public void CanAddExtensions() { var extList = new List <X509V3ExtensionValue> { new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash"), new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always"), new X509V3ExtensionValue("basicConstraints", true, "critical,CA:true"), new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"), }; var start = DateTime.Now; var end = start + TimeSpan.FromMinutes(10); using (var key = new CryptoKey(new DSA(true))) using (var cert = new X509Certificate(101, "CN=Root", "CN=Root", key, start, end)) { foreach (var extValue in extList) { using (var ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value)) { cert.AddExtension(ext); } } foreach (var ext in cert.Extensions) { Console.WriteLine(ext); } Assert.AreEqual(extList.Count, cert.Extensions.Count); } }
public void CanAddExtensions() { X509V3ExtensionList extList = new X509V3ExtensionList(); extList.Add(new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash")); extList.Add(new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always")); extList.Add(new X509V3ExtensionValue("basicConstraints", true, "critical,CA:true")); extList.Add(new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign")); DateTime start = DateTime.Now; DateTime end = start + TimeSpan.FromMinutes(10); CryptoKey key = new CryptoKey(new DSA(true)); using (X509Certificate cert = new X509Certificate(101, "CN=Root", "CN=Root", key, start, end)) { foreach (X509V3ExtensionValue extValue in extList) { using (X509Extension ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value)) { cert.AddExtension(ext); } } foreach (X509Extension ext in cert.Extensions) { Console.WriteLine(ext); } Assert.AreEqual(extList.Count, cert.Extensions.Count); } }
public FileInfo SignCertFromRequest(Byte[] requestData, Boolean ca) { FileInfo file = null; using (BIO bio = new BIO(requestData)) using (X509Request request = new X509Request(bio)) { file = new FileInfo(Path.Combine(certDir.FullName, request.Subject.Common + ".cer")); using (X509Certificate certificate = RootCA.ProcessRequest(request, DateTime.Now.AddHours(-24), DateTime.Now + TimeSpan.FromDays(365), MessageDigest.SHA1)) { if (ca) { certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "basicConstraints", true, "CA:true")); certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "keyUsage", true, "critical, cRLSign, keyCertSign, digitalSignature")); certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "certificatePolicies", true, "2.5.29.32.0")); } else { certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "basicConstraints", true, "CA:false")); } certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "issuerAltName", true, "issuer:copy")); certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "nsComment", true, "IAM Tester Generated Certificate")); certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectKeyIdentifier", true, "hash")); certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "authorityKeyIdentifier", true, "keyid,issuer:always")); certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectAltName", true, "DNS:" + request.Subject.Common)); certificate.Sign(RootCA.Key, MessageDigest.SHA1); using (FileStream fs = new FileStream(file.FullName, FileMode.Create, FileAccess.ReadWrite)) using (BinaryWriter bw = new BinaryWriter(fs)) using (BIO bio2 = BIO.MemoryBuffer()) { certificate.Write(bio2); Byte[] certData = bio2.ReadBytes((Int32)bio2.NumberWritten).Array; bw.Write(certData); bw.Close(); } //Para atualizar com o tamanho e outros dados do arquivo file = new FileInfo(file.FullName); } } return(file); }
/// <summary> /// Factory method that creates a X509CertificateAuthority instance with /// an internal self signed certificate. This method allows creation without /// the need for the Configuration file, X509V3Extensions may be added /// with the X509V3ExtensionList parameter /// </summary> /// <param name="seq"></param> /// <param name="key"></param> /// <param name="digest"></param> /// <param name="subject"></param> /// <param name="start"></param> /// <param name="validity"></param> /// <param name="extensions"></param> /// <returns></returns> public static X509CertificateAuthority SelfSigned( ISequenceNumber seq, CryptoKey key, MessageDigest digest, X509Name subject, DateTime start, TimeSpan validity, IEnumerable<X509V3ExtensionValue> extensions) { var cert = new X509Certificate( seq.Next(), subject, subject, key, start, start + validity); if (extensions != null) { foreach (var extValue in extensions) { using (var ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value)) { cert.AddExtension(ext); } } } cert.Sign(key, digest); return new X509CertificateAuthority(cert, key, seq); }
/// <summary> /// Factory method that creates a X509CertificateAuthority instance with /// an internal self signed certificate. This method allows creation without /// the need for the Configuration file, X509V3Extensions may be added /// with the X509V3ExtensionList parameter /// </summary> /// <param name="seq"></param> /// <param name="key"></param> /// <param name="digest"></param> /// <param name="subject"></param> /// <param name="start"></param> /// <param name="validity"></param> /// <param name="extensions"></param> /// <returns></returns> public static X509CertificateAuthority SelfSigned( ISequenceNumber seq, CryptoKey key, MessageDigest digest, X509Name subject, DateTime start, TimeSpan validity, X509V3ExtensionList extensions) { X509Certificate cert = new X509Certificate( seq.Next(), subject, subject, key, start, start + validity); if (null != extensions) { foreach (X509V3ExtensionValue extValue in extensions) { X509Extension ext = new X509Extension(cert, cert, extValue.Name, extValue.IsCritical, extValue.Value); cert.AddExtension(ext); } } cert.Sign(key, digest); return new X509CertificateAuthority(cert, key, seq, null); }
public String SignCert(X509Name Name, Boolean ca, subjectAltName altNames, Boolean saveFile, DateTime?expirationDate) { String certData = ""; FileInfo file = new FileInfo(Path.Combine(certDir.FullName, Name.Common + ".pfx")); using (CryptoKey key = CreateNewRSAKey(4096)) { int version = 2; // Version 2 is X.509 Version 3 using (X509Request request = new X509Request(version, Name, key)) using (X509Certificate certificate = RootCA.ProcessRequest(request, DateTime.Now.AddHours(-24), (expirationDate.HasValue ? expirationDate.Value : DateTime.Now + TimeSpan.FromDays(365)), MessageDigest.SHA1)) { if (ca) { certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "basicConstraints", true, "CA:true")); certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "keyUsage", true, "critical, cRLSign, keyCertSign, digitalSignature")); certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "certificatePolicies", true, "2.5.29.32.0")); } else { certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "basicConstraints", true, "CA:false")); } certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "issuerAltName", true, "issuer:copy")); certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "nsComment", true, "SafeID - IAM Generated Certificate")); certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectKeyIdentifier", true, "hash")); certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "authorityKeyIdentifier", true, "keyid,issuer:always")); //certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectAltName", true, "DNS:" + Name.Common)); if (altNames != null) { foreach (Uri u in altNames.Uri) { certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectAltName", true, "URI:" + u.AbsoluteUri.ToLower())); } foreach (String m in altNames.Mail) { certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectAltName", true, "email:" + m)); } foreach (String s in altNames.Dns) { certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectAltName", true, "DNS:" + s)); } foreach (String s in altNames.Text) { certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectAltName", true, "otherName:1.2.3.4;UTF8:" + s)); } } /* * subjectAltName=email:copy,email:[email protected],URI:http://my.url.here/ * subjectAltName=IP:192.168.7.1 * subjectAltName=IP:13::17 * subjectAltName=email:[email protected],RID:1.2.3.4 * subjectAltName=otherName:1.2.3.4;UTF8:some other identifier*/ //certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "keyUsage", true, "nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, encipherOnly, decipherOnly, keyAgreement")); //certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "extendedKeyUsage", true, "clientAuth")); //certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "crlDistributionPoints", true, "URI:http://ok/certEnroll/ok-ca.crl")); certificate.Sign(RootCA.Key, MessageDigest.SHA1); if (saveFile) { certData = BuildPKCS12AndSave(file.FullName, this.signedPassword, key, certificate); } else { certData = BuildPKCS12(this.signedPassword, key, certificate); } } } return(certData); }