コード例 #1
0
 private static string HashAlgorithmToSignatureAlgorithm(PrivateKey privateKey, HashAlgorithm hashAlgorithm)
 {
     switch (hashAlgorithm)
     {
         case HashAlgorithm.MD2:
             if (privateKey.AlgorithmGroup == AlgorithmGroup.RSA) return OIDs.MD2rsa;
             goto default;
         case HashAlgorithm.MD5:
             if (privateKey.AlgorithmGroup == AlgorithmGroup.RSA) return OIDs.MD5rsa;
             goto default;
         case HashAlgorithm.SHA1:
             if (privateKey.AlgorithmGroup == AlgorithmGroup.RSA) return OIDs.SHA1rsa;
             if (privateKey.AlgorithmGroup == AlgorithmGroup.ECDSA) return OIDs.SHA1ecdsa;
             goto default;
         case HashAlgorithm.SHA256:
             if (privateKey.AlgorithmGroup == AlgorithmGroup.RSA) return OIDs.SHA256rsa;
             if (privateKey.AlgorithmGroup == AlgorithmGroup.ECDSA) return OIDs.SHA256ecdsa;
             goto default;
         case HashAlgorithm.SHA384:
             if (privateKey.AlgorithmGroup == AlgorithmGroup.RSA) return OIDs.SHA384rsa;
             if (privateKey.AlgorithmGroup == AlgorithmGroup.ECDSA) return OIDs.SHA384ecdsa;
             goto default;
         default:
             throw new NotSupportedException();
     }
 }
コード例 #2
0
 internal void ForceEECertificateClear()
 {
     _eePrivateKey = null;
 }
コード例 #3
0
 public unsafe X509Certificate2 GenerateCertificate(X509Certificate2 issuingCertificate, PrivateKey privateKey, X500DistinguishedName dn, string[] dnsNames, DateTime? notBefore = null, DateTime? notAfter = null)
 {
     if (!issuingCertificate.HasPrivateKey)
     {
         throw new ArgumentException("Issuing certificate must have a private key.", nameof(issuingCertificate));
     }
     IntPtr basicEncodedDataPtr = IntPtr.Zero, certExtensionPtr = IntPtr.Zero;
     var serialNumber = new byte[16];
     var rng = RandomNumberGenerator.Create();
     rng.GetNonZeroBytes(serialNumber);
     fixed (byte* dnPtr = dn.RawData, issuerDnPtr = issuingCertificate.SubjectName.RawData, serialNumberPtr = serialNumber)
     {
         try
         {
             var blob = new NATIVE_CRYPTOAPI_BLOB
             {
                 cbData = (uint)dn.RawData.Length,
                 pbData = dnPtr
             };
             var signatureAlgorithm = new CRYPT_ALGORITHM_IDENTIFIER
             {
                 pszObjId = issuingCertificate.SignatureAlgorithm.Value
             };
             using (var signingKey = ExtractKey(issuingCertificate))
             {
                 using (PublicKeyInfo publicKey = privateKey.ToPublicKey(), signingPublicKey = signingKey.ToPublicKey())
                 {
                     using (var extensions = new MarshalX509ExtensionCollection())
                     {
                         using (extensions.Freeze())
                         {
                             var usage = X509KeyUsageFlags.DigitalSignature;
                             if (privateKey.AlgorithmGroup == AlgorithmGroup.RSA)
                             {
                                 //Key encipherment is not valid for DSA/ECDSA
                                 usage |= X509KeyUsageFlags.KeyEncipherment;
                             }
                             extensions.Add(new X509BasicConstraintsExtension(false, false, 0, true));
                             extensions.Add(new X509KeyUsageExtension(usage, true));
                             extensions.Add(new X509EnhancedKeyUsageExtension(new OidCollection {new Oid(OIDs.EKU_SERVER)}, false));
                             extensions.Add(new X509SubjectAlternativeNameExtension(DnsAltNamesFromArray(dnsNames), false));
                             using (var sha1 = new SHA1CryptoServiceProvider())
                             {
                                 var issuingKeyId = sha1.ComputeHash(signingPublicKey.Key);
                                 extensions.Add(new X509SubjectKeyIdentifierExtension(sha1.ComputeHash(publicKey.Key), false));
                                 extensions.Add(new X509AuthorityKeyIdentifierExtension(issuingKeyId, null));
                             }
                         }
                         var certInfo = new CERT_INFO();
                         certInfo.Subject = blob;
                         certInfo.SerialNumber = new NATIVE_CRYPTOAPI_BLOB {cbData = (uint) serialNumber.Length, pbData = serialNumberPtr};
                         certInfo.SubjectPublicKeyInfo = publicKey.PublicKey;
                         certInfo.dwVersion = CertificateVersion.CERT_V3;
                         certInfo.Issuer = new NATIVE_CRYPTOAPI_BLOB {cbData = (uint) issuingCertificate.SubjectName.RawData.Length, pbData = issuerDnPtr};
                         certInfo.SignatureAlgorithm = signatureAlgorithm;
                         certInfo.NotAfter = FileTimeHelper.ToFileTimeStructureUtc(notAfter ?? DateTime.Now.AddHours(-1).AddYears(5));
                         certInfo.NotBefore = FileTimeHelper.ToFileTimeStructureUtc(notBefore ?? DateTime.Now.AddHours(-1));
                         certInfo.cExtension = extensions.Extensions.cExtension;
                         certInfo.rgExtension = extensions.Extensions.rgExtension;
                         var size = 0u;
                         var CERT_INFO_TYPE = (IntPtr) 2;
                         if (!Crypt32.CryptSignAndEncodeCertificate(signingKey.Handle, KeySpec.NONE, EncodingType.X509_ASN_ENCODING, CERT_INFO_TYPE, ref certInfo, ref signatureAlgorithm, IntPtr.Zero, IntPtr.Zero, ref size))
                         {
                             throw new Win32Exception(Marshal.GetLastWin32Error());
                         }
                         var buffer = Marshal.AllocHGlobal((int) size);
                         if (!Crypt32.CryptSignAndEncodeCertificate(signingKey.Handle, KeySpec.NONE, EncodingType.X509_ASN_ENCODING, CERT_INFO_TYPE, ref certInfo, ref signatureAlgorithm, IntPtr.Zero, buffer, ref size))
                         {
                             throw new Win32Exception(Marshal.GetLastWin32Error());
                         }
                         const int CERT_KEY_PROV_INFO_PROP_ID = 2;
                         var certificate = new X509Certificate2(SerializeCertificate(buffer, size));
                         var keyProvInfo = new CRYPT_KEY_PROV_INFO
                         {
                             cProvParam = 0,
                             dwKeySpec = privateKey.Handle.IsNCryptKey ? KeySpec.NONE : KeySpec.AT_KEYEXCHANGE,
                             dwProvType = privateKey.Handle.IsNCryptKey ? ProviderType.CNG : ProviderType.PROV_RSA_AES,
                             pwszProvName = privateKey.ProviderName,
                             dwFlags = 0,
                             pwszContainerName = privateKey.Name
                         };
                         if (!Crypt32.CertSetCertificateContextProperty(certificate.Handle, CERT_KEY_PROV_INFO_PROP_ID, 0u, ref keyProvInfo))
                         {
                             throw new Win32Exception(Marshal.GetLastWin32Error());
                         }
                         return new X509Certificate2(certificate);
                     }
                 }
             }
         }
         finally
         {
             Marshal.FreeHGlobal(basicEncodedDataPtr);
             Marshal.FreeHGlobal(certExtensionPtr);
         }
     }
 }
コード例 #4
0
 public unsafe X509Certificate2 GenerateCertificateAuthority(PrivateKey privateKey, X500DistinguishedName dn, HashAlgorithm signatureAlgorithm, DateTime? notBefore = null, DateTime? notAfter = null)
 {
     {
         fixed (byte* dnPtr = dn.RawData)
         {
             var blob = new NATIVE_CRYPTOAPI_BLOB
             {
                 cbData = (uint)dn.RawData.Length,
                 pbData = dnPtr
             };
             var signatureAlgorithmIdentifier = new CRYPT_ALGORITHM_IDENTIFIER
             {
                 pszObjId = HashAlgorithmToSignatureAlgorithm(privateKey, signatureAlgorithm)
             };
             using (var extensions = new MarshalX509ExtensionCollection())
             {
                 using (extensions.Freeze())
                 {
                     extensions.Add(new X509BasicConstraintsExtension(true, true, 1, true));
                     extensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.CrlSign | X509KeyUsageFlags.KeyCertSign, true));
                     extensions.Add(new X509EnhancedKeyUsageExtension(new OidCollection { new Oid(OIDs.EKU_SERVER) }, false));
                     using (var publicKey = privateKey.ToPublicKey())
                     {
                         using (var sha1 = new SHA1CryptoServiceProvider())
                         {
                             var pubKeyHash = sha1.ComputeHash(publicKey.Key);
                             extensions.Add(new X509SubjectKeyIdentifierExtension(pubKeyHash, false));
                             extensions.Add(new X509AuthorityKeyIdentifierExtension(pubKeyHash, null));
                         }
                     }
                 }
                 var certExtensions = extensions.Extensions;
                 var keyProvInfo = new CRYPT_KEY_PROV_INFO
                 {
                     cProvParam = 0,
                     dwKeySpec = privateKey.Handle.IsNCryptKey ? KeySpec.NONE : KeySpec.AT_KEYEXCHANGE,
                     dwProvType = privateKey.Handle.IsNCryptKey ? ProviderType.CNG : ProviderType.PROV_RSA_AES,
                     pwszProvName = privateKey.ProviderName,
                     dwFlags = 0,
                     pwszContainerName = privateKey.Name
                 };
                 var beginning = new SYSTEMTIME(notBefore ?? DateTime.UtcNow.AddHours(-1));
                 var expiration = new SYSTEMTIME(notAfter ?? DateTime.UtcNow.AddHours(-1).AddYears(30));
                 var certContext = Crypt32.CertCreateSelfSignCertificate(privateKey.Handle, ref blob, SelfSignFlags.NONE, ref keyProvInfo, ref signatureAlgorithmIdentifier, beginning, expiration, ref certExtensions);
                 if (certContext == IntPtr.Zero)
                 {
                     throw new Win32Exception(Marshal.GetLastWin32Error());
                 }
                 return new X509Certificate2(certContext);
             }
         }
     }
 }
コード例 #5
0
 private PrivateKey GetEEPrivateKey()
 {
     if (_eePrivateKey == null)
     {
         lock (_keyGenLock)
         {
             if (_eePrivateKey == null)
             {
                 var fiddlerEePrivateKeyName = $"{FIDDLER_EE_PRIVATE_KEY_NAME}_${_algorithm}_${_keyProviderEngine.Name}";
                 var key = PrivateKey.OpenExisting(_keyProviderEngine, fiddlerEePrivateKeyName);
                 if (key == null)
                 {
                     key = PrivateKey.CreateNew(_keyProviderEngine, fiddlerEePrivateKeyName, _algorithm, _keySize);
                 }
                 _eePrivateKey = key;
             }
         }
     }
     return _eePrivateKey;
 }