/// <summary>
/// Encodes revocation entry to a ASN.1-encoded byte array.
/// </summary>
/// <returns>ASN.1-encoded byte array</returns>
public Byte[] Encode()
{
if (String.IsNullOrEmpty(SerialNumber))
{
throw new UninitializedObjectException();
}
List <Byte> rawData = new List <Byte>(AsnFormatter.StringToBinary(SerialNumber, EncodingType.HexAny));
rawData = new List <Byte>(Asn1Utils.Encode(rawData.ToArray(), (Byte)Asn1Type.INTEGER));
rawData.AddRange(Asn1Utils.EncodeDateTime(RevocationDate));
if (ReasonCode != 0)
{
Byte[] reasonEnum = new Byte[] { 10, 1, (Byte)ReasonCode };
X509ExtensionCollection exts = new X509ExtensionCollection();
X509Extension CRlReasonCode = new X509Extension("2.5.29.21", reasonEnum, false);
exts.Add(CRlReasonCode);
rawData.AddRange(Crypt32Managed.EncodeX509Extensions(exts));
}
return(Asn1Utils.Encode(rawData.ToArray(), 48));
}
public void Indexer_String ()
{
X509ExtensionCollection c = new X509ExtensionCollection ();
c.Add (extn_empty);
Assert.IsNull (c[String.Empty]);
Assert.IsNull (c ["1.2.3"]);
Assert.AreEqual (extn_empty, c["1.2"], "0");
}
private void buttonCreate_Click(object sender, EventArgs e)
{
DialogResult = DialogResult.OK;
int rsaKeySize = 0;
if (radioButtonSimpleCN.Checked && String.IsNullOrWhiteSpace(textBoxCN.Text))
{
MessageBox.Show(this, CANAPE.Properties.Resources.CreateCertForm_MustSpecifyCN,
CANAPE.Properties.Resources.MessageBox_ErrorString, MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (radioButtonTemplate.Checked && _templateCert == null)
{
MessageBox.Show(this, CANAPE.Properties.Resources.CreateCertForm_MustSpecifyTemplate,
CANAPE.Properties.Resources.MessageBox_ErrorString, MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (radioButtonSpecifyCA.Checked && _specifyCert == null)
{
MessageBox.Show(this, CANAPE.Properties.Resources.CreateCertForm_MustSpecifyCA,
CANAPE.Properties.Resources.MessageBox_ErrorString, MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (!int.TryParse(comboBoxRsaKeySize.Text, out rsaKeySize))
{
MessageBox.Show(this, CANAPE.Properties.Resources.CreateCertForm_MustSpecifyAValidRSAKeySize,
CANAPE.Properties.Resources.MessageBox_ErrorString, MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
try
{
X509Certificate2 rootCert = null;
if (radioButtonSpecifyCA.Checked)
{
rootCert = _specifyCert;
}
else if (radioButtonDefaultCA.Checked)
{
rootCert = CertManager.GetRootCert();
}
else
{
// Self signed
}
if (radioButtonTemplate.Checked)
{
Certificate = CertificateUtils.CloneAndSignCertificate(_templateCert, rootCert, false, rsaKeySize, (CertificateHashAlgorithm)comboBoxHash.SelectedItem);
}
else
{
X509ExtensionCollection exts = new X509ExtensionCollection();
if (checkBoxCA.Checked)
{
exts.Add(new X509BasicConstraintsExtension(true, false, 0, true));
}
DateTime notBefore = DateTime.Now.Subtract(TimeSpan.FromDays(1));
Certificate = CertificateUtils.CreateCert(rootCert,
new X500DistinguishedName(radioButtonSubject.Checked ? textBoxCN.Text : String.Format("CN={0}", textBoxCN.Text)), null, false, rsaKeySize,
(CertificateHashAlgorithm)comboBoxHash.SelectedItem, notBefore, notBefore.AddYears(10), exts);
}
}
catch (Win32Exception ex)
{
MessageBox.Show(ex.Message, CANAPE.Properties.Resources.MessageBox_ErrorString,
MessageBoxButtons.OK, MessageBoxIcon.Error);
}
catch (CryptographicException ex)
{
MessageBox.Show(ex.Message, CANAPE.Properties.Resources.MessageBox_ErrorString,
MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
public void Indexer_Int ()
{
X509ExtensionCollection c = new X509ExtensionCollection ();
c.Add (extn_empty);
Assert.AreEqual (extn_empty, c[0], "0");
}
public void ICollection_CopyTo ()
{
X509ExtensionCollection c = new X509ExtensionCollection ();
c.Add (extn_empty);
X509Extension[] array = new X509Extension[1];
(c as ICollection).CopyTo (array, 0);
Assert.AreEqual (extn_empty, array[0], "0");
}
public void Add ()
{
X509ExtensionCollection c = new X509ExtensionCollection ();
Assert.AreEqual (0, c.Count, "Count-0");
c.Add (extn_empty);
Assert.AreEqual (1, c.Count, "Count-1");
}
/// <summary>
/// Take an existing certificate, clone its details and resign with a new root CA
/// </summary>
/// <param name="toClone">The certificate to clone</param>
/// <param name="rootCert">The root CA certificate to sign with</param>
/// <param name="newSerial">True to generate a new serial for this certificate</param>
/// <param name="rsaKeySize">The size of the RSA key to generate</param>
/// <param name="hashAlgorithm">Specify the signature hash algorithm</param>
/// <returns></returns>
public static X509Certificate2 CloneAndSignCertificate(X509Certificate toClone, X509Certificate2 rootCert, bool newSerial, int rsaKeySize, CertificateHashAlgorithm hashAlgorithm)
{
X509Certificate2 cert2 = new X509Certificate2(toClone);
X509ExtensionCollection extensions = new X509ExtensionCollection();
foreach (var ext in cert2.Extensions)
{
// Remove CRL distribution locations and authority information, they tend to break SSL negotiation
if ((ext.Oid.Value != szOID_CRL_DISTRIBUTION) && (ext.Oid.Value != szOID_AUTHORITY_INFO))
{
extensions.Add(ext);
}
}
return builder.CreateCert(rootCert, cert2.SubjectName, newSerial ? null : cert2.GetSerialNumber(),
false, rsaKeySize, hashAlgorithm, cert2.NotBefore, cert2.NotAfter, extensions);
}
/// <summary>
/// Generate a self-signed CA certificate
/// </summary>
/// <param name="subject">The X500 subject string</param>
/// <param name="rsaKeySize">The size of the RSA key to generate</param>
/// <param name="hashAlgorithm">Specify the signature hash algorithm</param>
/// <returns>An X509Certificate2 object containing the full certificate</returns>
public static X509Certificate2 GenerateCACert(string subject, int rsaKeySize, CertificateHashAlgorithm hashAlgorithm)
{
X509ExtensionCollection exts = new X509ExtensionCollection();
DateTime dt = DateTime.Now.AddYears(-1);
exts.Add(new X509BasicConstraintsExtension(true, false, 0, false));
return builder.CreateCert(null, new X500DistinguishedName(subject), null, false, rsaKeySize, hashAlgorithm, dt, dt.AddYears(10), exts);
}
