public static X509Certificate GenerateRootCert(
AsymmetricCipherKeyPair pair)
{
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(new X509Name("CN=Test CA Certificate"));
certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
certGen.SetSubjectDN(new X509Name("CN=Test CA Certificate"));
certGen.SetPublicKey(pair.Public);
certGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
return certGen.Generate(pair.Private);
}
/**
* we Generate a self signed certificate for the sake of testing - DSA
*/
internal void checkCreation2()
{
//
// set up the keys
//
AsymmetricKeyParameter privKey;
AsymmetricKeyParameter pubKey;
try
{
// KeyPairGenerator g = KeyPairGenerator.GetInstance("DSA", "SUN");
// g.initialize(512, new SecureRandom());
// KeyPair p = g.generateKeyPair();
IAsymmetricCipherKeyPairGenerator g = GeneratorUtilities.GetKeyPairGenerator("DSA");
DsaParametersGenerator dpg = new DsaParametersGenerator();
dpg.Init(512, 25, new SecureRandom());
g.Init(new DsaKeyGenerationParameters(new SecureRandom(), dpg.GenerateParameters()));
AsymmetricCipherKeyPair p = g.GenerateKeyPair();
privKey = p.Private;
pubKey = p.Public;
}
catch (Exception e)
{
Fail("error setting up keys - " + e.ToString());
return;
}
//
// distinguished name table.
//
IList ord = new ArrayList();
ord.Add(X509Name.C);
ord.Add(X509Name.O);
ord.Add(X509Name.L);
ord.Add(X509Name.ST);
ord.Add(X509Name.E);
IList values = new ArrayList();
values.Add("AU");
values.Add("The Legion of the Bouncy Castle");
values.Add("Melbourne");
values.Add("Victoria");
values.Add("*****@*****.**");
//
// extensions
//
//
// create the certificate - version 3
//
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(new X509Name(ord, values));
certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
certGen.SetSubjectDN(new X509Name(ord, values));
certGen.SetPublicKey(pubKey);
certGen.SetSignatureAlgorithm("SHA1withDSA");
try
{
X509Certificate cert = certGen.Generate(privKey);
cert.CheckValidity(DateTime.UtcNow);
cert.Verify(pubKey);
cert = new X509CertificateParser().ReadCertificate(cert.GetEncoded());
// Console.WriteLine(cert);
}
catch (Exception e)
{
Fail("error setting generating cert - " + e.ToString());
}
//
// create the certificate - version 1
//
X509V1CertificateGenerator certGen1 = new X509V1CertificateGenerator();
certGen1.SetSerialNumber(BigInteger.One);
certGen1.SetIssuerDN(new X509Name(ord, values));
certGen1.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
certGen1.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
certGen1.SetSubjectDN(new X509Name(ord, values));
certGen1.SetPublicKey(pubKey);
certGen1.SetSignatureAlgorithm("SHA1withDSA");
try
{
X509Certificate cert = certGen1.Generate(privKey);
cert.CheckValidity(DateTime.UtcNow);
cert.Verify(pubKey);
cert = new X509CertificateParser().ReadCertificate(cert.GetEncoded());
//Console.WriteLine(cert);
}
catch (Exception e)
{
Fail("error setting generating cert - " + e.ToString());
}
//
// exception test
//
try
{
certGen.SetPublicKey(dudPublicKey);
Fail("key without encoding not detected in v1");
}
catch (ArgumentException)
{
// expected
}
}
/**
* we Generate a self signed certificate for the sake of testing - RSA
*/
internal void checkCreation1()
{
//
// a sample key pair.
//
RsaKeyParameters pubKey = new RsaKeyParameters(
false,
new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
new BigInteger("11", 16));
RsaPrivateCrtKeyParameters privKey = new RsaPrivateCrtKeyParameters(
new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
new BigInteger("11", 16),
new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
//
// set up the keys
//
// AsymmetricKeyParameter privKey;
// AsymmetricKeyParameter pubKey;
// KeyFactory fact = KeyFactory.GetInstance("RSA");
//
// privKey = fact.generatePrivate(privKeySpec);
// pubKey = fact.generatePublic(pubKeySpec);
//
// distinguished name table.
//
IList ord = new ArrayList();
ord.Add(X509Name.C);
ord.Add(X509Name.O);
ord.Add(X509Name.L);
ord.Add(X509Name.ST);
ord.Add(X509Name.E);
IList values = new ArrayList();
values.Add("AU");
values.Add("The Legion of the Bouncy Castle");
values.Add("Melbourne");
values.Add("Victoria");
values.Add("*****@*****.**");
//
// extensions
//
//
// create the certificate - version 3 - without extensions
//
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(new X509Name(ord, values));
certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
certGen.SetSubjectDN(new X509Name(ord, values));
certGen.SetPublicKey(pubKey);
certGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
X509Certificate cert = certGen.Generate(privKey);
cert.CheckValidity(DateTime.UtcNow);
cert.Verify(pubKey);
ISet dummySet = cert.GetNonCriticalExtensionOids();
if (dummySet != null)
{
Fail("non-critical oid set should be null");
}
dummySet = cert.GetCriticalExtensionOids();
if (dummySet != null)
{
Fail("critical oid set should be null");
}
//
// create the certificate - version 3 - with extensions
//
certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(new X509Name(ord, values));
certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
certGen.SetSubjectDN(new X509Name(ord, values));
certGen.SetPublicKey(pubKey);
certGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
certGen.AddExtension("2.5.29.15", true,
new X509KeyUsage(X509KeyUsage.EncipherOnly));
certGen.AddExtension("2.5.29.37", true,
new DerSequence(KeyPurposeID.AnyExtendedKeyUsage));
certGen.AddExtension("2.5.29.17", true,
new GeneralNames(new GeneralName(GeneralName.Rfc822Name, "*****@*****.**")));
cert = certGen.Generate(privKey);
cert.CheckValidity(DateTime.UtcNow);
cert.Verify(pubKey);
cert = new X509CertificateParser().ReadCertificate(cert.GetEncoded());
if (!cert.GetKeyUsage()[7])
{
Fail("error generating cert - key usage wrong.");
}
IList l = cert.GetExtendedKeyUsage();
if (!l[0].Equals(KeyPurposeID.AnyExtendedKeyUsage.Id))
{
Fail("failed extended key usage test");
}
foreach (IList gn in cert.GetSubjectAlternativeNames())
{
if (!gn[1].Equals("*****@*****.**"))
{
Fail("failed subject alternative names test");
}
}
// Console.WriteLine(cert);
//
// create the certificate - version 1
//
X509V1CertificateGenerator certGen1 = new X509V1CertificateGenerator();
certGen1.SetSerialNumber(BigInteger.One);
certGen1.SetIssuerDN(new X509Name(ord, values));
certGen1.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
certGen1.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
certGen1.SetSubjectDN(new X509Name(ord, values));
certGen1.SetPublicKey(pubKey);
certGen1.SetSignatureAlgorithm("MD5WithRSAEncryption");
cert = certGen1.Generate(privKey);
cert.CheckValidity(DateTime.UtcNow);
cert.Verify(pubKey);
cert = new X509CertificateParser().ReadCertificate(cert.GetEncoded());
// Console.WriteLine(cert);
if (!cert.IssuerDN.Equivalent(cert.SubjectDN))
{
Fail("name comparison fails");
}
}
/// <summary>
/// Generate a CA certificate
/// </summary>
/// <param name="keyPair">Asymmetric key pair to use for generating certificate</param>
/// <param name="certificateDetails">Certificate details </param>
/// <param name="certificateDetailsOrder">Order certificate details are created</param>
/// <returns>A self signed X509 certificate</returns>
public X509Certificate GenerateCaCertificate(AsymmetricCipherKeyPair keyPair, IDictionary certificateDetails, IList certificateDetailsOrder)
{
var startDate = DateTime.UtcNow; // time from which certificate is valid
var expiryDate = startDate.AddYears(20); // time after which certificate is not valid
var serialNumber = BigInteger.ProbablePrime(120, new Random());
var certName = new X509Name(certificateDetailsOrder, certificateDetails);
var x509V1CertificateGenerator = new X509V1CertificateGenerator();
x509V1CertificateGenerator.SetSerialNumber(serialNumber);
x509V1CertificateGenerator.SetIssuerDN(certName);
x509V1CertificateGenerator.SetNotBefore(startDate);
x509V1CertificateGenerator.SetNotAfter(expiryDate);
x509V1CertificateGenerator.SetSubjectDN(certName); // note: same as issuer
x509V1CertificateGenerator.SetPublicKey(keyPair.Public);
x509V1CertificateGenerator.SetSignatureAlgorithm(SignatureAlgorithm);
var newCert = x509V1CertificateGenerator.Generate(keyPair.Private);
return newCert;
}
public static X509Certificate MakeV1Certificate(AsymmetricCipherKeyPair subKP,
string _subDN, AsymmetricCipherKeyPair issKP, string _issDN)
{
AsymmetricKeyParameter subPub = subKP.Public;
AsymmetricKeyParameter issPriv = issKP.Private;
AsymmetricKeyParameter issPub = issKP.Public;
X509V1CertificateGenerator v1CertGen = new X509V1CertificateGenerator();
v1CertGen.Reset();
v1CertGen.SetSerialNumber(AllocateSerialNumber());
v1CertGen.SetIssuerDN(new X509Name(_issDN));
v1CertGen.SetNotBefore(DateTime.UtcNow);
v1CertGen.SetNotAfter(DateTime.UtcNow.AddDays(100));
v1CertGen.SetSubjectDN(new X509Name(_subDN));
v1CertGen.SetPublicKey(subPub);
if (issPub is RsaKeyParameters)
{
v1CertGen.SetSignatureAlgorithm("SHA1WithRSA");
}
else if (issPub is DsaPublicKeyParameters)
{
v1CertGen.SetSignatureAlgorithm("SHA1withDSA");
}
else if (issPub is ECPublicKeyParameters)
{
ECPublicKeyParameters ecPub = (ECPublicKeyParameters)issPub;
if (ecPub.AlgorithmName == "ECGOST3410")
{
v1CertGen.SetSignatureAlgorithm("GOST3411withECGOST3410");
}
else
{
v1CertGen.SetSignatureAlgorithm("SHA1withECDSA");
}
}
else
{
v1CertGen.SetSignatureAlgorithm("GOST3411WithGOST3410");
}
X509Certificate _cert = v1CertGen.Generate(issPriv);
_cert.CheckValidity(DateTime.UtcNow);
_cert.Verify(issPub);
return _cert;
}
