public void TestRsaSha1() { using (Configuration cfg = new Configuration("openssl.cnf")) { // Test RSA/SHA1 with other SelfSigned method BigNumber bn = 0x10001; CryptoKey key; using (RSA rsa = new RSA()) { rsa.GenerateKeys(2048, bn, OnGenerator, null); key = new CryptoKey(rsa); // rsa is assigned, we no longer need this instance } using (var root = X509CertificateAuthority.SelfSigned( cfg, new SimpleSerialNumber(), key, MessageDigest.SHA1, "Root1", DateTime.Now, TimeSpan.FromDays(365))) { Console.WriteLine(root.Certificate); } } }
private void TestDefaultDSA() { using (Configuration cfg = new Configuration("openssl.cnf")) { // Test default DSA method using (X509CertificateAuthority root = X509CertificateAuthority.SelfSigned( cfg, new SimpleSerialNumber(), "Root1", DateTime.Now, TimeSpan.FromDays(365))) { Console.WriteLine(root.Certificate); } } }
X509Certificate CreateCertificate(X509CertificateAuthority ca, string name, Configuration cfg, string section) { var now = DateTime.Now; var future = now + TimeSpan.FromDays(365); using (var subject = new X509Name(name)) using (var rsa = new RSA()) { rsa.GenerateKeys(1024, BigNumber.One, null, null); using (var key = new CryptoKey(rsa)) { var request = new X509Request(1, subject, key); var cert = ca.ProcessRequest(request, now, future, cfg, section); cert.PrivateKey = key; return cert; } } }
public SslTestContext() { using (var cfg = new Configuration("openssl.cnf")) using (var ca = X509CertificateAuthority.SelfSigned( cfg, new SimpleSerialNumber(), "Root", DateTime.Now, TimeSpan.FromDays(365))) { CAChain.Add(ca.Certificate); ServerCertificate = CreateCertificate(ca, "server", cfg, "tls_server"); ClientCertificate = CreateCertificate(ca, "client", cfg, "tls_client"); } ClientCertificateList.Add(ClientCertificate); }
/// <summary> /// Calls X509V3_set_nconf() /// </summary> /// <param name="cfg"></param> public void SetConfiguration(Configuration cfg) { Native.X509V3_set_nconf(ptr, cfg.Handle); }
/// <summary> /// Process an X509Request. This includes creating a new X509Certificate /// and signing this certificate with this CA's private key. /// </summary> /// <param name="request"></param> /// <param name="startTime"></param> /// <param name="endTime"></param> /// <param name="cfg"></param> /// <param name="section"></param> /// <param name="digest"></param> /// <returns></returns> public X509Certificate ProcessRequest( X509Request request, DateTime startTime, DateTime endTime, Configuration cfg, string section, MessageDigest digest) { // using (var pkey = request.PublicKey) // { // if (!request.Verify(pkey)) // throw new Exception("Request signature validation failed"); // } var cert = new X509Certificate( serial.Next(), request.Subject, this.caCert.Subject, request.PublicKey, startTime, endTime); if (cfg != null) cfg.ApplyExtensions(section, caCert, cert, request); cert.Sign(caKey, digest); return cert; }
/// <summary> /// Process an X509Request. This includes creating a new X509Certificate /// and signing this certificate with this CA's private key. /// </summary> /// <param name="request"></param> /// <param name="startTime"></param> /// <param name="endTime"></param> /// <param name="cfg"></param> /// <param name="section"></param> /// <returns></returns> public X509Certificate ProcessRequest( X509Request request, DateTime startTime, DateTime endTime, Configuration cfg, string section) { return ProcessRequest(request, startTime, endTime, cfg, section, MessageDigest.DSS1); }
/// <summary> /// Factory method that creates a X509CertificateAuthority instance with /// an internal self signed certificate /// </summary> /// <param name="cfg"></param> /// <param name="seq"></param> /// <param name="key"></param> /// <param name="digest"></param> /// <param name="subject"></param> /// <param name="start"></param> /// <param name="validity"></param> /// <returns></returns> public static X509CertificateAuthority SelfSigned( Configuration cfg, ISequenceNumber seq, CryptoKey key, MessageDigest digest, X509Name subject, DateTime start, TimeSpan validity) { var cert = new X509Certificate( seq.Next(), subject, subject, key, start, start + validity); if (cfg != null) cfg.ApplyExtensions("v3_ca", cert, cert, null); cert.Sign(key, digest); return new X509CertificateAuthority(cert, key, seq); }
/// <summary> /// Factory method which creates a X509CertifiateAuthority where /// the internal certificate is self-signed /// </summary> /// <param name="cfg"></param> /// <param name="seq"></param> /// <param name="subject"></param> /// <param name="start"></param> /// <param name="validity"></param> /// <returns></returns> public static X509CertificateAuthority SelfSigned( Configuration cfg, ISequenceNumber seq, X509Name subject, DateTime start, TimeSpan validity) { CryptoKey key; using (var dsa = new DSA(true)) { key = new CryptoKey(dsa); // Dispose the DSA key, the CryptoKey assignment increments the reference count } var cert = new X509Certificate( seq.Next(), subject, subject, key, start, start + validity); if (cfg != null) cfg.ApplyExtensions("v3_ca", cert, cert, null); cert.Sign(key, MessageDigest.DSS1); return new X509CertificateAuthority(cert, key, seq); }
/// <summary> /// Constructs a X509CertifcateAuthority with the specified parameters. /// </summary> /// <param name="caCert"></param> /// <param name="caKey"></param> /// <param name="serial"></param> /// <param name="cfg"></param> public X509CertificateAuthority(X509Certificate caCert, CryptoKey caKey, ISequenceNumber serial, Configuration cfg) { if (!caCert.CheckPrivateKey(caKey)) throw new Exception("The specified CA Private Key does match the specified CA Certificate"); this.caCert = caCert; this.caKey = caKey; this.serial = serial; this.cfg = cfg; }