public void CanAddRequestExtensions() { var extList = new List <X509V3ExtensionValue> { new X509V3ExtensionValue("subjectAltName", false, "DNS:foo.com,DNS:bar.org"), new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"), }; var start = DateTime.Now; var end = start + TimeSpan.FromMinutes(10); using (var key = new CryptoKey(RSA.FromPrivateKey(new BIO(RSA_KEY)))) using (var request = new X509Request(1, new X509Name("foo"), key)) { OpenSSL.Core.Stack <X509Extension> extensions = new OpenSSL.Core.Stack <X509Extension>(); foreach (var extValue in extList) { using (var ext = new X509Extension(request, extValue.Name, extValue.IsCritical, extValue.Value)) { Console.WriteLine(ext); extensions.Add(ext); } } request.AddExtensions(extensions); Assert.AreEqual(EXPECTED_CERT, request.PEM); } }
public void CanAddRequestExtensions() { var extList = new List<X509V3ExtensionValue> { new X509V3ExtensionValue("subjectAltName", false, "DNS:foo.com,DNS:bar.org"), new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign"), }; var start = DateTime.Now; var end = start + TimeSpan.FromMinutes(10); using (var key = new CryptoKey(RSA.FromPrivateKey(new BIO(RSA_KEY)))) using (var request = new X509Request(1,new X509Name("foo"),key)) { OpenSSL.Core.Stack<X509Extension> extensions = new OpenSSL.Core.Stack<X509Extension>(); foreach (var extValue in extList) { using (var ext = new X509Extension(request, extValue.Name, extValue.IsCritical, extValue.Value)) { Console.WriteLine(ext); extensions.Add(ext); } } request.AddExtensions(extensions); Assert.AreEqual(EXPECTED_CERT, request.PEM); } }
public override void ExportArchive(PrivateKey pk, IEnumerable <Crt> certs, ArchiveFormat fmt, Stream target, string password = "") { var rsaPk = pk as RsaPrivateKey; if (rsaPk == null) { throw new NotSupportedException("unsupported private key type"); } if (fmt == ArchiveFormat.PKCS12) { var x509Arr = certs.Select(x => { using (var bio = BIO.MemoryBuffer()) { bio.Write(x.Pem); return(new X509Certificate(bio)); } }).ToArray(); using (var key = CryptoKey.FromPrivateKey(rsaPk.Pem, null)) { var caStack = new OpenSSL.Core.Stack <X509Certificate>(); for (int i = 1; i < x509Arr.Length; ++i) { caStack.Add(x509Arr[i]); } using (var pfx = new PKCS12(password == string.Empty ? null : password, key, x509Arr[0], caStack)) { using (var bio = BIO.MemoryBuffer()) { pfx.Write(bio); var count = (int)bio.BytesPending; var array = bio.ReadBytes(count); target.Write(array.Array, 0, count); } } } foreach (var x in x509Arr) { x.Dispose(); } } else { throw new NotSupportedException("unsupported archive format"); } }
/// <summary> /// Converts a certificate and private key to a PKCS#12 (.PFX) file. /// </summary> public static void ConvertToPfx(Stream keyPemSource, Stream crtPemSource, Stream isrPemSource, Stream pfxTarget) { using (BIO keyBio = BIO.MemoryBuffer(), crtBio = BIO.MemoryBuffer(), isrBio = BIO.MemoryBuffer()) { using (var ms = new MemoryStream()) { keyPemSource.CopyTo(ms); keyBio.Write(ms.ToArray()); } using (var ms = new MemoryStream()) { crtPemSource.CopyTo(ms); crtBio.Write(ms.ToArray()); } using (var ms = new MemoryStream()) { isrPemSource.CopyTo(ms); isrBio.Write(ms.ToArray()); } using (var key = CryptoKey.FromPrivateKey(keyBio, null)) { using (var crt = new X509Certificate(crtBio)) { using (var isr = new X509Certificate(isrBio)) { var isrStack = new OpenSSL.Core.Stack <X509Certificate>(); isrStack.Add(isr); using (var pfx = new PKCS12(null, key, crt, isrStack)) { using (var pfxBio = BIO.MemoryBuffer()) { pfx.Write(pfxBio); var arr = pfxBio.ReadBytes((int)pfxBio.BytesPending); pfxTarget.Write(arr.Array, arr.Offset, arr.Count); } } } } } } }
/// <summary> /// Writes the specified Certificate and Crypto key out to the file defined in the fileName parameter. This /// file is protected with the specified password. The password is optional. /// </summary> /// <param name="fileName">The file name and path of the pfx file to be created.</param> /// <param name="password">The password to be put on the pfx file if any.</param> /// <param name="cryptoKey">The CryptoKey containing the private key that belongs to the certificate parameter.</param> /// <param name="certificate">The certificate to write to file.</param> public static void WritePfxToFile(string fileName, string password, CryptoKey cryptoKey, X509Certificate certificate) { if (cryptoKey == null) { throw new ArgumentNullException("cryptoKey", "CryptoKey is null"); } if (certificate == null) { throw new ArgumentNullException("certificate", "certificate is null"); } using (var bio = FileHelpers.Write(fileName)) using (var caStack = new OpenSSL.Core.Stack <X509Certificate>()) using (var pfx = new PKCS12(password, cryptoKey, certificate, caStack)) { pfx.Write(bio); } }
public void TestWithoutCfg() { BigNumber bn = 0x10001; CryptoKey key; using (RSA rsa = new RSA()) { rsa.GenerateKeys(2048, bn, OnGenerator, null); key = new CryptoKey(rsa); // rsa is assigned, we no longer need this instance } X509V3ExtensionList extList = new X509V3ExtensionList(); extList.Add(new X509V3ExtensionValue("subjectKeyIdentifier", false, "hash")); extList.Add(new X509V3ExtensionValue("authorityKeyIdentifier", false, "keyid:always,issuer:always")); extList.Add(new X509V3ExtensionValue("basicConstraints", true, "critical,CA:true")); extList.Add(new X509V3ExtensionValue("keyUsage", false, "cRLSign,keyCertSign")); using (X509CertificateAuthority root = X509CertificateAuthority.SelfSigned( new SimpleSerialNumber(), key, MessageDigest.SHA1, "Root1", DateTime.Now, TimeSpan.FromDays(365), extList)) { Console.WriteLine(root.Certificate); // Iterate the extensions Console.WriteLine("X509v3 Extensions:"); using (OpenSSL.Core.Stack <X509Extension> ext_stack = root.Certificate.Extensions) { foreach (X509Extension ext in ext_stack) { Console.WriteLine("Name:{0}, IsCritical:{1}, Value:{2}", ext.Name, ext.IsCritical, ext); } } } }
private void buttonX1_Click(object sender, EventArgs e) { try { superValidator1.SetValidator1(textBoxX1, null); superValidator1.SetValidator1(c, null); if (pem.Checked) { // superValidator1.SetValidator1(textBoxX1, new DevComponents.DotNetBar.Validator.RequiredFieldValidator("Password is required for Key Encryption")); superValidator1.SetValidator1(c, new DevComponents.DotNetBar.Validator.RequiredFieldValidator("Cipher is required for Key Encryption")); } //else if(pfx.Checked) // superValidator1.SetValidator1(textBoxX1, new DevComponents.DotNetBar.Validator.RequiredFieldValidator("Password is required for Key Encryption")); if (superValidator1.Validate()) { superValidator1.SetValidator1(textBoxX1, null); superValidator1.SetValidator1(c, null); string devpath = ""; if (MainForm.cai != null) { if (MainForm.cai.DevPath != null) { devpath = MainForm.cai.DevPath; } } SaveFileDialog sfd = new SaveFileDialog(); sfd.Filter = "Origisign Temp Certificate|*.ogtc"; if (devpath != "") { sfd.InitialDirectory = devpath; } if (sfd.ShowDialog() == System.Windows.Forms.DialogResult.OK) { FileName = sfd.FileName; //if (pkcs7.Checked) // File.WriteAllBytes(Path.ChangeExtension(FileName, ".p7b"), certificate.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs7)); if (pfx.Checked) { using (var bio = BIO.File(Path.ChangeExtension(FileName, ".pfx"), "w")) { OpenSSL.Core.Stack <X509Certificate> caStack = new OpenSSL.Core.Stack <X509Certificate>(); // caStack.Add(certificate); using (var pfx12 = new PKCS12(textBoxX1.Text, Key, certificate, caStack)) pfx12.Write(bio); } } if (cert.Checked) { using (var bio = BIO.File(Path.ChangeExtension(FileName, ".cer"), "w")) certificate.Write(bio); } if (pem.Checked) { ComboItem ci = (ComboItem)c.SelectedItem; using (var bio = BIO.File(Path.ChangeExtension(FileName, ".key"), "w")) Key.WritePrivateKey(bio, (Cipher)ci.Value, textBoxX1.Text); } this.Close(); } } } catch (Exception ex) { MessageBoxEx.Show(ex.Message, "Export Failed", MessageBoxButtons.OK, MessageBoxIcon.Information); this.Close(); } }
protected Csr GenerateCsr(CsrDetails csrDetails, RsaPrivateKey rsaKeyPair, string messageDigest = "SHA256") { var rsaKeys = CryptoKey.FromPrivateKey(rsaKeyPair.Pem, null); // Translate from our external form to our OpenSSL internal form // Ref: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_new.html var xn = new X509Name(); if (!string.IsNullOrEmpty(csrDetails.CommonName /**/)) { xn.Common = csrDetails.CommonName; // CN; } if (!string.IsNullOrEmpty(csrDetails.Country /**/)) { xn.Country = csrDetails.Country; // C; } if (!string.IsNullOrEmpty(csrDetails.StateOrProvince /**/)) { xn.StateOrProvince = csrDetails.StateOrProvince; // ST; } if (!string.IsNullOrEmpty(csrDetails.Locality /**/)) { xn.Locality = csrDetails.Locality; // L; } if (!string.IsNullOrEmpty(csrDetails.Organization /**/)) { xn.Organization = csrDetails.Organization; // O; } if (!string.IsNullOrEmpty(csrDetails.OrganizationUnit /**/)) { xn.OrganizationUnit = csrDetails.OrganizationUnit; // OU; } if (!string.IsNullOrEmpty(csrDetails.Description /**/)) { xn.Description = csrDetails.Description; // D; } if (!string.IsNullOrEmpty(csrDetails.Surname /**/)) { xn.Surname = csrDetails.Surname; // S; } if (!string.IsNullOrEmpty(csrDetails.GivenName /**/)) { xn.Given = csrDetails.GivenName; // G; } if (!string.IsNullOrEmpty(csrDetails.Initials /**/)) { xn.Initials = csrDetails.Initials; // I; } if (!string.IsNullOrEmpty(csrDetails.Title /**/)) { xn.Title = csrDetails.Title; // T; } if (!string.IsNullOrEmpty(csrDetails.SerialNumber /**/)) { xn.SerialNumber = csrDetails.SerialNumber; // SN; } if (!string.IsNullOrEmpty(csrDetails.UniqueIdentifier /**/)) { xn.UniqueIdentifier = csrDetails.UniqueIdentifier; // UID; } var xr = new X509Request(0, xn, rsaKeys); if (csrDetails.AlternativeNames != null) { // Format the common name as the first alternative name var commonName = $"{EXT_SAN_PREFIX_DNS}:{xn.Common}"; // Concat with all subsequent alternative names var altNames = commonName + string.Join("", csrDetails.AlternativeNames.Select( x => $",{EXT_SAN_PREFIX_DNS}:{x}")); // Assemble and add the SAN extension value var extensions = new OpenSSL.Core.Stack <X509Extension>(); extensions.Add(new X509Extension(xr, EXT_NAME_SAN, false, altNames)); xr.AddExtensions(extensions); } var md = MessageDigest.CreateByName(messageDigest); xr.Sign(rsaKeys, md); using (var bio = BIO.MemoryBuffer()) { xr.Write(bio); return(new Csr(bio.ReadString())); } }
private Csr GenerateCsr(CsrDetails csrDetails, RsaPrivateKey rsaKeyPair, string messageDigest = "SHA256") { var rsaKeys = CryptoKey.FromPrivateKey(rsaKeyPair.Pem, null); // Translate from our external form to our OpenSSL internal form // Ref: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_new.html var xn = new X509Name(); if (!string.IsNullOrEmpty(csrDetails.CommonName /**/)) { xn.Common = csrDetails.CommonName; // CN; } if (!string.IsNullOrEmpty(csrDetails.Country /**/)) { xn.Country = csrDetails.Country; // C; } if (!string.IsNullOrEmpty(csrDetails.StateOrProvince /**/)) { xn.StateOrProvince = csrDetails.StateOrProvince; // ST; } if (!string.IsNullOrEmpty(csrDetails.Locality /**/)) { xn.Locality = csrDetails.Locality; // L; } if (!string.IsNullOrEmpty(csrDetails.Organization /**/)) { xn.Organization = csrDetails.Organization; // O; } if (!string.IsNullOrEmpty(csrDetails.OrganizationUnit /**/)) { xn.OrganizationUnit = csrDetails.OrganizationUnit; // OU; } if (!string.IsNullOrEmpty(csrDetails.Description /**/)) { xn.Description = csrDetails.Description; // D; } if (!string.IsNullOrEmpty(csrDetails.Surname /**/)) { xn.Surname = csrDetails.Surname; // S; } if (!string.IsNullOrEmpty(csrDetails.GivenName /**/)) { xn.Given = csrDetails.GivenName; // G; } if (!string.IsNullOrEmpty(csrDetails.Initials /**/)) { xn.Initials = csrDetails.Initials; // I; } if (!string.IsNullOrEmpty(csrDetails.Title /**/)) { xn.Title = csrDetails.Title; // T; } if (!string.IsNullOrEmpty(csrDetails.SerialNumber /**/)) { xn.SerialNumber = csrDetails.SerialNumber; // SN; } if (!string.IsNullOrEmpty(csrDetails.UniqueIdentifier /**/)) { xn.UniqueIdentifier = csrDetails.UniqueIdentifier; // UID; } var xr = new X509Request(0, xn, rsaKeys); if (csrDetails.AlternativeNames.Count > 0) { OpenSSL.Core.Stack <X509Extension> extensions = new OpenSSL.Core.Stack <X509Extension>(); // Add the common name as the first alternate string altNames = "DNS:" + xn.Common; foreach (var name in csrDetails.AlternativeNames) { altNames += ", DNS:" + name; } extensions.Add(new X509Extension(xr, "subjectAltName", false, altNames)); xr.AddExtensions(extensions); } var md = MessageDigest.CreateByName(messageDigest); xr.Sign(rsaKeys, md); using (var bio = BIO.MemoryBuffer()) { xr.Write(bio); return(new Csr(bio.ReadString())); } }
/// <summary> /// Converts a certificate and private key to a PKCS#12 (.PFX) file. /// </summary> public static void ConvertToPfx(Stream keyPemSource, Stream crtPemSource, Stream isrPemSource, Stream pfxTarget) { using (BIO keyBio = BIO.MemoryBuffer(), crtBio = BIO.MemoryBuffer(), isrBio = BIO.MemoryBuffer()) { using (var ms = new MemoryStream()) { keyPemSource.CopyTo(ms); keyBio.Write(ms.ToArray()); } using (var ms = new MemoryStream()) { crtPemSource.CopyTo(ms); crtBio.Write(ms.ToArray()); } using (var ms = new MemoryStream()) { isrPemSource.CopyTo(ms); isrBio.Write(ms.ToArray()); } using (var key = CryptoKey.FromPrivateKey(keyBio, null)) { using (var crt = new X509Certificate(crtBio)) { using (var isr = new X509Certificate(isrBio)) { var isrStack = new OpenSSL.Core.Stack<X509Certificate>(); isrStack.Add(isr); using (var pfx = new PKCS12(null, key, crt, isrStack)) { using (var pfxBio = BIO.MemoryBuffer()) { pfx.Write(pfxBio); var arr = pfxBio.ReadBytes((int)pfxBio.BytesPending); pfxTarget.Write(arr.Array, arr.Offset, arr.Count); } } } } } } }
/// <summary> /// Writes the specified Certificate and Crypto key out to the file defined in the fileName parameter. This /// file is protected with the specified password. The password is optional. /// </summary> /// <param name="fileName">The file name and path of the pfx file to be created.</param> /// <param name="password">The password to be put on the pfx file if any.</param> /// <param name="cryptoKey">The CryptoKey containing the private key that belongs to the certificate parameter.</param> /// <param name="certificate">The certificate to write to file.</param> public static void WritePfxToFile(string fileName, string password, CryptoKey cryptoKey, X509Certificate certificate) { if (cryptoKey == null) { throw new ArgumentNullException("cryptoKey", "CryptoKey is null"); } if (certificate == null) { throw new ArgumentNullException("certificate", "certificate is null"); } using (var bio = FileHelpers.Write(fileName)) using (var caStack = new OpenSSL.Core.Stack<X509Certificate>()) using (var pfx = new PKCS12(password, cryptoKey, certificate, caStack)) { pfx.Write(bio); } }