public static Org.BouncyCastle.X509.X509Certificate CreateCert(String cn, AsymmetricKeyParameter pubKey, AsymmetricKeyParameter privKey) { Hashtable attrs = new Hashtable(); attrs.Add(X509Name.CN, cn); ArrayList ord = new ArrayList(attrs.Keys); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(new X509Name(ord, attrs)); certGen.SetNotBefore(DateTime.UtcNow.AddDays(-30)); certGen.SetNotAfter(DateTime.UtcNow.AddDays(30)); certGen.SetSubjectDN(new X509Name(ord, attrs)); certGen.SetPublicKey(pubKey); certGen.SetSignatureAlgorithm("SHA1WithRSAEncryption"); Org.BouncyCastle.X509.X509Certificate cert = certGen.Generate(privKey); cert.CheckValidity(DateTime.UtcNow); cert.Verify(pubKey); return(cert); }
private static MessageReport.Cert GetCertificateInfo(X509Certificate cert, DateTime signDate) { MessageReport.Cert c = new MessageReport.Cert(); c.isHardCertificate = isHardCertificatePolicyOidt(cert); c.issuer = cert.IssuerDN.ToString(); c.subject = cert.SubjectDN.ToString(); c.validFrom = cert.NotBefore.ToString("yyyy-MM-dd HH:mm:ss.ff"); c.validTo = cert.NotAfter.ToString("yyyy-MM-dd HH:mm:ss.ff"); try { cert.CheckValidity(signDate); c.statusDaySigning = "Έγκυρο κατά το χρόνο υπογραφής"; } catch (CertificateExpiredException e) { c.statusDaySigning = "Έίχε λήξει κατά το χρόνο υπογραφής."; } catch (CertificateNotYetValidException e) { c.statusDaySigning = "Δεν ήταν έγκυρο κατά το χρόνο υπογραφής"; } try { cert.CheckValidity(); c.statusToday = "Έγκυρο"; } catch (CertificateExpiredException e) { c.statusToday = "Έχει λήξει"; } catch (CertificateNotYetValidException e) { c.statusToday = "Μη έγκυρο"; } return(c); }
public void ShowCertificateInfo(X509Certificate cert, DateTime signDate) { Console.WriteLine("Issuer: " + cert.IssuerDN); Console.WriteLine("Subject: " + cert.SubjectDN); Console.WriteLine("Valid from: " + cert.NotBefore.ToString("yyyy-MM-dd HH:mm:ss.ff")); Console.WriteLine("Valid to: " + cert.NotAfter.ToString("yyyy-MM-dd HH:mm:ss.ff")); try { cert.CheckValidity(signDate); Console.WriteLine("The certificate was valid at the time of signing."); } catch (CertificateExpiredException e) { Console.WriteLine("The certificate was expired at the time of signing."); } catch (CertificateNotYetValidException e) { Console.WriteLine("The certificate wasn't valid yet at the time of signing."); } try { cert.CheckValidity(); Console.WriteLine("The certificate is still valid."); } catch (CertificateExpiredException e) { Console.WriteLine("The certificate has expired."); } catch (CertificateNotYetValidException e) { Console.WriteLine("The certificate isn't valid yet."); } }
/// <summary> /// Verifies that the certificate has not yet expired. /// </summary> /// <param name="certificate">The certificate to verify.</param> private static void VerifyDates(Org.BouncyCastle.X509.X509Certificate certificate) { try { certificate.CheckValidity(); } catch (CertificateExpiredException exception) { throw new MySqlException(Resources.SslConnectionError, exception); } catch (CertificateNotYetValidException exception) { throw new MySqlException(Resources.SslConnectionError, exception); } }
public ValidationError ValidationHandler1(XmlDocument xmlDoc, string xmlFileName) { ValidationError validationError = new ValidationError(xmlFileName, null); TimeStampToken token = XmlNodeHelper.GetTimeStampToken(xmlDoc); Org.BouncyCastle.X509.X509Certificate certificate = XmlNodeHelper.GetX509Certificate(xmlDoc); if (certificate == null) { return(validationError.AppendErrorMessage("Nepodarilo sa nájsť certifikát")); } if (token == null) { return(validationError.AppendErrorMessage("Nepodarilo sa nájsť token")); } // Check certificate validity against timestamp token time try { certificate.CheckValidity(token.TimeStampInfo.GenTime); } catch (Exception ex) { return(validationError.AppendErrorMessage("Platnosť podpisového certifikátu neodpovedá času z časovej pečiatky. ErrorMessage ->" + ex.Message)); } // Check certificate validity against crl X509CrlEntry entry = CrlHelper.GetRevokedCertificateEntry(certificate.SerialNumber); if (entry == null) { return(validationError); } if (entry.RevocationDate < token.TimeStampInfo.GenTime) { return(validationError.AppendErrorMessage("Platnosť certifikátu vypršala")); } return(validationError); }
private static void CheckCertificateValidity(X509Certificate cert) { cert.CheckValidity(); var caCert = (X509Certificate)RootCertificates.GetRootCertGOST(); var gst = new Gost3410DigestSigner(new ECGost3410Signer(), new Gost3411_2012_256Digest()); gst.Init(false, caCert.GetPublicKey()); var tbsCertificate = cert.GetTbsCertificate(); gst.BlockUpdate(tbsCertificate, 0, tbsCertificate.Length); var t = gst.VerifySignature(cert.GetSignature()); if (!t) { throw new CryptographicException("Cannot verify signature"); } }
/** * Checks the validity of the certificate, and calls the next * verifier in the chain, if any. * @param signCert the certificate that needs to be checked * @param issuerCert its issuer * @param signDate the date the certificate needs to be valid * @return a list of <code>VerificationOK</code> objects. * The list will be empty if the certificate couldn't be verified. * @throws GeneralSecurityException * @throws IOException */ virtual public List<VerificationOK> Verify(X509Certificate signCert, X509Certificate issuerCert, DateTime signDate) { // Check if the certificate is valid on the signDate //if (signDate != null) signCert.CheckValidity(signDate); // Check if the signature is valid if (issuerCert != null) { signCert.Verify(issuerCert.GetPublicKey()); } // Also in case, the certificate is self-signed else { signCert.Verify(signCert.GetPublicKey()); } List<VerificationOK> result = new List<VerificationOK>(); if (verifier != null) result.AddRange(verifier.Verify(signCert, issuerCert, signDate)); return result; }
/** * verify that the given certificate successfully handles and confirms * the signature associated with this signer and, if a signingTime * attribute is available, that the certificate was valid at the time the * signature was generated. */ public bool Verify( X509Certificate cert) { Asn1.Cms.Time signingTime = GetSigningTime(); if (signingTime != null) { cert.CheckValidity(signingTime.Date); } return DoVerify(cert.GetPublicKey()); }
/** * Validate the time stamp token. * <p> * To be valid the token must be signed by the passed in certificate and * the certificate must be the one referred to by the SigningCertificate * attribute included in the hashed attributes of the token. The * certificate must also have the ExtendedKeyUsageExtension with only * KeyPurposeID.IdKPTimeStamping and have been valid at the time the * timestamp was created. * </p> * <p> * A successful call to validate means all the above are true. * </p> */ public void Validate( X509Certificate cert) { try { byte[] hash = DigestUtilities.CalculateDigest( certID.GetHashAlgorithm(), cert.GetEncoded()); if (!Arrays.ConstantTimeAreEqual(certID.GetCertHash(), hash)) { throw new TspValidationException("certificate hash does not match certID hash."); } if (certID.IssuerSerial != null) { if (!certID.IssuerSerial.Serial.Value.Equals(cert.SerialNumber)) { throw new TspValidationException("certificate serial number does not match certID for signature."); } GeneralName[] names = certID.IssuerSerial.Issuer.GetNames(); X509Name principal = PrincipalUtilities.GetIssuerX509Principal(cert); bool found = false; for (int i = 0; i != names.Length; i++) { if (names[i].TagNo == 4 && X509Name.GetInstance(names[i].Name).Equivalent(principal)) { found = true; break; } } if (!found) { throw new TspValidationException("certificate name does not match certID for signature. "); } } TspUtil.ValidateCertificate(cert); cert.CheckValidity(tstInfo.GenTime); if (!tsaSignerInfo.Verify(cert)) { throw new TspValidationException("signature not created by certificate."); } } catch (CmsException e) { if (e.InnerException != null) { throw new TspException(e.Message, e.InnerException); } throw new TspException("CMS exception: " + e, e); } catch (CertificateEncodingException e) { throw new TspException("problem processing certificate: " + e, e); } catch (SecurityUtilityException e) { throw new TspException("cannot find algorithm: " + e.Message, e); } }
private void EnsureCertificateValidity(X509Certificate certificate) { certificate.CheckValidity(DateTime.UtcNow); certificate.Verify(_authorityKeyPair.Public); }
/// <summary> /// Checks the certificate in this same date and time. /// </summary> /// <returns> /// <c>true</c>, if is valid now, <c>false</c> otherwise. /// </returns> /// <param name='BCCert'> /// BouncyCastle cert to check. /// </param> private static bool CertIsValidNow(X509Certificate BCCert) { try { BCCert.CheckValidity(); return BCCert.IsValidNow; }catch(CertificateExpiredException ce){ SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation: Certificate has expired"); }catch(CertificateNotYetValidException cex){ SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation: Certificate is not yet valid"); } return false; }
/** * verify that the given certificate successfully handles and confirms * the signature associated with this signer and, if a signingTime * attribute is available, that the certificate was valid at the time the * signature was generated. */ public bool Verify( X509Certificate cert) { Asn1.Cms.AttributeTable attr = this.SignedAttributes; if (attr != null) { Asn1EncodableVector v = attr.GetAll(CmsAttributes.SigningTime); switch (v.Count) { case 0: break; case 1: { Asn1.Cms.Attribute t = (Asn1.Cms.Attribute) v[0]; Debug.Assert(t != null); Asn1Set attrValues = t.AttrValues; if (attrValues.Count != 1) throw new CmsException("A signing-time attribute MUST have a single attribute value"); Asn1.Cms.Time time = Asn1.Cms.Time.GetInstance(attrValues[0].ToAsn1Object()); cert.CheckValidity(time.Date); break; } default: throw new CmsException("The SignedAttributes in a signerInfo MUST NOT include multiple instances of the signing-time attribute"); } } return DoVerify(cert.GetPublicKey(), attr); }
static void Main(string[] args) { char[] passwd = "123456".ToCharArray(); //pfx密码 IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("RSA"); RsaKeyGenerationParameters genPar = new RsaKeyGenerationParameters( BigInteger.ValueOf(0x10001), new SecureRandom(), 2048, 25); keyGen.Init(genPar); AsymmetricCipherKeyPair keypair = keyGen.GenerateKeyPair(); RsaKeyParameters pubKey = (RsaKeyParameters)keypair.Public; //CA公钥 RsaKeyParameters priKey = (RsaKeyParameters)keypair.Private; //CA私钥 Hashtable attrs = new Hashtable(); ArrayList order = new ArrayList(); attrs.Add(X509Name.C, "CN"); //country code //attrs.Add(X509Name.ST, "Guangdong province"); //province name //attrs.Add(X509Name.L, "Guangzhou city"); //locality name attrs.Add(X509Name.O, "South China Normal University"); //organization attrs.Add(X509Name.OU, "South China Normal University"); //organizational unit name attrs.Add(X509Name.CN, "CAcert"); //common name attrs.Add(X509Name.E, "*****@*****.**"); order.Add(X509Name.C); //order.Add(X509Name.ST); //order.Add(X509Name.L); order.Add(X509Name.O); order.Add(X509Name.OU); order.Add(X509Name.CN); order.Add(X509Name.E); X509Name issuerDN = new X509Name(order, attrs); X509Name subjectDN = issuerDN; //自签证书,两者一样 X509V1CertificateGenerator v1certGen = new X509V1CertificateGenerator(); v1certGen.SetSerialNumber(new BigInteger(128, new Random())); //128位 v1certGen.SetIssuerDN(issuerDN); v1certGen.SetNotBefore(DateTime.UtcNow.AddDays(-1)); v1certGen.SetNotAfter(DateTime.UtcNow.AddDays(365)); v1certGen.SetSubjectDN(subjectDN); v1certGen.SetPublicKey(pubKey); //公钥 v1certGen.SetSignatureAlgorithm("SHA1WithRSAEncryption"); Org.BouncyCastle.X509.X509Certificate CAcert = v1certGen.Generate(priKey); CAcert.CheckValidity(); CAcert.Verify(pubKey); //属性包 /* * Hashtable bagAttr = new Hashtable(); * bagAttr.Add(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id, * new DerBmpString("CA's Primary Certificate")); * bagAttr.Add(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id, * new SubjectKeyIdentifierStructure(pubKey)); * * X509CertificateEntry certEntry = new X509CertificateEntry(CAcert,bagAttr); */ X509CertificateEntry certEntry = new X509CertificateEntry(CAcert); Pkcs12Store store = new Pkcs12StoreBuilder().Build(); store.SetCertificateEntry("CA's Primary Certificate", certEntry); //设置证书 X509CertificateEntry[] chain = new X509CertificateEntry[1]; chain[0] = certEntry; store.SetKeyEntry("CA's Primary Certificate", new AsymmetricKeyEntry(priKey), chain); //设置私钥 FileStream fout = File.Create("CA.pfx"); store.Save(fout, passwd, new SecureRandom()); //保存 fout.Close(); }
/// <summary> /// Enroll certificate file base on request /// </summary> /// <param name="csr"></param> /// <param name="rootCert"></param> /// <param name="issuerKeyPair"></param> /// <param name="startDate"></param> /// <param name="endDate"></param> /// <returns></returns> private Org.BouncyCastle.X509.X509Certificate GenerateSignedCertificate( Pkcs10CertificationRequest csr, Org.BouncyCastle.X509.X509Certificate rootCert, AsymmetricCipherKeyPair issuerKeyPair, DateTime startDate, DateTime endDate) { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); //List<ExtensionsItem> extensions = null; certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(rootCert.SubjectDN); certGen.SetNotBefore(startDate); certGen.SetNotAfter(endDate); CertificationRequestInfo info = csr.GetCertificationRequestInfo(); certGen.SetSubjectDN(info.Subject); certGen.SetPublicKey(csr.GetPublicKey()); var sigAlg = csr.Signature; var sigAlg1 = csr.SignatureAlgorithm; certGen.SetSignatureAlgorithm("SHA1WithRSAEncryption"); // Add certificate extensions Asn1Set attributes = csr.GetCertificationRequestInfo().Attributes; if (attributes != null) { for (int i = 0; i != attributes.Count; i++) { AttributePkcs attr = AttributePkcs.GetInstance(attributes[i]); if (attr.AttrType.Equals(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest)) { X509Extensions extensions1 = X509Extensions.GetInstance(attr.AttrValues[0]); foreach (DerObjectIdentifier oid in extensions1.ExtensionOids) { Org.BouncyCastle.Asn1.X509.X509Extension ext = extensions1.GetExtension(oid); // !!! NOT working !!! //certGen.AddExtension(oid, ext.IsCritical, ext.Value); //OK certGen.AddExtension(oid, ext.IsCritical, ext.Value, true); } } } } Org.BouncyCastle.X509.X509Certificate issuedCert = null; try { issuedCert = certGen.Generate(issuerKeyPair.Private); tbOutputMessageBox.Text += "Certificate file sucessfully generated." + "\n"; } catch (Exception ex) { Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "Error, generate certificate file." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n"; tbOutputMessageBox.Foreground = bckForeground; } try { tbOutputMessageBox.Text += "Check if generated certificate file is valid, plase wait ..." + "\n"; issuedCert.CheckValidity(DateTime.UtcNow); tbOutputMessageBox.Text += "Generate certificate file is valid." + "\n"; } catch (Exception ex) { Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "Error, generated certificate file is INVALID." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n"; tbOutputMessageBox.Foreground = bckForeground; } try { tbOutputMessageBox.Text += "Verify generated certificate file, plase wait ..." + "\n"; issuedCert.Verify(issuerKeyPair.Public); tbOutputMessageBox.Text += "Generate certificate file verification is OK." + "\n"; } catch (Exception ex) { Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "Error, generated certificate file verification is INVALID." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n"; tbOutputMessageBox.Foreground = bckForeground; } return(issuedCert); }
private static MessageReport.Cert GetCertificateInfo(X509Certificate cert, DateTime signDate) { MessageReport.Cert c = new MessageReport.Cert(); c.isHardCertificate = isHardCertificatePolicyOidt(cert); c.issuer = cert.IssuerDN.ToString(); c.subject = cert.SubjectDN.ToString(); c.validFrom = cert.NotBefore.ToString("yyyy-MM-dd HH:mm:ss.ff"); c.validTo = cert.NotAfter.ToString("yyyy-MM-dd HH:mm:ss.ff"); try { cert.CheckValidity(signDate); c.statusDaySigning = "Έγκυρο κατά το χρόνο υπογραφής"; } catch (CertificateExpiredException e) { c.statusDaySigning = "Έίχε λήξει κατά το χρόνο υπογραφής."; } catch (CertificateNotYetValidException e) { c.statusDaySigning = "Δεν ήταν έγκυρο κατά το χρόνο υπογραφής"; } try { cert.CheckValidity(); c.statusToday = "Έγκυρο"; } catch (CertificateExpiredException e) { c.statusToday = "Έχει λήξει"; } catch (CertificateNotYetValidException e) { c.statusToday = "Μη έγκυρο"; } return c; }
/// <summary> /// Generate certificate request and private key file /// </summary> /// <param name="random"></param> /// <param name="subjectKeyPair"></param> /// <param name="subjectSerialNumber"></param> /// <param name="commonName"></param> /// <param name="issuerKeyPair"></param> /// <param name="issuerSerialNumber"></param> /// <param name="isCertificateAuthority"></param> /// <param name="usages"></param> /// <param name="signatureAlgorithm"></param> /// <param name="countryCode"></param> /// <param name="stateOrProvinceName"></param> /// <param name="localityName"></param> /// <param name="organization"></param> /// <param name="startDateTime"></param> /// <param name="endDateTime"></param> /// <param name="outputPrivateKeyName"></param> /// <param name="outputPublicKeyName"></param> /// <param name="outputSignedKeyName"></param> /// <param name="password"></param> private async void GenerateCertificate(SecureRandom random, AsymmetricCipherKeyPair subjectKeyPair, BigInteger subjectSerialNumber, string commonName, AsymmetricCipherKeyPair issuerKeyPair, BigInteger issuerSerialNumber, bool isCertificateAuthority, KeyPurposeID[] usages, string signatureAlgorithm, string countryCode, string stateOrProvinceName, string localityName, string organization, DateTime startDateTime, DateTime endDateTime, string outputPrivateKeyName, string outputPublicKeyName, string outputSignedKeyName, string password, string certFriendlyName ) { X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); certificateGenerator.SetSerialNumber(subjectSerialNumber); certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); IDictionary attrs = new Hashtable(); attrs[X509Name.CN] = commonName; attrs[X509Name.C] = countryCode; attrs[X509Name.ST] = stateOrProvinceName; attrs[X509Name.L] = localityName; attrs[X509Name.O] = organization; IList ord = new ArrayList(); ord.Add(X509Name.CN); ord.Add(X509Name.C); ord.Add(X509Name.ST); ord.Add(X509Name.L); ord.Add(X509Name.O); X509Name issuerDN = new X509Name(ord, attrs); certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetNotBefore((DateTime)startDateTime); certificateGenerator.SetNotAfter((DateTime)endDateTime); certificateGenerator.SetSubjectDN(new X509Name(ord, attrs)); // The subject's public key goes in the certificate. certificateGenerator.SetPublicKey(subjectKeyPair.Public); AddAuthorityKeyIdentifier(certificateGenerator, issuerDN, issuerKeyPair, issuerSerialNumber); AddSubjectKeyIdentifier(certificateGenerator, subjectKeyPair); bool isCritical = true; if (!isCertificateAuthority) { isCritical = false; } certificateGenerator.AddExtension( X509Extensions.BasicConstraints.Id, isCritical, new BasicConstraints(isCertificateAuthority)); if (usages != null && usages.Any()) { AddExtendedKeyUsage(certificateGenerator, usages); } Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(subjectKeyPair.Private); int errorNum = 0; try { certificate.CheckValidity(startDateTime); } catch (Exception ex) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "Generate certificate Check validity period error: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n"; tbOutputMessageBox.Foreground = bckForeground; var metroWindow = (Application.Current.MainWindow as MetroWindow); await metroWindow.ShowMessageAsync("ERROR", "Generate certificate Check validity period error: " + ex.GetHashCode().ToString() + " " + ex.Message, MessageDialogStyle.Affirmative); } try { certificate.Verify(subjectKeyPair.Public); } catch (Exception ex) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "Generate certificate Verification error: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n"; tbOutputMessageBox.Foreground = bckForeground; var metroWindow = (Application.Current.MainWindow as MetroWindow); await metroWindow.ShowMessageAsync("ERROR", "Generate certificate Verification error: " + ex.GetHashCode().ToString() + " " + ex.Message, MessageDialogStyle.Affirmative); } if (errorNum > 0) { return; } #region Save Public Key try { File.WriteAllBytes(System.IO.Path.ChangeExtension(outputPublicKeyName, ".cer"), certificate.GetEncoded()); } catch (Exception ex) { Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "ERROR to save generated public key to file: " + System.IO.Path.ChangeExtension(outputPublicKeyName, ".cer") + "\n" + ex.GetHashCode().ToString() + " " + ex.Message + "\n"; tbOutputMessageBox.Foreground = bckForeground; var metroWindow = (Application.Current.MainWindow as MetroWindow); await metroWindow.ShowMessageAsync("ERROR", "ERROR to save generated public key to file: " + System.IO.Path.ChangeExtension(outputPublicKeyName, ".cer") + "\n" + ex.GetHashCode().ToString() + " " + ex.Message, MessageDialogStyle.Affirmative); return; } #endregion #region Private Key StringBuilder privateKeyStrBuilder = new StringBuilder(); PemWriter privateKeyPemWriter = new PemWriter(new StringWriter(privateKeyStrBuilder)); privateKeyPemWriter.WriteObject(subjectKeyPair.Private); privateKeyPemWriter.Writer.Flush(); string privateKey = privateKeyStrBuilder.ToString(); try { using (TextWriter tw = new StreamWriter(outputPrivateKeyName)) { PemWriter pw = new PemWriter(tw); pw.WriteObject(subjectKeyPair.Private); tw.Flush(); } tbOutputMessageBox.Text += "File with private key: " + outputPrivateKeyName + " sucessfully generated." + "\n"; } catch (Exception ex) { Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "ERROR to save file with private key: " + outputPrivateKeyName + "\n"; tbOutputMessageBox.Foreground = bckForeground; var metroWindow = (Application.Current.MainWindow as MetroWindow); await metroWindow.ShowMessageAsync("Info Warning", "ERROR creating certificate private key file (.key)" + "\n" + "Error: " + ex.Source + " " + ex.Message, MessageDialogStyle.Affirmative); return; } #endregion Private Key #region Public Key //try //{ // var store = new Pkcs12Store(); // string friendlyName = certificate.SubjectDN.ToString(); // var certificateEntry = new X509CertificateEntry(certificate); // store.SetCertificateEntry(friendlyName, certificateEntry); // store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(subjectKeyPair.Private), new[] { certificateEntry }); // var stream = new MemoryStream(); // store.Save(stream, "password".ToCharArray(), random); // //Verify that the certificate is valid. // var convertedCertificate = new X509Certificate2(stream.ToArray(), "password", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); // //Write the file. // File.WriteAllBytes(outputPublicKeyName, stream.ToArray()); // File.WriteAllBytes(System.IO.Path.ChangeExtension(outputPublicKeyName, ".cer"), certificate.GetEncoded()); // //using (TextWriter tw = new StreamWriter(outputPublicKeyName)) // //{ // // PemWriter pw = new PemWriter(tw); // // pw.WriteObject(subjectKeyPair.Public); // // tw.Flush(); // //} // tbOutputMessageBox.Text += "File with private key: " + outputPublicKeyName + " sucessfully generated." + "\n"; //} //catch (Exception ex) //{ // var metroWindow = (Application.Current.MainWindow as MetroWindow); // await metroWindow.ShowMessageAsync("Info Warning", // "ERROR creating certificate private key file (.key)" + "\n" + // "Error: " + ex.Source + " " + ex.Message, // MessageDialogStyle.Affirmative); // return; //} //StringBuilder publicKeyStrBuilder = new StringBuilder(); //PemWriter publicKeyPemWriter = new PemWriter(new StringWriter(publicKeyStrBuilder)); //publicKeyPemWriter.WriteObject(subjectKeyPair.Private); //publicKeyPemWriter.Writer.Flush(); //string publicKey = publicKeyStrBuilder.ToString(); //try //{ // using (TextWriter tw = new StreamWriter(outputPublicKeyName)) // { // PemWriter pw = new PemWriter(tw); // pw.WriteObject(subjectKeyPair.Public); // tw.Flush(); // } // tbOutputMessageBox.Text += "File with public key: " + outputPublicKeyName + " sucessfully generated." + "\n"; //} //catch (Exception ex) //{ // var metroWindow = (Application.Current.MainWindow as MetroWindow); // await metroWindow.ShowMessageAsync("Info Warning", // "ERROR creating certificate private key file (.cer)" + "\n" + // "Error: " + ex.Source + " " + ex.Message, // MessageDialogStyle.Affirmative); // return; //} #endregion Public Key #region signed cert file try { X509Certificate2 convCert = ConvertCertificate(certificate, subjectKeyPair, random, pbPassword.Password, certFriendlyName); bool isHasPrivateKey = convCert.HasPrivateKey; // This doesn't work for selfsign certificate //bool isOK = convCert.Verify(); errorNum = 0; if (!isHasPrivateKey) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "Error, generated certificate DOES NOT have a private key!!!" + "\n"; tbOutputMessageBox.Foreground = bckForeground; } // This doesn't work for selfsign certificate //if (!isOK) //{ // errorNum++; // Brush bckForeground = tbOutputMessageBox.Foreground; // tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); // tbOutputMessageBox.Text += "Error, generated certificate NOT valid!!!" + "\n"; // tbOutputMessageBox.Foreground = bckForeground; //} if (errorNum > 0) { return; } // This password is the one attached to the PFX file. Use 'null' for no password. var bytes = convCert.Export(X509ContentType.Pfx, password); File.WriteAllBytes(outputSignedKeyName, bytes); tbOutputMessageBox.Text += "Certificate file with private key: " + outputSignedKeyName + " sucessfully generated." + "\n"; CARootFileNamePath = outputSignedKeyName; CARootPubKeyFileNamePath = outputPublicKeyName; if (cbIsCACert.SelectedIndex == 0) // root CA certificate { btnContinue.IsEnabled = true; } } catch (Exception ex) { Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "ERROR creating certificate file with private key (.pfx)" + "\n" + "Error: " + ex.Source + " " + ex.Message + "\n"; tbOutputMessageBox.Foreground = bckForeground; var metroWindow = (Application.Current.MainWindow as MetroWindow); await metroWindow.ShowMessageAsync("Info Warning", "ERROR creating certificate file with private key (.pfx)" + "\n" + "Error: " + ex.Source + " " + ex.Message, MessageDialogStyle.Affirmative); return; } #endregion }
/// <summary> /// Enroll certificate file base on request /// </summary> /// <param name="cerRequest"></param> /// <param name="rootCert"></param> /// <param name="issuerKeyPair"></param> /// <param name="startDate"></param> /// <param name="endDate"></param> /// <returns></returns> private Org.BouncyCastle.X509.X509Certificate GenerateSignedCertificate( Pkcs10CertificationRequest cerRequest, Org.BouncyCastle.X509.X509Certificate rootCert, AsymmetricCipherKeyPair issuerKeyPair, DateTime startDate, DateTime endDate) { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(rootCert.SubjectDN); certGen.SetNotBefore(startDate); certGen.SetNotAfter(endDate); CertificationRequestInfo info = cerRequest.GetCertificationRequestInfo(); certGen.SetSubjectDN(info.Subject); certGen.SetPublicKey(cerRequest.GetPublicKey()); AlgorithmIdentifier sigAlg = cerRequest.SignatureAlgorithm; string algName = GetAlgorithmName(sigAlg.Algorithm.Id); certGen.SetSignatureAlgorithm(algName); // Add certificate extensions Asn1Set attributes = cerRequest.GetCertificationRequestInfo().Attributes; if (attributes != null) { for (int i = 0; i != attributes.Count; i++) { AttributePkcs attr = AttributePkcs.GetInstance(attributes[i]); if (attr.AttrType.Equals(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest)) { X509Extensions extensions1 = X509Extensions.GetInstance(attr.AttrValues[0]); foreach (DerObjectIdentifier oid in extensions1.ExtensionOids) { Org.BouncyCastle.Asn1.X509.X509Extension ext = extensions1.GetExtension(oid); certGen.AddExtension(oid, ext.IsCritical, ext.GetParsedValue()); } } } } Org.BouncyCastle.X509.X509Certificate issuedCert = null; try { issuedCert = certGen.Generate(issuerKeyPair.Private); tbOutputMessageBox.Text += "Certificate file sucessfully generated." + "\n"; Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Certificate file sucessfully generated." + "\n", Foreground = System.Windows.Media.Brushes.Green }); })); } catch (Exception ex) { Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Error, generate certificate file." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n", Foreground = System.Windows.Media.Brushes.Red }); })); } try { Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Check if generated certificate file is valid, plase wait ..." + "\n", Foreground = System.Windows.Media.Brushes.Black }); })); issuedCert.CheckValidity(DateTime.UtcNow); Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Generate certificate file is valid." + "\n", Foreground = System.Windows.Media.Brushes.Black }); })); } catch (Exception ex) { Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Error, generated certificate file is INVALID." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n", Foreground = System.Windows.Media.Brushes.Red }); })); } try { tbOutputMessageBox.Inlines.Add(new Run { Text = "Verify generated certificate file, plase wait ..." + "\n", Foreground = System.Windows.Media.Brushes.Black }); issuedCert.Verify(issuerKeyPair.Public); Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Generate certificate file verification is OK." + "\n", Foreground = System.Windows.Media.Brushes.Green }); })); } catch (Exception ex) { Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Error, generated certificate file verification is INVALID." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n", Foreground = System.Windows.Media.Brushes.Red }); })); } return(issuedCert); }
/// <summary> /// Read CA private key file from .key or pfx file /// Read data from certificate request file .csr /// Generate signed certificate request file .cer /// </summary> /// <param name="signedCERFile"></param> /// <param name="privateKeyFile"></param> /// <param name="v"></param> /// <param name="password"></param> private async void GenerateCerFile(string certRequestFile, string privateKeyFile, string generateSignedCertificateFile, string password, DateTime requestStartDate, DateTime requestEndDate) { int errorNum = 0; issueCertificate.IsEnabled = false; progressring.Visibility = Visibility.Visible; await System.Threading.Tasks.TaskEx.Delay(1000); tbOutputMessageBox.Text = ""; #region LoadCertificate X509Certificate2 issuerCertificate = null; try { await System.Threading.Tasks.TaskEx.Delay(1000); issuerCertificate = new X509Certificate2( privateKeyFile, password, X509KeyStorageFlags.Exportable ); } // Exceptions: // T:System.Security.Cryptography.CryptographicException: // An error with the certificate occurs. For example:The certificate file does not // exist.The certificate is invalid.The certificate's password is incorrect. catch (System.Security.Cryptography.CryptographicException ex) { errorNum++; progressring.Visibility = Visibility.Hidden; issueCertificate.IsEnabled = true; Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Cryptographic ERROR=" + ex.Message + "\n", Foreground = System.Windows.Media.Brushes.Red }); })); return; } catch (Exception ex) { errorNum++; progressring.Visibility = Visibility.Hidden; issueCertificate.IsEnabled = true; Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "General ERROR=" + ex.Message + "\n", Foreground = System.Windows.Media.Brushes.Red }); })); return; } // This doesn't work for selfsign certificate //bool isOK = issuerCertificate.Verify(); bool isHasPrivateKey = issuerCertificate.HasPrivateKey; DateTime noAfter = issuerCertificate.NotAfter; DateTime noBefore = issuerCertificate.NotBefore; X509ExtensionCollection x509extensions = issuerCertificate.Extensions; await System.Threading.Tasks.TaskEx.Delay(1000); X509CertificateParser parser = new X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate bouncyCertificate = parser.ReadCertificate(issuerCertificate.RawData); BasicConstraints basicConstraints = null; bool isCa = false; Asn1OctetString str = bouncyCertificate.GetExtensionValue(new DerObjectIdentifier("2.5.29.19")); // Basic Constraints -> DerObjectIdentifier BasicConstraints = new DerObjectIdentifier("2.5.29.19"); if (str != null) { basicConstraints = BasicConstraints.GetInstance(X509ExtensionUtilities.FromExtensionValue(str)); if (basicConstraints != null) { isCa = basicConstraints.IsCA(); } } if (!isCa) { errorNum++; Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Loaded CA file: " + privateKeyFile + " IS NOT CA authority certificate file!" + "\n", Foreground = System.Windows.Media.Brushes.Red }); })); } // This doesn't work for selfsign certificate //if (!isOK) //{ // errorNum++; // Brush bckForeground = tbOutputMessageBox.Foreground; // tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); // tbOutputMessageBox.Text += "File with CA certificate NOT valid." + "\n"; // tbOutputMessageBox.Foreground = bckForeground; //} if (!isHasPrivateKey) { errorNum++; Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "File with CA certificate DOES NOT have a private key." + "\n", Foreground = System.Windows.Media.Brushes.Red }); })); } if (noBefore > requestStartDate) { errorNum++; Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "File with CA certificate start date: " + requestStartDate.ToLocalTime() + " DOES NOT valid value. Certificate start date is: " + noBefore.ToLocalTime() + "\n", Foreground = System.Windows.Media.Brushes.Red }); })); } if (noAfter < requestEndDate) { errorNum++; Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "File with CA certificate end date: " + requestEndDate.ToLocalTime() + " DOES NOT valid value. Certificate end date is: " + noAfter.ToLocalTime() + "\n", Foreground = System.Windows.Media.Brushes.Red }); })); } if (errorNum > 0) { Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "File with CA certificate has error!!!" + "\n", Foreground = System.Windows.Media.Brushes.Red }); })); progressring.Visibility = Visibility.Hidden; issueCertificate.IsEnabled = true; return; } try { await System.Threading.Tasks.TaskEx.Delay(1000); bool isOk = issuerCertificate.Verify(); } catch (Exception ex) { progressring.Visibility = Visibility.Hidden; issueCertificate.IsEnabled = true; Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Error Issuer certificate file: " + issuerCertificate + " Verification error: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n", Foreground = System.Windows.Media.Brushes.Red }); })); return; } Org.BouncyCastle.X509.X509Certificate issuerCertificateX509 = new X509CertificateParser().ReadCertificate(issuerCertificate.GetRawCertData()); try { await System.Threading.Tasks.TaskEx.Delay(1000); bool isOK = VerifyCertChain(issuerCertificate); } catch (Exception ex) { progressring.Visibility = Visibility.Hidden; issueCertificate.IsEnabled = true; Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Error Issuer certificate file: " + issuerCertificate + " public key error: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n", Foreground = System.Windows.Media.Brushes.Red }); })); return; } Org.BouncyCastle.X509.X509Certificate x509IssuerCert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(issuerCertificate); try { await System.Threading.Tasks.TaskEx.Delay(1000); x509IssuerCert.CheckValidity(requestStartDate); await System.Threading.Tasks.TaskEx.Delay(1000); x509IssuerCert.CheckValidity(requestEndDate); } catch (Exception ex) { progressring.Visibility = Visibility.Hidden; issueCertificate.IsEnabled = true; Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Error Issuer certificate file: " + issuerCertificate + " X509 certificate error: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n", Foreground = System.Windows.Media.Brushes.Red }); })); return; } #endregion // Read certificate request .csr file Pkcs10CertificationRequest cerRequest = null; try { await System.Threading.Tasks.TaskEx.Delay(1000); String input_data = File.ReadAllText(certRequestFile); StringReader sr = new StringReader(input_data); PemReader pr = new PemReader(sr); cerRequest = (Pkcs10CertificationRequest)pr.ReadObject(); Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Verify file with certificate request : " + certRequestFile + "\n", Foreground = System.Windows.Media.Brushes.Black }); })); try { await System.Threading.Tasks.TaskEx.Delay(1000); bool requestIsOK = cerRequest.Verify(); if (requestIsOK) { Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "File with certificate request : " + certRequestFile + " is OK." + "\n", Foreground = System.Windows.Media.Brushes.Black }); })); } else { progressring.Visibility = Visibility.Hidden; issueCertificate.IsEnabled = true; Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "File with certificate request : " + certRequestFile + " NOT valid." + "\n", Foreground = System.Windows.Media.Brushes.Red }); })); return; } } catch (Exception ex) { progressring.Visibility = Visibility.Hidden; issueCertificate.IsEnabled = true; Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Error certificate request file: " + cerRequest + " Verify error: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n", Foreground = System.Windows.Media.Brushes.Red }); })); return; } } catch (Exception ex) { progressring.Visibility = Visibility.Hidden; issueCertificate.IsEnabled = true; var metroWindow = (Application.Current.MainWindow as MetroWindow); await metroWindow.ShowMessageAsync("Info Warning", "ERROR reading certificate request file (.csr)" + "\n" + "Error: " + ex.Source + " " + ex.Message, MessageDialogStyle.Affirmative); return; } await System.Threading.Tasks.TaskEx.Delay(1000); AsymmetricCipherKeyPair issuerKeyPair = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey); await System.Threading.Tasks.TaskEx.Delay(1000); Org.BouncyCastle.X509.X509Certificate genCert = GenerateSignedCertificate( cerRequest, x509IssuerCert, issuerKeyPair, requestStartDate, requestEndDate); try { await System.Threading.Tasks.TaskEx.Delay(1000); File.WriteAllBytes(System.IO.Path.ChangeExtension(generateSignedCertificateFile, ".cer"), genCert.GetEncoded()); Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Certificate file: " + generateSignedCertificateFile + " sucessfully saved." + "\n", Foreground = System.Windows.Media.Brushes.Green }); })); btnContinue.IsEnabled = true; } catch (Exception) { Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Certificate file sucessfully generated." + "\n", Foreground = System.Windows.Media.Brushes.Green }); })); } CertData.cerPublicFilePath = tbPathGenerateCer.Text + "\\" + tbCertFileName.Text + ".cer"; progressring.Visibility = Visibility.Hidden; issueCertificate.IsEnabled = true; }
public static void ShowCertificateInfo(X509Certificate cert, DateTime signDate) { Console.WriteLine("Issuer: " + cert.IssuerDN); Console.WriteLine("Subject: " + cert.SubjectDN); Console.WriteLine("Valido dede: " + cert.NotBefore.ToString("yyyy-MM-dd HH:mm:ss.ff")); Console.WriteLine("Valido hasta: " + cert.NotAfter.ToString("yyyy-MM-dd HH:mm:ss.ff")); try { cert.CheckValidity(signDate); Console.WriteLine("El certificado era valido al momento de la firma."); } catch (CertificateExpiredException e) { Console.WriteLine("El certificado estaba expirado al momento de la firma. " + e.ToString()); } catch (CertificateNotYetValidException e) { Console.WriteLine("El certificado no era válido aún al momento de la firma. " + e.ToString()); } try { cert.CheckValidity(); Console.WriteLine("El certificado sigue siendo válido."); } catch (CertificateExpiredException e) { Console.WriteLine("El certificado ha expirado. " + e.ToString()); } catch (CertificateNotYetValidException e) { Console.WriteLine("El certificado no es válido aún. " + e.ToString()); } }
/** * verify that the given certificate succesfully handles and confirms * the signature associated with this signer and, if a signingTime * attribute is available, that the certificate was valid at the time the * signature was generated. */ public bool Verify( X509Certificate cert) { Asn1.Cms.AttributeTable attr = this.SignedAttributes; if (attr != null) { Asn1.Cms.Attribute t = attr[CmsAttributes.SigningTime]; if (t != null) { Asn1.Cms.Time time = Asn1.Cms.Time.GetInstance( t.AttrValues[0].ToAsn1Object()); cert.CheckValidity(time.Date); } } return DoVerify(cert.GetPublicKey(), attr); }
/// <summary> /// Read CA private key file from .key or pfx file /// Read data from certificate request file .csr /// Generate signed certificate request file .cer /// </summary> /// <param name="signedCERFile"></param> /// <param name="privateKeyFile"></param> /// <param name="v"></param> /// <param name="password"></param> private async void GenerateCerFile(string certRequestFile, string privateKeyFile, string generateSignedCertificateFile, string password, string friendlyName, DateTime startDate, DateTime endDate) { #region LoadCertificate // read public & private key from file AsymmetricKeyParameter privateKey = null; AsymmetricKeyParameter publicKey = null; System.Security.Cryptography.X509Certificates.X509Certificate2 issuerCertificate = null; Org.BouncyCastle.X509.X509Certificate issuerCertificateX509 = null; // Ovo NE radi //issuerCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2( // privateKeyFile, // password // ); // Ovo RADI issuerCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2( privateKeyFile, password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable ); // This doesn't work for selfsign certificate //bool isOK = issuerCertificate.Verify(); bool isHasPrivateKey = issuerCertificate.HasPrivateKey; DateTime noAfter = issuerCertificate.NotAfter; DateTime noBefore = issuerCertificate.NotBefore; X509ExtensionCollection x509extensions = issuerCertificate.Extensions; int errorNum = 0; X509CertificateParser parser = new X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate bouncyCertificate = parser.ReadCertificate(issuerCertificate.RawData); BasicConstraints basicConstraints = null; bool isCa = false; Asn1OctetString str = bouncyCertificate.GetExtensionValue(new DerObjectIdentifier("2.5.29.19")); if (str != null) { basicConstraints = BasicConstraints.GetInstance( X509ExtensionUtilities.FromExtensionValue(str)); if (basicConstraints != null) { isCa = basicConstraints.IsCA(); } } if (!isCa) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "Loaded CA file: " + privateKeyFile + " IS NOT CA authority certificate file!" + "\n"; tbOutputMessageBox.Foreground = bckForeground; } // This doesn't work for selfsign certificate //if (!isOK) //{ // errorNum++; // Brush bckForeground = tbOutputMessageBox.Foreground; // tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); // tbOutputMessageBox.Text += "File with CA certificate NOT valid." + "\n"; // tbOutputMessageBox.Foreground = bckForeground; //} if (!isHasPrivateKey) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "File with CA certificate DOES NOT have a private key." + "\n"; tbOutputMessageBox.Foreground = bckForeground; } if (noBefore > startDate) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "File with CA certificate start date: " + startDate.ToLocalTime() + " DOES NOT valid value. Certificate start date is: " + noBefore.ToLocalTime() + "\n"; tbOutputMessageBox.Foreground = bckForeground; } if (noAfter < endDate) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "File with CA certificate end date: " + endDate.ToLocalTime() + " DOES NOT valid value. Certificate end date is: " + noAfter.ToLocalTime() + "\n"; tbOutputMessageBox.Foreground = bckForeground; } if (errorNum > 0) { Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "File with CA certificate has error!!!" + "\n"; tbOutputMessageBox.Foreground = bckForeground; return; } bool isOk = issuerCertificate.Verify(); AsymmetricCipherKeyPair issuerKeyPairTmp = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey); privateKey = issuerKeyPairTmp.Private; publicKey = issuerKeyPairTmp.Public; issuerCertificateX509 = new Org.BouncyCastle.X509.X509CertificateParser().ReadCertificate(issuerCertificate.GetRawCertData()); issuerCertificateX509.Verify(publicKey); Org.BouncyCastle.X509.X509Certificate x509 = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(issuerCertificate); x509.Verify(publicKey); x509.CheckValidity(startDate); #endregion // Read certificate request .csr file Pkcs10CertificationRequest cerRequest = null; try { String input_data = File.ReadAllText(certRequestFile); StringReader sr = new StringReader(input_data); PemReader pr = new PemReader(sr); cerRequest = (Pkcs10CertificationRequest)pr.ReadObject(); tbOutputMessageBox.Text += "Verify file with certificate request : " + certRequestFile + "\n"; bool requestIsOK = cerRequest.Verify(); if (requestIsOK) { tbOutputMessageBox.Text += "File with certificate request : " + certRequestFile + " is OK." + "\n"; } else { tbOutputMessageBox.Text += "File with certificate request : " + certRequestFile + " NOT valid." + "\n"; return; } } catch (Exception ex) { var metroWindow = (Application.Current.MainWindow as MetroWindow); await metroWindow.ShowMessageAsync("Info Warning", "ERROR reading certificate request file (.csr)" + "\n" + "Error: " + ex.Source + " " + ex.Message, MessageDialogStyle.Affirmative); return; } Org.BouncyCastle.X509.X509Certificate genCert = GenerateSignedCertificate( cerRequest, x509, issuerKeyPairTmp, startDate, endDate); try { File.WriteAllBytes(System.IO.Path.ChangeExtension(generateSignedCertificateFile, ".cer"), genCert.GetEncoded()); tbOutputMessageBox.Text += "Certificate file: " + generateSignedCertificateFile + " sucessfully saved." + "\n"; signedRequestFileNamePath = generateSignedCertificateFile; btnContinue.IsEnabled = true; } catch (Exception) { tbOutputMessageBox.Text += "Certificate file sucessfully generated." + "\n"; } #region Public Key //try //{ // var store = new Pkcs12Store(); // string friendlyName1 = issuerCertificateX509.SubjectDN.ToString(); // var certificateEntry = new X509CertificateEntry(issuerCertificateX509); // store.SetCertificateEntry(friendlyName1, certificateEntry); // store.SetKeyEntry(friendlyName1, new AsymmetricKeyEntry(privateKey), new[] { certificateEntry }); // var stream = new MemoryStream(); // var random1 = GetSecureRandom(); // store.Save(stream, "password".ToCharArray(), random1); // //Verify that the certificate is valid. // var convertedCertificate = new X509Certificate2(stream.ToArray(), "password", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); // //Write the file. // File.WriteAllBytes(generateSignedCertificateFile, stream.ToArray()); // File.WriteAllBytes(System.IO.Path.ChangeExtension(generateSignedCertificateFile, ".cer"), genCert.GetEncoded()); // //using (TextWriter tw = new StreamWriter(outputPublicKeyName)) // //{ // // PemWriter pw = new PemWriter(tw); // // pw.WriteObject(subjectKeyPair.Public); // // tw.Flush(); // //} // tbOutputMessageBox.Text += "File with private key: " + generateSignedCertificateFile + " sucessfully generated." + "\n"; //} //catch (Exception ex) //{ // var metroWindow = (Application.Current.MainWindow as MetroWindow); // await metroWindow.ShowMessageAsync("Info Warning", // "ERROR creating certificate private key file (.key)" + "\n" + // "Error: " + ex.Source + " " + ex.Message, // MessageDialogStyle.Affirmative); // return; //} //StringBuilder publicKeyStrBuilder = new StringBuilder(); //PemWriter publicKeyPemWriter = new PemWriter(new StringWriter(publicKeyStrBuilder)); //publicKeyPemWriter.WriteObject(genCert.GetPublicKey()); //publicKeyPemWriter.Writer.Flush(); //string publicKey = publicKeyStrBuilder.ToString(); //try //{ // using (TextWriter tw = new StreamWriter(generateSignedCertificateFile)) // { // PemWriter pw = new PemWriter(tw); // pw.WriteObject(genCert.GetPublicKey()); // tw.Flush(); // } // tbOutputMessageBox.Text += "File with private key: " + generateSignedCertificateFile + " sucessfully generated." + "\n"; //} //catch (Exception ex) //{ // var metroWindow = (Application.Current.MainWindow as MetroWindow); // await metroWindow.ShowMessageAsync("Info Warning", // "ERROR creating certificate private key file (.key)" + "\n" + // "Error: " + ex.Source + " " + ex.Message, // MessageDialogStyle.Affirmative); // return; //} #endregion Public Key }