Exemplo n.º 1
0
        /// <summary>
        /// Convert to pfx
        /// </summary>
        /// <param name="certificate"></param>
        /// <param name="privateKey"></param>
        /// <param name="password"></param>
        public static byte[] ToPfx(this X509Certificate2 certificate,
                                   Key privateKey, string password = null)
        {
            var cert = certificate.ToX509Certificate();

            return(cert.ToPfx(privateKey.ToAsymmetricKeyParameter(), password));
        }
        public override X509CertificateBuilderResult Build()
        {
            var issuerX509Certificate2 = new SystemX509Certificates.X509Certificate2(
                IssuerCertificate,
                IssuerCertificatePassword,
                SystemX509Certificates.X509KeyStorageFlags.Exportable
                );

            var issuerSubjectDN = issuerX509Certificate2.ToX509Certificate().SubjectDN;

            X509V3CertificateGenerator.SetIssuerDN(issuerSubjectDN);

            // Generate Keys.
            var rsaKeyPairGenerator = new RsaKeyPairGenerator();

            rsaKeyPairGenerator.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), this.KeySize));
            var asymmetricCipherKeyPair = rsaKeyPairGenerator.GenerateKeyPair();

            // Set Public Key.
            X509V3CertificateGenerator.SetPublicKey(asymmetricCipherKeyPair.Public);

            // Key Usage - for maximum interoperability, specify all four flags.
            var keyUsage = KeyUsage.DigitalSignature | KeyUsage.NonRepudiation | KeyUsage.KeyEncipherment | KeyUsage.KeyAgreement;

            X509V3CertificateGenerator.AddExtension(
                X509Extensions.KeyUsage,
                true,
                new KeyUsage(keyUsage)
                );

            X509V3CertificateGenerator.AddExtension(
                X509Extensions.BasicConstraints,
                true,
                new BasicConstraints(false)
                );

            // Extended Key Usage.
            var extendedKeyUsage = new List <KeyPurposeID>();

            // Set TLS Web Server Authentication (1.3.6.1.5.5.7.3.1).
            if (IsServerAuthKeyUsage)
            {
                extendedKeyUsage.Add(KeyPurposeID.IdKPServerAuth);
            }

            // Set TLS Web Client Authentication (1.3.6.1.5.5.7.3.2).
            if (IsClientAuthKeyUsage)
            {
                extendedKeyUsage.Add(KeyPurposeID.IdKPClientAuth);
            }

            X509V3CertificateGenerator.AddExtension(
                X509Extensions.ExtendedKeyUsage,
                true,
                new ExtendedKeyUsage(extendedKeyUsage)
                );

            // Set Subject Alternative Names.
            if (SubjectAlternativeNames != null)
            {
                var subjectAlternativeNames = new Asn1Encodable[SubjectAlternativeNames.Count];

                for (int i = 0; i < SubjectAlternativeNames.Count; i++)
                {
                    subjectAlternativeNames[i] = new GeneralName(GeneralName.DnsName, SubjectAlternativeNames[i]);
                }

                X509V3CertificateGenerator.AddExtension(
                    X509Extensions.SubjectAlternativeName,
                    false,
                    new DerSequence(subjectAlternativeNames)
                    );
            }

            X509V3CertificateGenerator.AddExtension(
                X509Extensions.AuthorityKeyIdentifier,
                false,
                new AuthorityKeyIdentifier(
                    SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issuerX509Certificate2.GetPublicKeyAsAsymmetricKeyParameter()),
                    new GeneralNames(new GeneralName(issuerSubjectDN)),
                    new Org.BouncyCastle.Math.BigInteger(issuerX509Certificate2.GetSerialNumber())
                    )
                );

            X509V3CertificateGenerator.AddExtension(
                X509Extensions.SubjectKeyIdentifier,
                false,
                new SubjectKeyIdentifier(
                    SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(asymmetricCipherKeyPair.Public)
                    )
                );

            var signatureFactory = new Asn1SignatureFactory(GetSignatureAlgorithm(this.KeySize), issuerX509Certificate2.GetPrivateKeyAsAsymmetricKeyParameter());

            // Generate X.509 Certificate.
            var x509Certificate = X509V3CertificateGenerator.Generate(signatureFactory);

            return(new X509CertificateBuilderResult(x509Certificate, asymmetricCipherKeyPair.Private));
        }