public void TestRsaSha1()
{
using (Configuration cfg = new Configuration("openssl.cnf"))
{
// Test RSA/SHA1 with other SelfSigned method
BigNumber bn = 0x10001;
CryptoKey key;
using (RSA rsa = new RSA())
{
rsa.GenerateKeys(2048, bn, OnGenerator, null);
key = new CryptoKey(rsa);
// rsa is assigned, we no longer need this instance
}
using (var root = X509CertificateAuthority.SelfSigned(
cfg,
new SimpleSerialNumber(),
key,
MessageDigest.SHA1,
"Root1",
DateTime.Now,
TimeSpan.FromDays(365)))
{
Console.WriteLine(root.Certificate);
}
}
}
private void TestDefaultDSA() {
using (Configuration cfg = new Configuration("openssl.cnf")) {
// Test default DSA method
using (X509CertificateAuthority root = X509CertificateAuthority.SelfSigned(
cfg,
new SimpleSerialNumber(),
"Root1",
DateTime.Now,
TimeSpan.FromDays(365))) {
Console.WriteLine(root.Certificate);
}
}
}
X509Certificate CreateCertificate(X509CertificateAuthority ca, string name, Configuration cfg, string section)
{
var now = DateTime.Now;
var future = now + TimeSpan.FromDays(365);
using (var subject = new X509Name(name))
using (var rsa = new RSA())
{
rsa.GenerateKeys(1024, BigNumber.One, null, null);
using (var key = new CryptoKey(rsa))
{
var request = new X509Request(1, subject, key);
var cert = ca.ProcessRequest(request, now, future, cfg, section);
cert.PrivateKey = key;
return cert;
}
}
}
public SslTestContext()
{
using (var cfg = new Configuration("openssl.cnf"))
using (var ca = X509CertificateAuthority.SelfSigned(
cfg,
new SimpleSerialNumber(),
"Root",
DateTime.Now,
TimeSpan.FromDays(365)))
{
CAChain.Add(ca.Certificate);
ServerCertificate = CreateCertificate(ca, "server", cfg, "tls_server");
ClientCertificate = CreateCertificate(ca, "client", cfg, "tls_client");
}
ClientCertificateList.Add(ClientCertificate);
}
/// <summary>
/// Calls X509V3_set_nconf()
/// </summary>
/// <param name="cfg"></param>
public void SetConfiguration(Configuration cfg)
{
Native.X509V3_set_nconf(ptr, cfg.Handle);
}
/// <summary>
/// Process an X509Request. This includes creating a new X509Certificate
/// and signing this certificate with this CA's private key.
/// </summary>
/// <param name="request"></param>
/// <param name="startTime"></param>
/// <param name="endTime"></param>
/// <param name="cfg"></param>
/// <param name="section"></param>
/// <param name="digest"></param>
/// <returns></returns>
public X509Certificate ProcessRequest(
X509Request request,
DateTime startTime,
DateTime endTime,
Configuration cfg,
string section,
MessageDigest digest)
{
// using (var pkey = request.PublicKey)
// {
// if (!request.Verify(pkey))
// throw new Exception("Request signature validation failed");
// }
var cert = new X509Certificate(
serial.Next(),
request.Subject,
this.caCert.Subject,
request.PublicKey,
startTime,
endTime);
if (cfg != null)
cfg.ApplyExtensions(section, caCert, cert, request);
cert.Sign(caKey, digest);
return cert;
}
/// <summary>
/// Process an X509Request. This includes creating a new X509Certificate
/// and signing this certificate with this CA's private key.
/// </summary>
/// <param name="request"></param>
/// <param name="startTime"></param>
/// <param name="endTime"></param>
/// <param name="cfg"></param>
/// <param name="section"></param>
/// <returns></returns>
public X509Certificate ProcessRequest(
X509Request request,
DateTime startTime,
DateTime endTime,
Configuration cfg,
string section)
{
return ProcessRequest(request, startTime, endTime, cfg, section, MessageDigest.DSS1);
}
/// <summary>
/// Factory method that creates a X509CertificateAuthority instance with
/// an internal self signed certificate
/// </summary>
/// <param name="cfg"></param>
/// <param name="seq"></param>
/// <param name="key"></param>
/// <param name="digest"></param>
/// <param name="subject"></param>
/// <param name="start"></param>
/// <param name="validity"></param>
/// <returns></returns>
public static X509CertificateAuthority SelfSigned(
Configuration cfg,
ISequenceNumber seq,
CryptoKey key,
MessageDigest digest,
X509Name subject,
DateTime start,
TimeSpan validity)
{
var cert = new X509Certificate(
seq.Next(),
subject,
subject,
key,
start,
start + validity);
if (cfg != null)
cfg.ApplyExtensions("v3_ca", cert, cert, null);
cert.Sign(key, digest);
return new X509CertificateAuthority(cert, key, seq);
}
/// <summary>
/// Factory method which creates a X509CertifiateAuthority where
/// the internal certificate is self-signed
/// </summary>
/// <param name="cfg"></param>
/// <param name="seq"></param>
/// <param name="subject"></param>
/// <param name="start"></param>
/// <param name="validity"></param>
/// <returns></returns>
public static X509CertificateAuthority SelfSigned(
Configuration cfg,
ISequenceNumber seq,
X509Name subject,
DateTime start,
TimeSpan validity)
{
CryptoKey key;
using (var dsa = new DSA(true))
{
key = new CryptoKey(dsa);
// Dispose the DSA key, the CryptoKey assignment increments the reference count
}
var cert = new X509Certificate(
seq.Next(),
subject,
subject,
key,
start,
start + validity);
if (cfg != null)
cfg.ApplyExtensions("v3_ca", cert, cert, null);
cert.Sign(key, MessageDigest.DSS1);
return new X509CertificateAuthority(cert, key, seq);
}
/// <summary>
/// Constructs a X509CertifcateAuthority with the specified parameters.
/// </summary>
/// <param name="caCert"></param>
/// <param name="caKey"></param>
/// <param name="serial"></param>
/// <param name="cfg"></param>
public X509CertificateAuthority(X509Certificate caCert, CryptoKey caKey, ISequenceNumber serial, Configuration cfg)
{
if (!caCert.CheckPrivateKey(caKey))
throw new Exception("The specified CA Private Key does match the specified CA Certificate");
this.caCert = caCert;
this.caKey = caKey;
this.serial = serial;
this.cfg = cfg;
}
