/// <summary>
/// Reset the Generator.
/// </summary>
public void Reset()
{
tbsGen = new V3TbsCertificateGenerator();
extGenerator.Reset();
}
public X509V3CertificateGenerator()
{
tbsGen = new V3TbsCertificateGenerator();
}
private void TbsV3CertGenerate()
{
V3TbsCertificateGenerator gen = new V3TbsCertificateGenerator();
DateTime startDate = new DateTime(1970, 1, 1, 0, 0, 1);
DateTime endDate = new DateTime(1970, 1, 1, 0, 0, 2);
gen.SetSerialNumber(new DerInteger(2));
gen.SetStartDate(new Time(startDate));
gen.SetEndDate(new Time(endDate));
gen.SetIssuer(new X509Name("CN=AU,O=Bouncy Castle"));
gen.SetSubject(new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"));
gen.SetSignature(new AlgorithmIdentifier(PkcsObjectIdentifiers.MD5WithRsaEncryption, DerNull.Instance));
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
new AlgorithmIdentifier(
OiwObjectIdentifiers.ElGamalAlgorithm,
new ElGamalParameter(BigInteger.One, BigInteger.Two)),
new DerInteger(3));
gen.SetSubjectPublicKeyInfo(info);
//
// add extensions
//
IList order = new ArrayList();
IDictionary extensions = new Hashtable();
order.Add(X509Extensions.AuthorityKeyIdentifier);
order.Add(X509Extensions.SubjectKeyIdentifier);
order.Add(X509Extensions.KeyUsage);
extensions.Add(X509Extensions.AuthorityKeyIdentifier, new X509Extension(true, new DerOctetString(CreateAuthorityKeyId(info, new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"), 2))));
extensions.Add(X509Extensions.SubjectKeyIdentifier, new X509Extension(true, new DerOctetString(new SubjectKeyIdentifier(info))));
extensions.Add(X509Extensions.KeyUsage, new X509Extension(false, new DerOctetString(new KeyUsage(KeyUsage.DataEncipherment))));
X509Extensions ex = new X509Extensions(order, extensions);
gen.SetExtensions(ex);
TbsCertificateStructure tbs = gen.GenerateTbsCertificate();
if (!Arrays.AreEqual(tbs.GetEncoded(), v3Cert))
{
Fail("failed v3 cert generation");
}
//
// read back test
//
Asn1Object o = Asn1Object.FromByteArray(v3Cert);
if (!Arrays.AreEqual(o.GetEncoded(), v3Cert))
{
Fail("failed v3 cert read back test");
}
}
private void TbsV3CertGenWithNullSubject()
{
V3TbsCertificateGenerator gen = new V3TbsCertificateGenerator();
DateTime startDate = new DateTime(1970, 1, 1, 0, 0, 1);
DateTime endDate = new DateTime(1970, 1, 1, 0, 0, 2);
gen.SetSerialNumber(new DerInteger(2));
gen.SetStartDate(new Time(startDate));
gen.SetEndDate(new Time(endDate));
gen.SetIssuer(new X509Name("CN=AU,O=Bouncy Castle"));
gen.SetSignature(new AlgorithmIdentifier(PkcsObjectIdentifiers.MD5WithRsaEncryption, DerNull.Instance));
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
new AlgorithmIdentifier(OiwObjectIdentifiers.ElGamalAlgorithm,
new ElGamalParameter(BigInteger.One, BigInteger.Two)),
new DerInteger(3));
gen.SetSubjectPublicKeyInfo(info);
try
{
gen.GenerateTbsCertificate();
Fail("null subject not caught!");
}
catch (InvalidOperationException e)
{
if (!e.Message.Equals("not all mandatory fields set in V3 TBScertificate generator"))
{
Fail("unexpected exception", e);
}
}
//
// add extensions
//
IList order = new ArrayList();
IDictionary extensions = new Hashtable();
order.Add(X509Extensions.SubjectAlternativeName);
extensions.Add(
X509Extensions.SubjectAlternativeName,
new X509Extension(
true,
new DerOctetString(
new GeneralNames(
new GeneralName(
new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"))))));
X509Extensions ex = new X509Extensions(order, extensions);
gen.SetExtensions(ex);
TbsCertificateStructure tbs = gen.GenerateTbsCertificate();
if (!Arrays.AreEqual(tbs.GetEncoded(), v3CertNullSubject))
{
Fail("failed v3 null sub cert generation");
}
//
// read back test
//
Asn1Object o = Asn1Object.FromByteArray(v3CertNullSubject);
if (!Arrays.AreEqual(o.GetEncoded(), v3CertNullSubject))
{
Fail("failed v3 null sub cert read back test");
}
}
private string GenerateX509Cert(string publicKey, string x509Subject)
{
Asn1Sequence asn1Sequence = null;
using (var reader = new StringReader(publicKey))
{
// Read the RSA public key from the input string.
var pemReader = new PemReader(reader);
var pemObject = pemReader.ReadPemObject();
asn1Sequence = (Asn1Sequence)Asn1Object.FromByteArray(pemObject.Content);
}
// Generate a TBS certificate. We use placeholder-like values since
// the consumer of this certificate should only use the subject
// public key info.
var tbsCertGen = new V3TbsCertificateGenerator();
tbsCertGen.SetSerialNumber(new DerInteger(1));
var signatureAlgId = new AlgorithmIdentifier(PkcsObjectIdentifiers.Sha1WithRsaEncryption, DerNull.Instance);
tbsCertGen.SetSignature(signatureAlgId);
tbsCertGen.SetIssuer(new X509Name("CN=Root Agency"));
var dateTimeNow = DateTime.Now;
tbsCertGen.SetStartDate(new Time(dateTimeNow.AddMinutes(-10)));
tbsCertGen.SetEndDate(new Time(dateTimeNow.AddYears(1))); // Openssh key doesn`t have any start/end date, this is to satisfy RDFE
tbsCertGen.SetSubject(new X509Name(x509Subject));
tbsCertGen.SetSubjectPublicKeyInfo(new SubjectPublicKeyInfo(new AlgorithmIdentifier(PkcsObjectIdentifiers.RsaEncryption, DerNull.Instance), asn1Sequence));
var tbsCert = tbsCertGen.GenerateTbsCertificate();
// Per RFC 3280, the layout of an X.509 v3 certificate looks like:
// Certificate ::= SEQUENCE {
// tbsCertificate TBSCertificate,
// signatureAlgorithm AlgorithmIdentifier,
// signatureValue BIT STRING
// }
// Since we don't have access to the private key, we cannot create
// a signature for the TBS. However, a valid certificate requires
// a bit string for the signature value, so we use a 0-byte array
// in its place.
Asn1EncodableVector v = new Asn1EncodableVector();
v.Add(tbsCert);
v.Add(signatureAlgId);
v.Add(new DerBitString(new byte[0]));
var derSequence = new DerSequence(v);
// Output the DER-encoded X509 certificate.
var sb = new StringBuilder();
using (var writer = new StringWriter(sb, CultureInfo.InvariantCulture))
{
var pemWriter = new PemWriter(writer);
pemWriter.WriteObject(new PemObject("CERTIFICATE", derSequence.GetEncoded()));
}
return sb.ToString();
}
