public static Org.BouncyCastle.X509.X509Certificate CreateCert(String cn,
AsymmetricKeyParameter pubKey, AsymmetricKeyParameter privKey)
{
Hashtable attrs = new Hashtable();
attrs.Add(X509Name.CN, cn);
ArrayList ord = new ArrayList(attrs.Keys);
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(new X509Name(ord, attrs));
certGen.SetNotBefore(DateTime.UtcNow.AddDays(-30));
certGen.SetNotAfter(DateTime.UtcNow.AddDays(30));
certGen.SetSubjectDN(new X509Name(ord, attrs));
certGen.SetPublicKey(pubKey);
certGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
Org.BouncyCastle.X509.X509Certificate cert = certGen.Generate(privKey);
cert.CheckValidity(DateTime.UtcNow);
cert.Verify(pubKey);
return(cert);
}
private static MessageReport.Cert GetCertificateInfo(X509Certificate cert, DateTime signDate)
{
MessageReport.Cert c = new MessageReport.Cert();
c.isHardCertificate = isHardCertificatePolicyOidt(cert);
c.issuer = cert.IssuerDN.ToString();
c.subject = cert.SubjectDN.ToString();
c.validFrom = cert.NotBefore.ToString("yyyy-MM-dd HH:mm:ss.ff");
c.validTo = cert.NotAfter.ToString("yyyy-MM-dd HH:mm:ss.ff");
try
{
cert.CheckValidity(signDate);
c.statusDaySigning = "Έγκυρο κατά το χρόνο υπογραφής";
}
catch (CertificateExpiredException e)
{
c.statusDaySigning = "Έίχε λήξει κατά το χρόνο υπογραφής.";
}
catch (CertificateNotYetValidException e)
{
c.statusDaySigning = "Δεν ήταν έγκυρο κατά το χρόνο υπογραφής";
}
try
{
cert.CheckValidity();
c.statusToday = "Έγκυρο";
}
catch (CertificateExpiredException e)
{
c.statusToday = "Έχει λήξει";
}
catch (CertificateNotYetValidException e)
{
c.statusToday = "Μη έγκυρο";
}
return(c);
}
public void ShowCertificateInfo(X509Certificate cert, DateTime signDate)
{
Console.WriteLine("Issuer: " + cert.IssuerDN);
Console.WriteLine("Subject: " + cert.SubjectDN);
Console.WriteLine("Valid from: " + cert.NotBefore.ToString("yyyy-MM-dd HH:mm:ss.ff"));
Console.WriteLine("Valid to: " + cert.NotAfter.ToString("yyyy-MM-dd HH:mm:ss.ff"));
try {
cert.CheckValidity(signDate);
Console.WriteLine("The certificate was valid at the time of signing.");
} catch (CertificateExpiredException e) {
Console.WriteLine("The certificate was expired at the time of signing.");
} catch (CertificateNotYetValidException e) {
Console.WriteLine("The certificate wasn't valid yet at the time of signing.");
}
try {
cert.CheckValidity();
Console.WriteLine("The certificate is still valid.");
} catch (CertificateExpiredException e) {
Console.WriteLine("The certificate has expired.");
} catch (CertificateNotYetValidException e) {
Console.WriteLine("The certificate isn't valid yet.");
}
}
/// <summary>
/// Verifies that the certificate has not yet expired.
/// </summary>
/// <param name="certificate">The certificate to verify.</param>
private static void VerifyDates(Org.BouncyCastle.X509.X509Certificate certificate)
{
try
{
certificate.CheckValidity();
}
catch (CertificateExpiredException exception)
{
throw new MySqlException(Resources.SslConnectionError, exception);
}
catch (CertificateNotYetValidException exception)
{
throw new MySqlException(Resources.SslConnectionError, exception);
}
}
public ValidationError ValidationHandler1(XmlDocument xmlDoc, string xmlFileName)
{
ValidationError validationError = new ValidationError(xmlFileName, null);
TimeStampToken token = XmlNodeHelper.GetTimeStampToken(xmlDoc);
Org.BouncyCastle.X509.X509Certificate certificate = XmlNodeHelper.GetX509Certificate(xmlDoc);
if (certificate == null)
{
return(validationError.AppendErrorMessage("Nepodarilo sa nájsť certifikát"));
}
if (token == null)
{
return(validationError.AppendErrorMessage("Nepodarilo sa nájsť token"));
}
// Check certificate validity against timestamp token time
try
{
certificate.CheckValidity(token.TimeStampInfo.GenTime);
}
catch (Exception ex)
{
return(validationError.AppendErrorMessage("Platnosť podpisového certifikátu neodpovedá času z časovej pečiatky. ErrorMessage ->" + ex.Message));
}
// Check certificate validity against crl
X509CrlEntry entry = CrlHelper.GetRevokedCertificateEntry(certificate.SerialNumber);
if (entry == null)
{
return(validationError);
}
if (entry.RevocationDate < token.TimeStampInfo.GenTime)
{
return(validationError.AppendErrorMessage("Platnosť certifikátu vypršala"));
}
return(validationError);
}
private static void CheckCertificateValidity(X509Certificate cert)
{
cert.CheckValidity();
var caCert = (X509Certificate)RootCertificates.GetRootCertGOST();
var gst = new Gost3410DigestSigner(new ECGost3410Signer(), new Gost3411_2012_256Digest());
gst.Init(false, caCert.GetPublicKey());
var tbsCertificate = cert.GetTbsCertificate();
gst.BlockUpdate(tbsCertificate, 0, tbsCertificate.Length);
var t = gst.VerifySignature(cert.GetSignature());
if (!t)
{
throw new CryptographicException("Cannot verify signature");
}
}
public void ShowCertificateInfo(X509Certificate cert, DateTime signDate) {
Console.WriteLine("Issuer: " + cert.IssuerDN);
Console.WriteLine("Subject: " + cert.SubjectDN);
Console.WriteLine("Valid from: " + cert.NotBefore.ToString("yyyy-MM-dd HH:mm:ss.ff"));
Console.WriteLine("Valid to: " + cert.NotAfter.ToString("yyyy-MM-dd HH:mm:ss.ff"));
try {
cert.CheckValidity(signDate);
Console.WriteLine("The certificate was valid at the time of signing.");
} catch (CertificateExpiredException e) {
Console.WriteLine("The certificate was expired at the time of signing.");
} catch (CertificateNotYetValidException e) {
Console.WriteLine("The certificate wasn't valid yet at the time of signing.");
}
try {
cert.CheckValidity();
Console.WriteLine("The certificate is still valid.");
} catch (CertificateExpiredException e) {
Console.WriteLine("The certificate has expired.");
} catch (CertificateNotYetValidException e) {
Console.WriteLine("The certificate isn't valid yet.");
}
}
/**
* Checks the validity of the certificate, and calls the next
* verifier in the chain, if any.
* @param signCert the certificate that needs to be checked
* @param issuerCert its issuer
* @param signDate the date the certificate needs to be valid
* @return a list of <code>VerificationOK</code> objects.
* The list will be empty if the certificate couldn't be verified.
* @throws GeneralSecurityException
* @throws IOException
*/
virtual public List<VerificationOK> Verify(X509Certificate signCert, X509Certificate issuerCert, DateTime signDate) {
// Check if the certificate is valid on the signDate
//if (signDate != null)
signCert.CheckValidity(signDate);
// Check if the signature is valid
if (issuerCert != null) {
signCert.Verify(issuerCert.GetPublicKey());
}
// Also in case, the certificate is self-signed
else {
signCert.Verify(signCert.GetPublicKey());
}
List<VerificationOK> result = new List<VerificationOK>();
if (verifier != null)
result.AddRange(verifier.Verify(signCert, issuerCert, signDate));
return result;
}
/**
* verify that the given certificate successfully handles and confirms
* the signature associated with this signer and, if a signingTime
* attribute is available, that the certificate was valid at the time the
* signature was generated.
*/
public bool Verify(
X509Certificate cert)
{
Asn1.Cms.Time signingTime = GetSigningTime();
if (signingTime != null)
{
cert.CheckValidity(signingTime.Date);
}
return DoVerify(cert.GetPublicKey());
}
/**
* Validate the time stamp token.
* <p>
* To be valid the token must be signed by the passed in certificate and
* the certificate must be the one referred to by the SigningCertificate
* attribute included in the hashed attributes of the token. The
* certificate must also have the ExtendedKeyUsageExtension with only
* KeyPurposeID.IdKPTimeStamping and have been valid at the time the
* timestamp was created.
* </p>
* <p>
* A successful call to validate means all the above are true.
* </p>
*/
public void Validate(
X509Certificate cert)
{
try
{
byte[] hash = DigestUtilities.CalculateDigest(
certID.GetHashAlgorithm(), cert.GetEncoded());
if (!Arrays.ConstantTimeAreEqual(certID.GetCertHash(), hash))
{
throw new TspValidationException("certificate hash does not match certID hash.");
}
if (certID.IssuerSerial != null)
{
if (!certID.IssuerSerial.Serial.Value.Equals(cert.SerialNumber))
{
throw new TspValidationException("certificate serial number does not match certID for signature.");
}
GeneralName[] names = certID.IssuerSerial.Issuer.GetNames();
X509Name principal = PrincipalUtilities.GetIssuerX509Principal(cert);
bool found = false;
for (int i = 0; i != names.Length; i++)
{
if (names[i].TagNo == 4
&& X509Name.GetInstance(names[i].Name).Equivalent(principal))
{
found = true;
break;
}
}
if (!found)
{
throw new TspValidationException("certificate name does not match certID for signature. ");
}
}
TspUtil.ValidateCertificate(cert);
cert.CheckValidity(tstInfo.GenTime);
if (!tsaSignerInfo.Verify(cert))
{
throw new TspValidationException("signature not created by certificate.");
}
}
catch (CmsException e)
{
if (e.InnerException != null)
{
throw new TspException(e.Message, e.InnerException);
}
throw new TspException("CMS exception: " + e, e);
}
catch (CertificateEncodingException e)
{
throw new TspException("problem processing certificate: " + e, e);
}
catch (SecurityUtilityException e)
{
throw new TspException("cannot find algorithm: " + e.Message, e);
}
}
private void EnsureCertificateValidity(X509Certificate certificate)
{
certificate.CheckValidity(DateTime.UtcNow);
certificate.Verify(_authorityKeyPair.Public);
}
/// <summary>
/// Checks the certificate in this same date and time.
/// </summary>
/// <returns>
/// <c>true</c>, if is valid now, <c>false</c> otherwise.
/// </returns>
/// <param name='BCCert'>
/// BouncyCastle cert to check.
/// </param>
private static bool CertIsValidNow(X509Certificate BCCert)
{
try
{
BCCert.CheckValidity();
return BCCert.IsValidNow;
}catch(CertificateExpiredException ce){
SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation: Certificate has expired");
}catch(CertificateNotYetValidException cex){
SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation: Certificate is not yet valid");
}
return false;
}
/**
* verify that the given certificate successfully handles and confirms
* the signature associated with this signer and, if a signingTime
* attribute is available, that the certificate was valid at the time the
* signature was generated.
*/
public bool Verify(
X509Certificate cert)
{
Asn1.Cms.AttributeTable attr = this.SignedAttributes;
if (attr != null)
{
Asn1EncodableVector v = attr.GetAll(CmsAttributes.SigningTime);
switch (v.Count)
{
case 0:
break;
case 1:
{
Asn1.Cms.Attribute t = (Asn1.Cms.Attribute) v[0];
Debug.Assert(t != null);
Asn1Set attrValues = t.AttrValues;
if (attrValues.Count != 1)
throw new CmsException("A signing-time attribute MUST have a single attribute value");
Asn1.Cms.Time time = Asn1.Cms.Time.GetInstance(attrValues[0].ToAsn1Object());
cert.CheckValidity(time.Date);
break;
}
default:
throw new CmsException("The SignedAttributes in a signerInfo MUST NOT include multiple instances of the signing-time attribute");
}
}
return DoVerify(cert.GetPublicKey(), attr);
}
static void Main(string[] args)
{
char[] passwd = "123456".ToCharArray(); //pfx密码
IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("RSA");
RsaKeyGenerationParameters genPar = new RsaKeyGenerationParameters(
BigInteger.ValueOf(0x10001), new SecureRandom(), 2048, 25);
keyGen.Init(genPar);
AsymmetricCipherKeyPair keypair = keyGen.GenerateKeyPair();
RsaKeyParameters pubKey = (RsaKeyParameters)keypair.Public; //CA公钥
RsaKeyParameters priKey = (RsaKeyParameters)keypair.Private; //CA私钥
Hashtable attrs = new Hashtable();
ArrayList order = new ArrayList();
attrs.Add(X509Name.C, "CN"); //country code
//attrs.Add(X509Name.ST, "Guangdong province"); //province name
//attrs.Add(X509Name.L, "Guangzhou city"); //locality name
attrs.Add(X509Name.O, "South China Normal University"); //organization
attrs.Add(X509Name.OU, "South China Normal University"); //organizational unit name
attrs.Add(X509Name.CN, "CAcert"); //common name
attrs.Add(X509Name.E, "*****@*****.**");
order.Add(X509Name.C);
//order.Add(X509Name.ST);
//order.Add(X509Name.L);
order.Add(X509Name.O);
order.Add(X509Name.OU);
order.Add(X509Name.CN);
order.Add(X509Name.E);
X509Name issuerDN = new X509Name(order, attrs);
X509Name subjectDN = issuerDN; //自签证书,两者一样
X509V1CertificateGenerator v1certGen = new X509V1CertificateGenerator();
v1certGen.SetSerialNumber(new BigInteger(128, new Random())); //128位
v1certGen.SetIssuerDN(issuerDN);
v1certGen.SetNotBefore(DateTime.UtcNow.AddDays(-1));
v1certGen.SetNotAfter(DateTime.UtcNow.AddDays(365));
v1certGen.SetSubjectDN(subjectDN);
v1certGen.SetPublicKey(pubKey); //公钥
v1certGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
Org.BouncyCastle.X509.X509Certificate CAcert = v1certGen.Generate(priKey);
CAcert.CheckValidity();
CAcert.Verify(pubKey);
//属性包
/*
* Hashtable bagAttr = new Hashtable();
* bagAttr.Add(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id,
* new DerBmpString("CA's Primary Certificate"));
* bagAttr.Add(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id,
* new SubjectKeyIdentifierStructure(pubKey));
*
* X509CertificateEntry certEntry = new X509CertificateEntry(CAcert,bagAttr);
*/
X509CertificateEntry certEntry = new X509CertificateEntry(CAcert);
Pkcs12Store store = new Pkcs12StoreBuilder().Build();
store.SetCertificateEntry("CA's Primary Certificate", certEntry); //设置证书
X509CertificateEntry[] chain = new X509CertificateEntry[1];
chain[0] = certEntry;
store.SetKeyEntry("CA's Primary Certificate", new AsymmetricKeyEntry(priKey), chain); //设置私钥
FileStream fout = File.Create("CA.pfx");
store.Save(fout, passwd, new SecureRandom()); //保存
fout.Close();
}
/// <summary>
/// Enroll certificate file base on request
/// </summary>
/// <param name="csr"></param>
/// <param name="rootCert"></param>
/// <param name="issuerKeyPair"></param>
/// <param name="startDate"></param>
/// <param name="endDate"></param>
/// <returns></returns>
private Org.BouncyCastle.X509.X509Certificate GenerateSignedCertificate(
Pkcs10CertificationRequest csr,
Org.BouncyCastle.X509.X509Certificate rootCert,
AsymmetricCipherKeyPair issuerKeyPair,
DateTime startDate, DateTime endDate)
{
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
//List<ExtensionsItem> extensions = null;
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(rootCert.SubjectDN);
certGen.SetNotBefore(startDate);
certGen.SetNotAfter(endDate);
CertificationRequestInfo info = csr.GetCertificationRequestInfo();
certGen.SetSubjectDN(info.Subject);
certGen.SetPublicKey(csr.GetPublicKey());
var sigAlg = csr.Signature;
var sigAlg1 = csr.SignatureAlgorithm;
certGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
// Add certificate extensions
Asn1Set attributes = csr.GetCertificationRequestInfo().Attributes;
if (attributes != null)
{
for (int i = 0; i != attributes.Count; i++)
{
AttributePkcs attr = AttributePkcs.GetInstance(attributes[i]);
if (attr.AttrType.Equals(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest))
{
X509Extensions extensions1 = X509Extensions.GetInstance(attr.AttrValues[0]);
foreach (DerObjectIdentifier oid in extensions1.ExtensionOids)
{
Org.BouncyCastle.Asn1.X509.X509Extension ext = extensions1.GetExtension(oid);
// !!! NOT working !!!
//certGen.AddExtension(oid, ext.IsCritical, ext.Value);
//OK
certGen.AddExtension(oid, ext.IsCritical, ext.Value, true);
}
}
}
}
Org.BouncyCastle.X509.X509Certificate issuedCert = null;
try
{
issuedCert = certGen.Generate(issuerKeyPair.Private);
tbOutputMessageBox.Text += "Certificate file sucessfully generated." + "\n";
}
catch (Exception ex)
{
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "Error, generate certificate file." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
try
{
tbOutputMessageBox.Text += "Check if generated certificate file is valid, plase wait ..." + "\n";
issuedCert.CheckValidity(DateTime.UtcNow);
tbOutputMessageBox.Text += "Generate certificate file is valid." + "\n";
}
catch (Exception ex)
{
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "Error, generated certificate file is INVALID." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
try
{
tbOutputMessageBox.Text += "Verify generated certificate file, plase wait ..." + "\n";
issuedCert.Verify(issuerKeyPair.Public);
tbOutputMessageBox.Text += "Generate certificate file verification is OK." + "\n";
}
catch (Exception ex)
{
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "Error, generated certificate file verification is INVALID." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
return(issuedCert);
}
private static MessageReport.Cert GetCertificateInfo(X509Certificate cert, DateTime signDate)
{
MessageReport.Cert c = new MessageReport.Cert();
c.isHardCertificate = isHardCertificatePolicyOidt(cert);
c.issuer = cert.IssuerDN.ToString();
c.subject = cert.SubjectDN.ToString();
c.validFrom = cert.NotBefore.ToString("yyyy-MM-dd HH:mm:ss.ff");
c.validTo = cert.NotAfter.ToString("yyyy-MM-dd HH:mm:ss.ff");
try
{
cert.CheckValidity(signDate);
c.statusDaySigning = "Έγκυρο κατά το χρόνο υπογραφής";
}
catch (CertificateExpiredException e)
{
c.statusDaySigning = "Έίχε λήξει κατά το χρόνο υπογραφής.";
}
catch (CertificateNotYetValidException e)
{
c.statusDaySigning = "Δεν ήταν έγκυρο κατά το χρόνο υπογραφής";
}
try
{
cert.CheckValidity();
c.statusToday = "Έγκυρο";
}
catch (CertificateExpiredException e)
{
c.statusToday = "Έχει λήξει";
}
catch (CertificateNotYetValidException e)
{
c.statusToday = "Μη έγκυρο";
}
return c;
}
/// <summary>
/// Generate certificate request and private key file
/// </summary>
/// <param name="random"></param>
/// <param name="subjectKeyPair"></param>
/// <param name="subjectSerialNumber"></param>
/// <param name="commonName"></param>
/// <param name="issuerKeyPair"></param>
/// <param name="issuerSerialNumber"></param>
/// <param name="isCertificateAuthority"></param>
/// <param name="usages"></param>
/// <param name="signatureAlgorithm"></param>
/// <param name="countryCode"></param>
/// <param name="stateOrProvinceName"></param>
/// <param name="localityName"></param>
/// <param name="organization"></param>
/// <param name="startDateTime"></param>
/// <param name="endDateTime"></param>
/// <param name="outputPrivateKeyName"></param>
/// <param name="outputPublicKeyName"></param>
/// <param name="outputSignedKeyName"></param>
/// <param name="password"></param>
private async void GenerateCertificate(SecureRandom random,
AsymmetricCipherKeyPair subjectKeyPair,
BigInteger subjectSerialNumber,
string commonName,
AsymmetricCipherKeyPair issuerKeyPair,
BigInteger issuerSerialNumber,
bool isCertificateAuthority,
KeyPurposeID[] usages,
string signatureAlgorithm,
string countryCode,
string stateOrProvinceName,
string localityName,
string organization,
DateTime startDateTime,
DateTime endDateTime,
string outputPrivateKeyName,
string outputPublicKeyName,
string outputSignedKeyName,
string password,
string certFriendlyName
)
{
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
certificateGenerator.SetSerialNumber(subjectSerialNumber);
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
IDictionary attrs = new Hashtable();
attrs[X509Name.CN] = commonName;
attrs[X509Name.C] = countryCode;
attrs[X509Name.ST] = stateOrProvinceName;
attrs[X509Name.L] = localityName;
attrs[X509Name.O] = organization;
IList ord = new ArrayList();
ord.Add(X509Name.CN);
ord.Add(X509Name.C);
ord.Add(X509Name.ST);
ord.Add(X509Name.L);
ord.Add(X509Name.O);
X509Name issuerDN = new X509Name(ord, attrs);
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetNotBefore((DateTime)startDateTime);
certificateGenerator.SetNotAfter((DateTime)endDateTime);
certificateGenerator.SetSubjectDN(new X509Name(ord, attrs));
// The subject's public key goes in the certificate.
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
AddAuthorityKeyIdentifier(certificateGenerator, issuerDN, issuerKeyPair, issuerSerialNumber);
AddSubjectKeyIdentifier(certificateGenerator, subjectKeyPair);
bool isCritical = true;
if (!isCertificateAuthority)
{
isCritical = false;
}
certificateGenerator.AddExtension(
X509Extensions.BasicConstraints.Id, isCritical, new BasicConstraints(isCertificateAuthority));
if (usages != null && usages.Any())
{
AddExtendedKeyUsage(certificateGenerator, usages);
}
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(subjectKeyPair.Private);
int errorNum = 0;
try
{
certificate.CheckValidity(startDateTime);
}
catch (Exception ex)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "Generate certificate Check validity period error: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n";
tbOutputMessageBox.Foreground = bckForeground;
var metroWindow = (Application.Current.MainWindow as MetroWindow);
await metroWindow.ShowMessageAsync("ERROR",
"Generate certificate Check validity period error: " + ex.GetHashCode().ToString() + " " + ex.Message,
MessageDialogStyle.Affirmative);
}
try
{
certificate.Verify(subjectKeyPair.Public);
}
catch (Exception ex)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "Generate certificate Verification error: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n";
tbOutputMessageBox.Foreground = bckForeground;
var metroWindow = (Application.Current.MainWindow as MetroWindow);
await metroWindow.ShowMessageAsync("ERROR",
"Generate certificate Verification error: " + ex.GetHashCode().ToString() + " " + ex.Message,
MessageDialogStyle.Affirmative);
}
if (errorNum > 0)
{
return;
}
#region Save Public Key
try
{
File.WriteAllBytes(System.IO.Path.ChangeExtension(outputPublicKeyName, ".cer"), certificate.GetEncoded());
}
catch (Exception ex)
{
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "ERROR to save generated public key to file: " + System.IO.Path.ChangeExtension(outputPublicKeyName, ".cer") + "\n" +
ex.GetHashCode().ToString() + " " + ex.Message + "\n";
tbOutputMessageBox.Foreground = bckForeground;
var metroWindow = (Application.Current.MainWindow as MetroWindow);
await metroWindow.ShowMessageAsync("ERROR",
"ERROR to save generated public key to file: " + System.IO.Path.ChangeExtension(outputPublicKeyName, ".cer") + "\n" +
ex.GetHashCode().ToString() + " " + ex.Message,
MessageDialogStyle.Affirmative);
return;
}
#endregion
#region Private Key
StringBuilder privateKeyStrBuilder = new StringBuilder();
PemWriter privateKeyPemWriter = new PemWriter(new StringWriter(privateKeyStrBuilder));
privateKeyPemWriter.WriteObject(subjectKeyPair.Private);
privateKeyPemWriter.Writer.Flush();
string privateKey = privateKeyStrBuilder.ToString();
try
{
using (TextWriter tw = new StreamWriter(outputPrivateKeyName))
{
PemWriter pw = new PemWriter(tw);
pw.WriteObject(subjectKeyPair.Private);
tw.Flush();
}
tbOutputMessageBox.Text += "File with private key: " + outputPrivateKeyName + " sucessfully generated." + "\n";
}
catch (Exception ex)
{
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "ERROR to save file with private key: " + outputPrivateKeyName + "\n";
tbOutputMessageBox.Foreground = bckForeground;
var metroWindow = (Application.Current.MainWindow as MetroWindow);
await metroWindow.ShowMessageAsync("Info Warning",
"ERROR creating certificate private key file (.key)" + "\n" +
"Error: " + ex.Source + " " + ex.Message,
MessageDialogStyle.Affirmative);
return;
}
#endregion Private Key
#region Public Key
//try
//{
// var store = new Pkcs12Store();
// string friendlyName = certificate.SubjectDN.ToString();
// var certificateEntry = new X509CertificateEntry(certificate);
// store.SetCertificateEntry(friendlyName, certificateEntry);
// store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(subjectKeyPair.Private), new[] { certificateEntry });
// var stream = new MemoryStream();
// store.Save(stream, "password".ToCharArray(), random);
// //Verify that the certificate is valid.
// var convertedCertificate = new X509Certificate2(stream.ToArray(), "password", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
// //Write the file.
// File.WriteAllBytes(outputPublicKeyName, stream.ToArray());
// File.WriteAllBytes(System.IO.Path.ChangeExtension(outputPublicKeyName, ".cer"), certificate.GetEncoded());
// //using (TextWriter tw = new StreamWriter(outputPublicKeyName))
// //{
// // PemWriter pw = new PemWriter(tw);
// // pw.WriteObject(subjectKeyPair.Public);
// // tw.Flush();
// //}
// tbOutputMessageBox.Text += "File with private key: " + outputPublicKeyName + " sucessfully generated." + "\n";
//}
//catch (Exception ex)
//{
// var metroWindow = (Application.Current.MainWindow as MetroWindow);
// await metroWindow.ShowMessageAsync("Info Warning",
// "ERROR creating certificate private key file (.key)" + "\n" +
// "Error: " + ex.Source + " " + ex.Message,
// MessageDialogStyle.Affirmative);
// return;
//}
//StringBuilder publicKeyStrBuilder = new StringBuilder();
//PemWriter publicKeyPemWriter = new PemWriter(new StringWriter(publicKeyStrBuilder));
//publicKeyPemWriter.WriteObject(subjectKeyPair.Private);
//publicKeyPemWriter.Writer.Flush();
//string publicKey = publicKeyStrBuilder.ToString();
//try
//{
// using (TextWriter tw = new StreamWriter(outputPublicKeyName))
// {
// PemWriter pw = new PemWriter(tw);
// pw.WriteObject(subjectKeyPair.Public);
// tw.Flush();
// }
// tbOutputMessageBox.Text += "File with public key: " + outputPublicKeyName + " sucessfully generated." + "\n";
//}
//catch (Exception ex)
//{
// var metroWindow = (Application.Current.MainWindow as MetroWindow);
// await metroWindow.ShowMessageAsync("Info Warning",
// "ERROR creating certificate private key file (.cer)" + "\n" +
// "Error: " + ex.Source + " " + ex.Message,
// MessageDialogStyle.Affirmative);
// return;
//}
#endregion Public Key
#region signed cert file
try
{
X509Certificate2 convCert = ConvertCertificate(certificate, subjectKeyPair, random, pbPassword.Password, certFriendlyName);
bool isHasPrivateKey = convCert.HasPrivateKey;
// This doesn't work for selfsign certificate
//bool isOK = convCert.Verify();
errorNum = 0;
if (!isHasPrivateKey)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "Error, generated certificate DOES NOT have a private key!!!" + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
// This doesn't work for selfsign certificate
//if (!isOK)
//{
// errorNum++;
// Brush bckForeground = tbOutputMessageBox.Foreground;
// tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
// tbOutputMessageBox.Text += "Error, generated certificate NOT valid!!!" + "\n";
// tbOutputMessageBox.Foreground = bckForeground;
//}
if (errorNum > 0)
{
return;
}
// This password is the one attached to the PFX file. Use 'null' for no password.
var bytes = convCert.Export(X509ContentType.Pfx, password);
File.WriteAllBytes(outputSignedKeyName, bytes);
tbOutputMessageBox.Text += "Certificate file with private key: " + outputSignedKeyName + " sucessfully generated." + "\n";
CARootFileNamePath = outputSignedKeyName;
CARootPubKeyFileNamePath = outputPublicKeyName;
if (cbIsCACert.SelectedIndex == 0) // root CA certificate
{
btnContinue.IsEnabled = true;
}
}
catch (Exception ex)
{
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "ERROR creating certificate file with private key (.pfx)" + "\n" + "Error: " + ex.Source + " " + ex.Message + "\n";
tbOutputMessageBox.Foreground = bckForeground;
var metroWindow = (Application.Current.MainWindow as MetroWindow);
await metroWindow.ShowMessageAsync("Info Warning",
"ERROR creating certificate file with private key (.pfx)" + "\n" +
"Error: " + ex.Source + " " + ex.Message,
MessageDialogStyle.Affirmative);
return;
}
#endregion
}
/// <summary>
/// Enroll certificate file base on request
/// </summary>
/// <param name="cerRequest"></param>
/// <param name="rootCert"></param>
/// <param name="issuerKeyPair"></param>
/// <param name="startDate"></param>
/// <param name="endDate"></param>
/// <returns></returns>
private Org.BouncyCastle.X509.X509Certificate GenerateSignedCertificate(
Pkcs10CertificationRequest cerRequest,
Org.BouncyCastle.X509.X509Certificate rootCert,
AsymmetricCipherKeyPair issuerKeyPair,
DateTime startDate, DateTime endDate)
{
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(rootCert.SubjectDN);
certGen.SetNotBefore(startDate);
certGen.SetNotAfter(endDate);
CertificationRequestInfo info = cerRequest.GetCertificationRequestInfo();
certGen.SetSubjectDN(info.Subject);
certGen.SetPublicKey(cerRequest.GetPublicKey());
AlgorithmIdentifier sigAlg = cerRequest.SignatureAlgorithm;
string algName = GetAlgorithmName(sigAlg.Algorithm.Id);
certGen.SetSignatureAlgorithm(algName);
// Add certificate extensions
Asn1Set attributes = cerRequest.GetCertificationRequestInfo().Attributes;
if (attributes != null)
{
for (int i = 0; i != attributes.Count; i++)
{
AttributePkcs attr = AttributePkcs.GetInstance(attributes[i]);
if (attr.AttrType.Equals(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest))
{
X509Extensions extensions1 = X509Extensions.GetInstance(attr.AttrValues[0]);
foreach (DerObjectIdentifier oid in extensions1.ExtensionOids)
{
Org.BouncyCastle.Asn1.X509.X509Extension ext = extensions1.GetExtension(oid);
certGen.AddExtension(oid, ext.IsCritical, ext.GetParsedValue());
}
}
}
}
Org.BouncyCastle.X509.X509Certificate issuedCert = null;
try
{
issuedCert = certGen.Generate(issuerKeyPair.Private);
tbOutputMessageBox.Text += "Certificate file sucessfully generated." + "\n";
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Certificate file sucessfully generated." + "\n",
Foreground = System.Windows.Media.Brushes.Green
});
}));
}
catch (Exception ex)
{
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Error, generate certificate file." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n",
Foreground = System.Windows.Media.Brushes.Red
});
}));
}
try
{
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Check if generated certificate file is valid, plase wait ..." + "\n",
Foreground = System.Windows.Media.Brushes.Black
});
}));
issuedCert.CheckValidity(DateTime.UtcNow);
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Generate certificate file is valid." + "\n",
Foreground = System.Windows.Media.Brushes.Black
});
}));
}
catch (Exception ex)
{
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Error, generated certificate file is INVALID." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n",
Foreground = System.Windows.Media.Brushes.Red
});
}));
}
try
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Verify generated certificate file, plase wait ..." + "\n",
Foreground = System.Windows.Media.Brushes.Black
});
issuedCert.Verify(issuerKeyPair.Public);
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Generate certificate file verification is OK." + "\n",
Foreground = System.Windows.Media.Brushes.Green
});
}));
}
catch (Exception ex)
{
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Error, generated certificate file verification is INVALID." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n",
Foreground = System.Windows.Media.Brushes.Red
});
}));
}
return(issuedCert);
}
/// <summary>
/// Read CA private key file from .key or pfx file
/// Read data from certificate request file .csr
/// Generate signed certificate request file .cer
/// </summary>
/// <param name="signedCERFile"></param>
/// <param name="privateKeyFile"></param>
/// <param name="v"></param>
/// <param name="password"></param>
private async void GenerateCerFile(string certRequestFile,
string privateKeyFile,
string generateSignedCertificateFile,
string password,
DateTime requestStartDate, DateTime requestEndDate)
{
int errorNum = 0;
issueCertificate.IsEnabled = false;
progressring.Visibility = Visibility.Visible;
await System.Threading.Tasks.TaskEx.Delay(1000);
tbOutputMessageBox.Text = "";
#region LoadCertificate
X509Certificate2 issuerCertificate = null;
try
{
await System.Threading.Tasks.TaskEx.Delay(1000);
issuerCertificate = new X509Certificate2(
privateKeyFile,
password,
X509KeyStorageFlags.Exportable
);
}
// Exceptions:
// T:System.Security.Cryptography.CryptographicException:
// An error with the certificate occurs. For example:The certificate file does not
// exist.The certificate is invalid.The certificate's password is incorrect.
catch (System.Security.Cryptography.CryptographicException ex)
{
errorNum++;
progressring.Visibility = Visibility.Hidden;
issueCertificate.IsEnabled = true;
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Cryptographic ERROR=" + ex.Message + "\n",
Foreground = System.Windows.Media.Brushes.Red
});
}));
return;
}
catch (Exception ex)
{
errorNum++;
progressring.Visibility = Visibility.Hidden;
issueCertificate.IsEnabled = true;
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "General ERROR=" + ex.Message + "\n",
Foreground = System.Windows.Media.Brushes.Red
});
}));
return;
}
// This doesn't work for selfsign certificate
//bool isOK = issuerCertificate.Verify();
bool isHasPrivateKey = issuerCertificate.HasPrivateKey;
DateTime noAfter = issuerCertificate.NotAfter;
DateTime noBefore = issuerCertificate.NotBefore;
X509ExtensionCollection x509extensions = issuerCertificate.Extensions;
await System.Threading.Tasks.TaskEx.Delay(1000);
X509CertificateParser parser = new X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate bouncyCertificate = parser.ReadCertificate(issuerCertificate.RawData);
BasicConstraints basicConstraints = null;
bool isCa = false;
Asn1OctetString str = bouncyCertificate.GetExtensionValue(new DerObjectIdentifier("2.5.29.19")); // Basic Constraints -> DerObjectIdentifier BasicConstraints = new DerObjectIdentifier("2.5.29.19");
if (str != null)
{
basicConstraints = BasicConstraints.GetInstance(X509ExtensionUtilities.FromExtensionValue(str));
if (basicConstraints != null)
{
isCa = basicConstraints.IsCA();
}
}
if (!isCa)
{
errorNum++;
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Loaded CA file: " + privateKeyFile + " IS NOT CA authority certificate file!" + "\n",
Foreground = System.Windows.Media.Brushes.Red
});
}));
}
// This doesn't work for selfsign certificate
//if (!isOK)
//{
// errorNum++;
// Brush bckForeground = tbOutputMessageBox.Foreground;
// tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
// tbOutputMessageBox.Text += "File with CA certificate NOT valid." + "\n";
// tbOutputMessageBox.Foreground = bckForeground;
//}
if (!isHasPrivateKey)
{
errorNum++;
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "File with CA certificate DOES NOT have a private key." + "\n",
Foreground = System.Windows.Media.Brushes.Red
});
}));
}
if (noBefore > requestStartDate)
{
errorNum++;
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "File with CA certificate start date: " + requestStartDate.ToLocalTime() + " DOES NOT valid value. Certificate start date is: " + noBefore.ToLocalTime() + "\n",
Foreground = System.Windows.Media.Brushes.Red
});
}));
}
if (noAfter < requestEndDate)
{
errorNum++;
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "File with CA certificate end date: " + requestEndDate.ToLocalTime() + " DOES NOT valid value. Certificate end date is: " + noAfter.ToLocalTime() + "\n",
Foreground = System.Windows.Media.Brushes.Red
});
}));
}
if (errorNum > 0)
{
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "File with CA certificate has error!!!" + "\n",
Foreground = System.Windows.Media.Brushes.Red
});
}));
progressring.Visibility = Visibility.Hidden;
issueCertificate.IsEnabled = true;
return;
}
try
{
await System.Threading.Tasks.TaskEx.Delay(1000);
bool isOk = issuerCertificate.Verify();
}
catch (Exception ex)
{
progressring.Visibility = Visibility.Hidden;
issueCertificate.IsEnabled = true;
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Error Issuer certificate file: " + issuerCertificate + " Verification error: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n",
Foreground = System.Windows.Media.Brushes.Red
});
}));
return;
}
Org.BouncyCastle.X509.X509Certificate issuerCertificateX509 = new X509CertificateParser().ReadCertificate(issuerCertificate.GetRawCertData());
try
{
await System.Threading.Tasks.TaskEx.Delay(1000);
bool isOK = VerifyCertChain(issuerCertificate);
}
catch (Exception ex)
{
progressring.Visibility = Visibility.Hidden;
issueCertificate.IsEnabled = true;
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Error Issuer certificate file: " + issuerCertificate + " public key error: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n",
Foreground = System.Windows.Media.Brushes.Red
});
}));
return;
}
Org.BouncyCastle.X509.X509Certificate x509IssuerCert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(issuerCertificate);
try
{
await System.Threading.Tasks.TaskEx.Delay(1000);
x509IssuerCert.CheckValidity(requestStartDate);
await System.Threading.Tasks.TaskEx.Delay(1000);
x509IssuerCert.CheckValidity(requestEndDate);
}
catch (Exception ex)
{
progressring.Visibility = Visibility.Hidden;
issueCertificate.IsEnabled = true;
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Error Issuer certificate file: " + issuerCertificate + " X509 certificate error: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n",
Foreground = System.Windows.Media.Brushes.Red
});
}));
return;
}
#endregion
// Read certificate request .csr file
Pkcs10CertificationRequest cerRequest = null;
try
{
await System.Threading.Tasks.TaskEx.Delay(1000);
String input_data = File.ReadAllText(certRequestFile);
StringReader sr = new StringReader(input_data);
PemReader pr = new PemReader(sr);
cerRequest = (Pkcs10CertificationRequest)pr.ReadObject();
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Verify file with certificate request : " + certRequestFile + "\n",
Foreground = System.Windows.Media.Brushes.Black
});
}));
try
{
await System.Threading.Tasks.TaskEx.Delay(1000);
bool requestIsOK = cerRequest.Verify();
if (requestIsOK)
{
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "File with certificate request : " + certRequestFile + " is OK." + "\n",
Foreground = System.Windows.Media.Brushes.Black
});
}));
}
else
{
progressring.Visibility = Visibility.Hidden;
issueCertificate.IsEnabled = true;
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "File with certificate request : " + certRequestFile + " NOT valid." + "\n",
Foreground = System.Windows.Media.Brushes.Red
});
}));
return;
}
}
catch (Exception ex)
{
progressring.Visibility = Visibility.Hidden;
issueCertificate.IsEnabled = true;
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Error certificate request file: " + cerRequest + " Verify error: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n",
Foreground = System.Windows.Media.Brushes.Red
});
}));
return;
}
}
catch (Exception ex)
{
progressring.Visibility = Visibility.Hidden;
issueCertificate.IsEnabled = true;
var metroWindow = (Application.Current.MainWindow as MetroWindow);
await metroWindow.ShowMessageAsync("Info Warning",
"ERROR reading certificate request file (.csr)" + "\n" +
"Error: " + ex.Source + " " + ex.Message,
MessageDialogStyle.Affirmative);
return;
}
await System.Threading.Tasks.TaskEx.Delay(1000);
AsymmetricCipherKeyPair issuerKeyPair = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey);
await System.Threading.Tasks.TaskEx.Delay(1000);
Org.BouncyCastle.X509.X509Certificate genCert = GenerateSignedCertificate(
cerRequest,
x509IssuerCert,
issuerKeyPair,
requestStartDate,
requestEndDate);
try
{
await System.Threading.Tasks.TaskEx.Delay(1000);
File.WriteAllBytes(System.IO.Path.ChangeExtension(generateSignedCertificateFile, ".cer"), genCert.GetEncoded());
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Certificate file: " + generateSignedCertificateFile + " sucessfully saved." + "\n",
Foreground = System.Windows.Media.Brushes.Green
});
}));
btnContinue.IsEnabled = true;
}
catch (Exception)
{
Application.Current.Dispatcher.Invoke(new Action(() =>
{
tbOutputMessageBox.Inlines.Add(new Run
{
Text = "Certificate file sucessfully generated." + "\n",
Foreground = System.Windows.Media.Brushes.Green
});
}));
}
CertData.cerPublicFilePath = tbPathGenerateCer.Text + "\\" + tbCertFileName.Text + ".cer";
progressring.Visibility = Visibility.Hidden;
issueCertificate.IsEnabled = true;
}
public static void ShowCertificateInfo(X509Certificate cert, DateTime signDate)
{
Console.WriteLine("Issuer: " + cert.IssuerDN);
Console.WriteLine("Subject: " + cert.SubjectDN);
Console.WriteLine("Valido dede: " + cert.NotBefore.ToString("yyyy-MM-dd HH:mm:ss.ff"));
Console.WriteLine("Valido hasta: " + cert.NotAfter.ToString("yyyy-MM-dd HH:mm:ss.ff"));
try
{
cert.CheckValidity(signDate);
Console.WriteLine("El certificado era valido al momento de la firma.");
}
catch (CertificateExpiredException e)
{
Console.WriteLine("El certificado estaba expirado al momento de la firma. " + e.ToString());
}
catch (CertificateNotYetValidException e)
{
Console.WriteLine("El certificado no era válido aún al momento de la firma. " + e.ToString());
}
try
{
cert.CheckValidity();
Console.WriteLine("El certificado sigue siendo válido.");
}
catch (CertificateExpiredException e)
{
Console.WriteLine("El certificado ha expirado. " + e.ToString());
}
catch (CertificateNotYetValidException e)
{
Console.WriteLine("El certificado no es válido aún. " + e.ToString());
}
}
/**
* verify that the given certificate succesfully handles and confirms
* the signature associated with this signer and, if a signingTime
* attribute is available, that the certificate was valid at the time the
* signature was generated.
*/
public bool Verify(
X509Certificate cert)
{
Asn1.Cms.AttributeTable attr = this.SignedAttributes;
if (attr != null)
{
Asn1.Cms.Attribute t = attr[CmsAttributes.SigningTime];
if (t != null)
{
Asn1.Cms.Time time = Asn1.Cms.Time.GetInstance(
t.AttrValues[0].ToAsn1Object());
cert.CheckValidity(time.Date);
}
}
return DoVerify(cert.GetPublicKey(), attr);
}
/// <summary>
/// Read CA private key file from .key or pfx file
/// Read data from certificate request file .csr
/// Generate signed certificate request file .cer
/// </summary>
/// <param name="signedCERFile"></param>
/// <param name="privateKeyFile"></param>
/// <param name="v"></param>
/// <param name="password"></param>
private async void GenerateCerFile(string certRequestFile,
string privateKeyFile,
string generateSignedCertificateFile,
string password, string friendlyName,
DateTime startDate, DateTime endDate)
{
#region LoadCertificate
// read public & private key from file
AsymmetricKeyParameter privateKey = null;
AsymmetricKeyParameter publicKey = null;
System.Security.Cryptography.X509Certificates.X509Certificate2 issuerCertificate = null;
Org.BouncyCastle.X509.X509Certificate issuerCertificateX509 = null;
// Ovo NE radi
//issuerCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(
// privateKeyFile,
// password
// );
// Ovo RADI
issuerCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(
privateKeyFile,
password,
System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable
);
// This doesn't work for selfsign certificate
//bool isOK = issuerCertificate.Verify();
bool isHasPrivateKey = issuerCertificate.HasPrivateKey;
DateTime noAfter = issuerCertificate.NotAfter;
DateTime noBefore = issuerCertificate.NotBefore;
X509ExtensionCollection x509extensions = issuerCertificate.Extensions;
int errorNum = 0;
X509CertificateParser parser = new X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate bouncyCertificate = parser.ReadCertificate(issuerCertificate.RawData);
BasicConstraints basicConstraints = null;
bool isCa = false;
Asn1OctetString str = bouncyCertificate.GetExtensionValue(new DerObjectIdentifier("2.5.29.19"));
if (str != null)
{
basicConstraints = BasicConstraints.GetInstance(
X509ExtensionUtilities.FromExtensionValue(str));
if (basicConstraints != null)
{
isCa = basicConstraints.IsCA();
}
}
if (!isCa)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "Loaded CA file: " + privateKeyFile + " IS NOT CA authority certificate file!" + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
// This doesn't work for selfsign certificate
//if (!isOK)
//{
// errorNum++;
// Brush bckForeground = tbOutputMessageBox.Foreground;
// tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
// tbOutputMessageBox.Text += "File with CA certificate NOT valid." + "\n";
// tbOutputMessageBox.Foreground = bckForeground;
//}
if (!isHasPrivateKey)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "File with CA certificate DOES NOT have a private key." + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
if (noBefore > startDate)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "File with CA certificate start date: " + startDate.ToLocalTime() + " DOES NOT valid value. Certificate start date is: " + noBefore.ToLocalTime() + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
if (noAfter < endDate)
{
errorNum++;
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "File with CA certificate end date: " + endDate.ToLocalTime() + " DOES NOT valid value. Certificate end date is: " + noAfter.ToLocalTime() + "\n";
tbOutputMessageBox.Foreground = bckForeground;
}
if (errorNum > 0)
{
Brush bckForeground = tbOutputMessageBox.Foreground;
tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red);
tbOutputMessageBox.Text += "File with CA certificate has error!!!" + "\n";
tbOutputMessageBox.Foreground = bckForeground;
return;
}
bool isOk = issuerCertificate.Verify();
AsymmetricCipherKeyPair issuerKeyPairTmp = DotNetUtilities.GetKeyPair(issuerCertificate.PrivateKey);
privateKey = issuerKeyPairTmp.Private;
publicKey = issuerKeyPairTmp.Public;
issuerCertificateX509 = new Org.BouncyCastle.X509.X509CertificateParser().ReadCertificate(issuerCertificate.GetRawCertData());
issuerCertificateX509.Verify(publicKey);
Org.BouncyCastle.X509.X509Certificate x509 = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(issuerCertificate);
x509.Verify(publicKey);
x509.CheckValidity(startDate);
#endregion
// Read certificate request .csr file
Pkcs10CertificationRequest cerRequest = null;
try
{
String input_data = File.ReadAllText(certRequestFile);
StringReader sr = new StringReader(input_data);
PemReader pr = new PemReader(sr);
cerRequest = (Pkcs10CertificationRequest)pr.ReadObject();
tbOutputMessageBox.Text += "Verify file with certificate request : " + certRequestFile + "\n";
bool requestIsOK = cerRequest.Verify();
if (requestIsOK)
{
tbOutputMessageBox.Text += "File with certificate request : " + certRequestFile + " is OK." + "\n";
}
else
{
tbOutputMessageBox.Text += "File with certificate request : " + certRequestFile + " NOT valid." + "\n";
return;
}
}
catch (Exception ex)
{
var metroWindow = (Application.Current.MainWindow as MetroWindow);
await metroWindow.ShowMessageAsync("Info Warning",
"ERROR reading certificate request file (.csr)" + "\n" +
"Error: " + ex.Source + " " + ex.Message,
MessageDialogStyle.Affirmative);
return;
}
Org.BouncyCastle.X509.X509Certificate genCert = GenerateSignedCertificate(
cerRequest,
x509,
issuerKeyPairTmp,
startDate, endDate);
try
{
File.WriteAllBytes(System.IO.Path.ChangeExtension(generateSignedCertificateFile, ".cer"), genCert.GetEncoded());
tbOutputMessageBox.Text += "Certificate file: " + generateSignedCertificateFile + " sucessfully saved." + "\n";
signedRequestFileNamePath = generateSignedCertificateFile;
btnContinue.IsEnabled = true;
}
catch (Exception)
{
tbOutputMessageBox.Text += "Certificate file sucessfully generated." + "\n";
}
#region Public Key
//try
//{
// var store = new Pkcs12Store();
// string friendlyName1 = issuerCertificateX509.SubjectDN.ToString();
// var certificateEntry = new X509CertificateEntry(issuerCertificateX509);
// store.SetCertificateEntry(friendlyName1, certificateEntry);
// store.SetKeyEntry(friendlyName1, new AsymmetricKeyEntry(privateKey), new[] { certificateEntry });
// var stream = new MemoryStream();
// var random1 = GetSecureRandom();
// store.Save(stream, "password".ToCharArray(), random1);
// //Verify that the certificate is valid.
// var convertedCertificate = new X509Certificate2(stream.ToArray(), "password", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
// //Write the file.
// File.WriteAllBytes(generateSignedCertificateFile, stream.ToArray());
// File.WriteAllBytes(System.IO.Path.ChangeExtension(generateSignedCertificateFile, ".cer"), genCert.GetEncoded());
// //using (TextWriter tw = new StreamWriter(outputPublicKeyName))
// //{
// // PemWriter pw = new PemWriter(tw);
// // pw.WriteObject(subjectKeyPair.Public);
// // tw.Flush();
// //}
// tbOutputMessageBox.Text += "File with private key: " + generateSignedCertificateFile + " sucessfully generated." + "\n";
//}
//catch (Exception ex)
//{
// var metroWindow = (Application.Current.MainWindow as MetroWindow);
// await metroWindow.ShowMessageAsync("Info Warning",
// "ERROR creating certificate private key file (.key)" + "\n" +
// "Error: " + ex.Source + " " + ex.Message,
// MessageDialogStyle.Affirmative);
// return;
//}
//StringBuilder publicKeyStrBuilder = new StringBuilder();
//PemWriter publicKeyPemWriter = new PemWriter(new StringWriter(publicKeyStrBuilder));
//publicKeyPemWriter.WriteObject(genCert.GetPublicKey());
//publicKeyPemWriter.Writer.Flush();
//string publicKey = publicKeyStrBuilder.ToString();
//try
//{
// using (TextWriter tw = new StreamWriter(generateSignedCertificateFile))
// {
// PemWriter pw = new PemWriter(tw);
// pw.WriteObject(genCert.GetPublicKey());
// tw.Flush();
// }
// tbOutputMessageBox.Text += "File with private key: " + generateSignedCertificateFile + " sucessfully generated." + "\n";
//}
//catch (Exception ex)
//{
// var metroWindow = (Application.Current.MainWindow as MetroWindow);
// await metroWindow.ShowMessageAsync("Info Warning",
// "ERROR creating certificate private key file (.key)" + "\n" +
// "Error: " + ex.Source + " " + ex.Message,
// MessageDialogStyle.Affirmative);
// return;
//}
#endregion Public Key
}
