} // End Function GetX509Field // http://unitstep.net/blog/2008/10/27/extracting-x509-extensions-from-a-csr-using-the-bouncy-castle-apis/ // https://github.com/puppetlabs/jvm-ssl-utils/blob/master/src/java/com/puppetlabs/ssl_utils/ExtensionsUtils.java // Gets the X509 Extensions contained in a CSR (Certificate Signing Request). // @param certificateSigningRequest the CSR. // @return the X509 Extensions in the request. // @throws CertificateException if the extensions could not be found. private static Org.BouncyCastle.Asn1.X509.X509Extensions GetX509ExtensionsFromCsr( Org.BouncyCastle.Asn1.Pkcs.CertificationRequestInfo certificationRequestInfo ) { // Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest certificateSigningRequest //Org.BouncyCastle.Asn1.Pkcs.CertificationRequestInfo certificationRequestInfo = certificateSigningRequest.GetCertificationRequestInfo(); Org.BouncyCastle.Asn1.Asn1Set attributesAsn1Set = certificationRequestInfo.Attributes; // The `Extension Request` attribute is contained within an ASN.1 Set, // usually as the first element. Org.BouncyCastle.Asn1.X509.X509Extensions certificateRequestExtensions = null; for (int i = 0; i < attributesAsn1Set.Count; ++i) { // There should be only only one attribute in the set. (that is, only // the `Extension Request`, but loop through to find it properly) Org.BouncyCastle.Asn1.Asn1Encodable derEncodable = attributesAsn1Set[i]; if (derEncodable is Org.BouncyCastle.Asn1.X509.X509Extensions) { certificateRequestExtensions = (Org.BouncyCastle.Asn1.X509.X509Extensions)derEncodable; break; } else if (derEncodable is Org.BouncyCastle.Asn1.DerSequence) { Org.BouncyCastle.Asn1.DerSequence sequence = (Org.BouncyCastle.Asn1.DerSequence)attributesAsn1Set[i]; Org.BouncyCastle.Asn1.Cms.Attribute attribute = new Org.BouncyCastle.Asn1.Cms.Attribute(sequence); // Check if the `Extension Request` attribute is present. if (attribute.AttrType.Equals( Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Pkcs9AtExtensionRequest) ) { Org.BouncyCastle.Asn1.Asn1Set attributeValues = attribute.AttrValues; // The X509Extensions are contained as a value of the ASN.1 Set. // Assume that it is the first value of the set. if (attributeValues.Count >= 1) { certificateRequestExtensions = Org.BouncyCastle.Asn1.X509.X509Extensions.GetInstance( attributeValues[0] ); // No need to search any more. break; } // End if (attributeValues.Count >= 1) } } // End else if (derEncodable is Org.BouncyCastle.Asn1.DerSequence) } // Next i if (null == certificateRequestExtensions) { throw new Org.BouncyCastle.Security.Certificates.CertificateException( "Could not obtain X509 Extensions from the CSR"); } // End if (null == certificateRequestExtensions) return(certificateRequestExtensions); } // End Function
} // End Sub AddAlternativeNames public void AddExtension( string oid , bool critical , Org.BouncyCastle.Asn1.Asn1Encodable extensionValue) { if (critical) { this.CriticalExtensions.Add(oid, extensionValue); } else { this.NonCriticalExtensions.Add(oid, extensionValue); } } // End Sub AddExtension
//public static byte[] Decrypt2(this byte[] cmessage,string password, byte[] salt) //{ // int KEY_SIZE = 256; // int iterations = 100; // //byte[] salt = new byte[KEY_SIZE >> 3]; // IBufferedCipher decCipher = BuildDecryptionCipher(password, iterations, salt); // return DecryptTemp(decCipher, cmessage); //} private static IBufferedCipher BuildDecryptionCipher(string password, int iterations, byte[] salt) { string DECRYPTION_ALGORITHM = "PBEWithSHA256And256BitAES-CBC-BC"; // get the password bytes char[] passwordChars = password.ToCharArray(); IBufferedCipher cipher = CipherUtilities.GetCipher(DECRYPTION_ALGORITHM); Org.BouncyCastle.Asn1.Asn1Encodable algParams = PbeUtilities.GenerateAlgorithmParameters(DECRYPTION_ALGORITHM, salt, iterations); ICipherParameters cipherParams = PbeUtilities.GenerateCipherParameters(DECRYPTION_ALGORITHM, passwordChars, algParams); cipher.Init(false, cipherParams); return(cipher); }
} // End Sub AddAlternativeNames public void AddExtension(string oid, bool critical, Org.BouncyCastle.Asn1.Asn1Encodable extensionValue) { if (critical) { this.CriticalExtensions.Add(oid, extensionValue); } else { this.NonCriticalExtensions.Add(oid, extensionValue); } //certGenerator.AddExtension( // Org.BouncyCastle.Asn1.X509.X509Extensions.SubjectAlternativeName // , false // , subjectAlternativeNames // ); } // End Sub AddExtension
} // End Property SubjectAlternativeNames public static Org.BouncyCastle.Asn1.DerSequence CreateSubjectAlternativeNames(string[] names) { Org.BouncyCastle.Asn1.Asn1Encodable[] alternativeNames = new Org.BouncyCastle.Asn1.Asn1Encodable[names.Length]; for (int i = 0; i < names.Length; ++i) { System.Net.IPAddress ipa; if (System.Net.IPAddress.TryParse(names[i], out ipa)) { alternativeNames[i] = new Org.BouncyCastle.Asn1.X509.GeneralName(Org.BouncyCastle.Asn1.X509.GeneralName.IPAddress, names[i]); } else { alternativeNames[i] = new Org.BouncyCastle.Asn1.X509.GeneralName(Org.BouncyCastle.Asn1.X509.GeneralName.DnsName, names[i]); } } // Next i Org.BouncyCastle.Asn1.DerSequence subjectAlternativeNames = new Org.BouncyCastle.Asn1.DerSequence(alternativeNames); return(subjectAlternativeNames); } // End Function CreateSubjectAlternativeNames