public static Pkcs12Store CreateCert(string commonName, DateTime notBefore, DateTime notAfter, IEnumerable <string> dnsAltNames, IEnumerable <string> ipAddressAltNames, Pkcs12Store signBy) { var keyPairGen = new RsaKeyPairGenerator(); keyPairGen.Init(new KeyGenerationParameters(new SecureRandom(), 2048)); var keyPair = keyPairGen.GenerateKeyPair(); var certGenerator = new X509V3CertificateGenerator(); certGenerator.SetSubjectDN(new X509Name("CN=" + commonName)); if (signBy == null) { certGenerator.SetIssuerDN(new X509Name("CN=" + commonName)); } else { certGenerator.SetIssuerDN(signBy.GetCertificate().SubjectDN); } certGenerator.SetSerialNumber(BigInteger.ProbablePrime(64, new Random())); certGenerator.SetNotBefore(notBefore); certGenerator.SetNotAfter(notAfter); certGenerator.SetPublicKey(keyPair.Public); if ((dnsAltNames?.Any() ?? false) || (ipAddressAltNames?.Any() ?? false)) { var alternativeNames = new List <Asn1Encodable>(); alternativeNames.AddRange(dnsAltNames?.Select(name => new GeneralName(GeneralName.DnsName, name)) ?? Enumerable.Empty <Asn1Encodable>()); alternativeNames.AddRange(ipAddressAltNames?.Select(ip => new GeneralName(GeneralName.IPAddress, ip)) ?? Enumerable.Empty <Asn1Encodable>()); certGenerator.AddExtension( X509Extensions.SubjectAlternativeName, false, new DerSequence(alternativeNames.ToArray()) ); } var signatureKeyPair = signBy != null ? new AsymmetricCipherKeyPair(signBy.GetCertificate().GetPublicKey(), signBy.GetKey()) : keyPair; var signer = new Asn1SignatureFactory("SHA256WITHRSA", signatureKeyPair.Private); var certificate = certGenerator.Generate(signer); return(ToPkcs12(certificate, keyPair.Private)); }
/// <summary> /// Extracts the cryptographic objects contained in a PFX file. /// </summary> /// <param name="input">A stream with the PFX.</param> /// <param name="unsecurePassword">The PFX password in clear-text.</param> /// <returns> /// The cryptographic objects contained in the specified PFX file. /// </returns> /// <exception cref="ArgumentNullException"><paramref name="input"/> is null.</exception> /// <exception cref="ArgumentException"><paramref name="input"/> is not readable.</exception> /// <exception cref="ArgumentNullException"><paramref name="unsecurePassword"/> is null.</exception> /// <exception cref="ArgumentException"><paramref name="unsecurePassword"/> is white space.</exception> public static ExtractedPfxFile ExtractCryptographicObjectsFromPfxFile( Stream input, string unsecurePassword) { new { input }.Must().NotBeNull(); new { input.CanRead }.Must().BeTrue(); new { unsecurePassword }.Must().NotBeNullNorWhiteSpace(); var store = new Pkcs12Store(input, unsecurePassword.ToCharArray()); var aliases = store.Aliases; var certificateChain = new List <X509Certificate>(); foreach (var alias in aliases) { var certEntry = store.GetCertificate(alias.ToString()); certificateChain.Add(certEntry.Certificate); } var endUserCertificate = certificateChain.GetEndUserCertFromCertChain(); var subjectAttributes = endUserCertificate.GetX509SubjectAttributes(); var storeKey = store.GetKey(subjectAttributes[X509SubjectAttributeKind.CommonName]); var privateKey = storeKey.Key; var result = new ExtractedPfxFile(certificateChain, privateKey); return(result); }
public static X509Certificate GetCertificateAndKeyFromBytes(byte[] certificateBytes, string password, out AsymmetricKeyEntry privateKey) { privateKey = null; MemoryStream certificateStream = new MemoryStream(certificateBytes); Pkcs12Store certificateStore; try { certificateStore = new Pkcs12Store(certificateStream, password.ToCharArray()); } catch (IOException) { return(null); } foreach (string alias in certificateStore.Aliases) { AsymmetricKeyEntry key = certificateStore.GetKey(alias); X509CertificateEntry certificateEntry = certificateStore.GetCertificate(alias); X509Certificate certificate = certificateEntry.Certificate; if (key != null) { privateKey = key; return(certificate); } } return(null); }
private X509Certificate2 GetAsDotNet(string entryAlias, X509KeyStorageFlags flags) { Org.BouncyCastle.Pkcs.X509CertificateEntry certificateEntry = store.GetCertificate(entryAlias); if (store.IsKeyEntry(entryAlias)) { //Get the org key entry AsymmetricKeyEntry orgKeyEntry = store.GetKey(entryAlias); //Copy it into a new key attribute with the windows CSP defined IDictionary newKeyEntryAttributes = new Hashtable(); foreach (String attribute in orgKeyEntry.BagAttributeKeys) { newKeyEntryAttributes.Add(attribute, orgKeyEntry[attribute]); } if (!newKeyEntryAttributes.Contains("1.3.6.1.4.1.311.17.1")) { newKeyEntryAttributes.Add("1.3.6.1.4.1.311.17.1", new DerBmpString("Microsoft Enhanced RSA and AES Cryptographic Provider")); } AsymmetricKeyEntry newKeyEntry = new AsymmetricKeyEntry(orgKeyEntry.Key, newKeyEntryAttributes); //Make a new P12 in memory Pkcs12Store newP12 = new Pkcs12Store(); newP12.SetKeyEntry(entryAlias, newKeyEntry, store.GetCertificateChain(entryAlias)); MemoryStream buffer = new MemoryStream(); newP12.Save(buffer, password.ToCharArray(), new SecureRandom()); //Read this P12 as X509Certificate with private key return(new X509Certificate2(buffer.ToArray(), password, flags)); } else { return(new X509Certificate2(certificateEntry.Certificate.GetEncoded())); } }
public static (AsymmetricKeyParameter PubKey, AsymmetricKeyParameter PrivKey) PKCS12ToAsymmetricCipherKeyPair(Pkcs12Store pkstore) { AsymmetricKeyParameter pub = null; AsymmetricKeyParameter priv = null; foreach (string s in pkstore.Aliases.Cast <string>()) { X509CertificateEntry entry = pkstore.GetCertificate(s); if (entry != null) { pub = entry.Certificate.GetPublicKey(); } AsymmetricKeyEntry kentry = pkstore.GetKey(s); if (kentry != null) { priv = kentry.Key; } } if (pub == null) { throw new CryptoException("Certificate not found"); } return(pub, priv); }
static IList <Org.BouncyCastle.X509.X509Certificate> GetCertificatesToImport(byte[] pfxBytes, string password) { using (var memoryStream = new MemoryStream(pfxBytes)) { var pkcs12Store = new Pkcs12Store(memoryStream, password?.ToCharArray() ?? "".ToCharArray()); if (pkcs12Store.Count < 1) { throw new Exception("No certificates were found in PFX"); } var aliases = pkcs12Store.Aliases.Cast <string>().ToList(); // Find the first bag which contains a private-key var keyAlias = aliases.FirstOrDefault(alias => pkcs12Store.IsKeyEntry(alias)); if (keyAlias != null) { return(pkcs12Store.GetCertificateChain(keyAlias).Select(x => x.Certificate).ToList()); } return(new List <Org.BouncyCastle.X509.X509Certificate> { pkcs12Store.GetCertificate(aliases.First()).Certificate }); } }
private (string certificate, string key) TransformPfx(IPasswordFinder passwordFinder) { var certOutput = new StringWriter(); var keyOutput = new StringWriter(); using (var input = File.OpenRead(CertificatePath)) { var certWriter = new PemWriter(certOutput); var keyWriter = new PemWriter(keyOutput); var store = new Pkcs12Store(input, passwordFinder.GetPassword()); foreach (string alias in store.Aliases) { var cert = store.GetCertificate(alias); if (cert != null) { certWriter.WriteObject(cert.Certificate); } var key = store.GetKey(alias); if (key != null && key.Key.IsPrivate) { keyWriter.WriteObject(key.Key); } } } return(certOutput.ToString(), keyOutput.ToString()); }
public static void WriteCertificateAsPem(byte[] rawBytes, string exportPassword, Stream s) { var a = new Pkcs12Store(); a.Load(new MemoryStream(rawBytes), Array.Empty <char>()); var entry = a.GetCertificate(a.Aliases.Cast <string>().First()); var key = a.Aliases.Cast <string>().Select(a.GetKey).First(x => x != null); using (var writer = new StreamWriter(s, Encoding.ASCII, 1024, leaveOpen: true)) { var pw = new PemWriter(writer); pw.WriteObject(entry.Certificate); object privateKey; if (exportPassword != null) { privateKey = new MiscPemGenerator( key.Key, "AES-128-CBC", exportPassword.ToCharArray(), CertificateUtils.GetSeededSecureRandom()) .Generate(); } else { privateKey = key.Key; } pw.WriteObject(privateKey); writer.Flush(); } }
/// <summary> /// In windows 7 work with X509Certificate2 class properties like PrivateKey and PublicKey leads to start random UPD port listening. /// This method gets private key with help of Bouncy castle. It helps prevent UDP port starting /// </summary> /// <param name="filePath"></param> /// <returns></returns> public AsymmetricKeyParameter ExtractSigningKey(string filePath) { var pkcs = new Pkcs12Store(File.Open(filePath, FileMode.Open), GetCertPassword().ToCharArray()); var aliases = pkcs.Aliases; var name = string.Empty; foreach (var a in aliases) { name = a.ToString(); break; } if (String.IsNullOrEmpty(name)) { throw new Exception("Can not retrieve certificate alias name from PFX file"); } // get certificate var certEntry = pkcs.GetCertificate(name.ToString()); if (certEntry == null) { throw new Exception("Can not get certificate from pfx file by alias name"); } // get certificate private key var issuerKey = pkcs.GetKey(name.ToString()).Key; return(issuerKey); }
/// <summary> /// Imports certificates and keys from a pkcs12-encoded stream. /// </summary> /// <remarks> /// Imports certificates and keys from a pkcs12-encoded stream. /// </remarks> /// <param name="stream">The raw certificate and key data.</param> /// <param name="password">The password to unlock the stream.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="stream"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="password"/> is <c>null</c>.</para> /// </exception> public override void Import(Stream stream, string password) { if (stream == null) { throw new ArgumentNullException("stream"); } if (password == null) { throw new ArgumentNullException("password"); } var pkcs12 = new Pkcs12Store(stream, password.ToCharArray()); foreach (string alias in pkcs12.Aliases) { if (pkcs12.IsKeyEntry(alias)) { var chain = pkcs12.GetCertificateChain(alias); var entry = pkcs12.GetKey(alias); for (int i = 0; i < chain.Length; i++) { certificates.Add(chain[i].Certificate); } keys.Add(chain[0].Certificate, entry.Key); } else if (pkcs12.IsCertificateEntry(alias)) { var entry = pkcs12.GetCertificate(alias); certificates.Add(entry.Certificate); } } }
private void init(string aPfxFilePath, string aPassword) { FileStream fin = new FileStream(aPfxFilePath, FileMode.Open, FileAccess.Read); Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder(); Pkcs12Store pkcs12Store = storeBuilder.Build(); pkcs12Store.Load(fin, aPassword.ToCharArray()); fin.Close(); IEnumerable aliases = pkcs12Store.Aliases; IEnumerator aliasesEnumerator = aliases.GetEnumerator(); while (aliasesEnumerator.MoveNext()) { string alias = (string)aliasesEnumerator.Current; signingBouncyCert = pkcs12Store.GetCertificate(alias); X509Certificate x509Certificate = signingBouncyCert.Certificate; ECertificate cert = new ECertificate(x509Certificate.GetEncoded()); EKeyUsage eKeyUsage = cert.getExtensions().getKeyUsage(); bool isDigitalSignature = eKeyUsage.isDigitalSignature(); if (isDigitalSignature) { signingBouncyKeyEntry = pkcs12Store.GetKey(alias); signingCertificate = cert; break; } } }
public static X509Certificate ReadCertFromFile(string strCertificatePath, string strCertificatePassword) { try { // Create file stream object to read certificate var keyStream = new FileStream(strCertificatePath, FileMode.Open, FileAccess.Read); // Read certificate using BouncyCastle component var inputKeyStore = new Pkcs12Store(); inputKeyStore.Load(keyStream, strCertificatePassword.ToCharArray()); //Close File stream keyStream.Close(); var keyAlias = inputKeyStore.Aliases.Cast <string>().FirstOrDefault(n => inputKeyStore.IsKeyEntry(n)); // Read Key from Alieases if (keyAlias == null) { throw new NotImplementedException("Alias"); } //Read certificate into 509 format return((X509Certificate)inputKeyStore.GetCertificate(keyAlias).Certificate); } catch (Exception ex) { Console.WriteLine("So, you wanna make an exception huh! : " + ex.ToString()); Console.ReadKey(); return(null); } }
public static X509Certificate2 Load(Stream stream, string password) { var loadStore = new Pkcs12Store(); loadStore.Load(stream, password?.ToCharArray()); string keyAlias = loadStore.Aliases.Cast <string> ().FirstOrDefault(loadStore.IsKeyEntry); if (keyAlias == null) { throw new NotImplementedException("Alias"); } var builder = new Pkcs12StoreBuilder(); builder.SetUseDerEncoding(true); var saveStore = builder.Build(); var chain = new X509CertificateEntry(loadStore.GetCertificate(keyAlias).Certificate); saveStore.SetCertificateEntry("Alias", chain); saveStore.SetKeyEntry("Alias", new AsymmetricKeyEntry((RsaPrivateCrtKeyParameters)loadStore.GetKey(keyAlias).Key), new [] { chain }); using (var saveStream = new MemoryStream()) { saveStore.Save(saveStream, new char[0], new SecureRandom()); return(new X509Certificate2(Pkcs12Utilities.ConvertToDefiniteLength(saveStream.ToArray()))); } }
/// <summary> /// Construct a CA object /// </summary> /// <param name="ConfigFile">Full pathname to config file</param> /// <param name="Password">Password for key file</param> public simpleCA(string ConfigFile, string Password) { this.configFile = ConfigFile; this.password = Password.ToCharArray(); // Read in the configuration XDocument config; if (XmlSigning.VerifyXmlFile(configFile)) { config = XDocument.Load(configFile); } else { throw new GeneralSecurityException("Signature failed on CA config file"); } XElement ca = config.Element("OSCA").Element("CA"); this.name = ca.Element("name").Value; this.type = ca.Element("type").Value; this.dbFileLocation = ca.Element("dbFileLocation").Value; this.publicKeyAlgorithm = ca.Element("publicKeyAlgorithm").Value; this.publicKeySize = ca.Element("publicKeySize").Value; this.signatureAlgorithm = ca.Element("signatureAlgorithm").Value; this.fips140 = Convert.ToBoolean(ca.Element("fips140").Value); this.lastSerial = ca.Element("lastSerial").Value; this.crlFileLocation = ca.Element("crlFileLocation").Value; this.lastCRL = ca.Element("lastCRL").Value; this.crlInterval = Convert.ToDouble(ca.Element("crlInterval").Value); this.profilesLocation = ca.Element("profilesLocation").Value; //Read in the private key and certificate MemoryStream p12stream = new MemoryStream(Convert.FromBase64String(ca.Element("caKey").Value)); Pkcs12Store p12 = new Pkcs12Store(p12stream, password); this.privateKey = p12.GetKey(this.name).Key; this.caCertificate = p12.GetCertificate(this.name).Certificate; if (ca.Element("policyEnforcement") != null) { policyEnforcement = PolicyEnforcementFactory.initialise(caCertificate, ca.Element("policyEnforcement")); } // Create CspParameters to support XML signing cspParam = SysKeyManager.LoadCsp(privateKey); // Setup the Event Logger eventLog = new Logger(ca.Element("logFileLocation").Value, caCertificate, cspParam); // Check our certificate is valid // --- TODO // Log startup event logEvent(LogEvent.EventType.StartCA, "CA Started"); // Expire any old certificates Database.ExpireCertificate(dbFileLocation, caCertificate, cspParam); }
public static string X509Certificate2ToPEM(X509Certificate2 cert) { try { if (cert.HasPrivateKey) { byte[] pkcsarray = cert.Export(X509ContentType.Pkcs12); if (pkcsarray.Length == 0) { throw new CryptoException("Empty PKCS12 Array"); } X509Certificate certout = null; AsymmetricKeyParameter priv = null; using (MemoryStream ms = new MemoryStream(pkcsarray)) { Pkcs12Store pkstore = new Pkcs12Store(); pkstore.Load(ms, new char[] { }); foreach (string s in pkstore.Aliases.Cast <string>()) { X509CertificateEntry entry = pkstore.GetCertificate(s); if (entry != null) { certout = entry.Certificate; } AsymmetricKeyEntry kentry = pkstore.GetKey(s); if (kentry != null) { priv = kentry.Key; } } if (certout == null) { throw new CryptoException("Certificate not found"); } } using (StringWriter sw = new StringWriter()) { PemWriter pemWriter = new PemWriter(sw); pemWriter.WriteObject(certout); if (priv != null) { pemWriter.WriteObject(priv); } sw.Flush(); return(sw.ToString()); } } X509Certificate c = DotNetUtilities.FromX509Certificate(cert); return(DumpOnePEM(c, null)); // return cert.Export(X509ContentType.SerializedCert).ToUTF8String(); } catch (Exception e) { throw new CryptoException($"Unable to open pkcs12, wrong password?. {e.Message}", e); } }
public CertContainer(Pkcs12Store privateKeyStore, params CertContainer[] issuerCerts) { string certAlias = GetCertAlias(privateKeyStore); this.PrivateKey = privateKeyStore.GetKey(certAlias).Key; this.Certificate = privateKeyStore.GetCertificate(certAlias).Certificate; this.IssuerChain = issuerCerts ?? new CertContainer[0]; }
public static void WriteCertificateAsPem(string name, byte[] rawBytes, string exportPassword, ZipArchive s) { var a = new Pkcs12Store(); a.Load(new MemoryStream(rawBytes), Array.Empty <char>()); X509CertificateEntry entry = null; AsymmetricKeyEntry key = null; foreach (var alias in a.Aliases) { var aliasKey = a.GetKey(alias.ToString()); if (aliasKey != null) { entry = a.GetCertificate(alias.ToString()); key = aliasKey; break; } } if (entry == null) { throw new InvalidOperationException("Could not find private key."); } using (var stream = s.CreateEntry(name + ".crt").Open()) using (var writer = new StreamWriter(stream)) { var pw = new PemWriter(writer); pw.WriteObject(entry.Certificate); } using (var stream = s.CreateEntry(name + ".key").Open()) using (var writer = new StreamWriter(stream)) { var pw = new PemWriter(writer); object privateKey; if (exportPassword != null) { privateKey = new MiscPemGenerator( key.Key, "DES-EDE3-CBC", exportPassword.ToCharArray(), CertificateUtils.GetSeededSecureRandom()) .Generate(); } else { privateKey = key.Key; } pw.WriteObject(privateKey); writer.Flush(); } }
public void LoadPfx(string path, string password) { var store = new Pkcs12Store(new FileStream(path, FileMode.Open, FileAccess.Read), password.ToCharArray()); string alias = store.Aliases.Cast <string>().First(); certificate = store.GetCertificate(alias).Certificate; privateKey = store.GetKey(alias).Key; X509Certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(path, password); }
private void UpdateKeyPairType(char[] password) { Pkcs12Store store = LoadCAPfx(password); if (store.ContainsAlias(CaAlias) && store.IsEntryOfType(CaAlias, typeof(AsymmetricKeyEntry))) { AsymmetricKeyEntry keyEntry = store.GetKey(CaAlias); CaCertificate = store.GetCertificate(CaAlias).Certificate; KeyPairType = KeyPairUtils.QueryKeyType(keyEntry.Key); } }
public static Tuple <X509.X509Certificate, AsymmetricKeyParameter> GetSampleX509Certificate() { var store = new Pkcs12Store(); using (var ms = new MemoryStream(SamplePfx)) store.Load(ms, "mono".ToCharArray()); var alias = store.Aliases.Cast <string>().First(); var cert = store.GetCertificate(alias).Certificate; var privKey = store.GetKey(alias).Key; return(Tuple.Create(cert, privKey)); }
internal static void SignWithPkcs12KeyStore(string keyStore, string password, string input, string output) { if (String.IsNullOrEmpty(keyStore)) { throw new ArgumentNullException("keyStore"); } if (String.IsNullOrEmpty(password)) { throw new ArgumentNullException("password"); } if (String.IsNullOrEmpty(input)) { throw new ArgumentNullException("input"); } if (String.IsNullOrEmpty(output)) { throw new ArgumentNullException("output"); } if (!File.Exists(keyStore)) { throw new FileNotFoundException("Keystore is not found or is not a file: " + keyStore, keyStore); } if (!File.Exists(input)) { throw new FileNotFoundException("Input pdf not found: " + input, input); } try { var store = new Pkcs12Store(File.OpenRead(keyStore), password.ToCharArray()); var pKey = store.Aliases .Cast <string>() .FirstOrDefault(store.IsKeyEntry); var key = store.GetKey(pKey).Key; var chain = new[] { store.GetCertificate(pKey).Certificate }; var reader = new PdfReader(input); using (var stamper = PdfStamper.CreateSignature(reader, File.OpenWrite(output), '\0', null, true)) { var sigAppearance = stamper.SignatureAppearance; //Note:note the order of things here SetSigPosition(sigAppearance, reader.AcroFields.GetSignatureNames().Count); SetSigText(sigAppearance, chain); SetSigCryptoFromCipherParam(sigAppearance, key, chain); } } catch (Exception exception) { throw new Exception("Error while signing pdf file: " + exception.Message, exception); } }
public static X509Certificate GetCertificate(this Pkcs12Store store) { foreach (string alias in store.Aliases) { var keyEntry = store.GetKey(alias); if (keyEntry.Key.IsPrivate) { return(store.GetCertificate(alias).Certificate); } } throw new ArgumentException("Invalid store."); }
public ClientCertificateWithKey(byte[] pkcs12data, string password) { if (pkcs12data == null || pkcs12data.Length == 0) { throw new ArgumentException("No PKCS#12 data specified", nameof(pkcs12data)); } var inputKeyStore = new Pkcs12Store(); try { using (var ms = new MemoryStream(pkcs12data)) { inputKeyStore.Load(ms, string.IsNullOrEmpty(password) ? new char[0] : password.ToCharArray()); } } catch (IOException ex) { throw new AuthenticationException("Parsing of the PKCS#12 data failed", ex); } catch (Exception) { throw; } var keyAlias = inputKeyStore.Aliases.Cast <string>().FirstOrDefault(n => inputKeyStore.IsKeyEntry(n)); if (keyAlias == null) { throw new InvalidDataException("No private key found in PKCS12 data"); } var bcert = inputKeyStore.GetCertificate(keyAlias); this.Certificate = new X509Certificate2(bcert.Certificate.GetEncoded()); var ck = inputKeyStore.GetKey(keyAlias); var ecpk = ck.Key as ECPrivateKeyParameters; this.Key = ecpk.D.ToByteArrayUnsigned(); var sb = new StringBuilder(); TextWriter tw = new StringWriter(sb); var pw = new Org.BouncyCastle.OpenSsl.PemWriter(tw); pw.WriteObject(ecpk); this.Key = Encoding.ASCII.GetBytes(sb.ToString()); }
public static Tuple <X509Certificate, AsymmetricKeyParameter> GetSampleX509Certificate() { Pkcs12Store store = new Pkcs12Store(); char[] password = "******".ToCharArray(); using (MemoryStream ms = new MemoryStream(SamplePfx)) store.Load(ms, password); string alias = store.Aliases.Cast <string>().First(); X509Certificate cert = store.GetCertificate(alias).Certificate; AsymmetricKeyParameter privKey = store.GetKey(alias).Key; return(Tuple.Create(cert, privKey)); }
private void RefreshStore() { _listItems.Clear(); foreach (String alias in _store.Aliases) { KeyStoreEntryType entryType; if (_store.IsCertificateEntry(alias)) { entryType = KeyStoreEntryType.TrustCertEntry; } else if (_store.IsKeyEntry(alias) && _store.GetCertificateChain(alias) != null && _store.GetCertificateChain(alias).Length != 0) { entryType = KeyStoreEntryType.KeyPairEntry; } else { entryType = KeyStoreEntryType.KeyEntry; } X509Certificate cert = _store.GetCertificate(alias).Certificate; _listItems.Add(new ListItemEntry(entryType, alias, cert, Repository.Instance.IsRevokedCertificate(cert.SerialNumber.ToString()))); } }
public bool Init(string authentication_certificate_path, string authentication_certificate_password) { AuthenticationCertificatePrivateKey = null; AuthenticationCertificateCertificate = null; try { FileStream Cert = new FileStream(authentication_certificate_path, FileMode.Open, FileAccess.Read); var p12 = new Pkcs12Store(); p12.Load(Cert, authentication_certificate_password.ToCharArray()); foreach (string alias in p12.Aliases) { if (p12.IsKeyEntry(alias)) { AuthenticationCertificatePrivateKey = p12.GetKey(alias).Key; break; } } foreach (string alias in p12.Aliases) { X509CertificateEntry entry = p12.GetCertificate(alias); if (VerifyPivateAndPublicKey(entry.Certificate.GetPublicKey(), AuthenticationCertificatePrivateKey)) { AuthenticationCertificateCertificate = p12.GetCertificate(alias).Certificate; } } } catch (Exception ex) { return(false); } return(true); }
public static List <X509Certificate> InitStore(String p12FileName, char[] ksPass) { List <X509Certificate> certStore = new List <X509Certificate>(); string alias = null; Pkcs12Store pk12 = new Pkcs12Store(new FileStream(p12FileName, FileMode.Open, FileAccess.Read), ksPass); foreach (var a in pk12.Aliases) { alias = ((string)a); if (pk12.IsCertificateEntry(alias)) { certStore.Add(pk12.GetCertificate(alias).Certificate); } } return(certStore); }
protected static X509Certificate LoadCertificateFromKeyStore(String keystorePath, char[] ksPass) { string alias = null; Pkcs12Store pk12 = new Pkcs12Store(new FileStream(keystorePath, FileMode.Open, FileAccess.Read), ksPass); foreach (var a in pk12.Aliases) { alias = ((string)a); if (pk12.IsKeyEntry(alias)) { break; } } return(pk12.GetCertificate(alias).Certificate); }
private static byte[] SignData(byte[] data, Pkcs12Store signCertificate, DateTime?requestTimestamp = null) { var signCertAlias = signCertificate.Aliases.Cast <string>().First(signCertificate.IsKeyEntry); var signCertEntry = signCertificate.GetCertificate(signCertAlias); var signCert = signCertEntry.Certificate; var signPkEntry = signCertificate.GetKey(signCertAlias); var signPk = signPkEntry.Key; string digestName; if (signCert.SigAlgOid == PkcsObjectIdentifiers.Sha1WithRsaEncryption.Id) { digestName = "SHA1"; } else if (signCert.SigAlgOid == PkcsObjectIdentifiers.Sha256WithRsaEncryption.Id) { digestName = "SHA256"; } else { throw new ExtraException($"Unsupported digest algorithm {signCert.SigAlgName}"); } var digestOid = DigestUtilities.GetObjectIdentifier(digestName).Id; var digest = DigestUtilities.CalculateDigest(digestName, data); var signedAttrs = new Dictionary <object, object>() { { CmsAttributeTableParameter.Digest, digest } }; if (requestTimestamp.HasValue) { var signTimestamp = new Org.BouncyCastle.Asn1.Cms.Attribute(CmsAttributes.SigningTime, new DerSet(new Time(requestTimestamp.Value.ToUniversalTime()))); signedAttrs.Add(signTimestamp.AttrType, signTimestamp); } var signedAttrGen = new DefaultSignedAttributeTableGenerator(); var signedAttrTable = signedAttrGen.GetAttributes(signedAttrs); var generator = new CmsSignedDataGenerator(); generator.AddSigner(signPk, signCert, digestOid, new DefaultSignedAttributeTableGenerator(signedAttrTable), null); var signedData = generator.Generate(new CmsProcessableByteArray(data), true); return(signedData.GetEncoded()); }
public static X509Certificate getCertificadoX509(string arquivoCertificado, string senha, out AsymmetricKeyParameter chavePrivada) { chavePrivada = null; using (FileStream certificadoStream = new FileStream(arquivoCertificado, FileMode.Open, FileAccess.Read)) { Pkcs12Store armazemPkcs12 = new Pkcs12Store(); armazemPkcs12.Load(certificadoStream, senha.ToCharArray()); string certificadoCN = armazemPkcs12.Aliases.Cast <string>().FirstOrDefault(n => armazemPkcs12.IsKeyEntry(n)); //Console.WriteLine("keyAlias => " + certificadoCN); chavePrivada = armazemPkcs12.GetKey(certificadoCN).Key; return((X509Certificate)armazemPkcs12.GetCertificate(certificadoCN).Certificate); } }