public static void GenerateSslCertificate(PfxData pfx, Org.BouncyCastle.Security.SecureRandom random) { string curveName = "curve25519"; curveName = "secp256k1"; // IIS does not support Elliptic Curve... // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateEcKeyPair(curveName, random); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateRsaKeyPair(2048, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateDsaKeyPair(1024, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateDHKeyPair(1024, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateGostKeyPair(4096, random); Org.BouncyCastle.X509.X509Certificate sslCertificate = SelfSignSslCertificate(random, pfx.Certificate, certKeyPair.Public, pfx.PrivateKey); bool val = CerGenerator.ValidateSelfSignedCert(sslCertificate, pfx.Certificate.GetPublicKey()); // SSL (string Private, string Public)certKeys = KeyPairToPem(certKeyPair); PfxFile.Create(@"obelix.pfx", sslCertificate, certKeyPair.Private, ""); WriteCerAndCrt(sslCertificate, @"obelix"); System.IO.File.WriteAllText(@"obelix_private.key", certKeys.Private, System.Text.Encoding.ASCII); // System.IO.File.WriteAllText(@"obelix_public.key", certKeys.Public, System.Text.Encoding.ASCII); string pemCert = ToPem(sslCertificate); System.IO.File.WriteAllText(@"obelix.pem", pemCert, System.Text.Encoding.ASCII); } // End Sub GenerateSslCertificate
public static void CreateSignature(System.Security.Cryptography.X509Certificates.X509Certificate2 mycert) { // https://www.programcreek.com/java-api-examples/?api=org.bouncycastle.x509.X509V3CertificateGenerator // https://forums.asp.net/t/2154987.aspx?Create+Self+Signed+Certificate+programatically+uisng+C+ // System.Security.Cryptography.X509Certificates.X509Certificate2.CreateFromCertFile() // https://overcoder.net/q/429916/bouncycastle-privatekey-to-x509%D1%81%D0%B5%D1%80%D1%82%D0%B8%D1%84%D0%B8%D0%BA%D0%B0%D1%822-privatekey // https://www.csharpcodi.com/csharp-examples/Org.BouncyCastle.X509.X509Certificate.GetPublicKey()/ Org.BouncyCastle.Crypto.AsymmetricKeyParameter Akp = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(mycert.PrivateKey).Private; // if(mycert.HasPrivateKey) Org.BouncyCastle.Crypto.AsymmetricKeyParameter bouncyCastlePrivateKey = TransformRSAPrivateKey(mycert.PrivateKey); Org.BouncyCastle.X509.X509CertificateParser certParser = new Org.BouncyCastle.X509.X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate bouncyCertificate = certParser.ReadCertificate(mycert.GetRawCertData()); Org.BouncyCastle.Crypto.AsymmetricKeyParameter pubKey = bouncyCertificate.GetPublicKey(); Org.BouncyCastle.Crypto.IDigest algorithm = Org.BouncyCastle.Security.DigestUtilities.GetDigest(bouncyCertificate.SigAlgOid); // X509Certificate2Signature signature = new X509Certificate2Signature(mycert, algorithm); // https://github.com/kusl/itextsharp/blob/master/tags/iTextSharp_5_4_5/src/core/iTextSharp/text/pdf/security/X509Certificate2Signature.cs // Sign // PemReader pem = new PemReader(); // pem.ReadPemObject().Headers // RSACryptoServiceProvider rsa = pem.ReadPrivateKeyFromFile("PrivateKey.pem"); }
public static XadesObject GetXadesObject(XadesInfo xadesInfo, string signatureid) { XadesObject xadesObject = new XadesObject(); xadesObject.QualifyingProperties.Target = String.Format("#{0}", signatureid); xadesObject.QualifyingProperties.SignedProperties.Id = String.Format("{0}-signedprops", signatureid); SignedSignatureProperties signedSignatureProperties = xadesObject.QualifyingProperties.SignedProperties.SignedSignatureProperties; var x509CertificateParser = new Org.BouncyCastle.X509.X509CertificateParser(); X509Certificate bouncyCert = x509CertificateParser.ReadCertificate(Convert.FromBase64String(xadesInfo.RawPK)); var cert = new Cert { IssuerSerial = { X509IssuerName = GetOidRepresentation(bouncyCert.IssuerDN.ToString()), X509SerialNumber = bouncyCert.SerialNumber.ToString() } }; cert.CertDigest.DigestMethod.Algorithm = CPSignedXml.XmlDsigGost3411UrlObsolete; var rawCertData = Convert.FromBase64String(xadesInfo.RawPK); var pkHash = HashAlgorithm.Create("GOST3411"); var hashValue = pkHash.ComputeHash(rawCertData); cert.CertDigest.DigestValue = hashValue; signedSignatureProperties.SigningCertificate.CertCollection.Add(cert); signedSignatureProperties.SigningTime = GetSigningTimeOffset(xadesInfo.SigningDateTimeUTC, xadesInfo.TimeZoneOffsetMinutes); return(xadesObject); }
public static void Sign(IExternalSignature externalSignature, X509Certificate2 rawCertificate, string sourcePdfPath, string destinationPdfPath) { if (externalSignature == null) { throw new ArgumentNullException(nameof(externalSignature)); } if (rawCertificate == null) { throw new ArgumentNullException(nameof(rawCertificate)); } if (sourcePdfPath == null) { throw new ArgumentNullException(nameof(sourcePdfPath)); } if (destinationPdfPath == null) { throw new ArgumentNullException(nameof(destinationPdfPath)); } using PdfReader reader = new PdfReader(sourcePdfPath); Org.BouncyCastle.X509.X509Certificate bCert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(rawCertificate); Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { bCert }; using FileStream stream = new FileStream(destinationPdfPath, FileMode.OpenOrCreate); PdfSigner signer = new PdfSigner(reader, stream, new StampingProperties()); signer.SetSignatureEvent(new SignatureEvent()); signer.SignDetached(externalSignature, chain, null, null, null, 0, PdfSigner.CryptoStandard.CADES); }
private void SignManigestFile(PassGeneratorRequest request) { X509Certificate2 card = GetCertificate(request); if (card == null) { throw new FileNotFoundException("Certificate could not be found. Please ensure the thumbprint and cert location values are correct."); } Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card); Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private; X509Certificate2 appleCA = GetAppleCertificate(request); Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA); ArrayList intermediateCerts = new ArrayList(); intermediateCerts.Add(appleCert); intermediateCerts.Add(cert); Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts); Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP); CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1); generator.AddCertificates(st1); CmsProcessable content = new CmsProcessableByteArray(manifestFile); CmsSignedData signedData = generator.Generate(content, false); signatureFile = signedData.GetEncoded(); }
public ValidationResponse ValidateCertificate(X509Certificate2 certificate, X509Certificate2 issuer) { Org.BouncyCastle.X509.X509Certificate certificateBC = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certificate); try { Asn1Object derAiaExtension = Asn1Object.FromByteArray(certificateBC.GetExtensionValue(new DerObjectIdentifier("1.3.6.1.5.5.7.1.1")).GetOctets()); Asn1InputStream asn1Stream = new Asn1InputStream(derAiaExtension.GetDerEncoded()); Asn1Sequence asn1Sequence = (Asn1Sequence)asn1Stream.ReadObject(); foreach (Asn1Encodable entry in asn1Sequence) { AccessDescription aiaEntry = AccessDescription.GetInstance(entry.ToAsn1Object()); if (aiaEntry.AccessMethod.Id == AccessDescription.IdADOcsp.Id) { Console.Out.WriteLine(aiaEntry.AccessLocation.ToString()); GeneralName gn = (GeneralName)aiaEntry.AccessLocation; ValidationResponse validationResponse = ValidateCertificate(certificate, issuer, gn.Name.ToString()); if ((validationResponse.status == ValidationExtensions.Enums.CertificateStatus.VALID) || (validationResponse.status == ValidationExtensions.Enums.CertificateStatus.REVOKED)) { return(validationResponse); } } } } catch (NullReferenceException) { // No Access Information Exception } return(new ValidationResponse(ValidationExtensions.Enums.CertificateStatus.UNKNOWN)); }
public static X509Certificate2 ToX509Certificate2( Org.BouncyCastle.X509.X509Certificate BouncyCert, SecureRandom RandomProvider, AsymmetricCipherKeyPair KeyPair) { var store = new Pkcs12Store(); var certificateEntry = new X509CertificateEntry(BouncyCert); string friendlyName = BouncyCert.SubjectDN.ToString(); store.SetCertificateEntry(friendlyName, certificateEntry); store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(KeyPair.Private), new[] { certificateEntry }); var stream = new MemoryStream(); var password = KeyPair.Private.GetHashCode().ToString(); store.Save(stream, password.ToCharArray(), RandomProvider); //convert from stream var convertedCertificate = new X509Certificate2( stream.ToArray(), password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); return(convertedCertificate); }
/// <summary> /// Create a X509Certificate2 with a private key by combining /// a bouncy castle X509Certificate and private key parameters. /// </summary> private static X509Certificate2 CreateCertificateWithPrivateKey( Org.BouncyCastle.X509.X509Certificate certificate, string friendlyName, Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey, Org.BouncyCastle.Security.SecureRandom random) { // create pkcs12 store for cert and private key using (MemoryStream pfxData = new MemoryStream()) { var builder = new Org.BouncyCastle.Pkcs.Pkcs12StoreBuilder(); builder.SetUseDerEncoding(true); var pkcsStore = builder.Build(); var chain = new Org.BouncyCastle.Pkcs.X509CertificateEntry[1]; string passcode = Guid.NewGuid().ToString(); chain[0] = new Org.BouncyCastle.Pkcs.X509CertificateEntry(certificate); if (string.IsNullOrEmpty(friendlyName)) { friendlyName = GetCertificateCommonName(certificate); } pkcsStore.SetKeyEntry(friendlyName, new Org.BouncyCastle.Pkcs.AsymmetricKeyEntry(privateKey), chain); pkcsStore.Save(pfxData, passcode.ToCharArray(), random); // merge into X509Certificate2 return(CertificateFactory.CreateCertificateFromPKCS12(pfxData.ToArray(), passcode)); } }
private void sign(X509Certificate2 cert, String imput, String output) { string SourcePdfFileName = imput; string DestPdfFileName = output; string requerente = ""; Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(cert.RawData) }; IExternalSignature externalSignature = new X509Certificate2Signature(cert, "SHA-1"); PdfReader pdfReader = new PdfReader(SourcePdfFileName); FileStream signedPdf = new FileStream(DestPdfFileName, FileMode.Create); //the output pdf file PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, signedPdf, '\0'); PdfSignatureAppearance signatureAppearance = pdfStamper.SignatureAppearance; requerente = cert.Subject.Replace("CN=", "").Replace("OU=", "").Replace("DC=", "").Replace("O=", "").Replace("C=", ""); signatureAppearance.SetVisibleSignature(new iTextSharp.text.Rectangle(250, 30, 550, 80), 1, "Signature"); signatureAppearance.Layer2Text = "Assinado de forma digital por " + requerente + Environment.NewLine + "Dados:" + DateTime.Now; string pathImage = Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), "assinatura.png"); var image = iTextSharp.text.Image.GetInstance(pathImage); signatureAppearance.SignatureGraphic = image; //signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.DESCRIPTION; signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.GRAPHIC_AND_DESCRIPTION; //signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.DESCRIPTION; MakeSignature.SignDetached(signatureAppearance, externalSignature, chain, null, null, null, 0, CryptoStandard.CMS); }
private static byte[] GeneratePkcs1Signature(Session session, RsaKeyParameters rsaPubKeyParams, X509Certificate bcSigningCertificate, byte[] pkcs1DigestInfo) { //Correlate with HSM var privKeySearchTemplate = new List <ObjectAttribute> { new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY), new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_RSA), new ObjectAttribute(CKA.CKA_MODULUS, rsaPubKeyParams.Modulus.ToByteArrayUnsigned()), new ObjectAttribute(CKA.CKA_PUBLIC_EXPONENT, rsaPubKeyParams.Exponent.ToByteArrayUnsigned()) }; var privateKeyHandles = session.FindAllObjects(privKeySearchTemplate); if (privateKeyHandles.Count != 1) { throw new HsmObjectNotFoundException( string.Format( "Private key correlation failed for signing cert \r\n{0} \r\n CKA_MODULUS: {1} \r\n CKA_PUBLIC_EXPONENT {2},", bcSigningCertificate, rsaPubKeyParams.Modulus, rsaPubKeyParams.Exponent)); } byte[] pkcs1Signature; using (var mechanism = new Mechanism(CKM.CKM_RSA_PKCS)) { pkcs1Signature = session.Sign(mechanism, privateKeyHandles.Single(), pkcs1DigestInfo); } return(pkcs1Signature); }
private void SignManigestFile(PassGeneratorRequest request, string manifestFileAndPath) { byte[] dataToSign = File.ReadAllBytes(manifestFileAndPath); X509Certificate2 card = GetCertificate(request); Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card); Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private; X509Certificate2 appleCA = GetAppleCertificate(); Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA); ArrayList intermediateCerts = new ArrayList(); intermediateCerts.Add(appleCert); intermediateCerts.Add(cert); Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts); Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP); CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1); generator.AddCertificates(st1); CmsProcessable content = new CmsProcessableByteArray(dataToSign); CmsSignedData signedData = generator.Generate(content, false); string outputDirectory = Path.GetDirectoryName(manifestFileAndPath); string signatureFileAndPath = Path.Combine(outputDirectory, "signature"); File.WriteAllBytes(signatureFileAndPath, signedData.GetEncoded()); }
/// <summary> /// Gets the .NET certificate from the bouncy castle certificate. /// </summary> /// <param name="cert">The certificate.</param> /// <param name="friendlyName">The friendly name.</param> /// <param name="keyPair">The key pair.</param> /// <param name="random">A random number generator.</param> /// <returns></returns> protected X509Certificate2 GetWindowsCertFromGenerated(Org.BouncyCastle.X509.X509Certificate cert, string friendlyName, AsymmetricKeyParameter privateKey, SecureRandom random) { // Create a PKS store. var store = new Pkcs12Store(); // Generate a cert entry var certificateEntry = new X509CertificateEntry(cert); // Add it into the in-memory store. store.SetCertificateEntry(friendlyName, certificateEntry); // Add the key. store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(privateKey), new[] { certificateEntry }); var stream = new MemoryStream(); // Save the store to a stream.. store.Save(stream, STOREPASSWORD.ToCharArray(), random); // Now load that same certificate. var convertedCertificate = new X509Certificate2( stream.ToArray(), STOREPASSWORD, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); return(convertedCertificate); }
public byte[] Sign(byte[] cmsData) { IList certs = new List <X509Certificate>(); byte[] signBytes = File.ReadAllBytes(GetFile()); X509Certificate2 signCert = new X509Certificate2(signBytes, Key, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable); certs.Add(DotNetUtilities.FromX509Certificate(signCert)); IX509Store x509Certs = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs)); CmsSignedDataGenerator gen = new CmsSignedDataGenerator(); AsymmetricCipherKeyPair pair = DotNetUtilities.GetKeyPair(signCert.PrivateKey); X509Certificate bX509Certificate = DotNetUtilities.FromX509Certificate(signCert); gen.AddSigner(pair.Private, bX509Certificate, CmsSignedGenerator.DigestSha1); gen.AddSigner(pair.Private, bX509Certificate, CmsSignedGenerator.DigestSha256); CmsSignedData unsignedData = new CmsSignedData(cmsData); gen.AddCertificates(x509Certs); CmsProcessable msg = new CmsProcessableByteArray(unsignedData.GetEncoded()); CmsSignedData cmsSignedData = gen.Generate(CmsSignedGenerator.Data, msg, true); byte[] p7MData = cmsSignedData.GetEncoded(); return(p7MData); }
// https://git.itextsupport.com/projects/I5N/repos/itextsharp/browse/src/core/iTextSharp/text/pdf/security public static void Test(System.Security.Cryptography.X509Certificates.X509Certificate2 cert) { Org.BouncyCastle.X509.X509CertificateParser parser = new Org.BouncyCastle.X509.X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate bouncyCertificate = parser.ReadCertificate(cert.RawData); string algorithm = DigestAlgorithms.GetDigest(bouncyCertificate.SigAlgOid); X509Certificate2Signature signature = new X509Certificate2Signature(cert, algorithm); }
protected static byte[] GenerateSignature(byte[] manifest, X509Certificate2 appleCert, X509Certificate2 passCert) { X509Certificate apple = DotNetUtilities.FromX509Certificate(appleCert); X509Certificate cert = DotNetUtilities.FromX509Certificate(passCert); var privateKey = DotNetUtilities.GetKeyPair(passCert.PrivateKey).Private; var generator = new CmsSignedDataGenerator(); generator.AddSigner(privateKey, cert, CmsSignedGenerator.DigestSha1); var list = new List <X509Certificate>(); list.Add(cert); list.Add(apple); X509CollectionStoreParameters storeParameters = new X509CollectionStoreParameters(list); IX509Store store509 = X509StoreFactory.Create("CERTIFICATE/COLLECTION", storeParameters); generator.AddCertificates(store509); var content = new CmsProcessableByteArray(manifest); var signature = generator.Generate(content, false).GetEncoded(); return(signature); }
internal Boolean ValidateServerCertificate( Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors ) { log.Info("Validating certificate"); var foundPins = new List <String>(); foreach (X509ChainElement c in chain.ChainElements) { var certParser = new Org.BouncyCastle.X509.X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate cert = certParser.ReadCertificate(c.Certificate.RawData); Org.BouncyCastle.Asn1.X509.X509CertificateStructure certStruct = cert.CertificateStructure; String peerPin = Fingerprint(certStruct); log.Info("Peer pin: " + peerPin); foundPins.Add(peerPin); if (this.Matches(peerPin)) { return(true); } } return(false); }
public void Sign(string inputPath, string outPath, string imagePath, bool visible = true) { X509Store store = new X509Store(StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(store.Certificates, null, null, X509SelectionFlag.SingleSelection); X509Certificate2 cert = sel[0]; Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(cert.RawData) }; IExternalSignature externalSignature = new X509Certificate2Signature(cert, "SHA-1"); PdfReader pdfReader = new PdfReader(inputPath); var signedPdf = new FileStream(outPath, FileMode.Create); var pdfStamper = PdfStamper.CreateSignature(pdfReader, signedPdf, '\0'); PdfSignatureAppearance signatureAppearance = pdfStamper.SignatureAppearance; if (imagePath != null && imagePath != string.Empty) { signatureAppearance.SignatureGraphic = Image.GetInstance(imagePath); } signatureAppearance.SetVisibleSignature(new Rectangle(100, 100, 250, 150), pdfReader.NumberOfPages, "Signature"); signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.GRAPHIC_AND_DESCRIPTION; MakeSignature.SignDetached(signatureAppearance, externalSignature, chain, null, null, null, 0, CryptoStandard.CMS); Process.Start(outPath); }
/// <inheritdoc /> public async Task <AsymmetricKeyParameter> GetResponderPublicKey(X509Certificate caCertificate) { var dotNetCertificate = new X509Certificate2(caCertificate.GetEncoded()); var privateKey = await OcspResponderRepository.GetResponderPrivateKey(dotNetCertificate); return(DotNetUtilities.GetKeyPair(privateKey).Public); }
public void setKeyStore(X509Certificate2 cert, string hashAlgorithm) //Getkey { /*GET Certificate chain from Cert and translate info x509 Bouncycastle List*/ Org.BouncyCastle.X509.X509Certificate bcCert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(cert); // ไม่ได้เก็ต ของผู้ออก Certificate Chain มาด้วย chain = new List <Org.BouncyCastle.X509.X509Certificate> { bcCert }; // Initial .netx509 certchain and build chain X509Chain cert_chain = new X509Chain(); cert_chain.Build(cert); int i = 0; //Add chain into bouncyCastle.chain foreach (X509ChainElement entry in cert_chain.ChainElements) { if (i != 0)//Skip first certchain due to cert_chain.Build provided first chain(entry.chain.[0]) { this.chain.Add(Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(entry.Certificate)); } i++; } this.signature = new RSAProviderPrivateKey(cert, hashAlgorithm); }
/// <param name="issuerCertificate"></param> /// <inheritdoc /> public async Task <X509Certificate[]> GetChain(X509Certificate issuerCertificate) { var dotNetCertificate = new X509Certificate2(issuerCertificate.GetEncoded()); var certificates = await OcspResponderRepository.GetChain(dotNetCertificate); return(certificates.Select(DotNetUtilities.FromX509Certificate).ToArray()); }
public async Task SaveCertificateAsync(string orderUrl, X509Certificate certificate) { FileSystemCertCollectionFormat collectionFormat = await GetFileSystemCertCollectionFormat(); if (collectionFormat.Certs.Count > 64) { _logger.LogInformation("Too many saved certs, culling old records"); IEnumerable <KeyValuePair <string, FileSystemCertFormat> > oldRecords = collectionFormat.Certs.ToArray().OrderBy(i => i.Value.NotAfter).Take(32); foreach (var oldRecord in oldRecords) { _logger.LogInformation($"Remove cert {oldRecord.Key}"); collectionFormat.Certs.Remove(oldRecord.Key); } } byte[] serialized = _certCodec.Encode(certificate); string serializedStr = Convert.ToBase64String(serialized); collectionFormat.Certs[orderUrl] = new FileSystemCertFormat { NotAfter = new DateTimeOffset(certificate.NotAfter).ToUnixTimeMilliseconds(), NotBefore = new DateTimeOffset(certificate.NotBefore).ToUnixTimeMilliseconds(), Val = serializedStr }; await SaveFileSystemCertCollectionFormat(collectionFormat); }
public static X509Certificate2 GetCertificateWithPrivateKey(X509Certificate bcCertificate, AsymmetricCipherKeyPair keyPair) { Assert.IsType <RsaPrivateCrtKeyParameters>(keyPair.Private); var privateKeyParameters = (RsaPrivateCrtKeyParameters)keyPair.Private; #if IS_DESKTOP RSA privateKey = DotNetUtilities.ToRSA(privateKeyParameters); var certificate = new X509Certificate2(bcCertificate.GetEncoded()); certificate.PrivateKey = privateKey; #else RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters(privateKeyParameters); var privateKey = new RSACryptoServiceProvider(); privateKey.ImportParameters(rsaParameters); X509Certificate2 certificate; using (var certificateTmp = new X509Certificate2(bcCertificate.GetEncoded())) { certificate = RSACertificateExtensions.CopyWithPrivateKey(certificateTmp, privateKey); } #endif return(certificate); }
public void sign(X509Certificate2 cert, String filename, String imageName, String output) { Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(cert.RawData) }; IExternalSignature externalSignature = new X509Certificate2Signature(cert, "SHA-1"); PdfReader pdfReader = new PdfReader(filename); FileStream signedPdf = new FileStream(output, FileMode.Create); PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, signedPdf, '\0'); PdfSignatureAppearance signatureAppearance = pdfStamper.SignatureAppearance; Image img = Image.GetInstance(imageName); img.Alignment = iTextSharp.text.Image.UNDERLYING; signatureAppearance.SignatureGraphic = img; signatureAppearance.Acro6Layers = true; int x = Convert.ToInt32(xTextBox.Text); int y = Convert.ToInt32(yTextBox.Text); int w = Convert.ToInt32(widthTextBox.Text); int h = Convert.ToInt32(heightTextBox.Text); signatureAppearance.SetVisibleSignature(new iTextSharp.text.Rectangle(x, y, w, h), pdfReader.NumberOfPages, "Signature"); signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.GRAPHIC_AND_DESCRIPTION; MakeSignature.SignDetached(signatureAppearance, externalSignature, chain, null, null, null, 0, CryptoStandard.CMS); }
} // End Sub WritePrivatePublicKey public static void WriteCerAndCrt( string fileName , Org.BouncyCastle.X509.X509Certificate certificate ) { using (System.IO.Stream fs = System.IO.File.Open(fileName + ".cer", System.IO.FileMode.Create)) { byte[] buf = certificate.GetEncoded(); fs.Write(buf, 0, buf.Length); fs.Flush(); } // End Using fs // new System.Text.ASCIIEncoding(false) // new System.Text.UTF8Encoding(false) using (System.IO.Stream fs = System.IO.File.Open(fileName + ".crt", System.IO.FileMode.Create)) { using (System.IO.StreamWriter sw = new System.IO.StreamWriter(fs, System.Text.Encoding.ASCII)) { byte[] buf = certificate.GetEncoded(); string pem = ToPem(buf); sw.Write(pem); sw.Flush(); fs.Flush(); } // End Using sw } // End Using fs } // End Sub WriteCerAndCrt
// https://www.csharpcodi.com/csharp-examples/Org.BouncyCastle.X509.X509Certificate.GetPublicKey()/ public static bool CheckRequestSignature( byte[] serializedSpeechletRequest , string expectedSignature , Org.BouncyCastle.X509.X509Certificate cert) { byte[] expectedSig = null; try { expectedSig = System.Convert.FromBase64String(expectedSignature); } catch (System.FormatException) { return(false); } Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters publicKey = (Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters)cert.GetPublicKey(); Org.BouncyCastle.Crypto.ISigner signer = Org.BouncyCastle.Security.SignerUtilities.GetSigner("Sdk.SIGNATURE_ALGORITHM"); signer.Init(false, publicKey); signer.BlockUpdate(serializedSpeechletRequest, 0, serializedSpeechletRequest.Length); return(signer.VerifySignature(expectedSig)); }
} // End Sub GenerateSslCertificate public static void Test( Org.BouncyCastle.X509.X509Certificate sslCertificate, Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair sslCertificateKeyPair ) { string pemCert = ToPem(sslCertificate); // SSL (string Private, string Public)certKeys = KeyPairToPem(sslCertificateKeyPair); System.ReadOnlySpan <char> certSpan = System.MemoryExtensions.AsSpan(pemCert); System.ReadOnlySpan <char> keySpan = System.MemoryExtensions.AsSpan(certKeys.Private); System.Security.Cryptography.X509Certificates.X509Certificate2 certSslLoaded = System.Security.Cryptography.X509Certificates.X509Certificate2.CreateFromPem(certSpan, keySpan); System.Console.WriteLine(sslCertificate); System.Console.WriteLine(certSslLoaded); Org.BouncyCastle.X509.X509Certificate certly = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certSslLoaded); // bool b = certly.Equals(rootCertificate); // System.Console.WriteLine(b); // certly.GetPublicKey() Org.BouncyCastle.X509.X509Certificate cert = ReadCertificate("obelix.pem"); System.Console.WriteLine(cert); } // End Sub Test
public static string GetOidValue(Org.BouncyCastle.X509.X509Certificate certificate, string oidKey) { var oidValue = default(string); if (certificate.GetSubjectAlternativeNames() != null) { var alternativeNames = certificate .GetSubjectAlternativeNames() .Cast <ArrayList>() .Where(o => o.Count == 2 && o[0].GetType() == typeof(int)); var oidKeys = alternativeNames .Where(o => o[1] != null) .Select(o => o[1].ToString()); var oidValues = oidKeys .Where(o => o.Contains('[')) .Where(o => o.Substring(1, o.IndexOf(',') - 1) == oidKey); oidValue = oidValues .FirstOrDefault(); } return(FormatOidValue(oidValue)); }
private void init(string aPfxFilePath, string aPassword) { FileStream fin = new FileStream(aPfxFilePath, FileMode.Open, FileAccess.Read); Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder(); Pkcs12Store pkcs12Store = storeBuilder.Build(); pkcs12Store.Load(fin, aPassword.ToCharArray()); fin.Close(); IEnumerable aliases = pkcs12Store.Aliases; IEnumerator aliasesEnumerator = aliases.GetEnumerator(); while (aliasesEnumerator.MoveNext()) { string alias = (string)aliasesEnumerator.Current; signingBouncyCert = pkcs12Store.GetCertificate(alias); X509Certificate x509Certificate = signingBouncyCert.Certificate; ECertificate cert = new ECertificate(x509Certificate.GetEncoded()); EKeyUsage eKeyUsage = cert.getExtensions().getKeyUsage(); bool isDigitalSignature = eKeyUsage.isDigitalSignature(); if (isDigitalSignature) { signingBouncyKeyEntry = pkcs12Store.GetKey(alias); signingCertificate = cert; break; } } }
public static string X509Certificate2ToPEM(X509Certificate2 cert) { try { if (cert.HasPrivateKey) { byte[] pkcsarray = cert.Export(X509ContentType.Pkcs12); if (pkcsarray.Length == 0) { throw new CryptoException("Empty PKCS12 Array"); } X509Certificate certout = null; AsymmetricKeyParameter priv = null; using (MemoryStream ms = new MemoryStream(pkcsarray)) { Pkcs12Store pkstore = new Pkcs12Store(); pkstore.Load(ms, new char[] { }); foreach (string s in pkstore.Aliases.Cast <string>()) { X509CertificateEntry entry = pkstore.GetCertificate(s); if (entry != null) { certout = entry.Certificate; } AsymmetricKeyEntry kentry = pkstore.GetKey(s); if (kentry != null) { priv = kentry.Key; } } if (certout == null) { throw new CryptoException("Certificate not found"); } } using (StringWriter sw = new StringWriter()) { PemWriter pemWriter = new PemWriter(sw); pemWriter.WriteObject(certout); if (priv != null) { pemWriter.WriteObject(priv); } sw.Flush(); return(sw.ToString()); } } X509Certificate c = DotNetUtilities.FromX509Certificate(cert); return(DumpOnePEM(c, null)); // return cert.Export(X509ContentType.SerializedCert).ToUTF8String(); } catch (Exception e) { throw new CryptoException($"Unable to open pkcs12, wrong password?. {e.Message}", e); } }
/// <summary> /// Initialisiert eine neue Instanz der <see cref="Pkcs7EncryptionHandler"/> Klasse. /// </summary> /// <param name="senderCertificate">Das X509-Zertifikat des Absenders (PKCS#12)</param> /// <param name="receiverCertificate">Das X509-Zertifikat des Empfängers</param> /// <param name="oldSenderCertificates">Die abgelaufenen X509-Zertifikate des Absenders</param> public Pkcs7EncryptionHandler(Pkcs12Store senderCertificate, X509Certificate receiverCertificate, IEnumerable <Pkcs12Store> oldSenderCertificates = null) { #if SUPPORTS_PKCS_SIGNING _encryptionHandler = new NativePkcs7EncryptionHandler(senderCertificate, receiverCertificate, oldSenderCertificates); #else _encryptionHandler = new BouncyCastlePkcs7EncryptionHandler(senderCertificate, receiverCertificate, oldSenderCertificates); #endif }
/// <summary> /// Initialisiert eine neue Instanz der <see cref="Pkcs7EncryptionHandler"/> Klasse. /// </summary> /// <param name="senderCertificate">Das X509-Zertifikat des Absenders (PKCS#12)</param> /// <param name="receiverCertificate">Das X509-Zertifikat des Empfängers</param> /// <param name="oldSenderCertificates">Die abgelaufenen X509-Zertifikate des Absenders</param> public Pkcs7EncryptionHandler(Pkcs12Store senderCertificate, X509Certificate receiverCertificate, IEnumerable<Pkcs12Store> oldSenderCertificates = null) { #if NET45 var senderCert = ConvertToCertificate2(senderCertificate); var recCert = ConvertToCertificate2(receiverCertificate); var oldSenderCerts = oldSenderCertificates?.Select(ConvertToCertificate2); _encryptionHandler = new NativePkcs7EncryptionHandler(senderCert, recCert, oldSenderCerts); #else _encryptionHandler = new BouncyCastlePkcs7EncryptionHandler(senderCertificate, receiverCertificate, oldSenderCertificates); #endif }
private static byte[] GenerateOcspRequest(BigInteger subjectSerialNumber, X509Certificate issuerCert) { // We need a request generator. var generator = new OcspReqGenerator(); // Then we add the certificate we're asking about to it. generator.AddRequest(new CertificateID(CertificateID.HashSha1, issuerCert, subjectSerialNumber)); // Then we generate the DER-encoded request. var req = generator.Generate(); return req.GetEncoded(); }
virtual protected void SignWithCertificate(String src, String dest, ICipherParameters pk, X509Certificate[] chain, String digestAlgorithm) { // Creating the reader and the stamper PdfReader reader = new PdfReader(src); FileStream os = new FileStream(dest, FileMode.Create); PdfStamper stamper = PdfStamper.createXmlSignature(reader, os); // Creating the appearance XmlSignatureAppearance appearance = stamper.XmlSignatureAppearance; appearance.SetXmlLocator(new XfaXmlLocator(stamper)); // Creating the signature IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm); MakeXmlSignature.SignXmlDSig(appearance, pks, chain); }
virtual protected void SignXades(String src, String dest, ICipherParameters pk, X509Certificate[] chain, String digestAlgorithm, bool includeSignaturePolicy) { // Creating the reader and the stamper PdfReader reader = new PdfReader(src); FileStream os = new FileStream(dest, FileMode.Create); PdfStamper stamper = PdfStamper.createXmlSignature(reader, os); // Creating the appearance XmlSignatureAppearance appearance = stamper.XmlSignatureAppearance; appearance.SetXmlLocator(new XfaXmlLocator(stamper)); appearance.SetDescription("Simple xfa form"); // Creating the signature IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm); MakeXmlSignature.SignXades(appearance, pks, chain, includeSignaturePolicy); }
virtual protected void SignPackageWithCertificate(String src, String dest, XfaXpathConstructor.XdpPackage xdpPackage, ICipherParameters pk, X509Certificate[] chain, String digestAlgorithm) { // Creating the reader and the stamper PdfReader reader = new PdfReader(src); FileStream os = new FileStream(dest, FileMode.Create); PdfStamper stamper = PdfStamper.createXmlSignature(reader, os); // Creating the appearance XmlSignatureAppearance appearance = stamper.XmlSignatureAppearance; //Set XfaXmlLocator to control getting and setting Document appearance.SetXmlLocator(new XfaXmlLocator(stamper)); // Set XpathConstructor, to construct xpath expression for signing an xdp package appearance.SetXpathConstructor(new XfaXpathConstructor(xdpPackage)); // Creating the signature IExternalSignature pks = new PrivateKeySignature(pk, digestAlgorithm); MakeXmlSignature.SignXmlDSig(appearance, pks, chain); }
public CertificateManager(CertificateCache certificateCache, AsymmetricCipherKeyPair caKeyPair, X509Certificate caCertificate) { _certificateCache = certificateCache; _caKeyPair = caKeyPair; _caCertificate = caCertificate; }
private static void SetSigCryptoFromX509(PdfSignatureAppearance sigAppearance, X509Certificate2 card, X509Certificate[] chain) { sigAppearance.SetCrypto(null, chain, null, PdfSignatureAppearance.WINCER_SIGNED); var dic = new PdfSignature(PdfName.ADOBE_PPKMS, PdfName.ADBE_PKCS7_SHA1) { Date = new PdfDate(sigAppearance.SignDate), Name = PdfPKCS7.GetSubjectFields(chain[0]).GetField("CN"), Reason = sigAppearance.Reason, Location = sigAppearance.Location }; sigAppearance.CryptoDictionary = dic; const int csize = 4000; var exc = new Dictionary<PdfName, int> { { PdfName.CONTENTS, csize * 2 + 2 } }; sigAppearance.PreClose(exc); HashAlgorithm sha = new SHA1CryptoServiceProvider(); var s = sigAppearance.RangeStream; int read; var buff = new byte[8192]; while ((read = s.Read(buff, 0, 8192)) > 0) { sha.TransformBlock(buff, 0, read, buff, 0); } sha.TransformFinalBlock(buff, 0, 0); var pk = SignMsg(sha.Hash, card, false); var outc = new byte[csize]; var dic2 = new PdfDictionary(); Array.Copy(pk, 0, outc, 0, pk.Length); dic2.Put(PdfName.CONTENTS, new PdfString(outc).SetHexWriting(true)); sigAppearance.Close(dic2); }
private static void SetSigCryptoFromCipherParam(PdfSignatureAppearance sigAppearance, ICipherParameters key, X509Certificate[] chain) { sigAppearance.SetCrypto(key, chain, null, PdfSignatureAppearance.WINCER_SIGNED); }
private static byte[] EncryptData(byte[] data, X509Certificate encryptionCertificate) { var dataGenerator = new CmsEnvelopedDataGenerator(); dataGenerator.AddKeyTransRecipient(encryptionCertificate); var encryptedData = dataGenerator.Generate(new CmsProcessableByteArray(data), CmsEnvelopedGenerator.Aes256Cbc); return encryptedData.GetEncoded(); }
public Signature(FileFormat fileFormat, X509Certificate2 certificate) { FileFormat = fileFormat; Certificate = certificate; CertificateBouncyCastle = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certificate); }
public Signature(FileFormat fileFormat, Org.BouncyCastle.X509.X509Certificate certificateBC) { FileFormat = fileFormat; Certificate = new X509Certificate2(certificateBC.GetEncoded()); CertificateBouncyCastle = certificateBC; }
private static X509Certificate2 ConvertToCertificate2(X509Certificate cert) { return new X509Certificate2(cert.GetEncoded()); }
private static string GetSignatureText(X509Certificate x509Certificate, PdfSignatureParameters parameters) { Dictionary<string, string> subjectFields = CertificateHelper.GetSubjectFields(x509Certificate); string surName = subjectFields.Keys.Contains("SURNAME") ? subjectFields["SURNAME"] : string.Empty; string givenName = subjectFields.Keys.Contains("GIVENNAME") ? subjectFields["GIVENNAME"] : string.Empty; string signDate = DateTime.Now.ToString("d.M.yyyy"); return parameters.SignatureTemplate .Replace("{lastname}", UppercaseFirst(surName)) .Replace("{firstname}", UppercaseFirst(givenName)) .Replace("{signdate}", signDate); }