public string GetAsnFormattedData() { CertificateAuthority.Models.Asn1Functions.Asn1Functions asnFnc = new CertificateAuthority.Models.Asn1Functions.Asn1Functions(); Oid oidObj = new Oid("2.5.29.31"); byte[] rawExtensionData = System.IO.File.ReadAllBytes(@"F:\DevGit\certs\csharptest\encodingusinglib\crltext-base64decode-bytes1.txt"); return(asnFnc.FormatNative(oidObj, rawExtensionData, true)); }
//public string AsnFormattedDataFromByteArray(string Oid, byte[] RawExtensionData) public string AsnFormattedDataFromFile([FromBody] AsnEncodedFileLocation F) { Oid oidObj = new Oid(F.Oid); CertificateAuthority.Models.Asn1Functions.Asn1Functions asnFnc = new CertificateAuthority.Models.Asn1Functions.Asn1Functions(); byte[] rawExtensionData = System.IO.File.ReadAllBytes($@"{F.FilePath}"); return(asnFnc.FormatNative(oidObj, rawExtensionData, true)); }
//public string AsnFormattedDataFromByteArray(string Oid, byte[] RawExtensionData) public string AsnFormattedDataFromBase64String([FromBody] AsnEncodedDataClass A) { Oid oidObj = new Oid(A.Oid); CertificateAuthority.Models.Asn1Functions.Asn1Functions asnFnc = new CertificateAuthority.Models.Asn1Functions.Asn1Functions(); byte[] rawExtensionData = System.Convert.FromBase64String(A.Base64ExtensionData); //byte[] rawExtensionData = System.IO.File.ReadAllBytes(@"F:\DevGit\certs\csharptest\encodingusinglib\crltext-base64decode-bytes1.txt"); return(asnFnc.FormatNative(oidObj, rawExtensionData, true)); }
public X509Certificate2 CreateAndSignClientCert(string subjectName, X509Certificate2 signingCertificate, int keySize, HashAlgorithmName hash, int validDays, bool useCrl, string[] crlUri) { if (signingCertificate == null) { throw new ArgumentNullException(nameof(signingCertificate)); } if (!signingCertificate.HasPrivateKey) { throw new Exception("Signing cert must have private key"); } if (string.IsNullOrEmpty(subjectName)) { throw new ArgumentException($"{nameof(subjectName)} must be a valid DNS name", nameof(subjectName)); } //if (UriHostNameType.Unknown == Uri.CheckHostName(subjectName)) //{ // throw new ArgumentException("Must be a valid DNS name", nameof(subjectName)); //} X500DistinguishedName dn = new X500DistinguishedName($"CN={subjectName}"); RSA key = GenerateRsaKey(keySize); CertificateRequest request = CreateRsaCertificateRequest(dn, hash, key); //using (var ecdsa = ECDsa.Create("ECDsa")) //{ //ecdsa.KeySize = 256; //var request = new CertificateRequest( // $"CN={subjectName}", // ecdsa, // HashAlgorithmName.SHA256); // set basic certificate contraints request.CertificateExtensions.Add( new X509BasicConstraintsExtension(false, false, 0, true)); // key usage: Digital Signature and Key Encipherment request.CertificateExtensions.Add( new X509KeyUsageExtension( X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment, true)); // set the AuthorityKeyIdentifier. There is no built-in // support, so it needs to be copied from the Subject Key // Identifier of the signing certificate and massaged slightly. // AuthorityKeyIdentifier is "KeyID=<subject key identifier>" //x509 // TEMPORARILY REMOVING - PLAN TO ADD BACK //var issuerSubjectKey = signingCertificate.Extensions["Subject Key Identifier"].RawData; //var segment = new ArraySegment<byte>(issuerSubjectKey, 2, issuerSubjectKey.Length - 2); //var authorityKeyIdentifer = new byte[segment.Count + 4]; //// these bytes define the "KeyID" part of the AuthorityKeyIdentifer //authorityKeyIdentifer[0] = 0x30; //authorityKeyIdentifer[1] = 0x16; //authorityKeyIdentifer[2] = 0x80; //authorityKeyIdentifer[3] = 0x14; //segment.CopyTo(authorityKeyIdentifer, 4); //request.CertificateExtensions.Add(new X509Extension("2.5.29.35", authorityKeyIdentifer, false)); //request.CertificateExtensions.Add(new X509Extension //X509Extension("2.5.29.31", crlUri, false)); //string crlUri = "http://dev-11.observicing.net/crl/new-auto-root-ca.crl"; // add oid for cert revocation list if (useCrl) { //byte[] crlBytes = Encoding.ASCII.GetBytes(crlUri); //byte[] oidBytes = System.IO.File.ReadAllBytes(@"F:\DevGit\certs\csharptest\crloid.txt"); // WORKS! //byte[] oidBytes = System.IO.File.ReadAllBytes(@"F:\DevGit\certs\csharptest\crloid-modified.txt"); CertificateAuthority.Models.Asn1Functions.Asn1Functions asnFnc = new CertificateAuthority.Models.Asn1Functions.Asn1Functions(); Oid crlOid = new Oid("2.5.29.31"); byte[] oidBytes = System.Convert.FromBase64String(asnFnc.EncodeCrlExtensionData(crlUri)); AsnEncodedData enc = new AsnEncodedData(crlOid, oidBytes); //request.CertificateExtensions.Add(new X509Extension(enc, false)); //X509CrlExtensionInputData crlExt = new X509CrlExtensionInputData(); //crlExt.CrlLocations = crlUri; request.CertificateExtensions.Add(new X509Extension(enc, false)); } //AsnEncodedData // DPS samples create certs with the device name as a SAN name // in addition to the subject name var sanBuilder = new SubjectAlternativeNameBuilder(); sanBuilder.AddDnsName(subjectName); var sanExtension = sanBuilder.Build(); request.CertificateExtensions.Add(sanExtension); // Enhanced key usages request.CertificateExtensions.Add( new X509EnhancedKeyUsageExtension( new OidCollection { new Oid("1.3.6.1.5.5.7.3.2"), // TLS Client auth new Oid("1.3.6.1.5.5.7.3.1") // TLS Server auth }, false)); // add this subject key identifier request.CertificateExtensions.Add( new X509SubjectKeyIdentifierExtension(request.PublicKey, false)); // certificate expiry: Valid from Yesterday to Now+365 days // Unless the signing cert's validity is less. It's not possible // to create a cert with longer validity than the signing cert. var notbefore = DateTimeOffset.UtcNow.AddDays(-1); if (notbefore < signingCertificate.NotBefore) { notbefore = new DateTimeOffset(signingCertificate.NotBefore); } var notafter = DateTimeOffset.UtcNow.AddDays(validDays); if (notafter > signingCertificate.NotAfter) { notafter = new DateTimeOffset(signingCertificate.NotAfter); } // cert serial is the epoch/unix timestamp var epoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); var unixTime = Convert.ToInt64((DateTime.UtcNow - epoch).TotalSeconds); var serial = BitConverter.GetBytes(unixTime); // create and return the generated and signed using (var cert = request.Create( signingCertificate, notbefore, notafter, serial)) { return(cert.CopyWithPrivateKey(key)); } //} }
public string ConvertToBase64X509CrlExtensionData([FromBody] X509CrlExtensionInputData D) { CertificateAuthority.Models.Asn1Functions.Asn1Functions asnFnc = new CertificateAuthority.Models.Asn1Functions.Asn1Functions(); return(asnFnc.EncodeCrlExtensionData(D.CrlLocations)); }