예제 #1
0
        public static byte[] GenerateRootCACertificate(CertificateSubject subject, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            byte[] result = null;

            SecureRandom random = Porthelp.CreateSecureRandom();
            X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();

            AddStandardCertificateInfo(certificateGenerator, random, subject, subject, startDate, expiryDate);
            AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

            certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
            certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
            byte[] subjectKeyID = new byte[20];
            random.NextBytes(subjectKeyID, 0, 20);
            certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
            certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectKeyID));

            string algorithm = GetAlgorithm(signatureAlgorithm);

            // selfsign certificate
            Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, subjectKeyPair.Private, random));

            result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);

            return(result);
        }
예제 #2
0
        public static byte[] GenerateRootCACertificate(CertificateSubject subject, DateTime startDate, DateTime expiryDate,
                                                       SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            if (subject == null)
            {
                throw new ArgumentNullException(nameof(subject));
            }

            if (signatureAlgorithm == null)
            {
                throw new ArgumentNullException(nameof(signatureAlgorithm));
            }

            var randomGenerator      = new CryptoApiRandomGenerator();
            var random               = new SecureRandom(randomGenerator);
            var certificateGenerator = new X509V3CertificateGenerator();

            AddStandardCertificateInfo(certificateGenerator, random, subject, subject, startDate, expiryDate);
            var subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

            certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
            certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
            var subjectKeyID = new byte[20];

            random.NextBytes(subjectKeyID, 0, 20);
            certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
            certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectKeyID));

            var algorithm = GetAlgorithm(signatureAlgorithm);
            // selfsign certificate
            var certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, subjectKeyPair.Private, random));

            return(ExportCertificate(certificate, subjectKeyPair, certificateFormat));
        }
예제 #3
0
        private static void AddStandardCertificateInfo(X509V3CertificateGenerator certificateGenerator, SecureRandom random,
                                                       CertificateSubject subject, CertificateSubject issuer, DateTime startDate, DateTime expiryDate)
        {
            if (certificateGenerator == null)
            {
                throw new ArgumentNullException(nameof(certificateGenerator));
            }

            if (random == null)
            {
                throw new ArgumentNullException(nameof(random));
            }

            if (subject == null)
            {
                throw new ArgumentNullException(nameof(subject));
            }

            if (issuer == null)
            {
                throw new ArgumentNullException(nameof(issuer));
            }

            var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);

            certificateGenerator.SetSerialNumber(serialNumber);

            certificateGenerator.SetIssuerDN(GetName(issuer));
            certificateGenerator.SetSubjectDN(GetName(subject));

            certificateGenerator.SetNotBefore(startDate);
            certificateGenerator.SetNotAfter(expiryDate);
        }
예제 #4
0
        public static byte[] GenerateIntermediateCACertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            byte[] result = null;
            AsymmetricKeyParameter privateKey = issuer.PrivateKey as AsymmetricKeyParameter;

            if (privateKey != null)
            {
                CryptoApiRandomGenerator   randomGenerator      = new CryptoApiRandomGenerator();
                SecureRandom               random               = new SecureRandom(randomGenerator);
                X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
                AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
                AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

                certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
                certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
                byte[] subjectKeyID = new byte[20];
                random.NextBytes(subjectKeyID, 0, 20);
                certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
                if (issuer.SubjectKeyID != null)
                {
                    certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
                }

                string algorithm = GetAlgorithm(signatureAlgorithm);

                Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));

                result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
            }
            return(result);
        }
예제 #5
0
        public static byte[] GenerateCertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate,
                                                 DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            if (subject == null)
            {
                throw new ArgumentNullException(nameof(subject));
            }

            if (issuer == null)
            {
                throw new ArgumentNullException(nameof(issuer));
            }

            if (signatureAlgorithm == null)
            {
                throw new ArgumentNullException(nameof(issuer));
            }

            if (!(issuer.PrivateKey is AsymmetricKeyParameter privateKey))
            {
                return(null);
            }

            var randomGenerator      = new CryptoApiRandomGenerator();
            var random               = new SecureRandom(randomGenerator);
            var certificateGenerator = new X509V3CertificateGenerator();

            AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
            var subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

            var algorithm = GetAlgorithm(signatureAlgorithm);

            certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
            certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
            certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth }));
            var subjectKeyID = new byte[20];

            random.NextBytes(subjectKeyID, 0, 20);
            certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
            if (issuer.SubjectKeyID != null)
            {
                certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
            }

            //if ((subject.AlternativeNames != null) && (subject.AlternativeNames.Count > 0))
            //{
            //    certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new SubjectAlternativeNames(false));
            //    //SubjectAlternativeName
            //    //GeneralName.DirectoryName
            //    //GeneralName.IPAddress
            //}

            var certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));

            return(ExportCertificate(certificate, subjectKeyPair, certificateFormat));
        }
예제 #6
0
        private static void AddStandardCertificateInfo(X509V3CertificateGenerator certificateGenerator, SecureRandom random, CertificateSubject subject, CertificateSubject issuer, DateTime startDate, DateTime expiryDate)
        {
            BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
            certificateGenerator.SetSerialNumber(serialNumber);

            certificateGenerator.SetIssuerDN(GetName(issuer));
            certificateGenerator.SetSubjectDN(GetName(subject));

            certificateGenerator.SetNotBefore(startDate);
            certificateGenerator.SetNotAfter(expiryDate);
        }
예제 #7
0
 public string CreateCertificate(int organisationID)
 {
     CertificateSubject subject = new CertificateSubject()
     {
         CommonName = Guid.NewGuid().ToString(),
         Organistion = organisationID.ToString()
     };
     DateTime startDate = new DateTime(DateTime.Today.Year, DateTime.Today.Month, DateTime.Today.Day, 0, 0, 0, DateTimeKind.Utc);
     DateTime endDate = startDate.AddYears(3);
     byte[] certificate = Certificates.GenerateCertificate(subject, _IssuerCA, startDate, endDate, new SignatureHashAlgorithm() { Hash = THashAlgorithm.SHA256, Signature = TSignatureAlgorithm.ECDSA }, DTLS.TCertificateFormat.PEM);
     return System.Text.Encoding.UTF8.GetString(certificate);
 }
예제 #8
0
        private static X509Name GetName(CertificateSubject info)
        {
            if (info == null)
            {
                throw new ArgumentNullException(nameof(info));
            }

            var ids    = new List <DerObjectIdentifier>();
            var values = new List <string>();

            if (!string.IsNullOrEmpty(info.CommonName))
            {
                ids.Add(X509Name.CN);
                values.Add(info.CommonName);
            }
            if (!string.IsNullOrEmpty(info.Organistion))
            {
                ids.Add(X509Name.O);
                values.Add(info.Organistion);
            }
            if (!string.IsNullOrEmpty(info.OrganistionUnit))
            {
                ids.Add(X509Name.OU);
                values.Add(info.OrganistionUnit);
            }
            if (!string.IsNullOrEmpty(info.Location))
            {
                ids.Add(X509Name.L);
                values.Add(info.Location);
            }
            if (!string.IsNullOrEmpty(info.State))
            {
                ids.Add(X509Name.ST);
                values.Add(info.State);
            }
            if (!string.IsNullOrEmpty(info.Country))
            {
                ids.Add(X509Name.C);
                values.Add(info.Country);
            }
            return(new X509Name(ids, values));
        }
예제 #9
0
        public static byte[] GenerateCertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            byte[] result = null;
            AsymmetricKeyParameter privateKey = issuer.PrivateKey as AsymmetricKeyParameter;

            if (privateKey != null)
            {
                SecureRandom random = Porthelp.CreateSecureRandom();
                X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
                AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
                AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

                string algorithm = GetAlgorithm(signatureAlgorithm);

                certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
                certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
                certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth }));
                byte[] subjectKeyID = new byte[20];
                random.NextBytes(subjectKeyID, 0, 20);
                certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
                if (issuer.SubjectKeyID != null)
                {
                    certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
                }

                //if ((subject.AlternativeNames != null) && (subject.AlternativeNames.Count > 0))
                //{
                //    certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new SubjectAlternativeNames(false));
                //    //SubjectAlternativeName
                //    //GeneralName.DirectoryName
                //    //GeneralName.IPAddress
                //}

                Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));
                result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
            }
            return(result);
        }
예제 #10
0
        private static void AddStandardCertificateInfo(X509V3CertificateGenerator certificateGenerator, SecureRandom random, CertificateSubject subject, CertificateSubject issuer, DateTime startDate, DateTime expiryDate)
        {
            BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);

            certificateGenerator.SetSerialNumber(serialNumber);

            certificateGenerator.SetIssuerDN(GetName(issuer));
            certificateGenerator.SetSubjectDN(GetName(subject));

            certificateGenerator.SetNotBefore(startDate);
            certificateGenerator.SetNotAfter(expiryDate);
        }
예제 #11
0
 private static X509Name GetName(CertificateSubject info)
 {
     List<DerObjectIdentifier> ids = new List<DerObjectIdentifier>();
     List<string> values = new List<string>();
     if (!string.IsNullOrEmpty(info.CommonName))
     {
         ids.Add(X509Name.CN);
         values.Add(info.CommonName);
     }
     if (!string.IsNullOrEmpty(info.Organistion))
     {
         ids.Add(X509Name.O);
         values.Add(info.Organistion);
     }
     if (!string.IsNullOrEmpty(info.OrganistionUnit))
     {
         ids.Add(X509Name.OU);
         values.Add(info.OrganistionUnit);
     }
     if (!string.IsNullOrEmpty(info.Location))
     {
         ids.Add(X509Name.L);
         values.Add(info.Location);
     }
     if (!string.IsNullOrEmpty(info.State))
     {
         ids.Add(X509Name.ST);
         values.Add(info.State);
     }
     if (!string.IsNullOrEmpty(info.Country))
     {
         ids.Add(X509Name.C);
         values.Add(info.Country);
     }
     return new X509Name(ids, values);
 }
예제 #12
0
        public static byte[] GenerateRootCACertificate(CertificateSubject subject, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            byte[] result = null;

            CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
            SecureRandom random = new SecureRandom(randomGenerator);
            X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
            AddStandardCertificateInfo(certificateGenerator, random, subject, subject, startDate, expiryDate);
            AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

            certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
            certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign));
            byte[] subjectKeyID = new byte[20];
            random.NextBytes(subjectKeyID, 0, 20);
            certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
            certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectKeyID));

            string algorithm = GetAlgorithm(signatureAlgorithm);
            // selfsign certificate
            Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, subjectKeyPair.Private, random));

            result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);

            return result;
        }
예제 #13
0
        public static byte[] GenerateCertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
        {
            byte[] result = null;
            AsymmetricKeyParameter privateKey = issuer.PrivateKey as AsymmetricKeyParameter;
            if (privateKey != null)
            {

                CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
                SecureRandom random = new SecureRandom(randomGenerator);
                X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
                AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
                AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);

                string algorithm = GetAlgorithm(signatureAlgorithm);

                certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
                certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
                certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth }));
                byte[] subjectKeyID = new byte[20];
                random.NextBytes(subjectKeyID, 0, 20);
                certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
                if (issuer.SubjectKeyID != null)
                    certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));

                //if ((subject.AlternativeNames != null) && (subject.AlternativeNames.Count > 0))
                //{
                //    certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new SubjectAlternativeNames(false));
                //    //SubjectAlternativeName
                //    //GeneralName.DirectoryName
                //    //GeneralName.IPAddress
                //}

                Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));
                result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
            }
            return result;
        }