public static X509Certificate2 ToCertificateWithPrivateKey(
Guid ownIdentity,
Org.BouncyCastle.X509.X509Certificate certificate,
AsymmetricCipherKeyPair keyPair,
string password,
SecureRandom random)
{
var ownCertificateStore = new FileInfo(GetStorePath(ownIdentity));
var newStore = new Pkcs12Store();
var certEntry = new X509CertificateEntry(certificate);
newStore.SetCertificateEntry(
ownIdentity.ToString(),
certEntry);
newStore.SetKeyEntry(
ownIdentity.ToString(),
new AsymmetricKeyEntry(keyPair.Private),
new[] { certEntry });
if (ownCertificateStore.Exists)
{
ownCertificateStore.Delete();
}
using (var file = ownCertificateStore.OpenWrite())
{
newStore.Save(
file,
password.ToCharArray(),
random);
}
return(new X509Certificate2(ownCertificateStore.FullName, password));
}
public bool validacionSatCert(Byte[] byteCer)
{
bool respuesta = false;
//DAL dal = new DAL();
X509CertificateParser clientCertParser = new X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate clientCert = clientCertParser.ReadCertificate(byteCer);
OCSP validaOcsp = new OCSP();
string respuestaOcsp;
string pathIssuerCert;
X509CertificateParser issuerCertParser = new X509CertificateParser();
FileStream fs;
//DirectoryInfo di = new DirectoryInfo(@"C:\Users\jesusalejandro.ramos\Documents\19735\Firma\Certificados");
//System.IO.DriveInfo di = new System.IO.DriveInfo(@"C:\Users\jesusalejandro.ramos\Documents\19735\Firma\Certificados");
DirectoryInfo di = new DirectoryInfo(@"C:\inetpub\DocumentosAplicacionENREL\Certificados");
Console.WriteLine("No search pattern returns:");
foreach (var fi in di.GetFiles())
{
pathIssuerCert = fi.FullName;
//Console.WriteLine("{0}: {1}: {2}", fi.Name, fi.LastAccessTime, fi.Length);
//fs = new FileStream("C:\\Users\\jesusalejandro.ramos\\Documents\\19735\\Firma\\Certificados\\pruebaSAT\\AC3_SAT.cer", FileMode.Open);
fs = new FileStream(pathIssuerCert, FileMode.Open);
Org.BouncyCastle.X509.X509Certificate issuerCert = issuerCertParser.ReadCertificate(fs);
fs.Close();
validaOcsp.validateOcsp(clientCert, issuerCert, out respuestaOcsp);
msgProcFirmado = respuestaOcsp;
if (msgProcFirmado.Contains("Válido"))
{
respuesta = true;
break;
}
else
{
Thread.Sleep(500);
}
msgProcFirmado = "No se pudo realizar la validación OCSP";
}
return(respuesta);
}
public static void EncryptPdfWithCertificate(string sourceDocument, string targetDocument, string certPath)
{
X509Certificate chain = new X509Certificate();
chain.Import(certPath);
Org.BouncyCastle.X509.X509Certificate cert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(chain);
Org.BouncyCastle.X509.X509Certificate[] certs = new Org.BouncyCastle.X509.X509Certificate[1] {
cert
};
PdfReader reader = new PdfReader(sourceDocument);
PdfStamper st = new PdfStamper(reader, new FileStream(targetDocument, FileMode.Create, FileAccess.Write), '\0', false);
int[] x = new int[1];
x[0] = PdfWriter.ALLOW_SCREENREADERS;
st.SetEncryption(certs, x, PdfWriter.STANDARD_ENCRYPTION_40);
st.Close();
}
/// <summary>
/// Generates client certificate by certificate signing request.
/// </summary>
/// <param name="csrBytes">CSR as bytes array</param>
/// <param name="commonName">Common name of certificate</param>
/// <exception cref="InvalidCastException">Invalid format of CSR</exception>
/// <returns></returns>
public static X509Certificate2 SignRequest(byte[] csrBytes, string commonName)
{
if (string.IsNullOrEmpty(commonName))
{
throw new ArgumentNullException("commonName");
}
var certificationRequest = new Pkcs10CertificationRequest(csrBytes);
CertificationRequestInfo csrInfo = certificationRequest.GetCertificationRequestInfo();
SubjectPublicKeyInfo pki = csrInfo.SubjectPublicKeyInfo;
AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(pki);
// Version1 (No Extensions) Certificate
DateTime startDate = DateTime.UtcNow;
DateTime expiryDate = startDate.AddYears(100);
var serialNumber = new BigInteger(32, new Random());
var certGen = new X509V1CertificateGenerator();
var x509ServerCertificate = ServerCertificate;
var caCert = DotNetUtilities.FromX509Certificate(x509ServerCertificate);
certGen.SetSerialNumber(serialNumber);
certGen.SetIssuerDN(caCert.SubjectDN);
certGen.SetNotBefore(startDate);
certGen.SetNotAfter(expiryDate);
certGen.SetSubjectDN(CreateSubject(commonName));
certGen.SetSignatureAlgorithm("SHA256withRSA");
certGen.SetPublicKey(publicKey);
var keyPath = string.Format(@"{0}\App_Data\server.key", AppDomain.CurrentDomain.BaseDirectory);
AsymmetricCipherKeyPair keyPair;
using (var reader = File.OpenText(keyPath))
{
keyPair = (AsymmetricCipherKeyPair) new PemReader(reader, new PasswordFinder()).ReadObject();
}
Org.BouncyCastle.X509.X509Certificate cert = certGen.Generate(keyPair.Private);
return(new X509Certificate2(DotNetUtilities.ToX509Certificate(cert)));
}
private static void CertSign(X509Certificate2 cert, X509CertificateParser cp, string destinationPath, PdfReader reader, string reason, string location)
{
Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[]
{
cp.ReadCertificate(cert.RawData)
};
IExternalSignature externalSignature = new X509Certificate2Signature(cert, "SHA-1");
using (FileStream fout = new FileStream(destinationPath, FileMode.Create, FileAccess.ReadWrite))
{
using (PdfStamper stamper = PdfStamper.CreateSignature(reader, fout, '\0', null, true))
{
PdfSignatureAppearance appearance = stamper.SignatureAppearance;
appearance.Reason = reason;
appearance.Location = location;
MakeSignature.SignDetached(appearance, externalSignature, chain, null, null, null, 0,
CryptoStandard.CADES);
stamper.Close();
}
}
}
public static Org.BouncyCastle.X509.X509Certificate generateRootCertV2(string certName)
{
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X509Name CN = new X509Name("CN=" + certName);
RsaKeyPairGenerator keypairgen = new RsaKeyPairGenerator();
keypairgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));
AsymmetricCipherKeyPair keypair = keypairgen.GenerateKeyPair();
certGen.SetSerialNumber(BigInteger.ProbablePrime(120, new Random()));
certGen.SetIssuerDN(CN);
certGen.SetNotAfter(DateTime.MaxValue);
certGen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)));
certGen.SetSubjectDN(CN);
certGen.SetPublicKey(keypair.Public);
certGen.SetSignatureAlgorithm("MD5WithRSA");
Org.BouncyCastle.X509.X509Certificate newCert = certGen.Generate(keypair.Private);
return(newCert);
}
