예제 #1
0
        protected override X509Certificate GenerateCertificate(AsymmetricKeyParameter privateKey,
                                                               X509V3CertificateGenerator certGen)
        {
            var signer = new GostSignerFactory(privateKey);

            return(certGen.Generate(signer));
        }
예제 #2
0
        public static X509Certificate IssueCertificate(string pkcs10Request)
        {
            Pkcs10CertificationRequest request;

            using (var _sr = new StringReader(pkcs10Request))
            {
                var pRd = new PemReader(_sr);
                request = (Pkcs10CertificationRequest)pRd.ReadObject();
                pRd.Reader.Close();
            }

            var caCert = (X509Certificate)RootCertificates.GetRootCertGOST();
            var caKey  = (AsymmetricKeyParameter)RootCertificates.GetPrivateKeyGOST();


            var startDate  = DateTime.Now;
            var expiryDate = DateTime.Now.AddYears(1);

            var serialNumber = BigIntegers.CreateRandomInRange(
                BigInteger.ValueOf(2).Pow(63),
                BigInteger.ValueOf(2).Pow(64),
                new SecureRandom()
                );

            var certGen = new X509V3CertificateGenerator();

            var requestInfo = request.GetCertificationRequestInfo();

            certGen.SetSerialNumber(serialNumber);
            certGen.SetIssuerDN(caCert.SubjectDN);
            certGen.SetNotBefore(startDate);
            certGen.SetNotAfter(expiryDate);

            certGen.SetSubjectDN(requestInfo.Subject);
            certGen.SetPublicKey(request.GetPublicKey());

            /// extensions
            certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false,
                                 new AuthorityKeyIdentifierStructure(caCert));
            certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false,
                                 new SubjectKeyIdentifierStructure(request.GetPublicKey()));

            certGen.AddExtension(
                X509Extensions.ExtendedKeyUsage,
                true,
                new ExtendedKeyUsage(new[]
            {
                new DerObjectIdentifier("1.1.1.1.1.1.2")
            })
                );

            var signer = new GostSignerFactory(caKey);

            var certificate = certGen.Generate(signer);

            return(certificate);
        }
예제 #3
0
        public static (AsymmetricCipherKeyPair, X509Certificate) GenerateSelfSigned()
        {
            var startDate  = DateTime.Now;
            var expiryDate = DateTime.Now.AddYears(10);

            var serialNumber = BigIntegers.CreateRandomInRange(
                BigInteger.ValueOf(2).Pow(63),
                BigInteger.ValueOf(2).Pow(64),
                new SecureRandom()
                );

            var oid    = ECGost3410NamedCurves.GetOid("Tc26-Gost-3410-12-256-paramSetA");
            var param  = new ECKeyGenerationParameters(oid, new SecureRandom());
            var engine = new ECKeyPairGenerator();

            engine.Init(param);

            var keyPair = engine.GenerateKeyPair();

            var certGen = new X509V1CertificateGenerator();

            var dnName = new X509Name("CN=Test CA Certificate");

            certGen.SetSerialNumber(serialNumber);
            certGen.SetIssuerDN(dnName);
            certGen.SetNotBefore(startDate);
            certGen.SetNotAfter(expiryDate);
            certGen.SetSubjectDN(dnName);
            certGen.SetPublicKey(keyPair.Public);

            var signer = new GostSignerFactory(keyPair.Private);

            var certificate = certGen.Generate(signer);

            return(keyPair, certificate);
        }
예제 #4
0
        protected override X509Crl GenerateCrl(AsymmetricKeyParameter privateKey, X509V2CrlGenerator crlGen)
        {
            var signer = new GostSignerFactory(privateKey);

            return(crlGen.Generate(signer));
        }