public static Dictionary <string, List <string> > ParseX509Name(X509Name x509Name)
{
if (x509Name == null)
{
throw new ArgumentNullException("x509Name");
}
Dictionary <string, List <string> > parts = new Dictionary <string, List <string> >();
IList oidList = x509Name.GetOidList();
IList valueList = x509Name.GetValueList();
for (int i = 0; i < oidList.Count; i++)
{
DerObjectIdentifier oid = oidList[i] as DerObjectIdentifier;
string value = valueList[i] as string;
if (!parts.ContainsKey(oid.Id))
{
parts.Add(oid.Id, new List <string>()
{
value
});
}
else
{
parts[oid.Id].Add(value);
}
}
return(parts);
}
public static byte[] ExportPfx(byte[] pemCert, byte[] pemPrivateKey)
{
var parsedCert = new X509CertificateParser().ReadCertificate(pemCert);
using var privateStream = new MemoryStream(pemPrivateKey);
using var privateReader = new StreamReader(privateStream);
var reader = new PemReader(privateReader);
var keyPair = reader.ReadObject() as AsymmetricCipherKeyPair;
if (keyPair == null)
{
throw new Exception("Could not read key pair from provided private key bytes");
}
var x509Name = new X509Name(parsedCert.SubjectDN.ToString());
var alias = (x509Name.GetValueList(X509Name.CN)?[0] ?? parsedCert.SubjectDN.ToString()) as string;
var store = new Pkcs12StoreBuilder().Build();
store.SetKeyEntry(alias, new AsymmetricKeyEntry(keyPair.Private), new[] { new X509CertificateEntry(parsedCert) });
using var ms = new MemoryStream();
store.Save(ms, new char[0], new SecureRandom());
ms.Seek(0, SeekOrigin.Begin);
return(ms.ToArray());
}
public static X509Certificate2 CreateSigned(string subjectDN, DateTime effectiveDate, DateTime expirationDate, List <Uri> crlUrls, X509Certificate2 certificateAuthority, List <X509KeyUsageFlags> keyUsages = null)
{
Org.BouncyCastle.X509.X509Certificate caCert = DotNetUtilities.FromX509Certificate(certificateAuthority);
AsymmetricCipherKeyPair keyPair = CreateRSAKeyPair();
X509Name x509SubjectDN = new X509Name(subjectDN);
X509Certificate2 rtnCert = CreateCertificate(x509SubjectDN, effectiveDate, expirationDate, keyPair, caCert.SubjectDN,
TransformRSAPrivateKey((RSACryptoServiceProvider)certificateAuthority.PrivateKey), (certGen, serialNumber) =>
{
IList cn = x509SubjectDN.GetValueList(X509Name.CN);
if (cn.Count > 0)
{
if (Uri.CheckHostName(cn[0].ToString()) == UriHostNameType.Dns)
{
certGen.AddExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.DnsName, cn[0].ToString())));
}
else
{
try
{
MailAddress ma = new MailAddress(cn[0].ToString());
certGen.AddExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.Rfc822Name, cn[0].ToString())));
}
catch { }
}
}
KeyUsage ku = new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment);
if (keyUsages != null && keyUsages.Count > 0)
{
if (!(keyUsages.Contains(X509KeyUsageFlags.DigitalSignature) &&
keyUsages.Contains(X509KeyUsageFlags.KeyEncipherment)))
{
if (keyUsages.Contains(X509KeyUsageFlags.DigitalSignature))
{
ku = new KeyUsage(KeyUsage.DigitalSignature);
}
else
{
ku = new KeyUsage(KeyUsage.KeyEncipherment);
}
}
}
certGen.AddExtension(X509Extensions.KeyUsage, true, ku);
certGen.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeID.IdKPEmailProtection));
certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.Public));
certGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
certGen.AddCrlDistributionPoints(crlUrls);
});
rtnCert.PrivateKey = TransformRSAPrivateKey((RsaPrivateCrtKeyParameters)keyPair.Private);
return(rtnCert);
}
/// <summary>
/// Gets the X509 subject attribute values from a subject.
/// </summary>
/// <param name="subject">The subject.</param>
/// <returns>
/// The X509 subject attribute values indexed by the kind of subject attribute.
/// </returns>
/// <exception cref="ArgumentNullException"><paramref name="subject"/> is null.</exception>
public static IReadOnlyDictionary <X509SubjectAttributeKind, string> GetX509SubjectAttributes(
this X509Name subject)
{
new { subject }.Must().NotBeNull();
var objectIds = subject.GetOidList();
var values = subject.GetValueList();
var result = new Dictionary <X509SubjectAttributeKind, string>();
for (int x = 0; x < objectIds.Count; x++)
{
if ((objectIds[x] is DerObjectIdentifier derId) && (values[x] is string value))
{
if (derId.Id == X509Name.C.Id)
{
result.Add(X509SubjectAttributeKind.Country, value);
}
else if (derId.Id == X509Name.O.Id)
{
result.Add(X509SubjectAttributeKind.Organization, value);
}
else if (derId.Id == X509Name.OU.Id)
{
result.Add(X509SubjectAttributeKind.OrganizationalUnit, value);
}
else if (derId.Id == X509Name.T.Id)
{
result.Add(X509SubjectAttributeKind.Title, value);
}
else if (derId.Id == X509Name.CN.Id)
{
result.Add(X509SubjectAttributeKind.CommonName, value);
}
else if (derId.Id == X509Name.Street.Id)
{
result.Add(X509SubjectAttributeKind.Street, value);
}
else if (derId.Id == X509Name.SerialNumber.Id)
{
result.Add(X509SubjectAttributeKind.SerialNumber, value);
}
else if (derId.Id == X509Name.L.Id)
{
result.Add(X509SubjectAttributeKind.Locality, value);
}
else if (derId.Id == X509Name.ST.Id)
{
result.Add(X509SubjectAttributeKind.State, value);
}
}
}
return(result);
}
private static Name RetriveName(X509Name x509Name)
{
Name name = new Name();
name.isEmpty = x509Name.ToString().Length == 0;
var commonNameList = x509Name.GetValueList(X509Name.CN);
if (commonNameList != null && commonNameList.Count != 0)
{
name.CommonName = StringUtil.StringToByteArray(commonNameList[0].ToString());
}
//todo - add other fields if required
return(name);
}
/// <summary>
/// Adds the distinguished name as certificate subject.
/// </summary>
/// <param name="distinguishedName">The distinguished name.</param>
public void AddName(string distinguishedName)
{
var name = new X509Name(distinguishedName);
var oidList = name.GetOidList();
var valueList = name.GetValueList();
var len = oidList.Count;
for (var i = 0; i < len; ++i)
{
var id = (DerObjectIdentifier)oidList[i];
var value = valueList[i]?.ToString();
attributes.Add(Tuple.Create(id, value));
if (id == X509Name.CN)
{
this.commonName = value;
}
}
}
/// <summary>
/// Checks if certificate subject contains specified RDNs.
/// </summary>
/// <param name="certificate">certificate to check</param>
/// <returns></returns>
public bool Match(X509Certificate certificate)
{
if (certificate == null)
{
return(false);
}
IList subjectDnOidList = _subjectDn.GetOidList();
IList valueList = _subjectDn.GetValueList();
for (int i = 0; i < subjectDnOidList.Count; i++)
{
if (!Contains(valueList[i], certificate.SubjectDN.GetValueList((DerObjectIdentifier)subjectDnOidList[i])))
{
return(false);
}
}
return(true);
}
protected static IList <string> Extract(X509Name principal, string field)
{
if (field == null)
{
return(new SingletonList <string>(principal.ToString()));
// return Arrays.asList(principal.toString());
}
var values = new List <string>();
var normalizedField = field.Trim().ToLowerInvariant();
if (!X509Name.DefaultLookup.Contains(normalizedField))
{
return(values);
}
var oidField = (DerObjectIdentifier)X509Name.DefaultLookup[normalizedField];
values = principal.GetValueList(oidField).OfType <string>().ToList();
return(values);
}
public override void PerformTest()
{
doTestEncodingPrintableString(X509Name.C, "AU");
doTestEncodingPrintableString(X509Name.SerialNumber, "123456");
doTestEncodingPrintableString(X509Name.DnQualifier, "123456");
doTestEncodingIA5String(X509Name.EmailAddress, "*****@*****.**");
doTestEncodingIA5String(X509Name.DC, "test");
// correct encoding
doTestEncodingGeneralizedTime(X509Name.DateOfBirth, "#180F32303032303132323132323232305A");
// compatability encoding
doTestEncodingGeneralizedTime(X509Name.DateOfBirth, "20020122122220Z");
//
// composite
//
IDictionary attrs = new Hashtable();
attrs.Add(X509Name.C, "AU");
attrs.Add(X509Name.O, "The Legion of the Bouncy Castle");
attrs.Add(X509Name.L, "Melbourne");
attrs.Add(X509Name.ST, "Victoria");
attrs.Add(X509Name.E, "*****@*****.**");
IList order = new ArrayList();
order.Add(X509Name.C);
order.Add(X509Name.O);
order.Add(X509Name.L);
order.Add(X509Name.ST);
order.Add(X509Name.E);
X509Name name1 = new X509Name(order, attrs);
if (!name1.Equivalent(name1))
{
Fail("Failed same object test");
}
if (!name1.Equivalent(name1, true))
{
Fail("Failed same object test - in Order");
}
X509Name name2 = new X509Name(order, attrs);
if (!name1.Equivalent(name2))
{
Fail("Failed same name test");
}
if (!name1.Equivalent(name2, true))
{
Fail("Failed same name test - in Order");
}
if (name1.GetHashCode() != name2.GetHashCode())
{
Fail("Failed same name test - in Order");
}
IList ord1 = new ArrayList();
ord1.Add(X509Name.C);
ord1.Add(X509Name.O);
ord1.Add(X509Name.L);
ord1.Add(X509Name.ST);
ord1.Add(X509Name.E);
IList ord2 = new ArrayList();
ord2.Add(X509Name.E);
ord2.Add(X509Name.ST);
ord2.Add(X509Name.L);
ord2.Add(X509Name.O);
ord2.Add(X509Name.C);
name1 = new X509Name(ord1, attrs);
name2 = new X509Name(ord2, attrs);
if (!name1.Equivalent(name2))
{
Fail("Failed reverse name test");
}
// FIXME Sort out X509Name hashcode problem
// if (name1.GetHashCode() != name2.GetHashCode())
// {
// Fail("Failed reverse name test GetHashCode");
// }
if (name1.Equivalent(name2, true))
{
Fail("Failed reverse name test - in Order");
}
if (!name1.Equivalent(name2, false))
{
Fail("Failed reverse name test - in Order false");
}
IList oids = name1.GetOidList();
if (!CompareVectors(oids, ord1))
{
Fail("oid comparison test");
}
IList val1 = new ArrayList();
val1.Add("AU");
val1.Add("The Legion of the Bouncy Castle");
val1.Add("Melbourne");
val1.Add("Victoria");
val1.Add("*****@*****.**");
name1 = new X509Name(ord1, val1);
IList values = name1.GetValueList();
if (!CompareVectors(values, val1))
{
Fail("value comparison test");
}
ord2 = new ArrayList();
ord2.Add(X509Name.ST);
ord2.Add(X509Name.ST);
ord2.Add(X509Name.L);
ord2.Add(X509Name.O);
ord2.Add(X509Name.C);
name1 = new X509Name(ord1, attrs);
name2 = new X509Name(ord2, attrs);
if (name1.Equivalent(name2))
{
Fail("Failed different name test");
}
ord2 = new ArrayList();
ord2.Add(X509Name.ST);
ord2.Add(X509Name.L);
ord2.Add(X509Name.O);
ord2.Add(X509Name.C);
name1 = new X509Name(ord1, attrs);
name2 = new X509Name(ord2, attrs);
if (name1.Equivalent(name2))
{
Fail("Failed subset name test");
}
compositeTest();
//
// getValues test
//
IList v1 = name1.GetValueList(X509Name.O);
if (v1.Count != 1 || !v1[0].Equals("The Legion of the Bouncy Castle"))
{
Fail("O test failed");
}
IList v2 = name1.GetValueList(X509Name.L);
if (v2.Count != 1 || !v2[0].Equals("Melbourne"))
{
Fail("L test failed");
}
//
// general subjects test
//
for (int i = 0; i != subjects.Length; i++)
{
X509Name name = new X509Name(subjects[i]);
byte[] encodedName = name.GetEncoded();
name = X509Name.GetInstance(Asn1Object.FromByteArray(encodedName));
if (!name.ToString().Equals(subjects[i]))
{
Fail("Failed regeneration test " + i);
}
}
//
// sort test
//
X509Name unsorted = new X509Name("SERIALNUMBER=BBB + CN=AA");
if (!FromBytes(unsorted.GetEncoded()).ToString().Equals("CN=AA+SERIALNUMBER=BBB"))
{
Fail("Failed sort test 1");
}
unsorted = new X509Name("CN=AA + SERIALNUMBER=BBB");
if (!FromBytes(unsorted.GetEncoded()).ToString().Equals("CN=AA+SERIALNUMBER=BBB"))
{
Fail("Failed sort test 2");
}
unsorted = new X509Name("SERIALNUMBER=B + CN=AA");
if (!FromBytes(unsorted.GetEncoded()).ToString().Equals("SERIALNUMBER=B+CN=AA"))
{
Fail("Failed sort test 3");
}
unsorted = new X509Name("CN=AA + SERIALNUMBER=B");
if (!FromBytes(unsorted.GetEncoded()).ToString().Equals("SERIALNUMBER=B+CN=AA"))
{
Fail("Failed sort test 4");
}
//
// equality tests
//
equalityTest(new X509Name("CN=The Legion"), new X509Name("CN=The Legion"));
equalityTest(new X509Name("CN= The Legion"), new X509Name("CN=The Legion"));
equalityTest(new X509Name("CN=The Legion "), new X509Name("CN=The Legion"));
equalityTest(new X509Name("CN= The Legion "), new X509Name("CN=The Legion"));
equalityTest(new X509Name("CN= the legion "), new X509Name("CN=The Legion"));
// # test
X509Name n1 = new X509Name("SERIALNUMBER=8,O=ABC,CN=ABC Class 3 CA,C=LT");
X509Name n2 = new X509Name("2.5.4.5=8,O=ABC,CN=ABC Class 3 CA,C=LT");
X509Name n3 = new X509Name("2.5.4.5=#130138,O=ABC,CN=ABC Class 3 CA,C=LT");
equalityTest(n1, n2);
equalityTest(n2, n3);
equalityTest(n3, n1);
n1 = new X509Name(true, "2.5.4.5=#130138,CN=SSC Class 3 CA,O=UAB Skaitmeninio sertifikavimo centras,C=LT");
n2 = new X509Name(true, "SERIALNUMBER=#130138,CN=SSC Class 3 CA,O=UAB Skaitmeninio sertifikavimo centras,C=LT");
n3 = X509Name.GetInstance(Asn1Object.FromByteArray(Hex.Decode("3063310b3009060355040613024c54312f302d060355040a1326"
+ "55414220536b6169746d656e696e696f20736572746966696b6176696d6f2063656e74726173311730150603550403130e53534320436c6173732033204341310a30080603550405130138")));
equalityTest(n1, n2);
equalityTest(n2, n3);
equalityTest(n3, n1);
n1 = new X509Name("SERIALNUMBER=8,O=XX,CN=ABC Class 3 CA,C=LT");
n2 = new X509Name("2.5.4.5=8,O=,CN=ABC Class 3 CA,C=LT");
if (n1.Equivalent(n2))
{
Fail("empty inequality check failed");
}
n1 = new X509Name("SERIALNUMBER=8,O=,CN=ABC Class 3 CA,C=LT");
n2 = new X509Name("2.5.4.5=8,O=,CN=ABC Class 3 CA,C=LT");
equalityTest(n1, n2);
//
// inequality to sequences
//
name1 = new X509Name("CN=The Legion");
if (name1.Equals(DerSequence.Empty))
{
Fail("inequality test with sequence");
}
if (name1.Equals(new DerSequence(DerSet.Empty)))
{
Fail("inequality test with sequence and set");
}
Asn1EncodableVector v = new Asn1EncodableVector(
new DerObjectIdentifier("1.1"),
new DerObjectIdentifier("1.1"));
if (name1.Equals(new DerSequence(new DerSet(new DerSet(v)))))
{
Fail("inequality test with sequence and bad set");
}
// if (name1.Equals(new DerSequence(new DerSet(new DerSet(v))), true))
// {
// Fail("inequality test with sequence and bad set");
// }
try
{
X509Name.GetInstance(new DerSequence(new DerSet(new DerSet(v))));
Fail("GetInstance should reject bad sequence");
}
catch (ArgumentException)
{
//expected
}
if (name1.Equals(new DerSequence(new DerSet(DerSequence.Empty))))
{
Fail("inequality test with sequence and short sequence");
}
// if (name1.Equals(new DerSequence(new DerSet(DerSequence.Empty)), true))
// {
// Fail("inequality test with sequence and short sequence");
// }
try
{
X509Name.GetInstance(new DerSequence(new DerSet(DerSequence.Empty)));
Fail("GetInstance should reject short sequence");
}
catch (ArgumentException)
{
//expected
}
v = new Asn1EncodableVector(
new DerObjectIdentifier("1.1"),
DerSequence.Empty);
if (name1.Equals(new DerSequence(new DerSet(new DerSequence(v)))))
{
Fail("inequality test with sequence and bad sequence");
}
if (name1.Equivalent(null))
{
Fail("inequality test with null");
}
if (name1.Equivalent(null, true))
{
Fail("inequality test with null");
}
//
// this is contrived but it checks sorting of sets with equal elements
//
unsorted = new X509Name("CN=AA + CN=AA + CN=AA");
//
// tagging test - only works if CHOICE implemented
//
/*
* ASN1TaggedObject tag = new DERTaggedObject(false, 1, new X509Name("CN=AA"));
*
* if (!tag.isExplicit())
* {
* Fail("failed to explicitly tag CHOICE object");
* }
*
* X509Name name = X509Name.getInstance(tag, false);
*
* if (!name.equals(new X509Name("CN=AA")))
* {
* Fail("failed to recover tagged name");
* }
*/
DerUtf8String testString = new DerUtf8String("The Legion of the Bouncy Castle");
byte[] encodedBytes = testString.GetEncoded();
string hexEncodedString = "#" + Hex.ToHexString(encodedBytes);
DerUtf8String converted = (DerUtf8String)
new X509DefaultEntryConverter().GetConvertedValue(
X509Name.L, hexEncodedString);
if (!converted.Equals(testString))
{
Fail("Failed X509DefaultEntryConverter test");
}
//
// try escaped.
//
converted = (DerUtf8String) new X509DefaultEntryConverter().GetConvertedValue(
X509Name.L, "\\" + hexEncodedString);
if (!converted.Equals(new DerUtf8String(hexEncodedString)))
{
Fail("Failed X509DefaultEntryConverter test got " + converted + " expected: " + hexEncodedString);
}
//
// try a weird value
//
X509Name n = new X509Name("CN=\\#nothex#string");
if (!n.ToString().Equals("CN=\\#nothex#string"))
{
Fail("# string not properly escaped.");
}
IList vls = n.GetValueList(X509Name.CN);
if (vls.Count != 1 || !vls[0].Equals("#nothex#string"))
{
Fail("Escaped # not reduced properly");
}
n = new X509Name("CN=\"a+b\"");
vls = n.GetValueList(X509Name.CN);
if (vls.Count != 1 || !vls[0].Equals("a+b"))
{
Fail("Escaped + not reduced properly");
}
n = new X509Name("CN=a\\+b");
vls = n.GetValueList(X509Name.CN);
if (vls.Count != 1 || !vls[0].Equals("a+b"))
{
Fail("Escaped + not reduced properly");
}
if (!n.ToString().Equals("CN=a\\+b"))
{
Fail("+ in string not properly escaped.");
}
n = new X509Name("CN=a\\=b");
vls = n.GetValueList(X509Name.CN);
if (vls.Count != 1 || !vls[0].Equals("a=b"))
{
Fail("Escaped = not reduced properly");
}
if (!n.ToString().Equals("CN=a\\=b"))
{
Fail("= in string not properly escaped.");
}
n = new X509Name("TELEPHONENUMBER=\"+61999999999\"");
vls = n.GetValueList(X509Name.TelephoneNumber);
if (vls.Count != 1 || !vls[0].Equals("+61999999999"))
{
Fail("telephonenumber escaped + not reduced properly");
}
n = new X509Name("TELEPHONENUMBER=\\+61999999999");
vls = n.GetValueList(X509Name.TelephoneNumber);
if (vls.Count != 1 || !vls[0].Equals("+61999999999"))
{
Fail("telephonenumber escaped + not reduced properly");
}
n = new X509Name(@"TELEPHONENUMBER=\+61999999999");
vls = n.GetValueList(X509Name.TelephoneNumber);
if (vls.Count != 1 || !vls[0].Equals("+61999999999"))
{
Fail("telephonenumber escaped + not reduced properly");
}
}
internal string AliasOf(PkiCertificate cert)
{
var x509Name = new X509Name(cert.SubjectName);
return((x509Name.GetValueList(X509Name.CN)?[0] ?? cert.SubjectName) as string);
}
private XmlElement CreateXadesObject(Org.BouncyCastle.X509.X509Certificate cert)
{
X509Name old = cert.SubjectDN;
X509Name n = new X509Name(old.GetOidList(), old.GetValueList());
byte[] data = n.GetDerEncoded();
Sha1Digest hash = new Sha1Digest();
hash.BlockUpdate(data, 0, data.Length);
byte[] result = new byte[hash.GetDigestSize()];
hash.DoFinal(result, 0);
string sCertDigest = Convert.ToBase64String(result);
string Issuer = cert.IssuerDN.ToString(true, X509Name.RFC2253Symbols);
string Serial = cert.SerialNumber.LongValue.ToString();
XmlElement XmlObject = m_doc.CreateElement(ns_dsig_prefix, "Object", ns_dsig_uri);
XmlAttribute Id = m_doc.CreateAttribute("Id");
Id.Value = "etsi-signed-1-1";
XmlObject.Attributes.Append(Id);
XmlElement QualifyingProperties = m_doc.CreateElement(ns_etsi_prefix, "QualifyingProperties", ns_etsi_uri);
XmlObject.AppendChild(QualifyingProperties);
XmlAttribute Target = m_doc.CreateAttribute("Target");
Target.Value = "#signature-1-1";
QualifyingProperties.Attributes.Append(Target);
XmlAttribute nsxml = m_doc.CreateAttribute("xmlns:" + ns_etsi_prefix);
nsxml.Value = ns_etsi_uri;
QualifyingProperties.Attributes.Append(nsxml);
XmlElement SignedProperties = m_doc.CreateElement(ns_etsi_prefix, "SignedProperties", ns_etsi_uri);
QualifyingProperties.AppendChild(SignedProperties);
XmlElement SignedSignatureProperties = m_doc.CreateElement(ns_etsi_prefix, "SignedSignatureProperties", ns_etsi_uri);
SignedProperties.AppendChild(SignedSignatureProperties);
XmlElement SigningTime = m_doc.CreateElement(ns_etsi_prefix, "SigningTime", ns_etsi_uri);
SignedSignatureProperties.AppendChild(SigningTime);
SigningTime.AppendChild(m_doc.CreateTextNode(DateTime.UtcNow.ToString("s") + "Z"));
XmlElement SigningCertificate = m_doc.CreateElement(ns_etsi_prefix, "SigningCertificate", ns_etsi_uri);
SignedSignatureProperties.AppendChild(SigningCertificate);
XmlElement Cert = m_doc.CreateElement(ns_etsi_prefix, "Cert", ns_etsi_uri);
SigningCertificate.AppendChild(Cert);
XmlElement CertDigest = m_doc.CreateElement(ns_etsi_prefix, "CertDigest", ns_etsi_uri);
Cert.AppendChild(CertDigest);
XmlElement DigestMethod = m_doc.CreateElement(ns_etsi_prefix, "DigestMethod", ns_etsi_uri);
CertDigest.AppendChild(DigestMethod);
XmlAttribute Algorithm = m_doc.CreateAttribute("Algorithm");
Algorithm.Value = "http://www.w3.org/2000/09/xmldsig#sha1";
DigestMethod.Attributes.Append(Algorithm);
XmlElement DigestValue = m_doc.CreateElement(ns_etsi_prefix, "DigestValue", ns_etsi_uri);
CertDigest.AppendChild(DigestValue);
DigestValue.AppendChild(m_doc.CreateTextNode(sCertDigest));
XmlElement IssuerSerial = m_doc.CreateElement(ns_etsi_prefix, "IssuerSerial", ns_etsi_uri);
Cert.AppendChild(IssuerSerial);
XmlElement X509IssuerName = m_doc.CreateElement(ns_dsig_prefix, "X509IssuerName", ns_dsig_uri);
IssuerSerial.AppendChild(X509IssuerName);
X509IssuerName.AppendChild(m_doc.CreateTextNode(Issuer));
XmlElement X509SerialNumber = m_doc.CreateElement(ns_dsig_prefix, "X509SerialNumber", ns_dsig_uri);
IssuerSerial.AppendChild(X509SerialNumber);
X509SerialNumber.AppendChild(m_doc.CreateTextNode(Serial));
XmlElement SignaturePolicyIdentifier = m_doc.CreateElement(ns_etsi_prefix, "SignaturePolicyIdentifier", ns_etsi_uri);
SignedSignatureProperties.AppendChild(SignaturePolicyIdentifier);
XmlElement SignaturePolicyImplied = m_doc.CreateElement(ns_etsi_prefix, "SignaturePolicyImplied", ns_etsi_uri);
SignaturePolicyIdentifier.AppendChild(SignaturePolicyImplied);
XmlElement SignedDataObjectProperties = m_doc.CreateElement(ns_etsi_prefix, "SignedDataObjectProperties", ns_etsi_uri);
SignedProperties.AppendChild(SignedDataObjectProperties);
XmlElement DataObjectFormat = m_doc.CreateElement(ns_etsi_prefix, "DataObjectFormat", ns_etsi_uri);
SignedDataObjectProperties.AppendChild(DataObjectFormat);
XmlAttribute ObjectReference = m_doc.CreateAttribute("ObjectReference");
ObjectReference.Value = "#reference-1-1";
DataObjectFormat.Attributes.Append(ObjectReference);
XmlElement MimeType = m_doc.CreateElement(ns_etsi_prefix, "MimeType", ns_etsi_uri);
DataObjectFormat.AppendChild(MimeType);
MimeType.AppendChild(m_doc.CreateTextNode("text/xml"));
return(XmlObject);
}
/// <summary>
/// Generate the certificate
/// </summary>
/// <param name="certName">Certificate name</param>
/// <param name="certPublicKey">Certificate public key</param>
/// <param name="certPublicKeyInfo">Certificate public key info</param>
/// <param name="issuer">Issuer name</param>
/// <param name="issuerPublicKey">Issuer public key</param>
/// <param name="issuerPrivateKey">Issuer private key</param>
/// <param name="issuerSerialNumber">Issuer serial number</param>
/// <returns>X509Certificate2 Certificate</returns>
private X509Certificate2 GenerateCertificate(X509Name certName, AsymmetricKeyParameter certPublicKey, SubjectPublicKeyInfo certPublicKeyInfo,
X509Name issuer, AsymmetricKeyParameter issuerPublicKey, AsymmetricKeyParameter issuerPrivateKey, BigInteger issuerSerialNumber)
{
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
ISignatureFactory factory = new Asn1SignatureFactory("SHA256withRSA", issuerPrivateKey, random);
X509V3CertificateGenerator builder = new X509V3CertificateGenerator();
builder.SetSerialNumber(new BigInteger(16, new SecureRandom(randomGenerator)));
builder.SetIssuerDN(issuer);
builder.SetSubjectDN(certName);
builder.SetPublicKey(certPublicKey);
builder.SetNotBefore(DateTime.UtcNow);
builder.SetNotAfter(DateTime.UtcNow.AddDays(_config.DeviceCertificateValidityDays));
builder.AddExtension(X509Extensions.KeyUsage.Id, true, new X509KeyUsage(X509KeyUsage.DigitalSignature | X509KeyUsage.KeyEncipherment));
builder.AddExtension(X509Extensions.BasicConstraints.Id, true, new BasicConstraints(false));
var subjectAlternativeNames = new Asn1Encodable[] { new GeneralName(GeneralName.DnsName, certName.GetValueList()[0].ToString()) };
var subjectAlternativeNamesExtension = new DerSequence(subjectAlternativeNames);
builder.AddExtension(X509Extensions.SubjectAlternativeName.Id, false, subjectAlternativeNamesExtension);
builder.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(new KeyPurposeID[]
{
KeyPurposeID.IdKPClientAuth,
KeyPurposeID.IdKPServerAuth
}
));
builder.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, false, GetAuthorityKeyIdentifier(issuer, issuerPublicKey, issuerSerialNumber));
builder.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, false, new SubjectKeyIdentifier(certPublicKeyInfo));
// Sign the certificate
Org.BouncyCastle.X509.X509Certificate newCertificate = builder.Generate(factory);
return(new X509Certificate2(DotNetUtilities.ToX509Certificate(newCertificate)));
}
