public void CanAddExtensions()
{
X509V3ExtensionList extList = new X509V3ExtensionList();
extList.Add(new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash"));
extList.Add(new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always"));
extList.Add(new X509V3ExtensionValue("basicConstraints", true, "critical,CA:true"));
extList.Add(new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"));
DateTime start = DateTime.Now;
DateTime end = start + TimeSpan.FromMinutes(10);
CryptoKey key = new CryptoKey(new DSA(true));
using (X509Certificate cert = new X509Certificate(101, "CN=Root", "CN=Root", key, start, end))
{
foreach (X509V3ExtensionValue extValue in extList)
{
using (X509Extension ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value))
{
cert.AddExtension(ext);
}
}
foreach (X509Extension ext in cert.Extensions)
{
Console.WriteLine(ext);
}
Assert.AreEqual(extList.Count, cert.Extensions.Count);
}
}
/// <summary>
/// Factory method that creates a X509CertificateAuthority instance with
/// an internal self signed certificate. This method allows creation without
/// the need for the Configuration file, X509V3Extensions may be added
/// with the X509V3ExtensionList parameter
/// </summary>
/// <param name="seq"></param>
/// <param name="key"></param>
/// <param name="digest"></param>
/// <param name="subject"></param>
/// <param name="start"></param>
/// <param name="validity"></param>
/// <param name="extensions"></param>
/// <returns></returns>
public static X509CertificateAuthority SelfSigned(
ISequenceNumber seq,
CryptoKey key,
MessageDigest digest,
X509Name subject,
DateTime start,
TimeSpan validity,
X509V3ExtensionList extensions)
{
X509Certificate cert = new X509Certificate(
seq.Next(),
subject,
subject,
key,
start,
start + validity);
if (null != extensions)
{
foreach (X509V3ExtensionValue extValue in extensions)
{
X509Extension ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value);
cert.AddExtension(ext);
}
}
cert.Sign(key, digest);
return(new X509CertificateAuthority(cert, key, seq, null));
}
public void CanAddExtensions()
{
X509V3ExtensionList extList = new X509V3ExtensionList();
extList.Add(new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash"));
extList.Add(new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always"));
extList.Add(new X509V3ExtensionValue("basicConstraints", true, "critical,CA:true"));
extList.Add(new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"));
DateTime start = DateTime.Now;
DateTime end = start + TimeSpan.FromMinutes(10);
CryptoKey key = new CryptoKey(new DSA(true));
using (X509Certificate cert = new X509Certificate(101, "CN=Root", "CN=Root", key, start, end)) {
foreach (X509V3ExtensionValue extValue in extList) {
using (X509Extension ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value)) {
cert.AddExtension(ext);
}
}
foreach (X509Extension ext in cert.Extensions) {
Console.WriteLine(ext);
}
Assert.AreEqual(extList.Count, cert.Extensions.Count);
}
}
/// <summary>
/// Gets a list of X509V3Extensions that are required for creating a Certificate Authority.
/// </summary>
/// <returns>X509V3ExtensionList of parameters required to create a Certificate Authority.</returns>
private static X509V3ExtensionList GetCertificateAuthorityExtensions()
{
var extensions = new X509V3ExtensionList();
extensions.Add(new X509V3ExtensionValue("basicConstraints", true, "CA:TRUE"));
extensions.Add(new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash"));
extensions.Add(new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always"));
return(extensions);
}
public void TestWithoutCfg()
{
BigNumber bn = 0x10001;
CryptoKey key;
using (RSA rsa = new RSA()) {
rsa.GenerateKeys(2048, bn, OnGenerator, null);
key = new CryptoKey(rsa);
// rsa is assigned, we no longer need this instance
}
X509V3ExtensionList extList = new X509V3ExtensionList();
extList.Add(new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash"));
extList.Add(new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always"));
extList.Add(new X509V3ExtensionValue("basicConstraints", true, "critical,CA:true"));
extList.Add(new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"));
using (X509CertificateAuthority root = X509CertificateAuthority.SelfSigned(
new SimpleSerialNumber(),
key,
MessageDigest.SHA1,
"Root1",
DateTime.Now,
TimeSpan.FromDays(365),
extList)) {
Console.WriteLine(root.Certificate);
// Iterate the extensions
Console.WriteLine("X509v3 Extensions:");
using (OpenSSL.Core.Stack <X509Extension> ext_stack = root.Certificate.Extensions) {
foreach (X509Extension ext in ext_stack)
{
Console.WriteLine("Name:{0}, IsCritical:{1}, Value:{2}", ext.Name, ext.IsCritical, ext);
}
}
}
}
/// <summary>
/// Gets a list of X509V3Extensions that are required for creating a Certificate Authority.
/// </summary>
/// <returns>X509V3ExtensionList of parameters required to create a Certificate Authority.</returns>
private static X509V3ExtensionList GetCertificateAuthorityExtensions()
{
var extensions = new X509V3ExtensionList();
extensions.Add(new X509V3ExtensionValue("basicConstraints", true, "CA:TRUE"));
extensions.Add(new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash"));
extensions.Add(new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always"));
return extensions;
}
/// <summary>
/// Factory method that creates a X509CertificateAuthority instance with
/// an internal self signed certificate. This method allows creation without
/// the need for the Configuration file, X509V3Extensions may be added
/// with the X509V3ExtensionList parameter
/// </summary>
/// <param name="seq"></param>
/// <param name="key"></param>
/// <param name="digest"></param>
/// <param name="subject"></param>
/// <param name="start"></param>
/// <param name="validity"></param>
/// <param name="extensions"></param>
/// <returns></returns>
public static X509CertificateAuthority SelfSigned(
ISequenceNumber seq,
CryptoKey key,
MessageDigest digest,
X509Name subject,
DateTime start,
TimeSpan validity,
X509V3ExtensionList extensions)
{
X509Certificate cert = new X509Certificate(
seq.Next(),
subject,
subject,
key,
start,
start + validity);
if (null != extensions)
{
foreach (X509V3ExtensionValue extValue in extensions)
{
X509Extension ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value);
cert.AddExtension(ext);
}
}
cert.Sign(key, digest);
return new X509CertificateAuthority(cert, key, seq, null);
}
private void TestWithoutCfg() {
BigNumber bn = 0x10001;
CryptoKey key;
using (RSA rsa = new RSA()) {
rsa.GenerateKeys(2048, bn, OnGenerator, null);
key = new CryptoKey(rsa);
// rsa is assigned, we no longer need this instance
}
X509V3ExtensionList extList = new X509V3ExtensionList();
extList.Add(new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash"));
extList.Add(new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always"));
extList.Add(new X509V3ExtensionValue("basicConstraints", true, "critical,CA:true"));
extList.Add(new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"));
using (X509CertificateAuthority root = X509CertificateAuthority.SelfSigned(
new SimpleSerialNumber(),
key,
MessageDigest.SHA1,
"Root1",
DateTime.Now,
TimeSpan.FromDays(365),
extList)) {
Console.WriteLine(root.Certificate);
// Iterate the extensions
Console.WriteLine("X509v3 Extensions:");
using (OpenSSL.Core.Stack<X509Extension> ext_stack = root.Certificate.Extensions) {
foreach (X509Extension ext in ext_stack) {
Console.WriteLine("Name:{0}, IsCritical:{1}, Value:{2}", ext.Name, ext.IsCritical, ext);
}
}
}
}
public void LoadOrCreateCA(String PKCS12Filename, X509Name Name, subjectAltName altNames)
{
FileInfo caPkcs12 = new FileInfo(PKCS12Filename);
if (caPkcs12.Exists)
{
try
{
Byte[] bPKCS12 = File.ReadAllBytes(caPkcs12.FullName);
// You need to write the CSR string to a BIO object as shown below.
BIO pkcs12BIO = BIO.MemoryBuffer();
pkcs12BIO.Write(bPKCS12);
X509Certificate cert = X509Certificate.FromPKCS12(pkcs12BIO, this.caPassword);
if (RootCA != null)
{
RootCA.Dispose();
}
RootCA = new X509CertificateAuthority(cert, cert.PrivateKey, new SimpleSerialNumber(1), cfg);
}
catch
{
RootCA = null;
}
}
if (RootCA == null)
{
X509V3ExtensionList ext = new X509V3ExtensionList();
ext.Add(new X509V3ExtensionValue("nsComment", true, "SafeID - IAM Generated Certificate"));
ext.Add(new X509V3ExtensionValue("basicConstraints", true, "CA:true"));
//ext.Add(new X509V3ExtensionValue("keyUsage", true, "critical, cRLSign, keyCertSign, digitalSignature"));
ext.Add(new X509V3ExtensionValue("subjectKeyIdentifier", true, "hash"));
ext.Add(new X509V3ExtensionValue("authorityKeyIdentifier", true, "keyid,issuer:always"));
if (altNames != null)
{
foreach (Uri u in altNames.Uri)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "URI:" + u.AbsoluteUri.ToLower()));
}
foreach (String m in altNames.Mail)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "email:" + m));
}
foreach (String s in altNames.Dns)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "DNS:" + s));
}
foreach (String s in altNames.Text)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "otherName:1.2.3.4;UTF8:" + s));
}
}
RootCA = X509CertificateAuthority.SelfSigned(new SimpleSerialNumber(), CreateNewRSAKey(2048), MessageDigest.SHA1, Name, DateTime.Now.AddHours(-24), (DateTime.Now.AddYears(10) - DateTime.Now), ext);
BuildPKCS12AndSave(caPkcs12.FullName, this.caPassword, RootCA.Key, RootCA.Certificate);
}
}
