public void CanAddExtensions() { X509V3ExtensionList extList = new X509V3ExtensionList(); extList.Add(new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash")); extList.Add(new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always")); extList.Add(new X509V3ExtensionValue("basicConstraints", true, "critical,CA:true")); extList.Add(new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign")); DateTime start = DateTime.Now; DateTime end = start + TimeSpan.FromMinutes(10); CryptoKey key = new CryptoKey(new DSA(true)); using (X509Certificate cert = new X509Certificate(101, "CN=Root", "CN=Root", key, start, end)) { foreach (X509V3ExtensionValue extValue in extList) { using (X509Extension ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value)) { cert.AddExtension(ext); } } foreach (X509Extension ext in cert.Extensions) { Console.WriteLine(ext); } Assert.AreEqual(extList.Count, cert.Extensions.Count); } }
/// <summary> /// Factory method that creates a X509CertificateAuthority instance with /// an internal self signed certificate. This method allows creation without /// the need for the Configuration file, X509V3Extensions may be added /// with the X509V3ExtensionList parameter /// </summary> /// <param name="seq"></param> /// <param name="key"></param> /// <param name="digest"></param> /// <param name="subject"></param> /// <param name="start"></param> /// <param name="validity"></param> /// <param name="extensions"></param> /// <returns></returns> public static X509CertificateAuthority SelfSigned( ISequenceNumber seq, CryptoKey key, MessageDigest digest, X509Name subject, DateTime start, TimeSpan validity, X509V3ExtensionList extensions) { X509Certificate cert = new X509Certificate( seq.Next(), subject, subject, key, start, start + validity); if (null != extensions) { foreach (X509V3ExtensionValue extValue in extensions) { X509Extension ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value); cert.AddExtension(ext); } } cert.Sign(key, digest); return(new X509CertificateAuthority(cert, key, seq, null)); }
/// <summary> /// Gets a list of X509V3Extensions that are required for creating a Certificate Authority. /// </summary> /// <returns>X509V3ExtensionList of parameters required to create a Certificate Authority.</returns> private static X509V3ExtensionList GetCertificateAuthorityExtensions() { var extensions = new X509V3ExtensionList(); extensions.Add(new X509V3ExtensionValue("basicConstraints", true, "CA:TRUE")); extensions.Add(new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash")); extensions.Add(new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always")); return(extensions); }
public void TestWithoutCfg() { BigNumber bn = 0x10001; CryptoKey key; using (RSA rsa = new RSA()) { rsa.GenerateKeys(2048, bn, OnGenerator, null); key = new CryptoKey(rsa); // rsa is assigned, we no longer need this instance } X509V3ExtensionList extList = new X509V3ExtensionList(); extList.Add(new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash")); extList.Add(new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always")); extList.Add(new X509V3ExtensionValue("basicConstraints", true, "critical,CA:true")); extList.Add(new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign")); using (X509CertificateAuthority root = X509CertificateAuthority.SelfSigned( new SimpleSerialNumber(), key, MessageDigest.SHA1, "Root1", DateTime.Now, TimeSpan.FromDays(365), extList)) { Console.WriteLine(root.Certificate); // Iterate the extensions Console.WriteLine("X509v3 Extensions:"); using (OpenSSL.Core.Stack <X509Extension> ext_stack = root.Certificate.Extensions) { foreach (X509Extension ext in ext_stack) { Console.WriteLine("Name:{0}, IsCritical:{1}, Value:{2}", ext.Name, ext.IsCritical, ext); } } } }
/// <summary> /// Gets a list of X509V3Extensions that are required for creating a Certificate Authority. /// </summary> /// <returns>X509V3ExtensionList of parameters required to create a Certificate Authority.</returns> private static X509V3ExtensionList GetCertificateAuthorityExtensions() { var extensions = new X509V3ExtensionList(); extensions.Add(new X509V3ExtensionValue("basicConstraints", true, "CA:TRUE")); extensions.Add(new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash")); extensions.Add(new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always")); return extensions; }
/// <summary> /// Factory method that creates a X509CertificateAuthority instance with /// an internal self signed certificate. This method allows creation without /// the need for the Configuration file, X509V3Extensions may be added /// with the X509V3ExtensionList parameter /// </summary> /// <param name="seq"></param> /// <param name="key"></param> /// <param name="digest"></param> /// <param name="subject"></param> /// <param name="start"></param> /// <param name="validity"></param> /// <param name="extensions"></param> /// <returns></returns> public static X509CertificateAuthority SelfSigned( ISequenceNumber seq, CryptoKey key, MessageDigest digest, X509Name subject, DateTime start, TimeSpan validity, X509V3ExtensionList extensions) { X509Certificate cert = new X509Certificate( seq.Next(), subject, subject, key, start, start + validity); if (null != extensions) { foreach (X509V3ExtensionValue extValue in extensions) { X509Extension ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value); cert.AddExtension(ext); } } cert.Sign(key, digest); return new X509CertificateAuthority(cert, key, seq, null); }
private void TestWithoutCfg() { BigNumber bn = 0x10001; CryptoKey key; using (RSA rsa = new RSA()) { rsa.GenerateKeys(2048, bn, OnGenerator, null); key = new CryptoKey(rsa); // rsa is assigned, we no longer need this instance } X509V3ExtensionList extList = new X509V3ExtensionList(); extList.Add(new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash")); extList.Add(new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always")); extList.Add(new X509V3ExtensionValue("basicConstraints", true, "critical,CA:true")); extList.Add(new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign")); using (X509CertificateAuthority root = X509CertificateAuthority.SelfSigned( new SimpleSerialNumber(), key, MessageDigest.SHA1, "Root1", DateTime.Now, TimeSpan.FromDays(365), extList)) { Console.WriteLine(root.Certificate); // Iterate the extensions Console.WriteLine("X509v3 Extensions:"); using (OpenSSL.Core.Stack<X509Extension> ext_stack = root.Certificate.Extensions) { foreach (X509Extension ext in ext_stack) { Console.WriteLine("Name:{0}, IsCritical:{1}, Value:{2}", ext.Name, ext.IsCritical, ext); } } } }
public void LoadOrCreateCA(String PKCS12Filename, X509Name Name, subjectAltName altNames) { FileInfo caPkcs12 = new FileInfo(PKCS12Filename); if (caPkcs12.Exists) { try { Byte[] bPKCS12 = File.ReadAllBytes(caPkcs12.FullName); // You need to write the CSR string to a BIO object as shown below. BIO pkcs12BIO = BIO.MemoryBuffer(); pkcs12BIO.Write(bPKCS12); X509Certificate cert = X509Certificate.FromPKCS12(pkcs12BIO, this.caPassword); if (RootCA != null) { RootCA.Dispose(); } RootCA = new X509CertificateAuthority(cert, cert.PrivateKey, new SimpleSerialNumber(1), cfg); } catch { RootCA = null; } } if (RootCA == null) { X509V3ExtensionList ext = new X509V3ExtensionList(); ext.Add(new X509V3ExtensionValue("nsComment", true, "SafeID - IAM Generated Certificate")); ext.Add(new X509V3ExtensionValue("basicConstraints", true, "CA:true")); //ext.Add(new X509V3ExtensionValue("keyUsage", true, "critical, cRLSign, keyCertSign, digitalSignature")); ext.Add(new X509V3ExtensionValue("subjectKeyIdentifier", true, "hash")); ext.Add(new X509V3ExtensionValue("authorityKeyIdentifier", true, "keyid,issuer:always")); if (altNames != null) { foreach (Uri u in altNames.Uri) { ext.Add(new X509V3ExtensionValue("subjectAltName", true, "URI:" + u.AbsoluteUri.ToLower())); } foreach (String m in altNames.Mail) { ext.Add(new X509V3ExtensionValue("subjectAltName", true, "email:" + m)); } foreach (String s in altNames.Dns) { ext.Add(new X509V3ExtensionValue("subjectAltName", true, "DNS:" + s)); } foreach (String s in altNames.Text) { ext.Add(new X509V3ExtensionValue("subjectAltName", true, "otherName:1.2.3.4;UTF8:" + s)); } } RootCA = X509CertificateAuthority.SelfSigned(new SimpleSerialNumber(), CreateNewRSAKey(2048), MessageDigest.SHA1, Name, DateTime.Now.AddHours(-24), (DateTime.Now.AddYears(10) - DateTime.Now), ext); BuildPKCS12AndSave(caPkcs12.FullName, this.caPassword, RootCA.Key, RootCA.Certificate); } }