/// <summary> /// Verify the signature of a self signed certificate. /// </summary> public static bool VerifySelfSigned(X509Certificate2 cert) { try { Org.BouncyCastle.X509.X509Certificate bcCert = new Org.BouncyCastle.X509.X509CertificateParser().ReadCertificate(cert.RawData); bcCert.Verify(bcCert.GetPublicKey()); } catch { return(false); } return(true); }
private static bool Verify(X509Certificate2 certificate, AsymmetricKeyParameter publicKey) { try { var bcCertificate = new X509CertificateParser().ReadCertificate(certificate.RawData); bcCertificate.Verify(publicKey); return true; } catch (InvalidKeyException) { //ignore on purpose } catch (CertificateException) { //ignore on purpose } catch (SignatureException) { //ignore on purpose } return false; }
private void doTestForgedSignature() { string cert = "MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV" + "BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD" + "VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU4NTVa" + "Fw0wNjEwMTEyMzU4NTVaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs" + "YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy" + "IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD" + "hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u" + "12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAbynCRIlUQgaqyNgU" + "DF6P14yRKUtX8akOP2TwStaSiVf/akYqfLFm3UGka5XbPj4rifrZ0/sOoZEEBvHQ" + "e20sRA=="; X509Certificate x509 = new X509CertificateParser().ReadCertificate(Base64.Decode(cert)); try { x509.Verify(x509.GetPublicKey()); Fail("forged RSA signature passed"); } catch (Exception) { // expected } }
/** * we Generate a self signed certificate for the sake of testing - DSA */ internal void checkCreation2() { // // set up the keys // AsymmetricKeyParameter privKey; AsymmetricKeyParameter pubKey; try { // KeyPairGenerator g = KeyPairGenerator.GetInstance("DSA", "SUN"); // g.initialize(512, new SecureRandom()); // KeyPair p = g.generateKeyPair(); IAsymmetricCipherKeyPairGenerator g = GeneratorUtilities.GetKeyPairGenerator("DSA"); DsaParametersGenerator dpg = new DsaParametersGenerator(); dpg.Init(512, 25, new SecureRandom()); g.Init(new DsaKeyGenerationParameters(new SecureRandom(), dpg.GenerateParameters())); AsymmetricCipherKeyPair p = g.GenerateKeyPair(); privKey = p.Private; pubKey = p.Public; } catch (Exception e) { Fail("error setting up keys - " + e.ToString()); return; } // // distinguished name table. // IList ord = new ArrayList(); ord.Add(X509Name.C); ord.Add(X509Name.O); ord.Add(X509Name.L); ord.Add(X509Name.ST); ord.Add(X509Name.E); IList values = new ArrayList(); values.Add("AU"); values.Add("The Legion of the Bouncy Castle"); values.Add("Melbourne"); values.Add("Victoria"); values.Add("*****@*****.**"); // // extensions // // // create the certificate - version 3 // X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(new X509Name(ord, values)); certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50)); certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50)); certGen.SetSubjectDN(new X509Name(ord, values)); certGen.SetPublicKey(pubKey); certGen.SetSignatureAlgorithm("SHA1withDSA"); try { X509Certificate cert = certGen.Generate(privKey); cert.CheckValidity(DateTime.UtcNow); cert.Verify(pubKey); cert = new X509CertificateParser().ReadCertificate(cert.GetEncoded()); // Console.WriteLine(cert); } catch (Exception e) { Fail("error setting generating cert - " + e.ToString()); } // // create the certificate - version 1 // X509V1CertificateGenerator certGen1 = new X509V1CertificateGenerator(); certGen1.SetSerialNumber(BigInteger.One); certGen1.SetIssuerDN(new X509Name(ord, values)); certGen1.SetNotBefore(DateTime.UtcNow.AddSeconds(-50)); certGen1.SetNotAfter(DateTime.UtcNow.AddSeconds(50)); certGen1.SetSubjectDN(new X509Name(ord, values)); certGen1.SetPublicKey(pubKey); certGen1.SetSignatureAlgorithm("SHA1withDSA"); try { X509Certificate cert = certGen1.Generate(privKey); cert.CheckValidity(DateTime.UtcNow); cert.Verify(pubKey); cert = new X509CertificateParser().ReadCertificate(cert.GetEncoded()); //Console.WriteLine(cert); } catch (Exception e) { Fail("error setting generating cert - " + e.ToString()); } // // exception test // try { certGen.SetPublicKey(dudPublicKey); Fail("key without encoding not detected in v1"); } catch (ArgumentException) { // expected } }
/** * we Generate a self signed certificate for the sake of testing - RSA */ internal void checkCreation1() { // // a sample key pair. // RsaKeyParameters pubKey = new RsaKeyParameters( false, new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), new BigInteger("11", 16)); RsaPrivateCrtKeyParameters privKey = new RsaPrivateCrtKeyParameters( new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), new BigInteger("11", 16), new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16), new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16), new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16), new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16), new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16), new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16)); // // set up the keys // // AsymmetricKeyParameter privKey; // AsymmetricKeyParameter pubKey; // KeyFactory fact = KeyFactory.GetInstance("RSA"); // // privKey = fact.generatePrivate(privKeySpec); // pubKey = fact.generatePublic(pubKeySpec); // // distinguished name table. // IList ord = new ArrayList(); ord.Add(X509Name.C); ord.Add(X509Name.O); ord.Add(X509Name.L); ord.Add(X509Name.ST); ord.Add(X509Name.E); IList values = new ArrayList(); values.Add("AU"); values.Add("The Legion of the Bouncy Castle"); values.Add("Melbourne"); values.Add("Victoria"); values.Add("*****@*****.**"); // // extensions // // // create the certificate - version 3 - without extensions // X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(new X509Name(ord, values)); certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50)); certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50)); certGen.SetSubjectDN(new X509Name(ord, values)); certGen.SetPublicKey(pubKey); certGen.SetSignatureAlgorithm("SHA256WithRSAEncryption"); X509Certificate cert = certGen.Generate(privKey); cert.CheckValidity(DateTime.UtcNow); cert.Verify(pubKey); ISet dummySet = cert.GetNonCriticalExtensionOids(); if (dummySet != null) { Fail("non-critical oid set should be null"); } dummySet = cert.GetCriticalExtensionOids(); if (dummySet != null) { Fail("critical oid set should be null"); } // // create the certificate - version 3 - with extensions // certGen = new X509V3CertificateGenerator(); certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(new X509Name(ord, values)); certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50)); certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50)); certGen.SetSubjectDN(new X509Name(ord, values)); certGen.SetPublicKey(pubKey); certGen.SetSignatureAlgorithm("MD5WithRSAEncryption"); certGen.AddExtension("2.5.29.15", true, new X509KeyUsage(X509KeyUsage.EncipherOnly)); certGen.AddExtension("2.5.29.37", true, new DerSequence(KeyPurposeID.AnyExtendedKeyUsage)); certGen.AddExtension("2.5.29.17", true, new GeneralNames(new GeneralName(GeneralName.Rfc822Name, "*****@*****.**"))); cert = certGen.Generate(privKey); cert.CheckValidity(DateTime.UtcNow); cert.Verify(pubKey); cert = new X509CertificateParser().ReadCertificate(cert.GetEncoded()); if (!cert.GetKeyUsage()[7]) { Fail("error generating cert - key usage wrong."); } IList l = cert.GetExtendedKeyUsage(); if (!l[0].Equals(KeyPurposeID.AnyExtendedKeyUsage.Id)) { Fail("failed extended key usage test"); } foreach (IList gn in cert.GetSubjectAlternativeNames()) { if (!gn[1].Equals("*****@*****.**")) { Fail("failed subject alternative names test"); } } // Console.WriteLine(cert); // // create the certificate - version 1 // X509V1CertificateGenerator certGen1 = new X509V1CertificateGenerator(); certGen1.SetSerialNumber(BigInteger.One); certGen1.SetIssuerDN(new X509Name(ord, values)); certGen1.SetNotBefore(DateTime.UtcNow.AddSeconds(-50)); certGen1.SetNotAfter(DateTime.UtcNow.AddSeconds(50)); certGen1.SetSubjectDN(new X509Name(ord, values)); certGen1.SetPublicKey(pubKey); certGen1.SetSignatureAlgorithm("MD5WithRSAEncryption"); cert = certGen1.Generate(privKey); cert.CheckValidity(DateTime.UtcNow); cert.Verify(pubKey); cert = new X509CertificateParser().ReadCertificate(cert.GetEncoded()); // Console.WriteLine(cert); if (!cert.IssuerDN.Equivalent(cert.SubjectDN)) { Fail("name comparison fails"); } }
internal void checkSelfSignedCertificate( int id, byte[] bytes) { string dump = ""; try { X509Certificate cert = new X509CertificateParser().ReadCertificate(bytes); AsymmetricKeyParameter k = cert.GetPublicKey(); cert.Verify(k); // Console.WriteLine(cert); } catch (Exception e) { Fail(dump + SimpleTest.NewLine + Name + ": "+ id + " failed - exception " + e.Message, e); } }
static bool IsSelfSigned(X509Certificate2 certificate) { try { var bcCertificate = new X509CertificateParser().ReadCertificate(certificate.RawData); bcCertificate.Verify(bcCertificate.GetPublicKey()); return true; } catch (InvalidKeyException) { } catch (CertificateException) { } catch (SignatureException) { } return false; }
static void CheckValidityOfResponse(CertID id, BasicOcspResp responseObject, Ca ca) { var inputStream = new MemoryStream(responseObject.GetEncoded()); var asn1Sequence = (Asn1Sequence)new Asn1InputStream(inputStream).ReadObject(); var response = BasicOcspResponse.GetInstance(asn1Sequence); var ocspChain = CreateOcspCertificateChain(ca); if(ocspChain.Length == 0) { throw new OcspException("OCSP certificate chain is invalid"); } var ocesOcspCertificate = OcesCertificateFactory.Instance.Generate(CompleteOcspChain(response, ocspChain)); CheckBasicOcspResp(id, responseObject, ocesOcspCertificate, ca); var signingCertificate = new X509CertificateParser().ReadCertificate(response.Certs[0].GetEncoded()); var issuingCertificate = new X509CertificateParser().ReadCertificate(ocspChain[0].GetRawCertData()); signingCertificate.Verify(issuingCertificate.GetPublicKey()); if (!responseObject.Verify(signingCertificate.GetPublicKey())) { throw new OcspException("Signature is invalid"); } }
/// <summary> /// Read CA private key file from .key or pfx file /// Read data from certificate request file .csr /// Generate signed certificate request file .cer /// </summary> /// <param name="signedCERFile"></param> /// <param name="privateKeyFile"></param> /// <param name="v"></param> /// <param name="password"></param> private async void GenerateCerFile(string certRequestFile, string privateKeyFile, string generateSignedCertificateFile, string password, string friendlyName, DateTime startDate, DateTime endDate) { #region LoadCertificate // read public & private key from file AsymmetricKeyParameter privateKey = null; AsymmetricKeyParameter publicKey = null; System.Security.Cryptography.X509Certificates.X509Certificate2 issuerCertificate = null; Org.BouncyCastle.X509.X509Certificate issuerCertificateX509 = null; // Ovo NE radi //issuerCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2( // privateKeyFile, // password // ); // Ovo RADI issuerCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2( privateKeyFile, password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable ); // This doesn't work for selfsign certificate //bool isOK = issuerCertificate.Verify(); bool isHasPrivateKey = issuerCertificate.HasPrivateKey; DateTime noAfter = issuerCertificate.NotAfter; DateTime noBefore = issuerCertificate.NotBefore; X509ExtensionCollection x509extensions = issuerCertificate.Extensions; int errorNum = 0; X509CertificateParser parser = new X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate bouncyCertificate = parser.ReadCertificate(issuerCertificate.RawData); BasicConstraints basicConstraints = null; bool isCa = false; Asn1OctetString str = bouncyCertificate.GetExtensionValue(new DerObjectIdentifier("2.5.29.19")); if (str != null) { basicConstraints = BasicConstraints.GetInstance( X509ExtensionUtilities.FromExtensionValue(str)); if (basicConstraints != null) { isCa = basicConstraints.IsCA(); } } if (!isCa) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "Loaded CA file: " + privateKeyFile + " IS NOT CA authority certificate file!" + "\n"; tbOutputMessageBox.Foreground = bckForeground; } // This doesn't work for selfsign certificate //if (!isOK) //{ // errorNum++; // Brush bckForeground = tbOutputMessageBox.Foreground; // tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); // tbOutputMessageBox.Text += "File with CA certificate NOT valid." + "\n"; // tbOutputMessageBox.Foreground = bckForeground; //} if (!isHasPrivateKey) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "File with CA certificate DOES NOT have a private key." + "\n"; tbOutputMessageBox.Foreground = bckForeground; } if (noBefore > startDate) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "File with CA certificate start date: " + startDate.ToLocalTime() + " DOES NOT valid value. Certificate start date is: " + noBefore.ToLocalTime() + "\n"; tbOutputMessageBox.Foreground = bckForeground; } if (noAfter < endDate) { errorNum++; Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "File with CA certificate end date: " + endDate.ToLocalTime() + " DOES NOT valid value. Certificate end date is: " + noAfter.ToLocalTime() + "\n"; tbOutputMessageBox.Foreground = bckForeground; } if (errorNum > 0) { Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "File with CA certificate has error!!!" + "\n"; tbOutputMessageBox.Foreground = bckForeground; return; } bool isOk = issuerCertificate.Verify(); AsymmetricCipherKeyPair issuerKeyPairTmp = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey); privateKey = issuerKeyPairTmp.Private; publicKey = issuerKeyPairTmp.Public; issuerCertificateX509 = new Org.BouncyCastle.X509.X509CertificateParser().ReadCertificate(issuerCertificate.GetRawCertData()); issuerCertificateX509.Verify(publicKey); Org.BouncyCastle.X509.X509Certificate x509 = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(issuerCertificate); x509.Verify(publicKey); x509.CheckValidity(startDate); #endregion // Read certificate request .csr file Pkcs10CertificationRequest cerRequest = null; try { String input_data = File.ReadAllText(certRequestFile); StringReader sr = new StringReader(input_data); PemReader pr = new PemReader(sr); cerRequest = (Pkcs10CertificationRequest)pr.ReadObject(); tbOutputMessageBox.Text += "Verify file with certificate request : " + certRequestFile + "\n"; bool requestIsOK = cerRequest.Verify(); if (requestIsOK) { tbOutputMessageBox.Text += "File with certificate request : " + certRequestFile + " is OK." + "\n"; } else { tbOutputMessageBox.Text += "File with certificate request : " + certRequestFile + " NOT valid." + "\n"; return; } } catch (Exception ex) { var metroWindow = (Application.Current.MainWindow as MetroWindow); await metroWindow.ShowMessageAsync("Info Warning", "ERROR reading certificate request file (.csr)" + "\n" + "Error: " + ex.Source + " " + ex.Message, MessageDialogStyle.Affirmative); return; } Org.BouncyCastle.X509.X509Certificate genCert = GenerateSignedCertificate( cerRequest, x509, issuerKeyPairTmp, startDate, endDate); try { File.WriteAllBytes(System.IO.Path.ChangeExtension(generateSignedCertificateFile, ".cer"), genCert.GetEncoded()); tbOutputMessageBox.Text += "Certificate file: " + generateSignedCertificateFile + " sucessfully saved." + "\n"; signedRequestFileNamePath = generateSignedCertificateFile; btnContinue.IsEnabled = true; } catch (Exception) { tbOutputMessageBox.Text += "Certificate file sucessfully generated." + "\n"; } #region Public Key //try //{ // var store = new Pkcs12Store(); // string friendlyName1 = issuerCertificateX509.SubjectDN.ToString(); // var certificateEntry = new X509CertificateEntry(issuerCertificateX509); // store.SetCertificateEntry(friendlyName1, certificateEntry); // store.SetKeyEntry(friendlyName1, new AsymmetricKeyEntry(privateKey), new[] { certificateEntry }); // var stream = new MemoryStream(); // var random1 = GetSecureRandom(); // store.Save(stream, "password".ToCharArray(), random1); // //Verify that the certificate is valid. // var convertedCertificate = new X509Certificate2(stream.ToArray(), "password", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); // //Write the file. // File.WriteAllBytes(generateSignedCertificateFile, stream.ToArray()); // File.WriteAllBytes(System.IO.Path.ChangeExtension(generateSignedCertificateFile, ".cer"), genCert.GetEncoded()); // //using (TextWriter tw = new StreamWriter(outputPublicKeyName)) // //{ // // PemWriter pw = new PemWriter(tw); // // pw.WriteObject(subjectKeyPair.Public); // // tw.Flush(); // //} // tbOutputMessageBox.Text += "File with private key: " + generateSignedCertificateFile + " sucessfully generated." + "\n"; //} //catch (Exception ex) //{ // var metroWindow = (Application.Current.MainWindow as MetroWindow); // await metroWindow.ShowMessageAsync("Info Warning", // "ERROR creating certificate private key file (.key)" + "\n" + // "Error: " + ex.Source + " " + ex.Message, // MessageDialogStyle.Affirmative); // return; //} //StringBuilder publicKeyStrBuilder = new StringBuilder(); //PemWriter publicKeyPemWriter = new PemWriter(new StringWriter(publicKeyStrBuilder)); //publicKeyPemWriter.WriteObject(genCert.GetPublicKey()); //publicKeyPemWriter.Writer.Flush(); //string publicKey = publicKeyStrBuilder.ToString(); //try //{ // using (TextWriter tw = new StreamWriter(generateSignedCertificateFile)) // { // PemWriter pw = new PemWriter(tw); // pw.WriteObject(genCert.GetPublicKey()); // tw.Flush(); // } // tbOutputMessageBox.Text += "File with private key: " + generateSignedCertificateFile + " sucessfully generated." + "\n"; //} //catch (Exception ex) //{ // var metroWindow = (Application.Current.MainWindow as MetroWindow); // await metroWindow.ShowMessageAsync("Info Warning", // "ERROR creating certificate private key file (.key)" + "\n" + // "Error: " + ex.Source + " " + ex.Message, // MessageDialogStyle.Affirmative); // return; //} #endregion Public Key }