public void CanAddExtensions()
        {
            X509V3ExtensionList extList = new X509V3ExtensionList();
            extList.Add(new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash"));
            extList.Add(new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always"));
            extList.Add(new X509V3ExtensionValue("basicConstraints", true, "critical,CA:true"));
            extList.Add(new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"));

            DateTime start = DateTime.Now;
            DateTime end = start + TimeSpan.FromMinutes(10);
            CryptoKey key = new CryptoKey(new DSA(true));
            using (X509Certificate cert = new X509Certificate(101, "CN=Root", "CN=Root", key, start, end)) {
                foreach (X509V3ExtensionValue extValue in extList) {
                    using (X509Extension ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value)) {
                        cert.AddExtension(ext);
                    }
                }

                foreach (X509Extension ext in cert.Extensions) {
                    Console.WriteLine(ext);
                }

                Assert.AreEqual(extList.Count, cert.Extensions.Count);
            }
        }
Beispiel #2
0
        public void CanAddRequestExtensions()
        {
            var extList = new List<X509V3ExtensionValue> {
                new X509V3ExtensionValue("subjectAltName", false, "DNS:foo.com,DNS:bar.org"),
                new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"),
            };

            var start = DateTime.Now;
            var end = start + TimeSpan.FromMinutes(10);
            using (var key = new CryptoKey(RSA.FromPrivateKey(new BIO(RSA_KEY))))
            using (var request = new X509Request(1,new X509Name("foo"),key))
            {
                OpenSSL.Core.Stack<X509Extension> extensions = new OpenSSL.Core.Stack<X509Extension>();
                foreach (var extValue in extList)
                {
                    using (var ext = new X509Extension(request, extValue.Name, extValue.IsCritical, extValue.Value))
                    {
                        Console.WriteLine(ext);
                        extensions.Add(ext);
                    }
                }

                request.AddExtensions(extensions);

                Assert.AreEqual(EXPECTED_CERT, request.PEM);
            }
        }
		/// <summary>
		/// Factory method that creates a X509CertificateAuthority instance with
		/// an internal self signed certificate. This method allows creation without
		/// the need for the Configuration file, X509V3Extensions may be added
		/// with the X509V3ExtensionList parameter
		/// </summary>
		/// <param name="seq"></param>
		/// <param name="key"></param>
		/// <param name="digest"></param>
		/// <param name="subject"></param>
		/// <param name="start"></param>
		/// <param name="validity"></param>
		/// <param name="extensions"></param>
		/// <returns></returns>
		public static X509CertificateAuthority SelfSigned(
			ISequenceNumber seq,
			CryptoKey key,
			MessageDigest digest,
			X509Name subject,
			DateTime start,
			TimeSpan validity,
			IEnumerable<X509V3ExtensionValue> extensions)
		{
			var cert = new X509Certificate(
				           seq.Next(),
				           subject,
				           subject,
				           key,
				           start,
				           start + validity);

			if (extensions != null)
			{
				foreach (var extValue in extensions)
				{
					using (var ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value))
					{
						cert.AddExtension(ext);
					}
				}
			}

			cert.Sign(key, digest);

			return new X509CertificateAuthority(cert, key, seq);
		}
        /// <summary>
        /// Factory method that creates a X509CertificateAuthority instance with
        /// an internal self signed certificate. This method allows creation without
        /// the need for the Configuration file, X509V3Extensions may be added
        /// with the X509V3ExtensionList parameter
        /// </summary>
        /// <param name="seq"></param>
        /// <param name="key"></param>
        /// <param name="digest"></param>
        /// <param name="subject"></param>
        /// <param name="start"></param>
        /// <param name="validity"></param>
        /// <param name="extensions"></param>
        /// <returns></returns>
        public static X509CertificateAuthority SelfSigned(
            ISequenceNumber seq,
            CryptoKey key,
            MessageDigest digest,
            X509Name subject,
            DateTime start,
            TimeSpan validity,
            X509V3ExtensionList extensions)
        {
            X509Certificate cert = new X509Certificate(
                seq.Next(),
                subject,
                subject,
                key,
                start,
                start + validity);

            if (null != extensions)
            {
                foreach (X509V3ExtensionValue extValue in extensions)
                {
                    X509Extension ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value);
                    cert.AddExtension(ext);
                }
            }

            cert.Sign(key, digest);

            return new X509CertificateAuthority(cert, key, seq, null);
		}
 /// <summary>
 /// Calls X509_add_ext()
 /// </summary>
 /// <param name="ext"></param>
 public void AddExtension(X509Extension ext)
 {
     Native.ExpectSuccess(Native.X509_add_ext(ptr, ext.Handle, -1));
 }