상속: Asn1Encodable
예제 #1
0
        public static SubjectKeyIdentifier CreateTruncatedSha1KeyIdentifier(SubjectPublicKeyInfo keyInfo)
        {
            byte[] digest = SubjectKeyIdentifier.GetDigest(keyInfo);
            byte[] array  = new byte[8];
            Array.Copy(digest, digest.Length - 8, array, 0, array.Length);
            byte[] expr_25_cp_0 = array;
            int    expr_25_cp_1 = 0;

            expr_25_cp_0[expr_25_cp_1] &= 15;
            byte[] expr_3B_cp_0 = array;
            int    expr_3B_cp_1 = 0;

            expr_3B_cp_0[expr_3B_cp_1] |= 64;
            return(new SubjectKeyIdentifier(array));
        }
예제 #2
0
 public static SubjectKeyIdentifier GetInstance(object obj)
 {
     if (obj is SubjectKeyIdentifier)
     {
         return((SubjectKeyIdentifier)obj);
     }
     if (obj is SubjectPublicKeyInfo)
     {
         return(new SubjectKeyIdentifier((SubjectPublicKeyInfo)obj));
     }
     if (obj is Asn1OctetString)
     {
         return(new SubjectKeyIdentifier((Asn1OctetString)obj));
     }
     if (obj is X509Extension)
     {
         return(SubjectKeyIdentifier.GetInstance(X509Extension.ConvertValueToObject((X509Extension)obj)));
     }
     throw new ArgumentException("Invalid SubjectKeyIdentifier: " + obj.GetType().Name);
 }
예제 #3
0
        public static SubjectKeyIdentifier retrieveSubjectKeyIdentifier(X509Certificate x509Certificate)
        {
            SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier();
            X509Extension        x509Extension        = x509Certificate.CertificateStructure.TbsCertificate.Extensions.GetExtension(new DerObjectIdentifier(OIDS.OID_SUBJECT_KEY_IDENTIFIER_EXTENSION));

            if (x509Extension != null)
            {
                Org.BouncyCastle.Asn1.X509.SubjectKeyIdentifier subjectKeyIdentifierExtension = Org.BouncyCastle.Asn1.X509.SubjectKeyIdentifier.GetInstance(x509Extension);


                subjectKeyIdentifier.HasSubjectKeyIdentifierExtension = true;
                subjectKeyIdentifier.IsCritical    = x509Extension.IsCritical;
                subjectKeyIdentifier.keyIdentifier = subjectKeyIdentifierExtension.GetKeyIdentifier();
                //todo: add issuer and serial fields.
            }
            else
            {
                subjectKeyIdentifier.HasSubjectKeyIdentifierExtension = false;
            }

            return(subjectKeyIdentifier);
        }
예제 #4
0
        /// <summary>
        /// Create a new certificate
        /// </summary>
        /// <param name="issuer">Issuer certificate, if null then self-sign</param>
        /// <param name="subjectName">Subject name</param>
        /// <param name="serialNumber">Serial number of certificate, if null then will generate a new one</param>
        /// <param name="signature">If true create an AT_SIGNATURE key, otherwise AT_EXCHANGE</param>
        /// <param name="keySize">Size of RSA key</param>
        /// <param name="notBefore">Start date of certificate</param>
        /// <param name="notAfter">End date of certificate</param>
        /// <param name="extensions">Array of extensions, if null then no extensions</param>
        /// <param name="hashAlgorithm">Specify the signature hash algorithm</param>
        /// <returns>The created X509 certificate</returns>
        public SystemX509.X509Certificate2 CreateCert(SystemX509.X509Certificate2 issuer, SystemX509.X500DistinguishedName subjectName,
            byte[] serialNumber, bool signature, int keySize, CertificateHashAlgorithm hashAlgorithm, DateTime notBefore,
            DateTime notAfter, SystemX509.X509ExtensionCollection extensions)
        {
            X509V3CertificateGenerator builder = new X509V3CertificateGenerator();
            AsymmetricAlgorithm subjectKey = CreateRSAKey(keySize, signature);
            AsymmetricAlgorithm signKey = issuer == null ? subjectKey : issuer.PrivateKey;

            if (signKey == null)
            {
                throw new ArgumentException(Properties.Resources.CreateCert_NoPrivateKey);
            }

            AsymmetricCipherKeyPair bcSubjectKey = GetRsaKeyPair((RSACryptoServiceProvider)subjectKey);
            AsymmetricCipherKeyPair bcSignKey = GetRsaKeyPair((RSACryptoServiceProvider)signKey);

            X509Name issuerNameObj = issuer == null ? X509Name.GetInstance(Asn1Object.FromByteArray(subjectName.RawData))
                : X509Name.GetInstance(Asn1Object.FromByteArray(issuer.SubjectName.RawData));
            X509Name subjectNameObj = X509Name.GetInstance(Asn1Object.FromByteArray(subjectName.RawData));

            BigInteger subjectSerial = new BigInteger(1, serialNumber != null ? serialNumber : Guid.NewGuid().ToByteArray());
            BigInteger issuerSerial = issuer == null ? subjectSerial : new BigInteger(1, issuer.GetSerialNumber());

            builder.SetIssuerDN(issuerNameObj);
            builder.SetSubjectDN(subjectNameObj);
            builder.SetSerialNumber(subjectSerial);
            builder.SetSignatureAlgorithm(HashAlgorithmToName(hashAlgorithm));
            builder.SetNotBefore(notBefore.ToUniversalTime());
            builder.SetNotAfter(notAfter.ToUniversalTime());
            builder.SetPublicKey(bcSubjectKey.Public);

            SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(bcSignKey.Public);
            AuthorityKeyIdentifier authKeyId = new AuthorityKeyIdentifier(info, new GeneralNames(new GeneralName(issuerNameObj)), issuerSerial);
            SubjectKeyIdentifier subjectKeyid = new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(bcSubjectKey.Public));

            builder.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, true, authKeyId);
            builder.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, true, subjectKeyid);

            if (extensions != null)
            {
                foreach (SystemX509.X509Extension ext in extensions)
                {
                    if (!ext.Oid.Value.Equals(X509Extensions.AuthorityKeyIdentifier.Id)
                        && !ext.Oid.Value.Equals(X509Extensions.SubjectKeyIdentifier.Id)
                        && !ext.Oid.Value.Equals(szOID_AUTHORITY_KEY_IDENTIFIER2))
                    {
                        Asn1InputStream istm = new Org.BouncyCastle.Asn1.Asn1InputStream(ext.RawData);
                        Asn1Object obj = istm.ReadObject();
                        builder.AddExtension(ext.Oid.Value, ext.Critical, obj);
                    }
                }
            }

            X509Certificate cert = builder.Generate(bcSignKey.Private);

            SystemX509.X509Certificate2 ret = new SystemX509.X509Certificate2(cert.GetEncoded(), (string)null, SystemX509.X509KeyStorageFlags.Exportable);

            ret.PrivateKey = subjectKey;

            return ret;
        }
예제 #5
0
 public SubjectKeyIdentifier(SubjectPublicKeyInfo spki)
 {
     this.keyIdentifier = SubjectKeyIdentifier.GetDigest(spki);
 }
예제 #6
0
 public static SubjectKeyIdentifier GetInstance(Asn1TaggedObject obj, bool explicitly)
 {
     return(SubjectKeyIdentifier.GetInstance(Asn1OctetString.GetInstance(obj, explicitly)));
 }
 public OriginatorIdentifierOrKey(
     SubjectKeyIdentifier id)
 {
     this.id = new DerTaggedObject(false, 0, id);
 }
예제 #8
0
 /// <summary>
 /// Add the Subject Key Identifier.
 /// </summary>
 /// <param name="certificateGenerator"></param>
 /// <param name="subjectKeyPair"></param>
 private static void AddSubjectKeyIdentifier(X509V3CertificateGenerator certificateGenerator,
                                             AsymmetricCipherKeyPair subjectKeyPair)
 {
     var subjectKeyIdentifierExtension =
         new SubjectKeyIdentifier(
             SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public));
     certificateGenerator.AddExtension(
         X509Extensions.SubjectKeyIdentifier.Id, false, subjectKeyIdentifierExtension);
 }