public void TestGenCSR() { var pem = File.ReadAllText("openssl-rsagen-privatekey.txt"); var rsa = CryptoKey.FromPrivateKey(pem, null); //pem = File.ReadAllText("openssl-rsagen-publickey.txt"); //rsa = CryptoKey.FromPublicKey(pem, null); var nam = new X509Name(); nam.Common = "FOOBAR"; nam.Country = "US"; var csr = new X509Request(); csr.PublicKey = rsa; csr.Subject = nam; csr.Sign(rsa, MessageDigest.SHA256); File.WriteAllText("openssl-requ-csr.txt", csr.PEM); using (var bioOut = BIO.MemoryBuffer()) { csr.Write_DER(bioOut); var arr = bioOut.ReadBytes((int)bioOut.BytesPending); File.WriteAllBytes("openssl-requ-csr.der", arr.Array); } //using (var bioIn = BIO.MemoryBuffer()) //{ // var pem2 = File.ReadAllText("openssl-requ-csr.txt"); // bioIn.Write(pem2); // var csr = new X509Request() // var x509 = new X509Certificate(bioIn); //} }
/// <summary> /// Process and X509Request. This includes creating a new X509Certificate /// and signing this certificate with this CA's private key. /// </summary> /// <param name="request"></param> /// <param name="startTime"></param> /// <param name="endTime"></param> /// <param name="digest"></param> /// <returns></returns> public X509Certificate ProcessRequest(X509Request request, DateTime startTime, DateTime endTime, MessageDigest digest) { //using (CryptoKey pkey = request.PublicKey) //{ // if (!request.Verify(pkey)) // throw new Exception("Request signature validation failed"); //} X509Certificate cert = new X509Certificate( serial.Next(), request.Subject, this.caCert.Subject, request.PublicKey, startTime, endTime); if (this.cfg != null) { this.cfg.ApplyExtensions("v3_ca", this.caCert, cert, request); } cert.Sign(this.caKey, digest); return(cert); }
public static Csr GenerateCsr(CsrDetails csrDetails, RsaKeyPair rsaKeyPair, string messageDigest = "SHA256") { var rsaKeys = CryptoKey.FromPrivateKey(rsaKeyPair.Pem, null); // Translate from our external form to our OpenSSL internal form // Ref: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_new.html var xn = new X509Name(); if (!string.IsNullOrEmpty(csrDetails.CommonName /**/)) xn.Common = csrDetails.CommonName; // CN; if (!string.IsNullOrEmpty(csrDetails.Country /**/)) xn.Common = csrDetails.Country; // C; if (!string.IsNullOrEmpty(csrDetails.StateOrProvince /**/)) xn.Common = csrDetails.StateOrProvince; // ST; if (!string.IsNullOrEmpty(csrDetails.Locality /**/)) xn.Common = csrDetails.Locality; // L; if (!string.IsNullOrEmpty(csrDetails.Organization /**/)) xn.Common = csrDetails.Organization; // O; if (!string.IsNullOrEmpty(csrDetails.OrganizationUnit /**/)) xn.Common = csrDetails.OrganizationUnit; // OU; if (!string.IsNullOrEmpty(csrDetails.Description /**/)) xn.Common = csrDetails.Description; // D; if (!string.IsNullOrEmpty(csrDetails.Surname /**/)) xn.Common = csrDetails.Surname; // S; if (!string.IsNullOrEmpty(csrDetails.GivenName /**/)) xn.Common = csrDetails.GivenName; // G; if (!string.IsNullOrEmpty(csrDetails.Initials /**/)) xn.Common = csrDetails.Initials; // I; if (!string.IsNullOrEmpty(csrDetails.Title /**/)) xn.Common = csrDetails.Title; // T; if (!string.IsNullOrEmpty(csrDetails.SerialNumber /**/)) xn.Common = csrDetails.SerialNumber; // SN; if (!string.IsNullOrEmpty(csrDetails.UniqueIdentifier /**/)) xn.Common = csrDetails.UniqueIdentifier; // UID; var xr = new X509Request(0, xn, rsaKeys); var md = MessageDigest.CreateByName(messageDigest); ; xr.Sign(rsaKeys, md); using (var bio = BIO.MemoryBuffer()) { xr.Write(bio); return new Csr(bio.ReadString()); } }
public void CanAddRequestExtensions() { var extList = new List<X509V3ExtensionValue> { new X509V3ExtensionValue("subjectAltName", false, "DNS:foo.com,DNS:bar.org"), new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"), }; var start = DateTime.Now; var end = start + TimeSpan.FromMinutes(10); using (var key = new CryptoKey(RSA.FromPrivateKey(new BIO(RSA_KEY)))) using (var request = new X509Request(1,new X509Name("foo"),key)) { OpenSSL.Core.Stack<X509Extension> extensions = new OpenSSL.Core.Stack<X509Extension>(); foreach (var extValue in extList) { using (var ext = new X509Extension(request, extValue.Name, extValue.IsCritical, extValue.Value)) { Console.WriteLine(ext); extensions.Add(ext); } } request.AddExtensions(extensions); Assert.AreEqual(EXPECTED_CERT, request.PEM); } }
/// <summary> /// Process an X509Request. This includes creating a new X509Certificate /// and signing this certificate with this CA's private key. /// </summary> /// <param name="request"></param> /// <param name="startTime"></param> /// <param name="endTime"></param> /// <param name="cfg"></param> /// <param name="section"></param> /// <param name="digest"></param> /// <returns></returns> public X509Certificate ProcessRequest( X509Request request, DateTime startTime, DateTime endTime, Configuration cfg, string section, MessageDigest digest) { // using (var pkey = request.PublicKey) // { // if (!request.Verify(pkey)) // throw new Exception("Request signature validation failed"); // } var cert = new X509Certificate( serial.Next(), request.Subject, this.caCert.Subject, request.PublicKey, startTime, endTime); if (cfg != null) { cfg.ApplyExtensions(section, caCert, cert, request); } cert.Sign(caKey, digest); return(cert); }
/// <summary> /// Calls X509V3_EXT_conf_nid() /// </summary> /// <param name="request"></param> /// <param name="name"></param> /// <param name="critical"></param> /// <param name="value"></param> public X509Extension(X509Request request, string name, bool critical, string value) : base(IntPtr.Zero, true) { using (var ctx = new X509V3Context(null, null, request)) { ptr = Native.ExpectNonNull(Native.X509V3_EXT_conf_nid(IntPtr.Zero, ctx.Handle, Native.TextToNID(name), value)); } }
/// <summary> /// Create a X509Request for this identity, using the specified name and digest. /// </summary> /// <param name="name"></param> /// <param name="digest"></param> /// <returns></returns> public X509Request CreateRequest(string name, MessageDigest digest) { X509Name subject = new X509Name(name); X509Request request = new X509Request(2, subject, this.key); request.Sign(key, digest); return(request); }
/// <summary> /// Process an X509Request. This includes creating a new X509Certificate /// and signing this certificate with this CA's private key. /// </summary> /// <param name="request"></param> /// <param name="startTime"></param> /// <param name="endTime"></param> /// <param name="cfg"></param> /// <param name="section"></param> /// <returns></returns> public X509Certificate ProcessRequest( X509Request request, DateTime startTime, DateTime endTime, Configuration cfg, string section) { return(ProcessRequest(request, startTime, endTime, cfg, section, MessageDigest.DSS1)); }
/// <summary> /// Calls X509V3_set_ctx() /// </summary> /// <param name="issuer"></param> /// <param name="subject"></param> /// <param name="request"></param> public X509V3Context(X509Certificate issuer, X509Certificate subject, X509Request request) : this() { Native.X509V3_set_ctx( this.ptr, issuer != null ? issuer.Handle : IntPtr.Zero, subject != null ? subject.Handle : IntPtr.Zero, request != null ? request.Handle : IntPtr.Zero, IntPtr.Zero, 0); }
/// <summary> /// Creates a X509v3Context(), calls X509V3_set_ctx() on it, then calls /// X509V3_EXT_add_nconf() /// </summary> /// <param name="section"></param> /// <param name="issuer"></param> /// <param name="subject"></param> /// <param name="request"></param> public void ApplyExtensions( string section, X509Certificate issuer, X509Certificate subject, X509Request request) { using (X509V3Context ctx = new X509V3Context(issuer, subject, request)) { ctx.SetConfiguration(this); Native.ExpectSuccess(Native.X509V3_EXT_add_nconf( this.ptr, ctx.Handle, Encoding.ASCII.GetBytes(section), subject.Handle)); } }
X509Certificate CreateCertificate(X509CertificateAuthority ca, string name, Configuration cfg, string section) { var now = DateTime.Now; var future = now + TimeSpan.FromDays(365); using (var subject = new X509Name(name)) using (var rsa = new RSA()) { rsa.GenerateKeys(1024, BigNumber.One, null, null); using (var key = new CryptoKey(rsa)) { var request = new X509Request(1, subject, key); var cert = ca.ProcessRequest(request, now, future, cfg, section); cert.PrivateKey = key; return cert; } } }
public static void ConvertPemToDer(Stream source, Stream target) { using (var ts = new StreamReader(source)) { using (var xr = new X509Request(ts.ReadToEnd())) { using (var bio = BIO.MemoryBuffer()) { xr.Write_DER(bio); var arr = bio.ReadBytes((int)bio.BytesPending); target.Write(arr.Array, arr.Offset, arr.Count); } } } }
/// <summary> /// Process and X509Request. This includes creating a new X509Certificate /// and signing this certificate with this CA's private key. /// </summary> /// <param name="request"></param> /// <param name="startTime"></param> /// <param name="endTime"></param> /// <returns></returns> public X509Certificate ProcessRequest(X509Request request, DateTime startTime, DateTime endTime) { return(ProcessRequest(request, startTime, endTime, MessageDigest.DSS1)); }
/// <summary> /// Creates a X509v3Context(), calls X509V3_set_ctx() on it, then calls /// X509V3_EXT_add_nconf() /// </summary> /// <param name="section"></param> /// <param name="issuer"></param> /// <param name="subject"></param> /// <param name="request"></param> public void ApplyExtensions( string section, X509Certificate issuer, X509Certificate subject, X509Request request) { using (var ctx = new X509V3Context(issuer, subject, request)) { ctx.SetConfiguration(this); Native.ExpectSuccess(Native.X509V3_EXT_add_nconf( this.ptr, ctx.Handle, Encoding.ASCII.GetBytes(section), subject.Handle)); } }
/// <summary> /// Process an X509Request. This includes creating a new X509Certificate /// and signing this certificate with this CA's private key. /// </summary> /// <param name="request"></param> /// <param name="startTime"></param> /// <param name="endTime"></param> /// <param name="cfg"></param> /// <param name="section"></param> /// <param name="digest"></param> /// <returns></returns> public X509Certificate ProcessRequest( X509Request request, DateTime startTime, DateTime endTime, Configuration cfg, string section, MessageDigest digest) { // using (var pkey = request.PublicKey) // { // if (!request.Verify(pkey)) // throw new Exception("Request signature validation failed"); // } var cert = new X509Certificate( serial.Next(), request.Subject, this.caCert.Subject, request.PublicKey, startTime, endTime); if (cfg != null) cfg.ApplyExtensions(section, caCert, cert, request); cert.Sign(caKey, digest); return cert; }
/// <summary> /// Process an X509Request. This includes creating a new X509Certificate /// and signing this certificate with this CA's private key. /// </summary> /// <param name="request"></param> /// <param name="startTime"></param> /// <param name="endTime"></param> /// <param name="cfg"></param> /// <param name="section"></param> /// <returns></returns> public X509Certificate ProcessRequest( X509Request request, DateTime startTime, DateTime endTime, Configuration cfg, string section) { return ProcessRequest(request, startTime, endTime, cfg, section, MessageDigest.DSS1); }
/// <summary> /// Create a X509Request for this identity, using the specified name and digest. /// </summary> /// <param name="name"></param> /// <param name="digest"></param> /// <returns></returns> public X509Request CreateRequest(string name, MessageDigest digest) { var subject = new X509Name(name); var request = new X509Request(2, subject, key); request.Sign(key, digest); return request; }
public void ExportAsDer(Stream s) { var xr = new X509Request(Pem); using (var bio = BIO.MemoryBuffer()) { xr.Write_DER(bio); var arr = bio.ReadBytes((int)bio.BytesPending); s.Write(arr.Array, arr.Offset, arr.Count); } }
/// <summary> /// Process and X509Request. This includes creating a new X509Certificate /// and signing this certificate with this CA's private key. /// </summary> /// <param name="request"></param> /// <param name="startTime"></param> /// <param name="endTime"></param> /// <param name="digest"></param> /// <returns></returns> public X509Certificate ProcessRequest(X509Request request, DateTime startTime, DateTime endTime, MessageDigest digest) { //using (CryptoKey pkey = request.PublicKey) //{ // if (!request.Verify(pkey)) // throw new Exception("Request signature validation failed"); //} X509Certificate cert = new X509Certificate( serial.Next(), request.Subject, this.caCert.Subject, request.PublicKey, startTime, endTime); if (this.cfg != null) this.cfg.ApplyExtensions("v3_ca", this.caCert, cert, request); cert.Sign(this.caKey, digest); return cert; }
/// <summary> /// Process and X509Request. This includes creating a new X509Certificate /// and signing this certificate with this CA's private key. /// </summary> /// <param name="request"></param> /// <param name="startTime"></param> /// <param name="endTime"></param> /// <returns></returns> public X509Certificate ProcessRequest(X509Request request, DateTime startTime, DateTime endTime) { return ProcessRequest(request, startTime, endTime, MessageDigest.DSS1); }