bool GenerateSki() { if (!File.Exists(SignedCertificateFile)) { _logger.Warn($"Can't generate a SKI because there is no certiface at {SignedCertificateFile}"); return(false); } try { _logger.Debug($"Resolve SKI from {SignedCertificateFile}"); var parser = new X509CertificateParser(); var cert = parser.ReadCertificate(File.ReadAllBytes(SignedCertificateFile)); var identifier = new SubjectKeyIdentifierStructure(cert.GetPublicKey()); var bytes = identifier.GetKeyIdentifier(); _ski = BytesAsHex(bytes); _logger.Debug($"Resolved SKI '{_ski}'"); return(true); } catch (Exception ex) { _logger.Error($"Failed to get the SKI from {SignedCertificateFile}", ex); return(false); } }
// previous code found to cause a NullPointerException private void nullPointerTest() { IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("RSA"); keyGen.Init(new KeyGenerationParameters(new SecureRandom(), 1024)); AsymmetricCipherKeyPair pair = keyGen.GenerateKeyPair(); IList oids = new ArrayList(); IList values = new ArrayList(); oids.Add(X509Extensions.BasicConstraints); values.Add(new X509Extension(true, new DerOctetString(new BasicConstraints(true)))); oids.Add(X509Extensions.KeyUsage); values.Add(new X509Extension(true, new DerOctetString( new KeyUsage(KeyUsage.KeyCertSign | KeyUsage.CrlSign)))); SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifierStructure(pair.Public); X509Extension ski = new X509Extension(false, new DerOctetString(subjectKeyIdentifier)); oids.Add(X509Extensions.SubjectKeyIdentifier); values.Add(ski); AttributePkcs attribute = new AttributePkcs(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, new DerSet(new X509Extensions(oids, values))); Pkcs10CertificationRequest p1 = new Pkcs10CertificationRequest( "SHA1WithRSA", new X509Name("cn=csr"), pair.Public, new DerSet(attribute), pair.Private); Pkcs10CertificationRequest p2 = new Pkcs10CertificationRequest( "SHA1WithRSA", new X509Name("cn=csr"), pair.Public, new DerSet(attribute), pair.Private); if (!p1.Equals(p2)) { Fail("cert request comparison failed"); } }
/// <summary> /// Adds a subject key identifier to the certificate. This is a hash value of the public key. /// </summary> /// <returns></returns> public CertificateBuilder AddSKID() { var skid = new SubjectKeyIdentifierStructure(keyPair.Public); certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, skid); logger.Debug($"[ADD SUBJECT KEY IDENTIFIER]"); return(this); }
PrimarySignature CreateKeyVaultPrimarySignature(SignPackageRequest request, SignatureContent signatureContent, SignatureType signatureType) { // Get the chain var getter = typeof(SignPackageRequest).GetProperty("Chain", BindingFlags.Instance | BindingFlags.NonPublic) .GetGetMethod(true); var certs = (IReadOnlyList <X509Certificate2>)getter.Invoke(request, null); var attribs = SigningUtility.CreateSignedAttributes(request, certs); // Convert .NET crypto attributes to Bouncy Castle var attribTable = new AttributeTable(new Asn1EncodableVector(attribs.Cast <CryptographicAttributeObject>() .Select(ToBcAttribute) .ToArray())); // SignerInfo generator setup var signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder() .WithSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(attribTable)); // Subject Key Identifier (SKI) is smaller and less prone to accidental matching than issuer and serial // number. However, to ensure cross-platform verification, SKI should only be used if the certificate // has the SKI extension attribute. // Try to look for the value var bcCer = DotNetUtilities.FromX509Certificate(request.Certificate); var ext = bcCer.GetExtensionValue(new DerObjectIdentifier(Oids.SubjectKeyIdentifier)); SignerInfoGenerator signerInfoGenerator; if (ext != null) { var ski = new SubjectKeyIdentifierStructure(ext); signerInfoGenerator = signerInfoGeneratorBuilder.Build(new RsaSignatureFactory(HashAlgorithmToBouncyCastle(request.SignatureHashAlgorithm), provider), ski.GetKeyIdentifier()); } else { signerInfoGenerator = signerInfoGeneratorBuilder.Build(new RsaSignatureFactory(HashAlgorithmToBouncyCastle(request.SignatureHashAlgorithm), provider), bcCer); } var generator = new CmsSignedDataGenerator(); generator.AddSignerInfoGenerator(signerInfoGenerator); // Get the chain as bc certs generator.AddCertificates(X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs.Select(DotNetUtilities.FromX509Certificate). ToList()))); var msg = new CmsProcessableByteArray(signatureContent.GetBytes()); var data = generator.Generate(msg, true); var encoded = data.ContentInfo.GetDerEncoded(); return(PrimarySignature.Load(encoded)); }
public async Task Create_Secp256k1() { var key = await _keyStoreService.CreateAsync("alice", "secp256k1", 0); try { var cert = await _keyStoreService.CreateBcCertificateAsync("alice"); Assert.AreEqual($"CN={key.Id},OU=keystore,O=ipfs", cert.SubjectDN.ToString()); var ski = new SubjectKeyIdentifierStructure( cert.GetExtensionValue(X509Extensions.SubjectKeyIdentifier)); Assert.AreEqual(key.Id.ToBase58(), ski.GetKeyIdentifier().ToBase58()); } finally { await _keyStoreService.RemoveAsync("alice"); } }
public async Task Create_Ed25519() { var ipfs = TestFixture.Ipfs; var keychain = await ipfs.KeyChainAsync(); var key = await ipfs.Key.CreateAsync("alice", "ed25519", 0); try { var cert = await keychain.CreateBCCertificateAsync("alice"); Assert.AreEqual($"CN={key.Id},OU=keystore,O=ipfs", cert.SubjectDN.ToString()); var ski = new SubjectKeyIdentifierStructure(cert.GetExtensionValue(X509Extensions.SubjectKeyIdentifier)); Assert.AreEqual(key.Id.ToBase58(), ski.GetKeyIdentifier().ToBase58()); } finally { await ipfs.Key.RemoveAsync("alice"); } }
/// <summary> /// Initializes SubjectKeyIdentifier with a <see cref="AsymmetricKeyParameter"/> /// </summary> /// <param name="assymetricKeyParameter"><see cref="AsymmetricKeyParameter"/></param> public SubjectKeyIdentifier(AsymmetricKeyParameter assymetricKeyParameter) { this.X509SubjectKeyIdentifierStructure = new SubjectKeyIdentifierStructure(assymetricKeyParameter); }