/// <summary>
/// Generate an X509Certificate.
/// </summary>
/// <param name="cspParam">CspParameters instance that has the private signing key</param>
/// <param name="Extensions">Extensions to include in the certificate</param>
/// <returns>An X509Certificate.</returns>
public X509Certificate Generate(CspParameters cspParam, X509Extensions Extensions)
{
TbsCertificateStructure tbsCert = GenerateTbsCert(Extensions);
// Check this complies with policy
if (policy != null)
{
TestAgainstPolicy test = new TestAgainstPolicy(policy);
if (!test.report(tbsCert))
{
throw new PolicyEnforcementException(test.status.ToString());
}
}
byte[] cert = tbsCert.GetEncoded();
byte[] signature;
try
{
signature = SysSigner.Sign(cert, cspParam, signatureAlgorithm);
}
catch (Exception e)
{
throw new CertificateEncodingException("Exception encoding TBS cert", e);
}
try
{
return(new X509Certificate(new X509CertificateStructure(tbsCert, sigAlgId, new DerBitString(signature))));
}
catch (CertificateParsingException e)
{
throw new CertificateEncodingException("Exception producing certificate object", e);
}
}
/// <summary>
/// Generate an X509 Certificate
/// </summary>
/// <param name="cspParam">CspParameters instance that has the private signing key</param>
/// <returns>An X509 Certificate</returns>
public X509Certificate Generate(CspParameters cspParam)
{
TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
byte[] cert = tbsCert.GetEncoded();
byte[] signature;
try
{
signature = SysSigner.Sign(cert, cspParam, signatureAlgorithm);
}
catch (Exception e)
{
throw new CertificateEncodingException("Exception encoding TBS cert", e);
}
try
{
return(new X509Certificate(new X509CertificateStructure(tbsCert, sigAlgId, new DerBitString(signature))));
}
catch (CertificateParsingException e)
{
throw new CertificateEncodingException("Exception producing certificate object", e);
}
}
private void TbsV3CertGenerate()
{
V3TbsCertificateGenerator gen = new V3TbsCertificateGenerator();
DateTime startDate = MakeUtcDateTime(1970, 1, 1, 0, 0, 1);
DateTime endDate = MakeUtcDateTime(1970, 1, 1, 0, 0, 2);
gen.SetSerialNumber(new DerInteger(2));
gen.SetStartDate(new Time(startDate));
gen.SetEndDate(new Time(endDate));
gen.SetIssuer(new X509Name("CN=AU,O=Bouncy Castle"));
gen.SetSubject(new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"));
gen.SetSignature(new AlgorithmIdentifier(PkcsObjectIdentifiers.MD5WithRsaEncryption, DerNull.Instance));
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
new AlgorithmIdentifier(
OiwObjectIdentifiers.ElGamalAlgorithm,
new ElGamalParameter(BigInteger.One, BigInteger.Two)),
new DerInteger(3));
gen.SetSubjectPublicKeyInfo(info);
//
// add extensions
//
IList order = new ArrayList();
IDictionary extensions = new Hashtable();
order.Add(X509Extensions.AuthorityKeyIdentifier);
order.Add(X509Extensions.SubjectKeyIdentifier);
order.Add(X509Extensions.KeyUsage);
extensions.Add(X509Extensions.AuthorityKeyIdentifier, new X509Extension(true, new DerOctetString(CreateAuthorityKeyId(info, new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"), 2))));
extensions.Add(X509Extensions.SubjectKeyIdentifier, new X509Extension(true, new DerOctetString(new SubjectKeyIdentifier(info))));
extensions.Add(X509Extensions.KeyUsage, new X509Extension(false, new DerOctetString(new KeyUsage(KeyUsage.DataEncipherment))));
X509Extensions ex = new X509Extensions(order, extensions);
gen.SetExtensions(ex);
TbsCertificateStructure tbs = gen.GenerateTbsCertificate();
if (!Arrays.AreEqual(tbs.GetEncoded(), v3Cert))
{
Fail("failed v3 cert generation");
}
//
// read back test
//
Asn1Object o = Asn1Object.FromByteArray(v3Cert);
if (!Arrays.AreEqual(o.GetEncoded(), v3Cert))
{
Fail("failed v3 cert read back test");
}
}
private void TbsV1CertGenerate()
{
V1TbsCertificateGenerator gen = new V1TbsCertificateGenerator();
DateTime startDate = MakeUtcDateTime(1970, 1, 1, 0, 0, 1);
DateTime endDate = MakeUtcDateTime(1970, 1, 1, 0, 0, 12);
gen.SetSerialNumber(new DerInteger(1));
gen.SetStartDate(new Time(startDate));
gen.SetEndDate(new Time(endDate));
gen.SetIssuer(new X509Name("CN=AU,O=Bouncy Castle"));
gen.SetSubject(new X509Name("CN=AU,O=Bouncy Castle,OU=Test 1"));
gen.SetSignature(new AlgorithmIdentifier(PkcsObjectIdentifiers.MD5WithRsaEncryption, DerNull.Instance));
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PkcsObjectIdentifiers.RsaEncryption, DerNull.Instance),
new RsaPublicKeyStructure(BigInteger.One, BigInteger.Two));
gen.SetSubjectPublicKeyInfo(info);
TbsCertificateStructure tbs = gen.GenerateTbsCertificate();
if (!Arrays.AreEqual(tbs.GetEncoded(), v1Cert))
{
Fail("failed v1 cert generation");
}
//
// read back test
//
Asn1InputStream aIn = new Asn1InputStream(v1Cert);
Asn1Object o = aIn.ReadObject();
if (!Arrays.AreEqual(o.GetEncoded(), v1Cert))
{
Fail("failed v1 cert read back test");
}
}
private void TbsV3CertGenWithNullSubject()
{
V3TbsCertificateGenerator gen = new V3TbsCertificateGenerator();
DateTime startDate = MakeUtcDateTime(1970, 1, 1, 0, 0, 1);
DateTime endDate = MakeUtcDateTime(1970, 1, 1, 0, 0, 2);
gen.SetSerialNumber(new DerInteger(2));
gen.SetStartDate(new Time(startDate));
gen.SetEndDate(new Time(endDate));
gen.SetIssuer(new X509Name("CN=AU,O=Bouncy Castle"));
gen.SetSignature(new AlgorithmIdentifier(PkcsObjectIdentifiers.MD5WithRsaEncryption, DerNull.Instance));
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
new AlgorithmIdentifier(OiwObjectIdentifiers.ElGamalAlgorithm,
new ElGamalParameter(BigInteger.One, BigInteger.Two)),
new DerInteger(3));
gen.SetSubjectPublicKeyInfo(info);
try
{
gen.GenerateTbsCertificate();
Fail("null subject not caught!");
}
catch (InvalidOperationException e)
{
if (!e.Message.Equals("not all mandatory fields set in V3 TBScertificate generator"))
{
Fail("unexpected exception", e);
}
}
//
// add extensions
//
IList order = new ArrayList();
IDictionary extensions = new Hashtable();
order.Add(X509Extensions.SubjectAlternativeName);
extensions.Add(
X509Extensions.SubjectAlternativeName,
new X509Extension(
true,
new DerOctetString(
new GeneralNames(
new GeneralName(
new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"))))));
X509Extensions ex = new X509Extensions(order, extensions);
gen.SetExtensions(ex);
TbsCertificateStructure tbs = gen.GenerateTbsCertificate();
if (!Arrays.AreEqual(tbs.GetEncoded(), v3CertNullSubject))
{
Fail("failed v3 null sub cert generation");
}
//
// read back test
//
Asn1Object o = Asn1Object.FromByteArray(v3CertNullSubject);
if (!Arrays.AreEqual(o.GetEncoded(), v3CertNullSubject))
{
Fail("failed v3 null sub cert read back test");
}
}
