} // End Function GetX509Field
// http://unitstep.net/blog/2008/10/27/extracting-x509-extensions-from-a-csr-using-the-bouncy-castle-apis/
// https://github.com/puppetlabs/jvm-ssl-utils/blob/master/src/java/com/puppetlabs/ssl_utils/ExtensionsUtils.java
// Gets the X509 Extensions contained in a CSR (Certificate Signing Request).
// @param certificateSigningRequest the CSR.
// @return the X509 Extensions in the request.
// @throws CertificateException if the extensions could not be found.
private static Org.BouncyCastle.Asn1.X509.X509Extensions GetX509ExtensionsFromCsr(
Org.BouncyCastle.Asn1.Pkcs.CertificationRequestInfo certificationRequestInfo
)
{
// Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest certificateSigningRequest
//Org.BouncyCastle.Asn1.Pkcs.CertificationRequestInfo certificationRequestInfo = certificateSigningRequest.GetCertificationRequestInfo();
Org.BouncyCastle.Asn1.Asn1Set attributesAsn1Set = certificationRequestInfo.Attributes;
// The `Extension Request` attribute is contained within an ASN.1 Set,
// usually as the first element.
Org.BouncyCastle.Asn1.X509.X509Extensions certificateRequestExtensions = null;
for (int i = 0; i < attributesAsn1Set.Count; ++i)
{
// There should be only only one attribute in the set. (that is, only
// the `Extension Request`, but loop through to find it properly)
Org.BouncyCastle.Asn1.Asn1Encodable derEncodable = attributesAsn1Set[i];
if (derEncodable is Org.BouncyCastle.Asn1.X509.X509Extensions)
{
certificateRequestExtensions = (Org.BouncyCastle.Asn1.X509.X509Extensions)derEncodable;
break;
}
else if (derEncodable is Org.BouncyCastle.Asn1.DerSequence)
{
Org.BouncyCastle.Asn1.DerSequence sequence = (Org.BouncyCastle.Asn1.DerSequence)attributesAsn1Set[i];
Org.BouncyCastle.Asn1.Cms.Attribute attribute =
new Org.BouncyCastle.Asn1.Cms.Attribute(sequence);
// Check if the `Extension Request` attribute is present.
if (attribute.AttrType.Equals(
Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Pkcs9AtExtensionRequest)
)
{
Org.BouncyCastle.Asn1.Asn1Set attributeValues = attribute.AttrValues;
// The X509Extensions are contained as a value of the ASN.1 Set.
// Assume that it is the first value of the set.
if (attributeValues.Count >= 1)
{
certificateRequestExtensions = Org.BouncyCastle.Asn1.X509.X509Extensions.GetInstance(
attributeValues[0]
);
// No need to search any more.
break;
} // End if (attributeValues.Count >= 1)
}
} // End else if (derEncodable is Org.BouncyCastle.Asn1.DerSequence)
} // Next i
if (null == certificateRequestExtensions)
{
throw new Org.BouncyCastle.Security.Certificates.CertificateException(
"Could not obtain X509 Extensions from the CSR");
} // End if (null == certificateRequestExtensions)
return(certificateRequestExtensions);
} // End Function
} // End Sub AddAlternativeNames
public void AddExtension(
string oid
, bool critical
, Org.BouncyCastle.Asn1.Asn1Encodable extensionValue)
{
if (critical)
{
this.CriticalExtensions.Add(oid, extensionValue);
}
else
{
this.NonCriticalExtensions.Add(oid, extensionValue);
}
} // End Sub AddExtension
//public static byte[] Decrypt2(this byte[] cmessage,string password, byte[] salt)
//{
// int KEY_SIZE = 256;
// int iterations = 100;
// //byte[] salt = new byte[KEY_SIZE >> 3];
// IBufferedCipher decCipher = BuildDecryptionCipher(password, iterations, salt);
// return DecryptTemp(decCipher, cmessage);
//}
private static IBufferedCipher BuildDecryptionCipher(string password, int iterations, byte[] salt)
{
string DECRYPTION_ALGORITHM = "PBEWithSHA256And256BitAES-CBC-BC";
// get the password bytes
char[] passwordChars = password.ToCharArray();
IBufferedCipher cipher = CipherUtilities.GetCipher(DECRYPTION_ALGORITHM);
Org.BouncyCastle.Asn1.Asn1Encodable algParams = PbeUtilities.GenerateAlgorithmParameters(DECRYPTION_ALGORITHM, salt, iterations);
ICipherParameters cipherParams = PbeUtilities.GenerateCipherParameters(DECRYPTION_ALGORITHM, passwordChars, algParams);
cipher.Init(false, cipherParams);
return(cipher);
}
} // End Sub AddAlternativeNames
public void AddExtension(string oid, bool critical, Org.BouncyCastle.Asn1.Asn1Encodable extensionValue)
{
if (critical)
{
this.CriticalExtensions.Add(oid, extensionValue);
}
else
{
this.NonCriticalExtensions.Add(oid, extensionValue);
}
//certGenerator.AddExtension(
// Org.BouncyCastle.Asn1.X509.X509Extensions.SubjectAlternativeName
// , false
// , subjectAlternativeNames
// );
} // End Sub AddExtension
} // End Property SubjectAlternativeNames
public static Org.BouncyCastle.Asn1.DerSequence CreateSubjectAlternativeNames(string[] names)
{
Org.BouncyCastle.Asn1.Asn1Encodable[] alternativeNames = new Org.BouncyCastle.Asn1.Asn1Encodable[names.Length];
for (int i = 0; i < names.Length; ++i)
{
System.Net.IPAddress ipa;
if (System.Net.IPAddress.TryParse(names[i], out ipa))
{
alternativeNames[i] = new Org.BouncyCastle.Asn1.X509.GeneralName(Org.BouncyCastle.Asn1.X509.GeneralName.IPAddress, names[i]);
}
else
{
alternativeNames[i] = new Org.BouncyCastle.Asn1.X509.GeneralName(Org.BouncyCastle.Asn1.X509.GeneralName.DnsName, names[i]);
}
} // Next i
Org.BouncyCastle.Asn1.DerSequence subjectAlternativeNames = new Org.BouncyCastle.Asn1.DerSequence(alternativeNames);
return(subjectAlternativeNames);
} // End Function CreateSubjectAlternativeNames
