private static byte[] ExportCertificate(X509Certificate certificate, AsymmetricCipherKeyPair subjectKeyPair, TCertificateFormat certificateFormat)
{
byte[] result = null;
switch (certificateFormat)
{
case TCertificateFormat.NotSet:
break;
case TCertificateFormat.PEM:
using (MemoryStream stream = new MemoryStream())
{
using (StreamWriter writer = new StreamWriter(stream))
{
Org.BouncyCastle.Utilities.IO.Pem.PemWriter pemWriter = new Org.BouncyCastle.Utilities.IO.Pem.PemWriter(writer);
if (subjectKeyPair.Private is ECKeyParameters)
{
ECPrivateKeyParameters priv = (ECPrivateKeyParameters)subjectKeyPair.Private;
ECDomainParameters dp = priv.Parameters;
int orderBitLength = dp.N.BitLength;
Org.BouncyCastle.Asn1.Sec.ECPrivateKeyStructure ec;
Org.BouncyCastle.Asn1.X9.X962Parameters x962;
if (priv.PublicKeyParamSet == null)
{
Org.BouncyCastle.Asn1.X9.X9ECParameters ecP = new Org.BouncyCastle.Asn1.X9.X9ECParameters(dp.Curve, dp.G, dp.N, dp.H, dp.GetSeed());
x962 = new Org.BouncyCastle.Asn1.X9.X962Parameters(ecP);
}
else
{
x962 = new Org.BouncyCastle.Asn1.X9.X962Parameters(priv.PublicKeyParamSet);
}
ec = new Org.BouncyCastle.Asn1.Sec.ECPrivateKeyStructure(orderBitLength, priv.D, SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public).PublicKeyData, x962);
pemWriter.WriteObject(new Org.BouncyCastle.Utilities.IO.Pem.PemObject("EC PRIVATE KEY", ec.GetEncoded()));
}
else
{
pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(subjectKeyPair.Private));
}
pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(subjectKeyPair.Public));
pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(certificate));
writer.Flush();
result = stream.ToArray();
}
}
break;
case TCertificateFormat.PFX:
//Asn1Sequence asn1Sequence = Asn1Sequence.GetInstance(Asn1Object.FromByteArray(certificate.GetEncoded()));
//asn1Sequence.GetObjects
//Org.BouncyCastle.Asn1.Pkcs.Pfx pfx = new Org.BouncyCastle.Asn1.Pkcs.Pfx();
//Org.BouncyCastle.Asn1.Pkcs.PrivateKeyInfo info = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
//result = pfx.GetEncoded(Asn1Encodable.Der);
break;
case TCertificateFormat.CER:
result = certificate.GetEncoded();
break;
default:
break;
}
return result;
}
private static byte[] ExportCertificate(X509Certificate certificate, AsymmetricCipherKeyPair subjectKeyPair, TCertificateFormat certificateFormat)
{
byte[] result = null;
switch (certificateFormat)
{
case TCertificateFormat.NotSet:
break;
case TCertificateFormat.PEM:
using (MemoryStream stream = new MemoryStream())
{
using (StreamWriter writer = new StreamWriter(stream))
{
Org.BouncyCastle.Utilities.IO.Pem.PemWriter pemWriter = new Org.BouncyCastle.Utilities.IO.Pem.PemWriter(writer);
if (subjectKeyPair.Private is ECKeyParameters)
{
ECPrivateKeyParameters priv = (ECPrivateKeyParameters)subjectKeyPair.Private;
ECDomainParameters dp = priv.Parameters;
int orderBitLength = dp.N.BitLength;
Org.BouncyCastle.Asn1.Sec.ECPrivateKeyStructure ec;
Org.BouncyCastle.Asn1.X9.X962Parameters x962;
if (priv.PublicKeyParamSet == null)
{
Org.BouncyCastle.Asn1.X9.X9ECParameters ecP = new Org.BouncyCastle.Asn1.X9.X9ECParameters(dp.Curve, dp.G, dp.N, dp.H, dp.GetSeed());
x962 = new Org.BouncyCastle.Asn1.X9.X962Parameters(ecP);
}
else
{
x962 = new Org.BouncyCastle.Asn1.X9.X962Parameters(priv.PublicKeyParamSet);
}
ec = new Org.BouncyCastle.Asn1.Sec.ECPrivateKeyStructure(orderBitLength, priv.D, SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public).PublicKeyData, x962);
pemWriter.WriteObject(new Org.BouncyCastle.Utilities.IO.Pem.PemObject("EC PRIVATE KEY", ec.GetEncoded()));
}
else
{
pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(subjectKeyPair.Private));
}
pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(subjectKeyPair.Public));
pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(certificate));
writer.Flush();
result = stream.ToArray();
}
}
break;
case TCertificateFormat.PFX:
//Asn1Sequence asn1Sequence = Asn1Sequence.GetInstance(Asn1Object.FromByteArray(certificate.GetEncoded()));
//asn1Sequence.GetObjects
//Org.BouncyCastle.Asn1.Pkcs.Pfx pfx = new Org.BouncyCastle.Asn1.Pkcs.Pfx();
//Org.BouncyCastle.Asn1.Pkcs.PrivateKeyInfo info = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
//result = pfx.GetEncoded(Asn1Encodable.Der);
break;
case TCertificateFormat.CER:
result = certificate.GetEncoded();
break;
default:
break;
}
return(result);
}
public static CertificateInfo GetCertificateInfo(byte[] certificate, TCertificateFormat certificateFormat)
{
CertificateInfo result = null;
X509CertificateStructure cert = null;
switch (certificateFormat)
{
case TCertificateFormat.NotSet:
break;
case TCertificateFormat.PEM:
Org.BouncyCastle.Utilities.IO.Pem.PemReader reader = new Org.BouncyCastle.Utilities.IO.Pem.PemReader(new StreamReader(new MemoryStream(certificate)));
Org.BouncyCastle.Utilities.IO.Pem.PemObject pem = reader.ReadPemObject();
while (pem != null)
{
if (pem.Type.EndsWith("CERTIFICATE"))
{
cert = X509CertificateStructure.GetInstance(pem.Content);
}
else if (pem.Type.EndsWith("PRIVATE KEY"))
{
if (result == null)
{
result = new CertificateInfo();
}
result.PrivateKey = GetPrivateKeyFromPEM(pem);
}
pem = reader.ReadPemObject();
}
break;
case TCertificateFormat.PFX:
break;
case TCertificateFormat.CER:
cert = X509CertificateStructure.GetInstance(certificate);
break;
default:
break;
}
if (cert != null)
{
if (result == null)
{
result = new CertificateInfo();
}
result.Subject = new CertificateSubject(cert);
X509Certificate certX509 = new X509Certificate(cert);
Asn1OctetString subjectKeyID = certX509.GetExtensionValue(X509Extensions.SubjectKeyIdentifier);
if (subjectKeyID != null)
{
byte[] encodeKeyID = subjectKeyID.GetOctets();
byte[] keyID = new byte[encodeKeyID[1]];
Buffer.BlockCopy(encodeKeyID, 2, keyID, 0, encodeKeyID[1]);
result.SubjectKeyID = keyID;
}
}
return(result);
}
public static byte[] GenerateRootCACertificate(CertificateSubject subject, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
{
byte[] result = null;
SecureRandom random = Porthelp.CreateSecureRandom();
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
AddStandardCertificateInfo(certificateGenerator, random, subject, subject, startDate, expiryDate);
AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);
certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
byte[] subjectKeyID = new byte[20];
random.NextBytes(subjectKeyID, 0, 20);
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectKeyID));
string algorithm = GetAlgorithm(signatureAlgorithm);
// selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, subjectKeyPair.Private, random));
result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
return(result);
}
public static byte[] GenerateCertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
{
byte[] result = null;
AsymmetricKeyParameter privateKey = issuer.PrivateKey as AsymmetricKeyParameter;
if (privateKey != null)
{
SecureRandom random = Porthelp.CreateSecureRandom();
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);
string algorithm = GetAlgorithm(signatureAlgorithm);
certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth }));
byte[] subjectKeyID = new byte[20];
random.NextBytes(subjectKeyID, 0, 20);
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
if (issuer.SubjectKeyID != null)
{
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
}
//if ((subject.AlternativeNames != null) && (subject.AlternativeNames.Count > 0))
//{
// certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new SubjectAlternativeNames(false));
// //SubjectAlternativeName
// //GeneralName.DirectoryName
// //GeneralName.IPAddress
//}
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));
result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
}
return(result);
}
private static byte[] ExportCertificate(X509Certificate certificate, AsymmetricCipherKeyPair subjectKeyPair, TCertificateFormat certificateFormat)
{
if (certificate == null)
{
throw new ArgumentNullException(nameof(certificate));
}
if (subjectKeyPair == null)
{
throw new ArgumentNullException(nameof(subjectKeyPair));
}
byte[] result = null;
switch (certificateFormat)
{
case TCertificateFormat.NotSet:
{
break;
}
case TCertificateFormat.PEM:
{
using (var stream = new MemoryStream())
{
using (var writer = new StreamWriter(stream))
{
var pemWriter = new PemWriter(writer);
if (subjectKeyPair.Private is ECKeyParameters)
{
var priv = (ECPrivateKeyParameters)subjectKeyPair.Private;
var dp = priv.Parameters;
var orderBitLength = dp.N.BitLength;
ECPrivateKeyStructure ec;
X962Parameters x962;
if (priv.PublicKeyParamSet == null)
{
var ecP = new X9ECParameters(dp.Curve, dp.G, dp.N, dp.H, dp.GetSeed());
x962 = new X962Parameters(ecP);
}
else
{
x962 = new X962Parameters(priv.PublicKeyParamSet);
}
ec = new ECPrivateKeyStructure(orderBitLength, priv.D, SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public).PublicKeyData, x962);
pemWriter.WriteObject(new Org.BouncyCastle.Utilities.IO.Pem.PemObject("EC PRIVATE KEY", ec.GetEncoded()));
}
else
{
pemWriter.WriteObject(new MiscPemGenerator(subjectKeyPair.Private));
}
pemWriter.WriteObject(new MiscPemGenerator(subjectKeyPair.Public));
pemWriter.WriteObject(new MiscPemGenerator(certificate));
writer.Flush();
result = stream.ToArray();
}
}
}
break;
case TCertificateFormat.PFX:
{
//Asn1Sequence asn1Sequence = Asn1Sequence.GetInstance(Asn1Object.FromByteArray(certificate.GetEncoded()));
//asn1Sequence.GetObjects
//Org.BouncyCastle.Asn1.Pkcs.Pfx pfx = new Org.BouncyCastle.Asn1.Pkcs.Pfx();
//Org.BouncyCastle.Asn1.Pkcs.PrivateKeyInfo info = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
//result = pfx.GetEncoded(Asn1Encodable.Der);
break;
}
case TCertificateFormat.CER:
{
result = certificate.GetEncoded();
break;
}
default:
{
break;
}
}
return(result);
}
public static CertificateInfo GetCertificateInfo(byte[] certificate, TCertificateFormat certificateFormat)
{
if (certificate == null)
{
throw new ArgumentNullException(nameof(certificate));
}
CertificateInfo result = null;
X509CertificateStructure cert = null;
switch (certificateFormat)
{
case TCertificateFormat.NotSet:
{
break;
}
case TCertificateFormat.PEM:
{
var reader = new PemReader(new StreamReader(new MemoryStream(certificate)));
var pem = reader.ReadPemObject();
while (pem != null)
{
if (pem.Type.EndsWith("CERTIFICATE"))
{
cert = X509CertificateStructure.GetInstance(pem.Content);
}
else if (pem.Type.EndsWith("PRIVATE KEY"))
{
if (result == null)
{
result = new CertificateInfo();
}
result.PrivateKey = GetPrivateKeyFromPEM(pem);
}
pem = reader.ReadPemObject();
}
break;
}
case TCertificateFormat.PFX:
{
break;
}
case TCertificateFormat.CER:
{
cert = X509CertificateStructure.GetInstance(certificate);
break;
}
default:
{
break;
}
}
if (cert != null)
{
if (result == null)
{
result = new CertificateInfo();
}
result.Subject = new CertificateSubject(cert);
var certX509 = new X509Certificate(cert);
var subjectKeyID = certX509.GetExtensionValue(X509Extensions.SubjectKeyIdentifier);
if (subjectKeyID != null)
{
var encodeKeyID = subjectKeyID.GetOctets();
var keyID = new byte[encodeKeyID[1]];
Buffer.BlockCopy(encodeKeyID, 2, keyID, 0, encodeKeyID[1]);
result.SubjectKeyID = keyID;
}
}
return(result);
}
public static byte[] GenerateRootCACertificate(CertificateSubject subject, DateTime startDate, DateTime expiryDate,
SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
{
if (subject == null)
{
throw new ArgumentNullException(nameof(subject));
}
if (signatureAlgorithm == null)
{
throw new ArgumentNullException(nameof(signatureAlgorithm));
}
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
var certificateGenerator = new X509V3CertificateGenerator();
AddStandardCertificateInfo(certificateGenerator, random, subject, subject, startDate, expiryDate);
var subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);
certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
var subjectKeyID = new byte[20];
random.NextBytes(subjectKeyID, 0, 20);
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectKeyID));
var algorithm = GetAlgorithm(signatureAlgorithm);
// selfsign certificate
var certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, subjectKeyPair.Private, random));
return(ExportCertificate(certificate, subjectKeyPair, certificateFormat));
}
public static byte[] GenerateCertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate,
DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
{
if (subject == null)
{
throw new ArgumentNullException(nameof(subject));
}
if (issuer == null)
{
throw new ArgumentNullException(nameof(issuer));
}
if (signatureAlgorithm == null)
{
throw new ArgumentNullException(nameof(issuer));
}
if (!(issuer.PrivateKey is AsymmetricKeyParameter privateKey))
{
return(null);
}
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
var certificateGenerator = new X509V3CertificateGenerator();
AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
var subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);
var algorithm = GetAlgorithm(signatureAlgorithm);
certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth }));
var subjectKeyID = new byte[20];
random.NextBytes(subjectKeyID, 0, 20);
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
if (issuer.SubjectKeyID != null)
{
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
}
//if ((subject.AlternativeNames != null) && (subject.AlternativeNames.Count > 0))
//{
// certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new SubjectAlternativeNames(false));
// //SubjectAlternativeName
// //GeneralName.DirectoryName
// //GeneralName.IPAddress
//}
var certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));
return(ExportCertificate(certificate, subjectKeyPair, certificateFormat));
}
public static byte[] GenerateIntermediateCACertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
{
byte[] result = null;
AsymmetricKeyParameter privateKey = issuer.PrivateKey as AsymmetricKeyParameter;
if (privateKey != null)
{
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(randomGenerator);
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);
certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
byte[] subjectKeyID = new byte[20];
random.NextBytes(subjectKeyID, 0, 20);
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
if (issuer.SubjectKeyID != null)
{
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
}
string algorithm = GetAlgorithm(signatureAlgorithm);
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));
result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
}
return(result);
}
public static CertificateInfo GetCertificateInfo(byte[] certificate, TCertificateFormat certificateFormat)
{
CertificateInfo result = null;
X509CertificateStructure cert = null;
switch (certificateFormat)
{
case TCertificateFormat.NotSet:
break;
case TCertificateFormat.PEM:
Org.BouncyCastle.Utilities.IO.Pem.PemReader reader = new Org.BouncyCastle.Utilities.IO.Pem.PemReader(new StreamReader(new MemoryStream(certificate)));
Org.BouncyCastle.Utilities.IO.Pem.PemObject pem = reader.ReadPemObject();
while (pem != null)
{
if (pem.Type.EndsWith("CERTIFICATE"))
{
cert = X509CertificateStructure.GetInstance(pem.Content);
}
else if (pem.Type.EndsWith("PRIVATE KEY"))
{
if (result == null)
result = new CertificateInfo();
result.PrivateKey = GetPrivateKeyFromPEM(pem);
}
pem = reader.ReadPemObject();
}
break;
case TCertificateFormat.PFX:
break;
case TCertificateFormat.CER:
cert = X509CertificateStructure.GetInstance(certificate);
break;
default:
break;
}
if (cert != null)
{
if (result == null)
result = new CertificateInfo();
result.Subject = new CertificateSubject(cert);
X509Certificate certX509 = new X509Certificate(cert);
Asn1OctetString subjectKeyID = certX509.GetExtensionValue(X509Extensions.SubjectKeyIdentifier);
if (subjectKeyID != null)
{
byte[] encodeKeyID = subjectKeyID.GetOctets();
byte[] keyID = new byte[encodeKeyID[1]];
Buffer.BlockCopy(encodeKeyID, 2, keyID, 0, encodeKeyID[1]);
result.SubjectKeyID = keyID;
}
}
return result;
}
public static byte[] GenerateRootCACertificate(CertificateSubject subject, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
{
byte[] result = null;
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(randomGenerator);
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
AddStandardCertificateInfo(certificateGenerator, random, subject, subject, startDate, expiryDate);
AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);
certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
byte[] subjectKeyID = new byte[20];
random.NextBytes(subjectKeyID, 0, 20);
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectKeyID));
string algorithm = GetAlgorithm(signatureAlgorithm);
// selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, subjectKeyPair.Private, random));
result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
return result;
}
public static byte[] GenerateCertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
{
byte[] result = null;
AsymmetricKeyParameter privateKey = issuer.PrivateKey as AsymmetricKeyParameter;
if (privateKey != null)
{
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(randomGenerator);
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);
string algorithm = GetAlgorithm(signatureAlgorithm);
certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth }));
byte[] subjectKeyID = new byte[20];
random.NextBytes(subjectKeyID, 0, 20);
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
if (issuer.SubjectKeyID != null)
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
//if ((subject.AlternativeNames != null) && (subject.AlternativeNames.Count > 0))
//{
// certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new SubjectAlternativeNames(false));
// //SubjectAlternativeName
// //GeneralName.DirectoryName
// //GeneralName.IPAddress
//}
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));
result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
}
return result;
}
