public X509Certificate IssueCertificate(
Pkcs10CertificationRequest request,
ExtensionBuilder extensionBuilder,
string customDN = null
)
{
var caCert = GetRootCert();
var caKey = GetRootKey();
var startDate = DateTime.Now;
var expiryDate = DateTime.Now.AddYears(1);
var serialNumber = BigIntegers.CreateRandomInRange(
BigInteger.ValueOf(2).Pow(63),
BigInteger.ValueOf(2).Pow(64),
new SecureRandom()
);
var certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(serialNumber);
certGen.SetIssuerDN(caCert.SubjectDN);
certGen.SetNotBefore(startDate);
certGen.SetNotAfter(expiryDate);
certGen.SetPublicKey(request.GetPublicKey());
if (!string.IsNullOrEmpty(customDN))
{
certGen.SetSubjectDN(new X509Name(customDN));
}
else
{
certGen.SetSubjectDN(request.GetCertificationRequestInfo().Subject);
}
extensionBuilder.Build(certGen, request, caCert);
var x509Certificate = GenerateCertificate(caKey, certGen);
return(x509Certificate);
}
protected void ApplyAuthorityInfoAccess(
X509V3CertificateGenerator certGen,
string rootCertLink
)
{
if (string.IsNullOrEmpty(rootCertLink))
{
return;
}
int uri = GeneralName.UniformResourceIdentifier;
GeneralName gn = new GeneralName(uri, rootCertLink);
AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess(X509ObjectIdentifiers.IdADCAIssuers, gn);
certGen.AddExtension(
X509Extensions.AuthorityInfoAccess,
false,
authorityInformationAccess
);
}
public static X509Certificate GenerateCertificate(ISignatureFactory signatureFactory)
{
RsaKeyPairGenerator keypairgen = new RsaKeyPairGenerator();
keypairgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));
AsymmetricCipherKeyPair keypair = keypairgen.GenerateKeyPair();
BigInteger SN = BigInteger.ProbablePrime(120, new Random());
X509Name CN = new X509Name("CN=Test CN");
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
certificateGenerator.SetSerialNumber(SN);
certificateGenerator.SetSubjectDN(CN);
certificateGenerator.SetIssuerDN(CN);
certificateGenerator.SetNotAfter(DateTime.Now.AddDays(10));
certificateGenerator.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)));
certificateGenerator.SetPublicKey(keypair.Public);
return(certificateGenerator.Generate(signatureFactory));
}
public X509Certificate GenerateCertificate(string userFullName, string userCompanyName, AsymmetricKeyParameter issuerPrivate, AsymmetricKeyParameter subjectPublic)
{
if (userFullName == null)
{
throw new NullReferenceException("User name cant be null");
}
if (userCompanyName == null)
{
throw new NullReferenceException("User company name cant be null");
}
ISignatureFactory signatureFactory = new Asn1SignatureFactory(PkcsObjectIdentifiers.Sha256WithRsaEncryption.ToString(), issuerPrivate);
var certGenerator = new X509V3CertificateGenerator();
certGenerator.SetIssuerDN(new X509Name($"C=NL, O=Volt signature service"));
certGenerator.SetSubjectDN(new X509Name($"C=NL, O={userCompanyName}, CN={userFullName}"));
certGenerator.SetSerialNumber(BigInteger.ValueOf(1));
certGenerator.SetNotAfter(DateTime.UtcNow.AddYears(1));
certGenerator.SetNotBefore(DateTime.UtcNow);
certGenerator.SetPublicKey(subjectPublic);
return(certGenerator.Generate(signatureFactory));
}
private static X509V3CertificateGenerator GetX509V3CertificateGenerator(
AsymmetricCipherKeyPair keyPair)
{
var gen = new X509V3CertificateGenerator();
gen.SetSerialNumber(BigInteger.ProbablePrime(120, new Random()));
gen.SetNotAfter(DateTime.Now.AddDays(1));
gen.SetNotBefore(DateTime.Now.AddDays(-1));
gen.SetPublicKey(keyPair.Public);
// If CertificateAuthority=true then SKI has to be present(?)
//gen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
//var ski = new SubjectKeyIdentifier(
// SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public));
//gen.AddExtension(X509Extensions.SubjectKeyIdentifier, false, ski);
var keyUsage = new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign);
gen.AddExtension(X509Extensions.KeyUsage, true, keyUsage);
return(gen);
}
internal string CreateSelfSignedCertificateTest(ParametersValidation validationRequest, out StepType stepType, out SoapException exc, out int timeout)
{
int special;
var res = GetCommand <string>("CreateSelfSignedCertificate", CreateSelfSignedCertificate, validationRequest, true, out stepType, out exc, out timeout, out special);
if (special == 1)
{
var generator = new X509V3CertificateGenerator();
generator.SetSerialNumber(new Org.BouncyCastle.Math.BigInteger(DateTime.Now.Ticks.ToString()));
generator.SetIssuerDN(new X509Name("CN=ONVIF TT,C=US"));
generator.SetPublicKey(m_RSAKeyPair.Public);
generator.SetNotBefore(DateTime.Now.AddYears(-1));
generator.SetNotAfter(DateTime.Now.AddYears(1));
generator.SetSubjectDN(new X509Name("CN=ONVIF TT,C=US"));
generator.SetSignatureAlgorithm("SHA1WithRSAEncryption");
m_X509CertificateSS = generator.Generate(m_RSAKeyPair.Private);
}
return(res);
}
public static void CreateSelfSignedCertificate(Certificate certInfo,
string certificateFile, string keyFile)
{
var rndGen = new CryptoApiRandomGenerator();
var rnd = new SecureRandom(rndGen);
var keyGenParams = new KeyGenerationParameters(rnd, 2048);
var keyPairGen = new RsaKeyPairGenerator();
// var keyGenParams = new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, rnd);
// var keyPairGen = new ECKeyPairGenerator();
keyPairGen.Init(keyGenParams);
var keyPair = keyPairGen.GenerateKeyPair();
var certGen = new X509V3CertificateGenerator();
var serialNo = BigIntegers.CreateRandomInRange(
BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), rnd);
certGen.SetSerialNumber(serialNo);
certGen.SetSubjectDN(certInfo.X509Name());
certGen.SetIssuerDN(certInfo.X509Name());
var now = DateTime.UtcNow.Date;
certGen.SetNotBefore(now);
certGen.SetNotAfter(now.AddDays(certInfo.ValidDays));
certGen.SetPublicKey(keyPair.Public);
var sigFac = new Asn1SignatureFactory("SHA256WithRSA", keyPair.Private, rnd);
var cert = certGen.Generate(sigFac);
using (var w = new StreamWriter(certificateFile, false, Encoding.ASCII)) {
var pemWriter = new PemWriter(w);
pemWriter.WriteObject(cert);
}
using (var w = new StreamWriter(keyFile, false, Encoding.ASCII))
{
var pemWriter = new PemWriter(w);
pemWriter.WriteObject(keyPair);
}
}
private static bool CreateRootCert()
{
const int ROOT_KEY_LENGTH = 2048;
const string OU = "Tsanie Lily";
const string O = "tsanie.org";
const string CN = "Cacher";
const int YEARS_VALID = 10;
const string SIGNATURE_ALG = "SHA1withRSA";
var generator = new RsaKeyPairGenerator();
generator.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), ROOT_KEY_LENGTH));
var pair = generator.GenerateKeyPair();
var generator2 = new X509V3CertificateGenerator();
var serialNumber = BigInteger.ProbablePrime(120, new Random());
generator2.SetSerialNumber(serialNumber);
var issuer = new X509Name(string.Format("OU={0}, O={1}, CN={2}", OU, O, CN));
generator2.SetIssuerDN(issuer);
generator2.SetSubjectDN(issuer);
generator2.SetNotBefore(DateTime.Today.AddDays(-7.0));
generator2.SetNotAfter(DateTime.Now.AddYears(YEARS_VALID));
generator2.SetPublicKey(pair.Public);
generator2.SetSignatureAlgorithm(SIGNATURE_ALG);
generator2.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
generator2.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(4));
generator2.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(pair.Public));
var oCACert = generator2.Generate(pair.Private);
var oCAKey = pair.Private;
var encoded = oCACert.GetEncoded();
FiddlerApplication.Prefs.SetStringPref("fiddler.certmaker.bc.cert", Convert.ToBase64String(encoded));
var derEncoded = PrivateKeyInfoFactory.CreatePrivateKeyInfo(oCAKey).ToAsn1Object().GetDerEncoded();
FiddlerApplication.Prefs.SetStringPref("fiddler.certmaker.bc.key", Convert.ToBase64String(derEncoded));
return(CertMaker.rootCertExists());
}
private void Button_Click(object sender, RoutedEventArgs e)
{
var keyGenerate = new RsaKeyPairGenerator();
keyGenerate.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));
AsymmetricCipherKeyPair asymmetricCipherKeyPair = keyGenerate.GenerateKeyPair();
var generate = new X509V3CertificateGenerator();
var certName = new X509Name("CN=CA");
var serialNo = new BigInteger("1", 10);
generate.SetSerialNumber(serialNo);
generate.SetSubjectDN(certName);
generate.SetIssuerDN(certName);
generate.SetNotAfter(DateTime.Now.AddYears(100));
generate.SetNotBefore(DateTime.Now);
generate.SetSignatureAlgorithm("SHA1WITHRSA");
generate.SetPublicKey(asymmetricCipherKeyPair.Public);
var myCert = generate.Generate(asymmetricCipherKeyPair.Private);
byte[] result = DotNetUtilities.ToX509Certificate(myCert).Export(X509ContentType.Cert);
textResult.Text += "Certificate generated! Writing to FS.\n";
if (File.Exists(Directory.GetCurrentDirectory() + "\\test.crt"))
{
textResult.Text += "Certificate file already present. Stopping.";
return;
}
FileStream fileStream = new FileStream(String.Format(Directory.GetCurrentDirectory() + "\\test.crt"), FileMode.CreateNew);
fileStream.Write(result, 0, result.Length);
textResult.Text += String.Format($"Certificate is located at: {Directory.GetCurrentDirectory() + "\\test.crt"}");
fileStream.Flush();
fileStream.Close();
}
// 上位 CA によって署名されている証明書の作成
public Certificate(PrivKey thisCertPrivateKey, CertificateStore parentCertificate, CertificateOptions options, CertificateOptions?alternativeIssuerDN = null)
{
X509Name name = options.GenerateName();
X509V3CertificateGenerator gen = new X509V3CertificateGenerator();
gen.SetSerialNumber(new BigInteger(options.Serial.ToArray()));
if (alternativeIssuerDN == null)
{
gen.SetIssuerDN(parentCertificate.PrimaryCertificate.CertData.IssuerDN);
}
else
{
gen.SetIssuerDN(alternativeIssuerDN.GenerateName());
}
gen.SetSubjectDN(name);
gen.SetNotBefore(DateTime.Now.AddDays(-1));
gen.SetNotAfter(options.Expires.UtcDateTime);
gen.SetPublicKey(thisCertPrivateKey.PublicKey.PublicKeyData);
X509Extension extConst = new X509Extension(true, new DerOctetString(new BasicConstraints(false)));
gen.AddExtension(X509Extensions.BasicConstraints, true, extConst.GetParsedValue());
X509Extension extBasicUsage = new X509Extension(false, new DerOctetString(new KeyUsage(options.KeyUsages)));
gen.AddExtension(X509Extensions.KeyUsage, false, extBasicUsage.GetParsedValue());
X509Extension extExtendedUsage = new X509Extension(false, new DerOctetString(new ExtendedKeyUsage(options.ExtendedKeyUsages)));
gen.AddExtension(X509Extensions.ExtendedKeyUsage, false, extExtendedUsage.GetParsedValue());
X509Extension altName = new X509Extension(false, new DerOctetString(options.GenerateAltNames()));
gen.AddExtension(X509Extensions.SubjectAlternativeName, false, altName.GetParsedValue());
this.CertData = gen.Generate(new Asn1SignatureFactory(options.GetSignatureAlgorithmOid(), parentCertificate.PrimaryPrivateKey.PrivateKeyData.Private, PkiUtil.NewSecureRandom()));
InitFields();
}
public static AsymmetricKeyParameter CreatePrivateKeyResource(string subjectName = "CN=root")
{
const int keyStrength = 2048;
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and Subject Name
var subjectDn = new X509Name(subjectName);
var issuerDn = subjectDn;
certificateGenerator.SetIssuerDN(issuerDn);
certificateGenerator.SetSubjectDN(subjectDn);
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(70);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
return(subjectKeyPair.Private);
}
private static void AddSubjectAlternativeNames(X509V3CertificateGenerator certificateGenerator, IEnumerable <string> subjectAlternativeNames)
{
if (subjectAlternativeNames == null)
{
return;
}
var list = new List <Asn1Encodable>();
foreach (string name in subjectAlternativeNames)
{
if (string.IsNullOrEmpty(name))
{
continue;
}
IPAddress addr;
if (IPAddress.TryParse(name, out addr))
{
list.Add(new GeneralName(GeneralName.IPAddress, name));
// This is a *sigh*... An IP address should be sufficient for a client to accept the certificate, but
// Microsoft clients (IE, .NET, etc.) don't validate the cert properly. Chrome uses the IP properly.
// To work around this, we add the IP address as a DNS name also.
list.Add(new GeneralName(GeneralName.DnsName, name));
}
else
{
if (!name.Contains(" "))
{
list.Add(new GeneralName(GeneralName.DnsName, name));
}
}
}
if (list.Count == 0)
{
return;
}
var subjectAlternativeNamesExtension = new DerSequence(list.ToArray());
certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName.Id, false, subjectAlternativeNamesExtension);
}
public static Org.BouncyCastle.X509.X509Certificate CreateCert(String cn,
AsymmetricKeyParameter pubKey,
AsymmetricKeyParameter privKey)
{
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(new X509Name(cn));
certGen.SetNotBefore(DateTime.UtcNow.AddDays(-30));
certGen.SetNotAfter(DateTime.UtcNow.AddDays(30));
certGen.SetSubjectDN(new X509Name(cn));
certGen.SetPublicKey(pubKey);
certGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
Org.BouncyCastle.X509.X509Certificate cert = certGen.Generate(privKey);
cert.CheckValidity(DateTime.UtcNow);
cert.Verify(pubKey);
return(cert);
}
private static Certificate CreateSelfSignedCertificate(CertType certType, KeyPair keyPair, string commonName, string signatureAlgorithm, string san)
{
X509V3CertificateGenerator certBuilder = CreateCertBuilder(keyPair, commonName);
// Basic constraints
BasicConstraints constraints = new BasicConstraints(true);
certBuilder.AddExtension(X509Extensions.BasicConstraints, true, constraints);
// Key usage
KeyUsage usage = new KeyUsage(Org.BouncyCastle.Asn1.X509.KeyUsage.KeyEncipherment | Org.BouncyCastle.Asn1.X509.KeyUsage.DigitalSignature | Org.BouncyCastle.Asn1.X509.KeyUsage.KeyCertSign);
certBuilder.AddExtension(X509Extensions.KeyUsage, false, usage);
// Extended key usage
//var usages = new[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth };
certBuilder.AddExtension(X509Extensions.ExtendedKeyUsage, false, KeyUsage(certType));
if (san != null)
{
AddSAN(certBuilder, san);
}
ISignatureFactory signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, keyPair.PrivateKey, new SecureRandom());
return(Certificate.Create(certBuilder.Generate(signatureFactory), keyPair.PrivateKey));
}
public static byte[] GenerateCertificate(CertificateSubject subject, CertificateInfo issuer, DateTime startDate, DateTime expiryDate, SignatureHashAlgorithm signatureAlgorithm, TCertificateFormat certificateFormat)
{
byte[] result = null;
AsymmetricKeyParameter privateKey = issuer.PrivateKey as AsymmetricKeyParameter;
if (privateKey != null)
{
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(randomGenerator);
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
AddStandardCertificateInfo(certificateGenerator, random, subject, issuer.Subject, startDate, expiryDate);
AsymmetricCipherKeyPair subjectKeyPair = GenerateKeys(certificateGenerator, random, signatureAlgorithm);
string algorithm = GetAlgorithm(signatureAlgorithm);
certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
certificateGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth }));
byte[] subjectKeyID = new byte[20];
random.NextBytes(subjectKeyID, 0, 20);
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectKeyID));
if (issuer.SubjectKeyID != null)
{
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(issuer.SubjectKeyID));
}
//if ((subject.AlternativeNames != null) && (subject.AlternativeNames.Count > 0))
//{
// certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new SubjectAlternativeNames(false));
// //SubjectAlternativeName
// //GeneralName.DirectoryName
// //GeneralName.IPAddress
//}
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(new Asn1SignatureFactory(algorithm, privateKey, random));
result = ExportCertificate(certificate, subjectKeyPair, certificateFormat);
}
return(result);
}
/// <summary>
/// Generate the certificate
/// </summary>
/// <param name="certName">Certificate name</param>
/// <param name="certPublicKey">Certificate public key</param>
/// <param name="certPublicKeyInfo">Certificate public key info</param>
/// <param name="issuer">Issuer name</param>
/// <param name="issuerPublicKey">Issuer public key</param>
/// <param name="issuerPrivateKey">Issuer private key</param>
/// <param name="issuerSerialNumber">Issuer serial number</param>
/// <returns>X509Certificate2 Certificate</returns>
private X509Certificate2 GenerateCertificate(X509Name certName, AsymmetricKeyParameter certPublicKey, SubjectPublicKeyInfo certPublicKeyInfo,
X509Name issuer, AsymmetricKeyParameter issuerPublicKey, AsymmetricKeyParameter issuerPrivateKey, BigInteger issuerSerialNumber)
{
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
ISignatureFactory factory = new Asn1SignatureFactory("SHA256withRSA", issuerPrivateKey, random);
X509V3CertificateGenerator builder = new X509V3CertificateGenerator();
builder.SetSerialNumber(new BigInteger(16, new SecureRandom(randomGenerator)));
builder.SetIssuerDN(issuer);
builder.SetSubjectDN(certName);
builder.SetPublicKey(certPublicKey);
builder.SetNotBefore(DateTime.UtcNow);
builder.SetNotAfter(DateTime.UtcNow.AddDays(_config.DeviceCertificateValidityDays));
builder.AddExtension(X509Extensions.KeyUsage.Id, true, new X509KeyUsage(X509KeyUsage.DigitalSignature | X509KeyUsage.KeyEncipherment));
builder.AddExtension(X509Extensions.BasicConstraints.Id, true, new BasicConstraints(false));
var subjectAlternativeNames = new Asn1Encodable[] { new GeneralName(GeneralName.DnsName, certName.GetValueList()[0].ToString()) };
var subjectAlternativeNamesExtension = new DerSequence(subjectAlternativeNames);
builder.AddExtension(X509Extensions.SubjectAlternativeName.Id, false, subjectAlternativeNamesExtension);
builder.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(new KeyPurposeID[]
{
KeyPurposeID.IdKPClientAuth,
KeyPurposeID.IdKPServerAuth
}
));
builder.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, false, GetAuthorityKeyIdentifier(issuer, issuerPublicKey, issuerSerialNumber));
builder.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, false, new SubjectKeyIdentifier(certPublicKeyInfo));
// Sign the certificate
Org.BouncyCastle.X509.X509Certificate newCertificate = builder.Generate(factory);
return(new X509Certificate2(DotNetUtilities.ToX509Certificate(newCertificate)));
}
/// <summary>
/// Renews a <see cref="X509Certificate2"/>. This keeps all but the serial number, effective date, and expiration date./>
/// </summary>
/// <param name="certificate">Certificate being renewed</param>
/// <param name="effectiveDate">New effective date</param>
/// <param name="expirationDate">New expiration date</param>
/// <param name="caCertificate">Signing certificate</param>
/// <returns>New <seealso cref="X509Certificate2"/> renewed from <paramref name="certificate"/></returns>
public static X509Certificate2 Renew(X509Certificate2 certificate, DateTime effectiveDate, DateTime expirationDate,
X509Certificate2 caCertificate)
{
AsymmetricKeyParameter signingKey = caCertificate == null ? null : Certificate.TransformRSAPrivateKey((RSACryptoServiceProvider)caCertificate.PrivateKey);
var privateKeyParameter = TransformRSAPrivateKey((RSACryptoServiceProvider)certificate.PrivateKey);
var bcCert = DotNetUtilities.FromX509Certificate(certificate);
var publicKeyParameter = bcCert.GetPublicKey();
AsymmetricCipherKeyPair keyPair = new AsymmetricCipherKeyPair(publicKeyParameter, privateKeyParameter);
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
BigInteger serialNumber = CreateSerialNumber();
certGen.SetSerialNumber(serialNumber);
certGen.SetIssuerDN(bcCert.IssuerDN);
// Converted time to Universal Time so that the time set when calling Generate is the same as the time specified
certGen.SetNotBefore(effectiveDate.ToUniversalTime());
certGen.SetNotAfter(expirationDate.ToUniversalTime());
certGen.SetSubjectDN(bcCert.SubjectDN);
certGen.SetPublicKey(keyPair.Public);
certGen.SetSignatureAlgorithm(SIGNATURE_ALGORITHM);
// Copy all extensions
foreach (var ext in certificate.Extensions)
{
certGen.CopyAndAddExtension(ext.Oid.Value, ext.Critical, bcCert);
}
Org.BouncyCastle.X509.X509Certificate bcNewCert = certGen.Generate(signingKey ?? keyPair.Private);
X509Certificate2 dotNetCert = new X509Certificate2(bcNewCert.GetEncoded())
{
// Restore private key
PrivateKey = certificate.PrivateKey
};
return(dotNetCert);
}
public X509Certificate2 create(string certName, int length)
{
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(length);
var keypair = DotNetUtilities.GetRsaKeyPair(rsa);
var gen = new X509V3CertificateGenerator();
var name = new X509Name("CN=" + certName);
var serial = new BigInteger(Encoding.ASCII.GetBytes("ISU_RSA_Crypto"));
gen.SetSerialNumber(serial);
gen.SetIssuerDN(name);
gen.SetSubjectDN(name);
gen.SetNotBefore(DateTime.Now.AddDays(-7));
gen.SetNotAfter(DateTime.Now.AddYears(10));
gen.SetPublicKey(keypair.Public);
var newCert = gen.Generate(new Asn1SignatureFactory("SHA512withRSA", keypair.Private));
var cert = new X509Certificate2(DotNetUtilities.ToX509Certificate(newCert));
cert.PrivateKey = DotNetUtilities.ToRSA(keypair.Private as RsaPrivateCrtKeyParameters);
return(cert);
}
public static X509Certificate GenerateEndEntityCert(
IAsymmetricKeyParameter entityKey,
IAsymmetricKeyParameter caKey,
X509Certificate caCert)
{
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(PrincipalUtilities.GetSubjectX509Principal(caCert));
certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
certGen.SetSubjectDN(new X509Name("CN=Test End Certificate"));
certGen.SetPublicKey(entityKey);
certGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey));
certGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
certGen.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
return(certGen.Generate(caKey));
}
GenerateX509Certificate(string certName)
{
var keypairgen = new RsaKeyPairGenerator();
keypairgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 2048));
var keypair = keypairgen.GenerateKeyPair();
var gen = new X509V3CertificateGenerator();
var cn = new X509Name("CN=" + certName);
var sn = BigInteger.ProbablePrime(120, new Random());
gen.SetSerialNumber(sn);
gen.SetSubjectDN(cn);
gen.SetIssuerDN(cn);
gen.SetNotAfter(DateTime.MaxValue);
gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)));
gen.SetSignatureAlgorithm("MD5WithRSA");
gen.SetPublicKey(keypair.Public);
var newCert = gen.Generate(keypair.Private);
var cert = DotNetUtilities.ToX509Certificate(newCert);
var certBytes = cert.Export(X509ContentType.Pkcs12, "password");
var cert2 = new X509Certificate2(certBytes, "password");
var rsaPriv = DotNetUtilities.ToRSA(keypair.Private as RsaPrivateCrtKeyParameters);
var csp = new CspParameters {
KeyContainerName = "KeyContainer"
};
var rsaPrivate = new RSACryptoServiceProvider(csp);
rsaPrivate.ImportParameters(rsaPriv.ExportParameters(true));
cert2.PrivateKey = rsaPrivate;
return(cert2);
}
/// <summary>
/// Generates the certificate for <see cref="ChallengeTypes.TlsAlpn01" /> validation.
/// </summary>
/// <param name="key">The key.</param>
/// <param name="token">The <see cref="ChallengeTypes.TlsAlpn01" /> token.</param>
/// <param name="subjectName">Name of the subject.</param>
/// <param name="certificateKey">The certificate key pair.</param>
/// <returns>The tls-alpn-01 certificate in PEM.</returns>
public static string TlsAlpnCertificate(this IKey key, string token, string subjectName, IKey certificateKey)
{
var keyAuthz = key.KeyAuthorization(token);
var hashed = DigestUtilities.CalculateDigest("SHA256", Encoding.UTF8.GetBytes(keyAuthz));
var(_, keyPair) = signatureAlgorithmProvider.GetKeyPair(certificateKey.ToDer());
var signatureFactory = new Asn1SignatureFactory(certificateKey.Algorithm.ToPkcsObjectId(), keyPair.Private, new SecureRandom());
var gen = new X509V3CertificateGenerator();
var certName = new X509Name($"CN={subjectName}");
var serialNo = BigInteger.ProbablePrime(120, new SecureRandom());
gen.SetSerialNumber(serialNo);
gen.SetSubjectDN(certName);
gen.SetIssuerDN(certName);
gen.SetNotBefore(DateTime.UtcNow);
gen.SetNotAfter(DateTime.UtcNow.AddDays(7));
gen.SetPublicKey(keyPair.Public);
// SAN for validation
var gns = new[] { new GeneralName(GeneralName.DnsName, subjectName) };
gen.AddExtension(X509Extensions.SubjectAlternativeName.Id, false, new GeneralNames(gns));
// ACME-TLS/1
gen.AddExtension(
acmeValidationV1Id,
true,
hashed);
var newCert = gen.Generate(signatureFactory);
using (var sr = new StringWriter())
{
var pemWriter = new PemWriter(sr);
pemWriter.WriteObject(newCert);
return(sr.ToString());
}
}
public static X509Certificate2 CreateCertificate(string certName, X509Certificate2 ca, int keyStrength)
{
var caCert = DotNetUtilities.FromX509Certificate(ca);
var random = new SecureRandom(new CryptoApiRandomGenerator());
var keyPairGen = new RsaKeyPairGenerator();
keyPairGen.Init(new KeyGenerationParameters(random, keyStrength));
AsymmetricCipherKeyPair keyPair = keyPairGen.GenerateKeyPair();
var certificateGenerator = new X509V3CertificateGenerator();
var CN = new X509Name("CN=" + certName);
var SN = BigInteger.ProbablePrime(120, random);
certificateGenerator.SetSerialNumber(SN);
certificateGenerator.SetSubjectDN(CN);
certificateGenerator.SetIssuerDN(caCert.IssuerDN);
certificateGenerator.SetNotAfter(DateTime.MaxValue);
certificateGenerator.SetNotBefore(DateTime.UtcNow.Subtract(new TimeSpan(1, 0, 0, 0)));
certificateGenerator.SetPublicKey(keyPair.Public);
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.Public));
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert.GetPublicKey()));
var caKeyPair = DotNetUtilities.GetKeyPair(ca.PrivateKey);
ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", caKeyPair.Private, random);
var certificate = certificateGenerator.Generate(signatureFactory);
certificate.Verify(caCert.GetPublicKey());
byte[] pkcs12Bytes = DotNetUtilities.ToX509Certificate(certificate).Export(X509ContentType.Pkcs12, Settings.CertificatePassword);
var certificate2 = new X509Certificate2(pkcs12Bytes, Settings.CertificatePassword);
certificate2.PrivateKey = DotNetUtilities.ToRSA(keyPair.Private as RsaPrivateCrtKeyParameters);
return(certificate2);
}
public static Tuple <SigningCredentials, X509Certificate2> GenerateSigningInformation()
{
var kp = GenereateKeys();
var gen = new X509V3CertificateGenerator();
var certName = new X509Name("CN=Test_" + Guid.NewGuid());
var serialNo = BigInteger.ProbablePrime(120, new Random());
gen.SetSerialNumber(serialNo);
gen.SetSubjectDN(certName);
gen.SetIssuerDN(certName);
gen.SetNotAfter(DateTime.Now.AddYears(100));
gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)));
gen.SetPublicKey(kp.Public);
gen.AddExtension(
X509Extensions.AuthorityKeyIdentifier.Id,
false,
new AuthorityKeyIdentifier(
SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public),
new GeneralNames(new GeneralName(certName)),
serialNo));
gen.AddExtension(
X509Extensions.ExtendedKeyUsage.Id,
false,
new ExtendedKeyUsage(new ArrayList()
{
new DerObjectIdentifier("1.3.6.1.5.5.7.3.1")
}));
var signatureFactory = new Asn1SignatureFactory("MD5WithRSA", kp.Private);
var x509Certificate = new X509Certificate2(gen.Generate(signatureFactory).GetEncoded());
var rsa = ToRsaParameters((RsaPrivateCrtKeyParameters)kp.Private);
var signingCredentials = new SigningCredentials(new RsaSecurityKey(rsa), SecurityAlgorithms.RsaSha256Signature);
return(new Tuple <SigningCredentials, X509Certificate2>(signingCredentials, x509Certificate));
}
public static X509Certificate2 SampleTEST(SecureString samplPwd)
{
// Keypair Generator
RsaKeyPairGenerator kpGenerator = new RsaKeyPairGenerator();
kpGenerator.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 2048));
// Create a keypair
AsymmetricCipherKeyPair kp = kpGenerator.GenerateKeyPair();
var privateKey = (RsaPrivateCrtKeyParameters)kp.Private;
// Certificate Generator
X509V3CertificateGenerator cGenerator = new X509V3CertificateGenerator();
cGenerator.SetSerialNumber(BigInteger.ProbablePrime(120, new Random()));
cGenerator.SetSubjectDN(new X509Name("CN=" + "azureworking"));
cGenerator.SetIssuerDN(new X509Name("CN=" + "azureworking"));
cGenerator.SetNotBefore(DateTime.Now.Date.Subtract(new TimeSpan(10, 0, 0, 0)));
cGenerator.SetNotAfter(DateTime.Now.Add(new TimeSpan(365, 0, 0, 0))); // Expire in 1 year
const string signatureAlgorithm = "SHA1WithRSA";
cGenerator.SetSignatureAlgorithm(signatureAlgorithm);
cGenerator.SetPublicKey(kp.Public); // Only the public key should be used here!
Org.BouncyCastle.X509.X509Certificate cert = cGenerator.Generate(kp.Private); // Create a self-signed cert
var dotNetPrivateKey = ToDotNetKey(privateKey);
byte[] certStream = DotNetUtilities.ToX509Certificate(cert).Export(X509ContentType.Pkcs12, samplPwd);
X509Certificate2 certToReturn = new X509Certificate2(certStream, samplPwd, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
certToReturn.PrivateKey = dotNetPrivateKey;
return(certToReturn);
}
public void CreateCertificate(Key clientPublicKey, Key caPrivateKey)
{
DateTime startDate = DateTime.Now;
DateTime expiryDate = startDate.AddDays(365);
SecureRandom random = new SecureRandom(new CryptoApiRandomGenerator());
AsymmetricKeyParameter publicKey = clientPublicKey.GetPublicAsAsymmetricKeyParam;
System.Security.Cryptography.X509Certificates.X509Certificate2 caCert2 = LoadPKCS12FromFile();
var utilities = DotNetUtilities.FromX509Certificate(caCert2);
ISignatureFactory signatureAlgorithm = new Asn1SignatureFactory("SHA256WITHRSA", caPrivateKey.GetPrivateAsAsymmetricKeyParam, random);
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
X509Name subjectName = new X509Name("C=Poland, O=West Pomeranian University of Technology, OU=IT department, ST=Szczecin, CN=bm29690.wi.zut.edu.pl, serialNumber=29690, Surname=Maciej Bartłomiejczyk");
certGen.SetSerialNumber(BigInteger.ValueOf(DateTime.Now.Millisecond));
certGen.SetIssuerDN(utilities.SubjectDN);
certGen.SetNotBefore(startDate);
certGen.SetNotAfter(expiryDate);
certGen.SetSubjectDN(subjectName);
certGen.SetPublicKey(publicKey);
X509Certificate newCertificate = certGen.Generate(signatureAlgorithm);
_certificate = newCertificate;
}
public void CreateCertificate(Key clientPublicKey, Key caPrivateKey, System.Security.Cryptography.X509Certificates.X509Certificate2 caCert)
{
if (_certificateDN != null)
{
DateTime startDate = DateTime.Now;
DateTime expiryDate = startDate.AddDays(365);
SecureRandom random = new SecureRandom(new CryptoApiRandomGenerator());
AsymmetricKeyParameter publicKey = clientPublicKey.GetPublicAsAsymmetricKeyParam;
var utilities = DotNetUtilities.FromX509Certificate(caCert);
ISignatureFactory signatureAlgorithm = new Asn1SignatureFactory("SHA256WITHRSA", caPrivateKey.GetPrivateAsAsymmetricKeyParam, random);
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
X509Name subjectName = _certificateDN;
certGen.SetSerialNumber(BigInteger.ValueOf(DateTime.Now.Millisecond));
certGen.SetIssuerDN(utilities.SubjectDN);
certGen.SetNotBefore(startDate);
certGen.SetNotAfter(expiryDate);
certGen.SetSubjectDN(subjectName);
certGen.SetPublicKey(publicKey);
X509Certificate newCertificate = certGen.Generate(signatureAlgorithm);
_certificate = newCertificate;
SaveAsString();
}
}
public static X509Certificate GenerateCertificate(AsymmetricCipherKeyPair keyPair, string certName,
string signatureAlgorithm)
{
signatureAlgorithm = signatureAlgorithm ?? DefaultSignatureAlgorithm;
var gen = new X509V3CertificateGenerator();
var cn = new X509Name("CN=" + certName);
var serial = BigInteger.ProbablePrime(120, new Random());
gen.SetSerialNumber(serial);
gen.SetSubjectDN(cn);
gen.SetIssuerDN(cn);
gen.SetNotAfter(DateTime.MaxValue);
gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)));
gen.SetPublicKey(keyPair.Public);
var sf = new Asn1SignatureFactory(signatureAlgorithm, keyPair.Private);
var r = gen.Generate(sf);
return(DotNetUtilities.ToX509Certificate(r));
}
private static X509Certificate CreateCertificate(
AsymmetricKeyParameter certificatePublicKey,
Asn1SignatureFactory signatureFactory,
BigInteger serialNumber,
X509Name issuerName,
X509Name subjectName,
DateTimeOffset notBefore,
DateTimeOffset notAfter,
Action <X509V3CertificateGenerator> customizeCertificate)
{
var generator = new X509V3CertificateGenerator();
generator.SetSerialNumber(serialNumber);
generator.SetIssuerDN(issuerName);
generator.SetNotBefore(notBefore.UtcDateTime);
generator.SetNotAfter(notAfter.UtcDateTime);
generator.SetSubjectDN(subjectName);
generator.SetPublicKey(certificatePublicKey);
customizeCertificate(generator);
return(generator.Generate(signatureFactory));
}
private static X509Certificate2 GenerateCA(string subjectName)
{
SecureRandom random = GetSecureRandom();
AsymmetricCipherKeyPair subjectKeyPair = GenerateKeyPair(random, 2048);
BigInteger serialNumber = GenerateSerialNumber(random);
var certificateGenerator = new X509V3CertificateGenerator();
certificateGenerator.AddIssuer(subjectName, subjectKeyPair, serialNumber);
certificateGenerator.SetSubjectDN(new X509Name(subjectName));
certificateGenerator.SetNotBefore(DateTime.UtcNow.Date);
certificateGenerator.SetNotAfter(DateTime.UtcNow.Date.AddYears(30));
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
certificateGenerator.SetSerialNumber(serialNumber);
certificateGenerator.AddSubjectKeyIdentifier(subjectKeyPair);
certificateGenerator.AddBasicConstraints(isCertificateAuthority: true);
X509Certificate certificate = certificateGenerator.GenerateCertificateAsn1(subjectKeyPair, random);
return(ConvertCertificate(certificate, subjectKeyPair, random));
}
private static AsymmetricCipherKeyPair GenerateKeys(X509V3CertificateGenerator certificateGenerator, SecureRandom random, SignatureHashAlgorithm signatureAlgorithm)
{
AsymmetricCipherKeyPair result = null;
switch (signatureAlgorithm.Signature)
{
case TSignatureAlgorithm.Anonymous:
break;
case TSignatureAlgorithm.RSA:
KeyGenerationParameters keyGenerationParameters = new KeyGenerationParameters(random, 2048);
RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
rsaKeyPairGenerator.Init(keyGenerationParameters);
result = rsaKeyPairGenerator.GenerateKeyPair();
break;
case TSignatureAlgorithm.DSA:
break;
case TSignatureAlgorithm.ECDSA:
//ECDomainParameters ellipticCurveParameters = EllipticCurveFactory.GetEllipticCurveParameters(TEllipticCurve.secp256r1);
ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator();
//keyPairGenerator.Init(new ECKeyGenerationParameters(ellipticCurveParameters, random));
keyPairGenerator.Init(new ECKeyGenerationParameters(Org.BouncyCastle.Asn1.Sec.SecObjectIdentifiers.SecP256r1, random));
result = keyPairGenerator.GenerateKeyPair();
//certificateGenerator.AddExtension(X509Extensions.SubjectPublicKeyInfo)
//PrivateKey = (ECPrivateKeyParameters)keys.Private;
//PublicKey = (ECPublicKeyParameters)keys.Public;
break;
default:
break;
}
certificateGenerator.SetPublicKey(result.Public);
return(result);
}
public void TestCreationRSA()
{
IBigInteger rsaPubMod = new BigInteger(Base64.Decode("AIASoe2PQb1IP7bTyC9usjHP7FvnUMVpKW49iuFtrw/dMpYlsMMoIU2jupfifDpdFxIktSB4P+6Ymg5WjvHKTIrvQ7SR4zV4jaPTu56Ys0pZ9EDA6gb3HLjtU+8Bb1mfWM+yjKxcPDuFjwEtjGlPHg1Vq+CA9HNcMSKNn2+tW6qt"));
IBigInteger rsaPubExp = new BigInteger(Base64.Decode("EQ=="));
IBigInteger rsaPrivMod = new BigInteger(Base64.Decode("AIASoe2PQb1IP7bTyC9usjHP7FvnUMVpKW49iuFtrw/dMpYlsMMoIU2jupfifDpdFxIktSB4P+6Ymg5WjvHKTIrvQ7SR4zV4jaPTu56Ys0pZ9EDA6gb3HLjtU+8Bb1mfWM+yjKxcPDuFjwEtjGlPHg1Vq+CA9HNcMSKNn2+tW6qt"));
IBigInteger rsaPrivDP = new BigInteger(Base64.Decode("JXzfzG5v+HtLJIZqYMUefJfFLu8DPuJGaLD6lI3cZ0babWZ/oPGoJa5iHpX4Ul/7l3s1PFsuy1GhzCdOdlfRcQ=="));
IBigInteger rsaPrivDQ = new BigInteger(Base64.Decode("YNdJhw3cn0gBoVmMIFRZzflPDNthBiWy/dUMSRfJCxoZjSnr1gysZHK01HteV1YYNGcwPdr3j4FbOfri5c6DUQ=="));
IBigInteger rsaPrivExp = new BigInteger(Base64.Decode("DxFAOhDajr00rBjqX+7nyZ/9sHWRCCp9WEN5wCsFiWVRPtdB+NeLcou7mWXwf1Y+8xNgmmh//fPV45G2dsyBeZbXeJwB7bzx9NMEAfedchyOwjR8PYdjK3NpTLKtZlEJ6Jkh4QihrXpZMO4fKZWUm9bid3+lmiq43FwW+Hof8/E="));
IBigInteger rsaPrivP = new BigInteger(Base64.Decode("AJ9StyTVW+AL/1s7RBtFwZGFBgd3zctBqzzwKPda6LbtIFDznmwDCqAlIQH9X14X7UPLokCDhuAa76OnDXb1OiE="));
IBigInteger rsaPrivQ = new BigInteger(Base64.Decode("AM3JfD79dNJ5A3beScSzPtWxx/tSLi0QHFtkuhtSizeXdkv5FSba7lVzwEOGKHmW829bRoNxThDy4ds1IihW1w0="));
IBigInteger rsaPrivQinv = new BigInteger(Base64.Decode("Lt0g7wrsNsQxuDdB8q/rH8fSFeBXMGLtCIqfOec1j7FEIuYA/ACiRDgXkHa0WgN7nLXSjHoy630wC5Toq8vvUg=="));
RsaKeyParameters rsaPublic = new RsaKeyParameters(false, rsaPubMod, rsaPubExp);
RsaPrivateCrtKeyParameters rsaPrivate = new RsaPrivateCrtKeyParameters(rsaPrivMod, rsaPubExp, rsaPrivExp, rsaPrivP, rsaPrivQ, rsaPrivDP, rsaPrivDQ, rsaPrivQinv);
IDictionary attrs = new Hashtable();
attrs[X509Name.C] = "AU";
attrs[X509Name.O] = "The Legion of the Bouncy Castle";
attrs[X509Name.L] = "Melbourne";
attrs[X509Name.ST] = "Victoria";
attrs[X509Name.E] = "*****@*****.**";
IList ord = new ArrayList();
ord.Add(X509Name.C);
ord.Add(X509Name.O);
ord.Add(X509Name.L);
ord.Add(X509Name.ST);
ord.Add(X509Name.E);
IList values = new ArrayList();
values.Add("AU");
values.Add("The Legion of the Bouncy Castle");
values.Add("Melbourne");
values.Add("Victoria");
values.Add("*****@*****.**");
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(new X509Name(ord, attrs));
certGen.SetNotBefore(DateTime.UtcNow.AddDays(-1));
certGen.SetNotAfter(DateTime.UtcNow.AddDays(1));
certGen.SetSubjectDN(new X509Name(ord, attrs));
certGen.SetPublicKey(rsaPublic);
certGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
X509Certificate cert = certGen.Generate(rsaPrivate);
// Assert.IsTrue((cert.IsValidNow && cert.Verify(rsaPublic)),"Certificate failed to be valid (RSA)");
cert.CheckValidity();
cert.Verify(rsaPublic);
//Console.WriteLine(ASN1Dump.DumpAsString(cert.ToAsn1Object()));
ISet dummySet = cert.GetNonCriticalExtensionOids();
if (dummySet != null)
{
foreach (string key in dummySet)
{
Console.WriteLine("\t{0}:\t{1}", key);
}
}
Console.WriteLine();
dummySet = cert.GetNonCriticalExtensionOids();
if (dummySet != null)
{
foreach (string key in dummySet)
{
Console.WriteLine("\t{0}:\t{1}", key);
}
}
Console.WriteLine();
}
public void TestCreationECDSA()
{
IBigInteger ECParraGX = new BigInteger(Base64.Decode("D/qWPNyogWzMM7hkK+35BcPTWFc9Pyf7vTs8uaqv"));
IBigInteger ECParraGY = new BigInteger(Base64.Decode("AhQXGxb1olGRv6s1LPRfuatMF+cx3ZTGgzSE/Q5R"));
IBigInteger ECParraH = new BigInteger(Base64.Decode("AQ=="));
IBigInteger ECParraN = new BigInteger(Base64.Decode("f///////////////f///nl6an12QcfvRUiaIkJ0L"));
IBigInteger ECPubQX = new BigInteger(Base64.Decode("HWWi17Yb+Bm3PYr/DMjLOYNFhyOwX1QY7ZvqqM+l"));
IBigInteger ECPubQY = new BigInteger(Base64.Decode("JrlJfxu3WGhqwtL/55BOs/wsUeiDFsvXcGhB8DGx"));
IBigInteger ECPrivD = new BigInteger(Base64.Decode("GYQmd/NF1B+He1iMkWt3by2Az6Eu07t0ynJ4YCAo"));
FPCurve curve = new FPCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
ECDomainParameters ecDomain =
new ECDomainParameters(curve, new FPPoint(curve, curve.FromBigInteger(ECParraGX), curve.FromBigInteger(ECParraGY)), ECParraN);
ECPublicKeyParameters ecPub = new ECPublicKeyParameters(
"ECDSA",
new FPPoint(curve,
curve.FromBigInteger(ECPubQX),
curve.FromBigInteger(ECPubQY)),
ecDomain);
ECPrivateKeyParameters ecPriv = new ECPrivateKeyParameters("ECDSA", ECPrivD, ecDomain);
IDictionary attrs = new Hashtable();
attrs[X509Name.C] = "AU";
attrs[X509Name.O] = "The Legion of the Bouncy Castle";
attrs[X509Name.L] = "Melbourne";
attrs[X509Name.ST] = "Victoria";
attrs[X509Name.E] = "*****@*****.**";
IList ord = new ArrayList();
ord.Add(X509Name.C);
ord.Add(X509Name.O);
ord.Add(X509Name.L);
ord.Add(X509Name.ST);
ord.Add(X509Name.E);
IList values = new ArrayList();
values.Add("AU");
values.Add("The Legion of the Bouncy Castle");
values.Add("Melbourne");
values.Add("Victoria");
values.Add("*****@*****.**");
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(new X509Name(ord, attrs));
certGen.SetNotBefore(DateTime.Today.Subtract(new TimeSpan(1, 0, 0, 0)));
certGen.SetNotAfter(DateTime.Today.AddDays(1));
certGen.SetSubjectDN(new X509Name(ord, attrs));
certGen.SetPublicKey(ecPub);
certGen.SetSignatureAlgorithm("SHA1WITHECDSA");
X509Certificate cert = certGen.Generate(ecPriv);
// Assert.IsTrue((cert.IsValidNow && cert.Verify(ecPub)), "Certificate failed to be valid (ECDSA)");
cert.CheckValidity();
cert.Verify(ecPub);
ISet dummySet = cert.GetNonCriticalExtensionOids();
if (dummySet != null)
{
foreach (string key in dummySet)
{
Console.WriteLine("\t{0}:\t{1}", key);
}
}
Console.WriteLine();
dummySet = cert.GetNonCriticalExtensionOids();
if (dummySet != null)
{
foreach (string key in dummySet)
{
Console.WriteLine("\t{0}:\t{1}", key);
}
}
Console.WriteLine();
}
public void TestCreationDSA()
{
IBigInteger DSAParaG = new BigInteger(Base64.Decode("AL0fxOTq10OHFbCf8YldyGembqEu08EDVzxyLL29Zn/t4It661YNol1rnhPIs+cirw+yf9zeCe+KL1IbZ/qIMZM="));
IBigInteger DSAParaP = new BigInteger(Base64.Decode("AM2b/UeQA+ovv3dL05wlDHEKJ+qhnJBsRT5OB9WuyRC830G79y0R8wuq8jyIYWCYcTn1TeqVPWqiTv6oAoiEeOs="));
IBigInteger DSAParaQ = new BigInteger(Base64.Decode("AIlJT7mcKL6SUBMmvm24zX1EvjNx"));
IBigInteger DSAPublicY = new BigInteger(Base64.Decode("TtWy2GuT9yGBWOHi1/EpCDa/bWJCk2+yAdr56rAcqP0eHGkMnA9s9GJD2nGU8sFjNHm55swpn6JQb8q0agrCfw=="));
IBigInteger DsaPrivateX = new BigInteger(Base64.Decode("MMpBAxNlv7eYfxLTZ2BItJeD31A="));
DsaParameters para = new DsaParameters(DSAParaP, DSAParaQ, DSAParaG);
DsaPrivateKeyParameters dsaPriv = new DsaPrivateKeyParameters(DsaPrivateX, para);
DsaPublicKeyParameters dsaPub = new DsaPublicKeyParameters(DSAPublicY, para);
IDictionary attrs = new Hashtable();
attrs[X509Name.C] = "AU";
attrs[X509Name.O] = "The Legion of the Bouncy Castle";
attrs[X509Name.L] = "Melbourne";
attrs[X509Name.ST] = "Victoria";
attrs[X509Name.E] = "*****@*****.**";
IList ord = new ArrayList();
ord.Add(X509Name.C);
ord.Add(X509Name.O);
ord.Add(X509Name.L);
ord.Add(X509Name.ST);
ord.Add(X509Name.E);
IList values = new ArrayList();
values.Add("AU");
values.Add("The Legion of the Bouncy Castle");
values.Add("Melbourne");
values.Add("Victoria");
values.Add("*****@*****.**");
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(new X509Name(ord, attrs));
certGen.SetNotBefore(DateTime.UtcNow.AddDays(-1));
certGen.SetNotAfter(DateTime.UtcNow.AddDays(1));
certGen.SetSubjectDN(new X509Name(ord, attrs));
certGen.SetPublicKey(dsaPub);
certGen.SetSignatureAlgorithm("SHA1WITHDSA");
X509Certificate cert = certGen.Generate(dsaPriv);
// Assert.IsTrue((cert.IsValidNow && cert.Verify(dsaPub)), "Certificate failed to be valid (DSA Test)");
cert.CheckValidity();
cert.Verify(dsaPub);
ISet dummySet = cert.GetNonCriticalExtensionOids();
if (dummySet != null)
{
foreach (string key in dummySet)
{
Console.WriteLine("\t{0}:\t{1}", key);
}
}
Console.WriteLine();
dummySet = cert.GetNonCriticalExtensionOids();
if (dummySet != null)
{
foreach (string key in dummySet)
{
Console.WriteLine("\t{0}:\t{1}", key);
}
}
Console.WriteLine();
}
