public static SubjectKeyIdentifier CreateTruncatedSha1KeyIdentifier(SubjectPublicKeyInfo keyInfo)
{
byte[] digest = SubjectKeyIdentifier.GetDigest(keyInfo);
byte[] array = new byte[8];
Array.Copy(digest, digest.Length - 8, array, 0, array.Length);
byte[] expr_25_cp_0 = array;
int expr_25_cp_1 = 0;
expr_25_cp_0[expr_25_cp_1] &= 15;
byte[] expr_3B_cp_0 = array;
int expr_3B_cp_1 = 0;
expr_3B_cp_0[expr_3B_cp_1] |= 64;
return(new SubjectKeyIdentifier(array));
}
public static SubjectKeyIdentifier GetInstance(object obj)
{
if (obj is SubjectKeyIdentifier)
{
return((SubjectKeyIdentifier)obj);
}
if (obj is SubjectPublicKeyInfo)
{
return(new SubjectKeyIdentifier((SubjectPublicKeyInfo)obj));
}
if (obj is Asn1OctetString)
{
return(new SubjectKeyIdentifier((Asn1OctetString)obj));
}
if (obj is X509Extension)
{
return(SubjectKeyIdentifier.GetInstance(X509Extension.ConvertValueToObject((X509Extension)obj)));
}
throw new ArgumentException("Invalid SubjectKeyIdentifier: " + obj.GetType().Name);
}
public static SubjectKeyIdentifier retrieveSubjectKeyIdentifier(X509Certificate x509Certificate)
{
SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier();
X509Extension x509Extension = x509Certificate.CertificateStructure.TbsCertificate.Extensions.GetExtension(new DerObjectIdentifier(OIDS.OID_SUBJECT_KEY_IDENTIFIER_EXTENSION));
if (x509Extension != null)
{
Org.BouncyCastle.Asn1.X509.SubjectKeyIdentifier subjectKeyIdentifierExtension = Org.BouncyCastle.Asn1.X509.SubjectKeyIdentifier.GetInstance(x509Extension);
subjectKeyIdentifier.HasSubjectKeyIdentifierExtension = true;
subjectKeyIdentifier.IsCritical = x509Extension.IsCritical;
subjectKeyIdentifier.keyIdentifier = subjectKeyIdentifierExtension.GetKeyIdentifier();
//todo: add issuer and serial fields.
}
else
{
subjectKeyIdentifier.HasSubjectKeyIdentifierExtension = false;
}
return(subjectKeyIdentifier);
}
/// <summary>
/// Create a new certificate
/// </summary>
/// <param name="issuer">Issuer certificate, if null then self-sign</param>
/// <param name="subjectName">Subject name</param>
/// <param name="serialNumber">Serial number of certificate, if null then will generate a new one</param>
/// <param name="signature">If true create an AT_SIGNATURE key, otherwise AT_EXCHANGE</param>
/// <param name="keySize">Size of RSA key</param>
/// <param name="notBefore">Start date of certificate</param>
/// <param name="notAfter">End date of certificate</param>
/// <param name="extensions">Array of extensions, if null then no extensions</param>
/// <param name="hashAlgorithm">Specify the signature hash algorithm</param>
/// <returns>The created X509 certificate</returns>
public SystemX509.X509Certificate2 CreateCert(SystemX509.X509Certificate2 issuer, SystemX509.X500DistinguishedName subjectName,
byte[] serialNumber, bool signature, int keySize, CertificateHashAlgorithm hashAlgorithm, DateTime notBefore,
DateTime notAfter, SystemX509.X509ExtensionCollection extensions)
{
X509V3CertificateGenerator builder = new X509V3CertificateGenerator();
AsymmetricAlgorithm subjectKey = CreateRSAKey(keySize, signature);
AsymmetricAlgorithm signKey = issuer == null ? subjectKey : issuer.PrivateKey;
if (signKey == null)
{
throw new ArgumentException(Properties.Resources.CreateCert_NoPrivateKey);
}
AsymmetricCipherKeyPair bcSubjectKey = GetRsaKeyPair((RSACryptoServiceProvider)subjectKey);
AsymmetricCipherKeyPair bcSignKey = GetRsaKeyPair((RSACryptoServiceProvider)signKey);
X509Name issuerNameObj = issuer == null ? X509Name.GetInstance(Asn1Object.FromByteArray(subjectName.RawData))
: X509Name.GetInstance(Asn1Object.FromByteArray(issuer.SubjectName.RawData));
X509Name subjectNameObj = X509Name.GetInstance(Asn1Object.FromByteArray(subjectName.RawData));
BigInteger subjectSerial = new BigInteger(1, serialNumber != null ? serialNumber : Guid.NewGuid().ToByteArray());
BigInteger issuerSerial = issuer == null ? subjectSerial : new BigInteger(1, issuer.GetSerialNumber());
builder.SetIssuerDN(issuerNameObj);
builder.SetSubjectDN(subjectNameObj);
builder.SetSerialNumber(subjectSerial);
builder.SetSignatureAlgorithm(HashAlgorithmToName(hashAlgorithm));
builder.SetNotBefore(notBefore.ToUniversalTime());
builder.SetNotAfter(notAfter.ToUniversalTime());
builder.SetPublicKey(bcSubjectKey.Public);
SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(bcSignKey.Public);
AuthorityKeyIdentifier authKeyId = new AuthorityKeyIdentifier(info, new GeneralNames(new GeneralName(issuerNameObj)), issuerSerial);
SubjectKeyIdentifier subjectKeyid = new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(bcSubjectKey.Public));
builder.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, true, authKeyId);
builder.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, true, subjectKeyid);
if (extensions != null)
{
foreach (SystemX509.X509Extension ext in extensions)
{
if (!ext.Oid.Value.Equals(X509Extensions.AuthorityKeyIdentifier.Id)
&& !ext.Oid.Value.Equals(X509Extensions.SubjectKeyIdentifier.Id)
&& !ext.Oid.Value.Equals(szOID_AUTHORITY_KEY_IDENTIFIER2))
{
Asn1InputStream istm = new Org.BouncyCastle.Asn1.Asn1InputStream(ext.RawData);
Asn1Object obj = istm.ReadObject();
builder.AddExtension(ext.Oid.Value, ext.Critical, obj);
}
}
}
X509Certificate cert = builder.Generate(bcSignKey.Private);
SystemX509.X509Certificate2 ret = new SystemX509.X509Certificate2(cert.GetEncoded(), (string)null, SystemX509.X509KeyStorageFlags.Exportable);
ret.PrivateKey = subjectKey;
return ret;
}
public SubjectKeyIdentifier(SubjectPublicKeyInfo spki)
{
this.keyIdentifier = SubjectKeyIdentifier.GetDigest(spki);
}
public static SubjectKeyIdentifier GetInstance(Asn1TaggedObject obj, bool explicitly)
{
return(SubjectKeyIdentifier.GetInstance(Asn1OctetString.GetInstance(obj, explicitly)));
}
public OriginatorIdentifierOrKey(
SubjectKeyIdentifier id)
{
this.id = new DerTaggedObject(false, 0, id);
}
/// <summary>
/// Add the Subject Key Identifier.
/// </summary>
/// <param name="certificateGenerator"></param>
/// <param name="subjectKeyPair"></param>
private static void AddSubjectKeyIdentifier(X509V3CertificateGenerator certificateGenerator,
AsymmetricCipherKeyPair subjectKeyPair)
{
var subjectKeyIdentifierExtension =
new SubjectKeyIdentifier(
SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public));
certificateGenerator.AddExtension(
X509Extensions.SubjectKeyIdentifier.Id, false, subjectKeyIdentifierExtension);
}
