public string GetAsnFormattedData()
        {
            CertificateAuthority.Models.Asn1Functions.Asn1Functions asnFnc = new CertificateAuthority.Models.Asn1Functions.Asn1Functions();
            Oid oidObj = new Oid("2.5.29.31");

            byte[] rawExtensionData = System.IO.File.ReadAllBytes(@"F:\DevGit\certs\csharptest\encodingusinglib\crltext-base64decode-bytes1.txt");
            return(asnFnc.FormatNative(oidObj, rawExtensionData, true));
        }
        //public string AsnFormattedDataFromByteArray(string Oid, byte[] RawExtensionData)
        public string AsnFormattedDataFromFile([FromBody] AsnEncodedFileLocation F)
        {
            Oid oidObj = new Oid(F.Oid);

            CertificateAuthority.Models.Asn1Functions.Asn1Functions asnFnc = new CertificateAuthority.Models.Asn1Functions.Asn1Functions();

            byte[] rawExtensionData = System.IO.File.ReadAllBytes($@"{F.FilePath}");
            return(asnFnc.FormatNative(oidObj, rawExtensionData, true));
        }
        //public string AsnFormattedDataFromByteArray(string Oid, byte[] RawExtensionData)
        public string AsnFormattedDataFromBase64String([FromBody] AsnEncodedDataClass A)
        {
            Oid oidObj = new Oid(A.Oid);

            CertificateAuthority.Models.Asn1Functions.Asn1Functions asnFnc = new CertificateAuthority.Models.Asn1Functions.Asn1Functions();
            byte[] rawExtensionData = System.Convert.FromBase64String(A.Base64ExtensionData);
            //byte[] rawExtensionData = System.IO.File.ReadAllBytes(@"F:\DevGit\certs\csharptest\encodingusinglib\crltext-base64decode-bytes1.txt");
            return(asnFnc.FormatNative(oidObj, rawExtensionData, true));
        }
Exemplo n.º 4
0
        public X509Certificate2 CreateAndSignClientCert(string subjectName, X509Certificate2 signingCertificate,
                                                        int keySize, HashAlgorithmName hash, int validDays, bool useCrl, string[] crlUri)
        {
            if (signingCertificate == null)
            {
                throw new ArgumentNullException(nameof(signingCertificate));
            }
            if (!signingCertificate.HasPrivateKey)
            {
                throw new Exception("Signing cert must have private key");
            }
            if (string.IsNullOrEmpty(subjectName))
            {
                throw new ArgumentException($"{nameof(subjectName)} must be a valid DNS name", nameof(subjectName));
            }
            //if (UriHostNameType.Unknown == Uri.CheckHostName(subjectName))
            //{
            //    throw new ArgumentException("Must be a valid DNS name", nameof(subjectName));
            //}

            X500DistinguishedName dn = new X500DistinguishedName($"CN={subjectName}");

            RSA key = GenerateRsaKey(keySize);


            CertificateRequest request = CreateRsaCertificateRequest(dn, hash, key);


            //using (var ecdsa = ECDsa.Create("ECDsa"))
            //{
            //ecdsa.KeySize = 256;
            //var request = new CertificateRequest(
            //    $"CN={subjectName}",
            //    ecdsa,
            //    HashAlgorithmName.SHA256);

            // set basic certificate contraints
            request.CertificateExtensions.Add(
                new X509BasicConstraintsExtension(false, false, 0, true));

            // key usage: Digital Signature and Key Encipherment
            request.CertificateExtensions.Add(
                new X509KeyUsageExtension(
                    X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment,
                    true));

            // set the AuthorityKeyIdentifier. There is no built-in
            // support, so it needs to be copied from the Subject Key
            // Identifier of the signing certificate and massaged slightly.
            // AuthorityKeyIdentifier is "KeyID=<subject key identifier>"

            //x509

            // TEMPORARILY REMOVING - PLAN TO ADD BACK
            //var issuerSubjectKey = signingCertificate.Extensions["Subject Key Identifier"].RawData;
            //var segment = new ArraySegment<byte>(issuerSubjectKey, 2, issuerSubjectKey.Length - 2);
            //var authorityKeyIdentifer = new byte[segment.Count + 4];
            //// these bytes define the "KeyID" part of the AuthorityKeyIdentifer
            //authorityKeyIdentifer[0] = 0x30;
            //authorityKeyIdentifer[1] = 0x16;
            //authorityKeyIdentifer[2] = 0x80;
            //authorityKeyIdentifer[3] = 0x14;
            //segment.CopyTo(authorityKeyIdentifer, 4);
            //request.CertificateExtensions.Add(new X509Extension("2.5.29.35", authorityKeyIdentifer, false));

            //request.CertificateExtensions.Add(new X509Extension //X509Extension("2.5.29.31", crlUri, false));

            //string crlUri = "http://dev-11.observicing.net/crl/new-auto-root-ca.crl";

            // add oid for cert revocation list
            if (useCrl)
            {
                //byte[] crlBytes = Encoding.ASCII.GetBytes(crlUri);
                //byte[] oidBytes = System.IO.File.ReadAllBytes(@"F:\DevGit\certs\csharptest\crloid.txt"); // WORKS!
                //byte[] oidBytes = System.IO.File.ReadAllBytes(@"F:\DevGit\certs\csharptest\crloid-modified.txt");
                CertificateAuthority.Models.Asn1Functions.Asn1Functions asnFnc = new CertificateAuthority.Models.Asn1Functions.Asn1Functions();

                Oid            crlOid   = new Oid("2.5.29.31");
                byte[]         oidBytes = System.Convert.FromBase64String(asnFnc.EncodeCrlExtensionData(crlUri));
                AsnEncodedData enc      = new AsnEncodedData(crlOid, oidBytes);

                //request.CertificateExtensions.Add(new X509Extension(enc, false));

                //X509CrlExtensionInputData crlExt = new X509CrlExtensionInputData();
                //crlExt.CrlLocations = crlUri;
                request.CertificateExtensions.Add(new X509Extension(enc, false));
            }



            //AsnEncodedData

            // DPS samples create certs with the device name as a SAN name
            // in addition to the subject name
            var sanBuilder = new SubjectAlternativeNameBuilder();

            sanBuilder.AddDnsName(subjectName);
            var sanExtension = sanBuilder.Build();

            request.CertificateExtensions.Add(sanExtension);

            // Enhanced key usages
            request.CertificateExtensions.Add(
                new X509EnhancedKeyUsageExtension(
                    new OidCollection {
                new Oid("1.3.6.1.5.5.7.3.2"),             // TLS Client auth
                new Oid("1.3.6.1.5.5.7.3.1")              // TLS Server auth
            },
                    false));

            // add this subject key identifier
            request.CertificateExtensions.Add(
                new X509SubjectKeyIdentifierExtension(request.PublicKey, false));

            // certificate expiry: Valid from Yesterday to Now+365 days
            // Unless the signing cert's validity is less. It's not possible
            // to create a cert with longer validity than the signing cert.
            var notbefore = DateTimeOffset.UtcNow.AddDays(-1);

            if (notbefore < signingCertificate.NotBefore)
            {
                notbefore = new DateTimeOffset(signingCertificate.NotBefore);
            }
            var notafter = DateTimeOffset.UtcNow.AddDays(validDays);

            if (notafter > signingCertificate.NotAfter)
            {
                notafter = new DateTimeOffset(signingCertificate.NotAfter);
            }

            // cert serial is the epoch/unix timestamp
            var epoch    = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
            var unixTime = Convert.ToInt64((DateTime.UtcNow - epoch).TotalSeconds);
            var serial   = BitConverter.GetBytes(unixTime);

            // create and return the generated and signed
            using (var cert = request.Create(
                       signingCertificate,
                       notbefore,
                       notafter,
                       serial))
            {
                return(cert.CopyWithPrivateKey(key));
            }
            //}
        }
 public string ConvertToBase64X509CrlExtensionData([FromBody] X509CrlExtensionInputData D)
 {
     CertificateAuthority.Models.Asn1Functions.Asn1Functions asnFnc = new CertificateAuthority.Models.Asn1Functions.Asn1Functions();
     return(asnFnc.EncodeCrlExtensionData(D.CrlLocations));
 }