public static byte[] GenerateRootCACertificate(CertificateSubject subject, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
{
byte[] result = null;
SecureRandom random = Porthelp.CreateSecureRandom();
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
AddStandardCertificateInfo(certificateGenerator, random, subject, subject, startDate, expiryDate);
AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);
certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
byte[] subjectKeyID = new byte[20];
random.NextBytes(subjectKeyID, 0, 20);
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectKeyID));
string algorithm = GetAlgorithm(signatureAlgorithm);
// selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, subjectKeyPair.Private, random));
result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
return(result);
}
public static byte[] GenerateRootCACertificate(CertificateSubject subject, DateTime startDate, DateTime expiryDate,
SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
{
if (subject == null)
{
throw new ArgumentNullException(nameof(subject));
}
if (signatureAlgorithm == null)
{
throw new ArgumentNullException(nameof(signatureAlgorithm));
}
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
var certificateGenerator = new X509V3CertificateGenerator();
AddStandardCertificateInfo(certificateGenerator, random, subject, subject, startDate, expiryDate);
var subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);
certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
var subjectKeyID = new byte[20];
random.NextBytes(subjectKeyID, 0, 20);
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectKeyID));
var algorithm = GetAlgorithm(signatureAlgorithm);
// selfsign certificate
var certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, subjectKeyPair.Private, random));
return(ExportCertificate(certificate, subjectKeyPair, certificateFormat));
}
private static void AddStandardCertificateInfo(X509V3CertificateGenerator certificateGenerator, SecureRandom random,
CertificateSubject subject, CertificateSubject issuer, DateTime startDate, DateTime expiryDate)
{
if (certificateGenerator == null)
{
throw new ArgumentNullException(nameof(certificateGenerator));
}
if (random == null)
{
throw new ArgumentNullException(nameof(random));
}
if (subject == null)
{
throw new ArgumentNullException(nameof(subject));
}
if (issuer == null)
{
throw new ArgumentNullException(nameof(issuer));
}
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
certificateGenerator.SetIssuerDN(GetName(issuer));
certificateGenerator.SetSubjectDN(GetName(subject));
certificateGenerator.SetNotBefore(startDate);
certificateGenerator.SetNotAfter(expiryDate);
}
public static byte[] GenerateIntermediateCACertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
{
byte[] result = null;
AsymmetricKeyParameter privateKey = issuer.PrivateKey as AsymmetricKeyParameter;
if (privateKey != null)
{
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(randomGenerator);
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);
certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
byte[] subjectKeyID = new byte[20];
random.NextBytes(subjectKeyID, 0, 20);
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
if (issuer.SubjectKeyID != null)
{
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
}
string algorithm = GetAlgorithm(signatureAlgorithm);
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));
result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
}
return(result);
}
public static byte[] GenerateCertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate,
DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
{
if (subject == null)
{
throw new ArgumentNullException(nameof(subject));
}
if (issuer == null)
{
throw new ArgumentNullException(nameof(issuer));
}
if (signatureAlgorithm == null)
{
throw new ArgumentNullException(nameof(issuer));
}
if (!(issuer.PrivateKey is AsymmetricKeyParameter privateKey))
{
return(null);
}
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
var certificateGenerator = new X509V3CertificateGenerator();
AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
var subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);
var algorithm = GetAlgorithm(signatureAlgorithm);
certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth }));
var subjectKeyID = new byte[20];
random.NextBytes(subjectKeyID, 0, 20);
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
if (issuer.SubjectKeyID != null)
{
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
}
//if ((subject.AlternativeNames != null) && (subject.AlternativeNames.Count > 0))
//{
// certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new SubjectAlternativeNames(false));
// //SubjectAlternativeName
// //GeneralName.DirectoryName
// //GeneralName.IPAddress
//}
var certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));
return(ExportCertificate(certificate, subjectKeyPair, certificateFormat));
}
private static void AddStandardCertificateInfo(X509V3CertificateGenerator certificateGenerator, SecureRandom random, CertificateSubject subject, CertificateSubject issuer, DateTime startDate, DateTime expiryDate)
{
BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
certificateGenerator.SetIssuerDN(GetName(issuer));
certificateGenerator.SetSubjectDN(GetName(subject));
certificateGenerator.SetNotBefore(startDate);
certificateGenerator.SetNotAfter(expiryDate);
}
public string CreateCertificate(int organisationID)
{
CertificateSubject subject = new CertificateSubject()
{
CommonName = Guid.NewGuid().ToString(),
Organistion = organisationID.ToString()
};
DateTime startDate = new DateTime(DateTime.Today.Year, DateTime.Today.Month, DateTime.Today.Day, 0, 0, 0, DateTimeKind.Utc);
DateTime endDate = startDate.AddYears(3);
byte[] certificate = Certificates.GenerateCertificate(subject, _IssuerCA, startDate, endDate, new SignatureHashAlgorithm() { Hash = THashAlgorithm.SHA256, Signature = TSignatureAlgorithm.ECDSA }, DTLS.TCertificateFormat.PEM);
return System.Text.Encoding.UTF8.GetString(certificate);
}
private static X509Name GetName(CertificateSubject info)
{
if (info == null)
{
throw new ArgumentNullException(nameof(info));
}
var ids = new List <DerObjectIdentifier>();
var values = new List <string>();
if (!string.IsNullOrEmpty(info.CommonName))
{
ids.Add(X509Name.CN);
values.Add(info.CommonName);
}
if (!string.IsNullOrEmpty(info.Organistion))
{
ids.Add(X509Name.O);
values.Add(info.Organistion);
}
if (!string.IsNullOrEmpty(info.OrganistionUnit))
{
ids.Add(X509Name.OU);
values.Add(info.OrganistionUnit);
}
if (!string.IsNullOrEmpty(info.Location))
{
ids.Add(X509Name.L);
values.Add(info.Location);
}
if (!string.IsNullOrEmpty(info.State))
{
ids.Add(X509Name.ST);
values.Add(info.State);
}
if (!string.IsNullOrEmpty(info.Country))
{
ids.Add(X509Name.C);
values.Add(info.Country);
}
return(new X509Name(ids, values));
}
public static byte[] GenerateCertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
{
byte[] result = null;
AsymmetricKeyParameter privateKey = issuer.PrivateKey as AsymmetricKeyParameter;
if (privateKey != null)
{
SecureRandom random = Porthelp.CreateSecureRandom();
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);
string algorithm = GetAlgorithm(signatureAlgorithm);
certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth }));
byte[] subjectKeyID = new byte[20];
random.NextBytes(subjectKeyID, 0, 20);
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
if (issuer.SubjectKeyID != null)
{
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
}
//if ((subject.AlternativeNames != null) && (subject.AlternativeNames.Count > 0))
//{
// certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new SubjectAlternativeNames(false));
// //SubjectAlternativeName
// //GeneralName.DirectoryName
// //GeneralName.IPAddress
//}
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));
result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
}
return(result);
}
private static void AddStandardCertificateInfo(X509V3CertificateGenerator certificateGenerator, SecureRandom random, CertificateSubject subject, CertificateSubject issuer, DateTime startDate, DateTime expiryDate)
{
BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
certificateGenerator.SetIssuerDN(GetName(issuer));
certificateGenerator.SetSubjectDN(GetName(subject));
certificateGenerator.SetNotBefore(startDate);
certificateGenerator.SetNotAfter(expiryDate);
}
private static X509Name GetName(CertificateSubject info)
{
List<DerObjectIdentifier> ids = new List<DerObjectIdentifier>();
List<string> values = new List<string>();
if (!string.IsNullOrEmpty(info.CommonName))
{
ids.Add(X509Name.CN);
values.Add(info.CommonName);
}
if (!string.IsNullOrEmpty(info.Organistion))
{
ids.Add(X509Name.O);
values.Add(info.Organistion);
}
if (!string.IsNullOrEmpty(info.OrganistionUnit))
{
ids.Add(X509Name.OU);
values.Add(info.OrganistionUnit);
}
if (!string.IsNullOrEmpty(info.Location))
{
ids.Add(X509Name.L);
values.Add(info.Location);
}
if (!string.IsNullOrEmpty(info.State))
{
ids.Add(X509Name.ST);
values.Add(info.State);
}
if (!string.IsNullOrEmpty(info.Country))
{
ids.Add(X509Name.C);
values.Add(info.Country);
}
return new X509Name(ids, values);
}
public static byte[] GenerateRootCACertificate(CertificateSubject subject, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
{
byte[] result = null;
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(randomGenerator);
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
AddStandardCertificateInfo(certificateGenerator, random, subject, subject, startDate, expiryDate);
AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);
certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
byte[] subjectKeyID = new byte[20];
random.NextBytes(subjectKeyID, 0, 20);
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectKeyID));
string algorithm = GetAlgorithm(signatureAlgorithm);
// selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, subjectKeyPair.Private, random));
result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
return result;
}
public static byte[] GenerateCertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
{
byte[] result = null;
AsymmetricKeyParameter privateKey = issuer.PrivateKey as AsymmetricKeyParameter;
if (privateKey != null)
{
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(randomGenerator);
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);
string algorithm = GetAlgorithm(signatureAlgorithm);
certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth }));
byte[] subjectKeyID = new byte[20];
random.NextBytes(subjectKeyID, 0, 20);
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
if (issuer.SubjectKeyID != null)
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
//if ((subject.AlternativeNames != null) && (subject.AlternativeNames.Count > 0))
//{
// certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new SubjectAlternativeNames(false));
// //SubjectAlternativeName
// //GeneralName.DirectoryName
// //GeneralName.IPAddress
//}
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));
result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
}
return result;
}