// 自己署名証明書の作成 public Certificate(PrivKey selfSignKey, CertificateOptions options) { X509Name name = options.GenerateName(); X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.SetSerialNumber(new BigInteger(options.Serial.ToArray())); gen.SetIssuerDN(name); gen.SetSubjectDN(name); gen.SetNotBefore(DateTime.Now.AddDays(-1)); gen.SetNotAfter(options.Expires.UtcDateTime); gen.SetPublicKey(selfSignKey.PublicKey.PublicKeyData); X509Extension extConst = new X509Extension(true, new DerOctetString(new BasicConstraints(true))); gen.AddExtension(X509Extensions.BasicConstraints, true, extConst.GetParsedValue()); X509Extension extBasicUsage = new X509Extension(false, new DerOctetString(new KeyUsage(options.KeyUsages))); gen.AddExtension(X509Extensions.KeyUsage, false, extBasicUsage.GetParsedValue()); X509Extension extExtendedUsage = new X509Extension(false, new DerOctetString(new ExtendedKeyUsage(options.ExtendedKeyUsages))); gen.AddExtension(X509Extensions.ExtendedKeyUsage, false, extExtendedUsage.GetParsedValue()); X509Extension altName = new X509Extension(false, new DerOctetString(options.GenerateAltNames())); gen.AddExtension(X509Extensions.SubjectAlternativeName, false, altName.GetParsedValue()); this.CertData = gen.Generate(new Asn1SignatureFactory(options.GetSignatureAlgorithmOid(), selfSignKey.PrivateKeyData.Private, PkiUtil.NewSecureRandom())); InitFields(); }
public static JwsPacket Encapsulate(PrivKey key, string?kid, string nonce, string url, object?payload) { JwsKey jwk = CreateJwsKey(key.PublicKey, out string algName, out string signerName); JwsProtected protect = new JwsProtected() { alg = algName, jwk = kid._IsEmpty() ? jwk : null, kid = kid._IsEmpty() ? null : kid, nonce = nonce, url = url, }; JwsPacket ret = new JwsPacket() { Protected = protect._ObjectToJson(base64url: true, includeNull: true), payload = (payload == null ? "" : payload._ObjectToJson(base64url: true)), }; var signer = key.GetSigner(signerName); byte[] signature = signer.Sign((ret.Protected + "." + ret.payload)._GetBytes_Ascii()); ret.signature = signature._Base64UrlEncode(); return(ret); }
public CertificateStoreContainer(string alias, Certificate[] certList, PrivKey privateKey) { this.Alias = alias; this.PrivateKey = privateKey; foreach (var cert in certList) { this.CertificateList.Add(cert); } }
public static void GenerateEcdsaKeyPair(int bits, out PrivKey privateKey, out PubKey publicKey) { KeyGenerationParameters param = new KeyGenerationParameters(NewSecureRandom(), bits); ECKeyPairGenerator gen = new ECKeyPairGenerator("ECDSA"); gen.Init(param); AsymmetricCipherKeyPair pair = gen.GenerateKeyPair(); privateKey = new PrivKey(pair); publicKey = new PubKey(pair.Public); }
public static void GenerateKeyPair(PkiAlgorithm algorithm, int bits, out PrivKey privateKey, out PubKey publicKey) { switch (algorithm) { case PkiAlgorithm.RSA: GenerateRsaKeyPair(bits, out privateKey, out publicKey); break; case PkiAlgorithm.ECDSA: GenerateEcdsaKeyPair(bits, out privateKey, out publicKey); break; default: throw new ArgumentException("algorithm"); } }
public Csr(PrivKey priv, CertificateOptions options) { X509Name subject = options.GenerateName(); GeneralNames alt = options.GenerateAltNames(); X509Extension altName = new X509Extension(false, new DerOctetString(alt)); List <object> oids = new List <object>() { X509Extensions.SubjectAlternativeName, }; List <object> values = new List <object>() { altName, }; X509Extensions x509exts = new X509Extensions(oids, values); X509Attribute attr = new X509Attribute(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest.Id, new DerSet(x509exts)); AttributePkcs attr2 = new AttributePkcs(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, new DerSet(x509exts)); this.Request = new Pkcs10CertificationRequest(new Asn1SignatureFactory(options.GetSignatureAlgorithmOid(), priv.PrivateKeyData.Private, PkiUtil.NewSecureRandom()), subject, priv.PublicKey.PublicKeyData, new DerSet(attr2)); }
public bool CheckIfPrivateKeyCorrespond(PrivKey privateKey) { return(this.Equals(privateKey.PublicKey)); }
public CertificateStore(ReadOnlySpan <byte> pkcs12, string?password = null) { password = password._NonNull(); // 2019/8/15 to Fix the Linux .NET Core bug: https://github.com/dotnet/corefx/issues/30946 ReadOnlyMemory <byte> pkcs12Normalized = CertificateUtil.NormalizePkcs12MemoryData(pkcs12, password); using (MemoryStream ms = new MemoryStream()) { ms.Write(pkcs12Normalized.Span); ms._SeekToBegin(); Pkcs12Store p12 = new Pkcs12Store(ms, password.ToCharArray()); foreach (object?aliasObject in p12.Aliases) { if (aliasObject != null) { string alias = (string)aliasObject; if (alias._IsNullOrZeroLen() == false) { AsymmetricKeyParameter?privateKeyParam = null; AsymmetricKeyEntry?key = p12.GetKey(alias); if (key != null) { if (key.Key.IsPrivate == false) { throw new ApplicationException("Key.IsPrivate == false"); } privateKeyParam = key.Key; } X509CertificateEntry[] certs = p12.GetCertificateChain(alias); List <Certificate> certList = new List <Certificate>(); if (certs != null) { foreach (X509CertificateEntry cert in certs) { Certificate certObj = new Certificate(cert.Certificate); certList.Add(certObj); } } if (certList.Count >= 1) { PrivKey?privateKey = null; if (privateKeyParam != null) { privateKey = new PrivKey(new AsymmetricCipherKeyPair(certList[0].PublicKey.PublicKeyData, privateKeyParam)); } else { throw new ApplicationException("No private key found."); } CertificateStoreContainer container = new CertificateStoreContainer(alias, certList.ToArray(), privateKey); this.InternalContainers.Add(alias, container); } } } } if (this.InternalContainers.Count == 0) { throw new ApplicationException("There are no certificate aliases in the PKCS#12 file."); } } InitFields(); }
public CertificateStore(Certificate singleCert, PrivKey privateKey) : this(singleCert._SingleList(), privateKey) { }
public CertificateStore(IEnumerable <Certificate> chainedCertList, PrivKey privateKey) { this.InternalContainers.Add("default", new CertificateStoreContainer("default", chainedCertList.ToArray(), privateKey)); InitFields(); }
public CertificateStore(ReadOnlySpan <byte> chainedCertData, PrivKey privateKey) : this(CertificateUtil.ImportChainedCertificates(chainedCertData), privateKey) { }
public virtual async Task <WebRet> RequestWithJwsObject(WebMethods method, PrivKey privKey, string?kid, string nonce, string url, object?payload, CancellationToken cancel = default, string postContentType = Consts.MimeTypes.Json) { JwsPacket reqPacket = JwsUtil.Encapsulate(privKey, kid, nonce, url, payload); return(await this.RequestWithJsonObjectAsync(method, url, reqPacket, cancel, postContentType)); }