コード例 #1
0
        private void Init()
        {
            if (File.Exists(_opts.CaKeyPairSavePath))
            {
                using (var fs = new FileStream(_opts.CaKeyPairSavePath, FileMode.Open))
                {
                    _keyPair = PkiKeyPair.Load(fs);
                }
            }
            if (_keyPair == null)
            {
                switch (_opts.KeyPairAlgorithm)
                {
                case PkiAsymmetricAlgorithm.Rsa:
                    _keyPair = PkiKeyPair.GenerateRsaKeyPair(_opts.BitLength ?? 2048);
                    break;

                case PkiAsymmetricAlgorithm.Ecdsa:
                    _keyPair = PkiKeyPair.GenerateEcdsaKeyPair(_opts.BitLength ?? 256);
                    break;

                default:
                    throw new Exception("unsupported Key Pair Algorithm");
                }

                using (var fs = new FileStream(_opts.CaKeyPairSavePath, FileMode.CreateNew))
                {
                    _keyPair.Save(fs);
                }
            }

            if (File.Exists(_opts.CaCertificateSavePath))
            {
                using (var fs = new FileStream(_opts.CaCertificateSavePath, FileMode.Open))
                {
                    CaCertificate = PkiCertificate.Load(fs);
                }
            }
            if (CaCertificate == null)
            {
                var caCsr = new PkiCertificateSigningRequest(
                    _opts.CaSubjectName, _keyPair, _opts.SignatureHashAlgorithm);
                CaCertificate = caCsr.CreateCa(
                    DateTimeOffset.Now.ToUniversalTime(),
                    DateTimeOffset.Now.AddYears(10).ToUniversalTime());

                using (var fs = new FileStream(_opts.CaCertificateSavePath, FileMode.CreateNew))
                {
                    CaCertificate.Save(fs);
                }
            }
        }
コード例 #2
0
        public void SaveLoadCertificate(PkiAsymmetricAlgorithm algor, int bits)
        {
            var hashAlgor = PkiHashAlgorithm.Sha256;

            var isurName = "CN=SelfSigned";
            var isurKeys = PkiKeyTests.GenerateKeyPair(algor, bits);
            var subjName = "CN=foo.example.com";
            var subjKeys = PkiKeyTests.GenerateKeyPair(algor, bits);
            var isurCsr  = new PkiCertificateSigningRequest(isurName, isurKeys, hashAlgor);
            var subjCsr  = new PkiCertificateSigningRequest(subjName, subjKeys, hashAlgor);

            subjCsr.CertificateExtensions.Add(PkiCertificateExtension.CreateDnsSubjectAlternativeNames(
                                                  new[] {
                "foo-alt1.example.com",
                "foo-alt2.example.com",
            }
                                                  ));

            var selfOut = Path.Combine(_testTemp,
                                       $"certsave-{algor}-{bits}-{hashAlgor}-self.ser");
            var signedOut = Path.Combine(_testTemp,
                                         $"certsave-{algor}-{bits}-{hashAlgor}-signed.ser");

            var isurCert = isurCsr.CreateCa(
                DateTime.Now.AddMonths(-5),
                DateTime.Now.AddMonths(5));

            var subjCert = subjCsr.Create(isurCert, isurKeys.PrivateKey,
                                          DateTime.Now.AddMonths(-1),
                                          DateTime.Now.AddMonths(1), new[] { (byte)0x2b });

            using (var ms = new MemoryStream())
            {
                isurCert.Save(ms);
                File.WriteAllBytes(selfOut, ms.ToArray());
            }
            using (var ms = new MemoryStream())
            {
                subjCert.Save(ms);
                File.WriteAllBytes(signedOut, ms.ToArray());
            }

            PkiCertificate isurCert2;
            PkiCertificate subjCert2;

            using (var fs = new FileStream(selfOut, FileMode.Open))
                isurCert2 = PkiCertificate.Load(fs);
            using (var fs = new FileStream(signedOut, FileMode.Open))
                subjCert2 = PkiCertificate.Load(fs);

            var bclIsur  = isurCert.ToBclCertificate();
            var bclSubj  = subjCert.ToBclCertificate();
            var bclIsur2 = isurCert2.ToBclCertificate();
            var bclSubj2 = subjCert2.ToBclCertificate();

            Assert.AreEqual(bclIsur.GetSerialNumberString(),
                            bclIsur2.GetSerialNumberString(), "Issuer Serial Number");
            Assert.AreEqual(bclIsur.GetCertHashString(),
                            bclIsur2.GetCertHashString(), "Issuer Hash");
            Assert.AreEqual(bclIsur.GetRawCertDataString(),
                            bclIsur2.GetRawCertDataString(), "Issuer Raw Data");

            Assert.AreEqual(bclSubj.GetSerialNumberString(),
                            bclSubj2.GetSerialNumberString(), "Subject Serial Number");
            Assert.AreEqual(bclSubj.GetCertHashString(),
                            bclSubj2.GetCertHashString(), "Subject Hash");
            Assert.AreEqual(bclSubj.GetRawCertDataString(),
                            bclSubj2.GetRawCertDataString(), "Subject Raw Data");
        }