// 自己署名証明書の作成
public Certificate(PrivKey selfSignKey, CertificateOptions options)
{
X509Name name = options.GenerateName();
X509V3CertificateGenerator gen = new X509V3CertificateGenerator();
gen.SetSerialNumber(new BigInteger(options.Serial.ToArray()));
gen.SetIssuerDN(name);
gen.SetSubjectDN(name);
gen.SetNotBefore(DateTime.Now.AddDays(-1));
gen.SetNotAfter(options.Expires.UtcDateTime);
gen.SetPublicKey(selfSignKey.PublicKey.PublicKeyData);
X509Extension extConst = new X509Extension(true, new DerOctetString(new BasicConstraints(true)));
gen.AddExtension(X509Extensions.BasicConstraints, true, extConst.GetParsedValue());
X509Extension extBasicUsage = new X509Extension(false, new DerOctetString(new KeyUsage(options.KeyUsages)));
gen.AddExtension(X509Extensions.KeyUsage, false, extBasicUsage.GetParsedValue());
X509Extension extExtendedUsage = new X509Extension(false, new DerOctetString(new ExtendedKeyUsage(options.ExtendedKeyUsages)));
gen.AddExtension(X509Extensions.ExtendedKeyUsage, false, extExtendedUsage.GetParsedValue());
X509Extension altName = new X509Extension(false, new DerOctetString(options.GenerateAltNames()));
gen.AddExtension(X509Extensions.SubjectAlternativeName, false, altName.GetParsedValue());
this.CertData = gen.Generate(new Asn1SignatureFactory(options.GetSignatureAlgorithmOid(), selfSignKey.PrivateKeyData.Private, PkiUtil.NewSecureRandom()));
InitFields();
}
public static JwsPacket Encapsulate(PrivKey key, string?kid, string nonce, string url, object?payload)
{
JwsKey jwk = CreateJwsKey(key.PublicKey, out string algName, out string signerName);
JwsProtected protect = new JwsProtected()
{
alg = algName,
jwk = kid._IsEmpty() ? jwk : null,
kid = kid._IsEmpty() ? null : kid,
nonce = nonce,
url = url,
};
JwsPacket ret = new JwsPacket()
{
Protected = protect._ObjectToJson(base64url: true, includeNull: true),
payload = (payload == null ? "" : payload._ObjectToJson(base64url: true)),
};
var signer = key.GetSigner(signerName);
byte[] signature = signer.Sign((ret.Protected + "." + ret.payload)._GetBytes_Ascii());
ret.signature = signature._Base64UrlEncode();
return(ret);
}
public CertificateStoreContainer(string alias, Certificate[] certList, PrivKey privateKey)
{
this.Alias = alias;
this.PrivateKey = privateKey;
foreach (var cert in certList)
{
this.CertificateList.Add(cert);
}
}
public static void GenerateEcdsaKeyPair(int bits, out PrivKey privateKey, out PubKey publicKey)
{
KeyGenerationParameters param = new KeyGenerationParameters(NewSecureRandom(), bits);
ECKeyPairGenerator gen = new ECKeyPairGenerator("ECDSA");
gen.Init(param);
AsymmetricCipherKeyPair pair = gen.GenerateKeyPair();
privateKey = new PrivKey(pair);
publicKey = new PubKey(pair.Public);
}
public static void GenerateKeyPair(PkiAlgorithm algorithm, int bits, out PrivKey privateKey, out PubKey publicKey)
{
switch (algorithm)
{
case PkiAlgorithm.RSA:
GenerateRsaKeyPair(bits, out privateKey, out publicKey);
break;
case PkiAlgorithm.ECDSA:
GenerateEcdsaKeyPair(bits, out privateKey, out publicKey);
break;
default:
throw new ArgumentException("algorithm");
}
}
public Csr(PrivKey priv, CertificateOptions options)
{
X509Name subject = options.GenerateName();
GeneralNames alt = options.GenerateAltNames();
X509Extension altName = new X509Extension(false, new DerOctetString(alt));
List <object> oids = new List <object>()
{
X509Extensions.SubjectAlternativeName,
};
List <object> values = new List <object>()
{
altName,
};
X509Extensions x509exts = new X509Extensions(oids, values);
X509Attribute attr = new X509Attribute(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest.Id, new DerSet(x509exts));
AttributePkcs attr2 = new AttributePkcs(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, new DerSet(x509exts));
this.Request = new Pkcs10CertificationRequest(new Asn1SignatureFactory(options.GetSignatureAlgorithmOid(), priv.PrivateKeyData.Private, PkiUtil.NewSecureRandom()),
subject, priv.PublicKey.PublicKeyData, new DerSet(attr2));
}
public bool CheckIfPrivateKeyCorrespond(PrivKey privateKey)
{
return(this.Equals(privateKey.PublicKey));
}
public CertificateStore(ReadOnlySpan <byte> pkcs12, string?password = null)
{
password = password._NonNull();
// 2019/8/15 to Fix the Linux .NET Core bug: https://github.com/dotnet/corefx/issues/30946
ReadOnlyMemory <byte> pkcs12Normalized = CertificateUtil.NormalizePkcs12MemoryData(pkcs12, password);
using (MemoryStream ms = new MemoryStream())
{
ms.Write(pkcs12Normalized.Span);
ms._SeekToBegin();
Pkcs12Store p12 = new Pkcs12Store(ms, password.ToCharArray());
foreach (object?aliasObject in p12.Aliases)
{
if (aliasObject != null)
{
string alias = (string)aliasObject;
if (alias._IsNullOrZeroLen() == false)
{
AsymmetricKeyParameter?privateKeyParam = null;
AsymmetricKeyEntry?key = p12.GetKey(alias);
if (key != null)
{
if (key.Key.IsPrivate == false)
{
throw new ApplicationException("Key.IsPrivate == false");
}
privateKeyParam = key.Key;
}
X509CertificateEntry[] certs = p12.GetCertificateChain(alias);
List <Certificate> certList = new List <Certificate>();
if (certs != null)
{
foreach (X509CertificateEntry cert in certs)
{
Certificate certObj = new Certificate(cert.Certificate);
certList.Add(certObj);
}
}
if (certList.Count >= 1)
{
PrivKey?privateKey = null;
if (privateKeyParam != null)
{
privateKey = new PrivKey(new AsymmetricCipherKeyPair(certList[0].PublicKey.PublicKeyData, privateKeyParam));
}
else
{
throw new ApplicationException("No private key found.");
}
CertificateStoreContainer container = new CertificateStoreContainer(alias, certList.ToArray(), privateKey);
this.InternalContainers.Add(alias, container);
}
}
}
}
if (this.InternalContainers.Count == 0)
{
throw new ApplicationException("There are no certificate aliases in the PKCS#12 file.");
}
}
InitFields();
}
public CertificateStore(Certificate singleCert, PrivKey privateKey)
: this(singleCert._SingleList(), privateKey)
{
}
public CertificateStore(IEnumerable <Certificate> chainedCertList, PrivKey privateKey)
{
this.InternalContainers.Add("default", new CertificateStoreContainer("default", chainedCertList.ToArray(), privateKey));
InitFields();
}
public CertificateStore(ReadOnlySpan <byte> chainedCertData, PrivKey privateKey)
: this(CertificateUtil.ImportChainedCertificates(chainedCertData), privateKey)
{
}
public virtual async Task <WebRet> RequestWithJwsObject(WebMethods method, PrivKey privKey, string?kid, string nonce, string url, object?payload, CancellationToken cancel = default, string postContentType = Consts.MimeTypes.Json)
{
JwsPacket reqPacket = JwsUtil.Encapsulate(privKey, kid, nonce, url, payload);
return(await this.RequestWithJsonObjectAsync(method, url, reqPacket, cancel, postContentType));
}
