public static void CreateCert(string parentcer, string csrFile)
{
var issuer = new X509CertificateParser().ReadCertificate(File.OpenRead(parentcer));
var reader = new PemReader(File.OpenText(csrFile));
var csr = (Pkcs10CertificationRequest)(reader.ReadObject());
var csrinfo = csr.GetCertificationRequestInfo();
AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(PkcsObjectIdentifiers.Sha256WithRsaEncryption);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
BigInteger serial = new BigInteger(128, new SecureRandom());
DateTime from = new DateTime(DateTime.Now.Year, DateTime.Now.Month, DateTime.Now.Day);
DateTime to = from.AddYears(5);
V3TbsCertificateGenerator tbsGen = new V3TbsCertificateGenerator();
tbsGen.SetIssuer(issuer.SubjectDN);
tbsGen.SetSerialNumber(new DerInteger(serial));
tbsGen.SetStartDate(new Time(from));
tbsGen.SetEndDate(new Time(to));
tbsGen.SetSubjectPublicKeyInfo(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(csr.GetPublicKey()));
tbsGen.SetSubject(csrinfo.Subject);
// add certificate purposes
Asn1EncodableVector vector = new Asn1EncodableVector();
vector.Add(new DerObjectIdentifier("1.3.6.1.5.5.7.3.2"));
vector.Add(new DerObjectIdentifier("1.3.6.1.4.1.311.20.2.2"));
vector.Add(new DerObjectIdentifier("1.3.6.1.4.1.311.10.3.12"));
vector.Add(new DerObjectIdentifier("1.3.6.1.5.5.7.3.4"));
DerSequence seq = new DerSequence(vector);
X509ExtensionsGenerator extGenerator = new X509ExtensionsGenerator();
extGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, seq);
tbsGen.SetExtensions(extGenerator.Generate());
tbsGen.SetSignature(sigAlgId);
TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
// save the TBS
System.IO.File.WriteAllBytes("tbs.cer", tbsCert.GetDerEncoded());
Console.WriteLine("generate the signature (SHA->DER->ENCRYPT) for tbs.cer and call it tbs.sig");
Console.WriteLine("And then press enter");
Console.ReadLine();
var t1 = GenerateJcaObject(tbsCert, sigAlgId, System.IO.File.ReadAllBytes("tbs.sig").Take(256).ToArray());
System.IO.File.WriteAllBytes("cert.cer", t1.GetEncoded());
Console.WriteLine("saved as cert.cer");
}
public X509Certificate Generate(ISignatureFactory signatureCalculatorFactory)
{
tbsGen.SetSignature((AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails);
TbsCertificateStructure tbsCertificateStructure = tbsGen.GenerateTbsCertificate();
IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator();
byte[] derEncoded = tbsCertificateStructure.GetDerEncoded();
streamCalculator.Stream.Write(derEncoded, 0, derEncoded.Length);
Platform.Dispose(streamCalculator.Stream);
return(GenerateJcaObject(tbsCertificateStructure, (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).Collect()));
}
public byte[] GenerateDerEncodedUnsignedCertificate()
{
if (!extGenerator.IsEmpty)
{
tbsGen.SetExtensions(extGenerator.Generate());
}
TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
return(tbsCert.GetDerEncoded());
}
/// <summary>
/// Generate a new X509Certificate using the passed in SignatureCalculator.
/// </summary>
/// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param>
/// <returns>An X509Certificate.</returns>
public X509Certificate Generate(ISignatureFactory signatureCalculatorFactory)
{
tbsGen.SetSignature((AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails);
TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator();
byte[] encoded = tbsCert.GetDerEncoded();
streamCalculator.Stream.Write(encoded, 0, encoded.Length);
BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.Dispose(streamCalculator.Stream);
return(GenerateJcaObject(tbsCert, (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).Collect()));
}
/// <summary>
/// Generate a new X509Certificate using the passed in SignatureCalculator.
/// </summary>
/// <param name="signatureCalculator">A signature calculator with the necessary algorithm details.</param>
/// <returns>An X509Certificate.</returns>
public X509Certificate Generate(ISignatureCalculator signatureCalculator)
{
tbsGen.SetSignature((AlgorithmIdentifier)signatureCalculator.AlgorithmDetails);
TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator();
byte[] encoded = tbsCert.GetDerEncoded();
streamCalculator.Stream.Write(encoded, 0, encoded.Length);
streamCalculator.Stream.Close();
return(GenerateJcaObject(tbsCert, (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).DoFinal()));
}
/// <summary>
/// Generate a new X509Certificate using the passed in SignatureCalculator.
/// </summary>
/// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param>
/// <returns>An X509Certificate.</returns>
public X509Certificate Generate(ISignatureFactory <AlgorithmIdentifier> signatureCalculatorFactory)
{
tbsGen.SetSignature(signatureCalculatorFactory.AlgorithmDetails);
if (!extGenerator.IsEmpty)
{
tbsGen.SetExtensions(extGenerator.Generate());
}
TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
IStreamCalculator <IBlockResult> streamCalculator = signatureCalculatorFactory.CreateCalculator();
byte[] encoded = tbsCert.GetDerEncoded();
streamCalculator.Stream.Write(encoded, 0, encoded.Length);
Platform.Dispose(streamCalculator.Stream);
return(GenerateJcaObject(tbsCert, signatureCalculatorFactory.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).Collect()));
}
// TODO: Abstract out common code to another method
/// <summary>
/// Generate a new X509Certificate using the passed in SignatureCalculator.
/// </summary>
/// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param>
/// <returns>An X509Certificate.</returns>
public async Task <X509Certificate> GenerateAsync(ISignatureFactory signatureCalculatorFactory)
{
tbsGen.SetSignature((AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails);
if (!extGenerator.IsEmpty)
{
tbsGen.SetExtensions(extGenerator.Generate());
}
TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator();
byte[] encoded = tbsCert.GetDerEncoded();
streamCalculator.Stream.Write(encoded, 0, encoded.Length);
Platform.Dispose(streamCalculator.Stream);
var signedBits = await streamCalculator.GetResultAsync();
return(GenerateJcaObject(tbsCert, (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails, ((IBlockResult)signedBits).Collect()));
}
