Beispiel #1
0
        public static byte[] GenerateRootCACertificate(CertificateSubject subject, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            byte[] result = null;

            SecureRandom random = Porthelp.CreateSecureRandom();
            X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();

            AddStandardCertificateInfo(certificateGenerator, random, subject, subject, startDate, expiryDate);
            AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

            certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
            certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
            byte[] subjectKeyID = new byte[20];
            random.NextBytes(subjectKeyID, 0, 20);
            certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
            certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectKeyID));

            string algorithm = GetAlgorithm(signatureAlgorithm);

            // selfsign certificate
            Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, subjectKeyPair.Private, random));

            result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);

            return(result);
        }
Beispiel #2
0
        public void Generate()
        {
            TimeSpan unixTime = DateTime.UtcNow.Subtract(TLSUtils.UnixEpoch);

            _UnixTime = (uint)unixTime.TotalSeconds;
            Porthelp.CreateSecureRandom().NextBytes(_RandomBytes);
        }
Beispiel #3
0
        public static byte[] Sign(Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey, bool client, Version version, HandshakeInfo handshakeInfo, SignatureHashAlgorithm signatureHashAlgorithm, byte[] hash)
        {
            TlsSigner signer = null;

            switch (signatureHashAlgorithm.Signature)
            {
            case TSignatureAlgorithm.Anonymous:
                break;

            case TSignatureAlgorithm.RSA:
                signer = new TlsRsaSigner();
                break;

            case TSignatureAlgorithm.DSA:
                signer = new TlsDssSigner();
                break;

            case TSignatureAlgorithm.ECDSA:

                signer = new TlsECDsaSigner();
                break;

            default:
                break;
            }
            DTLSContext context = new DTLSContext(client, version, handshakeInfo);

            context.SecureRandom = Porthelp.CreateSecureRandom();

            signer.Init(context);
            if (TlsUtilities.IsTlsV12(context))
            {
                SignatureAndHashAlgorithm signatureAndHashAlgorithm = new SignatureAndHashAlgorithm((byte)signatureHashAlgorithm.Hash, (byte)signatureHashAlgorithm.Signature);
                return(signer.GenerateRawSignature(signatureAndHashAlgorithm, privateKey, hash));
            }
            else
            {
                return(signer.GenerateRawSignature(privateKey, hash));
            }
        }
Beispiel #4
0
        public static byte[] GenerateCertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            byte[] result = null;
            AsymmetricKeyParameter privateKey = issuer.PrivateKey as AsymmetricKeyParameter;

            if (privateKey != null)
            {
                SecureRandom random = Porthelp.CreateSecureRandom();
                X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
                AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
                AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

                string algorithm = GetAlgorithm(signatureAlgorithm);

                certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
                certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
                certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth }));
                byte[] subjectKeyID = new byte[20];
                random.NextBytes(subjectKeyID, 0, 20);
                certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
                if (issuer.SubjectKeyID != null)
                {
                    certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
                }

                //if ((subject.AlternativeNames != null) && (subject.AlternativeNames.Count > 0))
                //{
                //    certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new SubjectAlternativeNames(false));
                //    //SubjectAlternativeName
                //    //GeneralName.DirectoryName
                //    //GeneralName.IPAddress
                //}

                Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));
                result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
            }
            return(result);
        }