public PemObject Generate()
{
if (algorithm == null)
{
PrivateKeyInfo pki = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privKey);
return(new PemObject("PRIVATE KEY", pki.GetEncoded()));
}
// TODO Theoretically, the amount of salt needed depends on the algorithm
byte[] salt = new byte[20];
if (random == null)
{
random = new SecureRandom();
}
random.NextBytes(salt);
try
{
EncryptedPrivateKeyInfo epki = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(
algorithm, password, salt, iterationCount, privKey);
return(new PemObject("ENCRYPTED PRIVATE KEY", epki.GetEncoded()));
}
catch (Exception e)
{
throw new PemGenerationException("Couldn't encrypt private key", e);
}
}
public override void PerformTest()
{
IAsymmetricCipherKeyPairGenerator pGen = GeneratorUtilities.GetKeyPairGenerator("RSA");
RsaKeyGenerationParameters genParam = new RsaKeyGenerationParameters(
BigInteger.ValueOf(0x10001), new SecureRandom(), 512, 25);
pGen.Init(genParam);
AsymmetricCipherKeyPair pair = pGen.GenerateKeyPair();
//
// set up the parameters
//
byte[] salt = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 };
int iterationCount = 100;
//
// set up the key
//
char[] password1 = { 'h', 'e', 'l', 'l', 'o' };
EncryptedPrivateKeyInfo encInfo = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(alg, password1, salt, iterationCount, PrivateKeyInfoFactory.CreatePrivateKeyInfo(pair.Private));
PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(password1, encInfo);
AsymmetricKeyParameter key = PrivateKeyFactory.CreateKey(info);
if (!key.Equals(pair.Private))
{
Fail("Key corrupted");
}
doOpensslTestKeys();
}
public PemObject Generate()
{
if (this.algorithm == null)
{
PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(this.privKey);
return(new PemObject("PRIVATE KEY", privateKeyInfo.GetEncoded()));
}
byte[] array = new byte[20];
if (this.random == null)
{
this.random = new SecureRandom();
}
this.random.NextBytes(array);
PemObject result;
try
{
EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(this.algorithm, this.password, array, this.iterationCount, this.privKey);
result = new PemObject("ENCRYPTED PRIVATE KEY", encryptedPrivateKeyInfo.GetEncoded());
}
catch (Exception exception)
{
throw new PemGenerationException("Couldn't encrypt private key", exception);
}
return(result);
}
/// <summary>
/// 获取一个密钥对,其中私钥是DES加密后的
/// </summary>
/// <param name="userPassword"></param>
/// <returns></returns>
public static bool CreateRSAKeypair(string pwd, ref KeyPair resultKeypair)
{
_error = "";
try
{
resultKeypair = new KeyPair {
publicKey = "", privateKey = ""
};
//RSA密钥对的构造器
RsaKeyPairGenerator keyGenerator = new RsaKeyPairGenerator();
//RSA密钥构造器的参数
RsaKeyGenerationParameters param = new RsaKeyGenerationParameters(
Org.BouncyCastle.Math.BigInteger.ValueOf(3),
new Org.BouncyCastle.Security.SecureRandom(),
1024, //密钥长度
25);
//用参数初始化密钥构造器
keyGenerator.Init(param);
//产生密钥对
AsymmetricCipherKeyPair keyPair = keyGenerator.GenerateKeyPair();
if (((RsaKeyParameters)keyPair.Public).Modulus.BitLength < 1024)
{
_error = "密钥生成失败,长度不足1024字节。";
return(false);
}
//获取公钥和密钥
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public);
Asn1Object asn1ObjectPublic = subjectPublicKeyInfo.ToAsn1Object();
byte[] pbkByte = asn1ObjectPublic.GetEncoded();
resultKeypair.publicKey = Convert.ToBase64String(pbkByte);
string alg = "1.2.840.113549.1.12.1.3"; // 3 key triple DES with SHA-1
byte[] salt = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 };
int count = 1000;
char[] password = pwd.ToCharArray();
EncryptedPrivateKeyInfo enPrivateKeyInfo = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(
alg,
password,
salt,
count,
keyPair.Private);
byte[] prkByte = enPrivateKeyInfo.ToAsn1Object().GetEncoded();
resultKeypair.privateKey = Convert.ToBase64String(prkByte);
return(true);
}
catch (Exception ex)
{
_error = ex.Message;
return(false);
}
}
public static byte[] EncryptKey(
string algorithm,
char[] passPhrase,
byte[] salt,
int iterationCount,
AsymmetricKeyParameter key)
{
return(EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(
algorithm, passPhrase, salt, iterationCount, key).GetEncoded());
}
public static RSAKeyPair Encrypt(string passphrase, RSAKeyPair keyPair)
{
var salt = new byte[20];
new SecureRandom().NextBytes(salt);
return(new RSAKeyPair(keyPair.PublicKey,
EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc.Id,
passphrase.ToArray(),
salt,
1024,
PrivateKeyInfo.GetInstance(keyPair.PrivateKey)).GetDerEncoded(),
true));
}
private static void savetheKey(AsymmetricKeyParameter publicKey, AsymmetricKeyParameter privateKey)
{
//保存公钥到文件
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey);
Asn1Object aobject = publicKeyInfo.ToAsn1Object();
byte[] pubInfoByte = aobject.GetEncoded();
FileStream fs = new FileStream(pubKeyFile, FileMode.Create, FileAccess.Write);
fs.Write(pubInfoByte, 0, pubInfoByte.Length);
fs.Close();
//保存私钥到文件
/*
* PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateKey);
* aobject = privateKeyInfo.ToAsn1Object();
* byte[] priInfoByte = aobject.GetEncoded();
* fs = new FileStream(@"E:/Desktop/a.pri", FileMode.Create, FileAccess.Write);
* fs.Write(priInfoByte, 0, priInfoByte.Length);
* fs.Close();
*/
string alg = "1.2.840.113549.1.12.1.3"; // 3 key triple DES with SHA-1
byte[] salt = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 };
int count = 1000;
char[] password = "******".ToCharArray();
EncryptedPrivateKeyInfo enPrivateKeyInfo = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(
alg,
password,
salt,
count,
privateKey);
byte[] priInfoByte = enPrivateKeyInfo.ToAsn1Object().GetEncoded();
fs = new FileStream(priKeyFile, FileMode.Create, FileAccess.Write);
fs.Write(priInfoByte, 0, priInfoByte.Length);
fs.Close();
//还原
//PrivateKeyInfo priInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(password, enPrivateKeyInfo);
//AsymmetricKeyParameter privateKey = PrivateKeyFactory.CreateKey(priInfoByte);
}
public void RsaKeysGenerate(string PrivateKeyFilename, string PublicKeyFilename, string passw)
{
RsaKeyPairGenerator keyGenerator = new RsaKeyPairGenerator();
RsaKeyGenerationParameters param = new RsaKeyGenerationParameters(BigInteger.ValueOf(3L), new SecureRandom(), 1024, 25);
keyGenerator.Init(param);
AsymmetricCipherKeyPair keyPair = keyGenerator.GenerateKeyPair();
AsymmetricKeyParameter publicKey = keyPair.Public;
AsymmetricKeyParameter privateKey = keyPair.Private;
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey);
Asn1Object aobject = publicKeyInfo.ToAsn1Object();
byte[] pubInfoByte = aobject.GetEncoded();
System.IO.FileStream fs = new System.IO.FileStream(PublicKeyFilename, System.IO.FileMode.Create, System.IO.FileAccess.Write);
fs.Write(pubInfoByte, 0, pubInfoByte.Length);
fs.Close();
string alg = "1.2.840.113549.1.12.1.3";
byte[] salt = new byte[]
{
1,
2,
3,
4,
5,
6,
7,
8,
9,
10
};
int count = 1000;
char[] password = passw.ToCharArray();
EncryptedPrivateKeyInfo enPrivateKeyInfo = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(alg, password, salt, count, privateKey);
byte[] priInfoByte = enPrivateKeyInfo.ToAsn1Object().GetEncoded();
fs = new System.IO.FileStream(PrivateKeyFilename, System.IO.FileMode.Create, System.IO.FileAccess.Write);
fs.Write(priInfoByte, 0, priInfoByte.Length);
fs.Close();
}
public static string SavePrivateKey(AsymmetricKeyParameter privateKey)
{
//保存公钥到文件
string alg = "1.2.840.113549.1.12.1.3"; // 3 key triple DES with SHA-1
byte[] salt = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 };
int count = 1000;
char[] password = "******".ToCharArray();
EncryptedPrivateKeyInfo enPrivateKeyInfo = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(
alg,
password,
salt,
count,
privateKey);
byte[] priInfoByte = enPrivateKeyInfo.ToAsn1Object().GetEncoded();
return(Convert.ToBase64String(priInfoByte));
////还原
//PrivateKeyInfo priInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(password, enPrivateKeyInfo);
//AsymmetricKeyParameter privateKey = PrivateKeyFactory.CreateKey(priInfoByte);
}
public PemObject Generate()
{
if (algorithm == null)
{
PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privKey);
return(new PemObject("PRIVATE KEY", privateKeyInfo.GetEncoded()));
}
byte[] array = new byte[20];
if (random == null)
{
random = new SecureRandom();
}
((Random)random).NextBytes(array);
try
{
EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(algorithm, password, array, iterationCount, privKey);
return(new PemObject("ENCRYPTED PRIVATE KEY", encryptedPrivateKeyInfo.GetEncoded()));
}
catch (global::System.Exception exception)
{
throw new PemGenerationException("Couldn't encrypt private key", exception);
}
}
private const string alg = "1.2.840.113549.1.12.1.3"; // 3 key triple DES with SHA-1
public override void PerformTest()
{
IAsymmetricCipherKeyPairGenerator fact = GeneratorUtilities.GetKeyPairGenerator("RSA");
fact.Init(new KeyGenerationParameters(new SecureRandom(), 512));
AsymmetricCipherKeyPair keyPair = fact.GenerateKeyPair();
AsymmetricKeyParameter priKey = keyPair.Private;
AsymmetricKeyParameter pubKey = keyPair.Public;
//
// set up the parameters
//
byte[] salt = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 };
int iterationCount = 100;
Asn1Encodable defParams = PbeUtilities.GenerateAlgorithmParameters(alg, salt, iterationCount);
char[] password1 = { 'h', 'e', 'l', 'l', 'o' };
// AlgorithmParameters parameters = AlgorithmParameters.getInstance(alg);
//
// parameters.init(defParams);
//
// set up the key
//
// PBEKeySpec pbeSpec = new PBEKeySpec(password1);
// SecretKeyFactory keyFact = SecretKeyFactory.getInstance(alg);
// IBufferedCipher cipher = CipherUtilities.GetCipher(alg);
IWrapper wrapper = WrapperUtilities.GetWrapper(alg);
ICipherParameters parameters = PbeUtilities.GenerateCipherParameters(
alg, password1, defParams);
// cipher.Init(IBufferedCipher.WRAP_MODE, keyFact.generateSecret(pbeSpec), parameters);
wrapper.Init(true, parameters);
// byte[] wrappedKey = cipher.Wrap(priKey);
byte[] pkb = PrivateKeyInfoFactory.CreatePrivateKeyInfo(priKey).GetDerEncoded();
byte[] wrappedKey = wrapper.Wrap(pkb, 0, pkb.Length);
//
// create encrypted object
//
// TODO Figure out what this was supposed to do
// EncryptedPrivateKeyInfo pInfo = new EncryptedPrivateKeyInfo(parameters, wrappedKey);
PrivateKeyInfo plain = PrivateKeyInfoFactory.CreatePrivateKeyInfo(priKey);
EncryptedPrivateKeyInfo pInfo = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(
alg, password1, salt, iterationCount, plain);
//
// decryption step
//
char[] password2 = { 'h', 'e', 'l', 'l', 'o' };
// pbeSpec = new PBEKeySpec(password2);
//
// cipher = CipherUtilities.GetCipher(pInfo.EncryptionAlgorithm);
//
// cipher.Init(false, keyFact.generateSecret(pbeSpec), pInfo.getAlgParameters());
//
// PKCS8EncodedKeySpec keySpec = pInfo.getKeySpec(cipher);
PrivateKeyInfo decrypted = PrivateKeyInfoFactory.CreatePrivateKeyInfo(password2, pInfo);
// if (!MessageDigest.isEqual(priKey.GetEncoded(), keySpec.GetEncoded()))
if (!decrypted.Equals(plain))
{
Fail("Private key does not match");
}
//
// using ICipherParameters test
//
// pbeSpec = new PBEKeySpec(password1);
// keyFact = SecretKeyFactory.getInstance(alg);
// cipher = CipherUtilities.GetCipher(alg);
wrapper = WrapperUtilities.GetWrapper(alg);
// cipher.init(IBufferedCipher.WRAP_MODE, keyFact.generateSecret(pbeSpec), parameters);
wrapper.Init(true, parameters);
// wrappedKey = cipher.wrap(priKey);
wrappedKey = wrapper.Wrap(pkb, 0, pkb.Length);
//
// create encrypted object
//
// TODO Figure out what this was supposed to do
// pInfo = new EncryptedPrivateKeyInfo(cipher.getParameters(), wrappedKey);
plain = PrivateKeyInfoFactory.CreatePrivateKeyInfo(priKey);
pInfo = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(
alg, password1, salt, iterationCount, plain);
//
// decryption step
//
// pbeSpec = new PBEKeySpec(password2);
//
// cipher = CipherUtilities.GetCipher(pInfo.getAlgName());
//
// cipher.init(IBufferedCipher.DECRYPT_MODE, keyFact.generateSecret(pbeSpec), pInfo.getAlgParameters());
//
// keySpec = pInfo.getKeySpec(cipher);
decrypted = PrivateKeyInfoFactory.CreatePrivateKeyInfo(password2, pInfo);
// if (!MessageDigest.isEqual(priKey.GetEncoded(), keySpec.GetEncoded()))
if (!decrypted.Equals(plain))
{
Fail("Private key does not match");
}
}
public static void Save(this Pkcs12Store store,
Stream stream,
string encryptionPassword,
string integrityPassword,
SecureRandom random)
{
const int saltSize = 20;
const int minIterations = 1024;
if (stream == null)
{
throw new ArgumentNullException("stream");
}
//if (null != encryptionPassword && encryptionPassword == integrityPassword)
//{
// store.Save(stream, encryptionPassword.ToArray(), random);
// return;
//}
if (random == null)
{
throw new ArgumentNullException("random");
}
var T = store.GetType();
Func <AsymmetricKeyParameter, SubjectKeyIdentifier> CreateSubjectKeyID = (pubKey_) =>
{
var method = T.GetMethod("CreateSubjectKeyID", BindingFlags.NonPublic | BindingFlags.Static);
return((SubjectKeyIdentifier)method.Invoke(store, new object[] { pubKey_ }));
};
Func <DerObjectIdentifier> keyAlgorithm = () =>
{
var property = T.GetField("keyAlgorithm", BindingFlags.NonPublic | BindingFlags.Instance);
return((DerObjectIdentifier)property.GetValue(store));
};
Func <DerObjectIdentifier> certAlgorithm = () =>
{
var property = T.GetField("certAlgorithm", BindingFlags.NonPublic | BindingFlags.Instance);
return((DerObjectIdentifier)property.GetValue(store));
};
//
// handle the key
//
Asn1EncodableVector keyS = new Asn1EncodableVector();
var keys = store.Aliases.OfType <string>().ToDictionary(alias => alias, store.GetKey);
foreach (string name in store.Aliases.OfType <string>())
{
byte[] kSalt = new byte[saltSize];
random.NextBytes(kSalt);
AsymmetricKeyEntry privKey = keys[name];
Asn1Encodable kInfo = null;
if (!string.IsNullOrEmpty(encryptionPassword))
{
kInfo = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(keyAlgorithm(), encryptionPassword.ToArray(), kSalt, minIterations, privKey.Key);
}
else
{
kInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privKey.Key);
}
Asn1EncodableVector kName = new Asn1EncodableVector();
foreach (string oid in privKey.BagAttributeKeys)
{
Asn1Encodable entry = privKey[oid];
// NB: Ignore any existing FriendlyName
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id))
{
continue;
}
kName.Add(new DerSequence(new DerObjectIdentifier(oid), new DerSet(entry)));
}
//
// make sure we are using the local alias on store
//
// NB: We always set the FriendlyName based on 'name'
//if (privKey[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null)
{
kName.Add(new DerSequence(PkcsObjectIdentifiers.Pkcs9AtFriendlyName, new DerSet(new DerBmpString(name))));
}
//
// make sure we have a local key-id
//
if (privKey[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null)
{
X509CertificateEntry ct = store.GetCertificate(name);
AsymmetricKeyParameter pubKey = ct.Certificate.GetPublicKey();
SubjectKeyIdentifier subjectKeyID = CreateSubjectKeyID(pubKey);
kName.Add(new DerSequence(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID, new DerSet(subjectKeyID)));
}
SafeBag kBag = null;
if (!string.IsNullOrEmpty(encryptionPassword))
{
kBag = new SafeBag(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag, kInfo.ToAsn1Object(), new DerSet(kName));
}
else
{
kBag = new SafeBag(PkcsObjectIdentifiers.KeyBag, kInfo.ToAsn1Object(), new DerSet(kName));
}
keyS.Add(kBag);
}
byte[] derEncodedBytes = new DerSequence(keyS).GetDerEncoded();
BerOctetString keyString = new BerOctetString(derEncodedBytes);
//
// certificate processing
//
byte[] cSalt = new byte[saltSize];
random.NextBytes(cSalt);
Asn1EncodableVector certSeq = new Asn1EncodableVector();
Pkcs12PbeParams cParams = new Pkcs12PbeParams(cSalt, minIterations);
AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm(), cParams.ToAsn1Object());
ISet doneCerts = new HashSet();
foreach (string name in keys.Keys)
{
X509CertificateEntry certEntry = store.GetCertificate(name);
CertBag cBag = new CertBag(PkcsObjectIdentifiers.X509Certificate, new DerOctetString(certEntry.Certificate.GetEncoded()));
Asn1EncodableVector fName = new Asn1EncodableVector();
foreach (string oid in certEntry.BagAttributeKeys)
{
Asn1Encodable entry = certEntry[oid];
// NB: Ignore any existing FriendlyName
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id))
{
continue;
}
fName.Add(new DerSequence(new DerObjectIdentifier(oid), new DerSet(entry)));
}
//
// make sure we are using the local alias on store
//
// NB: We always set the FriendlyName based on 'name'
//if (certEntry[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null)
{
fName.Add(new DerSequence(PkcsObjectIdentifiers.Pkcs9AtFriendlyName, new DerSet(new DerBmpString(name))));
}
//
// make sure we have a local key-id
//
if (certEntry[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null)
{
AsymmetricKeyParameter pubKey = certEntry.Certificate.GetPublicKey();
SubjectKeyIdentifier subjectKeyID = CreateSubjectKeyID(pubKey);
fName.Add(new DerSequence(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID, new DerSet(subjectKeyID)));
}
SafeBag sBag = new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName));
certSeq.Add(sBag);
doneCerts.Add(certEntry.Certificate);
}
var certs = store.Aliases.OfType <string>().Select(store.GetCertificate);
foreach (var cert in certs)
{
//X509CertificateEntry cert = (X509CertificateEntry)certs[certId];
//if (keys[certId] != null)
// continue;
if (doneCerts.Contains(cert.Certificate))
{
continue;
}
CertBag cBag = new CertBag(PkcsObjectIdentifiers.X509Certificate, new DerOctetString(cert.Certificate.GetEncoded()));
Asn1EncodableVector fName = new Asn1EncodableVector();
foreach (string oid in cert.BagAttributeKeys)
{
// a certificate not immediately linked to a key doesn't require
// a localKeyID and will confuse some PKCS12 implementations.
//
// If we find one, we'll prune it out.
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id))
{
continue;
}
Asn1Encodable entry = cert[oid];
// NB: Ignore any existing FriendlyName
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id))
{
continue;
}
fName.Add(new DerSequence(new DerObjectIdentifier(oid), new DerSet(entry)));
}
//
// make sure we are using the local alias on store
//
// NB: We always set the FriendlyName based on 'certId'
//if (cert[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null)
{
//fName.Add(new DerSequence(PkcsObjectIdentifiers.Pkcs9AtFriendlyName, new DerSet(new DerBmpString(certId))));
fName.Add(new DerSequence(PkcsObjectIdentifiers.Pkcs9AtFriendlyName, new DerSet(new DerBmpString(CreateSubjectKeyID(cert.Certificate.GetPublicKey()).GetKeyIdentifier()))));
}
SafeBag sBag = new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName));
certSeq.Add(sBag);
doneCerts.Add(cert.Certificate);
}
var chainCerts = store.Aliases.OfType <string>().Select(store.GetCertificateChain).Aggregate <IEnumerable <X509CertificateEntry>, IEnumerable <X509CertificateEntry> >(new List <X509CertificateEntry>(), (list, entries) => list.Union(entries));
foreach (var cert in chainCerts)
{
//X509CertificateEntry cert = (X509CertificateEntry)chainCerts[certId];
if (doneCerts.Contains(cert.Certificate))
{
continue;
}
CertBag cBag = new CertBag(PkcsObjectIdentifiers.X509Certificate, new DerOctetString(cert.Certificate.GetEncoded()));
Asn1EncodableVector fName = new Asn1EncodableVector();
foreach (string oid in cert.BagAttributeKeys)
{
// a certificate not immediately linked to a key doesn't require
// a localKeyID and will confuse some PKCS12 implementations.
//
// If we find one, we'll prune it out.
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id))
{
continue;
}
fName.Add(new DerSequence(new DerObjectIdentifier(oid), new DerSet(cert[oid])));
}
SafeBag sBag = new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName));
certSeq.Add(sBag);
}
derEncodedBytes = new DerSequence(certSeq).GetDerEncoded();
Func <bool, AlgorithmIdentifier, char[], bool, byte[], byte[]> CryptPbeData = (forEncryption_, algId_, password_, wrongPkcs12Zero_, data_) =>
{
var method = T.GetMethod("CryptPbeData", BindingFlags.NonPublic | BindingFlags.Static);
return((byte[])method.Invoke(store, new object[] { forEncryption_, algId_, password_, wrongPkcs12Zero_, data_ }));
};
ContentInfo[] info = null;
if (null != encryptionPassword)
{
byte[] certBytes = CryptPbeData(true, cAlgId, encryptionPassword.ToArray(), false, derEncodedBytes);
var cInfo = new EncryptedData(PkcsObjectIdentifiers.Data, cAlgId, new BerOctetString(certBytes));
info = new ContentInfo[]
{
new ContentInfo(PkcsObjectIdentifiers.Data, keyString),
new ContentInfo(PkcsObjectIdentifiers.EncryptedData, cInfo.ToAsn1Object())
};
}
else
{
var cInfo = new BerOctetString(derEncodedBytes);
info = new ContentInfo[]
{
new ContentInfo(PkcsObjectIdentifiers.Data, keyString),
new ContentInfo(PkcsObjectIdentifiers.Data, cInfo.ToAsn1Object())
};
}
byte[] data = new AuthenticatedSafe(info).GetEncoded(Asn1Encodable.Der);
ContentInfo mainInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(data));
//
// create the mac
//
byte[] mSalt = new byte[saltSize];
random.NextBytes(mSalt);
Func <DerObjectIdentifier, byte[], int, char[], bool, byte[], byte[]> CalculatePbeMac = (oid_, salt_, itCount_, password_, wrongPkcs12Zero_, data_) =>
{
var method = T.GetMethod("CalculatePbeMac", BindingFlags.NonPublic | BindingFlags.Static);
return((byte[])method.Invoke(store, new object[] { oid_, salt_, itCount_, password_, wrongPkcs12Zero_, data_ }));
};
MacData mData = null;
if (null != integrityPassword)
{
//byte[] mac = CalculatePbeMac(OiwObjectIdentifiers.IdSha1, mSalt, minIterations, integrityPassword.ToArray(), false, data);
byte[] mac = CalculatePbeMac(PbeUtilities.GetObjectIdentifier("PBEwithHmacSHA-256"), mSalt, minIterations, integrityPassword.ToArray(), false, data);
//AlgorithmIdentifier algId = new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1, DerNull.Instance);
AlgorithmIdentifier algId = new AlgorithmIdentifier(PbeUtilities.GetObjectIdentifier("PBEwithHmacSHA-256"), DerNull.Instance);
DigestInfo dInfo = new DigestInfo(algId, mac);
mData = new MacData(dInfo, mSalt, minIterations);
}
//
// output the Pfx
//
Pfx pfx = new Pfx(mainInfo, mData);
DerOutputStream derOut = new DerOutputStream(stream);
derOut.WriteObject(pfx);
}
public void Save(
Stream stream,
char[] password,
SecureRandom random)
{
if (stream == null)
{
throw new ArgumentNullException("stream");
}
if (random == null)
{
throw new ArgumentNullException("random");
}
//
// handle the keys
//
Asn1EncodableVector keyBags = new Asn1EncodableVector();
foreach (string name in keys.Keys)
{
byte[] kSalt = new byte[SaltSize];
random.NextBytes(kSalt);
AsymmetricKeyEntry privKey = (AsymmetricKeyEntry)keys[name];
DerObjectIdentifier bagOid;
Asn1Encodable bagData;
if (password == null)
{
bagOid = PkcsObjectIdentifiers.KeyBag;
bagData = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privKey.Key);
}
else
{
bagOid = PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag;
bagData = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(
keyAlgorithm, password, kSalt, MinIterations, privKey.Key);
}
Asn1EncodableVector kName = new Asn1EncodableVector();
foreach (string oid in privKey.BagAttributeKeys)
{
Asn1Encodable entry = privKey[oid];
// NB: Ignore any existing FriendlyName
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id))
{
continue;
}
kName.Add(
new DerSequence(
new DerObjectIdentifier(oid),
new DerSet(entry)));
}
//
// make sure we are using the local alias on store
//
// NB: We always set the FriendlyName based on 'name'
//if (privKey[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null)
{
kName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtFriendlyName,
new DerSet(new DerBmpString(name))));
}
//
// make sure we have a local key-id
//
if (privKey[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null)
{
X509CertificateEntry ct = GetCertificate(name);
AsymmetricKeyParameter pubKey = ct.Certificate.GetPublicKey();
SubjectKeyIdentifier subjectKeyID = CreateSubjectKeyID(pubKey);
kName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtLocalKeyID,
new DerSet(subjectKeyID)));
}
keyBags.Add(new SafeBag(bagOid, bagData.ToAsn1Object(), new DerSet(kName)));
}
byte[] keyBagsEncoding = new DerSequence(keyBags).GetDerEncoded();
ContentInfo keysInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(keyBagsEncoding));
//
// certificate processing
//
byte[] cSalt = new byte[SaltSize];
random.NextBytes(cSalt);
Asn1EncodableVector certBags = new Asn1EncodableVector();
Pkcs12PbeParams cParams = new Pkcs12PbeParams(cSalt, MinIterations);
AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.ToAsn1Object());
ISet doneCerts = new HashSet();
foreach (string name in keys.Keys)
{
X509CertificateEntry certEntry = GetCertificate(name);
CertBag cBag = new CertBag(
PkcsObjectIdentifiers.X509Certificate,
new DerOctetString(certEntry.Certificate.GetEncoded()));
Asn1EncodableVector fName = new Asn1EncodableVector();
foreach (string oid in certEntry.BagAttributeKeys)
{
Asn1Encodable entry = certEntry[oid];
// NB: Ignore any existing FriendlyName
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id))
{
continue;
}
fName.Add(
new DerSequence(
new DerObjectIdentifier(oid),
new DerSet(entry)));
}
//
// make sure we are using the local alias on store
//
// NB: We always set the FriendlyName based on 'name'
//if (certEntry[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null)
{
fName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtFriendlyName,
new DerSet(new DerBmpString(name))));
}
//
// make sure we have a local key-id
//
if (certEntry[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null)
{
AsymmetricKeyParameter pubKey = certEntry.Certificate.GetPublicKey();
SubjectKeyIdentifier subjectKeyID = CreateSubjectKeyID(pubKey);
fName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtLocalKeyID,
new DerSet(subjectKeyID)));
}
certBags.Add(new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName)));
doneCerts.Add(certEntry.Certificate);
}
foreach (string certId in certs.Keys)
{
X509CertificateEntry cert = (X509CertificateEntry)certs[certId];
if (keys[certId] != null)
{
continue;
}
CertBag cBag = new CertBag(
PkcsObjectIdentifiers.X509Certificate,
new DerOctetString(cert.Certificate.GetEncoded()));
Asn1EncodableVector fName = new Asn1EncodableVector();
foreach (string oid in cert.BagAttributeKeys)
{
// a certificate not immediately linked to a key doesn't require
// a localKeyID and will confuse some PKCS12 implementations.
//
// If we find one, we'll prune it out.
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id))
{
continue;
}
Asn1Encodable entry = cert[oid];
// NB: Ignore any existing FriendlyName
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id))
{
continue;
}
fName.Add(
new DerSequence(
new DerObjectIdentifier(oid),
new DerSet(entry)));
}
//
// make sure we are using the local alias on store
//
// NB: We always set the FriendlyName based on 'certId'
//if (cert[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null)
{
fName.Add(
new DerSequence(
PkcsObjectIdentifiers.Pkcs9AtFriendlyName,
new DerSet(new DerBmpString(certId))));
}
certBags.Add(new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName)));
doneCerts.Add(cert.Certificate);
}
foreach (CertId certId in chainCerts.Keys)
{
X509CertificateEntry cert = (X509CertificateEntry)chainCerts[certId];
if (doneCerts.Contains(cert.Certificate))
{
continue;
}
CertBag cBag = new CertBag(
PkcsObjectIdentifiers.X509Certificate,
new DerOctetString(cert.Certificate.GetEncoded()));
Asn1EncodableVector fName = new Asn1EncodableVector();
foreach (string oid in cert.BagAttributeKeys)
{
// a certificate not immediately linked to a key doesn't require
// a localKeyID and will confuse some PKCS12 implementations.
//
// If we find one, we'll prune it out.
if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id))
{
continue;
}
fName.Add(
new DerSequence(
new DerObjectIdentifier(oid),
new DerSet(cert[oid])));
}
certBags.Add(new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName)));
}
byte[] certBagsEncoding = new DerSequence(certBags).GetDerEncoded();
ContentInfo certsInfo;
if (password == null)
{
certsInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(certBagsEncoding));
}
else
{
byte[] certBytes = CryptPbeData(true, cAlgId, password, false, certBagsEncoding);
EncryptedData cInfo = new EncryptedData(PkcsObjectIdentifiers.Data, cAlgId, new BerOctetString(certBytes));
certsInfo = new ContentInfo(PkcsObjectIdentifiers.EncryptedData, cInfo.ToAsn1Object());
}
ContentInfo[] info = new ContentInfo[] { keysInfo, certsInfo };
byte[] data = new AuthenticatedSafe(info).GetEncoded(
useDerEncoding ? Asn1Encodable.Der : Asn1Encodable.Ber);
ContentInfo mainInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(data));
//
// create the mac
//
MacData macData = null;
if (password != null)
{
byte[] mSalt = new byte[20];
random.NextBytes(mSalt);
byte[] mac = CalculatePbeMac(OiwObjectIdentifiers.IdSha1,
mSalt, MinIterations, password, false, data);
AlgorithmIdentifier algId = new AlgorithmIdentifier(
OiwObjectIdentifiers.IdSha1, DerNull.Instance);
DigestInfo dInfo = new DigestInfo(algId, mac);
macData = new MacData(dInfo, mSalt, MinIterations);
}
//
// output the Pfx
//
Pfx pfx = new Pfx(mainInfo, macData);
DerOutputStream derOut;
if (useDerEncoding)
{
derOut = new DerOutputStream(stream);
}
else
{
derOut = new BerOutputStream(stream);
}
derOut.WriteObject(pfx);
}
