public static X509Certificate2 ToCertificateWithPrivateKey( Guid ownIdentity, Org.BouncyCastle.X509.X509Certificate certificate, AsymmetricCipherKeyPair keyPair, string password, SecureRandom random) { var ownCertificateStore = new FileInfo(GetStorePath(ownIdentity)); var newStore = new Pkcs12Store(); var certEntry = new X509CertificateEntry(certificate); newStore.SetCertificateEntry( ownIdentity.ToString(), certEntry); newStore.SetKeyEntry( ownIdentity.ToString(), new AsymmetricKeyEntry(keyPair.Private), new[] { certEntry }); if (ownCertificateStore.Exists) { ownCertificateStore.Delete(); } using (var file = ownCertificateStore.OpenWrite()) { newStore.Save( file, password.ToCharArray(), random); } return(new X509Certificate2(ownCertificateStore.FullName, password)); }
public bool validacionSatCert(Byte[] byteCer) { bool respuesta = false; //DAL dal = new DAL(); X509CertificateParser clientCertParser = new X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate clientCert = clientCertParser.ReadCertificate(byteCer); OCSP validaOcsp = new OCSP(); string respuestaOcsp; string pathIssuerCert; X509CertificateParser issuerCertParser = new X509CertificateParser(); FileStream fs; //DirectoryInfo di = new DirectoryInfo(@"C:\Users\jesusalejandro.ramos\Documents\19735\Firma\Certificados"); //System.IO.DriveInfo di = new System.IO.DriveInfo(@"C:\Users\jesusalejandro.ramos\Documents\19735\Firma\Certificados"); DirectoryInfo di = new DirectoryInfo(@"C:\inetpub\DocumentosAplicacionENREL\Certificados"); Console.WriteLine("No search pattern returns:"); foreach (var fi in di.GetFiles()) { pathIssuerCert = fi.FullName; //Console.WriteLine("{0}: {1}: {2}", fi.Name, fi.LastAccessTime, fi.Length); //fs = new FileStream("C:\\Users\\jesusalejandro.ramos\\Documents\\19735\\Firma\\Certificados\\pruebaSAT\\AC3_SAT.cer", FileMode.Open); fs = new FileStream(pathIssuerCert, FileMode.Open); Org.BouncyCastle.X509.X509Certificate issuerCert = issuerCertParser.ReadCertificate(fs); fs.Close(); validaOcsp.validateOcsp(clientCert, issuerCert, out respuestaOcsp); msgProcFirmado = respuestaOcsp; if (msgProcFirmado.Contains("Válido")) { respuesta = true; break; } else { Thread.Sleep(500); } msgProcFirmado = "No se pudo realizar la validación OCSP"; } return(respuesta); }
public static void EncryptPdfWithCertificate(string sourceDocument, string targetDocument, string certPath) { X509Certificate chain = new X509Certificate(); chain.Import(certPath); Org.BouncyCastle.X509.X509Certificate cert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(chain); Org.BouncyCastle.X509.X509Certificate[] certs = new Org.BouncyCastle.X509.X509Certificate[1] { cert }; PdfReader reader = new PdfReader(sourceDocument); PdfStamper st = new PdfStamper(reader, new FileStream(targetDocument, FileMode.Create, FileAccess.Write), '\0', false); int[] x = new int[1]; x[0] = PdfWriter.ALLOW_SCREENREADERS; st.SetEncryption(certs, x, PdfWriter.STANDARD_ENCRYPTION_40); st.Close(); }
/// <summary> /// Generates client certificate by certificate signing request. /// </summary> /// <param name="csrBytes">CSR as bytes array</param> /// <param name="commonName">Common name of certificate</param> /// <exception cref="InvalidCastException">Invalid format of CSR</exception> /// <returns></returns> public static X509Certificate2 SignRequest(byte[] csrBytes, string commonName) { if (string.IsNullOrEmpty(commonName)) { throw new ArgumentNullException("commonName"); } var certificationRequest = new Pkcs10CertificationRequest(csrBytes); CertificationRequestInfo csrInfo = certificationRequest.GetCertificationRequestInfo(); SubjectPublicKeyInfo pki = csrInfo.SubjectPublicKeyInfo; AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(pki); // Version1 (No Extensions) Certificate DateTime startDate = DateTime.UtcNow; DateTime expiryDate = startDate.AddYears(100); var serialNumber = new BigInteger(32, new Random()); var certGen = new X509V1CertificateGenerator(); var x509ServerCertificate = ServerCertificate; var caCert = DotNetUtilities.FromX509Certificate(x509ServerCertificate); certGen.SetSerialNumber(serialNumber); certGen.SetIssuerDN(caCert.SubjectDN); certGen.SetNotBefore(startDate); certGen.SetNotAfter(expiryDate); certGen.SetSubjectDN(CreateSubject(commonName)); certGen.SetSignatureAlgorithm("SHA256withRSA"); certGen.SetPublicKey(publicKey); var keyPath = string.Format(@"{0}\App_Data\server.key", AppDomain.CurrentDomain.BaseDirectory); AsymmetricCipherKeyPair keyPair; using (var reader = File.OpenText(keyPath)) { keyPair = (AsymmetricCipherKeyPair) new PemReader(reader, new PasswordFinder()).ReadObject(); } Org.BouncyCastle.X509.X509Certificate cert = certGen.Generate(keyPair.Private); return(new X509Certificate2(DotNetUtilities.ToX509Certificate(cert))); }
private static void CertSign(X509Certificate2 cert, X509CertificateParser cp, string destinationPath, PdfReader reader, string reason, string location) { Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(cert.RawData) }; IExternalSignature externalSignature = new X509Certificate2Signature(cert, "SHA-1"); using (FileStream fout = new FileStream(destinationPath, FileMode.Create, FileAccess.ReadWrite)) { using (PdfStamper stamper = PdfStamper.CreateSignature(reader, fout, '\0', null, true)) { PdfSignatureAppearance appearance = stamper.SignatureAppearance; appearance.Reason = reason; appearance.Location = location; MakeSignature.SignDetached(appearance, externalSignature, chain, null, null, null, 0, CryptoStandard.CADES); stamper.Close(); } } }
public static Org.BouncyCastle.X509.X509Certificate generateRootCertV2(string certName) { X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X509Name CN = new X509Name("CN=" + certName); RsaKeyPairGenerator keypairgen = new RsaKeyPairGenerator(); keypairgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024)); AsymmetricCipherKeyPair keypair = keypairgen.GenerateKeyPair(); certGen.SetSerialNumber(BigInteger.ProbablePrime(120, new Random())); certGen.SetIssuerDN(CN); certGen.SetNotAfter(DateTime.MaxValue); certGen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0))); certGen.SetSubjectDN(CN); certGen.SetPublicKey(keypair.Public); certGen.SetSignatureAlgorithm("MD5WithRSA"); Org.BouncyCastle.X509.X509Certificate newCert = certGen.Generate(keypair.Private); return(newCert); }