public static X509Certificate LoadPKCS12Certificate(string certFilename, string password)
{
using (var certFile = BIO.File(certFilename, "r"))
{
return(X509Certificate.FromPKCS12(certFile, password));
}
}
public static X509Certificate GetX509CertFromPKCS12(Byte[] PKCS12Data, String password)
{
BIO pkcs12BIO = BIO.MemoryBuffer();
pkcs12BIO.Write(PKCS12Data);
X509Certificate cert1 = X509Certificate.FromPKCS12(pkcs12BIO, password);
using (MemoryStream ms = new MemoryStream())
{
using (BinaryWriter bw = new BinaryWriter(ms))
using (BIO bio = BIO.MemoryBuffer())
{
cert1.Write(bio);
Byte[] certData = bio.ReadBytes((Int32)bio.NumberWritten).Array;
bw.Write(certData);
bw.Close();
}
BIO certBio = BIO.MemoryBuffer();
certBio.Write(ms.ToArray());
return(new X509Certificate(certBio));
}
}
public void LoadCA(String PKCS12Filename)
{
FileInfo caPkcs12 = new FileInfo(PKCS12Filename);
if (caPkcs12.Exists)
{
try
{
Byte[] bPKCS12 = File.ReadAllBytes(caPkcs12.FullName);
// You need to write the CSR string to a BIO object as shown below.
BIO pkcs12BIO = BIO.MemoryBuffer();
pkcs12BIO.Write(bPKCS12);
X509Certificate cert = X509Certificate.FromPKCS12(pkcs12BIO, this.caPassword);
if (RootCA != null)
{
RootCA.Dispose();
}
RootCA = new X509CertificateAuthority(cert, cert.PrivateKey, new SimpleSerialNumber(1), cfg);
}
catch (Exception ex)
{
RootCA = null;
}
}
}
public static X509Certificate LoadPKCS12Certificate(string resource, string password)
{
using (var bio = new BIO(LoadBytes(resource)))
{
return(X509Certificate.FromPKCS12(bio, password));
}
}
private X509Certificate LoadPKCS12Certificate(string certFilename, string password)
{
using (BIO certFile = BIO.File(certFilename, "r"))
{
return(X509Certificate.FromPKCS12(certFile, password));
}
}
public void CanLoadFromPCKS12()
{
using (BIO bio = new BIO(LoadBytes(Resources.ServerPfx))) {
using (X509Certificate cert = X509Certificate.FromPKCS12(bio, password)) {
TestCert(cert, "CN=localhost", "CN=Root", 1235);
}
}
}
public void CanLoadFromPCKS12()
{
using (BIO bio = BIO.File(Paths.ServerPfx, "r"))
{
using (X509Certificate cert = X509Certificate.FromPKCS12(bio, password))
{
TestCert(cert, "CN=localhost", "CN=Root", 1235);
}
}
}
public static X509Certificate LoadCert(Byte[] PKCS12Data, String password)
{
BIO pkcs12BIO = BIO.MemoryBuffer();
pkcs12BIO.Write(PKCS12Data);
X509Certificate cert = X509Certificate.FromPKCS12(pkcs12BIO, password);
return(cert);
}
public void LoadOrCreateCA(String PKCS12Filename, X509Name Name, subjectAltName altNames)
{
FileInfo caPkcs12 = new FileInfo(PKCS12Filename);
if (caPkcs12.Exists)
{
try
{
Byte[] bPKCS12 = File.ReadAllBytes(caPkcs12.FullName);
// You need to write the CSR string to a BIO object as shown below.
BIO pkcs12BIO = BIO.MemoryBuffer();
pkcs12BIO.Write(bPKCS12);
X509Certificate cert = X509Certificate.FromPKCS12(pkcs12BIO, this.caPassword);
if (RootCA != null)
{
RootCA.Dispose();
}
RootCA = new X509CertificateAuthority(cert, cert.PrivateKey, new SimpleSerialNumber(1), cfg);
}
catch
{
RootCA = null;
}
}
if (RootCA == null)
{
X509V3ExtensionList ext = new X509V3ExtensionList();
ext.Add(new X509V3ExtensionValue("nsComment", true, "SafeID - IAM Generated Certificate"));
ext.Add(new X509V3ExtensionValue("basicConstraints", true, "CA:true"));
//ext.Add(new X509V3ExtensionValue("keyUsage", true, "critical, cRLSign, keyCertSign, digitalSignature"));
ext.Add(new X509V3ExtensionValue("subjectKeyIdentifier", true, "hash"));
ext.Add(new X509V3ExtensionValue("authorityKeyIdentifier", true, "keyid,issuer:always"));
if (altNames != null)
{
foreach (Uri u in altNames.Uri)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "URI:" + u.AbsoluteUri.ToLower()));
}
foreach (String m in altNames.Mail)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "email:" + m));
}
foreach (String s in altNames.Dns)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "DNS:" + s));
}
foreach (String s in altNames.Text)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "otherName:1.2.3.4;UTF8:" + s));
}
}
RootCA = X509CertificateAuthority.SelfSigned(new SimpleSerialNumber(), CreateNewRSAKey(2048), MessageDigest.SHA1, Name, DateTime.Now.AddHours(-24), (DateTime.Now.AddYears(10) - DateTime.Now), ext);
BuildPKCS12AndSave(caPkcs12.FullName, this.caPassword, RootCA.Key, RootCA.Certificate);
}
}