Example #1
0
        public static byte[] GenerateRootCACertificate(CertificateSubject subject, DateTime startDate, DateTime expiryDate,
                                                       SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            if (subject == null)
            {
                throw new ArgumentNullException(nameof(subject));
            }

            if (signatureAlgorithm == null)
            {
                throw new ArgumentNullException(nameof(signatureAlgorithm));
            }

            var randomGenerator      = new CryptoApiRandomGenerator();
            var random               = new SecureRandom(randomGenerator);
            var certificateGenerator = new X509V3CertificateGenerator();

            AddStandardCertificateInfo(certificateGenerator, random, subject, subject, startDate, expiryDate);
            var subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

            certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
            certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
            var subjectKeyID = new byte[20];

            random.NextBytes(subjectKeyID, 0, 20);
            certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
            certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectKeyID));

            var algorithm = GetAlgorithm(signatureAlgorithm);
            // selfsign certificate
            var certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, subjectKeyPair.Private, random));

            return(ExportCertificate(certificate, subjectKeyPair, certificateFormat));
        }
Example #2
0
        public static byte[] GenerateRootCACertificate(CertificateSubject subject, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            byte[] result = null;

            CryptoApiRandomGenerator   randomGenerator      = new CryptoApiRandomGenerator();
            SecureRandom               random               = new SecureRandom(randomGenerator);
            X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();

            AddStandardCertificateInfo(certificateGenerator, random, subject, subject, startDate, expiryDate);
            AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

            certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
            certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
            byte[] subjectKeyID = new byte[20];
            random.NextBytes(subjectKeyID, 0, 20);
            certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
            certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectKeyID));

            string algorithm = GetAlgorithm(signatureAlgorithm);

            // selfsign certificate
            Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, subjectKeyPair.Private, random));

            result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);

            return(result);
        }
Example #3
0
        public static byte[] GenerateCertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate,
                                                 DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            if (subject == null)
            {
                throw new ArgumentNullException(nameof(subject));
            }

            if (issuer == null)
            {
                throw new ArgumentNullException(nameof(issuer));
            }

            if (signatureAlgorithm == null)
            {
                throw new ArgumentNullException(nameof(issuer));
            }

            if (!(issuer.PrivateKey is AsymmetricKeyParameter privateKey))
            {
                return(null);
            }

            var randomGenerator      = new CryptoApiRandomGenerator();
            var random               = new SecureRandom(randomGenerator);
            var certificateGenerator = new X509V3CertificateGenerator();

            AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
            var subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

            var algorithm = GetAlgorithm(signatureAlgorithm);

            certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
            certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
            certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth }));
            var subjectKeyID = new byte[20];

            random.NextBytes(subjectKeyID, 0, 20);
            certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
            if (issuer.SubjectKeyID != null)
            {
                certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
            }

            //if ((subject.AlternativeNames != null) && (subject.AlternativeNames.Count > 0))
            //{
            //    certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new SubjectAlternativeNames(false));
            //    //SubjectAlternativeName
            //    //GeneralName.DirectoryName
            //    //GeneralName.IPAddress
            //}

            var certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));

            return(ExportCertificate(certificate, subjectKeyPair, certificateFormat));
        }
Example #4
0
        public static byte[] Sign(AsymmetricKeyParameter privateKey, RSACryptoServiceProvider rsaKey, bool client, Version version, HandshakeInfo handshakeInfo,
                                  SignatureHashAlgorithm signatureHashAlgorithm, byte[] hash)
#endif
        {
            if (privateKey == null && rsaKey == null)
            {
                throw new ArgumentException("No key or Rsa CSP provided");
            }

            if (privateKey == null)
            {
                if (signatureHashAlgorithm.Signature == TSignatureAlgorithm.RSA)
                {
                    return(SignRsa(rsaKey, hash));
                }

                throw new ArgumentException("Need private key for non-RSA Algorithms");
            }

            if (version == null)
            {
                throw new ArgumentNullException(nameof(version));
            }

            if (handshakeInfo == null)
            {
                throw new ArgumentNullException(nameof(handshakeInfo));
            }

            if (signatureHashAlgorithm == null)
            {
                throw new ArgumentNullException(nameof(signatureHashAlgorithm));
            }

            if (hash == null)
            {
                throw new ArgumentNullException(nameof(hash));
            }

            TlsSigner signer = null;

            switch (signatureHashAlgorithm.Signature)
            {
            case TSignatureAlgorithm.Anonymous:
                break;

            case TSignatureAlgorithm.RSA:
                signer = new TlsRsaSigner();
                break;

            case TSignatureAlgorithm.DSA:
                signer = new TlsDssSigner();
                break;

            case TSignatureAlgorithm.ECDSA:

                signer = new TlsECDsaSigner();
                break;

            default:
                break;
            }

            var context         = new DTLSContext(client, version, handshakeInfo);
            var randomGenerator = new CryptoApiRandomGenerator();

            context.SecureRandom = new SecureRandom(randomGenerator);

            signer.Init(context);
            if (TlsUtilities.IsTlsV12(context))
            {
                var signatureAndHashAlgorithm = new SignatureAndHashAlgorithm((byte)signatureHashAlgorithm.Hash, (byte)signatureHashAlgorithm.Signature);
                return(signer.GenerateRawSignature(signatureAndHashAlgorithm, privateKey, hash));
            }
            else
            {
                return(signer.GenerateRawSignature(privateKey, hash));
            }
        }