| public Verify ( AsymmetricKeyParameter key ) : void | ||
| key | AsymmetricKeyParameter | An appropriate public key parameter object, RsaPublicKeyParameters, DsaPublicKeyParameters or ECDsaPublicKeyParameters |
| return | void | |
public static Org.BouncyCastle.X509.X509Certificate CreateCert(String cn,
AsymmetricKeyParameter pubKey, AsymmetricKeyParameter privKey)
{
Hashtable attrs = new Hashtable();
attrs.Add(X509Name.CN, cn);
ArrayList ord = new ArrayList(attrs.Keys);
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(new X509Name(ord, attrs));
certGen.SetNotBefore(DateTime.UtcNow.AddDays(-30));
certGen.SetNotAfter(DateTime.UtcNow.AddDays(30));
certGen.SetSubjectDN(new X509Name(ord, attrs));
certGen.SetPublicKey(pubKey);
certGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
Org.BouncyCastle.X509.X509Certificate cert = certGen.Generate(privKey);
cert.CheckValidity(DateTime.UtcNow);
cert.Verify(pubKey);
return(cert);
}
public static Org.BouncyCastle.X509.X509Certificate ValidateAndGetDerivedIssuer(this Org.BouncyCastle.X509.X509Certificate cert, IX509Store issuerChains)
{
Org.BouncyCastle.X509.X509Certificate issuer = null;
//does it look like a self signed?
if (!cert.IssuerDN.Equivalent(cert.SubjectDN, false))
{
return(null);
}
//is it a self signed?
try
{
cert.Verify(cert.GetPublicKey());
return(null);
}
catch (InvalidKeyException)
{
//we have to come here
}
//It isn't self signed, lets see if we can find a valid issuer.
var issuerSelector = new SignerID();
issuerSelector.Subject = cert.IssuerDN;
foreach (Org.BouncyCastle.X509.X509Certificate potentialIssuer in issuerChains.GetMatches(issuerSelector))
{
try
{
cert.Verify(potentialIssuer.GetPublicKey());
}
catch (InvalidKeyException)
{
//Not the actual signer, lets try the next one
continue;
}
//Find the most recent issuer that is valid
if (potentialIssuer.IsBetter(issuer, cert.NotBefore))
{
issuer = potentialIssuer;
}
}
return(issuer);
}
internal static bool VerifyCertificateSignature(X509Certificate certificate, AsymmetricKeyParameter issuerPublicKey)
{
bool res = false;
try {
certificate.Verify(issuerPublicKey);
res = true;
} catch (Exception ignored) {
}
return(res);
}
public bool Verify(Org.BouncyCastle.X509.X509Certificate subject)
{
try
{
subject.Verify(certificate.GetPublicKey());
return(true);
}
catch (Exception)
{
return(false);
}
}
public virtual bool VerifySignature(byte[] publicKey, string publicKeyIdentifier)
{
AsymmetricKeyParameter key = PublicKeyFactory.CreateKey(new SubjectPublicKeyInfo(
new AlgorithmIdentifier(new DerObjectIdentifier(publicKeyIdentifier)), publicKey));
try
{
_bcX509.Verify(key);
}
catch (Exception)
{
return(false);
}
return(true);
}
/// <summary>
/// Checks whether certificate is self-signed
/// </summary>
/// <param name="certificate">Certificate to be checked</param>
/// <returns>True if certificate is self-signed; false otherwise</returns>
public static bool IsSelfSigned(BCX509.X509Certificate certificate)
{
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
try
{
certificate.Verify(certificate.GetPublicKey());
return(true);
}
catch (Org.BouncyCastle.Security.InvalidKeyException)
{
return(false);
}
}
private void VerifySignature(BcCert bcSubject)
{
var canonicalIssuerName = Canonicalize(bcSubject.IssuerDN);
if (!trustedRootsByDn.ContainsKey(canonicalIssuerName))
{
throw new CertificateValidationException(GetMessagePrefix(bcSubject) + " is not trusted, no trusted certificate registered named " + bcSubject.IssuerDN);
}
var trustedRoot = trustedRootsByDn[canonicalIssuerName];
try
{
bcSubject.Verify(trustedRoot.GetPublicKey());
}
catch (Exception exception)
{
throw new CertificateValidationException(GetMessagePrefix(bcSubject) + ", could not be verified, is certificate trusted?", exception);
}
}
public CertificateWithKey Generate(AsymmetricCipherKeyPair signerKeyPair)
{
Validate();
ISignatureFactory signatureFactory = new Asn1SignatureFactory(SignatureAlgorithm, signerKeyPair.Private, random);
certificateGenerator.SetPublicKey(keyPair.Public);
X509Certificate certificate = certificateGenerator.Generate(signatureFactory);
certificate.Verify(signerKeyPair.Public);
var x509 = new X509Certificate2(certificate.GetEncoded());
var result = new CertificateWithKey
{
Certificate = x509,
KeyPair = keyPair
};
return(result);
}
private static void VerifySignature(Org.BouncyCastle.X509.X509Certificate certificate, AsymmetricKeyParameter key)
{
try
{
certificate.Verify(key);
}
catch (InvalidKeyException exception)
{
throw new Exception(Resources.InvalidCertificateKey, exception);
}
catch (SignatureException exception)
{
throw new Exception(Resources.InvalidSslCertificateSignature, exception);
}
catch (CertificateException exception)
{
throw new Exception(Resources.EncodingError, exception);
}
catch (Exception exception)
{
throw new Exception(Resources.InvalidSslCertificateSignatureGeneral, exception);
}
}
/**
* Returns the issuing certificate for a child certificate.
* @param cert the certificate for which we search the parent
* @param certs an array with certificates that contains the parent
* @return the partent certificate
*/
private X509Certificate GetParent(X509Certificate cert, X509Certificate[] certs) {
X509Certificate parent;
for (int i = 0; i < certs.Length; i++) {
parent = certs[i];
if (!cert.IssuerDN.Equals(parent.SubjectDN))
continue;
try {
cert.Verify(parent.GetPublicKey());
return parent;
} catch {
// do nothing
}
}
return null;
}
/// <summary>
/// Search the given Set of TrustAnchor's for one that is the
/// issuer of the given X509 certificate.
/// </summary>
/// <param name="cert">the X509 certificate</param>
/// <param name="trustAnchors">a Set of TrustAnchor's</param>
/// <returns>the <code>TrustAnchor</code> object if found or
/// <code>null</code> if not.
/// </returns>
/// @exception
internal static TrustAnchor FindTrustAnchor(
X509Certificate cert,
ISet trustAnchors)
{
IEnumerator iter = trustAnchors.GetEnumerator();
TrustAnchor trust = null;
AsymmetricKeyParameter trustPublicKey = null;
Exception invalidKeyEx = null;
X509CertStoreSelector certSelectX509 = new X509CertStoreSelector();
try
{
certSelectX509.Subject = GetIssuerPrincipal(cert);
}
catch (IOException ex)
{
throw new Exception("Cannot set subject search criteria for trust anchor.", ex);
}
while (iter.MoveNext() && trust == null)
{
trust = (TrustAnchor) iter.Current;
if (trust.TrustedCert != null)
{
if (certSelectX509.Match(trust.TrustedCert))
{
trustPublicKey = trust.TrustedCert.GetPublicKey();
}
else
{
trust = null;
}
}
else if (trust.CAName != null && trust.CAPublicKey != null)
{
try
{
X509Name certIssuer = GetIssuerPrincipal(cert);
X509Name caName = new X509Name(trust.CAName);
if (certIssuer.Equivalent(caName, true))
{
trustPublicKey = trust.CAPublicKey;
}
else
{
trust = null;
}
}
catch (InvalidParameterException)
{
trust = null;
}
}
else
{
trust = null;
}
if (trustPublicKey != null)
{
try
{
cert.Verify(trustPublicKey);
}
catch (Exception ex)
{
invalidKeyEx = ex;
trust = null;
}
}
}
if (trust == null && invalidKeyEx != null)
{
throw new Exception("TrustAnchor found but certificate validation failed.", invalidKeyEx);
}
return trust;
}
/**
* Checks the validity of the certificate, and calls the next
* verifier in the chain, if any.
* @param signCert the certificate that needs to be checked
* @param issuerCert its issuer
* @param signDate the date the certificate needs to be valid
* @return a list of <code>VerificationOK</code> objects.
* The list will be empty if the certificate couldn't be verified.
* @throws GeneralSecurityException
* @throws IOException
*/
virtual public List<VerificationOK> Verify(X509Certificate signCert, X509Certificate issuerCert, DateTime signDate) {
// Check if the certificate is valid on the signDate
//if (signDate != null)
signCert.CheckValidity(signDate);
// Check if the signature is valid
if (issuerCert != null) {
signCert.Verify(issuerCert.GetPublicKey());
}
// Also in case, the certificate is self-signed
else {
signCert.Verify(signCert.GetPublicKey());
}
List<VerificationOK> result = new List<VerificationOK>();
if (verifier != null)
result.AddRange(verifier.Verify(signCert, issuerCert, signDate));
return result;
}
/// <summary>
/// Checks to see whether the certificate is self-signed so that it can be determined whether it is root or not
/// </summary>
/// <param name="cert">The BouncyCastle certificate parameter</param>
/// <returns>a boolean to denote whether it is self-signed or not</returns>
private static bool IsSelfSigned(X509Certificate cert)
{
bool isSelfSigned = true;
try
{
cert.Verify(cert.GetPublicKey());
}
catch (Exception)
{
isSelfSigned = false;
}
return isSelfSigned;
}
private void EnsureCertificateValidity(X509Certificate certificate)
{
certificate.CheckValidity(DateTime.UtcNow);
certificate.Verify(_authorityKeyPair.Public);
}
/// <summary>
/// Validates the cert with the provided ocsp responses.
/// </summary>
/// <param name="certificate">The cert to validate</param>
/// <param name="issuer">The issuer of the cert to validate</param>
/// <param name="validationTime">The time on which the cert was needed to validated</param>
/// <param name="ocspResponses">The list of ocsp responses to use</param>
/// <returns>The OCSP response that was used, <c>null</c> if none was found</returns>
/// <exception cref="RevocationException{T}">When the certificate was revoked on the provided time</exception>
/// <exception cref="RevocationUnknownException">When the certificate (or the OCSP) can't be validated</exception>
public static BCAO.BasicOcspResponse Verify(this X509Certificate2 certificate, X509Certificate2 issuer, DateTime validationTime, IList <BCAO.BasicOcspResponse> ocspResponses)
{
DateTime minTime = validationTime - ClockSkewness;
DateTime maxTime = validationTime + ClockSkewness;
BCX.X509Certificate certificateBC = DotNetUtilities.FromX509Certificate(certificate);
BCX.X509Certificate issuerBC = DotNetUtilities.FromX509Certificate(issuer);
ValueWithRef <BCO.SingleResp, ValueWithRef <BCO.BasicOcspResp, BCAO.BasicOcspResponse> > singleOcspRespLeaf = ocspResponses
.Select((rsp) => new ValueWithRef <BCO.BasicOcspResp, BCAO.BasicOcspResponse>(new BCO.BasicOcspResp(rsp), rsp)) //convert, but keep the original
.SelectMany((r) => r.Value.Responses.Select(sr => new ValueWithRef <BCO.SingleResp, ValueWithRef <BCO.BasicOcspResp, BCAO.BasicOcspResponse> >(sr, r))) //get the single respononses, but keep the parent
.Where((sr) => sr.Value.GetCertID().SerialNumber.Equals(certificateBC.SerialNumber) && sr.Value.GetCertID().MatchesIssuer(issuerBC)) //is it for this cert?
.Where((sr) => sr.Value.ThisUpdate >= minTime || (sr.Value.NextUpdate != null && sr.Value.NextUpdate.Value >= minTime)) //was it issued on time?
.OrderByDescending((sr) => sr.Value.ThisUpdate) //newest first
.FirstOrDefault();
if (singleOcspRespLeaf == null)
{
return(null);
}
BCO.SingleResp singleOcspResp = singleOcspRespLeaf.Value;
BCO.BasicOcspResp basicOcspResp = singleOcspRespLeaf.Reference.Value;
BCAO.BasicOcspResponse basicOcspResponse = singleOcspRespLeaf.Reference.Reference;
//get the signer name
BCAX.X509Name responderName = basicOcspResp.ResponderId.ToAsn1Object().Name;
if (responderName == null)
{
trace.TraceEvent(TraceEventType.Error, 0, "OCSP response for {0} does not have a ResponderID", certificate.Subject);
throw new RevocationUnknownException("OCSP response for {0} does not have a ResponderID");
}
//Get the signer certificate
var selector = new BCS.X509CertStoreSelector();
selector.Subject = responderName;
BCX.X509Certificate ocspSignerBc = (BCX.X509Certificate)basicOcspResp
.GetCertificates("Collection").GetMatches(selector)
.Cast <BCX.X509Certificate>().FirstOrDefault();
if (ocspSignerBc == null)
{
throw new RevocationUnknownException("The OCSP is signed by a unknown certificate");
}
//verify the response signature
if (!basicOcspResp.Verify(ocspSignerBc.GetPublicKey()))
{
throw new RevocationUnknownException("The OCSP has an invalid signature");
}
//OCSP must be issued by same issuer an the certificate that it validates.
try
{
if (!ocspSignerBc.IssuerDN.Equals(issuerBC.SubjectDN))
{
throw new ApplicationException();
}
ocspSignerBc.Verify(issuerBC.GetPublicKey());
}
catch (Exception e)
{
throw new RevocationUnknownException("The OCSP signer was not issued by the proper CA", e);
}
//verify if the OCSP signer certificate is stil valid
if (!ocspSignerBc.IsValid(basicOcspResp.ProducedAt))
{
throw new RevocationUnknownException("The OCSP signer was not valid at the time the ocsp was issued");
}
//check if the signer may issue OCSP
IList ocspSignerExtKeyUsage = ocspSignerBc.GetExtendedKeyUsage();
if (!ocspSignerExtKeyUsage.Contains("1.3.6.1.5.5.7.3.9"))
{
throw new RevocationUnknownException("The OCSP is signed by a certificate that isn't allowed to sign OCSP");
}
//finally, check if the certificate is revoked or not
var revokedStatus = (BCO.RevokedStatus)singleOcspResp.GetCertStatus();
if (revokedStatus != null)
{
trace.TraceEvent(TraceEventType.Verbose, 0, "OCSP response for {0} indicates that the certificate is revoked on {1}", certificate.Subject, revokedStatus.RevocationTime);
if (maxTime >= revokedStatus.RevocationTime)
{
throw new RevocationException <BCAO.BasicOcspResponse>(basicOcspResponse, "The certificate was revoked on " + revokedStatus.RevocationTime.ToString("o"));
}
}
return(basicOcspResponse);
}
static void Main(string[] args)
{
char[] passwd = "123456".ToCharArray(); //pfx密码
IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("RSA");
RsaKeyGenerationParameters genPar = new RsaKeyGenerationParameters(
BigInteger.ValueOf(0x10001), new SecureRandom(), 2048, 25);
keyGen.Init(genPar);
AsymmetricCipherKeyPair keypair = keyGen.GenerateKeyPair();
RsaKeyParameters pubKey = (RsaKeyParameters)keypair.Public; //CA公钥
RsaKeyParameters priKey = (RsaKeyParameters)keypair.Private; //CA私钥
Hashtable attrs = new Hashtable();
ArrayList order = new ArrayList();
attrs.Add(X509Name.C, "CN"); //country code
//attrs.Add(X509Name.ST, "Guangdong province"); //province name
//attrs.Add(X509Name.L, "Guangzhou city"); //locality name
attrs.Add(X509Name.O, "South China Normal University"); //organization
attrs.Add(X509Name.OU, "South China Normal University"); //organizational unit name
attrs.Add(X509Name.CN, "CAcert"); //common name
attrs.Add(X509Name.E, "*****@*****.**");
order.Add(X509Name.C);
//order.Add(X509Name.ST);
//order.Add(X509Name.L);
order.Add(X509Name.O);
order.Add(X509Name.OU);
order.Add(X509Name.CN);
order.Add(X509Name.E);
X509Name issuerDN = new X509Name(order, attrs);
X509Name subjectDN = issuerDN; //自签证书,两者一样
X509V1CertificateGenerator v1certGen = new X509V1CertificateGenerator();
v1certGen.SetSerialNumber(new BigInteger(128, new Random())); //128位
v1certGen.SetIssuerDN(issuerDN);
v1certGen.SetNotBefore(DateTime.UtcNow.AddDays(-1));
v1certGen.SetNotAfter(DateTime.UtcNow.AddDays(365));
v1certGen.SetSubjectDN(subjectDN);
v1certGen.SetPublicKey(pubKey); //公钥
v1certGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
Org.BouncyCastle.X509.X509Certificate CAcert = v1certGen.Generate(priKey);
CAcert.CheckValidity();
CAcert.Verify(pubKey);
//属性包
/*
* Hashtable bagAttr = new Hashtable();
* bagAttr.Add(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id,
* new DerBmpString("CA's Primary Certificate"));
* bagAttr.Add(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id,
* new SubjectKeyIdentifierStructure(pubKey));
*
* X509CertificateEntry certEntry = new X509CertificateEntry(CAcert,bagAttr);
*/
X509CertificateEntry certEntry = new X509CertificateEntry(CAcert);
Pkcs12Store store = new Pkcs12StoreBuilder().Build();
store.SetCertificateEntry("CA's Primary Certificate", certEntry); //设置证书
X509CertificateEntry[] chain = new X509CertificateEntry[1];
chain[0] = certEntry;
store.SetKeyEntry("CA's Primary Certificate", new AsymmetricKeyEntry(priKey), chain); //设置私钥
FileStream fout = File.Create("CA.pfx");
store.Save(fout, passwd, new SecureRandom()); //保存
fout.Close();
}
/// <summary>
/// Read CA private key file from .key or pfx file
/// Read data from certificate request file .csr
/// Generate signed certificate request file .cer
/// </summary>
/// <param name="signedCERFile"></param>
/// <param name="privateKeyFile"></param>
/// <param name="v"></param>
/// <param name="password"></param>
private async void GenerateCerFile(string certRequestFile,
string privateKeyFile,
string generateSignedCertificateFile,
string password, string friendlyName,
DateTime startDate, DateTime endDate)
{
#region LoadCertificate
// read public & private key from file
AsymmetricKeyParameter privateKey = null;
AsymmetricKeyParameter publicKey = null;
System.Security.Cryptography.X509Certificates.X509Certificate2 issuerCertificate = null;
Org.BouncyCastle.X509.X509Certificate issuerCertificateX509 = null;
// Ovo NE radi
//issuerCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(
// privateKeyFile,
// password
// );
// Ovo RADI
issuerCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(
privateKeyFile,
password,
System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable
);
// This doesn't work for selfsign certificate
//bool isOK = issuerCertificate.Verify();
bool isHasPrivateKey = issuerCertificate.HasPrivateKey;
DateTime noAfter = issuerCertificate.NotAfter;
DateTime noBefore = issuerCertificate.NotBefore;
X509ExtensionCollection x509extensions = issuerCertificate.Extensions;
int errorNum = 0;
X509CertificateParser parser = new X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate bouncyCertificate = parser.ReadCertificate(issuerCertificate.RawData);
BasicConstraints basicConstraints = null;
bool isCa = false;
Asn1OctetString str = bouncyCertificate.GetExtensionValue(new DerObjectIdentifier("2.5.29.19"));
if (str != null)
{
basicConstraints = BasicConstraints.GetInstance(
X509ExtensionUtilities.FromExtensionValue(str));
if (basicConstraints != null)
{
isCa = basicConstraints.IsCA();
}
}
if (!isCa)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "Loaded CA file: " + privateKeyFile + " IS NOT CA authority certificate file!" + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
// This doesn't work for selfsign certificate
//if (!isOK)
//{
// errorNum++;
// Brush bckForeground = tbOutputMessageBox.Foreground;
// tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
// tbOutputMessageBox.Text += "File with CA certificate NOT valid." + "\n";
// tbOutputMessageBox.Foreground = bckForeground;
//}
if (!isHasPrivateKey)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "File with CA certificate DOES NOT have a private key." + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
if (noBefore > startDate)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "File with CA certificate start date: " + startDate.ToLocalTime() + " DOES NOT valid value. Certificate start date is: " + noBefore.ToLocalTime() + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
if (noAfter < endDate)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "File with CA certificate end date: " + endDate.ToLocalTime() + " DOES NOT valid value. Certificate end date is: " + noAfter.ToLocalTime() + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
if (errorNum > 0)
{
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "File with CA certificate has error!!!" + "\n";
tbOutputMessageBox.Foreground = bckForeground;
return;
}
bool isOk = issuerCertificate.Verify();
AsymmetricCipherKeyPair issuerKeyPairTmp = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey);
privateKey = issuerKeyPairTmp.Private;
publicKey = issuerKeyPairTmp.Public;
issuerCertificateX509 = new Org.BouncyCastle.X509.X509CertificateParser().ReadCertificate(issuerCertificate.GetRawCertData());
issuerCertificateX509.Verify(publicKey);
Org.BouncyCastle.X509.X509Certificate x509 = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(issuerCertificate);
x509.Verify(publicKey);
x509.CheckValidity(startDate);
#endregion
// Read certificate request .csr file
Pkcs10CertificationRequest cerRequest = null;
try
{
String input_data = File.ReadAllText(certRequestFile);
StringReader sr = new StringReader(input_data);
PemReader pr = new PemReader(sr);
cerRequest = (Pkcs10CertificationRequest)pr.ReadObject();
tbOutputMessageBox.Text += "Verify file with certificate request : " + certRequestFile + "\n";
bool requestIsOK = cerRequest.Verify();
if (requestIsOK)
{
tbOutputMessageBox.Text += "File with certificate request : " + certRequestFile + " is OK." + "\n";
}
else
{
tbOutputMessageBox.Text += "File with certificate request : " + certRequestFile + " NOT valid." + "\n";
return;
}
}
catch (Exception ex)
{
var metroWindow = (Application.Current.MainWindow as MetroWindow);
await metroWindow.ShowMessageAsync("Info Warning",
"ERROR reading certificate request file (.csr)" + "\n" +
"Error: " + ex.Source + " " + ex.Message,
MessageDialogStyle.Affirmative);
return;
}
Org.BouncyCastle.X509.X509Certificate genCert = GenerateSignedCertificate(
cerRequest,
x509,
issuerKeyPairTmp,
startDate, endDate);
try
{
File.WriteAllBytes(System.IO.Path.ChangeExtension(generateSignedCertificateFile, ".cer"), genCert.GetEncoded());
tbOutputMessageBox.Text += "Certificate file: " + generateSignedCertificateFile + " sucessfully saved." + "\n";
signedRequestFileNamePath = generateSignedCertificateFile;
btnContinue.IsEnabled = true;
}
catch (Exception)
{
tbOutputMessageBox.Text += "Certificate file sucessfully generated." + "\n";
}
#region Public Key
//try
//{
// var store = new Pkcs12Store();
// string friendlyName1 = issuerCertificateX509.SubjectDN.ToString();
// var certificateEntry = new X509CertificateEntry(issuerCertificateX509);
// store.SetCertificateEntry(friendlyName1, certificateEntry);
// store.SetKeyEntry(friendlyName1, new AsymmetricKeyEntry(privateKey), new[] { certificateEntry });
// var stream = new MemoryStream();
// var random1 = GetSecureRandom();
// store.Save(stream, "password".ToCharArray(), random1);
// //Verify that the certificate is valid.
// var convertedCertificate = new X509Certificate2(stream.ToArray(), "password", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
// //Write the file.
// File.WriteAllBytes(generateSignedCertificateFile, stream.ToArray());
// File.WriteAllBytes(System.IO.Path.ChangeExtension(generateSignedCertificateFile, ".cer"), genCert.GetEncoded());
// //using (TextWriter tw = new StreamWriter(outputPublicKeyName))
// //{
// // PemWriter pw = new PemWriter(tw);
// // pw.WriteObject(subjectKeyPair.Public);
// // tw.Flush();
// //}
// tbOutputMessageBox.Text += "File with private key: " + generateSignedCertificateFile + " sucessfully generated." + "\n";
//}
//catch (Exception ex)
//{
// var metroWindow = (Application.Current.MainWindow as MetroWindow);
// await metroWindow.ShowMessageAsync("Info Warning",
// "ERROR creating certificate private key file (.key)" + "\n" +
// "Error: " + ex.Source + " " + ex.Message,
// MessageDialogStyle.Affirmative);
// return;
//}
//StringBuilder publicKeyStrBuilder = new StringBuilder();
//PemWriter publicKeyPemWriter = new PemWriter(new StringWriter(publicKeyStrBuilder));
//publicKeyPemWriter.WriteObject(genCert.GetPublicKey());
//publicKeyPemWriter.Writer.Flush();
//string publicKey = publicKeyStrBuilder.ToString();
//try
//{
// using (TextWriter tw = new StreamWriter(generateSignedCertificateFile))
// {
// PemWriter pw = new PemWriter(tw);
// pw.WriteObject(genCert.GetPublicKey());
// tw.Flush();
// }
// tbOutputMessageBox.Text += "File with private key: " + generateSignedCertificateFile + " sucessfully generated." + "\n";
//}
//catch (Exception ex)
//{
// var metroWindow = (Application.Current.MainWindow as MetroWindow);
// await metroWindow.ShowMessageAsync("Info Warning",
// "ERROR creating certificate private key file (.key)" + "\n" +
// "Error: " + ex.Source + " " + ex.Message,
// MessageDialogStyle.Affirmative);
// return;
//}
#endregion Public Key
}
/// <summary>
/// Generate certificate request and private key file
/// </summary>
/// <param name="random"></param>
/// <param name="subjectKeyPair"></param>
/// <param name="subjectSerialNumber"></param>
/// <param name="commonName"></param>
/// <param name="issuerKeyPair"></param>
/// <param name="issuerSerialNumber"></param>
/// <param name="isCertificateAuthority"></param>
/// <param name="usages"></param>
/// <param name="signatureAlgorithm"></param>
/// <param name="countryCode"></param>
/// <param name="stateOrProvinceName"></param>
/// <param name="localityName"></param>
/// <param name="organization"></param>
/// <param name="startDateTime"></param>
/// <param name="endDateTime"></param>
/// <param name="outputPrivateKeyName"></param>
/// <param name="outputPublicKeyName"></param>
/// <param name="outputSignedKeyName"></param>
/// <param name="password"></param>
private async void GenerateCertificate(SecureRandom random,
AsymmetricCipherKeyPair subjectKeyPair,
BigInteger subjectSerialNumber,
string commonName,
AsymmetricCipherKeyPair issuerKeyPair,
BigInteger issuerSerialNumber,
bool isCertificateAuthority,
KeyPurposeID[] usages,
string signatureAlgorithm,
string countryCode,
string stateOrProvinceName,
string localityName,
string organization,
DateTime startDateTime,
DateTime endDateTime,
string outputPrivateKeyName,
string outputPublicKeyName,
string outputSignedKeyName,
string password,
string certFriendlyName
)
{
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
certificateGenerator.SetSerialNumber(subjectSerialNumber);
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
IDictionary attrs = new Hashtable();
attrs[X509Name.CN] = commonName;
attrs[X509Name.C] = countryCode;
attrs[X509Name.ST] = stateOrProvinceName;
attrs[X509Name.L] = localityName;
attrs[X509Name.O] = organization;
IList ord = new ArrayList();
ord.Add(X509Name.CN);
ord.Add(X509Name.C);
ord.Add(X509Name.ST);
ord.Add(X509Name.L);
ord.Add(X509Name.O);
X509Name issuerDN = new X509Name(ord, attrs);
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetNotBefore((DateTime)startDateTime);
certificateGenerator.SetNotAfter((DateTime)endDateTime);
certificateGenerator.SetSubjectDN(new X509Name(ord, attrs));
// The subject's public key goes in the certificate.
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
AddAuthorityKeyIdentifier(certificateGenerator, issuerDN, issuerKeyPair, issuerSerialNumber);
AddSubjectKeyIdentifier(certificateGenerator, subjectKeyPair);
bool isCritical = true;
if (!isCertificateAuthority)
{
isCritical = false;
}
certificateGenerator.AddExtension(
X509Extensions.BasicConstraints.Id, isCritical, new BasicConstraints(isCertificateAuthority));
if (usages != null && usages.Any())
{
AddExtendedKeyUsage(certificateGenerator, usages);
}
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(subjectKeyPair.Private);
int errorNum = 0;
try
{
certificate.CheckValidity(startDateTime);
}
catch (Exception ex)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "Generate certificate Check validity period error: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n";
tbOutputMessageBox.Foreground = bckForeground;
var metroWindow = (Application.Current.MainWindow as MetroWindow);
await metroWindow.ShowMessageAsync("ERROR",
"Generate certificate Check validity period error: " + ex.GetHashCode().ToString() + " " + ex.Message,
MessageDialogStyle.Affirmative);
}
try
{
certificate.Verify(subjectKeyPair.Public);
}
catch (Exception ex)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "Generate certificate Verification error: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n";
tbOutputMessageBox.Foreground = bckForeground;
var metroWindow = (Application.Current.MainWindow as MetroWindow);
await metroWindow.ShowMessageAsync("ERROR",
"Generate certificate Verification error: " + ex.GetHashCode().ToString() + " " + ex.Message,
MessageDialogStyle.Affirmative);
}
if (errorNum > 0)
{
return;
}
#region Save Public Key
try
{
File.WriteAllBytes(System.IO.Path.ChangeExtension(outputPublicKeyName, ".cer"), certificate.GetEncoded());
}
catch (Exception ex)
{
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "ERROR to save generated public key to file: " + System.IO.Path.ChangeExtension(outputPublicKeyName, ".cer") + "\n" +
ex.GetHashCode().ToString() + " " + ex.Message + "\n";
tbOutputMessageBox.Foreground = bckForeground;
var metroWindow = (Application.Current.MainWindow as MetroWindow);
await metroWindow.ShowMessageAsync("ERROR",
"ERROR to save generated public key to file: " + System.IO.Path.ChangeExtension(outputPublicKeyName, ".cer") + "\n" +
ex.GetHashCode().ToString() + " " + ex.Message,
MessageDialogStyle.Affirmative);
return;
}
#endregion
#region Private Key
StringBuilder privateKeyStrBuilder = new StringBuilder();
PemWriter privateKeyPemWriter = new PemWriter(new StringWriter(privateKeyStrBuilder));
privateKeyPemWriter.WriteObject(subjectKeyPair.Private);
privateKeyPemWriter.Writer.Flush();
string privateKey = privateKeyStrBuilder.ToString();
try
{
using (TextWriter tw = new StreamWriter(outputPrivateKeyName))
{
PemWriter pw = new PemWriter(tw);
pw.WriteObject(subjectKeyPair.Private);
tw.Flush();
}
tbOutputMessageBox.Text += "File with private key: " + outputPrivateKeyName + " sucessfully generated." + "\n";
}
catch (Exception ex)
{
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "ERROR to save file with private key: " + outputPrivateKeyName + "\n";
tbOutputMessageBox.Foreground = bckForeground;
var metroWindow = (Application.Current.MainWindow as MetroWindow);
await metroWindow.ShowMessageAsync("Info Warning",
"ERROR creating certificate private key file (.key)" + "\n" +
"Error: " + ex.Source + " " + ex.Message,
MessageDialogStyle.Affirmative);
return;
}
#endregion Private Key
#region Public Key
//try
//{
// var store = new Pkcs12Store();
// string friendlyName = certificate.SubjectDN.ToString();
// var certificateEntry = new X509CertificateEntry(certificate);
// store.SetCertificateEntry(friendlyName, certificateEntry);
// store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(subjectKeyPair.Private), new[] { certificateEntry });
// var stream = new MemoryStream();
// store.Save(stream, "password".ToCharArray(), random);
// //Verify that the certificate is valid.
// var convertedCertificate = new X509Certificate2(stream.ToArray(), "password", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
// //Write the file.
// File.WriteAllBytes(outputPublicKeyName, stream.ToArray());
// File.WriteAllBytes(System.IO.Path.ChangeExtension(outputPublicKeyName, ".cer"), certificate.GetEncoded());
// //using (TextWriter tw = new StreamWriter(outputPublicKeyName))
// //{
// // PemWriter pw = new PemWriter(tw);
// // pw.WriteObject(subjectKeyPair.Public);
// // tw.Flush();
// //}
// tbOutputMessageBox.Text += "File with private key: " + outputPublicKeyName + " sucessfully generated." + "\n";
//}
//catch (Exception ex)
//{
// var metroWindow = (Application.Current.MainWindow as MetroWindow);
// await metroWindow.ShowMessageAsync("Info Warning",
// "ERROR creating certificate private key file (.key)" + "\n" +
// "Error: " + ex.Source + " " + ex.Message,
// MessageDialogStyle.Affirmative);
// return;
//}
//StringBuilder publicKeyStrBuilder = new StringBuilder();
//PemWriter publicKeyPemWriter = new PemWriter(new StringWriter(publicKeyStrBuilder));
//publicKeyPemWriter.WriteObject(subjectKeyPair.Private);
//publicKeyPemWriter.Writer.Flush();
//string publicKey = publicKeyStrBuilder.ToString();
//try
//{
// using (TextWriter tw = new StreamWriter(outputPublicKeyName))
// {
// PemWriter pw = new PemWriter(tw);
// pw.WriteObject(subjectKeyPair.Public);
// tw.Flush();
// }
// tbOutputMessageBox.Text += "File with public key: " + outputPublicKeyName + " sucessfully generated." + "\n";
//}
//catch (Exception ex)
//{
// var metroWindow = (Application.Current.MainWindow as MetroWindow);
// await metroWindow.ShowMessageAsync("Info Warning",
// "ERROR creating certificate private key file (.cer)" + "\n" +
// "Error: " + ex.Source + " " + ex.Message,
// MessageDialogStyle.Affirmative);
// return;
//}
#endregion Public Key
#region signed cert file
try
{
X509Certificate2 convCert = ConvertCertificate(certificate, subjectKeyPair, random, pbPassword.Password, certFriendlyName);
bool isHasPrivateKey = convCert.HasPrivateKey;
// This doesn't work for selfsign certificate
//bool isOK = convCert.Verify();
errorNum = 0;
if (!isHasPrivateKey)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "Error, generated certificate DOES NOT have a private key!!!" + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
// This doesn't work for selfsign certificate
//if (!isOK)
//{
// errorNum++;
// Brush bckForeground = tbOutputMessageBox.Foreground;
// tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
// tbOutputMessageBox.Text += "Error, generated certificate NOT valid!!!" + "\n";
// tbOutputMessageBox.Foreground = bckForeground;
//}
if (errorNum > 0)
{
return;
}
// This password is the one attached to the PFX file. Use 'null' for no password.
var bytes = convCert.Export(X509ContentType.Pfx, password);
File.WriteAllBytes(outputSignedKeyName, bytes);
tbOutputMessageBox.Text += "Certificate file with private key: " + outputSignedKeyName + " sucessfully generated." + "\n";
CARootFileNamePath = outputSignedKeyName;
CARootPubKeyFileNamePath = outputPublicKeyName;
if (cbIsCACert.SelectedIndex == 0) // root CA certificate
{
btnContinue.IsEnabled = true;
}
}
catch (Exception ex)
{
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "ERROR creating certificate file with private key (.pfx)" + "\n" + "Error: " + ex.Source + " " + ex.Message + "\n";
tbOutputMessageBox.Foreground = bckForeground;
var metroWindow = (Application.Current.MainWindow as MetroWindow);
await metroWindow.ShowMessageAsync("Info Warning",
"ERROR creating certificate file with private key (.pfx)" + "\n" +
"Error: " + ex.Source + " " + ex.Message,
MessageDialogStyle.Affirmative);
return;
}
#endregion
}
/// <summary>
/// Enroll certificate file base on request
/// </summary>
/// <param name="cerRequest"></param>
/// <param name="rootCert"></param>
/// <param name="issuerKeyPair"></param>
/// <param name="startDate"></param>
/// <param name="endDate"></param>
/// <returns></returns>
private Org.BouncyCastle.X509.X509Certificate GenerateSignedCertificate(
Pkcs10CertificationRequest cerRequest,
Org.BouncyCastle.X509.X509Certificate rootCert,
AsymmetricCipherKeyPair issuerKeyPair,
DateTime startDate, DateTime endDate)
{
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(rootCert.SubjectDN);
certGen.SetNotBefore(startDate);
certGen.SetNotAfter(endDate);
CertificationRequestInfo info = cerRequest.GetCertificationRequestInfo();
certGen.SetSubjectDN(info.Subject);
certGen.SetPublicKey(cerRequest.GetPublicKey());
AlgorithmIdentifier sigAlg = cerRequest.SignatureAlgorithm;
string algName = GetAlgorithmName(sigAlg.Algorithm.Id);
certGen.SetSignatureAlgorithm(algName);
// Add certificate extensions
Asn1Set attributes = cerRequest.GetCertificationRequestInfo().Attributes;
if (attributes != null)
{
for (int i = 0; i != attributes.Count; i++)
{
AttributePkcs attr = AttributePkcs.GetInstance(attributes[i]);
if (attr.AttrType.Equals(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest))
{
X509Extensions extensions1 = X509Extensions.GetInstance(attr.AttrValues[0]);
foreach (DerObjectIdentifier oid in extensions1.ExtensionOids)
{
Org.BouncyCastle.Asn1.X509.X509Extension ext = extensions1.GetExtension(oid);
certGen.AddExtension(oid, ext.IsCritical, ext.GetParsedValue());
}
}
}
}
Org.BouncyCastle.X509.X509Certificate issuedCert = null;
try
{
issuedCert = certGen.Generate(issuerKeyPair.Private);
tbOutputMessageBox.Text += "Certificate file sucessfully generated." + "\n";
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Certificate file sucessfully generated." + "\n",
Foreground = System.Windows.Media.Brushes.Green
});
}));
}
catch (Exception ex)
{
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Error, generate certificate file." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n",
Foreground = System.Windows.Media.Brushes.Red
});
}));
}
try
{
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Check if generated certificate file is valid, plase wait ..." + "\n",
Foreground = System.Windows.Media.Brushes.Black
});
}));
issuedCert.CheckValidity(DateTime.UtcNow);
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Generate certificate file is valid." + "\n",
Foreground = System.Windows.Media.Brushes.Black
});
}));
}
catch (Exception ex)
{
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Error, generated certificate file is INVALID." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n",
Foreground = System.Windows.Media.Brushes.Red
});
}));
}
try
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Verify generated certificate file, plase wait ..." + "\n",
Foreground = System.Windows.Media.Brushes.Black
});
issuedCert.Verify(issuerKeyPair.Public);
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Generate certificate file verification is OK." + "\n",
Foreground = System.Windows.Media.Brushes.Green
});
}));
}
catch (Exception ex)
{
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Error, generated certificate file verification is INVALID." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n",
Foreground = System.Windows.Media.Brushes.Red
});
}));
}
return(issuedCert);
}
private static bool IsSelfSigned(X509Certificate certificate)
{
if (!certificate.SubjectDN.Equivalent(certificate.IssuerDN))
return false;
try
{
certificate.Verify(certificate.GetPublicKey());
return true;
}
catch (SignatureException)
{
return false;
}
catch (InvalidKeyException)
{
return false;
}
}
//jbonilla
private static bool IsSelfSigned(X509Certificate cert)
{
try
{
cert.Verify(cert.GetPublicKey());
return true;
}
catch { }
return false;
}
/// <summary>
/// Checks wether the certificate is self-signed.
/// </summary>
/// <returns>
/// <c>true</c>, if is self-signed, <c>false</c> otherwise.
/// </returns>
/// <param name='BCCert'>
/// BouncyCastle cert to check.
/// </param>
private static bool CertIsSelfSigned(X509Certificate BCCert)
{
try {
BCCert.Verify (BCCert.GetPublicKey ());
return true;
} catch (SignatureException sigex) {
// Invalid signature --> not self-signed
return false;
} catch (InvalidKeyException kex) {
// Invalid key --> not self-signed
return false;
}
}
/**
* Verifies a single certificate against a key store (if present).
*
* @param signCert
* the certificate to verify
* @param issuerCert
* the issuer certificate
* @param signDate
* the date the certificate needs to be valid
* @return a list of <code>VerificationOK</code> objects.
* The list will be empty if the certificate couldn't be verified.
*/
override public List<VerificationOK> Verify(X509Certificate signCert, X509Certificate issuerCert, DateTime signDate) {
LOGGER.Info("Root store verification: " + signCert.SubjectDN);
// verify using the CertificateVerifier if root store is missing
if (certificates == null)
return base.Verify(signCert, issuerCert, signDate);
try {
List<VerificationOK> result = new List<VerificationOK>();
// loop over the trusted anchors in the root store
foreach (X509Certificate anchor in certificates) {
try {
signCert.Verify(anchor.GetPublicKey());
LOGGER.Info("Certificate verified against root store");
result.Add(new VerificationOK(signCert, this, "Certificate verified against root store."));
result.AddRange(base.Verify(signCert, issuerCert, signDate));
return result;
} catch (GeneralSecurityException) {}
}
result.AddRange(base.Verify(signCert, issuerCert, signDate));
return result;
} catch (GeneralSecurityException) {
return base.Verify(signCert, issuerCert, signDate);
}
}
/// <summary>
/// Enroll certificate file base on request
/// </summary>
/// <param name="csr"></param>
/// <param name="rootCert"></param>
/// <param name="issuerKeyPair"></param>
/// <param name="startDate"></param>
/// <param name="endDate"></param>
/// <returns></returns>
private Org.BouncyCastle.X509.X509Certificate GenerateSignedCertificate(
Pkcs10CertificationRequest csr,
Org.BouncyCastle.X509.X509Certificate rootCert,
AsymmetricCipherKeyPair issuerKeyPair,
DateTime startDate, DateTime endDate)
{
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
//List<ExtensionsItem> extensions = null;
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(rootCert.SubjectDN);
certGen.SetNotBefore(startDate);
certGen.SetNotAfter(endDate);
CertificationRequestInfo info = csr.GetCertificationRequestInfo();
certGen.SetSubjectDN(info.Subject);
certGen.SetPublicKey(csr.GetPublicKey());
var sigAlg = csr.Signature;
var sigAlg1 = csr.SignatureAlgorithm;
certGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
// Add certificate extensions
Asn1Set attributes = csr.GetCertificationRequestInfo().Attributes;
if (attributes != null)
{
for (int i = 0; i != attributes.Count; i++)
{
AttributePkcs attr = AttributePkcs.GetInstance(attributes[i]);
if (attr.AttrType.Equals(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest))
{
X509Extensions extensions1 = X509Extensions.GetInstance(attr.AttrValues[0]);
foreach (DerObjectIdentifier oid in extensions1.ExtensionOids)
{
Org.BouncyCastle.Asn1.X509.X509Extension ext = extensions1.GetExtension(oid);
// !!! NOT working !!!
//certGen.AddExtension(oid, ext.IsCritical, ext.Value);
//OK
certGen.AddExtension(oid, ext.IsCritical, ext.Value, true);
}
}
}
}
Org.BouncyCastle.X509.X509Certificate issuedCert = null;
try
{
issuedCert = certGen.Generate(issuerKeyPair.Private);
tbOutputMessageBox.Text += "Certificate file sucessfully generated." + "\n";
}
catch (Exception ex)
{
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "Error, generate certificate file." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
try
{
tbOutputMessageBox.Text += "Check if generated certificate file is valid, plase wait ..." + "\n";
issuedCert.CheckValidity(DateTime.UtcNow);
tbOutputMessageBox.Text += "Generate certificate file is valid." + "\n";
}
catch (Exception ex)
{
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "Error, generated certificate file is INVALID." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
try
{
tbOutputMessageBox.Text += "Verify generated certificate file, plase wait ..." + "\n";
issuedCert.Verify(issuerKeyPair.Public);
tbOutputMessageBox.Text += "Generate certificate file verification is OK." + "\n";
}
catch (Exception ex)
{
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "Error, generated certificate file verification is INVALID." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
return(issuedCert);
}
