private static void GenerateNew(string scepURL, string pfxOutputPath, string certOutputPath, string pkcs10OutputPath, string challengePassword, string cN = null)
{
AsymmetricCipherKeyPair rsaKeyPair = GenerateRSAKeyPair(2048);
Pkcs10CertificationRequest request = CreatePKCS10(cN ?? Guid.NewGuid().ToString(), challengePassword, rsaKeyPair);
byte[] pkcs10 = request.GetDerEncoded();
if (!string.IsNullOrWhiteSpace(pkcs10OutputPath))
{
File.WriteAllBytes(pkcs10OutputPath, pkcs10);
}
X509Certificate selfSignedCertBC = SignCertificateFromRequest(request, new Asn1SignatureFactory("SHA256WITHRSA", rsaKeyPair.Private));
byte[] baSelfSignedCert = SaveAsPkcs12(selfSignedCertBC, rsaKeyPair, PasswordForTemporaryKeys);
byte[] binIssuedCertSCEPResponse;
using (X509Certificate2 selfSignedCert = new X509Certificate2(baSelfSignedCert, PasswordForTemporaryKeys))
binIssuedCertSCEPResponse = SubmitPkcs10ToScep(scepURL, pkcs10, selfSignedCert);
X509Certificate bcIssuedCert = new X509CertificateParser().ReadCertificate(binIssuedCertSCEPResponse);
File.WriteAllBytes(certOutputPath, bcIssuedCert.GetEncoded());
byte[] issuedPkcs12 = SaveAsPkcs12(bcIssuedCert, rsaKeyPair, "password");
File.WriteAllBytes(pfxOutputPath, issuedPkcs12);
}
public static List <IObjectAttribute> GetTestCaCertAttributes(ISession session, string label)
{
X509Certificate x509Certificate = new X509CertificateParser().ReadCertificate(Encoding.ASCII.GetBytes(TestCaCert));
return(new List <IObjectAttribute>()
{
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE, false),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_MODIFIABLE, true),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, label),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TRUSTED, false),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_SUBJECT, x509Certificate.SubjectDN.GetDerEncoded()),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ID, Encoding.ASCII.GetBytes(label)),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ISSUER, x509Certificate.IssuerDN.GetDerEncoded()),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_SERIAL_NUMBER, new DerInteger(x509Certificate.SerialNumber).GetDerEncoded()),
session.Factories.ObjectAttributeFactory.Create(CKA.CKA_VALUE, x509Certificate.GetEncoded())
});
}
/// <summary>
/// Método para crear el atributo que contiene la información del certificado empleado para la firma
/// </summary>
/// <param name="parameters"></param>
/// <returns></returns>
private BcCms.Attribute MakeSigningCertificateAttribute(SignatureParameters parameters)
{
X509Certificate certificate = new X509CertificateParser().ReadCertificate(parameters.Certificate.GetRawCertData());
TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(
certificate.GetTbsCertificate()));
GeneralName gn = new GeneralName(tbs.Issuer);
GeneralNames gns = new GeneralNames(gn);
IssuerSerial issuerSerial = new IssuerSerial(gns, tbs.SerialNumber);
byte[] certHash = DigestUtilities.CalculateDigest(parameters.DigestMethod.Name, certificate.GetEncoded());
var policies = GetPolicyInformation(certificate);
if (parameters.DigestMethod == DigestMethod.SHA1)
{
SigningCertificate sc = null;
if (policies != null)
{
Asn1EncodableVector v = new Asn1EncodableVector();
v.Add(new DerSequence(new EssCertID(certHash, issuerSerial)));
v.Add(new DerSequence(policies));
sc = SigningCertificate.GetInstance(new DerSequence(v));
}
else
{
sc = new SigningCertificate(new EssCertID(certHash, issuerSerial));
}
return(new BcCms.Attribute(PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(sc)));
}
else
{
EssCertIDv2 essCert = new EssCertIDv2(new AlgorithmIdentifier(parameters.DigestMethod
.Oid), certHash, issuerSerial);
SigningCertificateV2 scv2 = new SigningCertificateV2(new EssCertIDv2[] { essCert }, policies);
return(new BcCms.Attribute(PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet
(scv2)));
}
}