public void subjectAltNameConstructorTest1()
{
bool critical = true;
subjectAltName target = new subjectAltName(critical);
Assert.IsTrue(target.Critical);
}
public void AddTest()
{
OSCAGeneralName Name = testData2;
subjectAltName target = new subjectAltName();
target.Add(Name);
Assert.AreEqual(testData2, target.SubjAltNames[0]);
}
public void RemoveTest()
{
subjectAltName target = new subjectAltName(testData1);
OSCAGeneralName Name = testData2;
target.Remove(Name);
Assert.AreEqual(1, target.SubjAltNames.Count);
}
public void subjectAltNameConstructorTest2()
{
XElement Xml = testData1;
subjectAltName target = new subjectAltName(Xml);
Assert.AreEqual("SubjectAlternativeName", target.Name);
Assert.IsFalse(target.Critical);
Assert.IsTrue(target.SubjAltNames.Count == 2);
}
public void ToXmlTest()
{
subjectAltName target = new subjectAltName(testData1);
XNode expected = testData1;
XNode actual;
actual = target.ToXml();
Assert.AreEqual(expected.ToString(), actual.ToString());
}
public void GeneralNamesTest()
{
subjectAltName target = new subjectAltName(testData1);
GeneralNames actual;
actual = target.GeneralNames;
GeneralName[] gn = actual.GetNames();
Assert.AreEqual("*****@*****.**", gn[0].Name.ToString());
Assert.IsTrue(gn[1].TagNo == 2);
}
public void LoadOrCreateCA(String PKCS12Filename, String CommonName, subjectAltName altNames)
{
X509Name DN = new X509Name();
DN.Common = CommonName;
DN.Organization = "SafeId - IAM";
DN.Country = "BR";
LoadOrCreateCA(PKCS12Filename, DN, altNames);
}
public void SubjAltNamesTest()
{
subjectAltName target = new subjectAltName(testData1);
List <OSCAGeneralName> actual;
actual = target.SubjAltNames;
Assert.IsTrue(actual[0].Name == "*****@*****.**");
Assert.IsTrue(actual[0].Type == GenName.rfc822Name);
Assert.IsTrue(actual[1].Name == "peter.foo.com");
Assert.IsTrue(actual[1].Type == GenName.dNSName);
}
private string SANasString()
{
if (OscaExtensions == null)
{
return(null);
}
// Retrieve the SAN extension from the Extensions list
subjectAltName san = (subjectAltName)FindExtension("SubjectAlternativeName");
if (san == null)
{
return(null);
}
return(san.ToString());
}
// Load an existing extension
private void edit(subjectAltName subjan)
{
san = subjan;
// Populate the dataset
for (int i = 0; i < san.SubjAltNames.Count; i++)
{
updateDataSet(san.SubjAltNames[i], i);
}
// critical setting
if (san.Critical)
{
cbCritical.Checked = true;
}
else
{
cbCritical.Checked = false;
}
}
/// <summary>
/// Get a GeneralNames object containing the SubjectAltNames
/// </summary>
/// <returns>Subject Alt Names (or null)</returns>
private GeneralNames getSubjectAltNames()
{
if (Extensions == null)
{
return(null);
}
// Retrieve the SAN extension from the Extensions list
subjectAltName san = (subjectAltName)FindExtension("SubjectAlternativeName");
//X509Extension san = Extensions.GetExtension(X509Extensions.SubjectAlternativeName);
if (san == null)
{
return(null);
}
// Create a new GeneralNames object that includes the sequence of names
return(san.GeneralNames);
}
public SubjectAltNames(subjectAltName san)
{
InitializeComponent();
if (san == null)
{
create();
}
else
{
edit(san);
}
// Setup the dataset
ds.Tables.Add("generalNames");
ds.Tables["generalNames"].Columns.Add("#");
ds.Tables["generalNames"].Columns.Add("Type");
ds.Tables["generalNames"].Columns.Add("Name");
// Setup the grid
dgv.DataSource = ds.Tables["generalNames"];
}
public String SignCert(X509Name Name, Boolean ca, subjectAltName altNames, Boolean saveFile, DateTime?expirationDate)
{
String certData = "";
FileInfo file = new FileInfo(Path.Combine(certDir.FullName, Name.Common + ".pfx"));
using (CryptoKey key = CreateNewRSAKey(4096))
{
int version = 2; // Version 2 is X.509 Version 3
using (X509Request request = new X509Request(version, Name, key))
using (X509Certificate certificate = RootCA.ProcessRequest(request, DateTime.Now.AddHours(-24), (expirationDate.HasValue ? expirationDate.Value : DateTime.Now + TimeSpan.FromDays(365)), MessageDigest.SHA1))
{
if (ca)
{
certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "basicConstraints", true, "CA:true"));
certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "keyUsage", true, "critical, cRLSign, keyCertSign, digitalSignature"));
certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "certificatePolicies", true, "2.5.29.32.0"));
}
else
{
certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "basicConstraints", true, "CA:false"));
}
certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "issuerAltName", true, "issuer:copy"));
certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "nsComment", true, "SafeID - IAM Generated Certificate"));
certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectKeyIdentifier", true, "hash"));
certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "authorityKeyIdentifier", true, "keyid,issuer:always"));
//certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectAltName", true, "DNS:" + Name.Common));
if (altNames != null)
{
foreach (Uri u in altNames.Uri)
{
certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectAltName", true, "URI:" + u.AbsoluteUri.ToLower()));
}
foreach (String m in altNames.Mail)
{
certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectAltName", true, "email:" + m));
}
foreach (String s in altNames.Dns)
{
certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectAltName", true, "DNS:" + s));
}
foreach (String s in altNames.Text)
{
certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "subjectAltName", true, "otherName:1.2.3.4;UTF8:" + s));
}
}
/*
* subjectAltName=email:copy,email:[email protected],URI:http://my.url.here/
* subjectAltName=IP:192.168.7.1
* subjectAltName=IP:13::17
* subjectAltName=email:[email protected],RID:1.2.3.4
* subjectAltName=otherName:1.2.3.4;UTF8:some other identifier*/
//certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "keyUsage", true, "nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, encipherOnly, decipherOnly, keyAgreement"));
//certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "extendedKeyUsage", true, "clientAuth"));
//certificate.AddExtension(new X509Extension(RootCA.Certificate, certificate, "crlDistributionPoints", true, "URI:http://ok/certEnroll/ok-ca.crl"));
certificate.Sign(RootCA.Key, MessageDigest.SHA1);
if (saveFile)
{
certData = BuildPKCS12AndSave(file.FullName, this.signedPassword, key, certificate);
}
else
{
certData = BuildPKCS12(this.signedPassword, key, certificate);
}
}
}
return(certData);
}
public String SignCert(String Common, Boolean ca, subjectAltName altNames, Boolean saveFile, DateTime?expirationDate)
{
X509Name name = GetCertificateSigningRequestSubject(Common);
return(SignCert(name, ca, altNames, saveFile, expirationDate));
}
public String SignCert(X509Name Name, subjectAltName altNames)
{
return(SignCert(Name, false, altNames, true, null));
}
public String SignCert(String Common, subjectAltName altNames)
{
return(SignCert(Common, false, altNames, true, null));
}
public String SignCert(String Common, subjectAltName altNames, Boolean saveFile)
{
return(SignCert(Common, false, altNames, saveFile, null));
}
public void LoadOrCreateCA(String PKCS12Filename, X509Name Name, subjectAltName altNames)
{
FileInfo caPkcs12 = new FileInfo(PKCS12Filename);
if (caPkcs12.Exists)
{
try
{
Byte[] bPKCS12 = File.ReadAllBytes(caPkcs12.FullName);
// You need to write the CSR string to a BIO object as shown below.
BIO pkcs12BIO = BIO.MemoryBuffer();
pkcs12BIO.Write(bPKCS12);
X509Certificate cert = X509Certificate.FromPKCS12(pkcs12BIO, this.caPassword);
if (RootCA != null)
{
RootCA.Dispose();
}
RootCA = new X509CertificateAuthority(cert, cert.PrivateKey, new SimpleSerialNumber(1), cfg);
}
catch
{
RootCA = null;
}
}
if (RootCA == null)
{
X509V3ExtensionList ext = new X509V3ExtensionList();
ext.Add(new X509V3ExtensionValue("nsComment", true, "SafeID - IAM Generated Certificate"));
ext.Add(new X509V3ExtensionValue("basicConstraints", true, "CA:true"));
//ext.Add(new X509V3ExtensionValue("keyUsage", true, "critical, cRLSign, keyCertSign, digitalSignature"));
ext.Add(new X509V3ExtensionValue("subjectKeyIdentifier", true, "hash"));
ext.Add(new X509V3ExtensionValue("authorityKeyIdentifier", true, "keyid,issuer:always"));
if (altNames != null)
{
foreach (Uri u in altNames.Uri)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "URI:" + u.AbsoluteUri.ToLower()));
}
foreach (String m in altNames.Mail)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "email:" + m));
}
foreach (String s in altNames.Dns)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "DNS:" + s));
}
foreach (String s in altNames.Text)
{
ext.Add(new X509V3ExtensionValue("subjectAltName", true, "otherName:1.2.3.4;UTF8:" + s));
}
}
RootCA = X509CertificateAuthority.SelfSigned(new SimpleSerialNumber(), CreateNewRSAKey(2048), MessageDigest.SHA1, Name, DateTime.Now.AddHours(-24), (DateTime.Now.AddYears(10) - DateTime.Now), ext);
BuildPKCS12AndSave(caPkcs12.FullName, this.caPassword, RootCA.Key, RootCA.Certificate);
}
}
// Create a new extension
private void create()
{
san = new subjectAltName();
}
public void subjectAltNameConstructorTest()
{
subjectAltName target = new subjectAltName();
Assert.AreEqual("SubjectAlternativeName", target.Name);
}
