Exemplo n.º 1
0
		public void TestRsaSha1()
		{
			using (Configuration cfg = new Configuration("openssl.cnf"))
			{
				// Test RSA/SHA1 with other SelfSigned method
				BigNumber bn = 0x10001;
				CryptoKey key;

				using (RSA rsa = new RSA())
				{
					rsa.GenerateKeys(2048, bn, OnGenerator, null);
					key = new CryptoKey(rsa);
					// rsa is assigned, we no longer need this instance
				}

				using (var root = X509CertificateAuthority.SelfSigned(
					                  cfg,
					                  new SimpleSerialNumber(),
					                  key,
					                  MessageDigest.SHA1,
					                  "Root1",
					                  DateTime.Now,
					                  TimeSpan.FromDays(365)))
				{
					Console.WriteLine(root.Certificate);
				}
			}
		}
Exemplo n.º 2
0
		private void TestDefaultDSA() {
			using (Configuration cfg = new Configuration("openssl.cnf")) {
				// Test default DSA method
				using (X509CertificateAuthority root = X509CertificateAuthority.SelfSigned(
					cfg,
					new SimpleSerialNumber(),
					"Root1",
					DateTime.Now,
					TimeSpan.FromDays(365))) {
					Console.WriteLine(root.Certificate);
				}
			}
		}
Exemplo n.º 3
0
		X509Certificate CreateCertificate(X509CertificateAuthority ca, string name, Configuration cfg, string section)
		{
			var now = DateTime.Now;
			var future = now + TimeSpan.FromDays(365);

			using (var subject = new X509Name(name))
			using (var rsa = new RSA())
			{
				rsa.GenerateKeys(1024, BigNumber.One, null, null);
				using (var key = new CryptoKey(rsa))
				{
					var request = new X509Request(1, subject, key);
					var cert = ca.ProcessRequest(request, now, future, cfg, section);
					cert.PrivateKey = key;
					return cert;
				}
			}
		}
Exemplo n.º 4
0
		public SslTestContext()
		{
			using (var cfg = new Configuration("openssl.cnf"))
			using (var ca = X509CertificateAuthority.SelfSigned(
								cfg,
								new SimpleSerialNumber(),
								"Root",
								DateTime.Now,
								TimeSpan.FromDays(365)))
			{
				CAChain.Add(ca.Certificate);

				ServerCertificate = CreateCertificate(ca, "server", cfg, "tls_server");
				ClientCertificate = CreateCertificate(ca, "client", cfg, "tls_client");
			}

			ClientCertificateList.Add(ClientCertificate);
		}
Exemplo n.º 5
0
		/// <summary>
		/// Calls X509V3_set_nconf()
		/// </summary>
		/// <param name="cfg"></param>
		public void SetConfiguration(Configuration cfg)
		{
			Native.X509V3_set_nconf(ptr, cfg.Handle);
		}
		/// <summary>
		/// Process an X509Request. This includes creating a new X509Certificate
		/// and signing this certificate with this CA's private key.
		/// </summary>
		/// <param name="request"></param>
		/// <param name="startTime"></param>
		/// <param name="endTime"></param>
		/// <param name="cfg"></param>
		/// <param name="section"></param>
		/// <param name="digest"></param>
		/// <returns></returns>
		public X509Certificate ProcessRequest(
			X509Request request,
			DateTime startTime,
			DateTime endTime,
			Configuration cfg,
			string section,
			MessageDigest digest)
		{
//			using (var pkey = request.PublicKey)
//			{
//				if (!request.Verify(pkey))
//					throw new Exception("Request signature validation failed");
//			}

			var cert = new X509Certificate(
				           serial.Next(),
				           request.Subject,
				           this.caCert.Subject,
				           request.PublicKey,
				           startTime,
				           endTime);

			if (cfg != null)
				cfg.ApplyExtensions(section, caCert, cert, request);

			cert.Sign(caKey, digest);

			return cert;
		}
		/// <summary>
		/// Process an X509Request. This includes creating a new X509Certificate
		/// and signing this certificate with this CA's private key.
		/// </summary>
		/// <param name="request"></param>
		/// <param name="startTime"></param>
		/// <param name="endTime"></param>
		/// <param name="cfg"></param>
		/// <param name="section"></param>
		/// <returns></returns>
		public X509Certificate ProcessRequest(
			X509Request request, 
			DateTime startTime, 
			DateTime endTime,
			Configuration cfg,
			string section)
		{
			return ProcessRequest(request, startTime, endTime, cfg, section, MessageDigest.DSS1);
		}
		/// <summary>
		/// Factory method that creates a X509CertificateAuthority instance with
		/// an internal self signed certificate
		/// </summary>
		/// <param name="cfg"></param>
		/// <param name="seq"></param>
		/// <param name="key"></param>
		/// <param name="digest"></param>
		/// <param name="subject"></param>
		/// <param name="start"></param>
		/// <param name="validity"></param>
		/// <returns></returns>
		public static X509CertificateAuthority SelfSigned(
			Configuration cfg,
			ISequenceNumber seq,
			CryptoKey key,
			MessageDigest digest,
			X509Name subject,
			DateTime start,
			TimeSpan validity)
		{
			var cert = new X509Certificate(
				           seq.Next(),
				           subject,
				           subject,
				           key,
				           start,
				           start + validity);

			if (cfg != null)
				cfg.ApplyExtensions("v3_ca", cert, cert, null);

			cert.Sign(key, digest);

			return new X509CertificateAuthority(cert, key, seq);
		}
		/// <summary>
		/// Factory method which creates a X509CertifiateAuthority where
		/// the internal certificate is self-signed
		/// </summary>
		/// <param name="cfg"></param>
		/// <param name="seq"></param>
		/// <param name="subject"></param>
		/// <param name="start"></param>
		/// <param name="validity"></param>
		/// <returns></returns>
		public static X509CertificateAuthority SelfSigned(
			Configuration cfg,
			ISequenceNumber seq,
			X509Name subject,
			DateTime start,
			TimeSpan validity)
		{
			CryptoKey key;
			using (var dsa = new DSA(true))
			{
				key = new CryptoKey(dsa);
				// Dispose the DSA key, the CryptoKey assignment increments the reference count
			}

			var cert = new X509Certificate(
				           seq.Next(),
				           subject,
				           subject,
				           key,
				           start,
				           start + validity);

			if (cfg != null)
				cfg.ApplyExtensions("v3_ca", cert, cert, null);

			cert.Sign(key, MessageDigest.DSS1);

			return new X509CertificateAuthority(cert, key, seq);
		}
Exemplo n.º 10
0
		/// <summary>
		/// Constructs a X509CertifcateAuthority with the specified parameters.
		/// </summary>
		/// <param name="caCert"></param>
		/// <param name="caKey"></param>
		/// <param name="serial"></param>
		/// <param name="cfg"></param>
		public X509CertificateAuthority(X509Certificate caCert, CryptoKey caKey, ISequenceNumber serial, Configuration cfg)
		{
			if (!caCert.CheckPrivateKey(caKey))
				throw new Exception("The specified CA Private Key does match the specified CA Certificate");
			this.caCert = caCert;
			this.caKey = caKey;
			this.serial = serial;
			this.cfg = cfg;
		}