/// <summary> /// Creates the CA certficiate for self siging certificates using Bouncy Castle crypto /// </summary> /// <param name="subjectName"></param> /// <param name="CaPrivateKey"></param> /// <returns></returns> public static X509Certificate2 CreateCertificateAuthorityCertificate(string subjectName, ref AsymmetricKeyParameter CaPrivateKey) { const int keyStrength = 2048; // Generating Random Numbers CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator(); SecureRandom random = new SecureRandom(randomGenerator); // The Certificate Generator X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); // Serial Number BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Signature Algorithm //const string signatureAlgorithm = "SHA256WithRSA"; //certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); // Issuer and Subject Name X509Name subjectDN = new X509Name(subjectName); X509Name issuerDN = subjectDN; certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); // Valid For DateTime notBefore = DateTime.UtcNow.Date; DateTime notAfter = notBefore.AddYears(2); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key AsymmetricCipherKeyPair subjectKeyPair; KeyGenerationParameters keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // Generating the Certificate AsymmetricCipherKeyPair issuerKeyPair = subjectKeyPair; ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", issuerKeyPair.Private, random); // selfsign certificate Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(signatureFactory); X509Certificate2 x509 = new X509Certificate2(certificate.GetEncoded()); CaPrivateKey = issuerKeyPair.Private; return(x509); //return issuerKeyPair.Private; }
/// <summary> /// Creates a self signed Certificate using Boncy castle crypto /// </summary> /// <param name="request"></param> /// <param name="issuerPrivKey"></param> /// <param name="myPrivateKey"></param> /// <returns></returns> public static X509Certificate2 CreateSelfSignedCertificateBasedOnCertificateAuthorityPrivateKey(APICertificateRequest request, AsymmetricKeyParameter issuerPrivKey, ref AsymmetricKeyParameter myPrivateKey) { const int keyStrength = 4096; // Generating Random Numbers CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator(); SecureRandom random = new SecureRandom(randomGenerator); //ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", issuerPrivKey, random); ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", issuerPrivKey, random); // The Certificate Generator X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage((new List <DerObjectIdentifier>() { new DerObjectIdentifier("1.3.6.1.5.5.7.3.1"), new DerObjectIdentifier("1.3.6.1.5.5.7.3.2") }))); var lExtensions = new List <DerObjectIdentifier>(); if (request.Aspsp) { lExtensions.Add(new DerObjectIdentifier("0.4.0.19495.1.1"));//, PSD2Roles.ASPSP); } if (request.Pisp) { lExtensions.Add(new DerObjectIdentifier("0.4.0.19495.1.2"));//, PSD2Roles.PISP); } if (request.Aisp) { lExtensions.Add(new DerObjectIdentifier("0.4.0.19495.1.3"));//, PSD2Roles.AISP); } if (request.Piisp) { lExtensions.Add(new DerObjectIdentifier("0.4.0.19495.1.4"));//, PSD2Roles.PIISP); } certificateGenerator.AddExtension(X509Extensions.QCStatements, true, new ExtendedKeyUsage(lExtensions)); // Serial Number BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Issuer and Subject Name // build name attributes var nameOids = new ArrayList(); nameOids.Add(X509Name.CN); nameOids.Add(X509Name.O); nameOids.Add(X509Name.OU); nameOids.Add(X509Name.C); nameOids.Add(X509Name.L); nameOids.Add(X509Name.ST); var nameValues = new ArrayList(); nameValues.Add(request.CommonName); nameValues.Add(request.Organization); nameValues.Add(request.OrganizationUnit); nameValues.Add(request.Country); nameValues.Add(request.City); nameValues.Add(request.State); //X509Name subjectDN = new X509Name("CN="+request.CommonName); X509Name subjectDN = new X509Name(nameOids, nameValues); X509Name issuerDN = new X509Name("CN=" + request.CommonName); certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); // Valid For DateTime notBefore = DateTime.UtcNow.Date; DateTime notAfter = notBefore.AddDays(request.Validity); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key AsymmetricCipherKeyPair subjectKeyPair; var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); subjectKeyPair = keyPairGenerator.GenerateKeyPair(); myPrivateKey = subjectKeyPair.Private; certificateGenerator.SetPublicKey(subjectKeyPair.Public); //GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.OtherName, subjectName)); //certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName); // self sign certificate Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(signatureFactory); X509Certificate2 certificate2 = new X509Certificate2(certificate.GetEncoded()); //certificate2.Import(certificate.GetEncoded()); return(certificate2); }