandomGenerator();
                var serialRandom    = new SecureRandom(serialRandomGen);
                var serialNumber    = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), serialRandom);

                X509Name dnName = new X509Name(string.Format("CN={0}", host));
                certGen.SetSerialNumber(serialNumber);
                certGen.SetIssuerDN(m_caCertificate.SubjectDN);
                certGen.SetNotBefore(DateTime.Now.AddYears(-1).ToUniversalTime());
                certGen.SetNotAfter(DateTime.Now.AddYears(2).ToUniversalTime());
                certGen.SetSubjectDN(dnName);

                /*
                 * var certificatePermissions = new List<KeyPurposeID>()
                 * {
                 *   KeyPurposeID.IdKPServerAuth
                 * };
                 *
                 * certGen.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(certificatePermissions));
                 */

                var subjectAlternativeNamesExtension = new DerSequence(new[] { host }.Select(name => new GeneralName(GeneralName.DnsName, name)).ToArray <Asn1Encodable>());

                certGen.AddExtension(X509Extensions.SubjectAlternativeName.Id, false, subjectAlternativeNamesExtension);

                var kpg = new ECKeyPairGenerator();
                kpg.Init(new KeyGenerationParameters(new SecureRandom(), 256));

                var fkp = kpg.GenerateKeyPair();

                certGen.SetPublicKey(fkp.Public);

                certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(m_caCertificate));
                certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(fkp.Public));

                X509Certificate cert = certGen.Generate(m_caSigner);

                var converted = cert.ConvertFromBouncyCastle(fkp);

                m_certificates.Add(host, converted);

                return(converted);
            }
        }