public void CanAddExtensions()
        {
            var extList = new List <X509V3ExtensionValue> {
                new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash"),
                new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always"),
                new X509V3ExtensionValue("basicConstraints", true, "critical,CA:true"),
                new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"),
            };

            var start = DateTime.Now;
            var end   = start + TimeSpan.FromMinutes(10);

            using (var key = new CryptoKey(new DSA(true)))
                using (var cert = new X509Certificate(101, "CN=Root", "CN=Root", key, start, end))
                {
                    foreach (var extValue in extList)
                    {
                        using (var ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value))
                        {
                            cert.AddExtension(ext);
                        }
                    }

                    foreach (var ext in cert.Extensions)
                    {
                        Console.WriteLine(ext);
                    }

                    Assert.AreEqual(extList.Count, cert.Extensions.Count);
                }
        }
        public void CanAddExtensions()
        {
            X509V3ExtensionList extList = new X509V3ExtensionList();
            extList.Add(new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash"));
            extList.Add(new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always"));
            extList.Add(new X509V3ExtensionValue("basicConstraints", true, "critical,CA:true"));
            extList.Add(new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"));

            DateTime start = DateTime.Now;
            DateTime end = start + TimeSpan.FromMinutes(10);
            CryptoKey key = new CryptoKey(new DSA(true));
            using (X509Certificate cert = new X509Certificate(101, "CN=Root", "CN=Root", key, start, end)) {
                foreach (X509V3ExtensionValue extValue in extList) {
                    using (X509Extension ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value)) {
                        cert.AddExtension(ext);
                    }
                }

                foreach (X509Extension ext in cert.Extensions) {
                    Console.WriteLine(ext);
                }

                Assert.AreEqual(extList.Count, cert.Extensions.Count);
            }
        }
Example #3
0
        public FileInfo SignCertFromRequest(Byte[] requestData, Boolean ca)
        {
            FileInfo file = null;

            using (BIO bio = new BIO(requestData))
                using (X509Request request = new X509Request(bio))
                {
                    file = new FileInfo(Path.Combine(certDir.FullName, request.Subject.Common + ".cer"));

                    using (X509Certificate certificate = RootCA.ProcessRequest(request, DateTime.Now.AddHours(-24), DateTime.Now + TimeSpan.FromDays(365), MessageDigest.SHA1))
                    {
                        if (ca)
                        {
                            certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "basicConstraints", true, "CA:true"));
                            certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "keyUsage", true, "critical, cRLSign, keyCertSign, digitalSignature"));
                            certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "certificatePolicies", true, "2.5.29.32.0"));
                        }
                        else
                        {
                            certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "basicConstraints", true, "CA:false"));
                        }

                        certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "issuerAltName", true, "issuer:copy"));
                        certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "nsComment", true, "IAM Tester Generated Certificate"));
                        certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectKeyIdentifier", true, "hash"));
                        certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "authorityKeyIdentifier", true, "keyid,issuer:always"));
                        certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectAltName", true, "DNS:" + request.Subject.Common));

                        certificate.Sign(RootCA.Key, MessageDigest.SHA1);

                        using (FileStream fs = new FileStream(file.FullName, FileMode.Create, FileAccess.ReadWrite))
                            using (BinaryWriter bw = new BinaryWriter(fs))
                                using (BIO bio2 = BIO.MemoryBuffer())
                                {
                                    certificate.Write(bio2);
                                    Byte[] certData = bio2.ReadBytes((Int32)bio2.NumberWritten).Array;
                                    bw.Write(certData);
                                    bw.Close();
                                }

                        //Para atualizar com o tamanho e outros dados do arquivo
                        file = new FileInfo(file.FullName);
                    }
                }

            return(file);
        }
		/// <summary>
		/// Factory method that creates a X509CertificateAuthority instance with
		/// an internal self signed certificate. This method allows creation without
		/// the need for the Configuration file, X509V3Extensions may be added
		/// with the X509V3ExtensionList parameter
		/// </summary>
		/// <param name="seq"></param>
		/// <param name="key"></param>
		/// <param name="digest"></param>
		/// <param name="subject"></param>
		/// <param name="start"></param>
		/// <param name="validity"></param>
		/// <param name="extensions"></param>
		/// <returns></returns>
		public static X509CertificateAuthority SelfSigned(
			ISequenceNumber seq,
			CryptoKey key,
			MessageDigest digest,
			X509Name subject,
			DateTime start,
			TimeSpan validity,
			IEnumerable<X509V3ExtensionValue> extensions)
		{
			var cert = new X509Certificate(
				           seq.Next(),
				           subject,
				           subject,
				           key,
				           start,
				           start + validity);

			if (extensions != null)
			{
				foreach (var extValue in extensions)
				{
					using (var ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value))
					{
						cert.AddExtension(ext);
					}
				}
			}

			cert.Sign(key, digest);

			return new X509CertificateAuthority(cert, key, seq);
		}
        /// <summary>
        /// Factory method that creates a X509CertificateAuthority instance with
        /// an internal self signed certificate. This method allows creation without
        /// the need for the Configuration file, X509V3Extensions may be added
        /// with the X509V3ExtensionList parameter
        /// </summary>
        /// <param name="seq"></param>
        /// <param name="key"></param>
        /// <param name="digest"></param>
        /// <param name="subject"></param>
        /// <param name="start"></param>
        /// <param name="validity"></param>
        /// <param name="extensions"></param>
        /// <returns></returns>
        public static X509CertificateAuthority SelfSigned(
            ISequenceNumber seq,
            CryptoKey key,
            MessageDigest digest,
            X509Name subject,
            DateTime start,
            TimeSpan validity,
            X509V3ExtensionList extensions)
        {
            X509Certificate cert = new X509Certificate(
                seq.Next(),
                subject,
                subject,
                key,
                start,
                start + validity);

            if (null != extensions)
            {
                foreach (X509V3ExtensionValue extValue in extensions)
                {
                    X509Extension ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value);
                    cert.AddExtension(ext);
                }
            }

            cert.Sign(key, digest);

            return new X509CertificateAuthority(cert, key, seq, null);
		}
Example #6
0
        public String SignCert(X509Name Name, Boolean ca, subjectAltName altNames, Boolean saveFile, DateTime?expirationDate)
        {
            String certData = "";

            FileInfo file = new FileInfo(Path.Combine(certDir.FullName, Name.Common + ".pfx"));

            using (CryptoKey key = CreateNewRSAKey(4096))
            {
                int version = 2; // Version 2 is X.509 Version 3
                using (X509Request request = new X509Request(version, Name, key))
                    using (X509Certificate certificate = RootCA.ProcessRequest(request, DateTime.Now.AddHours(-24), (expirationDate.HasValue ? expirationDate.Value : DateTime.Now + TimeSpan.FromDays(365)), MessageDigest.SHA1))
                    {
                        if (ca)
                        {
                            certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "basicConstraints", true, "CA:true"));
                            certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "keyUsage", true, "critical, cRLSign, keyCertSign, digitalSignature"));
                            certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "certificatePolicies", true, "2.5.29.32.0"));
                        }
                        else
                        {
                            certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "basicConstraints", true, "CA:false"));
                        }

                        certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "issuerAltName", true, "issuer:copy"));
                        certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "nsComment", true, "SafeID - IAM Generated Certificate"));
                        certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectKeyIdentifier", true, "hash"));
                        certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "authorityKeyIdentifier", true, "keyid,issuer:always"));
                        //certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectAltName", true, "DNS:" + Name.Common));

                        if (altNames != null)
                        {
                            foreach (Uri u in altNames.Uri)
                            {
                                certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectAltName", true, "URI:" + u.AbsoluteUri.ToLower()));
                            }

                            foreach (String m in altNames.Mail)
                            {
                                certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectAltName", true, "email:" + m));
                            }

                            foreach (String s in altNames.Dns)
                            {
                                certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectAltName", true, "DNS:" + s));
                            }

                            foreach (String s in altNames.Text)
                            {
                                certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectAltName", true, "otherName:1.2.3.4;UTF8:" + s));
                            }
                        }

                        /*
                         * subjectAltName=email:copy,email:[email protected],URI:http://my.url.here/
                         * subjectAltName=IP:192.168.7.1
                         * subjectAltName=IP:13::17
                         * subjectAltName=email:[email protected],RID:1.2.3.4
                         * subjectAltName=otherName:1.2.3.4;UTF8:some other identifier*/


                        //certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "keyUsage", true, "nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, encipherOnly, decipherOnly, keyAgreement"));
                        //certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "extendedKeyUsage", true, "clientAuth"));
                        //certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "crlDistributionPoints", true, "URI:http://ok/certEnroll/ok-ca.crl"));

                        certificate.Sign(RootCA.Key, MessageDigest.SHA1);

                        if (saveFile)
                        {
                            certData = BuildPKCS12AndSave(file.FullName, this.signedPassword, key, certificate);
                        }
                        else
                        {
                            certData = BuildPKCS12(this.signedPassword, key, certificate);
                        }
                    }
            }

            return(certData);
        }