コード例 #1
0
		/// <summary>
		/// Reset the Generator.
		/// </summary>
		public void Reset()
		{
			tbsGen = new V3TbsCertificateGenerator();
			extGenerator.Reset();
		}
コード例 #2
0
		public X509V3CertificateGenerator()
        {
            tbsGen = new V3TbsCertificateGenerator();
        }
コード例 #3
0
        private void TbsV3CertGenerate()
        {
            V3TbsCertificateGenerator gen = new V3TbsCertificateGenerator();
            DateTime startDate = new DateTime(1970, 1, 1, 0, 0, 1);
            DateTime endDate = new DateTime(1970, 1, 1, 0, 0, 2);

            gen.SetSerialNumber(new DerInteger(2));

            gen.SetStartDate(new Time(startDate));
            gen.SetEndDate(new Time(endDate));

            gen.SetIssuer(new X509Name("CN=AU,O=Bouncy Castle"));
            gen.SetSubject(new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"));

            gen.SetSignature(new AlgorithmIdentifier(PkcsObjectIdentifiers.MD5WithRsaEncryption, DerNull.Instance));

            SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
                new AlgorithmIdentifier(
                    OiwObjectIdentifiers.ElGamalAlgorithm,
                    new ElGamalParameter(BigInteger.One, BigInteger.Two)),
                new DerInteger(3));

            gen.SetSubjectPublicKeyInfo(info);

            //
            // add extensions
            //
            IList order = new ArrayList();
            IDictionary extensions = new Hashtable();

            order.Add(X509Extensions.AuthorityKeyIdentifier);
            order.Add(X509Extensions.SubjectKeyIdentifier);
            order.Add(X509Extensions.KeyUsage);

            extensions.Add(X509Extensions.AuthorityKeyIdentifier, new X509Extension(true, new DerOctetString(CreateAuthorityKeyId(info, new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"), 2))));
            extensions.Add(X509Extensions.SubjectKeyIdentifier, new X509Extension(true, new DerOctetString(new SubjectKeyIdentifier(info))));
            extensions.Add(X509Extensions.KeyUsage, new X509Extension(false, new DerOctetString(new KeyUsage(KeyUsage.DataEncipherment))));

            X509Extensions ex = new X509Extensions(order, extensions);

            gen.SetExtensions(ex);

            TbsCertificateStructure tbs = gen.GenerateTbsCertificate();

            if (!Arrays.AreEqual(tbs.GetEncoded(), v3Cert))
            {
                Fail("failed v3 cert generation");
            }

            //
            // read back test
            //
            Asn1Object o = Asn1Object.FromByteArray(v3Cert);

            if (!Arrays.AreEqual(o.GetEncoded(), v3Cert))
            {
                Fail("failed v3 cert read back test");
            }
        }
コード例 #4
0
        private void TbsV3CertGenWithNullSubject()
        {
            V3TbsCertificateGenerator gen = new V3TbsCertificateGenerator();
            DateTime startDate = new DateTime(1970, 1, 1, 0, 0, 1);
            DateTime endDate = new DateTime(1970, 1, 1, 0, 0, 2);

            gen.SetSerialNumber(new DerInteger(2));

            gen.SetStartDate(new Time(startDate));
            gen.SetEndDate(new Time(endDate));

            gen.SetIssuer(new X509Name("CN=AU,O=Bouncy Castle"));

            gen.SetSignature(new AlgorithmIdentifier(PkcsObjectIdentifiers.MD5WithRsaEncryption, DerNull.Instance));

            SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
                new AlgorithmIdentifier(OiwObjectIdentifiers.ElGamalAlgorithm,
                    new ElGamalParameter(BigInteger.One, BigInteger.Two)),
                new DerInteger(3));

            gen.SetSubjectPublicKeyInfo(info);

            try
            {
                gen.GenerateTbsCertificate();
                Fail("null subject not caught!");
            }
            catch (InvalidOperationException e)
            {
                if (!e.Message.Equals("not all mandatory fields set in V3 TBScertificate generator"))
                {
                    Fail("unexpected exception", e);
                }
            }

            //
            // add extensions
            //
            IList order = new ArrayList();
            IDictionary extensions = new Hashtable();

            order.Add(X509Extensions.SubjectAlternativeName);

            extensions.Add(
                X509Extensions.SubjectAlternativeName,
                new X509Extension(
                    true,
                    new DerOctetString(
                        new GeneralNames(
                            new GeneralName(
                                new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"))))));

            X509Extensions ex = new X509Extensions(order, extensions);

            gen.SetExtensions(ex);

            TbsCertificateStructure tbs = gen.GenerateTbsCertificate();

            if (!Arrays.AreEqual(tbs.GetEncoded(), v3CertNullSubject))
            {
                Fail("failed v3 null sub cert generation");
            }

            //
            // read back test
            //
            Asn1Object o = Asn1Object.FromByteArray(v3CertNullSubject);

            if (!Arrays.AreEqual(o.GetEncoded(), v3CertNullSubject))
            {
                Fail("failed v3 null sub cert read back test");
            }
        }
コード例 #5
0
        private string GenerateX509Cert(string publicKey, string x509Subject)
        {
            Asn1Sequence asn1Sequence = null;

            using (var reader = new StringReader(publicKey))
            {
                // Read the RSA public key from the input string.
                var pemReader = new PemReader(reader);
                var pemObject = pemReader.ReadPemObject();
                asn1Sequence = (Asn1Sequence)Asn1Object.FromByteArray(pemObject.Content);
            }

            // Generate a TBS certificate. We use placeholder-like values since
            // the consumer of this certificate should only use the subject
            // public key info.
            var tbsCertGen = new V3TbsCertificateGenerator();
            tbsCertGen.SetSerialNumber(new DerInteger(1));
            var signatureAlgId = new AlgorithmIdentifier(PkcsObjectIdentifiers.Sha1WithRsaEncryption, DerNull.Instance);
            tbsCertGen.SetSignature(signatureAlgId);
            tbsCertGen.SetIssuer(new X509Name("CN=Root Agency"));
            var dateTimeNow = DateTime.Now;
            tbsCertGen.SetStartDate(new Time(dateTimeNow.AddMinutes(-10)));
            tbsCertGen.SetEndDate(new Time(dateTimeNow.AddYears(1)));   // Openssh key doesn`t have any start/end date, this is to satisfy RDFE
            tbsCertGen.SetSubject(new X509Name(x509Subject));
            tbsCertGen.SetSubjectPublicKeyInfo(new SubjectPublicKeyInfo(new AlgorithmIdentifier(PkcsObjectIdentifiers.RsaEncryption, DerNull.Instance), asn1Sequence));
            var tbsCert = tbsCertGen.GenerateTbsCertificate();

            // Per RFC 3280, the layout of an X.509 v3 certificate looks like:
            // Certificate  ::=  SEQUENCE  {
            //     tbsCertificate       TBSCertificate,
            //     signatureAlgorithm   AlgorithmIdentifier,
            //     signatureValue       BIT STRING
            // }
            // Since we don't have access to the private key, we cannot create
            // a signature for the TBS. However, a valid certificate requires
            // a bit string for the signature value, so we use a 0-byte array
            // in its place.
            Asn1EncodableVector v = new Asn1EncodableVector();
            v.Add(tbsCert);
            v.Add(signatureAlgId);
            v.Add(new DerBitString(new byte[0]));
            var derSequence = new DerSequence(v);

            // Output the DER-encoded X509 certificate.
            var sb = new StringBuilder();
            using (var writer = new StringWriter(sb, CultureInfo.InvariantCulture))
            {
                var pemWriter = new PemWriter(writer);
                pemWriter.WriteObject(new PemObject("CERTIFICATE", derSequence.GetEncoded()));
            }

            return sb.ToString();
        }