/// <summary> /// Validate the signature on the Pkcs10 certification request in this holder. /// </summary> /// <param name="verifierProvider">A ContentVerifierProvider that can generate a verifier for the signature.</param> /// <returns>true if the signature is valid, false otherwise.</returns> public bool IsSignatureValid(IVerifierFactoryProvider <AlgorithmIdentifier> verifierProvider) { CertificationRequestInfo requestInfo = certificationRequest.GetCertificationRequestInfo(); IStreamCalculator <IVerifier> calculator; try { IVerifierFactory <AlgorithmIdentifier> verifier = verifierProvider.CreateVerifierFactory(certificationRequest.SignatureAlgorithm); calculator = verifier.CreateCalculator(); Stream sOut = calculator.Stream; byte[] data = requestInfo.GetEncoded(Asn1Encodable.Der); sOut.Write(data, 0, data.Length); sOut.Close(); return(calculator.GetResult().IsVerified(this.GetSignature())); } catch (Exception e) { throw new PkcsException("unable to process signature: " + e.Message, e); } }
/// <summary> /// get csr /// </summary> /// <param name="issuerName"></param> /// <returns></returns> public static Tuple <string, AsymmetricKeyParameter> GetCsr(string issuerName) { //generate KeyPair var keyGenerator = new ECKeyPairGenerator(); ECKeyGenerationParameters pa = new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, new SecureRandom()); keyGenerator.Init(pa); var keypair = keyGenerator.GenerateKeyPair(); //domain name of CSR file X509Name principal = new X509Name(string.Format("CN={0},OU=client,O=BSN", string.IsNullOrEmpty(issuerName) ? "test02@app0001202004161020152918451" : issuerName)); //load public key SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keypair.Public); CertificationRequestInfo info = new CertificationRequestInfo(principal, subjectPublicKeyInfo, new DerSet()); //signature byte[] bs = ECDSAHelper.CsrSignData(info.GetEncoded(Asn1Encodable.Der), keypair.Private, pa.DomainParameters.N); //generate csr object Pkcs10CertificationRequest p10 = new Pkcs10CertificationRequest(new CertificationRequest (info, new AlgorithmIdentifier(X9ObjectIdentifiers.ECDsaWithSha256), new DerBitString(bs)).GetEncoded()); //generate csr string Org.BouncyCastle.Utilities.IO.Pem.PemObject pemCSR = new Org.BouncyCastle.Utilities.IO.Pem.PemObject("CERTIFICATE REQUEST", p10.GetEncoded()); StringWriter str = new StringWriter(); Org.BouncyCastle.Utilities.IO.Pem.PemWriter pemCsr = new Org.BouncyCastle.Utilities.IO.Pem.PemWriter(str); pemCsr.WriteObject(pemCSR); pemCsr.Writer.Flush(); return(new Tuple <string, AsymmetricKeyParameter>(str.ToString(), keypair.Private)); }