public static byte[] GenerateRootCACertificate(CertificateSubject subject, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat) { byte[] result = null; SecureRandom random = Porthelp.CreateSecureRandom(); X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); AddStandardCertificateInfo(certificateGenerator, random, subject, subject, startDate, expiryDate); AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm); certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true)); certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign)); byte[] subjectKeyID = new byte[20]; random.NextBytes(subjectKeyID, 0, 20); certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID)); certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectKeyID)); string algorithm = GetAlgorithm(signatureAlgorithm); // selfsign certificate Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, subjectKeyPair.Private, random)); result = ExportCertificate(certificate, subjectKeyPair, certificateFormat); return(result); }
public void Generate() { TimeSpan unixTime = DateTime.UtcNow.Subtract(TLSUtils.UnixEpoch); _UnixTime = (uint)unixTime.TotalSeconds; Porthelp.CreateSecureRandom().NextBytes(_RandomBytes); }
public static byte[] Sign(Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey, bool client, Version version, HandshakeInfo handshakeInfo, SignatureHashAlgorithm signatureHashAlgorithm, byte[] hash) { TlsSigner signer = null; switch (signatureHashAlgorithm.Signature) { case TSignatureAlgorithm.Anonymous: break; case TSignatureAlgorithm.RSA: signer = new TlsRsaSigner(); break; case TSignatureAlgorithm.DSA: signer = new TlsDssSigner(); break; case TSignatureAlgorithm.ECDSA: signer = new TlsECDsaSigner(); break; default: break; } DTLSContext context = new DTLSContext(client, version, handshakeInfo); context.SecureRandom = Porthelp.CreateSecureRandom(); signer.Init(context); if (TlsUtilities.IsTlsV12(context)) { SignatureAndHashAlgorithm signatureAndHashAlgorithm = new SignatureAndHashAlgorithm((byte)signatureHashAlgorithm.Hash, (byte)signatureHashAlgorithm.Signature); return(signer.GenerateRawSignature(signatureAndHashAlgorithm, privateKey, hash)); } else { return(signer.GenerateRawSignature(privateKey, hash)); } }
public static byte[] GenerateCertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat) { byte[] result = null; AsymmetricKeyParameter privateKey = issuer.PrivateKey as AsymmetricKeyParameter; if (privateKey != null) { SecureRandom random = Porthelp.CreateSecureRandom(); X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate); AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm); string algorithm = GetAlgorithm(signatureAlgorithm); certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment)); certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth })); byte[] subjectKeyID = new byte[20]; random.NextBytes(subjectKeyID, 0, 20); certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID)); if (issuer.SubjectKeyID != null) { certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID)); } //if ((subject.AlternativeNames != null) && (subject.AlternativeNames.Count > 0)) //{ // certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new SubjectAlternativeNames(false)); // //SubjectAlternativeName // //GeneralName.DirectoryName // //GeneralName.IPAddress //} Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random)); result = ExportCertificate(certificate, subjectKeyPair, certificateFormat); } return(result); }
private Socket SetupSocket(AddressFamily addressFamily) { return(Porthelp.SetupSocket(addressFamily)); }