// TODO Replace with something that returns a list of DerObjectIdentifier public virtual IList GetExtendedKeyUsage() { Asn1OctetString str = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.37")); if (str == null) { return(null); } try { Asn1Sequence seq = Asn1Sequence.GetInstance( X509ExtensionUtilities.FromExtensionValue(str)); IList list = Platform.CreateArrayList(); foreach (DerObjectIdentifier oid in seq) { list.Add(oid.Id); } return(list); } catch (Exception e) { throw new CertificateParsingException("error processing extended key usage extension", e); } }
private X509Name loadCertificateIssuer() { if (!this.isIndirect) { return(null); } Asn1OctetString extensionValue = this.GetExtensionValue(X509Extensions.CertificateIssuer); if (extensionValue == null) { return(this.previousCertificateIssuer); } try { GeneralName[] names = GeneralNames.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue)).GetNames(); for (int i = 0; i < names.Length; i++) { if (names[i].TagNo == 4) { return(X509Name.GetInstance(names[i].Name)); } } } catch (Exception) { } return(null); }
protected virtual ICollection GetAlternativeNames( string oid) { Asn1OctetString altNames = GetExtensionValue(new DerObjectIdentifier(oid)); if (altNames == null) { return(null); } Asn1Object asn1Object = X509ExtensionUtilities.FromExtensionValue(altNames); GeneralNames gns = GeneralNames.GetInstance(asn1Object); IList result = Platform.CreateArrayList(); foreach (GeneralName gn in gns.GetNames()) { IList entry = Platform.CreateArrayList(); entry.Add(gn.TagNo); entry.Add(gn.Name.ToString()); result.Add(entry); } return(result); }
internal static Asn1Object GetExtensionValue(IX509Extension ext, DerObjectIdentifier oid) { Asn1OctetString extensionValue = ext.GetExtensionValue(oid); if (extensionValue == null) { return(null); } return(X509ExtensionUtilities.FromExtensionValue(extensionValue)); }
/// <summary> /// Get the value of an extension oid. /// </summary> private static Asn1Object GetExtensionValue(IX509Extension extension, DerObjectIdentifier oid) { Asn1OctetString asn1Octet = extension.GetExtensionValue(oid); if (asn1Octet != null) { return(X509ExtensionUtilities.FromExtensionValue(asn1Octet)); } return(null); }
private long?GetCRLNumber(X509Crl crlEntry) { Asn1OctetString extensionValue = crlEntry.GetExtensionValue(X509Extensions.CrlNumber); if (extensionValue == null) { return(null); } Asn1Object obj = X509ExtensionUtilities.FromExtensionValue(extensionValue); return(DerInteger.GetInstance(obj).PositiveValue.LongValue); }
private long?GetCRLNumber(Org.BouncyCastle.X509.X509Crl crlEntry) { Asn1OctetString extValue = crlEntry.GetExtensionValue(X509Extensions.CrlNumber); if (extValue != null) { Asn1Object asn1Value = X509ExtensionUtilities.FromExtensionValue(extValue); return(DerInteger.GetInstance(asn1Value).PositiveValue.LongValue); } return(null); }
private TrustAnchor GetTrustAnchor(string trustAnchorName) { X509Certificate cert = LoadCert(trustAnchorName); Asn1OctetString extBytes = cert.GetExtensionValue(X509Extensions.NameConstraints); if (extBytes != null) { Asn1Encodable extValue = X509ExtensionUtilities.FromExtensionValue(extBytes); return(new TrustAnchor(cert, extValue.GetDerEncoded())); } return(new TrustAnchor(cert, null)); }
public X509Certificate( X509CertificateStructure c) { this.c = c; try { Asn1OctetString str = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.19")); if (str != null) { basicConstraints = BasicConstraints.GetInstance( X509ExtensionUtilities.FromExtensionValue(str)); } } catch (Exception e) { throw new CertificateParsingException("cannot construct BasicConstraints: " + e); } try { Asn1OctetString str = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.15")); if (str != null) { DerBitString bits = DerBitString.GetInstance( X509ExtensionUtilities.FromExtensionValue(str)); byte[] bytes = bits.GetBytes(); int length = (bytes.Length * 8) - bits.PadBits; keyUsage = new bool[(length < 9) ? 9 : length]; for (int i = 0; i != length; i++) { // keyUsage[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; keyUsage[i] = (bytes[i / 8] & (0x80 >> (i % 8))) != 0; } } else { keyUsage = null; } } catch (Exception e) { throw new CertificateParsingException("cannot construct KeyUsage: " + e); } }
public static string GetCrlNumber(X509Crl crl) { Asn1OctetString extVal = crl.GetExtensionValue(X509Extensions.CrlNumber); if (extVal == null) { return(null); } BigInteger cn = DerInteger.GetInstance( X509ExtensionUtilities.FromExtensionValue(extVal)).PositiveValue; return(cn.ToString()); }
public static string GetSubjectKeyIdentifierFromCertificate(X509Certificate certificate) { Asn1OctetString sujectKeyIdentifierValue = certificate.GetExtensionValue(X509Extensions.SubjectKeyIdentifier); if (sujectKeyIdentifierValue != null) { var val = (Asn1OctetString)X509ExtensionUtilities.FromExtensionValue(sujectKeyIdentifierValue); if (val != null) { return(Hex.ToHexString(new BigInteger(val.GetOctets()).ToByteArray())); } } return(null); }
private bool IsCA(X509Certificate certificate) { Asn1OctetString extension = certificate.GetExtensionValue(X509Extensions.BasicConstraints); if (extension != null) { BasicConstraints constraint = BasicConstraints.GetInstance( X509ExtensionUtilities.FromExtensionValue(extension)); if (constraint != null) { return(constraint.IsCA()); } } return(false); }
public static bool VerifyCertificateSAN(System.Security.Cryptography.X509Certificates.X509Certificate certificate, string sni) { // check subject alternate name (must have exactly 1, equal to sni) var x509 = DotNetUtilities.FromX509Certificate(certificate); var sans = X509ExtensionUtilities.GetSubjectAlternativeNames(x509); if (sans.Count != 1) { return(false); } var san = (System.Collections.IList)((System.Collections.IList)sans)[0]; var sniOK = san[0].Equals(GeneralName.DnsName) && san[1].Equals(sni); // if subject matches sni and SAN is ok, return true return(x509.SubjectDN.ToString() == $"CN={sni}" && sniOK); }
private static List <String> GetCRLUrls(X509Certificate certificate) { var result = new List <string> (); var crlDPExtension = certificate.GetExtensionValue(X509Extensions.CrlDistributionPoints); if (crlDPExtension != null) { CrlDistPoint crlDistPoints = null; try { crlDistPoints = CrlDistPoint.GetInstance(X509ExtensionUtilities.FromExtensionValue(crlDPExtension)); } catch (IOException) { // TODO: Log } if (crlDistPoints != null) { var distPoints = crlDistPoints.GetDistributionPoints(); foreach (var distPoint in distPoints) { var dpName = distPoint.DistributionPointName; var generalNames = (GeneralNames)dpName.Name; if (generalNames != null) { var generalNameArray = generalNames.GetNames(); foreach (var generalName in generalNameArray) { if (generalName.TagNo == GeneralName.UniformResourceIdentifier) { var derString = (IAsn1String)generalName.Name; var uri = derString.GetString(); if (!string.IsNullOrEmpty(uri) && uri.StartsWith("http")) { result.Add(uri); break; } } } } } } } return(result); }
/// <summary> /// Parse certificate for alternate name extension. /// </summary> private void Parse(byte[] data) { if (Oid.Value != Oids.SubjectAltName && Oid.Value != Oids.SubjectAltName2) { throw new FormatException("Extension has unknown oid."); } Uris.Clear(); DomainNames.Clear(); IPAddresses.Clear(); var altNames = new DerOctetString(data); var altNamesObjects = X509ExtensionUtilities.FromExtensionValue(altNames); var generalNames = Org.BouncyCastle.Asn1.X509.GeneralNames.GetInstance(altNamesObjects); foreach (var generalName in generalNames.GetNames()) { switch (generalName.TagNo) { case Org.BouncyCastle.Asn1.X509.GeneralName.UniformResourceIdentifier: Uris.Add(generalName.Name.ToString()); break; case Org.BouncyCastle.Asn1.X509.GeneralName.DnsName: DomainNames.Add(generalName.Name.ToString()); break; case Org.BouncyCastle.Asn1.X509.GeneralName.IPAddress: try { var addr = Asn1OctetString .GetInstance(generalName.Name) .GetOctets(); IPAddresses.Add(new IPAddress(addr).ToString()); } catch { throw new FormatException( "Certificate contains invalid IP address."); } break; default: break; } } }
public void RevokeUserCertificate(string uid, string cid) { //get root cert X509Certificate rootCert = DotNetUtilities.FromX509Certificate(getRootCert()); //get user cert to be revoked UserCertificate userCert = GetUserCertificate(uid, cid); X509Certificate certToRevoke = new X509CertificateParser().ReadCertificate(userCert.RawCertBody); //parse the last CRL X509CrlParser crlParser = new X509CrlParser(); FileStream fileStream = File.Open(_configuration["CrlPath"], FileMode.Open); X509Crl rootCrl = crlParser.ReadCrl(fileStream); fileStream.Close(); //extract the CRL number Asn1OctetString prevCrlNum = rootCrl.GetExtensionValue(X509Extensions.CrlNumber); Asn1Object obj = X509ExtensionUtilities.FromExtensionValue(prevCrlNum); BigInteger prevCrlNumVal = DerInteger.GetInstance(obj).PositiveValue; //generate new CRL X509V2CrlGenerator crlGenerator = new X509V2CrlGenerator(); crlGenerator.SetIssuerDN(rootCert.SubjectDN); crlGenerator.SetThisUpdate(DateTime.UtcNow); crlGenerator.SetNextUpdate(DateTime.UtcNow.AddDays(10)); crlGenerator.AddCrl(rootCrl); //add the old CRL entries //add the newly revoked certificates crlGenerator.AddCrlEntry(certToRevoke.SerialNumber, DateTime.UtcNow, CrlReason.PrivilegeWithdrawn); //increment CRL Number by 1 crlGenerator.AddExtension("2.5.29.20", false, new CrlNumber(prevCrlNumVal.Add(BigInteger.One))); AsymmetricKeyParameter bouncyCastlePrivateKey = PrivateKeyFactory.CreateKey(getRootPrivateKey().ExportPkcs8PrivateKey()); var sigFactory = new Asn1SignatureFactory("SHA256WITHECDSA", bouncyCastlePrivateKey); X509Crl nextCrl = crlGenerator.Generate(sigFactory); // writePem(_configuration["CrlOldPath"], rootCrl); // write old CRL as backup writePem(_configuration["CrlPath"], nextCrl); //write new CRL // sanity check nextCrl.Verify(rootCert.GetPublicKey()); userCert.Revoked = true; _context.UserCertificates.Update(userCert); }
public void CopyAndAddExtension(DerObjectIdentifier oid, bool critical, X509Certificate cert) { Asn1OctetString extensionValue = cert.GetExtensionValue(oid); if (extensionValue == null) { throw new CertificateParsingException(string.Concat((object)"extension ", (object)oid, (object)" not present")); } try { Asn1Encodable extensionValue2 = X509ExtensionUtilities.FromExtensionValue(extensionValue); AddExtension(oid, critical, extensionValue2); } catch (global::System.Exception ex) { throw new CertificateParsingException(ex.get_Message(), ex); } }
public void CopyAndAddExtension(DerObjectIdentifier oid, bool critical, X509Certificate cert) { Asn1OctetString extensionValue = cert.GetExtensionValue(oid); if (extensionValue == null) { throw new CertificateParsingException("extension " + oid + " not present"); } try { Asn1Encodable extensionValue2 = X509ExtensionUtilities.FromExtensionValue(extensionValue); AddExtension(oid, critical, extensionValue2); } catch (Exception ex) { throw new CertificateParsingException(ex.Message, ex); } }
protected virtual ICollection GetAlternativeNames(string oid) { Asn1OctetString extensionValue = this.GetExtensionValue(new DerObjectIdentifier(oid)); if (extensionValue == null) { return(null); } GeneralNames instance = GeneralNames.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue)); IList list = Platform.CreateArrayList(); foreach (GeneralName name in instance.GetNames()) { IList list2 = Platform.CreateArrayList(); list2.Add(name.TagNo); list2.Add(name.Name.ToString()); list.Add(list2); } return(list); }
public X509Certificate(X509CertificateStructure c) { this.c = c; try { Asn1OctetString extensionValue = GetExtensionValue(new DerObjectIdentifier("2.5.29.19")); if (extensionValue != null) { basicConstraints = BasicConstraints.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue)); } } catch (Exception arg) { throw new CertificateParsingException("cannot construct BasicConstraints: " + arg); IL_004c :; } try { Asn1OctetString extensionValue2 = GetExtensionValue(new DerObjectIdentifier("2.5.29.15")); if (extensionValue2 != null) { DerBitString instance = DerBitString.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue2)); byte[] bytes = instance.GetBytes(); int num = bytes.Length * 8 - instance.PadBits; keyUsage = new bool[(num >= 9) ? num : 9]; for (int i = 0; i != num; i++) { keyUsage[i] = ((bytes[i / 8] & (128 >> i % 8)) != 0); } } else { keyUsage = null; } } catch (Exception arg2) { throw new CertificateParsingException("cannot construct KeyUsage: " + arg2); IL_0108 :; } }
protected virtual global::System.Collections.ICollection GetAlternativeNames(string oid) { Asn1OctetString extensionValue = GetExtensionValue(new DerObjectIdentifier(oid)); if (extensionValue == null) { return(null); } Asn1Object obj = X509ExtensionUtilities.FromExtensionValue(extensionValue); GeneralNames instance = GeneralNames.GetInstance(obj); global::System.Collections.IList list = Platform.CreateArrayList(); GeneralName[] names = instance.GetNames(); foreach (GeneralName generalName in names) { global::System.Collections.IList list2 = Platform.CreateArrayList(); list2.Add((object)generalName.TagNo); list2.Add((object)((object)generalName.Name).ToString()); list.Add((object)list2); } return((global::System.Collections.ICollection)list); }
private static Asn1Sequence FromCertificate(X509Certificate certificate) { try { GeneralName name = new GeneralName(PrincipalUtilities.GetIssuerX509Principal(certificate)); if (certificate.Version == 3) { Asn1OctetString extensionValue = certificate.GetExtensionValue(X509Extensions.SubjectKeyIdentifier); if (extensionValue != null) { Asn1OctetString asn1OctetString = (Asn1OctetString)X509ExtensionUtilities.FromExtensionValue(extensionValue); return((Asn1Sequence) new AuthorityKeyIdentifier(asn1OctetString.GetOctets(), new GeneralNames(name), certificate.SerialNumber).ToAsn1Object()); } } SubjectPublicKeyInfo spki = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(certificate.GetPublicKey()); return((Asn1Sequence) new AuthorityKeyIdentifier(spki, new GeneralNames(name), certificate.SerialNumber).ToAsn1Object()); } catch (Exception exception) { throw new CertificateParsingException("Exception extracting certificate details", exception); } }
public X509Certificate(X509CertificateStructure c) { this.c = c; try { Asn1OctetString extensionValue = GetExtensionValue(new DerObjectIdentifier("2.5.29.19")); if (extensionValue != null) { basicConstraints = BasicConstraints.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue)); } } catch (global::System.Exception ex) { throw new CertificateParsingException(string.Concat((object)"cannot construct BasicConstraints: ", (object)ex)); } try { Asn1OctetString extensionValue2 = GetExtensionValue(new DerObjectIdentifier("2.5.29.15")); if (extensionValue2 != null) { DerBitString instance = DerBitString.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue2)); byte[] bytes = instance.GetBytes(); int num = bytes.Length * 8 - instance.PadBits; keyUsage = new bool[(num < 9) ? 9 : num]; for (int i = 0; i != num; i++) { keyUsage[i] = (bytes[i / 8] & (128 >> i % 8)) != 0; } } else { keyUsage = null; } } catch (global::System.Exception ex2) { throw new CertificateParsingException(string.Concat((object)"cannot construct KeyUsage: ", (object)ex2)); } }
public X509Certificate(X509CertificateStructure c) { this.c = c; try { Asn1OctetString extensionValue = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.19")); if (extensionValue != null) { this.basicConstraints = BasicConstraints.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue)); } } catch (Exception arg) { throw new CertificateParsingException("cannot construct BasicConstraints: " + arg); } try { Asn1OctetString extensionValue2 = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.15")); if (extensionValue2 != null) { DerBitString instance = DerBitString.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue2)); byte[] bytes = instance.GetBytes(); int num = bytes.Length * 8 - instance.PadBits; this.keyUsage = new bool[(num < 9) ? 9 : num]; for (int num2 = 0; num2 != num; num2++) { this.keyUsage[num2] = (((int)bytes[num2 / 8] & 128 >> num2 % 8) != 0); } } else { this.keyUsage = null; } } catch (Exception arg2) { throw new CertificateParsingException("cannot construct KeyUsage: " + arg2); } }
public X509Certificate(X509CertificateStructure c) { this.c = c; try { Asn1OctetString extensionValue = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.19")); if (extensionValue != null) { this.basicConstraints = BasicConstraints.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue)); } } catch (Exception exception) { throw new CertificateParsingException("cannot construct BasicConstraints: " + exception); } try { Asn1OctetString extensionValue = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.15")); if (extensionValue != null) { DerBitString instance = DerBitString.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue)); byte[] bytes = instance.GetBytes(); int num = (bytes.Length * 8) - instance.PadBits; this.keyUsage = new bool[(num >= 9) ? num : 9]; for (int i = 0; i != num; i++) { this.keyUsage[i] = (bytes[i / 8] & (((int)0x80) >> (i % 8))) != 0; } } else { this.keyUsage = null; } } catch (Exception exception2) { throw new CertificateParsingException("cannot construct KeyUsage: " + exception2); } }
public virtual IList GetExtendedKeyUsage() { IList list2; Asn1OctetString extensionValue = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.37")); if (extensionValue == null) { return(null); } try { Asn1Sequence instance = Asn1Sequence.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue)); IList list = Platform.CreateArrayList(); IEnumerator enumerator = instance.GetEnumerator(); try { while (enumerator.MoveNext()) { DerObjectIdentifier current = (DerObjectIdentifier)enumerator.Current; list.Add(current.Id); } } finally { if (enumerator is IDisposable disposable) { IDisposable disposable; disposable.Dispose(); } } list2 = list; } catch (Exception exception) { throw new CertificateParsingException("error processing extended key usage extension", exception); } return(list2); }
protected virtual ICollection GetAlternativeNames(string oid) { Asn1OctetString extensionValue = this.GetExtensionValue(new DerObjectIdentifier(oid)); if (extensionValue == null) { return(null); } Asn1Object obj = X509ExtensionUtilities.FromExtensionValue(extensionValue); GeneralNames instance = GeneralNames.GetInstance(obj); IList list = Platform.CreateArrayList(); GeneralName[] names = instance.GetNames(); for (int i = 0; i < names.Length; i++) { GeneralName generalName = names[i]; IList list2 = Platform.CreateArrayList(); list2.Add(generalName.TagNo); list2.Add(generalName.Name.ToString()); list.Add(list2); } return(list); }
public virtual global::System.Collections.IList GetExtendedKeyUsage() { Asn1OctetString extensionValue = GetExtensionValue(new DerObjectIdentifier("2.5.29.37")); if (extensionValue == null) { return(null); } try { Asn1Sequence instance = Asn1Sequence.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue)); global::System.Collections.IList list = Platform.CreateArrayList(); global::System.Collections.IEnumerator enumerator = instance.GetEnumerator(); try { while (enumerator.MoveNext()) { DerObjectIdentifier derObjectIdentifier = (DerObjectIdentifier)enumerator.get_Current(); list.Add((object)derObjectIdentifier.Id); } } finally { global::System.IDisposable disposable = enumerator as global::System.IDisposable; if (disposable != null) { disposable.Dispose(); } } return(list); } catch (global::System.Exception exception) { throw new CertificateParsingException("error processing extended key usage extension", exception); } }
/// <inheritdoc/> public async Task <(X509Certificate Certificate, RsaKeyParameters Key)> GetLocalCertificateAsync(ApplicationDescription applicationDescription, ILogger logger = null) { string applicationUri = applicationDescription.ApplicationUri; if (string.IsNullOrEmpty(applicationUri)) { throw new ArgumentOutOfRangeException(nameof(applicationDescription), "Expecting ApplicationUri in the form of 'http://{hostname}/{appname}' -or- 'urn:{hostname}:{appname}'."); } string subjectName = null; string hostName = null; string appName = null; UriBuilder appUri = new UriBuilder(applicationUri); if (appUri.Scheme == "http" && !string.IsNullOrEmpty(appUri.Host)) { var path = appUri.Path.Trim('/'); if (!string.IsNullOrEmpty(path)) { hostName = appUri.Host; appName = path; subjectName = $"CN={appName},DC={hostName}"; } } if (appUri.Scheme == "urn") { var parts = appUri.Path.Split(new[] { ':' }, 2); if (parts.Length == 2) { hostName = parts[0]; appName = parts[1]; subjectName = $"CN={appName},DC={hostName}"; } } if (subjectName == null) { throw new ArgumentOutOfRangeException(nameof(applicationDescription), "Expecting ApplicationUri in the form of 'http://{hostname}/{appname}' -or- 'urn:{hostname}:{appname}'."); } var crt = default(X509Certificate); var key = default(RsaKeyParameters); // Build 'own/certs' certificate store. var ownCerts = new Org.BouncyCastle.Utilities.Collections.HashSet(); var ownCertsInfo = new DirectoryInfo(Path.Combine(this.pkiPath, "own", "certs")); if (ownCertsInfo.Exists) { foreach (var info in ownCertsInfo.EnumerateFiles()) { using (var crtStream = info.OpenRead()) { var c = this.certParser.ReadCertificate(crtStream); if (c != null) { ownCerts.Add(c); } } } } IX509Store ownCertStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(ownCerts)); // Select the newest certificate that matches by subject name. var selector = new X509CertStoreSelector() { Subject = new X509Name(subjectName) }; crt = ownCertStore.GetMatches(selector).OfType <X509Certificate>().OrderBy(c => c.NotBefore).LastOrDefault(); if (crt != null) { // If certificate found, verify alt-name, and retrieve private key. var asn1OctetString = crt.GetExtensionValue(X509Extensions.SubjectAlternativeName); if (asn1OctetString != null) { var asn1Object = X509ExtensionUtilities.FromExtensionValue(asn1OctetString); GeneralNames gns = GeneralNames.GetInstance(asn1Object); if (gns.GetNames().Any(n => n.TagNo == GeneralName.UniformResourceIdentifier && n.Name.ToString() == applicationUri)) { var ki = new FileInfo(Path.Combine(this.pkiPath, "own", "private", $"{crt.SerialNumber}.key")); if (ki.Exists) { using (var keyStream = new StreamReader(ki.OpenRead())) { var keyReader = new PemReader(keyStream); var keyPair = keyReader.ReadObject() as AsymmetricCipherKeyPair; if (keyPair != null) { key = keyPair.Private as RsaKeyParameters; } } } } } } // If certificate and key are found, return to caller. if (crt != null && key != null) { logger?.LogTrace($"Found certificate with subject alt name '{applicationUri}'."); return(crt, key); } if (!this.CreateLocalCertificateIfNotExist) { return(null, null); } // Create new certificate var subjectDN = new X509Name(subjectName); // Create a keypair. var kp = await Task.Run <AsymmetricCipherKeyPair>(() => { RsaKeyPairGenerator kg = new RsaKeyPairGenerator(); kg.Init(new KeyGenerationParameters(this.rng, 2048)); return(kg.GenerateKeyPair()); }); key = kp.Private as RsaPrivateCrtKeyParameters; // Create a certificate. X509V3CertificateGenerator cg = new X509V3CertificateGenerator(); var subjectSN = BigInteger.ProbablePrime(120, this.rng); cg.SetSerialNumber(subjectSN); cg.SetSubjectDN(subjectDN); cg.SetIssuerDN(subjectDN); cg.SetNotBefore(DateTime.Now.Date.ToUniversalTime()); cg.SetNotAfter(DateTime.Now.Date.ToUniversalTime().AddYears(25)); cg.SetPublicKey(kp.Public); cg.AddExtension( X509Extensions.BasicConstraints.Id, true, new BasicConstraints(false)); cg.AddExtension( X509Extensions.SubjectKeyIdentifier.Id, false, new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public))); cg.AddExtension( X509Extensions.AuthorityKeyIdentifier.Id, false, new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public), new GeneralNames(new GeneralName(subjectDN)), subjectSN)); cg.AddExtension( X509Extensions.SubjectAlternativeName, false, new GeneralNames(new[] { new GeneralName(GeneralName.UniformResourceIdentifier, applicationUri), new GeneralName(GeneralName.DnsName, hostName) })); cg.AddExtension( X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DataEncipherment | KeyUsage.DigitalSignature | KeyUsage.NonRepudiation | KeyUsage.KeyCertSign | KeyUsage.KeyEncipherment)); cg.AddExtension( X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeID.IdKPClientAuth, KeyPurposeID.IdKPServerAuth)); crt = cg.Generate(new Asn1SignatureFactory("SHA256WITHRSA", key, this.rng)); logger?.LogTrace($"Created certificate with subject alt name '{applicationUri}'."); var keyInfo = new FileInfo(Path.Combine(this.pkiPath, "own", "private", $"{crt.SerialNumber}.key")); if (!keyInfo.Directory.Exists) { Directory.CreateDirectory(keyInfo.DirectoryName); } else if (keyInfo.Exists) { keyInfo.Delete(); } using (var keystream = new StreamWriter(keyInfo.OpenWrite())) { var pemwriter = new PemWriter(keystream); pemwriter.WriteObject(key); } var crtInfo = new FileInfo(Path.Combine(this.pkiPath, "own", "certs", $"{crt.SerialNumber}.crt")); if (!crtInfo.Directory.Exists) { Directory.CreateDirectory(crtInfo.DirectoryName); } else if (crtInfo.Exists) { crtInfo.Delete(); } using (var crtstream = new StreamWriter(crtInfo.OpenWrite())) { var pemwriter = new PemWriter(crtstream); pemwriter.WriteObject(crt); } return(crt, key); }
/// <summary> /// Decides if the given attribute certificate should be selected. /// </summary> /// <param name="obj">The attribute certificate to be checked.</param> /// <returns><code>true</code> if the object matches this selector.</returns> public bool Match( object obj) { if (obj == null) { throw new ArgumentNullException("obj"); } IX509AttributeCertificate attrCert = obj as IX509AttributeCertificate; if (attrCert == null) { return(false); } if (this.attributeCert != null && !this.attributeCert.Equals(attrCert)) { return(false); } if (serialNumber != null && !attrCert.SerialNumber.Equals(serialNumber)) { return(false); } if (holder != null && !attrCert.Holder.Equals(holder)) { return(false); } if (issuer != null && !attrCert.Issuer.Equals(issuer)) { return(false); } if (attributeCertificateValid != null && !attrCert.IsValid(attributeCertificateValid.Value)) { return(false); } if (targetNames.Count > 0 || targetGroups.Count > 0) { Asn1OctetString targetInfoExt = attrCert.GetExtensionValue( X509Extensions.TargetInformation); if (targetInfoExt != null) { TargetInformation targetinfo; try { targetinfo = TargetInformation.GetInstance( X509ExtensionUtilities.FromExtensionValue(targetInfoExt)); } catch (Exception) { return(false); } Targets[] targetss = targetinfo.GetTargetsObjects(); if (targetNames.Count > 0) { bool found = false; for (int i = 0; i < targetss.Length && !found; i++) { Target[] targets = targetss[i].GetTargets(); for (int j = 0; j < targets.Length; j++) { GeneralName targetName = targets[j].TargetName; if (targetName != null && targetNames.Contains(targetName)) { found = true; break; } } } if (!found) { return(false); } } if (targetGroups.Count > 0) { bool found = false; for (int i = 0; i < targetss.Length && !found; i++) { Target[] targets = targetss[i].GetTargets(); for (int j = 0; j < targets.Length; j++) { GeneralName targetGroup = targets[j].TargetGroup; if (targetGroup != null && targetGroups.Contains(targetGroup)) { found = true; break; } } } if (!found) { return(false); } } } } return(true); }