public KeyStoreViewModel(SystemX509.StoreName storeName, SystemX509.StoreLocation storeLocation)
{
var storeBuilder = new Pkcs12StoreBuilder();
_store = storeBuilder.Build();
Name = String.Format("System KeyStore: [{0} : {1}]", storeLocation.ToString(), storeName.ToString());
Load(storeName, storeLocation);
}
/// <summary>
/// Loads the keystore from the <code>Repository.Instance.CertificatesKeyStore</code>
/// You shud call <code>Repository.Instance.OpenExistingCertificateAuthority</code>
/// before calling this.
/// </summary>
/// <param name="password">password for the keystore</param>
public KeyStoreViewModel(char[] password, String path)
{
if (!Repository.Instance.OpenExistingCertificateAuthority(path, password))
{
throw new Exception("Unable to open KeyStore. Invalid keystore directory");
}
Name = Path.GetFileName(path);
ReadOnlyKeyStore = false;
_password = password;
_listItems.Clear();
var storeBuilder = new Pkcs12StoreBuilder();
_store = storeBuilder.Build();
_x509CertViewModel = new X509CertViewModel((alias, cert, keypair) =>
{
AddEntry(alias, cert, keypair);
ShowCertificateGenerator = false;
});
Load();
}
/// <summary>
/// Static method used to create a certificate and return as a .net object
/// </summary>
public static X509Certificate2 Create(string name, DateTime start, DateTime end, string userPassword, bool addtoStore = false, string exportDirectory = null)
{
// generate a key pair using RSA
var generator = new RsaKeyPairGenerator();
// keys have to be a minimum of 2048 bits for Azure
generator.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 2048));
AsymmetricCipherKeyPair cerKp = generator.GenerateKeyPair();
// get a copy of the private key
AsymmetricKeyParameter privateKey = cerKp.Private;
// create the CN using the name passed in and create a unique serial number for the cert
var certName = new X509Name("CN=" + name);
BigInteger serialNo = BigInteger.ProbablePrime(120, new Random());
// start the generator and set CN/DN and serial number and valid period
var x509Generator = new X509V3CertificateGenerator();
x509Generator.SetSerialNumber(serialNo);
x509Generator.SetSubjectDN(certName);
x509Generator.SetIssuerDN(certName);
x509Generator.SetNotBefore(start);
x509Generator.SetNotAfter(end);
// add the server authentication key usage
var keyUsage = new KeyUsage(KeyUsage.KeyEncipherment);
x509Generator.AddExtension(X509Extensions.KeyUsage, false, keyUsage.ToAsn1Object());
var extendedKeyUsage = new ExtendedKeyUsage(new[] {KeyPurposeID.IdKPServerAuth});
x509Generator.AddExtension(X509Extensions.ExtendedKeyUsage, true, extendedKeyUsage.ToAsn1Object());
// algorithm can only be SHA1 ??
x509Generator.SetSignatureAlgorithm("sha1WithRSA");
// Set the key pair
x509Generator.SetPublicKey(cerKp.Public);
X509Certificate certificate = x509Generator.Generate(cerKp.Private);
// export the certificate bytes
byte[] certStream = DotNetUtilities.ToX509Certificate(certificate).Export(X509ContentType.Pkcs12, userPassword);
// build the key parameter and the certificate entry
var keyEntry = new AsymmetricKeyEntry(privateKey);
var entry = new X509CertificateEntry(certificate);
// build the PKCS#12 store to encapsulate the certificate
var builder = new Pkcs12StoreBuilder();
builder.SetUseDerEncoding(true);
builder.SetCertAlgorithm(PkcsObjectIdentifiers.Sha1WithRsaEncryption);
builder.SetKeyAlgorithm(PkcsObjectIdentifiers.Sha1WithRsaEncryption);
builder.Build();
// create a memorystream to hold the output
var stream = new MemoryStream(10000);
// create the individual store and set two entries for cert and key
var store = new Pkcs12Store();
store.SetCertificateEntry("Created by Fluent Management", entry);
store.SetKeyEntry("Created by Fluent Management", keyEntry, new[] { entry });
store.Save(stream, userPassword.ToCharArray(), new SecureRandom());
// Create the equivalent C# representation
var cert = new X509Certificate2(stream.GetBuffer(), userPassword, X509KeyStorageFlags.Exportable);
// set up the PEM writer too
if (exportDirectory != null)
{
var textWriter = new StringWriter();
var pemWriter = new PemWriter(textWriter);
pemWriter.WriteObject(cerKp.Private, "DESEDE", userPassword.ToCharArray(), new SecureRandom());
pemWriter.Writer.Flush();
string privateKeyPem = textWriter.ToString();
using (var writer = new StreamWriter(Path.Combine(exportDirectory, cert.Thumbprint + ".pem")))
{
writer.WriteLine(privateKeyPem);
}
// also export the certs - first the .pfx
byte[] privateKeyBytes = cert.Export(X509ContentType.Pfx, userPassword);
using (var writer = new FileStream(Path.Combine(exportDirectory, cert.Thumbprint + ".pfx"), FileMode.OpenOrCreate, FileAccess.Write))
{
writer.Write(privateKeyBytes, 0, privateKeyBytes.Length);
}
// also export the certs - then the .cer
byte[] publicKeyBytes = cert.Export(X509ContentType.Cert);
using (var writer = new FileStream(Path.Combine(exportDirectory, cert.Thumbprint + ".cer"), FileMode.OpenOrCreate, FileAccess.Write))
{
writer.Write(publicKeyBytes, 0, publicKeyBytes.Length);
}
}
// if specified then this add this certificate to the store
if (addtoStore)
AddToMyStore(cert);
return cert;
}
/// <summary>
/// Static method used to create a certificate and return as a .net object
/// </summary>
public static X509Certificate2 Create(string name, DateTime start, DateTime end, string userPassword,
bool addtoStore = false)
{
// generate a key pair using RSA
var generator = new RsaKeyPairGenerator();
// keys have to be a minimum of 2048 bits for Azure
generator.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 2048));
AsymmetricCipherKeyPair cerKp = generator.GenerateKeyPair();
// get a copy of the private key
AsymmetricKeyParameter privateKey = cerKp.Private;
// create the CN using the name passed in and create a unique serial number for the cert
var certName = new X509Name("CN=" + name);
BigInteger serialNo = BigInteger.ProbablePrime(120, new Random());
// start the generator and set CN/DN and serial number and valid period
var x509Generator = new X509V3CertificateGenerator();
x509Generator.SetSerialNumber(serialNo);
x509Generator.SetSubjectDN(certName);
x509Generator.SetIssuerDN(certName);
x509Generator.SetNotBefore(start);
x509Generator.SetNotAfter(end);
// add the server authentication key usage
var keyUsage = new KeyUsage(KeyUsage.KeyEncipherment);
x509Generator.AddExtension(X509Extensions.KeyUsage, false, keyUsage.ToAsn1Object());
var extendedKeyUsage = new ExtendedKeyUsage(new[] {KeyPurposeID.IdKPServerAuth});
x509Generator.AddExtension(X509Extensions.ExtendedKeyUsage, true, extendedKeyUsage.ToAsn1Object());
// algorithm can only be SHA1 ??
x509Generator.SetSignatureAlgorithm("sha1WithRSA");
// Set the key pair
x509Generator.SetPublicKey(cerKp.Public);
X509Certificate certificate = x509Generator.Generate(cerKp.Private);
// export the certificate bytes
byte[] certStream = DotNetUtilities.ToX509Certificate(certificate).Export(X509ContentType.Pkcs12,
userPassword);
// build the key parameter and the certificate entry
var keyEntry = new AsymmetricKeyEntry(privateKey);
var entry = new X509CertificateEntry(certificate);
// build the PKCS#12 store to encapsulate the certificate
var builder = new Pkcs12StoreBuilder();
builder.SetUseDerEncoding(true);
builder.SetCertAlgorithm(PkcsObjectIdentifiers.Sha1WithRsaEncryption);
builder.SetKeyAlgorithm(PkcsObjectIdentifiers.Sha1WithRsaEncryption);
builder.Build();
// create a memorystream to hold the output
var stream = new MemoryStream(2000);
// create the individual store and set two entries for cert and key
var store = new Pkcs12Store();
store.SetCertificateEntry("Elastacloud Test Certificate", entry);
store.SetKeyEntry("Elastacloud Test Certificate", keyEntry, new[] {entry});
store.Save(stream, userPassword.ToCharArray(), new SecureRandom());
// Create the equivalent C# representation
var cert = new X509Certificate2(stream.GetBuffer(), userPassword, X509KeyStorageFlags.Exportable);
// if specified then this add this certificate to the store
if (addtoStore)
AddToMyStore(cert);
return cert;
}
// throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, SignatureException, InvalidKeyException, UnrecoverableKeyException
private void keyStoreTest(
IAsymmetricKeyParameter sKey,
IAsymmetricKeyParameter vKey)
{
//
// keystore test
//
// KeyStore ks = KeyStore.GetInstance("JKS");
// ks.Load(null, null);
Pkcs12StoreBuilder ksBuilder = new Pkcs12StoreBuilder();
Pkcs12Store ks = ksBuilder.Build();
//
// create the certificate - version 3
//
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(new X509Name("CN=Test"));
certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
certGen.SetSubjectDN(new X509Name("CN=Test"));
certGen.SetPublicKey(vKey);
certGen.SetSignatureAlgorithm("GOST3411withGOST3410");
X509Certificate cert = certGen.Generate(sKey);
X509CertificateEntry certEntry = new X509CertificateEntry(cert);
// ks.SetKeyEntry("gost", sKey, "gost".ToCharArray(), new X509Certificate[] { cert });
ks.SetKeyEntry("gost", new AsymmetricKeyEntry(sKey), new X509CertificateEntry[] { certEntry });
MemoryStream bOut = new MemoryStream();
ks.Save(bOut, "gost".ToCharArray(), new SecureRandom());
// ks = KeyStore.getInstance("JKS");
ks = ksBuilder.Build();
ks.Load(new MemoryStream(bOut.ToArray(), false), "gost".ToCharArray());
// IAsymmetricKeyParameter gKey = (AsymmetricKeyParameter)ks.GetKey("gost", "gost".ToCharArray());
// AsymmetricKeyEntry gKeyEntry = (AsymmetricKeyEntry)
ks.GetKey("gost");
}
